[IPVS]: IPVS needs checksum fixups.

James Morris · David S. Miller · commit 1cc5f24fad85 · 2004-06-03T23:58:09.000-07:00
Here's an additional patch for ipvs, which also mangles packets via 
netfilter and was previously depending on the checksum helper in 
nf_hook_slow().

Signed-of-by: James Morris &lt;jmorris@redhat.com&gt;
Signed-of-by: David S. Miller &lt;davem@redhat.com&gt;
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
@@ -735,6 +735,13 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
 	if (skb->nfcache & NFC_IPVS_PROPERTY)
 		return NF_ACCEPT;
 
+	if (skb->ip_summed == CHECKSUM_HW) {
+		if (skb_checksum_help(pskb, (out == NULL)))
+			return NF_DROP;
+		if (skb != *pskb)
+			skb = *pskb;
+	}
+
 	iph = skb->nh.iph;
 	if (unlikely(iph->protocol == IPPROTO_ICMP)) {
 		int related, verdict = ip_vs_out_icmp(pskb, &related);
@@ -974,6 +981,13 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
 		return NF_ACCEPT;
 	}
 
+	if (skb->ip_summed == CHECKSUM_HW) {
+		if (skb_checksum_help(pskb, (out == NULL)))
+			return NF_DROP;
+		if (skb != *pskb)
+			skb = *pskb;
+	}
+
 	iph = skb->nh.iph;
 	if (unlikely(iph->protocol == IPPROTO_ICMP)) {
 		int related, verdict = ip_vs_in_icmp(pskb, &related);
