ip6: fix l4 checksum with hop-by-hop header
L4 checksums for IPv6 should be calculated using a pseudo header that includes the source/destination addresses, payload length, and payload protocol. ip6_tcp_udp_icmp_compute_checksum() was using the payload length and protocol from the IPv6 header. If there is a hop-by-hop header (or any other extension header), the payload length used for the pseudo header should only include the upper layer header and payload and not the extension header bytes. Same deal with the protocol, the upper layer next header value should be used instead of the extension header. Type: fix Fixes:cb9cadad57Change-Id: Ifa2c9ad41c0fc4eea674f0671255b637c8e01f71 Signed-off-by: Matthew Smith <mgsmith@netgate.com> (cherry picked from commit97677a26f7)
This commit is contained in:
Matthew Smith
committed by
Andrew Yourtchenko
Andrew Yourtchenko
parent
9a91d62793
commit
82c4eac772
@@ -1010,31 +1010,23 @@ u16
|
||||
ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
|
||||
ip6_header_t * ip0, int *bogus_lengthp)
|
||||
{
|
||||
ip_csum_t sum0;
|
||||
u16 payload_length_host_byte_order;
|
||||
ip_csum_t sum0 = 0;
|
||||
u16 payload_length, payload_length_host_byte_order;
|
||||
u32 i;
|
||||
u32 headers_size = sizeof (ip0[0]);
|
||||
u8 *data_this_buffer;
|
||||
u8 next_hdr = ip0->protocol;
|
||||
|
||||
ASSERT (bogus_lengthp);
|
||||
*bogus_lengthp = 0;
|
||||
|
||||
/* Initialize checksum with ip header. */
|
||||
sum0 = ip0->payload_length + clib_host_to_net_u16 (ip0->protocol);
|
||||
payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
|
||||
data_this_buffer = (u8 *) (ip0 + 1);
|
||||
|
||||
for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
|
||||
{
|
||||
sum0 = ip_csum_with_carry
|
||||
(sum0, clib_mem_unaligned (&ip0->src_address.as_uword[i], uword));
|
||||
sum0 = ip_csum_with_carry
|
||||
(sum0, clib_mem_unaligned (&ip0->dst_address.as_uword[i], uword));
|
||||
}
|
||||
payload_length = ip0->payload_length;
|
||||
|
||||
/* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets)
|
||||
* or UDP-Ping packets */
|
||||
if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
|
||||
if (PREDICT_FALSE (next_hdr == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
|
||||
{
|
||||
u32 skip_bytes;
|
||||
ip6_hop_by_hop_ext_t *ext_hdr =
|
||||
@@ -1049,6 +1041,24 @@ ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
|
||||
|
||||
payload_length_host_byte_order -= skip_bytes;
|
||||
headers_size += skip_bytes;
|
||||
|
||||
/* pseudo-header adjustments:
|
||||
* exclude ext header bytes from payload length
|
||||
* use payload IP proto rather than ext header IP proto
|
||||
*/
|
||||
payload_length = clib_host_to_net_u16 (payload_length_host_byte_order);
|
||||
next_hdr = ext_hdr->next_hdr;
|
||||
}
|
||||
|
||||
/* Initialize checksum with ip pseudo-header. */
|
||||
sum0 = payload_length + clib_host_to_net_u16 (next_hdr);
|
||||
|
||||
for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
|
||||
{
|
||||
sum0 = ip_csum_with_carry
|
||||
(sum0, clib_mem_unaligned (&ip0->src_address.as_uword[i], uword));
|
||||
sum0 = ip_csum_with_carry
|
||||
(sum0, clib_mem_unaligned (&ip0->dst_address.as_uword[i], uword));
|
||||
}
|
||||
|
||||
if (p0)
|
||||
|
||||
Reference in New Issue
Block a user