Re: Kernel 5.1 breaks UDP checksums for SIP packets

From: Florian Westphal
Date: Mon May 20 2019 - 06:30:28 EST


Marc Haber <mh+netdev@xxxxxxxxxxxx> wrote:
> when I update my Firewall from Kernel 5.0 to Kernel 5.1, SIP clients
> that connect from the internal network to an external, commercial SIP
> service do not work any more. When I trace beyond the NAT, I see that
> the outgoing SIP packets have incorrect UDP checksums:

I'm a moron. Can you please try this patch?

diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c
--- a/net/netfilter/nf_nat_helper.c
+++ b/net/netfilter/nf_nat_helper.c
@@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
return true;

- nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP,
+ nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP,
udph, &udph->check, datalen, oldlen);

return true;