Re: Kernel 5.1 breaks UDP checksums for SIP packets

From: Florian Westphal
Date: Mon May 20 2019 - 06:30:28 EST

Next message: Paolo Bonzini: "Re: [PATCH 1/4] KVM: x86: Disable intercept for CORE cstate read"
Previous message: Hans Verkuil: "Re: [PATCH v6 1/3] media: cec: expose HDMI connector to CEC dev mapping"
In reply to: Marc Haber: "Kernel 5.1 breaks UDP checksums for SIP packets"
Next in thread: Marc Haber: "Re: Kernel 5.1 breaks UDP checksums for SIP packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marc Haber <mh+netdev@xxxxxxxxxxxx> wrote:
> when I update my Firewall from Kernel 5.0 to Kernel 5.1, SIP clients
> that connect from the internal network to an external, commercial SIP
> service do not work any more. When I trace beyond the NAT, I see that
> the outgoing SIP packets have incorrect UDP checksums:

I'm a moron. Can you please try this patch?

diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c
--- a/net/netfilter/nf_nat_helper.c
+++ b/net/netfilter/nf_nat_helper.c
@@ -170,7 +170,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
return true;

- nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP,
+ nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP,
udph, &udph->check, datalen, oldlen);

return true;

Next message: Paolo Bonzini: "Re: [PATCH 1/4] KVM: x86: Disable intercept for CORE cstate read"
Previous message: Hans Verkuil: "Re: [PATCH v6 1/3] media: cec: expose HDMI connector to CEC dev mapping"
In reply to: Marc Haber: "Kernel 5.1 breaks UDP checksums for SIP packets"
Next in thread: Marc Haber: "Re: Kernel 5.1 breaks UDP checksums for SIP packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]