From 1d398465831066c5e98fb2a58d7aa0547595de33 Mon Sep 17 00:00:00 2001
From: Pablo Neira <pablo@netfilter.org>
Date: Thu, 24 Nov 2016 12:12:33 +0100
Subject: src: trigger layer 4 checksum when pseudoheader fields are modified

This patch sets the NFT_PAYLOAD_L4CSUM_PSEUDOHDR when any of the
pseudoheader fields are modified. This implicitly enables stateless NAT,
that can be useful under some circuntances.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/proto.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/proto.c')

diff --git a/src/proto.c b/src/proto.c
index df5439cc..8930bed6 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -616,6 +616,9 @@ const struct proto_desc proto_ip = {
 		.filter	= (1 << IPHDR_VERSION)  | (1 << IPHDR_HDRLENGTH) |
 			  (1 << IPHDR_FRAG_OFF),
 	},
+	.pseudohdr	= {
+		IPHDR_SADDR, IPHDR_DADDR, IPHDR_PROTOCOL, IPHDR_LENGTH,
+	},
 };
 
 /*
@@ -721,6 +724,9 @@ const struct proto_desc proto_ip6 = {
 		},
 		.filter	= (1 << IP6HDR_VERSION),
 	},
+	.pseudohdr	= {
+		IP6HDR_SADDR, IP6HDR_DADDR, IP6HDR_NEXTHDR, IP6HDR_LENGTH,
+	},
 };
 
 /*
-- 
cgit v1.2.3