From 09a3b2ba0c8228d1c6bf0f030cae97addb397351 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 6 Oct 2020 23:16:32 +0200
Subject: proto: add sctp crc32 checksum fixup

Stateless SCTP header mangling doesn't work reliably.
This tells the kernel to update the checksum field using
the sctp crc32 algorithm.

Note that this needs additional kernel support to work.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/netlink_linearize.c | 2 +-
 src/proto.c             | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 846df46b..e5f601d4 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -974,7 +974,7 @@ static void netlink_gen_payload_stmt(struct netlink_linearize_ctx *ctx,
 			   expr->len / BITS_PER_BYTE);
 	if (csum_off) {
 		nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_CSUM_TYPE,
-				   NFT_PAYLOAD_CSUM_INET);
+				   desc->checksum_type);
 		nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_CSUM_OFFSET,
 				   csum_off / BITS_PER_BYTE);
 	}
diff --git a/src/proto.c b/src/proto.c
index 7de2bbf9..725b0385 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -406,6 +406,7 @@ const struct proto_desc proto_icmp = {
 	.id		= PROTO_DESC_ICMP,
 	.base		= PROTO_BASE_TRANSPORT_HDR,
 	.checksum_key	= ICMPHDR_CHECKSUM,
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
 	.templates	= {
 		[ICMPHDR_TYPE]		= ICMPHDR_TYPE("type", &icmp_type_type, type),
 		[ICMPHDR_CODE]		= ICMPHDR_TYPE("code", &icmp_code_type, code),
@@ -459,6 +460,7 @@ const struct proto_desc proto_igmp = {
 	.id		= PROTO_DESC_IGMP,
 	.base		= PROTO_BASE_TRANSPORT_HDR,
 	.checksum_key	= IGMPHDR_CHECKSUM,
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
 	.templates	= {
 		[IGMPHDR_TYPE]		= IGMPHDR_TYPE("type", &igmp_type_type, igmp_type),
 		[IGMPHDR_MRT]		= IGMPHDR_FIELD("mrt", igmp_code),
@@ -480,6 +482,7 @@ const struct proto_desc proto_udp = {
 	.id		= PROTO_DESC_UDP,
 	.base		= PROTO_BASE_TRANSPORT_HDR,
 	.checksum_key	= UDPHDR_CHECKSUM,
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
 	.templates	= {
 		[UDPHDR_SPORT]		= INET_SERVICE("sport", struct udphdr, source),
 		[UDPHDR_DPORT]		= INET_SERVICE("dport", struct udphdr, dest),
@@ -539,6 +542,7 @@ const struct proto_desc proto_tcp = {
 	.id		= PROTO_DESC_TCP,
 	.base		= PROTO_BASE_TRANSPORT_HDR,
 	.checksum_key	= TCPHDR_CHECKSUM,
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
 	.templates	= {
 		[TCPHDR_SPORT]		= INET_SERVICE("sport", struct tcphdr, source),
 		[TCPHDR_DPORT]		= INET_SERVICE("dport", struct tcphdr, dest),
@@ -620,6 +624,8 @@ const struct proto_desc proto_sctp = {
 	.name		= "sctp",
 	.id		= PROTO_DESC_SCTP,
 	.base		= PROTO_BASE_TRANSPORT_HDR,
+	.checksum_key	= SCTPHDR_CHECKSUM,
+	.checksum_type  = NFT_PAYLOAD_CSUM_SCTP,
 	.templates	= {
 		[SCTPHDR_SPORT]		= INET_SERVICE("sport", struct sctphdr, source),
 		[SCTPHDR_DPORT]		= INET_SERVICE("dport", struct sctphdr, dest),
@@ -719,6 +725,7 @@ const struct proto_desc proto_ip = {
 	.id		= PROTO_DESC_IP,
 	.base		= PROTO_BASE_NETWORK_HDR,
 	.checksum_key	= IPHDR_CHECKSUM,
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
 	.protocols	= {
 		PROTO_LINK(IPPROTO_ICMP,	&proto_icmp),
 		PROTO_LINK(IPPROTO_IGMP,	&proto_igmp),
@@ -816,6 +823,7 @@ const struct proto_desc proto_icmp6 = {
 	.id		= PROTO_DESC_ICMPV6,
 	.base		= PROTO_BASE_TRANSPORT_HDR,
 	.checksum_key	= ICMP6HDR_CHECKSUM,
+	.checksum_type  = NFT_PAYLOAD_CSUM_INET,
 	.templates	= {
 		[ICMP6HDR_TYPE]		= ICMP6HDR_TYPE("type", &icmp6_type_type, icmp6_type),
 		[ICMP6HDR_CODE]		= ICMP6HDR_TYPE("code", &icmpv6_code_type, icmp6_code),
-- 
cgit v1.2.3