src: trigger layer 4 checksum when pseudoheader fields are modified

This patch sets the NFT_PAYLOAD_L4CSUM_PSEUDOHDR when any of the pseudoheader fields are modified. This implicitly enables stateless NAT, that can be useful under some circuntances. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira <pablo@netfilter.org> 2016-11-24 12:12:33 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-12-04 21:24:48 +0100
commit: 1d398465831066c5e98fb2a58d7aa0547595de33 (patch)
tree: 3a0a11b66e7bd45d6d3a3bdab93205f09a156085 /src/proto.c
parent: 8c01e1d6ec92720a7cd5c134a9fcea3953772e92 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/proto.c b/src/proto.c
index df5439cc..8930bed6 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -616,6 +616,9 @@ const struct proto_desc proto_ip = {
 		.filter	= (1 << IPHDR_VERSION)  | (1 << IPHDR_HDRLENGTH) |
 			  (1 << IPHDR_FRAG_OFF),
 	},
+	.pseudohdr	= {
+		IPHDR_SADDR, IPHDR_DADDR, IPHDR_PROTOCOL, IPHDR_LENGTH,
+	},
 };
 
 /*
@@ -721,6 +724,9 @@ const struct proto_desc proto_ip6 = {
 		},
 		.filter	= (1 << IP6HDR_VERSION),
 	},
+	.pseudohdr	= {
+		IP6HDR_SADDR, IP6HDR_DADDR, IP6HDR_NEXTHDR, IP6HDR_LENGTH,
+	},
 };
 
 /*
author	Pablo Neira <pablo@netfilter.org>	2016-11-24 12:12:33 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-12-04 21:24:48 +0100
commit	1d398465831066c5e98fb2a58d7aa0547595de33 (patch)
tree	3a0a11b66e7bd45d6d3a3bdab93205f09a156085 /src/proto.c
parent	8c01e1d6ec92720a7cd5c134a9fcea3953772e92 (diff)