From: Herbert Xu Date: Wed, 10 Oct 2007 22:41:41 +0000 (-0700) Subject: [IPSEC] esp: Remove NAT-T checksum invalidation for BEET X-Git-Tag: firefly_0821_release~26070^2~41 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8bd170750400bfa5e14c3dd2e2d0f305e1ab0e57;p=firefly-linux-kernel-4.4.55.git [IPSEC] esp: Remove NAT-T checksum invalidation for BEET I pointed this out back when this patch was first proposed but it looks like it got lost along the way. The checksum only needs to be ignored for NAT-T in transport mode where we lose the original inner addresses due to NAT. With BEET the inner addresses will be intact so the checksum remains valid. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 452910dae89f..1af332df72d9 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -261,8 +261,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) * as per draft-ietf-ipsec-udp-encaps-06, * section 3.1.2 */ - if (x->props.mode == XFRM_MODE_TRANSPORT || - x->props.mode == XFRM_MODE_BEET) + if (x->props.mode == XFRM_MODE_TRANSPORT) skb->ip_summed = CHECKSUM_UNNECESSARY; }