• Daniel Borkmann's avatar
    ipvs: sctp: fix checksumming on snat and dnat handlers · 4b47bc9a
    Daniel Borkmann authored
    In our test lab, we have a simple SCTP client connecting to a SCTP
    server via an IPVS load balancer. On some machines, load balancing
    works, but on others the initial handshake just fails, thus no
    SCTP connection whatsoever can be established!
    We observed that the SCTP INIT-ACK handshake reply from the IPVS
    machine to the client had a correct IP checksum, but corrupt SCTP
    checksum when forwarded, thus on the client-side the packet was
    dropped and an intial handshake retriggered until all attempts
    run into the void.
    To fix this issue, this patch i) adds a missing CHECKSUM_UNNECESSARY
    after the full checksum (re-)calculation (as done in IPVS TCP and UDP
    code as well), ii) calculates the checksum in little-endian format
    (as fixed with the SCTP code in commit 4458f04c
    : sctp: Clean up sctp
    checksumming code) and iii) refactors duplicate checksum code into a
    common function. Tested by myself.
    Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
    Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
    Signed-off-by: default avatarSimon Horman <horms@verge.net.au>