diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-10 18:41:41 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:55:53 -0400 |
commit | 8bd170750400bfa5e14c3dd2e2d0f305e1ab0e57 (patch) | |
tree | f8634014eb4a66bafdada8865df94713277b72c8 | |
parent | f24e3d658cf382f11a7aa7887fa99147bdc6fe0b (diff) |
[IPSEC] esp: Remove NAT-T checksum invalidation for BEET
I pointed this out back when this patch was first proposed but it looks like
it got lost along the way.
The checksum only needs to be ignored for NAT-T in transport mode where
we lose the original inner addresses due to NAT. With BEET the inner
addresses will be intact so the checksum remains valid.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/esp4.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 452910dae89f..1af332df72d9 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -261,8 +261,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) | |||
261 | * as per draft-ietf-ipsec-udp-encaps-06, | 261 | * as per draft-ietf-ipsec-udp-encaps-06, |
262 | * section 3.1.2 | 262 | * section 3.1.2 |
263 | */ | 263 | */ |
264 | if (x->props.mode == XFRM_MODE_TRANSPORT || | 264 | if (x->props.mode == XFRM_MODE_TRANSPORT) |
265 | x->props.mode == XFRM_MODE_BEET) | ||
266 | skb->ip_summed = CHECKSUM_UNNECESSARY; | 265 | skb->ip_summed = CHECKSUM_UNNECESSARY; |
267 | } | 266 | } |
268 | 267 | ||