netfilter: nat: skip checksum on offload SCTP packets

SCTP GSO and hardware can do CRC32c computation after netfilter processing,
so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed
is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE
when the NAT code computes the CRC, to prevent offloaders from computing
it again (on ixgbe this resulted in a transmission with wrong L4 checksum).

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_nat_proto_sctp.c b/net/netfilter/nf_nat_proto_sctp.c
index 2e14108ff6973dee4408879f82a772b176e88468..31d358691af0963c664c742d180e79c664590005 100644 (file)
--- a/net/netfilter/nf_nat_proto_sctp.c
+++ b/net/netfilter/nf_nat_proto_sctp.c
@@ -47,7 +47,10 @@ sctp_manip_pkt(struct sk_buff *skb,
                hdr->dest = tuple->dst.u.sctp.port;
        }
 
-       hdr->checksum = sctp_compute_cksum(skb, hdroff);
+       if (skb->ip_summed != CHECKSUM_PARTIAL) {
+               hdr->checksum = sctp_compute_cksum(skb, hdroff);
+               skb->ip_summed = CHECKSUM_NONE;
+       }
 
        return true;
 }