[PATCH 1/1] Calculate inner checksums for all L4 protocols (was for TCP/UDP only).

Andrejs Hanins ahanins at gmail.com
Fri Aug 10 10:06:17 CEST 2018

- skb_checksum_setup can only handle TCP/UDP protocols under top level
IP header, packets with other protocols (like GRE) are sent out by
Wireguard with unfinished partial checksums which causes problems on
receiving side (bad checksums).

- skb_encrypt gets skb prepared by network stack, so there is no need to
setup the checksum from scratch, but just perform hw checksum offload
using software helper skb_checksum_help for packet which explicitly
require it as denoted by CHECKSUM_PARTIAL.

Signed-off-by: Andrejs Hanins <ahanins at gmail.com>
 src/send.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/send.c b/src/send.c
index 3af7ef3..1d021ae 100644
--- a/src/send.c
+++ b/src/send.c
@@ -151,9 +151,9 @@ static inline bool skb_encrypt(struct sk_buff *skb, struct noise_keypair *keypai
 	if (unlikely(skb_cow_head(skb, DATA_PACKET_HEAD_ROOM) < 0))
 		return false;
-	/* We have to remember to add the checksum to the innerpacket, in case the receiver forwards it. */
-	if (likely(!skb_checksum_setup(skb, true)))
-		skb_checksum_help(skb);
+	/* Finalize checksum calculation for the inner packet, if required. */
+	if (skb->ip_summed == CHECKSUM_PARTIAL && skb_checksum_help(skb))
+		return false;
 	/* Only after checksumming can we safely add on the padding at the end and the header. */
 	skb_set_inner_network_header(skb, 0);

More information about the WireGuard mailing list