Revert "netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY"

This reverts commit 5bed9f3f63f8f9d2b1758c24640cbf77b5377511.

Gal Presman says:
 this patch broke geneve tunnels, or possibly all udp tunnels?
 A simple test that creates two geneve tunnels and runs tcp iperf fails
 and results in checksum errors (TcpInCsumErrors).

Original commit wanted to fix nf_reject with zero checksum,
so it appears better to change nf reject infra instead.

Fixes: 5bed9f3f63f8f ("netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY")
Reported-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 12f793d..3b516cf 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -63,10 +63,8 @@ static bool udp_error(struct sk_buff *skb,
        }
 
        /* Packet with no checksum */
-       if (!hdr->check) {
-               skb->ip_summed = CHECKSUM_UNNECESSARY;
+       if (!hdr->check)
                return false;
-       }
 
        /* Checksum invalid? Ignore.
         * We skip checking packets on the outgoing path