From 24abc4307bafc43edd3f7c7cdf80a934eaa06c5e Mon Sep 17 00:00:00 2001
From: Robert Lubos <robert.lubos@nordicsemi.no>
Date: Mon, 30 Oct 2023 13:23:02 +0100
Subject: [PATCH] net: Verify L4 checksum unconditionally for reassembled
 packets

In case of reassembled IP packets, we cannot rely on checksum
offloading as the drivers/HW has no means to verify L4 checksum before
the fragment is reassembled. Therefore, for such packets, verify L4
checksum in the software unconditionally.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
---
 subsys/net/ip/icmpv4.c | 3 ++-
 subsys/net/ip/icmpv6.c | 3 ++-
 subsys/net/ip/tcp.c    | 3 ++-
 subsys/net/ip/udp.c    | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/subsys/net/ip/icmpv4.c b/subsys/net/ip/icmpv4.c
index 8bab97d9cfc..0ea8d40ba46 100644
--- a/subsys/net/ip/icmpv4.c
+++ b/subsys/net/ip/icmpv4.c
@@ -610,7 +610,8 @@ enum net_verdict net_icmpv4_input(struct net_pkt *pkt,
 		return NET_DROP;
 	}
 
-	if (net_if_need_calc_rx_checksum(net_pkt_iface(pkt))) {
+	if (net_if_need_calc_rx_checksum(net_pkt_iface(pkt)) ||
+	    net_pkt_is_ip_reassembled(pkt)) {
 		if (net_calc_chksum_icmpv4(pkt) != 0U) {
 			NET_DBG("DROP: Invalid checksum");
 			goto drop;
diff --git a/subsys/net/ip/icmpv6.c b/subsys/net/ip/icmpv6.c
index c04e3dddf72..65c01a510c7 100644
--- a/subsys/net/ip/icmpv6.c
+++ b/subsys/net/ip/icmpv6.c
@@ -342,7 +342,8 @@ enum net_verdict net_icmpv6_input(struct net_pkt *pkt,
 	}
 
 
-	if (net_if_need_calc_rx_checksum(net_pkt_iface(pkt))) {
+	if (net_if_need_calc_rx_checksum(net_pkt_iface(pkt)) ||
+	    net_pkt_is_ip_reassembled(pkt)) {
 		if (net_calc_chksum_icmpv6(pkt) != 0U) {
 			NET_DBG("DROP: invalid checksum");
 			goto drop;
diff --git a/subsys/net/ip/tcp.c b/subsys/net/ip/tcp.c
index 6ec7745c952..82faa777694 100644
--- a/subsys/net/ip/tcp.c
+++ b/subsys/net/ip/tcp.c
@@ -3609,7 +3609,8 @@ struct net_tcp_hdr *net_tcp_input(struct net_pkt *pkt,
 	struct net_tcp_hdr *tcp_hdr;
 
 	if (IS_ENABLED(CONFIG_NET_TCP_CHECKSUM) &&
-	    net_if_need_calc_rx_checksum(net_pkt_iface(pkt)) &&
+	    (net_if_need_calc_rx_checksum(net_pkt_iface(pkt)) ||
+	     net_pkt_is_ip_reassembled(pkt)) &&
 	    net_calc_chksum_tcp(pkt) != 0U) {
 		NET_DBG("DROP: checksum mismatch");
 		goto drop;
diff --git a/subsys/net/ip/udp.c b/subsys/net/ip/udp.c
index 5ecc595053b..e3f45b3db38 100644
--- a/subsys/net/ip/udp.c
+++ b/subsys/net/ip/udp.c
@@ -164,7 +164,8 @@ struct net_udp_hdr *net_udp_input(struct net_pkt *pkt,
 	}
 
 	if (IS_ENABLED(CONFIG_NET_UDP_CHECKSUM) &&
-	    net_if_need_calc_rx_checksum(net_pkt_iface(pkt))) {
+	    (net_if_need_calc_rx_checksum(net_pkt_iface(pkt)) ||
+	     net_pkt_is_ip_reassembled(pkt))) {
 		if (!udp_hdr->chksum) {
 			if (IS_ENABLED(CONFIG_NET_UDP_MISSING_CHECKSUM) &&
 			    net_pkt_family(pkt) == AF_INET) {