From 9654a37fac7fe2b425576eb0237b8d24ae44e1b1 Mon Sep 17 00:00:00 2001
From: Dave Barach <dave@barachs.net>
Date: Sun, 3 Nov 2019 11:29:29 -0500
Subject: [PATCH] nat: fix dual-loop tcp checksum botch

Type: fix
Fixes: 22921

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I4fecce96d027c0ee1797d9d84cfab94b1ecdc02b
---
 src/plugins/nat/out2in.c | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 83c099d1bd2..9549a45c07e 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -893,9 +893,6 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
 				 dst_address /* changed member */ );
 	  ip0->checksum = ip_csum_fold (sum0);
 
-	  old_port0 = udp0->dst_port;
-	  new_port0 = udp0->dst_port = s0->in2out.port;
-
 	  if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
 	    {
 	      old_port0 = tcp0->dst_port;
@@ -917,6 +914,9 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
 	    {
 	      if (PREDICT_FALSE (udp0->checksum))
 		{
+		  old_port0 = udp0->dst_port;
+		  new_port0 = udp0->dst_port = s0->in2out.port;
+
 		  sum0 = udp0->checksum;
 		  sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
 					 ip4_header_t,
@@ -1070,11 +1070,12 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
 				 dst_address /* changed member */ );
 	  ip1->checksum = ip_csum_fold (sum1);
 
-	  old_port1 = udp1->dst_port;
-	  new_port1 = udp1->dst_port = s1->in2out.port;
-
 	  if (PREDICT_TRUE (proto1 == SNAT_PROTOCOL_TCP))
 	    {
+	      old_port1 = tcp1->dst_port;
+	      tcp1->dst_port = s1->in2out.port;
+	      new_port1 = tcp1->dst_port;
+
 	      sum1 = tcp1->checksum;
 	      sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
 				     ip4_header_t,
@@ -1090,6 +1091,9 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
 	    {
 	      if (PREDICT_FALSE (udp1->checksum))
 		{
+		  old_port1 = udp1->dst_port;
+		  new_port1 = udp1->dst_port = s1->in2out.port;
+
 		  sum1 = udp1->checksum;
 		  sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
 					 ip4_header_t,
@@ -1280,11 +1284,12 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
 				 dst_address /* changed member */ );
 	  ip0->checksum = ip_csum_fold (sum0);
 
-	  old_port0 = udp0->dst_port;
-	  new_port0 = udp0->dst_port = s0->in2out.port;
-
 	  if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
 	    {
+	      old_port0 = tcp0->dst_port;
+	      tcp0->dst_port = s0->in2out.port;
+	      new_port0 = tcp0->dst_port;
+
 	      sum0 = tcp0->checksum;
 	      sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
 				     ip4_header_t,
@@ -1300,6 +1305,9 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
 	    {
 	      if (PREDICT_FALSE (udp0->checksum))
 		{
+		  old_port0 = udp0->dst_port;
+		  new_port0 = udp0->dst_port = s0->in2out.port;
+
 		  sum0 = udp0->checksum;
 		  sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
 					 ip4_header_t,
-- 
2.16.6