[NETFILTER]: conntrack: add sysctl to disable checksumming Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 39a27a35c5c1b5be499a0576a35c45a011788bf8 [log] [tgz]
author: Patrick McHardy <kaber@trash.net> Mon May 29 18:23:54 2006 -0700
committer: David S. Miller <davem@sunset.davemloft.net> Sat Jun 17 21:28:57 2006 -0700
tree: ec5383eec578c455ca5a14184dc9398bbc5f9afb
parent: 6442f1cf897643d4ca597f2f7d3464b765bae960 [diff] [blame]
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 69899f2..12fb7c0 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c

@@ -828,8 +828,9 @@
 	 * and moreover root might send raw packets.
 	 */
 	/* FIXME: Source route IP option packets --RR */
-	if (((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
-	     (pf == PF_INET6 && hooknum  == NF_IP6_PRE_ROUTING)) &&
+	if (nf_conntrack_checksum &&
+	    ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
+	     (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
 	    nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) {
 		if (LOG_INVALID(IPPROTO_TCP))
 			nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
commit	39a27a35c5c1b5be499a0576a35c45a011788bf8	[log] [tgz]
author	Patrick McHardy <kaber@trash.net>	Mon May 29 18:23:54 2006 -0700
committer	David S. Miller <davem@sunset.davemloft.net>	Sat Jun 17 21:28:57 2006 -0700
tree	ec5383eec578c455ca5a14184dc9398bbc5f9afb
parent	6442f1cf897643d4ca597f2f7d3464b765bae960 [diff] [blame]