receive: assume all levels have been checksumed, not just outer

This means we do less computation on encapsulated payloads. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2018-10-27 02:38:51 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2018-10-27 14:20:00 +0200
commit: 1a9dc27c361f3fdcaa8c2fc103dfaf0fa0a1e0a7 (patch)
tree: 19d67569174907e423db3530fea497eb3b26010d /src
parent: a89d53098dbde43f56e4d1e16ba5e24ef807c03b (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/receive.c b/src/receive.c
index d5bce92..81140e9 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -379,7 +379,14 @@ static void wg_packet_consume_data_done(struct wg_peer *peer,
 		goto dishonest_packet_type;
 
 	skb->dev = dev;
+	/* We've already verified the Poly1305 auth tag, which means this packet
+	 * was not modified in transit. We can therefore tell the networking
+	 * stack that all checksums of every layer of encapsulation have already
+	 * been checked "by the hardware" and therefore is unneccessary to check
+	 * again in software.
+	 */
 	skb->ip_summed = CHECKSUM_UNNECESSARY;
+	skb->csum_level = ~0; /* All levels */
 	skb->protocol = wg_skb_examine_untrusted_ip_hdr(skb);
 	if (skb->protocol == htons(ETH_P_IP)) {
 		len = ntohs(ip_hdr(skb)->tot_len);
author	Jason A. Donenfeld <Jason@zx2c4.com>	2018-10-27 02:38:51 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2018-10-27 14:20:00 +0200
commit	1a9dc27c361f3fdcaa8c2fc103dfaf0fa0a1e0a7 (patch)
tree	19d67569174907e423db3530fea497eb3b26010d /src
parent	a89d53098dbde43f56e4d1e16ba5e24ef807c03b (diff)