ping: Fix reject

Fix gvisor loopback address
Fix checksum changes
2025-09-26 20:51:13 +08:00 · 2025-08-27 20:29:08 +08:00 · 2025-08-27 16:35:53 +08:00 · 2025-08-27 15:47:20 +08:00
5 changed files with 16 additions and 9 deletions
--- a/internal/gtcpip/header/ipv4.go
+++ b/internal/gtcpip/header/ipv4.go
@@ -479,6 +479,7 @@ func (b IPv4) SetDestinationAddress(addr tcpip.Address) {

 // CalculateChecksum calculates the checksum of the IPv4 header.
 func (b IPv4) CalculateChecksum() uint16 {
+	// return checksum.Checksum(b[:b.HeaderLength()], 0)
 	xsum0 := checksum.Checksum(b[:xsum], 0)
 	xsum0 = checksum.Checksum(b[xsum+2:b.HeaderLength()], xsum0)
 	return xsum0
@@ -573,7 +574,8 @@ func (b IPv4) IsChecksumValid() bool {
 	//        same set of octets, including the checksum field.  If the result
 	//        is all 1 bits (-0 in 1's complement arithmetic), the check
 	//        succeeds.
-	return b.CalculateChecksum() == 0xffff
+	//return b.CalculateChecksum() == 0xffff
+	return checksum.Checksum(b[:b.HeaderLength()], 0) == 0xffff
 }

 // IsV4MulticastAddress determines if the provided address is an IPv4 multicast
--- a/internal/gtcpip/header/tcp.go
+++ b/internal/gtcpip/header/tcp.go
@@ -351,6 +351,7 @@ func (b TCP) SetUrgentPointer(urgentPointer uint16) {
 // and the checksum of the segment data.
 func (b TCP) CalculateChecksum(partialChecksum uint16) uint16 {
 	// Calculate the rest of the checksum.
+	// return checksum.Checksum(b[:b.DataOffset()], partialChecksum)
 	xsum := checksum.Checksum(b[:TCPChecksumOffset], partialChecksum)
 	xsum = checksum.Checksum(b[TCPChecksumOffset+2:b.DataOffset()], xsum)
 	return xsum
@@ -360,7 +361,8 @@ func (b TCP) CalculateChecksum(partialChecksum uint16) uint16 {
 func (b TCP) IsChecksumValid(src, dst tcpip.Address, payloadChecksum, payloadLength uint16) bool {
 	xsum := PseudoHeaderChecksum(TCPProtocolNumber, src.AsSlice(), dst.AsSlice(), uint16(b.DataOffset())+payloadLength)
 	xsum = checksum.Combine(xsum, payloadChecksum)
-	return b.CalculateChecksum(xsum) == 0xffff
+	// return b.CalculateChecksum(xsum) == 0xffff
+	return checksum.Checksum(b[:b.DataOffset()], xsum) == 0xffff
 }

 // Options returns a slice that holds the unparsed TCP options in the segment.
--- a/internal/gtcpip/header/udp.go
+++ b/internal/gtcpip/header/udp.go
@@ -114,8 +114,9 @@ func (b UDP) SetLength(length uint16) {
 // checksum of the network-layer pseudo-header and the checksum of the payload.
 func (b UDP) CalculateChecksum(partialChecksum uint16) uint16 {
 	// Calculate the rest of the checksum.\
+	// return checksum.Checksum(b[:UDPMinimumSize], partialChecksum)
 	xsum := checksum.Checksum(b[:udpChecksum], partialChecksum)
-	xsum = checksum.Checksum(b[udpChecksum+2:], xsum)
+	xsum = checksum.Checksum(b[udpChecksum+2:UDPMinimumSize], xsum)
 	return xsum
 }

@@ -123,7 +124,7 @@ func (b UDP) CalculateChecksum(partialChecksum uint16) uint16 {
 func (b UDP) IsChecksumValid(src, dst tcpip.Address, payloadChecksum uint16) bool {
 	xsum := PseudoHeaderChecksum(UDPProtocolNumber, dst.AsSlice(), src.AsSlice(), b.Length())
 	xsum = checksum.Combine(xsum, payloadChecksum)
-	return b.CalculateChecksum(xsum) == 0xffff
+	return checksum.Checksum(b[:UDPMinimumSize], xsum) == 0xffff
 }

 // Encode encodes all the fields of the UDP header.
--- a/stack_gvisor_tcp.go
+++ b/stack_gvisor_tcp.go
@@ -51,7 +51,8 @@ func (f *TCPForwarder) HandlePacket(id stack.TransportEndpointID, pkt *stack.Pac
 			ipHdr.SetDestinationAddressWithChecksumUpdate(ipHdr.SourceAddress())
 			ipHdr.SetSourceAddressWithChecksumUpdate(inet4LoopbackAddress)
 			tcpHdr := header.TCP(pkt.TransportHeader().Slice())
-			tcpHdr.SetChecksum(^checksum.Checksum(tcpHdr.Payload(), tcpHdr.CalculateChecksum(
+			tcpHdr.SetChecksum(0)
+			tcpHdr.SetChecksum(^checksum.Combine(pkt.Data().Checksum(), tcpHdr.CalculateChecksum(
 				header.PseudoHeaderChecksum(header.TCPProtocolNumber, ipHdr.SourceAddress(), ipHdr.DestinationAddress(), ipHdr.PayloadLength()),
 			)))
 			f.tun.WritePacket(pkt)
@@ -64,7 +65,8 @@ func (f *TCPForwarder) HandlePacket(id stack.TransportEndpointID, pkt *stack.Pac
 			ipHdr.SetDestinationAddress(ipHdr.SourceAddress())
 			ipHdr.SetSourceAddress(inet6LoopbackAddress)
 			tcpHdr := header.TCP(pkt.TransportHeader().Slice())
-			tcpHdr.SetChecksum(^checksum.Checksum(tcpHdr.Payload(), tcpHdr.CalculateChecksum(
+			tcpHdr.SetChecksum(0)
+			tcpHdr.SetChecksum(^checksum.Combine(pkt.Data().Checksum(), tcpHdr.CalculateChecksum(
 				header.PseudoHeaderChecksum(header.TCPProtocolNumber, ipHdr.SourceAddress(), ipHdr.DestinationAddress(), ipHdr.PayloadLength()),
 			)))
 			f.tun.WritePacket(pkt)
--- a/stack_system.go
+++ b/stack_system.go
@@ -665,7 +665,7 @@ func (s *System) processIPv4ICMP(ipHdr header.IPv4, icmpHdr header.ICMPv4) (bool
 		})
 		if err != nil {
 			if errors.Is(err, ErrReset) {
-				return false, s.rejectIPv4WithICMP(ipHdr, header.ICMPv4PortUnreachable)
+				return false, s.rejectIPv4WithICMP(ipHdr, header.ICMPv4HostUnreachable)
 			} else if errors.Is(err, ErrDrop) {
 				return false, nil
 			}
@@ -712,7 +712,7 @@ func (s *System) rejectIPv4WithICMP(ipHdr header.IPv4, code header.ICMPv4Code) e
 	icmpHdr := header.ICMPv4(newIPHdr.Payload())
 	icmpHdr.SetType(header.ICMPv4DstUnreachable)
 	icmpHdr.SetCode(code)
-	icmpHdr.SetChecksum(header.ICMPv4Checksum(icmpHdr, 0))
+	icmpHdr.SetChecksum(header.ICMPv4Checksum(icmpHdr[:header.ICMPv4MinimumSize], checksum.Checksum(ipHdr.Payload(), 0)))
 	copy(icmpHdr.Payload(), payload)
 	if PacketOffset > 0 {
 		newPacket.ExtendHeader(PacketOffset)[3] = syscall.AF_INET
@@ -739,7 +739,7 @@ func (s *System) processIPv6ICMP(ipHdr header.IPv6, icmpHdr header.ICMPv6) (bool
 			)
 		})
 		if errors.Is(err, ErrReset) {
-			return false, s.rejectIPv6WithICMP(ipHdr, header.ICMPv6PortUnreachable)
+			return false, s.rejectIPv6WithICMP(ipHdr, header.ICMPv6AddressUnreachable)
 		} else if errors.Is(err, ErrDrop) {
 			return false, nil
 		}
Author	SHA1	Message	Date
世界	b76e852f59	ping: Fix reject	2025-08-27 20:29:08 +08:00
世界	d5865f2135	Fix gvisor loopback address	2025-08-27 16:35:53 +08:00
世界	ff49ece55d	Fix checksum changes	2025-08-27 15:47:20 +08:00