Driver checksum additional resetting

[vanym]

Tried to use WGOBFS on tunnel going through an another, tun device vpn, but it didn't work, packets were dropped between the mangle INPUT chain and the application (on kernel Arch Linux 6.1 LTS). After research, it turns out that in these packets skb->ip_summed is equals to CHECKSUM_COMPLETE. Not sure why they were dropped, looks like kernel rechecks that skb->csum is still valid. Setting skb->ip_summed to CHECKSUM_NONE helped (leave packet size unchanged also helps).

In xt_TCPMSS.c checksum changes is handled by using inet_proto_csum_replace*, csum_replace*. Function inet_proto_csum_replace4 is changing skb->csum if skb->ip_summed == CHECKSUM_COMPLETE. On practice skb->csum is modified only on len change (so that explains why it helps to leave packet size unchanged). Maybe this is right way to dial with checksums, without recalculating whole checksum.

[infinet]

Thanks for the PR! I rebased it and merged as b9a7679a.

Now it calculate UDP checksum and disable checksum offloading for all skb->ip_summed options. Hopefully it still works in your case.