lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 16 Jan 2007 17:38:53 +0300
From:	Michael Tokarev <mjt@....msk.ru>
To:	Patrick McHardy <kaber@...sh.net>
CC:	Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org
Subject: Re: rare bad TCP checksum with 2.6.19?

Patrick McHardy wrote:
> Herbert Xu wrote:
[]
>> Since you're certain that this is being seen on the wire, one
>> possibility is that we've got a bug somewhere that's zeroing
>> skb->ip_summed on a packet with a partial checksum.
>>
>> One potential spot where this could happen is netfilter.
>> Patrick, do you know of any recent changes (this is happening
>> with 2.6.19) that might cause this?
> 
> The incremental HW checksum update stuff went in 2.6.19, so thats
> a prime suspect. Can't see where this could be happening though.
> 
> Michael, how exactly is netfilter involved in your setup?

I think it doesn't involved.

The captures I did were done on a router box, which indeed has some
netfilter stuff.  But:

 1) the capture has been done on an interface directly connected to
   the segment where the "testing" machine is located (not on the
   "external" interface)

 2) the "testing" machine itself does not have any netfilter modules
   loaded

 3) the packets looks exactly the same in at least 3 places (modulo
   the TTL values): on the sending machine, on the router (on the
   interface connected to the sending machine - in those 2 places,
   the TTL is the same), and at the receiving side, which is 20+
   hops away.

 4) I tried another machine today (upgraded from 2.6.17 to 2.6.19) -
   stand-alone, without any netfilter modules loaded (but it's under
   quite.. some load - see http://j.ns.dsbl.org/nsg/ -- with this load
   it'll die right after iptables module loading, it's a 600MHz Celeron
   box replying to 15000 DNS packets every secound) - it started showing
   the same behavior.

/mjt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ