| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Jul 2010 17:22:10 +0200 From: Patrick McHardy <kaber@...sh.net> To: "Michael S. Tsirkin" <mst@...hat.com> CC: "Daniel P. Berrange" <berrange@...hat.com>, Jes Sorensen <Jes.Sorensen@...hat.com>, "David S. Miller" <davem@...emloft.net>, Jan Engelhardt <jengelh@...ozas.de>, Randy Dunlap <randy.dunlap@...cle.com>, netfilter-devel@...r.kernel.org, netfilter@...r.kernel.org, coreteam@...filter.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCHv4] netfilter: add CHECKSUM target Am 15.07.2010 13:52, schrieb Michael S. Tsirkin: > This adds a `CHECKSUM' target, which can be used in the iptables mangle > table. > > You can use this target to compute and fill in the checksum in > a packet that lacks a checksum. This is particularly useful, > if you need to work around old applications such as dhcp clients, > that do not work well with checksum offloads, but don't want to > disable checksum offload in your device. > > The problem happens in the field with virtualized applications. > For reference, see Red Hat bz 605555, as well as > http://www.spinics.net/lists/kvm/msg37660.html > > Typical expected use (helps old dhclient binary running in a VM): > iptables -A POSTROUTING -t mangle -p udp --dport bootpc \ > -j CHECKSUM --checksum-fill > > Signed-off-by: Michael S. Tsirkin <mst@...hat.com> > Includes fixes by Jan Engelhardt <jengelh@...ozas.de> Applied, thanks Michael. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists