| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Aug 2010 13:35:14 -0500
From: Steve Chen <schen@...sta.com>
To: Brian Haley <brian.haley@...com>
Cc: usagi-users-ctl@...linux-ipv6.org, netdev@...r.kernel.org
Subject: Re: TAHI CN-6-4-1 failed on Linux 2.6.32 kernel
On Mon, Aug 16, 2010 at 9:07 AM, Steve Chen <schen@...sta.com> wrote:
> On Fri, Aug 13, 2010 at 5:25 PM, Steve Chen <schen@...sta.com> wrote:
>> On Fri, Aug 13, 2010 at 12:55 PM, Brian Haley <brian.haley@...com> wrote:
>>> On 08/13/2010 01:34 PM, Steve Chen wrote:
>>>>>>>> The TAHI correspondent node tests CN-6-4-1 (Processing in upper layer
>>>>>>>> - Echo Checksum) failed for me in the 2.6.32 kernel. It appears that
>>>>>>>> the Linux kernel is replying the ICMP echo request in
>>>>>>>> icmpv6_echo_reply without much checking. Is this an intentional
>>>>>>>> non-conformance to RFC3775 section 9.3.1?
>>> [snip]
>>>
>>>> It appears that skb->ip_summed is always 1 (CHECKSUM_UNNECESSARY).
>>>> I'm using e1000e. Looking at the driver, there is a checksum offload
>>>> hardware. I think the code is doing frame check on the entire
>>>> Ethernet packet. Since no error was found, it assume everything
>>>> inside is correct.
>>>
>>> # ethtool -K ethX rx off
>>>
>>> Does that help? Does using a different NIC help?
>>>
>>
>> ethtool did not help.
>>
>> I tried to run the test with a different NIC, but I keep getting
>>
>> ...
>>
>> IPSEC_AKEY : --------------------
>> IPSEC_EALGO : ---------
>> IPSEC_EKEY : ------------------------
>> IPSEC_SUPPORT : OFF
>> RR_TIMEOUT : 3
>> TIMEOUT : 2
>> WAIT_RATELIMIT : 1
>> send Ra_R0_AllNd
>> Wait 3 sec.
>> Clear Captured Packets (Link0)
>> Clear Captured Packets (Link0)
>> send Ns_R0_AllNd
>> ######### Packe Name(RH) Field Value(NextHeader) is NULL
>> CNT_SendAndRecv Status=UnKnown
>> NG UnKnown
>> -> Initialization Fail
>> ...
>
> Brian,
>
> Oops, set the Link0 in nut.def to the wrong value. However, I'm still
> getting the same failure with different NIC. I'll start looking into
> the code. Please let me know your test results.
>
> Thanks,
>
> Steve
>
I trace through the code. It appears that the network driver (e1000e
for my setup) always set ip_summed to CHECKSUM_UNNECESSARY. I have
been unsuccessful to get the driver to take the other branch where
ip_summed is set to CHECKSUM_COMPLETE. Even when I hard code
ip_summed to CHECKSUM_COMPLETE, __skb_checksum_complete_head set
ip_summed to CHECKSUM_UNNECESSARY after recomputing the checksum.
So far the only way I'm able to get ICMP to recompute checksum is
through the attached hack. Even though I can get all the tests to
pass, but it just seem wrong.
Steve
View attachment "force_icmp6_checksum_for_mip6.patch" of type "text/x-patch" (785 bytes)
Powered by blists - more mailing lists