lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 24 Oct 2015 18:28:43 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Tom Herbert <tom@...bertland.com>
Cc:	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	Eric Dumazet <edumazet@...gle.com>,
	Vlad Yasevich <vyasevich@...il.com>,
	Benjamin Coddington <bcodding@...hat.com>
Subject: Re: [PATCH net] ipv6: no CHECKSUM_PARTIAL on skbs with extension headers
 and recalc checksum during fragmentation

Hi Tom,

On Sat, Oct 24, 2015, at 18:21, Tom Herbert wrote:
> On Fri, Oct 23, 2015 at 9:13 AM, Hannes Frederic Sowa
> <hannes@...essinduktion.org> wrote:
> > CHECKSUM_PARTIAL should only be used on plain vanilla IPv6 + UDP packets
> > in ip6_append_data. Some drivers don't correctly handle extension headers,
> > especially not ipv6 fragmentation which could result in broken checksums.
> >
> Yes, we've seen this in some drivers, but the conclusion is that those
> drivers are *broken* and need to be fixed! CHECKSUM_PARTIAL works
> perfectly well in the presence of extension headers if the
> driver/device is correctly implemented (simple algorithm with
> csum_start and csum_offset).

I will do some more research on those drivers and I agree in general
with you. But if you look at the code it was clearly the intention to
not use CHECKSUM_PARTIAL on fragmented IPv6 packets, just this intention
has not been formulated correctly in code. I still would like to see
something like that showing up in stable and we can follow more CSUM
bits maybe for drivers who support or don't support that.

Also as we are talking about fragments here, I would not put too much
effort into that, as fragments will be slow path anyway.

Bye,
Hannes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ