| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9350b6f7-abd8-45c5-931a-62f48a50bee4@nbd.name>
Date: Fri, 26 Apr 2024 11:39:31 +0200
From: Felix Fietkau <nbd@....name>
To: Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
Eric Dumazet <edumazet@...gle.com>, "David S. Miller" <davem@...emloft.net>,
David Ahern <dsahern@...nel.org>, Jakub Kicinski <kuba@...nel.org>
Cc: willemdebruijn.kernel@...il.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 net-next v3 2/6] net: add support for segmenting TCP
fraglist GSO packets
On 26.04.24 10:28, Paolo Abeni wrote:
> On Fri, 2024-04-26 at 08:51 +0200, Felix Fietkau wrote:
>> Preparation for adding TCP fraglist GRO support. It expects packets to be
>> combined in a similar way as UDP fraglist GSO packets.
>> For IPv4 packets, NAT is handled in the same way as UDP fraglist GSO.
>>
>> Signed-off-by: Felix Fietkau <nbd@....name>
>> ---
>> net/ipv4/tcp_offload.c | 65 ++++++++++++++++++++++++++++++++++++++++
>> net/ipv6/tcpv6_offload.c | 3 ++
>> 2 files changed, 68 insertions(+)
>>
>> diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c
>> index fab0973f995b..c493e95e09a5 100644
>> --- a/net/ipv4/tcp_offload.c
>> +++ b/net/ipv4/tcp_offload.c
>> @@ -28,6 +28,68 @@ static void tcp_gso_tstamp(struct sk_buff *skb, unsigned int ts_seq,
>> }
>> }
>>
>> +static void __tcpv4_gso_segment_csum(struct sk_buff *seg,
>> + __be32 *oldip, __be32 *newip,
>> + __be16 *oldport, __be16 *newport)
>> +{
>> + struct tcphdr *th;
>> + struct iphdr *iph;
>> +
>> + if (*oldip == *newip && *oldport == *newport)
>> + return;
>> +
>> + th = tcp_hdr(seg);
>> + iph = ip_hdr(seg);
>> +
>> + inet_proto_csum_replace4(&th->check, seg, *oldip, *newip, true);
>> + inet_proto_csum_replace2(&th->check, seg, *oldport, *newport, false);
>> + *oldport = *newport;
>> +
>> + csum_replace4(&iph->check, *oldip, *newip);
>> + *oldip = *newip;
>> +}
>> +
>> +static struct sk_buff *__tcpv4_gso_segment_list_csum(struct sk_buff *segs)
>> +{
>> + struct sk_buff *seg;
>> + struct tcphdr *th, *th2;
>> + struct iphdr *iph, *iph2;
>> +
>> + seg = segs;
>> + th = tcp_hdr(seg);
>> + iph = ip_hdr(seg);
>> + th2 = tcp_hdr(seg->next);
>> + iph2 = ip_hdr(seg->next);
>> +
>> + if (!(*(u32 *)&th->source ^ *(u32 *)&th2->source) &&
>> + iph->daddr == iph2->daddr && iph->saddr == iph2->saddr)
>> + return segs;
>
> As mentioned in previous revisions, I think a problem with this
> approach is that the stack could make other changes to the TCP header
> after the GRO stage, that are unnoticed here and could cause csum
> corruption, if the egress device does not recompute the packet csum.
On segmentation, each packet keeps its original TCP header and csum. If
the stack makes changes, they apply to the first packet only. I don't
see how we could get csum corruption.
- Felix
Powered by blists - more mailing lists