lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250711-copper-dragonfly-of-realization-f92247-mkl@pengutronix.de>
Date: Fri, 11 Jul 2025 10:42:52 +0200
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Oleksij Rempel <o.rempel@...gutronix.de>, 
	"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, kernel@...gutronix.de, 
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org, 
	Maxime Chevallier <maxime.chevallier@...tlin.com>, lst@...gutronix.de
Subject: Re: [PATCH net-next v4 0/4] net: selftest: improve test string
 formatting and checksum handling

On 24.06.2025 09:09:53, Jakub Kicinski wrote:
> > Receive Path Checksum Scenarios

[...]

> > * Hardware Verifies and Reports All Frames (Ideal Linux Behavior)
> >     * The hardware is configured not to drop packets with bad checksums.
> >       It verifies the checksum of each packet and reports the result (good
> >       or bad) in a status field on the DMA descriptor.
> >     * Expected driver behavior: The driver must read the status for every
> >       packet.
> >         * If the hardware reports the checksum is good, the driver should set
> >           the packet's state to `CHECKSUM_UNNECESSARY`.
> >         * If the hardware reports the checksum is bad, the driver should set
> >           the packet's state to `CHECKSUM_NONE` and still pass it to the
> >           kernel.

While discussing things internally, one question came up:

Is passing packets with known bad checksums to the networking stack with
CHECKSUM_NONE, so that the checksum is recalculated in software a
potential DoS vector?

Our reasoning is as follows: Consider a system that is designed for a
certain bandwidth of network traffic and relies on the hardware to do
the checksum calculation. How much does the CPU load rise if all
checksum calculation can be force to take place on the CPU by sending
packets with broken checksums?

Is there a way to tell the network stack that the hardware/driver has
already performed the checksum calculation and that it is incorrect?

regards,
Marc

-- 
Pengutronix e.K.                 | Marc Kleine-Budde          |
Embedded Linux                   | https://www.pengutronix.de |
Vertretung Nürnberg              | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-9   |

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ