lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070522161217.20875c39@freepuppy>
Date:	Tue, 22 May 2007 16:12:17 -0700
From:	Stephen Hemminger <shemminger@...ux-foundation.org>
To:	"Thomas B. Rücker" <dm8tbr@...npma.org>"@smtp.osdl.org
Cc:	netdev@...r.kernel.org,
	Philipp Gühring <pg@...ureware.at>
Subject: Re: UDP checksum broken since 2.6.18?

On Tue, 22 May 2007 21:47:22 +0000
"Thomas B. Rücker" <dm8tbr@...npma.org> wrote:

> hi,
> 
> a friend of mine recently contacted me about what he at first thought
> were IPv6 issues with some java software.
> 
> As it turns out it probably is a general IP issue with the Linux kernel:
> 
> He wrote this piece of c which sends an UDP packet to 127.28.50.50 -
> http://www2.futureware.at/~philipp/udp-problem.c
> Packets generated by this code were captured by tcpdump and wireshark.
> When feeding the dump into wireshark it says:
> "Checksum: 0x62fd [incorrect, should be 0xe4f3]" for the udp packet.
> 
> We've tested this on several kernel versions.
> Wireshark reports checksum broken:
> Linux version 2.6.18-4-vserver-686 (Debian 2.6.18.dfsg.1-12)
> (waldi@...ian.org) (gcc version 4.1.2 20061115 (prerelease) (Debian
> 4.1.1-21)) #1 SMP Mon Mar 26 19:55:22 UTC 2007
> Linux version 2.6.19-dm8tbr-1 (root@...ron) (gcc version 4.1.2 20061028
> (prerelease) (Debian 4.1.1-19)) #3 SMP PREEMPT Sun Dec 3 18:31:00 CET
> 2006 - (that's vanilla)
> Linux version 2.6.21.1-dm8tbr-1 (root@...ron) (gcc version 4.1.2
> 20061115 (prerelease) (Debian 4.1.1-21)) #3 SMP Fri May 18 09:04:55 CEST
> 2007 - (that's vanilla + dscape patch)
> 
> Wireshark reports checksum ok:
> Linux version 2.6.16.13-4-default (geeko@...ldhost) (gcc version 4.1.0
> (SUSE Linux)) #1 Wed May 3 04:53:23 UTC 2006
> Linux version 2.6.17-11-386 (root@...ranova) (gcc version 4.1.2 20060928
> (prerelease) (Ubuntu 4.1.1-13ubuntu5)) #2 Tue Mar 13 23:30:30 UTC 2007
> (Ubuntu 2.6.17-11.37-386)
> 
> So my guess is something between 2.6.17 and 2.6.18 broke.
> 
> Second option is: The way you are supposed to send UDP packets changed
> in 2.6.18 and sun javavm and that piece of c are broken for the same reason.
> 
> Third option: everything is perfectly ok, the UDP checksum is computed
> in a different way since 2.6.18 - due to some reason I don't know - and
> Wireshark is broken.
> 
> We'd be grateful for some enlightment.
> 
> Cheers
> 
> Thomas
>

The packet passed to packet capture programs may not have a valid checksum
if you have checksum offload configured on the device.  What kind of hardware
do you have on sender and receiver?  Try disabling checksum offload with
ethtool.

If you are getting bad UDP checksums then the counters in 'netstat -s'
will be increasing.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ