| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Sep 2008 13:42:59 +0200 From: juliusv@...gle.com (Julius Volz) To: Simon Horman <horms@...ge.net.au> Cc: lvs-devel@...r.kernel.org, netdev@...r.kernel.org, Siim Põder <siim@...rad-teel.net>, Julian Anastasov <ja@....bg>, Malcolm Turnbull <malcolm@...dbalancer.org>, Vince Busam <vbusam@...gle.com>, Herbert Xu <herbert@...dor.apana.org.au> Subject: Re: [rfc 0/3] IPVS: checksum updates On Mon, Sep 08, 2008 at 08:41:22PM +1000, Simon Horman wrote: > On Mon, Sep 08, 2008 at 12:03:04PM +0200, Julius Volz wrote: > > On Mon, Sep 8, 2008 at 4:04 AM, Simon Horman wrote: > > > Hi, > > > > > > The impetus for this series of patches is Julian Anastasov noting > > > that "load balance IPv4 connections from a local process" checks > > > for 0 TCP checksums. Herbert Xu confirmed that this is not legal, > > > even on loopback traffic, but that rather partial checksums are > > > possible. > > > > > > The first patch in this series is a proposed solution to handle > > > partial checksums for both TCP and UDP. > > > > > > The other two patches clean things up a bit. > > > > > > I have not tested this code beyond compilation yet. > > > > After some first tests, remote connections are still working, but not > > local ones from the director. The TCP handshake works and the > > connection is established, but all following packets arriving at the > > real server have an incorrect TCP checksum. > > > > Btw., this happens both with and without this last series of patches, > > so I can't get the local client feature working at all. Looking at it > > further... > > Ok, is this for both IPv4 & IPv6? Does it still occur with just the first > patch in this series applied? It's for both, although I only tested IPv4 at first. Here is a complete test matrix of what works when: CR = connection refused T = connection timeout C = connection established, but not working afterwards OK = working remote client | local client COMMIT v4 v6 | v4 v6 ======================================|================= CSUM 3/3 OK T | C T CSUM 2/3 OK T | C T CSUM 1/3 OK T | OK T W/O CSUM OK T | C T ... | f2428ed5 OK T | CR CR 4856c84c OK CR | CR CR f94fd041 (my last one) OK OK | CR CR So the last time that IPv6 was working _at all_ was at my last commit of the big v6 series... Julius -- Julius Volz - Corporate Operations - SysOps Google Switzerland GmbH - Identification No.: CH-020.4.028.116-1 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists