| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Sep 2008 21:57:35 +1000 From: Simon Horman <horms@...ge.net.au> To: Julius Volz <juliusv@...gle.com> Cc: lvs-devel@...r.kernel.org, netdev@...r.kernel.org, Siim Põder <siim@...rad-teel.net>, Julian Anastasov <ja@....bg>, Malcolm Turnbull <malcolm@...dbalancer.org>, Vince Busam <vbusam@...gle.com>, Herbert Xu <herbert@...dor.apana.org.au> Subject: Re: [rfc 0/3] IPVS: checksum updates On Mon, Sep 08, 2008 at 01:42:59PM +0200, Julius Volz wrote: > On Mon, Sep 08, 2008 at 08:41:22PM +1000, Simon Horman wrote: > > On Mon, Sep 08, 2008 at 12:03:04PM +0200, Julius Volz wrote: > > > On Mon, Sep 8, 2008 at 4:04 AM, Simon Horman wrote: > > > > Hi, > > > > > > > > The impetus for this series of patches is Julian Anastasov noting > > > > that "load balance IPv4 connections from a local process" checks > > > > for 0 TCP checksums. Herbert Xu confirmed that this is not legal, > > > > even on loopback traffic, but that rather partial checksums are > > > > possible. > > > > > > > > The first patch in this series is a proposed solution to handle > > > > partial checksums for both TCP and UDP. > > > > > > > > The other two patches clean things up a bit. > > > > > > > > I have not tested this code beyond compilation yet. > > > > > > After some first tests, remote connections are still working, but not > > > local ones from the director. The TCP handshake works and the > > > connection is established, but all following packets arriving at the > > > real server have an incorrect TCP checksum. > > > > > > Btw., this happens both with and without this last series of patches, > > > so I can't get the local client feature working at all. Looking at it > > > further... > > > > Ok, is this for both IPv4 & IPv6? Does it still occur with just the first > > patch in this series applied? > > It's for both, although I only tested IPv4 at first. Here is a complete > test matrix of what works when: > > CR = connection refused > T = connection timeout > C = connection established, but not working afterwards > OK = working > > remote client | local client > COMMIT v4 v6 | v4 v6 > ======================================|================= > CSUM 3/3 OK T | C T > CSUM 2/3 OK T | C T > CSUM 1/3 OK T | OK T > W/O CSUM OK T | C T > ... | > f2428ed5 OK T | CR CR > 4856c84c OK CR | CR CR > f94fd041 (my last one) OK OK | CR CR > > So the last time that IPv6 was working _at all_ was at my last commit of > the big v6 series... Ok, I'm really sorry about that :-( Do you want me to revert f2428ed5 & 4856c84c until this has been tracked down? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists