| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Aug 2010 23:16:27 -0500 From: Steve Chen <schen@...sta.com> To: Jesse Gross <jesse@...ira.com> Cc: David Miller <davem@...emloft.net>, brian.haley@...com, usagi-users-ctl@...linux-ipv6.org, netdev@...r.kernel.org Subject: Re: TAHI CN-6-4-1 failed on Linux 2.6.32 kernel On Fri, Aug 20, 2010 at 12:35 PM, Jesse Gross <jesse@...ira.com> wrote: > On Fri, Aug 20, 2010 at 1:16 PM, Steve Chen <schen@...sta.com> wrote: >> >> On Thu, Aug 19, 2010 at 7:06 PM, David Miller <davem@...emloft.net> wrote: >> > From: Steve Chen <schen@...sta.com> >> > Date: Thu, 19 Aug 2010 13:35:14 -0500 >> > >> >> I trace through the code. It appears that the network driver (e1000e >> >> for my setup) always set ip_summed to CHECKSUM_UNNECESSARY. I have >> >> been unsuccessful to get the driver to take the other branch where >> >> ip_summed is set to CHECKSUM_COMPLETE. Even when I hard code >> >> ip_summed to CHECKSUM_COMPLETE, __skb_checksum_complete_head set >> >> ip_summed to CHECKSUM_UNNECESSARY after recomputing the checksum. >> >> >> >> So far the only way I'm able to get ICMP to recompute checksum is >> >> through the attached hack. Even though I can get all the tests to >> >> pass, but it just seem wrong. >> > >> > If turning off hardware RX checksumming with ethtool has no effect, >> > and the problem is seen with multiple ethernet cards, the problem >> > is elsewhere. >> > >> > First of all, if you turn RX checksumming off, the checksum field >> > of the SKB should always be skb->ip_summed = 0. If this is not >> > happening, find out why. >> >> Ahhh, thats my problem. I incorrectly thought the ip_summed should be >> 2. The ip_summed is set to 1 in >> __skb_checksum_complete_head. Looking at the code, shouldn't >> >> if (likely(!sum)) >> >> be >> >> if (likely(sum)) >> >> Since sum == 0 would indicate an error? > > sum == 0 indicates that the checksum is correct. > If you compute the checksum of a packet containing the correct checksum the > result is 0. It's like a slightly more complicated varient of a parity bit. It appears the issue lies somewhere within CONNTRACK. A co-worker tested with CONNTRACK disable, and the test passed. Looks like I have a bit of homework to do. Thank you for all the helpful hints that got me this far. Steve -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists