lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTimJAOsJQJ73=xummDuz_xgiyzhSXLJV=VEY=XVx@mail.gmail.com>
Date:	Fri, 20 Aug 2010 23:16:27 -0500
From:	Steve Chen <schen@...sta.com>
To:	Jesse Gross <jesse@...ira.com>
Cc:	David Miller <davem@...emloft.net>, brian.haley@...com,
	usagi-users-ctl@...linux-ipv6.org, netdev@...r.kernel.org
Subject: Re: TAHI CN-6-4-1 failed on Linux 2.6.32 kernel

On Fri, Aug 20, 2010 at 12:35 PM, Jesse Gross <jesse@...ira.com> wrote:
> On Fri, Aug 20, 2010 at 1:16 PM, Steve Chen <schen@...sta.com> wrote:
>>
>> On Thu, Aug 19, 2010 at 7:06 PM, David Miller <davem@...emloft.net> wrote:
>> > From: Steve Chen <schen@...sta.com>
>> > Date: Thu, 19 Aug 2010 13:35:14 -0500
>> >
>> >> I trace through the code.  It appears that the network driver (e1000e
>> >> for my setup) always set ip_summed to CHECKSUM_UNNECESSARY.  I have
>> >> been unsuccessful to get the driver to take the other branch where
>> >> ip_summed is set to CHECKSUM_COMPLETE.  Even when I hard code
>> >> ip_summed to CHECKSUM_COMPLETE, __skb_checksum_complete_head set
>> >> ip_summed to CHECKSUM_UNNECESSARY after recomputing the checksum.
>> >>
>> >> So far the only way I'm able to get ICMP to recompute checksum is
>> >> through the attached hack.  Even though I can get all the tests to
>> >> pass, but it just seem wrong.
>> >
>> > If turning off hardware RX checksumming with ethtool has no effect,
>> > and the problem is seen with multiple ethernet cards, the problem
>> > is elsewhere.
>> >
>> > First of all, if you turn RX checksumming off, the checksum field
>> > of the SKB should always be skb->ip_summed = 0.  If this is not
>> > happening, find out why.
>>
>> Ahhh, thats my problem.  I incorrectly thought the ip_summed should be
>> 2.  The ip_summed is set to 1 in
>> __skb_checksum_complete_head.  Looking at the code, shouldn't
>>
>> if (likely(!sum))
>>
>> be
>>
>> if (likely(sum))
>>
>> Since sum == 0 would indicate an error?
>
> sum == 0 indicates that the checksum is correct.
> If you compute the checksum of a packet containing the correct checksum the
> result is 0.  It's like a slightly more complicated varient of a parity bit.

It appears the issue lies somewhere within CONNTRACK.  A co-worker
tested with CONNTRACK disable, and the test passed.  Looks like I have
a bit of homework to do.  Thank you for all the helpful hints that got
me this far.

Steve
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ