lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 24 Aug 2011 15:04:37 +0800
From:	"Yan, Zheng " <yanzheng@...n.com>
To:	Ang Way Chuang <wcang@....wide.ad.jp>
Cc:	Eric Dumazet <eric.dumazet@...il.com>, netdev@...r.kernel.org,
	Linus Lüssing <linus.luessing@....de>,
	Herbert Xu <herbert@...dor.apana.org.au>
Subject: Re: IPv6 multicast snooping behaviour on 2.6.39-rc2 and later

On Wed, Aug 24, 2011 at 1:24 AM, Ang Way Chuang <wcang@....wide.ad.jp> wrote:
> This is what I found so far from debugging.
>
> The packet is not forwarded due to the failed checksum at
> br_multicast.c:1533
>
>        case CHECKSUM_NONE:
>                skb2->csum = 0;
>                if (skb_checksum_complete(skb2))
>                        goto out;
>        }
>
> Contrary to description of commit ff9a57a6, when the patch of commit
> ff9a57a6 is applied,
> pskb_trim_rcsum is never called at all on my testbed. When commit ff9a57a6
> is reverted,
> pskb_trim_rcsum will be called. The difference is:
>
> with commit ff9a57a6,
>   pskb_trim_rcsum is never called, br_multicast_ipv6_rcv returns -EINVAL
> which causes
>   br_handle_frame_finish to drop the packet
>
> without commit ff9a57a6,
>   pskb_trim_rcsum is called overwriting err with 0. br_multicast_ipv6_rcv
> still fails on the
>   same line (skb_checksum_complete). But the difference is err is set to 0
> this time. Thereby,
>   allowing the packet to be forwarded.
>
> Anyway, I don't think the behaviour is correct with or without commit
> ff9a57a6
>
>

Looks like a checksum calculation bug. Please try below patch, Thanks.

---
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 2d85ca7..22d2d1a 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1520,16 +1520,23 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
 		err = pskb_trim_rcsum(skb2, len);
 		if (err)
 			goto out;
+		err = -EINVAL;
 	}

+	ip6h = ipv6_hdr(skb2);
+
 	switch (skb2->ip_summed) {
 	case CHECKSUM_COMPLETE:
-		if (!csum_fold(skb2->csum))
+		if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, skb2->len,
+					IPPROTO_ICMPV6, skb2->csum))
 			break;
 		/*FALLTHROUGH*/
 	case CHECKSUM_NONE:
-		skb2->csum = 0;
-		if (skb_checksum_complete(skb2))
+		skb2->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr,
+							&ip6h->daddr,
+							skb2->len,
+							IPPROTO_ICMPV6, 0));
+		if (__skb_checksum_complete(skb2))
 			goto out;
 	}

---
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ