lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130605094111.GB2522@raven>
Date:	Wed, 5 Jun 2013 10:41:11 +0100
From:	Tom Parkin <tparkin@...alix.com>
To:	Ben Hutchings <bhutchings@...arflare.com>
Cc:	netdev@...r.kernel.org, jchapman@...alix.com
Subject: Re: [PATCH] l2tp: avoid checksum offload for fragmented packets

On Mon, Jun 03, 2013 at 03:44:12PM +0100, Ben Hutchings wrote:
> On Mon, 2013-06-03 at 08:49 +0100, Tom Parkin wrote:
> > Hardware offload for UDP datagram checksum calculation doesn't work with
> > fragmented IP packets -- the device will note the fragmentation and leave the
> > UDP checksum well alone.
> > 
> > As such, if we expect the L2TP packet to be fragmented by the IP layer we need
> > to perform the UDP checksum ourselves in software (ref: net/ipv4/udp.c).
> >
> > This change modifies the L2TP xmit path to fallback to software checksum
> > calculation if the L2TP packet + IP header exceeds the tunnel device MTU.
> [...]
> 
> Surely this should be done in the IP stack when fragmenting, not in any
> particular client?
> 

Hmm, that's a good question.

I'm not sure it makes sense to push this down into the IP layer, though.  Since 
it's the UDP checksum we're calculating, it seems reasonable to handle it at 
the UDP layer (which is where L2TP sits when using UDP encapsulation).

If you're worried about reproducing similar code in both UDP and L2TP
I can see where you're coming from, but since UDP uses corking and
L2TP doesn't the data transmit path is quite dissimilar.  We could
probably do some work to share the code, but it doesn't seem worth it
for the amount of sharing we'd be able to achieve.
-- 
Tom Parkin
Katalix Systems Ltd
http://www.katalix.com
Catalysts for your Embedded Linux software development

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ