lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Oct 2013 21:05:42 -0400 From: Vlad Yasevich <vyasevich@...il.com> To: Fan Du <fan.du@...driver.com>, nhorman@...driver.com CC: steffen.klassert@...unet.com, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCHv3 net] {xfrm, sctp} Stick to software crc32 even if hardware is capable of that On 10/15/2013 05:19 AM, Fan Du wrote: > igb/ixgbe have hardware sctp checksum support, when this feature is enabled > and also IPsec is armed to protect sctp traffic, ugly things happened as > xfrm_output checks CHECKSUM_PARTIAL to do check sum operation(sum every thing > up and pack the 16bits result in the checksum field). The result is fail > establishment of sctp communication. > > Signed-off-by: Fan Du <fan.du@...driver.com> > Cc: Vlad Yasevich <vyasevich@...il.com> > Cc: Neil Horman <nhorman@...driver.com> > Cc: Steffen Klassert <steffen.klassert@...unet.com> > Acked-by: Vlad Yasevich <vyasevich@...il.com> Looks good to me. -vlad > --- > v3: > - Rename is_xfrm_armed by dst_xfrm > - Move this funtion in include/net/dst.h > > v2: > - Split v1 into two separate patches. > > --- > include/net/dst.h | 12 ++++++++++++ > net/sctp/output.c | 3 ++- > 2 files changed, 14 insertions(+), 1 deletion(-) > > diff --git a/include/net/dst.h b/include/net/dst.h > index 211dcf1..44995c1 100644 > --- a/include/net/dst.h > +++ b/include/net/dst.h > @@ -478,10 +478,22 @@ static inline struct dst_entry *xfrm_lookup(struct net *net, > { > return dst_orig; > } > + > +static inline struct xfrm_state *dst_xfrm(const struct dst_entry *dst) > +{ > + return NULL; > +} > + > #else > struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, > const struct flowi *fl, struct sock *sk, > int flags); > + > +/* skb attached with this dst needs transformation if dst->xfrm is valid */ > +static inline struct xfrm_state *dst_xfrm(const struct dst_entry *dst) > +{ > + return dst->xfrm; > +} > #endif > > #endif /* _NET_DST_H */ > diff --git a/net/sctp/output.c b/net/sctp/output.c > index 0ac3a65..24b3718 100644 > --- a/net/sctp/output.c > +++ b/net/sctp/output.c > @@ -536,7 +536,8 @@ int sctp_packet_transmit(struct sctp_packet *packet) > * by CRC32-C as described in <draft-ietf-tsvwg-sctpcsum-02.txt>. > */ > if (!sctp_checksum_disable) { > - if (!(dst->dev->features & NETIF_F_SCTP_CSUM)) { > + if (!(dst->dev->features & NETIF_F_SCTP_CSUM) || > + (dst_xfrm(dst) != NULL)) { > __u32 crc32 = sctp_start_cksum((__u8 *)sh, cksum_buf_len); > > /* 3) Put the resultant value into the checksum field in the > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists