lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Apr 2014 08:47:56 -0700 From: Tom Herbert <therbert@...gle.com> To: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> Cc: Linux Netdev List <netdev@...r.kernel.org>, David Miller <davem@...emloft.net> Subject: Re: [PATCH net-next 6/6] net: Implmement RFC 6936 (zero RX csums for UDP/IPv6) On Mon, Apr 7, 2014 at 6:17 PM, YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> wrote: > Tom Herbert wrote: > >>>> while (sk) { >>>> + if (!uh->check && !udp_sk(sk)->check6_zero_okay) { >>>> + /* >>>> + * If checksum in packet is zero and not all the >>>> + * sockets accept a zero checksum then declare >>>> + * a checksum error. >>>> + */ >>>> + flush_stack(stack, count, skb, ~0); >>>> + count = 0; >>>> + udp6_csum_zero_error(skb); >>>> + UDP6_INC_STATS_BH(net, UDP_MIB_CSUMERRORS, proto == IPPROTO_UDPLITE); >>>> + UDP6_INC_STATS_BH(net, UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE); >>>> + break; >>>> + } >>>> stack[count++] = sk; >>>> sk = udp_v6_mcast_next(net, sk_nulls_next(sk), uh->dest, daddr, >>>> uh->source, saddr, dif); >>> >>> This seems wrong; packets with zero-checksum will not be delivered to >>> some sockets if some of sockets accept zero-checksums and others do not. >>> >> Okay, I suppose delivering to some and not others is reasonable, >> although there's no accounting for the non-deliverables-- I suppose >> there's no completely clean way to do this... > > Well, I believe that supporting UDP packets with zero-checksum > should be implemented in a consistent way with UDP-lite. > Zero-checksum is disallowed for UDP-lite RFC3828, we can't change that. >>> BTW, I have been thinking that we should introduce 4 options >>> (or bits) for IPv4/IPv6 checksumming for sender/receiver. >>> >> What are these 4 options? > > I meant combination of {ipv4,ipv6} and {sender,receiver}. > I suppose you mean more granularity to enable zero checksums for v4 and v6 UDP TX, and allow zero checksum on RX for v6 UDP (no options for v4 RX). I'm leery about making it easier to use zero checksums, we should be encouraging use of UDP checksums. Consider VXLAN draft which says that UDP checksum should be zero-- this means that the vni is sent with no protection against corruption (this is L3 so any Ethernet CRC doesn't count). So with a single bit flip we might send packets to wrong VM thus breaking isolation which is fundamental in network virtualization. A goal of my patches is to make CHECKSUM_COMPLETE efficient and a better option for devices, then sending UDP csums with zero is less compelling. > --yoshfuji > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists