lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Apr 2014 12:51:40 -0400 From: Vlad Yasevich <vyasevic@...hat.com> To: netdev@...r.kernel.org Cc: daniel.lezcano@...e.fr, nightnord@...il.com, kaber@...sh.net, eric.dumazet@...il.com, mst@...hat.com, jasowang@...hat.com, Vlad Yasevich <vyasevic@...hat.com> Subject: [PATCH 1/2] mactap: Fix checksum errors for non-gso packets in bridge mode The following is a problematic configuration: VM1: virtio-net device connected to macvtap0@...0 VM2: e1000 device connect to macvtap1@...0 The problem is is that virtio-net supports checksum offloading and thus sends the packets to the host with CHECKSUM_PARTIAL set. On the other hand, e1000 does not support any acceleration. For small TCP packets (and this includes the 3-way handshake), e1000 ends up receiving packets that only have a partial checksum set. This causes TCP to fail checksum validation and to drop packets. As a result tcp connections can not be established. Commit 3e4f8b787370978733ca6cae452720a4f0c296b8 macvtap: Perform GSO on forwarding path. fixes this issue for large packets wthat will end up undergoing GSO. This commit adds a check for the non-GSO case and attempts to compute the checksum for partially checksummed packets in the non-GSO case. CC: Daniel Lezcano <daniel.lezcano@...e.fr> CC: Patrick McHardy <kaber@...sh.net> CC: Andrian Nord <nightnord@...il.com> CC: Eric Dumazet <eric.dumazet@...il.com> CC: Michael S. Tsirkin <mst@...hat.com> CC: Jason Wang <jasowang@...hat.com> Signed-off-by: Vlad Yasevich <vyasevic@...hat.com> --- drivers/net/macvtap.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index ff111a8..ba91084 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c @@ -322,6 +322,13 @@ static rx_handler_result_t macvtap_handle_frame(struct sk_buff **pskb) segs = nskb; } } else { + /* If we receive a partial checksum and the tap side + * doesn't support checksum offload, compute the checksum. + */ + if (skb->ip_summed == CHECKSUM_PARTIAL && + !(features & NETIF_F_ALL_CSUM) && + skb_checksum_help(skb)) + goto drop; skb_queue_tail(&q->sk.sk_receive_queue, skb); } -- 1.9.0 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists