lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 16 Feb 2016 14:47:59 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	jesse@...nel.org
Cc:	jbenc@...hat.com, pabeni@...hat.com, netdev@...r.kernel.org,
	pshelar@...ira.com, tgraf@...g.ch
Subject: Re: [PATCH net-next] lwt: fix rx checksum setting for lwt devices
 tunneling over ipv6

From: Jesse Gross <jesse@...nel.org>
Date: Tue, 16 Feb 2016 10:22:38 -0800

> On Thu, Feb 11, 2016 at 2:41 AM, Jiri Benc <jbenc@...hat.com> wrote:
> There's a bigger problem here, not really related to lightweight tunnels or OVS.
> 
> The VXLAN RFC says (referring to the UDP checksum and not specific to IPv4/v6):
> "It SHOULD be transmitted as zero. When a packet is received with a
> UDP checksum of zero, it MUST be accepted for decapsulation."
> 
> We can debate whether this is correct or whether it conflicts with RFC
> 2460 but this is what essentially everyone is going to implement. With
> the default settings of the flags in IPv6, we are violating both
> statements. With the second one in particular, the result is that
> Linux will not be able to communicate with any non-Linux VXLAN
> endpoint over IPv6 with default settings.

I do not see any such conflict here.

It's a SHOULD, therefore a recommendation.  Likely they thought this
would improve performance, and ironically it has the opposite effect.

The text of the VXLAN RFC does not say that the checksum MUST be sent
as zero, and it also does not say that receiving a non-zero checksum
is violating the RFC.

I therefore do not see the interoperability issue.  Maybe some
deployed systems will run more slowly or hit a slot path (which is not
our problem), but they absolutely should not drop such frames.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ