lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56DD69C2.4070900@mojatatu.com>
Date:	Mon, 7 Mar 2016 06:45:06 -0500
From:	Jamal Hadi Salim <jhs@...atatu.com>
To:	Phil Sutter <phil@....cc>, netdev@...r.kernel.org
Subject: Re: [iproute PATCH 02/12] man: Add a man page for the csum action.

On 16-03-04 07:11 AM, Phil Sutter wrote:
> Cc: Gregoire Baron <baronchon@...m.org>
> Signed-off-by: Phil Sutter <phil@....cc>
> ---
>   man/man8/tc-csum.8 | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 54 insertions(+)
>   create mode 100644 man/man8/tc-csum.8
>
> diff --git a/man/man8/tc-csum.8 b/man/man8/tc-csum.8
> new file mode 100644
> index 0000000000000..9d00aae346af0
> --- /dev/null
> +++ b/man/man8/tc-csum.8
> @@ -0,0 +1,54 @@
> +.TH "Checksum action in tc" 8 "11 Jan 2015" "iproute2" "Linux"
> +
> +.SH NAME
> +csum - checksum update action
> +.SH SYNOPSIS
> +.in +8
> +.ti -8
> +.BR tc " ... " "action csum"
> +.I UPDATE
> +
> +.ti -8
> +.IR UPDATE " := " TARGET " [ " UPDATE " ]"
> +
> +.ti -8
> +.IR TARGET " := { "
> +.BR ip4h " |"
> +.BR icmp " |"
> +.BR igmp " |"
> +.BR tcp " |"
> +.BR udp " |"
> +.BR udplite " |"
> +.IR SWEETS " }"
> +
> +.ti -8
> +.IR SWEETS " := { "
> +.BR and " | " or " | " + " }"
> +.SH DESCRIPTION
> +The
> +.B csum
> +action triggers checksum recalculation of specified packet headers. It is
> +commonly used after packet editing using the
> +.B pedit
> +action to fix for then incorrect checksums.


Would it make sense to add an example? From the commit log:
---

      # In order to DNAT (stateless) IPv4 packet from 192.168.1.100 to
      #  0x12345678 (18.52.86.120), and update the IPv4 header checksum and
      #  the UDP checksum (the last one, only if the packet is UDP).
     tc filter add eth0 prio 1 protocol ip parent ffff: \
       u32 match ip src 192.168.1.100/32 flowid :1 \
         action pedit munge offset 16 u32 set 0x12345678 \
           pipe csum ip and udp

      # In order to alter destination address of IPv6 TCP packets from 
fc00::1
      #  and correct the TCP checksum (nothing happened? except maybe for
      #  checksums in the TCP payload ...).
     tc filter add eth0 prio 1 protocol ipv6 parent ffff: \
       u32 match ip6 src fc00::1/128 match ip6 protocol 0x06 0xff flowid 
:1 \
         action pedit munge offset 24 u32 set 0x12345678 \
           pipe csum tcp

-----

cheers,
jamal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ