lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKUBDd9TjFTvXSEL=+J02PVndNG-gcrMOpRo_MFp4J-oOnLrvQ@mail.gmail.com>
Date:	Thu, 24 Mar 2016 21:44:45 -0400
From:	Vijay Pandurangan <vijayp@...ayp.ca>
To:	Ben Greear <greearb@...delatech.com>
Cc:	Cong Wang <xiyou.wangcong@...il.com>,
	netdev <netdev@...r.kernel.org>, Evan Jones <ej@...njones.ca>,
	Cong Wang <cwang@...pensource.com>
Subject: Re: veth regression with "don’t modify ip_summed; doing so treats packets with bad checksums as good."

Oops, I think my last email didn't go through due to an inadvertent
html attachment from my phone mail client.

Can you send us a copy of a packet you're sending and/or confirm that
the IP and UDP4 checksums are set correctly in the packet?

If those are set right, I think we need to read through the networking
code again to see why this is broken...



On Thu, Mar 24, 2016 at 9:13 PM, Ben Greear <greearb@...delatech.com> wrote:
> On 03/24/2016 06:11 PM, Ben Greear wrote:
>>
>> On 03/24/2016 05:06 PM, Ben Greear wrote:
>>>
>>> On 03/24/2016 04:56 PM, Cong Wang wrote:
>>>>
>>>> On Thu, Mar 24, 2016 at 3:01 PM, Ben Greear <greearb@...delatech.com>
>>>> wrote:
>>>>>
>>>>> I have an application that creates two pairs of veth devices.
>>>>>
>>>>> a <-> b       c <-> d
>>>>>
>>>>> b and c have a raw packet socket opened on them and I 'bridge' frames
>>>>> between b and c to provide network emulation (ie, configurable delay).
>>>>>
>>>>
>>>> IIUC, you create two raw sockets in order to bridge these two veth
>>>> pairs?
>>>> That is, to receive packets on one socket and deliver packets on the
>>>> other?
>>>
>>>
>>> Yes.
>>>
>>>>> I put IP 1.1.1.1/24 on a, 1.1.1.2/24 on d, and then create a UDP
>>>>> connection
>>>>> (using policy based routing to ensure frames are sent on the
>>>>> appropriate
>>>>> interfaces).
>>>>>
>>>>> This is user-space only app, and kernel in this case is completely
>>>>> unmodified.
>>>>>
>>>>> The commit below breaks this feature:  UDP frames are sniffed on both a
>>>>> and
>>>>> d ports
>>>>> (in both directions), but the UDP socket does not receive frames.
>>>>>
>>>>> Using normal ethernet ports, this network emulation feature works fine,
>>>>> so
>>>>> it is
>>>>> specific to VETH.
>>>>>
>>>>> A similar test with just sending UDP between a single veth pair:  e <->
>>>>> f
>>>>> works fine.  Maybe it has something to do with raw packets?
>>>>>
>>>>
>>>> Yeah, I have the same feeling. Could you trace kfree_skb() to see
>>>> where these packets are dropped? At UDP layer?
>>>
>>>
>>> Since reverting the patch fixes this, it almost certainly has to be due
>>> to some
>>> checksum checking logic.  Since UDP sockets (between single veth pair)
>>> works, it would appear to be related to my packet bridge, so maybe
>>> it is specific to raw packets and/or sendmmsg api.
>>>
>>> I'll investigate it better tomorrow.
>>
>>
>> So, I found time to poke at it this evening:
>>
>> Sending between two veth pairs, no packet bridge involved.
>
>
> Errrr, to be clear:  I mean sending between two ends of a single veth pair
> here.
>
>>
>> UDP:  ip_summed is 3 (CHECKSUM_PARTIAL)   # Works fine.
>> raw packet frames, custom ether protocol (0x1111 type):  ip_summed is 0
>> (NONE) # Works fine.
>>
>> When I try to send UDP through the veth pairs & pkt bridge, I see this:
>
>
> Thanks,
> Ben
>
> --
> Ben Greear <greearb@...delatech.com>
> Candela Technologies Inc  http://www.candelatech.com
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ