| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191223174535.GF6274@localhost.localdomain>
Date: Mon, 23 Dec 2019 18:45:35 +0100
From: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
To: netdev@...r.kernel.org
Cc: dcaratti@...hat.com, lucien.xin@...il.com,
marcelo.leitner@...il.com
Subject: SCTP over GRE (w csum)
Hi all,
I am currently working on the following scenario:
sctp --> ipv4 --> gretap --> ipv6 --> eth
If NETIF_F_SCTP_CRC is not supported by the network device (it is the
case for gre), sctp will fallback computing the crc32 in sw with
sctp_gso_make_checksum(), where SKB_GSO_CB(skb)->csum is set to ~0 by
gso_reset_checksum(). After the gso segmentation, gre_gso_segment()
will try to compute gre csum with gso_make_checksum() even if skb->ip_summed
is set to CHECKSUM_NONE (and so using ~0 as partial).
One possible (trivial and not tested) solution would be to recompute the
gre checksum, doing in gre_gso_segment() something like:
if (skb->ip_summed == CHECKSUM_NONE) {
...
err = skb_checksum_help(skb);
if (err < 0)
return return ERR_PTR(err);
} else {
*pcsum = gso_make_checksum(skb, 0);
}
One possible improvement would be offload the GRE checksum computation if the
hw exports this capability in netdev_features and fall back to the sw
implementation if not.
Am I missing something? Is there a better approach?
Regards,
Lorenzo
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists