lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 26 Dec 2019 13:34:57 -0800
From:   Tom Herbert <tom@...bertland.com>
To:     davem@...emloft.net, netdev@...r.kernel.org
Cc:     Tom Herbert <tom@...bertland.com>
Subject: [PATCH net-next 0/2] net: Warning for protocol specific transmit checksum

Apparently, not everyone got the message of "Less Is More" with regards
to checksum offload (https://www.youtube.com/watch?v=6VgmazGwL_Y). Some
vendors are still using the deprecated versions of checksum offload in
new devices. As more complex protocol combinations are commonly used and
supported, continued use of protocol specific checksum offloads is not
sustainable-- it needs complex driver code, gives limited functionality,
and is hard to make robust and to test all the edge cases for
correctness. This is particularly true for protocol specific transmit
checksum offload.

Consider for instance, that when a segment routing header is inserted in
a packet after the IPv6 header and before the a TCP header, if the
offloading device attempts to compute the checksum over the pseudo
header then the calculated value would likely be incorrect since the IP
destination address is not the same as the final address for termination
of TCP. The upshot is that if a device supports protocol specific
checksum offload then the driver has to ensure that the packet only
contains protocol that the device will understand; in the worst case
scenario of protocol specific transmit offloads this degenerates to the
driver having to parse the TX packet just to see if the device will be
able to handle it (i40 driver for example).

This patch set adds a warning message for using NETIF_F_IP_CSUM or
NETIF_F_IPV6_CSUM. Documentation/networking/netdev-features.txt is also
modified with more detail about converting legacy drivers to use
NETIF_F_HW_CSUM (that is, use the protocol generic API even if the
device only support protocol specific checksum offload). Once all
drivers have been converted to  NETIF_F_HW_CSUM then NETIF_F_IP_CSUM
and NETIF_F_IPV6_CSUM can be removed.

Tom Herbert (2):
  net: Documentation about deprecating NETIF_F_IP{V6}_CSUM
  net: Warning about use of deprecated TX checksum offload

 Documentation/networking/netdev-features.txt | 7 ++++++-
 net/core/dev.c                               | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ