lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Dec 2019 13:34:57 -0800 From: Tom Herbert <tom@...bertland.com> To: davem@...emloft.net, netdev@...r.kernel.org Cc: Tom Herbert <tom@...bertland.com> Subject: [PATCH net-next 0/2] net: Warning for protocol specific transmit checksum Apparently, not everyone got the message of "Less Is More" with regards to checksum offload (https://www.youtube.com/watch?v=6VgmazGwL_Y). Some vendors are still using the deprecated versions of checksum offload in new devices. As more complex protocol combinations are commonly used and supported, continued use of protocol specific checksum offloads is not sustainable-- it needs complex driver code, gives limited functionality, and is hard to make robust and to test all the edge cases for correctness. This is particularly true for protocol specific transmit checksum offload. Consider for instance, that when a segment routing header is inserted in a packet after the IPv6 header and before the a TCP header, if the offloading device attempts to compute the checksum over the pseudo header then the calculated value would likely be incorrect since the IP destination address is not the same as the final address for termination of TCP. The upshot is that if a device supports protocol specific checksum offload then the driver has to ensure that the packet only contains protocol that the device will understand; in the worst case scenario of protocol specific transmit offloads this degenerates to the driver having to parse the TX packet just to see if the device will be able to handle it (i40 driver for example). This patch set adds a warning message for using NETIF_F_IP_CSUM or NETIF_F_IPV6_CSUM. Documentation/networking/netdev-features.txt is also modified with more detail about converting legacy drivers to use NETIF_F_HW_CSUM (that is, use the protocol generic API even if the device only support protocol specific checksum offload). Once all drivers have been converted to NETIF_F_HW_CSUM then NETIF_F_IP_CSUM and NETIF_F_IPV6_CSUM can be removed. Tom Herbert (2): net: Documentation about deprecating NETIF_F_IP{V6}_CSUM net: Warning about use of deprecated TX checksum offload Documentation/networking/netdev-features.txt | 7 ++++++- net/core/dev.c | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) -- 2.7.4
Powered by blists - more mailing lists