lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 4 Apr 2023 09:48:15 +0800
From:   Fei Cheng <chenwei.0515@...edance.com>
To:     Edward Cree <ecree.xilinx@...il.com>,
        Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc:     dsahern@...nel.org, davem@...emloft.net,
        netfilter-devel@...r.kernel.org,
        Network Development <netdev@...r.kernel.org>, ecree@....com
Subject: Re: [External] Re: [PATCH] udp:nat:vxlan tx after nat should recsum
 if vxlan tx offload on

Thank you for remind plain text.
Use csum_start to seperate these two cases, maybe a good idea.
1.Disable tx csum
skb->ip_summed ==  CHECKSUM_PARTIAL && skb_transport_header == udp
2.Enable tx csum
skb->ip_summed ==  CHECKSUM_PARTIAL && skb_transport_header != udp

Correct?

在 2023/4/3 下午6:56, Edward Cree 写道:
> On 02/04/2023 19:18, Willem de Bruijn wrote:
>> On Fri, Mar 31, 2023 at 10:31 PM Fei Cheng <chenwei.0515@...edance.com> wrote:
>>>
>>> From: "chenwei.0515" <chenwei.0515@...edance.com>
>>>
>>>      If vxlan-dev enable tx csum offload, there are two case of CHECKSUM_PARTIAL,
>>>      but udp->check donot have the both meanings.
>>>
>>>      1. vxlan-dev disable tx csum offload, udp->check is just pseudo hdr.
>>>      2. vxlan-dev enable tx csum offload, udp->check is pseudo hdr and
>>>         csum from outter l4 to innner l4.
>>>
>>>      Unfortunately if there is a nat process after vxlan tx,udp_manip_pkt just use
>>>      CSUM_PARTIAL to re csum PKT, which is just right on vxlan tx csum disable offload.
> 
> In case 1 csum_start should point to the (outer) UDP header, whereas in
>   case 2 csum_start should point to the inner L4 header (because in the
>   normal TX path w/o NAT, nothing else will ever need to touch the outer
>   csum after this point).
> 
>> The issue is that for encapsulated traffic with local checksum offload,
>> netfilter incorrectly recomputes the outer UDP checksum as if it is an
>> unencapsulated CHECKSUM_PARTIAL packet, correct?
> 
> So if netfilter sees a packet with CHECKSUM_PARTIAL whose csum_start
>   doesn't point to the header nf NAT is editing, that's exactly the case
>   where it needs to use lco_csum to calculate the new outer sum.  No?
> 
> -ed
> 
> PS. Fei, your emails aren't reaching the netdev mailing list, probably
>   because you're sending as HTML.  Please switch to plain text.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ