lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <25fe50f2-9f1d-ec48-52af-780eb9ba6e09@bytedance.com> Date: Tue, 4 Apr 2023 09:48:15 +0800 From: Fei Cheng <chenwei.0515@...edance.com> To: Edward Cree <ecree.xilinx@...il.com>, Willem de Bruijn <willemdebruijn.kernel@...il.com> Cc: dsahern@...nel.org, davem@...emloft.net, netfilter-devel@...r.kernel.org, Network Development <netdev@...r.kernel.org>, ecree@....com Subject: Re: [External] Re: [PATCH] udp:nat:vxlan tx after nat should recsum if vxlan tx offload on Thank you for remind plain text. Use csum_start to seperate these two cases, maybe a good idea. 1.Disable tx csum skb->ip_summed == CHECKSUM_PARTIAL && skb_transport_header == udp 2.Enable tx csum skb->ip_summed == CHECKSUM_PARTIAL && skb_transport_header != udp Correct? 在 2023/4/3 下午6:56, Edward Cree 写道: > On 02/04/2023 19:18, Willem de Bruijn wrote: >> On Fri, Mar 31, 2023 at 10:31 PM Fei Cheng <chenwei.0515@...edance.com> wrote: >>> >>> From: "chenwei.0515" <chenwei.0515@...edance.com> >>> >>> If vxlan-dev enable tx csum offload, there are two case of CHECKSUM_PARTIAL, >>> but udp->check donot have the both meanings. >>> >>> 1. vxlan-dev disable tx csum offload, udp->check is just pseudo hdr. >>> 2. vxlan-dev enable tx csum offload, udp->check is pseudo hdr and >>> csum from outter l4 to innner l4. >>> >>> Unfortunately if there is a nat process after vxlan tx,udp_manip_pkt just use >>> CSUM_PARTIAL to re csum PKT, which is just right on vxlan tx csum disable offload. > > In case 1 csum_start should point to the (outer) UDP header, whereas in > case 2 csum_start should point to the inner L4 header (because in the > normal TX path w/o NAT, nothing else will ever need to touch the outer > csum after this point). > >> The issue is that for encapsulated traffic with local checksum offload, >> netfilter incorrectly recomputes the outer UDP checksum as if it is an >> unencapsulated CHECKSUM_PARTIAL packet, correct? > > So if netfilter sees a packet with CHECKSUM_PARTIAL whose csum_start > doesn't point to the header nf NAT is editing, that's exactly the case > where it needs to use lco_csum to calculate the new outer sum. No? > > -ed > > PS. Fei, your emails aren't reaching the netdev mailing list, probably > because you're sending as HTML. Please switch to plain text.
Powered by blists - more mailing lists