Re: [PATCH 3.2 085/115] veth: donât modify ip_summed; doing so treats packets with bad checksums as good.

From: Ben Greear
Date: Sat Apr 30 2016 - 16:59:39 EST

Next message: Greg KH: "Re: [PATCH 1/3] Drivers: hv: balloon: don't crash when memory is added in non-sorted order"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] parport: parport_pc: PCI SIO access should also depend on SIO option"
In reply to: Tom Herbert: "Re: [PATCH 3.2 085/115] veth: donât modify ip_summed; doing so treats packets with bad checksums as good."
Next in thread: Vijay Pandurangan: "Re: [PATCH 3.2 085/115] veth: donât modify ip_summed; doing so treats packets with bad checksums as good."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/30/2016 12:54 PM, Tom Herbert wrote:

We've put considerable effort into cleaning up the checksum interface
to make it as unambiguous as possible, please be very careful to
follow it. Broken checksum processing is really hard to detect and
debug.

CHECKSUM_UNNECESSARY means that some number of _specific_ checksums
(indicated by csum_level) have been verified to be correct in a
packet. Blindly promoting CHECKSUM_NONE to CHECKSUM_UNNECESSARY is
never right. If CHECKSUM_UNNECESSARY is set in such a manner but the
checksum it would refer to has not been verified and is incorrect this
is a major bug.

Suppose I know that the packet received on a packet-socket has
already been verified by a NIC that supports hardware checksumming.

Then, I want to transmit it on a veth interface using a second
packet socket. I do not want veth to recalculate the checksum on
transmit, nor to validate it on the peer veth on receive, because I do
not want to waste the CPU cycles. I am assuming that my app is not
accidentally corrupting frames, so the checksum can never be bad.

How should the checksumming be configured for the packets going into
the packet-socket from user-space?

Also, I might want to send raw frames that do have
broken checksums (lets assume a real NIC, not veth), and I want them
to hit the wire with those bad checksums.

How do I configure the checksumming in this case?

Thanks,
Ben

Tom

On Sat, Apr 30, 2016 at 12:40 PM, Ben Greear <greearb@xxxxxxxxxxxxxxx> wrote:

On 04/30/2016 11:33 AM, Ben Hutchings wrote:

On Thu, 2016-04-28 at 12:29 +0200, Sabrina Dubroca wrote:

Hello,

http://dmz2.candelatech.com/?p=linux-4.4.dev.y/.git;a=commitdiff;h=8153e983c0e5eba1aafe1fc296248ed2a553f1ac;hp=454b07405d694dad52e7f41af5816eed0190da8a

Actually, no, this is not really a regression.

[...]

It really is. Even though the old behaviour was a bug (raw packets
should not be changed), if there are real applications that depend on
that then we have to keep those applications working somehow.

To be honest, I fail to see why the old behaviour is a bug when sending
raw packets from user-space. If raw packets should not be changed, then
we need some way to specify what the checksum setting is to begin with,
otherwise, user-space has not enough control.

A socket option for new programs, and sysctl configurable defaults for raw
sockets
for old binary programs would be sufficient I think.

Thanks,
Ben

--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc http://www.candelatech.com

--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc http://www.candelatech.com

Next message: Greg KH: "Re: [PATCH 1/3] Drivers: hv: balloon: don't crash when memory is added in non-sorted order"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] parport: parport_pc: PCI SIO access should also depend on SIO option"
In reply to: Tom Herbert: "Re: [PATCH 3.2 085/115] veth: donât modify ip_summed; doing so treats packets with bad checksums as good."
Next in thread: Vijay Pandurangan: "Re: [PATCH 3.2 085/115] veth: donât modify ip_summed; doing so treats packets with bad checksums as good."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]