Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965097AbbLSVB3 (ORCPT ); Sat, 19 Dec 2015 16:01:29 -0500 Received: from mail-yk0-f181.google.com ([209.85.160.181]:33884 "EHLO mail-yk0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752982AbbLSVB1 (ORCPT ); Sat, 19 Dec 2015 16:01:27 -0500 MIME-Version: 1.0 In-Reply-To: References: Date: Sat, 19 Dec 2015 13:01:27 -0800 Message-ID: Subject: Re: [PATCH] veth: don't modify ip-summed; doing so treats packets with bad checksums as good. From: Cong Wang To: Vijay Pandurangan Cc: Nicolas Dichtel , Phil Sutter , Toshiaki Makita , Linux Kernel Network Developers , LKML , Evan Jones , Eric Biederman , Tom Herbert Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 937 Lines: 24 On Fri, Dec 18, 2015 at 11:42 AM, Vijay Pandurangan wrote: > Evan and I have demonstrated this bug on Kubernetes as well, so it's > not just a problem in Mesos. (See > https://github.com/kubernetes/kubernetes/issues/18898) > Interesting... then this problem is much more serious than I thought. Looks like in RX path the bridge sets the checksum to CHECKSUM_NONE too: static inline void skb_forward_csum(struct sk_buff *skb) { /* Unfortunately we don't support this one. Any brave souls? */ if (skb->ip_summed == CHECKSUM_COMPLETE) skb->ip_summed = CHECKSUM_NONE; } I guess this is probably why Docker/Kubernetes could be affected too. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/