Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1398872iob; Wed, 4 May 2022 23:38:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyDJ3jkE59kq+AjDEOIZKXJhgj+bXRcCBR70tM3TMZz8uuSeLjZ7i6Kip9Cz0trKPpElqRW X-Received: by 2002:a65:6412:0:b0:3c1:7976:5be8 with SMTP id a18-20020a656412000000b003c179765be8mr21461365pgv.580.1651732695975; Wed, 04 May 2022 23:38:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651732695; cv=none; d=google.com; s=arc-20160816; b=LK0tJmz6vR8G89AloZ59UIevhaN7BgtFU7gHg5vaJJFyVeT/4evW9Vy8nj+g6BvL1p /WQ9cFmryFZ7DU6bfR9xVMR0hnNFL5n78FcdblT4V0mTmN6hmtfigQEIcWFTTA0gUgfD SfnjPlhwR7D57SSLcatl3EOttO4030o0HpRx/zAKxrlog7RZNy+iZhca4nVL9uvU+FqJ mPSllTyQDfh0MqIiy1u6XIWw0gMjYWzWzwpwNo00KHQSYJXti9DGuSnF7uw/3NkZXtsA mkL7NGIHlWKClmAQjs6Jfkv+6j0gWst/S3dmxssq7RRfu8aJeXY1NApJSxlazT3/CZQd +w6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=AkasErRqRTkwGDbEcjTTiLi8jf5c9GU7c17yNd0+plk=; b=Vg/PnCg3K6PSGs+8ld23RPhkwV1BFsI1+z7aA8nKBZTmnsVruzBBoBq/2EX4rrPoF9 4pcb5hsdNXZFBZGeWHQxYdW0QUZYI+yJmZUS/gVKlGFbTA7g+J438lJoYjpV1s5J/FFF 7R+QC+ISEy3s5z5LsNAe6/2DrHO7gSfX9ps0colpgp6vS5Mf0U7G0l6QplA7/YHzS+kk yxu4I333D5KOnlDrSw1UZDMdJxC0wbTSBhrmnQ746NgH7Oya+tsgMzUg+WmDoHb5PsvG jmF/PXmeQqedPcPChFTXf7iBZWiPEsC6hazISLbRZU3v+RgnFY0qykOJQavPO6lytsXh 5AOg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 25-20020aa79219000000b0050d5d6ea474si718361pfo.85.2022.05.04.23.37.52; Wed, 04 May 2022 23:38:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347991AbiEDKUu (ORCPT + 99 others); Wed, 4 May 2022 06:20:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229778AbiEDKUr (ORCPT ); Wed, 4 May 2022 06:20:47 -0400 X-Greylist: delayed 657 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 04 May 2022 03:17:09 PDT Received: from mail.aperture-lab.de (mail.aperture-lab.de [IPv6:2a01:4f8:c2c:665b::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC0CA1EACB; Wed, 4 May 2022 03:17:09 -0700 (PDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id E10F54116B; Wed, 4 May 2022 12:06:02 +0200 (CEST) Date: Wed, 4 May 2022 12:06:00 +0200 From: Linus =?utf-8?Q?L=C3=BCssing?= To: Kevin Mitchell Cc: Matthias Schiffer , Hideaki YOSHIFUJI , netdev@vger.kernel.org, gal@nvidia.com, bridge@lists.linux-foundation.org, Florian Westphal , linux-kernel@vger.kernel.org, Jozsef Kadlecsik , coreteam@netfilter.org, netfilter-devel@vger.kernel.org, Nikolay Aleksandrov , Roopa Prabhu , Jakub Kicinski , Alexey Kuznetsov , "David S. Miller" , Pablo Neira Ayuso Subject: Re: [Bridge] [PATCH v2 0/1] UDP traceroute packets with no checksum Message-ID: References: <20220405235117.269511-1-kevmitch@arista.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220405235117.269511-1-kevmitch@arista.com> X-Last-TLS-Session-Version: TLSv1.3 X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 05, 2022 at 04:51:15PM -0700, Kevin Mitchell via Bridge wrote: > This is v2 of https://lkml.org/lkml/2022/1/14/1060 > > That patch was discovered to cause problems with UDP tunnels as > described here: > > https://lore.kernel.org/netdev/7eed8111-42d7-63e1-d289-346a596fc933@nvidia.com/ > > This version addresses the issue by instead explicitly handling zero UDP > checksum in the nf_reject_verify_csum() helper function. > > Unlike the previous patch, this one only allows zero UDP checksum in > IPv4. I discovered that the non-netfilter IPv6 path would indeed drop > zero UDP checksum packets, so it's probably best to remain consistent. Are you sure that a UDP zero checksum is not working for IPv6 packets? We are using it here without any issues with VXLAN tunnels. Yes, the original RFC did not allow UDP zero checksums in IPv6 packets, but I believe this has changed: https://www.rfc-editor.org/rfc/rfc6936 (https://www.ietf.org/archive/id/draft-ietf-6man-udpzero-01.html) Regards, Linus