Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp1732814lqt; Sun, 21 Apr 2024 07:23:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVLAyA7rdnyCWn0AQ+vytaJlkjXGa5U86u7Fwy9mqiQOduJ7NtqoJjcfu0+NN1uFzMZF57Fn7LaJk5P169UHhkv2z5EETbcSCatuvLS+A== X-Google-Smtp-Source: AGHT+IESyN+/LEAMKkXNkRoILshZJ27I1mVv8RkLCe/Jldrf8+m6dq8Ez3S0rBkto8wl6J9Exsdo X-Received: by 2002:a17:902:eb90:b0:1e0:cdcc:340b with SMTP id q16-20020a170902eb9000b001e0cdcc340bmr10452178plg.19.1713709379815; Sun, 21 Apr 2024 07:22:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713709379; cv=pass; d=google.com; s=arc-20160816; b=w1nbiFMT6PTywt+Un8LwkAec8ERYRgh7ZkQASoQdBD3EUGs2naK85Z5cjOxCv7hS4Q 1AXTfu3UGmVU9DbdrDj7M2MGLzipo5k4ADGnMbutaZiI5cneJeGgJbYvMtLDPABbnngM ZcbJLeKDF9pNOVCtw5apQk9Jx7YUItTaabldMOJJqmwEssZIYB3RjX8J/mD5P7s1y9WW FsfXFIiWzbYmGawV2jszjX5tdG02d5FOOGEwfivZOknqro3gRiODaBrYvquh3QLzqP+8 WrFWgfwaPpA/Zixqz/NlBPcpfe2ggGKbxVbC/SwVbt2j2/OdhJf+kBx2zXOjnTXkjquL BHHg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=0KmDhdcvtj9G8gCkXxDmU3FPVVKYh9jcF0fj66UTaHo=; fh=FVoJPD4POP5+Eh+GhPZeKC5dqycRExN7452uBvGuYvQ=; b=tGPpUakG6BS8XZ+Sp2TwGTxT8MfGBdnIvSL4qS6o1hPmc5KLlAZX8dfX1w5o9jJyCL QLbASFoDTSdXCAKxamT3hmO1O8tKiScEiiOb5K0I5cwTRcF0ixoXTa9/74NP8DaovnLy qBLgrP1ZEG0XEaB/hRM3Tk2bLMbuH9OJ7U3sw7y21XHF0HLlMS4HtDBO1u3JgzV4hajq H6Unt7cKzX/3v/POAw7UyMpFbXxtP73+fu6cDQStTIpEkGzXROipYyyZBl/qOTKYweTT NrAc1jR7Q7Qptp7/jdksYCTy8I14KKE5zhbNCiq6szy1xAb1MR9SRPJlmmWkvMdE7lqB LtGg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="pk8nNq/u"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="pk8nNq/u"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-152511-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-152511-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id t24-20020a170902b21800b001e3c8bc23e4si6147416plr.390.2024.04.21.07.22.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 21 Apr 2024 07:22:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-152511-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="pk8nNq/u"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="pk8nNq/u"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-152511-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-152511-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7289928160A for ; Sun, 21 Apr 2024 14:22:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A4CB817C98; Sun, 21 Apr 2024 14:22:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="pk8nNq/u"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="Okn0s4jM"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="pk8nNq/u"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="Okn0s4jM" Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B597B1429B; Sun, 21 Apr 2024 14:22:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713709367; cv=none; b=YZF1cWrA2R9YBPcM6vsWE19c5Ez3XuSRx/XNTrQZynoEI7ygt0VQq/KExeNAY/yzWGVkMrrv5Qd+UGHiDI6ugDBT6y9/D//y3w1v35baDe0oFvsrU/YzOBeRfajPRNNikbnJnlOo+oSbSIg/1ZMbhvAiNRiGdBgfdi2rwgBMPOc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713709367; c=relaxed/simple; bh=2FtL9q5lxhcTRJOh4mdw6XudRZaWyQsJmyja/hMn7jA=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=uyybJQYCbtYhp9ZwnNxm8pL/74LNSeWfRdx5RX1Z0ZH/yosf24RMEk8H+sd87ZmqqkT+kUaCvH8Wcg9RKiXGbIvFMPfrmFalUBXjp4wQmmS+zTKJAUnNyUxDdGrRpASsyqB9bccaHjR6u7aC/8qXLCfPP4lw2St5IxvG3kHJidc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=pk8nNq/u; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=Okn0s4jM; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=pk8nNq/u; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=Okn0s4jM; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id A6AFF20F10; Sun, 21 Apr 2024 14:22:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1713709357; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0KmDhdcvtj9G8gCkXxDmU3FPVVKYh9jcF0fj66UTaHo=; b=pk8nNq/uNsIMRYuD0NWcz7x4n0kNs6EHnm+YEvVKiGcN0YIST7MP7KCpm4Eqz7v46giAbL a1UHzLexhHy9Qqz0Vl6LxD9AMOWXSGS62l6hC5tCP7iYbi+//vxh1OFR4FqKRzekXur3F/ IuDBOhhYdqTgtfWT7zTDJumpdbjp6U4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1713709357; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0KmDhdcvtj9G8gCkXxDmU3FPVVKYh9jcF0fj66UTaHo=; b=Okn0s4jMQSfXtGQO5qA3yAlH9/dueBA7VD+nIUezvvsi27lcjW3Cekzb1ubDb9yjerVRXq dqhvJP4HkgUpxABg== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b="pk8nNq/u"; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=Okn0s4jM DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1713709357; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0KmDhdcvtj9G8gCkXxDmU3FPVVKYh9jcF0fj66UTaHo=; b=pk8nNq/uNsIMRYuD0NWcz7x4n0kNs6EHnm+YEvVKiGcN0YIST7MP7KCpm4Eqz7v46giAbL a1UHzLexhHy9Qqz0Vl6LxD9AMOWXSGS62l6hC5tCP7iYbi+//vxh1OFR4FqKRzekXur3F/ IuDBOhhYdqTgtfWT7zTDJumpdbjp6U4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1713709357; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0KmDhdcvtj9G8gCkXxDmU3FPVVKYh9jcF0fj66UTaHo=; b=Okn0s4jMQSfXtGQO5qA3yAlH9/dueBA7VD+nIUezvvsi27lcjW3Cekzb1ubDb9yjerVRXq dqhvJP4HkgUpxABg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 7CD8913981; Sun, 21 Apr 2024 14:22:37 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id WVR6Gy0hJWZZYQAAD6G6ig (envelope-from ); Sun, 21 Apr 2024 14:22:37 +0000 From: Ismael Luceno To: linux-kernel@vger.kernel.org Cc: Ismael Luceno , Firo Yang , Andreas Taschner , =?UTF-8?q?Michal=20Kube=C4=8Dek?= , Simon Horman , Julian Anastasov , lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org, coreteam@netfilter.org Subject: [PATCH v2] ipvs: Fix checksumming on GSO of SCTP packets Date: Sun, 21 Apr 2024 16:22:32 +0200 Message-ID: <20240421142234.15764-1-iluceno@suse.de> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Level: X-Spamd-Result: default: False [-2.51 / 50.00]; DWL_DNSWL_MED(-2.00)[suse.de:dkim]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; BAYES_HAM(-0.00)[14.50%]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[11]; DKIM_TRACE(0.00)[suse.de:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.com:email,suse.de:dkim,suse.de:email] X-Rspamd-Action: no action X-Rspamd-Queue-Id: A6AFF20F10 X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Flag: NO X-Spam-Score: -2.51 It was observed in the wild that pairs of consecutive packets would leave the IPVS with the same wrong checksum, and the issue only went away when disabling GSO. IPVS needs to avoid computing the SCTP checksum when using GSO. Fixes: 90017accff61 ("sctp: Add GSO support", 2016-06-02) Co-developed-by: Firo Yang Signed-off-by: Ismael Luceno Tested-by: Andreas Taschner CC: Michal Kubeček CC: Simon Horman CC: Julian Anastasov CC: lvs-devel@vger.kernel.org CC: netfilter-devel@vger.kernel.org CC: netdev@vger.kernel.org CC: coreteam@netfilter.org --- Notes: Changes since v1: * Added skb_is_gso before skb_is_gso_sctp. * Added "Fixes" tag. net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c index a0921adc31a9..1e689c714127 100644 --- a/net/netfilter/ipvs/ip_vs_proto_sctp.c +++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c @@ -126,7 +126,8 @@ sctp_snat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp, if (sctph->source != cp->vport || payload_csum || skb->ip_summed == CHECKSUM_PARTIAL) { sctph->source = cp->vport; - sctp_nat_csum(skb, sctph, sctphoff); + if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb)) + sctp_nat_csum(skb, sctph, sctphoff); } else { skb->ip_summed = CHECKSUM_UNNECESSARY; } @@ -174,7 +175,8 @@ sctp_dnat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp, (skb->ip_summed == CHECKSUM_PARTIAL && !(skb_dst(skb)->dev->features & NETIF_F_SCTP_CRC))) { sctph->dest = cp->dport; - sctp_nat_csum(skb, sctph, sctphoff); + if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb)) + sctp_nat_csum(skb, sctph, sctphoff); } else if (skb->ip_summed != CHECKSUM_PARTIAL) { skb->ip_summed = CHECKSUM_UNNECESSARY; } -- 2.43.0