Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp727129lqd; Wed, 24 Apr 2024 15:22:19 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV7+kVKVsLaDejSkh4beX0A1eLVA7YLt2gQnygC5kwyLDwcHeoOO3AGwcExKDaTAbmrDl7RDgdQzSq4KJX9ynPV4RbOyWCegia0IgX+hg== X-Google-Smtp-Source: AGHT+IG+I22Na8VKHttoNl9s2p+N/6OqgqkKs9mwfbH4ONGsaSq3s8tGjgH/E4jLeS/YEf6/ZXkD X-Received: by 2002:a05:620a:c11:b0:790:8c89:7418 with SMTP id l17-20020a05620a0c1100b007908c897418mr3567864qki.6.1713997339596; Wed, 24 Apr 2024 15:22:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713997339; cv=pass; d=google.com; s=arc-20160816; b=WnZqXQJzl2QdKu7OG+iXv/S5R1e0ivWfoLfN4GQYruOIqrsh4S8HJQphEVCZmK6KxV AfZT502EVkOBX+XFqZM2oyTjth9xZUlTHdB7HrmxPt9A94QgYYnCfIQtg2eTwq5aYaBX zNNcglBK7Wio+F3Pnv/wjJ2ecvGSxM+rUUH5qO+0Fw9MGdZEUK7YceNnXD7BTj7aNON5 PrF3aHvWxtjNbW1Bf+YhhTtfGEsPtK+Z9mWkMvu9VFa+D6MwgREtmQsijaIDKWMVeyEv adPf8Oov3wAr8uqkN0z60loVG9BbrWtpX41k3t4sZBWP1z6/PIYBbKRsG0rvhoWfDiBw rtAA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date; bh=LFjWjfvhhS5wklwQP0SfcicfvJYpZccnL7GhKQMJU3I=; fh=EpJWbJr1PF45t9HOQyUM7DKkWMWB6lvxnpZuoSBNWeA=; b=oLlpIqo0cznx2jNXCFJpAEmFNJVV6XuSq6gz1Vf47yBqrNrQGmduWigoPqbzCjcuA+ fbNjlkMotKnQh889zXdPklEhioLWylFQUwUxKZYhPHajSkHIzYMFDhBiv2pxybLow3w+ ovPUWBBVUclAHn9pldSnvIxTLfLnrmhr3b5E+oPjzhoD+rkGFpuI6Es+lSRF/oPLr95/ KCqhNENUxM370cd7+S0Q+hH31TSz6eKke10YQqgPhUuZwFqP9yqz7Au8VN9x5SWIC2oT P2RV0LsyUfj/mPL2cdbY5cCrNWtOUBAhM6VdNZi4Az2zwUWAQKwOvcxX/5ZormLZ3KFu iYJg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=netfilter.org); spf=pass (google.com: domain of linux-kernel+bounces-157781-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157781-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id y8-20020a05620a44c800b0078d76c129easi19363781qkp.424.2024.04.24.15.22.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Apr 2024 15:22:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-157781-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=netfilter.org); spf=pass (google.com: domain of linux-kernel+bounces-157781-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157781-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C14111C22F08 for ; Wed, 24 Apr 2024 22:22:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 69DDA16DEA5; Wed, 24 Apr 2024 22:21:32 +0000 (UTC) Received: from mail.netfilter.org (mail.netfilter.org [217.70.188.207]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D906D16D4CA; Wed, 24 Apr 2024 22:21:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.188.207 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713997291; cv=none; b=IEjKb2SUrk7WZ+2v/qpN6sxHf2hL0hUE5+hOBVmtmhNHm8Q+VdJNU2BhCHOGzdNEWkfu/EhZv2RS9+icc5LCvBB3NSoussY4cBNQ7kk8CezK6COiYW/BNizbJSTUrya2aHjvOmB0SdCo83RhPWi5c19pykKq3Dd5+FfrtC9FbsY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713997291; c=relaxed/simple; bh=e7ZeaCF9fOPOeOCdD6PM03PAZj7zzEABjm4s98O48vE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=BuoVWICTVIjRplK131tNTRFy3pTqc5nVV4K7ugjbymZqjnnfCQkQNNalinfScEcpFsfPbAmN3YDfsUSW5hR7QHeoK54fDCk1Svkn3c1pEc02PMvsU66Kn+nAfMy0qzsfzaJpNJkXjpxIyrgv6NFehJnD9GWsAKzSx35fahtc7FA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=netfilter.org; spf=pass smtp.mailfrom=netfilter.org; arc=none smtp.client-ip=217.70.188.207 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=netfilter.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=netfilter.org Date: Thu, 25 Apr 2024 00:21:26 +0200 From: Pablo Neira Ayuso To: Ismael Luceno Cc: linux-kernel@vger.kernel.org, Firo Yang , Andreas Taschner , Michal =?utf-8?Q?Kube=C4=8Dek?= , Simon Horman , Julian Anastasov , lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org, coreteam@netfilter.org Subject: Re: [PATCH v2] ipvs: Fix checksumming on GSO of SCTP packets Message-ID: References: <20240421142234.15764-1-iluceno@suse.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240421142234.15764-1-iluceno@suse.de> On Sun, Apr 21, 2024 at 04:22:32PM +0200, Ismael Luceno wrote: > It was observed in the wild that pairs of consecutive packets would leave > the IPVS with the same wrong checksum, and the issue only went away when > disabling GSO. > > IPVS needs to avoid computing the SCTP checksum when using GSO. I am placing this into the nf.git tree for submission upstream in the next pull request, unless stated otherwise. Thanks. > Fixes: 90017accff61 ("sctp: Add GSO support", 2016-06-02) > Co-developed-by: Firo Yang > Signed-off-by: Ismael Luceno > Tested-by: Andreas Taschner > CC: Michal Kubeček > CC: Simon Horman > CC: Julian Anastasov > CC: lvs-devel@vger.kernel.org > CC: netfilter-devel@vger.kernel.org > CC: netdev@vger.kernel.org > CC: coreteam@netfilter.org > --- > > Notes: > Changes since v1: > * Added skb_is_gso before skb_is_gso_sctp. > * Added "Fixes" tag. > > net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c > index a0921adc31a9..1e689c714127 100644 > --- a/net/netfilter/ipvs/ip_vs_proto_sctp.c > +++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c > @@ -126,7 +126,8 @@ sctp_snat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp, > if (sctph->source != cp->vport || payload_csum || > skb->ip_summed == CHECKSUM_PARTIAL) { > sctph->source = cp->vport; > - sctp_nat_csum(skb, sctph, sctphoff); > + if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb)) > + sctp_nat_csum(skb, sctph, sctphoff); > } else { > skb->ip_summed = CHECKSUM_UNNECESSARY; > } > @@ -174,7 +175,8 @@ sctp_dnat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp, > (skb->ip_summed == CHECKSUM_PARTIAL && > !(skb_dst(skb)->dev->features & NETIF_F_SCTP_CRC))) { > sctph->dest = cp->dport; > - sctp_nat_csum(skb, sctph, sctphoff); > + if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb)) > + sctp_nat_csum(skb, sctph, sctphoff); > } else if (skb->ip_summed != CHECKSUM_PARTIAL) { > skb->ip_summed = CHECKSUM_UNNECESSARY; > } > -- > 2.43.0 > >