From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: Daniel Borkmann <dborkman@redhat.com>,
netfilter-devel@vger.kernel.org, lvs-devel@vger.kernel.org,
linux-sctp@vger.kernel.org, Julian Anastasov <ja@ssi.bg>,
Simon Horman <horms@verge.net.au>
Subject: Re: [PATCH stable] ipvs: sctp: fix checksumming on snat and dnat handlers
Date: Mon, 25 Feb 2013 15:40:25 +0000 [thread overview]
Message-ID: <20130225154025.GC20561@localhost> (raw)
In-Reply-To: <20130221151451.GB2730@shamino.rdu.redhat.com>
On Thu, Feb 21, 2013 at 10:14:51AM -0500, Neil Horman wrote:
> On Thu, Feb 21, 2013 at 02:05:39PM +0100, Daniel Borkmann wrote:
> > In our test lab, we have a simple SCTP client connecting to a SCTP
> > server via an IPVS load balancer. On some machines, load balancing
> > works, but on others the initial handshake just fails, thus no
> > SCTP connection whatsoever can be established!
> >
> > We observed that the SCTP INIT-ACK handshake reply from the IPVS
> > machine to the client had a correct IP checksum, but corrupt SCTP
> > checksum when forwarded, thus on the client-side the packet was
> > dropped and an intial handshake retriggered until all attempts
> > run into the void.
> >
> > To fix this issue, this patch i) adds a missing CHECKSUM_UNNECESSARY
> > after the full checksum (re-)calculation (as done in IPVS TCP and UDP
> > code as well), and ii) calculates the checksum in little-endian format
> > (as fixed with the SCTP code in commit 4458f04c: sctp: Clean up sctp
> > checksumming code). Stable backport of upstream commit 4b47bc9a.
> >
> > Cc: Julian Anastasov <ja@ssi.bg>
> > Cc: Simon Horman <horms@verge.net.au>
> > Cc: Pablo Neira Ayuso <pablo@netfilter.org>
> > Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
[...]
> Acked-by: Neil Horman <nhorman@tuxdriver.com>
Enqueued to -stable. Thanks.
WARNING: multiple messages have this Message-ID (diff)
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: Daniel Borkmann <dborkman@redhat.com>,
netfilter-devel@vger.kernel.org, lvs-devel@vger.kernel.org,
linux-sctp@vger.kernel.org, Julian Anastasov <ja@ssi.bg>,
Simon Horman <horms@verge.net.au>
Subject: Re: [PATCH stable] ipvs: sctp: fix checksumming on snat and dnat handlers
Date: Mon, 25 Feb 2013 16:40:25 +0100 [thread overview]
Message-ID: <20130225154025.GC20561@localhost> (raw)
In-Reply-To: <20130221151451.GB2730@shamino.rdu.redhat.com>
On Thu, Feb 21, 2013 at 10:14:51AM -0500, Neil Horman wrote:
> On Thu, Feb 21, 2013 at 02:05:39PM +0100, Daniel Borkmann wrote:
> > In our test lab, we have a simple SCTP client connecting to a SCTP
> > server via an IPVS load balancer. On some machines, load balancing
> > works, but on others the initial handshake just fails, thus no
> > SCTP connection whatsoever can be established!
> >
> > We observed that the SCTP INIT-ACK handshake reply from the IPVS
> > machine to the client had a correct IP checksum, but corrupt SCTP
> > checksum when forwarded, thus on the client-side the packet was
> > dropped and an intial handshake retriggered until all attempts
> > run into the void.
> >
> > To fix this issue, this patch i) adds a missing CHECKSUM_UNNECESSARY
> > after the full checksum (re-)calculation (as done in IPVS TCP and UDP
> > code as well), and ii) calculates the checksum in little-endian format
> > (as fixed with the SCTP code in commit 4458f04c: sctp: Clean up sctp
> > checksumming code). Stable backport of upstream commit 4b47bc9a.
> >
> > Cc: Julian Anastasov <ja@ssi.bg>
> > Cc: Simon Horman <horms@verge.net.au>
> > Cc: Pablo Neira Ayuso <pablo@netfilter.org>
> > Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
[...]
> Acked-by: Neil Horman <nhorman@tuxdriver.com>
Enqueued to -stable. Thanks.
next prev parent reply other threads:[~2013-02-25 15:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1361451476.git.dborkman@redhat.com>
2013-02-21 13:05 ` [PATCH stable] ipvs: sctp: fix checksumming on snat and dnat handlers Daniel Borkmann
2013-02-21 13:05 ` Daniel Borkmann
2013-02-21 15:14 ` Neil Horman
2013-02-21 15:14 ` Neil Horman
2013-02-25 15:40 ` Pablo Neira Ayuso [this message]
2013-02-25 15:40 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130225154025.GC20561@localhost \
--to=pablo@netfilter.org \
--cc=dborkman@redhat.com \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=linux-sctp@vger.kernel.org \
--cc=lvs-devel@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.