From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932193AbbHCQ47 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 3 Aug 2015 12:56:59 -0400
Received: from mail-pd0-f170.google.com ([209.85.192.170]:33338 "EHLO
	mail-pd0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753262AbbHCQ45 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 3 Aug 2015 12:56:57 -0400
Date: Mon, 3 Aug 2015 09:56:54 -0700
From: Glenn Griffin <ggriffin.kernel@gmail.com>
To: Pravin Shelar <pshelar@nicira.com>,
        "David S. Miller" <davem@davemloft.net>,
        netdev <netdev@vger.kernel.org>,
        "dev@openvswitch.org" <dev@openvswitch.org>,
        LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH v2] openvswitch: Fix L4 checksum handling when dealing with
 IP fragments
Message-ID: <20150803165654.GA16892@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

openvswitch modifies the L4 checksum of a packet when modifying
the ip address. When an IP packet is fragmented only the first
fragment contains an L4 header and checksum. Prior to this change
openvswitch would modify all fragments, modifying application data
in non-first fragments, causing checksum failures in the
reassembled packet.

Signed-off-by: Glenn Griffin <ggriffin.kernel@gmail.com>
---
Changes in v2:
  - Compare frag_off in network byte order rather than host byte order

 net/openvswitch/actions.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 8a8c0b8..ee34f47 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -273,28 +273,36 @@ static int set_eth_addr(struct sk_buff *skb, struct sw_flow_key *flow_key,
 	return 0;
 }
 
-static void set_ip_addr(struct sk_buff *skb, struct iphdr *nh,
-			__be32 *addr, __be32 new_addr)
+static void update_ip_l4_checksum(struct sk_buff *skb, struct iphdr *nh,
+				  __be32 addr, __be32 new_addr)
 {
 	int transport_len = skb->len - skb_transport_offset(skb);
 
+	if (nh->frag_off & htons(IP_OFFSET))
+		return;
+
 	if (nh->protocol == IPPROTO_TCP) {
 		if (likely(transport_len >= sizeof(struct tcphdr)))
 			inet_proto_csum_replace4(&tcp_hdr(skb)->check, skb,
-						 *addr, new_addr, 1);
+						 addr, new_addr, 1);
 	} else if (nh->protocol == IPPROTO_UDP) {
 		if (likely(transport_len >= sizeof(struct udphdr))) {
 			struct udphdr *uh = udp_hdr(skb);
 
 			if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) {
 				inet_proto_csum_replace4(&uh->check, skb,
-							 *addr, new_addr, 1);
+							 addr, new_addr, 1);
 				if (!uh->check)
 					uh->check = CSUM_MANGLED_0;
 			}
 		}
 	}
+}
 
+static void set_ip_addr(struct sk_buff *skb, struct iphdr *nh,
+			__be32 *addr, __be32 new_addr)
+{
+	update_ip_l4_checksum(skb, nh, *addr, new_addr);
 	csum_replace4(&nh->check, *addr, new_addr);
 	skb_clear_hash(skb);
 	*addr = new_addr;
-- 
2.1.4


From mboxrd@z Thu Jan  1 00:00:00 1970
From: Glenn Griffin <ggriffin.kernel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: [PATCH v2] openvswitch: Fix L4 checksum handling when
 dealing with IP fragments
Date: Mon, 3 Aug 2015 09:56:54 -0700
Message-ID: <20150803165654.GA16892@google.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
To: Pravin Shelar <pshelar-l0M0P4e3n4LQT0dZR+AlfA@public.gmane.org>,
 "David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>, netdev <netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
 "dev-yBygre7rU0TnMu66kgdUjQ@public.gmane.org" <dev-yBygre7rU0TnMu66kgdUjQ@public.gmane.org>,
 LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Return-path: <dev-bounces-yBygre7rU0TnMu66kgdUjQ@public.gmane.org>
Content-Disposition: inline
List-Unsubscribe: <http://openvswitch.org/mailman/options/dev>,
 <mailto:dev-request-yBygre7rU0TnMu66kgdUjQ@public.gmane.org?subject=unsubscribe>
List-Archive: <http://openvswitch.org/pipermail/dev>
List-Post: <mailto:dev-yBygre7rU0TnMu66kgdUjQ@public.gmane.org>
List-Help: <mailto:dev-request-yBygre7rU0TnMu66kgdUjQ@public.gmane.org?subject=help>
List-Subscribe: <http://openvswitch.org/mailman/listinfo/dev>,
 <mailto:dev-request-yBygre7rU0TnMu66kgdUjQ@public.gmane.org?subject=subscribe>
Errors-To: dev-bounces-yBygre7rU0TnMu66kgdUjQ@public.gmane.org
Sender: "dev" <dev-bounces-yBygre7rU0TnMu66kgdUjQ@public.gmane.org>
List-Id: netdev.vger.kernel.org

b3BlbnZzd2l0Y2ggbW9kaWZpZXMgdGhlIEw0IGNoZWNrc3VtIG9mIGEgcGFja2V0IHdoZW4gbW9k
aWZ5aW5nCnRoZSBpcCBhZGRyZXNzLiBXaGVuIGFuIElQIHBhY2tldCBpcyBmcmFnbWVudGVkIG9u
bHkgdGhlIGZpcnN0CmZyYWdtZW50IGNvbnRhaW5zIGFuIEw0IGhlYWRlciBhbmQgY2hlY2tzdW0u
IFByaW9yIHRvIHRoaXMgY2hhbmdlCm9wZW52c3dpdGNoIHdvdWxkIG1vZGlmeSBhbGwgZnJhZ21l
bnRzLCBtb2RpZnlpbmcgYXBwbGljYXRpb24gZGF0YQppbiBub24tZmlyc3QgZnJhZ21lbnRzLCBj
YXVzaW5nIGNoZWNrc3VtIGZhaWx1cmVzIGluIHRoZQpyZWFzc2VtYmxlZCBwYWNrZXQuCgpTaWdu
ZWQtb2ZmLWJ5OiBHbGVubiBHcmlmZmluIDxnZ3JpZmZpbi5rZXJuZWxAZ21haWwuY29tPgotLS0K
Q2hhbmdlcyBpbiB2MjoKICAtIENvbXBhcmUgZnJhZ19vZmYgaW4gbmV0d29yayBieXRlIG9yZGVy
IHJhdGhlciB0aGFuIGhvc3QgYnl0ZSBvcmRlcgoKIG5ldC9vcGVudnN3aXRjaC9hY3Rpb25zLmMg
fCAxNiArKysrKysrKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTIgaW5zZXJ0aW9ucygrKSwg
NCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9uZXQvb3BlbnZzd2l0Y2gvYWN0aW9ucy5jIGIv
bmV0L29wZW52c3dpdGNoL2FjdGlvbnMuYwppbmRleCA4YThjMGI4Li5lZTM0ZjQ3IDEwMDY0NAot
LS0gYS9uZXQvb3BlbnZzd2l0Y2gvYWN0aW9ucy5jCisrKyBiL25ldC9vcGVudnN3aXRjaC9hY3Rp
b25zLmMKQEAgLTI3MywyOCArMjczLDM2IEBAIHN0YXRpYyBpbnQgc2V0X2V0aF9hZGRyKHN0cnVj
dCBza19idWZmICpza2IsIHN0cnVjdCBzd19mbG93X2tleSAqZmxvd19rZXksCiAJcmV0dXJuIDA7
CiB9CiAKLXN0YXRpYyB2b2lkIHNldF9pcF9hZGRyKHN0cnVjdCBza19idWZmICpza2IsIHN0cnVj
dCBpcGhkciAqbmgsCi0JCQlfX2JlMzIgKmFkZHIsIF9fYmUzMiBuZXdfYWRkcikKK3N0YXRpYyB2
b2lkIHVwZGF0ZV9pcF9sNF9jaGVja3N1bShzdHJ1Y3Qgc2tfYnVmZiAqc2tiLCBzdHJ1Y3QgaXBo
ZHIgKm5oLAorCQkJCSAgX19iZTMyIGFkZHIsIF9fYmUzMiBuZXdfYWRkcikKIHsKIAlpbnQgdHJh
bnNwb3J0X2xlbiA9IHNrYi0+bGVuIC0gc2tiX3RyYW5zcG9ydF9vZmZzZXQoc2tiKTsKIAorCWlm
IChuaC0+ZnJhZ19vZmYgJiBodG9ucyhJUF9PRkZTRVQpKQorCQlyZXR1cm47CisKIAlpZiAobmgt
PnByb3RvY29sID09IElQUFJPVE9fVENQKSB7CiAJCWlmIChsaWtlbHkodHJhbnNwb3J0X2xlbiA+
PSBzaXplb2Yoc3RydWN0IHRjcGhkcikpKQogCQkJaW5ldF9wcm90b19jc3VtX3JlcGxhY2U0KCZ0
Y3BfaGRyKHNrYiktPmNoZWNrLCBza2IsCi0JCQkJCQkgKmFkZHIsIG5ld19hZGRyLCAxKTsKKwkJ
CQkJCSBhZGRyLCBuZXdfYWRkciwgMSk7CiAJfSBlbHNlIGlmIChuaC0+cHJvdG9jb2wgPT0gSVBQ
Uk9UT19VRFApIHsKIAkJaWYgKGxpa2VseSh0cmFuc3BvcnRfbGVuID49IHNpemVvZihzdHJ1Y3Qg
dWRwaGRyKSkpIHsKIAkJCXN0cnVjdCB1ZHBoZHIgKnVoID0gdWRwX2hkcihza2IpOwogCiAJCQlp
ZiAodWgtPmNoZWNrIHx8IHNrYi0+aXBfc3VtbWVkID09IENIRUNLU1VNX1BBUlRJQUwpIHsKIAkJ
CQlpbmV0X3Byb3RvX2NzdW1fcmVwbGFjZTQoJnVoLT5jaGVjaywgc2tiLAotCQkJCQkJCSAqYWRk
ciwgbmV3X2FkZHIsIDEpOworCQkJCQkJCSBhZGRyLCBuZXdfYWRkciwgMSk7CiAJCQkJaWYgKCF1
aC0+Y2hlY2spCiAJCQkJCXVoLT5jaGVjayA9IENTVU1fTUFOR0xFRF8wOwogCQkJfQogCQl9CiAJ
fQorfQogCitzdGF0aWMgdm9pZCBzZXRfaXBfYWRkcihzdHJ1Y3Qgc2tfYnVmZiAqc2tiLCBzdHJ1
Y3QgaXBoZHIgKm5oLAorCQkJX19iZTMyICphZGRyLCBfX2JlMzIgbmV3X2FkZHIpCit7CisJdXBk
YXRlX2lwX2w0X2NoZWNrc3VtKHNrYiwgbmgsICphZGRyLCBuZXdfYWRkcik7CiAJY3N1bV9yZXBs
YWNlNCgmbmgtPmNoZWNrLCAqYWRkciwgbmV3X2FkZHIpOwogCXNrYl9jbGVhcl9oYXNoKHNrYik7
CiAJKmFkZHIgPSBuZXdfYWRkcjsKLS0gCjIuMS40CgpfX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fXwpkZXYgbWFpbGluZyBsaXN0CmRldkBvcGVudnN3aXRjaC5v
cmcKaHR0cDovL29wZW52c3dpdGNoLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Rldgo=