Hi Andrea,

the first attached patch fixes the issue you reported (verified), 
altough i'm not entirely sure why ;).
the second one is untested but probably couldn't hurt neither.

bye,
patrick

Andrea Rossato wrote:

> attached you will find 3 patches. the first one is an attempt to prove 
> the existence of the problem. the second is just a hack that provides 
> a temporary solution it's just a workaround: packets with ec e cwr 
> bits set and good checksum will be stripped and checksum recalculated 
> from scratch.
>
> The problem, as far as I can see it, could be located in csum_partial 
> (arch/i386/lib/checksum.S, meaning a platform dependent problem): i'm 
> not a kernel hacker (i'm a lawyer, a legal scholar actually), but i do 
> not see any mistake in the way partial checksum is carried out in 
> tcp_etc_set. anyway checksum after partial or total recalculation 
> differ. That's a fact. Evidence of the fact  can be gained with the 
> second patch: in this case the kernel will log the checksum after 
> partial recalculation and after total recalculation (that means that 
> two calculations will take place). The two values differ!
>
> Thanks for your attention.
>
> 1. check the bug:
> echo 1 /proc/sys/net/ipv4/tcp_ecn
> iptables -A OUTPUT -t mangle -o ppp0 -p tcp -d my.host.org --dport 80 
> -j ECN --ecn-tcp-remove
> iptables -A OUTPUT -o ppp0 -p tcp -d my.host.org --dport 80 -m unclean 
> -j DROP
> packets will be dropped
>
> 2. apply one of the patches and try again:
> packets will get though and the connection will be established.
>
> andrea
>