From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=Arista-A; t=1649202720; bh=tjab0l+xfYR0aZEj5soCABbrSjfcWfiSiNw5bb6ADcc=; h=From:To:Cc:Subject:Date:From; b=woP9fF3qZzunKXrRcPgDSyac21eIvuWWbeTXc12/yEUdySijANk8sRKdptJl6l5cV iLcWQenoSPX2Ua0bGFCFKIClIsbbT65yMydGSEo0ET6l5uKpuHqFK61RohyHNSI0Kq N+MjUi8fnrUaLZTjxB92POD5qaaEiDgFmSq4TIzgFSShKcjV2p+U/2HajpkGw7oVwX Xbnd+gf0pkHohKyV6TZIsm4APNq+F+u8GWZm4iBIUbO2G1UxNT0QdN6rOWgHAL3CD+ qbi6ht0AIfArtaytZm0+cEir6F5+2bHfzNrmyt+2AcBxSrm/nEmbNJqmeleAy7LBGo xAWf0YU6uw5RQ== From: Kevin Mitchell Date: Tue, 5 Apr 2022 16:51:15 -0700 Message-Id: <20220405235117.269511-1-kevmitch@arista.com> Content-Transfer-Encoding: 8bit Subject: [Bridge] [PATCH v2 0/1] UDP traceroute packets with no checksum List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kevmitch@arista.com, Hideaki YOSHIFUJI , netdev@vger.kernel.org, gal@nvidia.com, bridge@lists.linux-foundation.org, Florian Westphal , linux-kernel@vger.kernel.org, Jozsef Kadlecsik , coreteam@netfilter.org, netfilter-devel@vger.kernel.org, Nikolay Aleksandrov , Roopa Prabhu , Jakub Kicinski , Alexey Kuznetsov , "David S. Miller" , Pablo Neira Ayuso This is v2 of https://lkml.org/lkml/2022/1/14/1060 That patch was discovered to cause problems with UDP tunnels as described here: https://lore.kernel.org/netdev/7eed8111-42d7-63e1-d289-346a596fc933@nvidia.com/ This version addresses the issue by instead explicitly handling zero UDP checksum in the nf_reject_verify_csum() helper function. Unlike the previous patch, this one only allows zero UDP checksum in IPv4. I discovered that the non-netfilter IPv6 path would indeed drop zero UDP checksum packets, so it's probably best to remain consistent. -- 2.35.1