From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752172AbdHXKyA (ORCPT ); Thu, 24 Aug 2017 06:54:00 -0400 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:35152 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751312AbdHXKx6 (ORCPT ); Thu, 24 Aug 2017 06:53:58 -0400 Date: Thu, 24 Aug 2017 12:51:18 +0200 From: Florian Westphal To: Michal Kubecek Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, "Michael S. Tsirkin" , Markos Chandras Subject: Re: [PATCH nf-next] netfilter: xt_CHECKSUM: avoid bad offload warnings on GSO packets Message-ID: <20170824105118.GA15739@breakpoint.cc> References: <20170824104824.2C318A0F3A@unicorn.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170824104824.2C318A0F3A@unicorn.suse.cz> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Michal Kubecek wrote: > When --checksum_fill action is applied to a GSO packet, checksum_tg() calls > skb_checksum_help() which is only meant to be applied to non-GSO packets so > that it issues a warning. > > This can be easily triggered by using e.g. > > iptables -t mangle -A OUTPUT -j CHECKSUM --checksum-fill > > and sending TCP stream via a device with GSO enabled. > > While this can be considered a misconfiguration, I believe the bad offload > warning is supposed to catch bugs in drivers and networking stack, not > misconfigured firewalls. So let's ignore such packets and only issue a one > time warning with pr_warn_once() rather than a WARN with stack trace and > tainted kernel. Why issue a warning at all? What kind of action should be taken upon seeing such warning?