From: Stephen Hemminger <shemminger@vyatta.com>
To: "Adam Langley" <agl@imperialviolet.org>
Cc: netdev@vger.kernel.org
Subject: Re: MD5 SG fix
Date: Tue, 1 Jul 2008 14:39:43 -0700 [thread overview]
Message-ID: <20080701143943.426c9f24@extreme> (raw)
In-Reply-To: <396556a20805301217k293e5718h6bbf02bfe0683151@europa>
On Tue, 1 Jul 2008 14:16:34 -0700
"Adam Langley" <agl@imperialviolet.org> wrote:
> I believe this patch fixes MD5 in the face of SG interfaces for IPv4. Stephen,
> could you test this because I don't get non-linear packets in my test network?
> The patch includes a debugging function which can be uncommented if you have
> issues.
>
> If this works for you, I'll clean it up and perform the same fix for IPv6
> before submiting.
>
> Sadly, I couldn't just pass in the SKB to the md5_hash function because there
> are several places where we don't have an SKB to hand (generating ACKs and
> RSTs, for example).
>
> This patch is, obviously, semantically incongruent with [1] and [1] should be
> backed out before applying.
>
> Cheers,
>
>
> AGL
>
>
> [1] http://marc.info/?l=linux-netdev&m=121459157816964&w=2
>
> ---
>
> include/net/tcp.h | 11 +++--
> net/ipv4/tcp_ipv4.c | 113 +++++++++++++++++++++++++++++++++++++------------
> net/ipv4/tcp_output.c | 14 ++++--
> 3 files changed, 101 insertions(+), 37 deletions(-)
>
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index 633147c..4213379 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -1110,6 +1110,7 @@ union tcp_md5sum_block {
> struct tcp_md5sig_pool {
> struct hash_desc md5_desc;
> union tcp_md5sum_block md5_blk;
> + struct scatterlist sg[MAX_SKB_FRAGS + 3];
> };
>
I would rather see the pool used less and the stack used more.
Global context is more like FORTRAN common blocks.
My suggestion would be to have two hash functions, one that takes a block
for the cases of TCP SYN, etc. and another that takes an skb for data packets.
You still need to have some of the places that reset sk_route_caps otherwise
you will get TSO/GSO packets because of the resetting of route_caps after the SYN/ACK.
next prev parent reply other threads:[~2008-07-01 21:39 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-01 21:16 MD5 SG fix Adam Langley
2008-07-01 21:39 ` Stephen Hemminger [this message]
2008-07-01 21:48 ` Adam Langley
2008-07-01 21:49 ` Adam Langley
2008-07-01 22:38 ` Adam Langley
2008-07-01 22:46 ` Stephen Hemminger
2008-07-01 22:49 ` Stephen Hemminger
2008-07-01 22:52 ` Adam Langley
2008-07-01 23:10 ` Stephen Hemminger
2008-07-02 4:55 ` Evgeniy Polyakov
2008-07-04 0:07 ` Adam Langley
2008-07-04 4:02 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080701143943.426c9f24@extreme \
--to=shemminger@vyatta.com \
--cc=agl@imperialviolet.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).