From: "Mika Penttilä" <mika.penttila@kolumbus.fi>
To: James Morris <jmorris@redhat.com>
Cc: "David S. Miller" <davem@redhat.com>,
Harald Welte <laforge@netfilter.org>,
netdev@oss.sgi.com, Stephen Smalley <sds@epoch.ncsc.mil>
Subject: Re: [PATCH] Fix checksum bug for multicast/broadcast packets on postrouting hook
Date: Sun, 15 Feb 2004 15:40:18 +0200 [thread overview]
Message-ID: <402F76C2.6030300@kolumbus.fi> (raw)
In-Reply-To: <Xine.LNX.4.44.0402150801310.12126-100000@thoron.boston.redhat.com>
James Morris wrote:
>On Sun, 15 Feb 2004, Mika Penttilä wrote:
>
>
>
>>James Morris wrote:
>>
>>
>>
>>>On Sat, 14 Feb 2004, Mika Penttilä wrote:
>>>
>>>
>>>>This is unneeded overhead for the common case. The right fix is to make
>>>>sure the modifier (netfilter etc) makes the copy if needed. Actually,
>>>>this is what skb_ip_make_writable() is doing.
>>>>
>>>>
>>>>
>>>>
>>>The common case here will be only for locally generated multicast and
>>>broadcast packets.
>>>
>>>If the netfilter core code is modified instead, we will end up adding
>>>skb_ip_make_writable() to nf_hook_slow() which will be called for every
>>>packet with an output device which uses hardware checksums.
>>>
>>>Not sure which is worse, but here's a proposed patch which does this.
>>>
>>>
>>>- James
>>>
>>>
>>>
>>I don't see the context here. Where is the packet mangled? Why isn't
>>that instance doing skb_ip_make_writable()? selinux? Not everyone
>>generating locally multicast/broadcast packets is using selinux...
>>
>>
>>
>
>[my previous post didn't seem to make it to the list, newer patch is
>attached below again]
>
>The packet is mangled in skb_checksum_help(), which is called by the
>Netfilter core code. It is not being mangled by SELinux.
>
>
>- James
>
skb_checksum_help() updates skb->ip_summed to CHECKSUM_NONE in the
original skb, and this should be seen by the driver. With your change
the checksum is calculated twice, once for the looping back packet, and
once for the outgoing.
--Mika
next prev parent reply other threads:[~2004-02-15 13:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-14 18:37 [PATCH] Fix checksum bug for multicast/broadcast packets on postrouting hook James Morris
2004-02-14 18:37 ` Harald Welte
2004-02-14 19:07 ` Mika Penttilä
2004-02-14 23:00 ` David S. Miller
2004-02-15 6:09 ` James Morris
2004-02-15 9:34 ` Mika Penttilä
2004-02-15 13:03 ` James Morris
2004-02-15 13:40 ` Mika Penttilä [this message]
2004-02-15 14:03 ` James Morris
2004-02-15 16:00 ` Mika Penttilä
2004-02-16 1:50 ` James Morris
2004-02-16 6:43 ` Mika Penttilä
2004-02-16 13:45 ` James Morris
2004-02-19 1:24 ` David S. Miller
2004-02-23 22:19 ` James Morris
2004-02-29 5:50 ` David S. Miller
2004-02-17 15:54 ` Harald Welte
2004-02-17 20:35 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=402F76C2.6030300@kolumbus.fi \
--to=mika.penttila@kolumbus.fi \
--cc=davem@redhat.com \
--cc=jmorris@redhat.com \
--cc=laforge@netfilter.org \
--cc=netdev@oss.sgi.com \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).