Re: Fw: [Bugme-new] [Bug 4922] New: Bug in netfilter.c when drivers do hardware checksum generation.

Thu, 21 Jul 2005 20:24:13 -0700 

Andrew Morton wrote:

Begin forwarded message:

Date: Thu, 21 Jul 2005 11:39:44 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Bugme-new] [Bug 4922] New: Bug in netfilter.c when drivers do 
hardware checksum generation.


http://bugzilla.kernel.org/show_bug.cgi?id=4922

           Summary: Bug in netfilter.c when drivers do hardware checksum
                    generation.
    Kernel Version: 2.6.12.2
            Status: NEW
          Severity: normal
             Owner: [EMAIL PROTECTED]
         Submitter: [EMAIL PROTECTED]


Distribution:

Has been reproduced in Fedora Core 2, Fedora Core 3, YDL 4.0.
with 2.6.8, 2.6.8.1 2.6.9, 2.6.10, 2.6.12.2

Hardware Environment:

x86 (tigon3 driver for BMC5705 tg3.c and ppc systems (mac mini) having ethernet
drivers that do hardware IP checksums.

Software Environment:

See kernel revs above.
Standard distributions. Problem Description: 

There is a bug in the Linux kernel from 2.6.7 through 2.6.12.2.

The problem occurs when packets are being diverted to user space through
ipq/netlink sockets on systems that have ethernet drivers with hardware IP
checksum capability. It has been reproduced when user code is mangling the
packet headers. 
Where hardware has set ip_summed field in the skb and falsely indicates that the
checksum does not need to be re-generated after IP headers are mangled.


Please show how you use ip_queue (where are you calling -j QUEUE).


   This bug was originally introduced with a change to net/core/netfilter.c in
the 2.6.8 distribution.

Steps to reproduce:

   To reproduce the bug, divert packets through netlink ipq and change IP header
information.

The following patch fixes the problem on 2.6.12.2:

--- linux-2.6.12.2/net/core/netfilter.c.orig    2005-06-29 19:00:53.000000000 
-0400
+++ linux-2.6.12.2/net/core/netfilter.c 2005-07-19 19:07:18.000000000 -0400
@@ -485,6 +485,14 @@
        unsigned int verdict;
        int ret = 0;
+ if ((*pskb)->ip_summed == CHECKSUM_HW) { 
+                if (outdev == NULL) {
+                        (*pskb)->ip_summed = CHECKSUM_NONE;
+                } else {
+                        skb_checksum_help(*pskb, 0);
+                }
+        }
+
        /* We may already have this, but read-locks nest anyway */
        rcu_read_lock();


This code was never intended to fix up checksums of mangled queued
packets. It is the responsibility of the user to update the checksum
after mangling a packet.

Regards
Patrick
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to