netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH] Fix checksum bug for multicast/broadcast packets on postrout

from [Mika Penttilä] [Permanent Link][Original]
To: James Morris <jmorris@xxxxxxxxxx>
Subject: Re: [PATCH] Fix checksum bug for multicast/broadcast packets on postrouting hook
From: Mika Penttilä <mika.penttila@xxxxxxxxxxx>
Date: Sat, 14 Feb 2004 21:07:14 +0200
Cc: "David S. Miller" <davem@xxxxxxxxxx>, Harald Welte <laforge@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, Stephen Smalley <sds@xxxxxxxxxxxxxx>
In-reply-to: <Xine.LNX.4.44.0402141318490.6128-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
References: <Xine.LNX.4.44.0402141318490.6128-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 


James Morris wrote:


This patch fixes a bug with with multicast/broadcast packets,
Netfilter, and NICs which do hardware checksums.

Outgoing multicast and broadcast packets are cloned prior to being fed
into the postrouting hook and looped back.  A problem is caused when the
shared packet data is modified by the netfilter core code when updating
the checksum, but the skb->ip_summed field in the header of the original
skb is not updated.  The NIC then tries to do a hardware checksum on an
already correct checksum, and we end up transmitting the wrong thing.

This bug stops things like DHCP from working, and was noted under SELinux
which uses the postrouting hook alone.
The proposed solution below is to copy the skb rather than clone it, to ensure that the original and looped back packets are independent. 

Please review.
(A similar problem seems to exist in the IPv6 code, although not verified yet). 


- James
This is unneeded overhead for the common case. The right fix is to make sure the modifier (netfilter etc) makes the copy if needed. Actually, this is what skb_ip_make_writable() is doing. 

--Mika
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH] Fix checksum bug for multicast/broadcast packets on postrouting hook, Harald Welte
Next by Date:  Re: Restrict local IP announcements in ARP requests, David S. Miller
Previous by Thread:  Re: [PATCH] Fix checksum bug for multicast/broadcast packets on postrouting hook, Harald Welte
Next by Thread:  Re: [PATCH] Fix checksum bug for multicast/broadcast packets on postrouting hook, David S. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]