[Top] [All Lists]

Re: [PATCH] Fix checksum bug for multicast/broadcast packets on postrout

To: James Morris <jmorris@xxxxxxxxxx>
Subject: Re: [PATCH] Fix checksum bug for multicast/broadcast packets on postrouting hook
From: Mika Penttilä <mika.penttila@xxxxxxxxxxx>
Date: Sun, 15 Feb 2004 11:34:22 +0200
Cc: "David S. Miller" <davem@xxxxxxxxxx>, Harald Welte <laforge@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, Stephen Smalley <sds@xxxxxxxxxxxxxx>
In-reply-to: <Xine.LNX.4.44.0402142314580.7364-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
References: <Xine.LNX.4.44.0402142314580.7364-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

James Morris wrote:

On Sat, 14 Feb 2004, Mika Penttilä wrote:

James Morris wrote:

The proposed solution below is to copy the skb rather than clone it, to ensure that the original and looped back packets are independent.

This is unneeded overhead for the common case. The right fix is to make sure the modifier (netfilter etc) makes the copy if needed. Actually, this is what skb_ip_make_writable() is doing.

The common case here will be only for locally generated multicast and broadcast packets.

If the netfilter core code is modified instead, we will end up adding
skb_ip_make_writable() to nf_hook_slow() which will be called for every packet with an output device which uses hardware checksums.

Not sure which is worse, but here's a proposed patch which does this.

- James

I don't see the context here. Where is the packet mangled? Why isn't that instance doing skb_ip_make_writable()? selinux? Not everyone generating locally multicast/broadcast packets is using selinux...


<Prev in Thread] Current Thread [Next in Thread>