diff mbox series

[v3] net: dccp: Checksum verification enhancement

Message ID FRAPR01MB11707401056D4D6C95D8C615FA3A0@FRAPR01MB1170.DEUPRD01.PROD.OUTLOOK.DE
State Rejected
Delegated to: David Miller
Headers show
Series [v3] net: dccp: Checksum verification enhancement | expand

Commit Message

Markus.Amend@telekom.de April 30, 2019, 4:11 p.m. UTC 
The current patch modifies the checksum verification of a received DCCP
packet, by adding the function __skb_checksum_validate into the
dccp_vX_rcv routine. The purpose of the modification is to allow the
verification of the skb->ip_summed flags during the checksum validation
process (for checksum offload purposes). As __skb_checksum_validate
covers the functionalities of skb_checksum and dccp_vX_csum_finish they
are needless and therefore removed.

Signed-off-by: Nathalie Romo Moreno <natha.ro.moreno@gmail.com>
Signed-off-by: Markus Amend <markus.amend@telekom.de>
---
 net/dccp/ipv4.c | 6 ++----
 net/dccp/ipv6.c | 6 +++---
 2 files changed, 5 insertions(+), 7 deletions(-)

Comments

David Miller May 5, 2019, 4:53 p.m. UTC | #1 
From: <Markus.Amend@telekom.de>
Date: Tue, 30 Apr 2019 16:11:07 +0000

> The current patch modifies the checksum verification of a received DCCP
> packet, by adding the function __skb_checksum_validate into the
> dccp_vX_rcv routine. The purpose of the modification is to allow the
> verification of the skb->ip_summed flags during the checksum validation
> process (for checksum offload purposes). As __skb_checksum_validate
> covers the functionalities of skb_checksum and dccp_vX_csum_finish they
> are needless and therefore removed.
> 
> Signed-off-by: Nathalie Romo Moreno <natha.ro.moreno@gmail.com>
> Signed-off-by: Markus Amend <markus.amend@telekom.de>

I don't see how this can be correct as you're not taking the csum
coverage value into consideration at all.
Markus.Amend@telekom.de June 13, 2019, 6:51 a.m. UTC | #2 
Hi David,

Yes, you are right, I overlooked this. Unfortunately the current receive process in the DCCP layer does from my view not properly support the skb->ip_summed flag verification, because the checksum validation takes place at different places. This would require some dirty hacks...

I see two options.

1. Adding the ip_summed flag verification 


or 2. Learn from the UDP stack

Since UDP/UDP-Lite are very similar to DCCP, at least from a checksum verification point, I ask myself if it would make sense to re-work DCCP's receive process according to the one of UDP/UDP-Lite? 
The relevant process in the udp stack (for IPv4) I identified therefore, can be found in /net/ipv4/udp.c, within the function __udp4_lib_rcv. There it is done, compared to DCCP, the other way round it starts with an udp4_csum_init and most likely a later udp_lib_checksum_complete. Both consider skb->ip_summed. If we would implement similar functions into the DCCP stack and adapt the DCCP rcv checksum validation process to the one in UDP could make probably more sense?!


Personally I prefer the second option, what do you think?

BR

Markus


> -----Original Message-----
> From: David Miller <davem@davemloft.net>
> Sent: Sonntag, 5. Mai 2019 18:53
> To: Amend, Markus <Markus.Amend@telekom.de>
> Cc: linux-kernel@vger.kernel.org; netdev@vger.kernel.org;
> dccp@vger.kernel.org
> Subject: Re: [PATCH v3] net: dccp: Checksum verification enhancement
> 
> From: <Markus.Amend@telekom.de>
> Date: Tue, 30 Apr 2019 16:11:07 +0000
> 
> > The current patch modifies the checksum verification of a received
> > DCCP packet, by adding the function __skb_checksum_validate into the
> > dccp_vX_rcv routine. The purpose of the modification is to allow the
> > verification of the skb->ip_summed flags during the checksum
> > validation process (for checksum offload purposes). As
> > __skb_checksum_validate covers the functionalities of skb_checksum and
> > dccp_vX_csum_finish they are needless and therefore removed.
> >
> > Signed-off-by: Nathalie Romo Moreno <natha.ro.moreno@gmail.com>
> > Signed-off-by: Markus Amend <markus.amend@telekom.de>
> 
> I don't see how this can be correct as you're not taking the csum coverage
> value into consideration at all.
diff mbox series

Patch

diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 26a21d97b6b0..ca4eb93e4663 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -762,9 +762,6 @@  int dccp_invalid_packet(struct sk_buff *skb)
 		return 1;
 	}
 
-	/* If header checksum is incorrect, drop packet and return.
-	 * (This step is completed in the AF-dependent functions.) */
-	skb->csum = skb_checksum(skb, 0, cscov, 0);
 
 	return 0;
 }
@@ -786,7 +783,8 @@  static int dccp_v4_rcv(struct sk_buff *skb)
 
 	iph = ip_hdr(skb);
 	/* Step 1: If header checksum is incorrect, drop packet and return */
-	if (dccp_v4_csum_finish(skb, iph->saddr, iph->daddr)) {
+	if (__skb_checksum_validate(skb, IPPROTO_DCCP,
+				    true, false, 0, inet_compute_pseudo)) {
 		DCCP_WARN("dropped packet with invalid checksum\n");
 		goto discard_it;
 	}
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index d5740bad5b18..22df24fecfe7 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -694,9 +694,9 @@  static int dccp_v6_rcv(struct sk_buff *skb)
 	if (dccp_invalid_packet(skb))
 		goto discard_it;
 
-	/* Step 1: If header checksum is incorrect, drop packet and return. */
-	if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr,
-				     &ipv6_hdr(skb)->daddr)) {
+	/* Step 1: If header checksum is incorrect, drop packet and return */
+	if (__skb_checksum_validate(skb, IPPROTO_DCCP,
+				    true, false, 0, ip6_compute_pseudo)) {
 		DCCP_WARN("dropped packet with invalid checksum\n");
 		goto discard_it;
 	}