| Message ID | 20131122023129.GA6506@gondor.apana.org.au |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On Fri, 2013-11-22 at 10:31 +0800, Herbert Xu wrote: > In some cases we may receive IP packets that are longer than > their stated lengths. Such packets are never merged in GRO. > However, we may end up computing their checksums incorrectly > and end up allowing packets with a bogus checksum enter our > stack with the checksum status set as verified. > > Since such packets are rare and not performance-critical, this > patch simply skips the checksum verification for them. > > Reported-by: Alexander Duyck <alexander.h.duyck@intel.com> > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > Acked-by: Alexander Duyck <alexander.h.duyck@intel.com> Acked-by: Eric Dumazet <edumazet@google.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Eric Dumazet <eric.dumazet@gmail.com> Date: Thu, 21 Nov 2013 21:55:12 -0800 > On Fri, 2013-11-22 at 10:31 +0800, Herbert Xu wrote: >> In some cases we may receive IP packets that are longer than >> their stated lengths. Such packets are never merged in GRO. >> However, we may end up computing their checksums incorrectly >> and end up allowing packets with a bogus checksum enter our >> stack with the checksum status set as verified. >> >> Since such packets are rare and not performance-critical, this >> patch simply skips the checksum verification for them. >> >> Reported-by: Alexander Duyck <alexander.h.duyck@intel.com> >> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> >> Acked-by: Alexander Duyck <alexander.h.duyck@intel.com> > > Acked-by: Eric Dumazet <edumazet@google.com> Appplied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c index a2b68a1..55aeec9 100644 --- a/net/ipv4/tcp_offload.c +++ b/net/ipv4/tcp_offload.c @@ -276,6 +276,10 @@ static struct sk_buff **tcp4_gro_receive(struct sk_buff **head, struct sk_buff * __wsum wsum; __sum16 sum; + /* Don't bother verifying checksum if we're going to flush anyway. */ + if (NAPI_GRO_CB(skb)->flush) + goto skip_csum; + switch (skb->ip_summed) { case CHECKSUM_COMPLETE: if (!tcp_v4_check(skb_gro_len(skb), iph->saddr, iph->daddr, @@ -301,6 +305,7 @@ flush: break; } +skip_csum: return tcp_gro_receive(head, skb); } diff --git a/net/ipv6/tcpv6_offload.c b/net/ipv6/tcpv6_offload.c index c1097c7..71923d1 100644 --- a/net/ipv6/tcpv6_offload.c +++ b/net/ipv6/tcpv6_offload.c @@ -39,6 +39,10 @@ static struct sk_buff **tcp6_gro_receive(struct sk_buff **head, __wsum wsum; __sum16 sum; + /* Don't bother verifying checksum if we're going to flush anyway. */ + if (NAPI_GRO_CB(skb)->flush) + goto skip_csum; + switch (skb->ip_summed) { case CHECKSUM_COMPLETE: if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr, @@ -65,6 +69,7 @@ flush: break; } +skip_csum: return tcp_gro_receive(head, skb); }