From patchwork Fri May 3 11:34:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Ojea X-Patchwork-Id: 1931000 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=C/IpGnH6; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=147.75.48.161; helo=sy.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-2075-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org [147.75.48.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VW7zB6ymNz1ybC for ; Fri, 3 May 2024 21:35:50 +1000 (AEST) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 41812B22AAA for ; Fri, 3 May 2024 11:35:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DCDBA152788; Fri, 3 May 2024 11:35:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="C/IpGnH6" X-Original-To: netfilter-devel@vger.kernel.org Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B9EF152521 for ; Fri, 3 May 2024 11:35:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714736144; cv=none; b=LXL7yhFaFR2ssE2wyMPTJAuNPK3NNUMId3eypXg+d5a8OCG6F+K14K3smtoh0SKildrZBoezjijMwjqenB9Qze/EilExXOO/6teFX2NNcwaclggOcKHnN3ic/u9cXwgI0pS0JxlEP3o7jQyMyBVLjJ3UwJpHDC746sZ5Zk9tpA4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714736144; c=relaxed/simple; bh=wGnGYMYG4AAYrXJouZo0VQ/bnUs4zifbx+n3lsGCTYc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=r4+OR0T3IF8QyuZP+WxfFZA1u2slp5w/RC6hAsFsmy5wTsWzqsugBPWqrnCDBl9vINt4F+1FSqzQGuJzLM49nKWMhBiKD5SNOEZsz3hDeykWFbsMD+GkJDm8VYt92+x+6Tu7v05gVWcBnppfO6L+m9lUBg+sspft81N5K4XwnvU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--aojea.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=C/IpGnH6; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--aojea.bounces.google.com Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6202fd268c1so543057b3.2 for ; Fri, 03 May 2024 04:35:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714736142; x=1715340942; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ADateZFJL94d9s+YLyq8KiE9M7tpLEvPfhk48z3hB84=; b=C/IpGnH6sNf/bAONbCG5yWkTV9e0Zjr0/9I2+nHJndrNOxYSXMroyia6a3xR5qBLhv jPyVeumWe2RNfnHpUJVoqqhr9sYfzJxnJYbv2jBs8/sg6PoaBWS6FQMX8kLNQv5sqPkD D/Tdhr+R1eez9Nm88K4T1MVCNkEfkr4VLDFqkLt92pHzaQmWvmMQv2hCdyMwH42W5xnA lC/ITMcuUA39Ti2dmWvdWI50vIXOE8dj3mQH8MccUJITzJ6WEuAfNfuUf2fmqPOz2Qzs B4Ej/G5uooPsyu678a9OvYZAxj79D9EmbkQofnz+M9G3CC18/AYmD1DwqhUrouAJ+41E HUBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714736142; x=1715340942; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ADateZFJL94d9s+YLyq8KiE9M7tpLEvPfhk48z3hB84=; b=HA12Ib8Nz198sYI1LrAtkLmPf2X/lJAPQKc8Hdpbooq/lAKByUtrOMXqcSoYUkqePu cVK8GxmeG+uMXXXHhgF5wsKLJ40AT+LKkeGGy3JgUow+ASLtCXAHZvmgpPYYpt3a80v1 EA5ZNFtVk43qKVLiy5CKvx0F8i6m6hClOrKw79kclsWZA/wpWmkAsWbjCb7+IG43zl34 x595zs0oW0hiB72AXeKFy9hIh0Arop8O5x3dOEZDxYdiPXEreg32AlQzhyYw0UtIhkIQ 5xJVhxCnTA9Dl+vtTJP/FLvJXYLi2putDQHmCDe3CwVgDbVo33sWNPH4KaWQ6yGoKviM gwAA== X-Gm-Message-State: AOJu0YzbwMP/F5byYHZbQKUROUro0lEuQ5fTwbZlq8lLzihHexjOv0+g oi2uveTQgT9yB+w68sXj9O6o5ThDjzwKgD9y/HFXhOa2eomMW7NlH/ueKxHVuX71iZLJwNf2I0a vAB1PI67vIqvPPGB1FllZIXWK5B3V6xtwVjqeL28QFakpID2bouPLPKr2D3ImMLnWmugJ1/UcX/ KFFK8zypX+mzKq9c5Xhvf29b/Q7NGD8ymQhVEeusk= X-Google-Smtp-Source: AGHT+IG5UXZB0iiQfQO2u5QXbOVgRHNfAGEpktXjJb22PDo4EAXxEzDtTQ6CXmUmORvURi6QrOsnOt7idQ== X-Received: from aojea.c.googlers.com ([fda3:e722:ac3:cc00:31:98fb:c0a8:b3d]) (user=aojea job=sendgmr) by 2002:a05:6902:1004:b0:de4:7be7:1c2d with SMTP id w4-20020a056902100400b00de47be71c2dmr809160ybt.11.1714736142068; Fri, 03 May 2024 04:35:42 -0700 (PDT) Date: Fri, 3 May 2024 11:34:54 +0000 In-Reply-To: <20240503113456.864063-1-aojea@google.com> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240503113456.864063-1-aojea@google.com> X-Mailer: git-send-email 2.45.0.rc1.225.g2a3ae87e7f-goog Message-ID: <20240503113456.864063-2-aojea@google.com> Subject: [PATCH net-next 1/2] netfilter: nft_queue: compute SCTP checksum From: Antonio Ojea To: netfilter-devel@vger.kernel.org Cc: fw@strlen.de, pablo@netfilter.org, willemb@google.com, edumazet@google.com, Antonio Ojea when the packet is processed with GSO and is SCTP it has to take into account the SCTP checksum. Signed-off-by: Antonio Ojea --- net/netfilter/nfnetlink_queue.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 00f4bd21c59b..428014aea396 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -600,6 +600,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, case NFQNL_COPY_PACKET: if (!(queue->flags & NFQA_CFG_F_GSO) && entskb->ip_summed == CHECKSUM_PARTIAL && + (skb_csum_is_sctp(entskb) && skb_crc32c_csum_help(entskb)) && skb_checksum_help(entskb)) return NULL; From patchwork Fri May 3 11:34:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Ojea X-Patchwork-Id: 1931001 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=GlvAqBfH; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=139.178.88.99; helo=sv.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-2076-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org [139.178.88.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VW7zG09n2z1ybC for ; Fri, 3 May 2024 21:35:54 +1000 (AEST) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9E8C5283F78 for ; Fri, 3 May 2024 11:35:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C977B152535; Fri, 3 May 2024 11:35:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GlvAqBfH" X-Original-To: netfilter-devel@vger.kernel.org Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA2C7152502 for ; Fri, 3 May 2024 11:35:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714736150; cv=none; b=Pv8+Er2toOLTy794Dl57TdN2muFFZn5u9unPQL/Qu7FQkDORRyPPY5hvuNIgOVPWc+yZiJABL5SEXWqEGJnPJXaGb59hgo/s0OpRCuSFjFbXaTbcCJ4KCPnauSXB9lQojEEsRfkCiQQbLkWzYdgazq69FbOeJJFSB78nFET+ADE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714736150; c=relaxed/simple; bh=35Xa6yJROGX4ZmFGPeJ7rL1Nkv0RBvnW3P5O1kNn/Wo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=P1lVtIIBrWmOFYL7P6RHSgwWIEGkTAJh7po6CHvCi6SXzRLaC1E4/yGRjs1PbBBybS5zP/EQD2cZWEvAJjUGzuKx8xj7ThvCepn3AlhUMpGNbfkPHjOf7EUmzie0fltYzlXtsm9VpZlZXAqskbuh6ATJmmGQIvQohwBwfGbvRVk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--aojea.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GlvAqBfH; arc=none smtp.client-ip=209.85.208.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--aojea.bounces.google.com Received: by mail-ed1-f74.google.com with SMTP id 4fb4d7f45d1cf-572baf39435so1720325a12.1 for ; Fri, 03 May 2024 04:35:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714736147; x=1715340947; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=qJS0fh4sZybANlRmi6RKVi+YetAq4rKaKyK4u4wBgOU=; b=GlvAqBfH6XfiX64P+aylHFbpNT5LypR81xYmMQJZ28EE9rtSFa2pkic5K2bAIZJEnP E5EH+/fwpmlYByobPaYwKQ4HtgmoQ/Lytr3c+BM8ySxgvEMjLB/wObqsw8pZKvv6zGnG wXrblT8PHfPR4snN+q+Q9hqplKSsSf18erS3QGxLKQ55XlEi0Vmnd89MVf+p4oKyUeWZ kNCUpKsXby7WiCFaYh6sLcKC49yI4EoLn1zYik3FgnZf4PztQJJc7OvPKpxLXm4yHufh TqG039ItISz0ZNQAd+gZ8GL+OrM4brpWlLR1QllBQazv8j3U8e8XfR5E5uVuPsb4QHFc jmkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714736147; x=1715340947; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qJS0fh4sZybANlRmi6RKVi+YetAq4rKaKyK4u4wBgOU=; b=DEbo7h7kdE91AvyeofhZo6Njumug8HxuAjoWfM9AIYtKiru6G+PBizsyDUof9S/HN8 86CnPG73jPwmJUzU8Jv+hJmUhGDaiqAZ7ADleLxgRoxQiiLkdMAFgb9SxEmQ4UIBrE/y iNnS8PQEPMdB284l2jyKL85+QSWGsiS/WUaz2n771NS8Ko6F9t1JgjLv1PqOHZOrtNUa Vg60xvPVh6BD9QG0lsZ+E784Kby3Yp4E4BhWYO1Ta/GXq+gRSoTORsGsV8wGvDTydtEu tiZbebRmfp4eO0wJmGueQiwT4plB8cHdYrObiopbvrls57Ir3Qwy2u9g59VaS4lk4Ev6 WO4w== X-Gm-Message-State: AOJu0YxsnPsccyWKmGqs5TEavwue1CzMzEaNaDs9RqtvH+mrOhtHyBx9 Salu+M+vfH/BJdJRwFMvVInmVwWHwUZqbhjYNJ6K3FdEuq1wNncreLTtZ45IZczHamS0O6SEURR gud94zGbRBaCxON9tPlVRUaW9+aY2Wx3z+Y8FEL8NDcWoLPjIRtWOjttyIdYi4iB0g9YU8IzBpu IAEXT8GaDOvE1bwgt6iUU6CBpA5epNpr2PpxN4rq4= X-Google-Smtp-Source: AGHT+IF8wQo/z3M6JGaPALhYfTW3EXwYM0ViosOdqmHTdPKXeOF6VjcKFEzZ9+4wyVHHG10XOJwRtU4Utw== X-Received: from aojea.c.googlers.com ([fda3:e722:ac3:cc00:31:98fb:c0a8:b3d]) (user=aojea job=sendgmr) by 2002:a05:6402:1caf:b0:572:b0a8:65ff with SMTP id cz15-20020a0564021caf00b00572b0a865ffmr7009edb.1.1714736145216; Fri, 03 May 2024 04:35:45 -0700 (PDT) Date: Fri, 3 May 2024 11:34:55 +0000 In-Reply-To: <20240503113456.864063-1-aojea@google.com> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240503113456.864063-1-aojea@google.com> X-Mailer: git-send-email 2.45.0.rc1.225.g2a3ae87e7f-goog Message-ID: <20240503113456.864063-3-aojea@google.com> Subject: [PATCH net-next 2/2] selftests: net: netfilter: nft_queue.sh: sctp checksum From: Antonio Ojea To: netfilter-devel@vger.kernel.org Cc: fw@strlen.de, pablo@netfilter.org, willemb@google.com, edumazet@google.com, Antonio Ojea Test that nfqueue, when using GSO, process SCTP packets correctly. Regression test for https://bugzilla.netfilter.org/show_bug.cgi?id=1742 Signed-off-by: Antonio Ojea --- .../selftests/net/netfilter/nft_queue.sh | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tools/testing/selftests/net/netfilter/nft_queue.sh b/tools/testing/selftests/net/netfilter/nft_queue.sh index 8538f08c64c2..5e075c7e0350 100755 --- a/tools/testing/selftests/net/netfilter/nft_queue.sh +++ b/tools/testing/selftests/net/netfilter/nft_queue.sh @@ -25,6 +25,9 @@ cleanup() } checktool "nft --version" "test without nft tool" +checktool "socat -h" "run test without socat" + +modprobe -q sctp trap cleanup EXIT @@ -375,6 +378,40 @@ EOF wait 2>/dev/null } +test_sctp_forward() +{ + ip netns exec "$nsrouter" nft -f /dev/stdin < "$TMPFILE1" & + local rpid=$! + + # ss does not show the sctp socket? + busywait "$BUSYWAIT_TIMEOUT" sh -c "ps axf | grep -q SCTP-LISTEN" "$ns2" + + ip netns exec "$ns1" socat -u STDIN SCTP:10.0.2.99:12345 <"$TMPINPUT" >/dev/null + + if ! ip netns exec "$nsrouter" nft delete table inet sctpq; then + echo "FAIL: Could not delete sctpq table" + exit 1 + fi + + if ! diff -u "$TMPINPUT" "$TMPFILE1" ; then + echo "FAIL: lost packets?!" 1>&2 + return + fi + + wait "$rpid" && echo "PASS: sctp and nfqueue in forward chain with GSO" +} + ip netns exec "$nsrouter" sysctl net.ipv6.conf.all.forwarding=1 > /dev/null ip netns exec "$nsrouter" sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null ip netns exec "$nsrouter" sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null @@ -413,5 +450,6 @@ test_tcp_localhost test_tcp_localhost_connectclose test_tcp_localhost_requeue test_icmp_vrf +test_sctp_forward exit $ret