linux-stable/include
Cyril Strejc 5ffdddcf28 net: multicast: calculate csum of looped-back and forwarded packets
[ Upstream commit 9122a70a63 ]

During a testing of an user-space application which transmits UDP
multicast datagrams and utilizes multicast routing to send the UDP
datagrams out of defined network interfaces, I've found a multicast
router does not fill-in UDP checksum into locally produced, looped-back
and forwarded UDP datagrams, if an original output NIC the datagrams
are sent to has UDP TX checksum offload enabled.

The datagrams are sent malformed out of the NIC the datagrams have been
forwarded to.

It is because:

1. If TX checksum offload is enabled on the output NIC, UDP checksum
   is not calculated by kernel and is not filled into skb data.

2. dev_loopback_xmit(), which is called solely by
   ip_mc_finish_output(), sets skb->ip_summed = CHECKSUM_UNNECESSARY
   unconditionally.

3. Since 35fc92a9 ("[NET]: Allow forwarding of ip_summed except
   CHECKSUM_COMPLETE"), the ip_summed value is preserved during
   forwarding.

4. If ip_summed != CHECKSUM_PARTIAL, checksum is not calculated during
   a packet egress.

The minimum fix in dev_loopback_xmit():

1. Preserves skb->ip_summed CHECKSUM_PARTIAL. This is the
   case when the original output NIC has TX checksum offload enabled.
   The effects are:

     a) If the forwarding destination interface supports TX checksum
        offloading, the NIC driver is responsible to fill-in the
        checksum.

     b) If the forwarding destination interface does NOT support TX
        checksum offloading, checksums are filled-in by kernel before
        skb is submitted to the NIC driver.

     c) For local delivery, checksum validation is skipped as in the
        case of CHECKSUM_UNNECESSARY, thanks to skb_csum_unnecessary().

2. Translates ip_summed CHECKSUM_NONE to CHECKSUM_UNNECESSARY. It
   means, for CHECKSUM_NONE, the behavior is unmodified and is there
   to skip a looped-back packet local delivery checksum validation.

Signed-off-by: Cyril Strejc <cyril.strejc@skoda.cz>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-17 09:48:21 +01:00
..
acpi ACPI: fix NULL pointer dereference 2021-08-08 09:04:08 +02:00
asm-generic vmlinux.lds.h: Handle clang's module.{c,d}tor sections 2021-08-18 08:57:04 +02:00
clocksource
crypto crypto: public_key: fix overflow during implicit conversion 2021-09-22 12:26:21 +02:00
drm drm: Return -ENOTTY for non-drm ioctls 2021-07-28 13:31:01 +02:00
dt-bindings
keys certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-06-30 08:47:55 -04:00
kvm
linux bpf: Prevent increasing bpf_jit_limit above max 2021-11-17 09:48:20 +01:00
math-emu
media media: subdev: disallow ioctl for saa6588/davinci 2021-07-19 08:53:17 +02:00
misc
net net: multicast: calculate csum of looped-back and forwarded packets 2021-11-17 09:48:21 +01:00
pcmcia
ras
rdma RDMA/umem: Fix signature of stub ib_umem_find_best_pgsz() 2020-10-29 09:57:47 +01:00
scsi scsi: iscsi: Fix conn use after free during resets 2021-07-20 16:10:43 +02:00
soc irqchip/eznps: Fix build error for !ARC700 builds 2020-09-17 13:47:47 +02:00
sound ALSA: hda: intel-nhlt: verify config type 2021-03-09 11:09:39 +01:00
target scsi: target: core: Add cmd length set before cmd complete 2021-03-17 17:03:45 +01:00
trace erofs: fix up erofs_lookup tracepoint 2021-09-30 10:09:22 +02:00
uapi fq_codel: reject silly quantum parameters 2021-09-22 12:26:45 +02:00
vdso
video
xen Xen/gntdev: correct error checking in gntdev_map_grant_pages() 2021-02-23 15:02:26 +01:00