On Fri, Oct 28, 2016 at 12:17:39AM +0000, my_ovs_disc...@yahoo.com wrote: > Thanks Thadeu. > > If we have to fix it, where should we add the code to validate the IP header > checksum? > -Thanks >
Deciding where to do it is part of the solution. I haven't put too much thought on this yet. But I guess that once we decide in the code that we are snooping and using the data, then we should check. As per RFC4541, we could either drop them or flood them. I think dropping is fine if snooping is on. Cascardo. > > From: Thadeu Lima de Souza Cascardo <casca...@redhat.com> > To: my_ovs_disc...@yahoo.com > Cc: Discuss <discuss@openvswitch.org> > Sent: Thursday, October 27, 2016 4:53 PM > Subject: Re: [ovs-discuss] openvswitch-2.5.0, mcast-snooping patch isn't > validating IP checksum > > On Thu, Oct 27, 2016 at 10:10:19PM +0000, my_ovs_disc...@yahoo.com wrote: > > Using openvswitch-2.5.0, user-space mode with Linux 2.6 based kernels.IGMP > > packets from NIC driver are handed over to Linux stack using netif_rx(). > > openvswitch is picking packets from net_device using netlink. > > As this path bypasses Linux kernel's IP stack, Linux kernel isn't > > validating IP checksum. > > Looks like, when packet enters vswitchd, it doesn't seem to validate IP > > header checksum for the IGMP packets and > > is directly delivering them to mcast-snoop module. > > Is this a deliberate one to skip validating IP header checksum for IGMP > > packets in this scenario or I am missing something here. > > -Thanks > > > > That could be considered a bug. Thanks for the report. > > Thadeu Cascardo. > > > _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
