On Sun, Oct 25, 2015, at 14:32, Tom Herbert wrote: > > Anyway, currently it is easy to generate broken checksums on the wire > > and would like to solve that for net, we certainly can improve that in > > net-next. > > > Hannes, > > The IPv4 fragment code is very similar to IPv6 in that both will > perform skb_checksum_help only in the slow_path, so it seems like > skb_checksum_help should be called earlier before the fragments are > generated in both cases. If we're not correctly setting checksum for > packets that are fragmented that is an issue with the stack.
We already concluded that drivers do have this problem and not the stack above ip6_fragment. The places I am aware of I fixed in this patch. Also IPv4 to me seems unaffected, albeit one can certainly clean up the logic in net-next. Do you want to move the skb_checksum_help() check to the front of ip_fragment in ipv4 now too? My patch fixed the part above ip6_fragment (in ip6_append_data) and made sure we don't send out packets with wrong checksums if we get to ip6_fragment directly. Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
