On Sat, Dec 19, 2015 at 1:01 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > On Fri, Dec 18, 2015 at 11:42 AM, Vijay Pandurangan <vij...@vijayp.ca> wrote: >> Evan and I have demonstrated this bug on Kubernetes as well, so it's >> not just a problem in Mesos. (See >> https://github.com/kubernetes/kubernetes/issues/18898) >> > > Interesting... then this problem is much more serious than I thought. > > Looks like in RX path the bridge sets the checksum to CHECKSUM_NONE > too: > > static inline void skb_forward_csum(struct sk_buff *skb) > { > /* Unfortunately we don't support this one. Any brave souls? */ > if (skb->ip_summed == CHECKSUM_COMPLETE) > skb->ip_summed = CHECKSUM_NONE; > } > > I guess this is probably why Docker/Kubernetes could be affected too.
Hmm, no, actually this is due to netem does the software checksum and sets it to CHECKSUM_NONE: if (q->corrupt && q->corrupt >= get_crandom(&q->corrupt_cor)) { if (!(skb = skb_unshare(skb, GFP_ATOMIC)) || (skb->ip_summed == CHECKSUM_PARTIAL && skb_checksum_help(skb))) return qdisc_drop(skb, sch); skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8); } But anyway, your patch still looks correct to me. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html