Formerly when userspace TSO was enabled but with a non-DKDK interface without support IP checksum offloading, FTP NAT connections would fail if the packet length changed. This can happen if the packets length changes during L7 NAT translation, predominantly with FTP. This is why the "conntrack - IPv4 FTP Passive with DNAT" test would fail when run when run with check-system-tso.
However, that isn't the only location with this type of issue. Any time that we had checked for dp_packet_hwol_is_ipv4() there was a possibility that the packet was either destined for an interface with TCP but not IP offload, or originating from an interface with any level of offload but destined for an interface with no checksum offload at all. A patch series for a more robust solution is in progress. Fixes: 29cf9c1b3b9c ("userspace: Add TCP Segmentation Offload support") Reported-by: Ilya Maximets <i.maxim...@ovn.org> Signed-off-by: Mike Pattrick <m...@redhat.com> --- lib/conntrack.c | 8 +++----- lib/ipf.c | 36 ++++++++++++++++-------------------- 2 files changed, 19 insertions(+), 25 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 33a1a9295..dfb2606a6 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -3402,11 +3402,9 @@ handle_ftp_ctl(struct conntrack *ct, const struct conn_lookup_ctx *ctx, } if (seq_skew) { ip_len = ntohs(l3_hdr->ip_tot_len) + seq_skew; - if (!dp_packet_hwol_is_ipv4(pkt)) { - l3_hdr->ip_csum = recalc_csum16(l3_hdr->ip_csum, - l3_hdr->ip_tot_len, - htons(ip_len)); - } + l3_hdr->ip_csum = recalc_csum16(l3_hdr->ip_csum, + l3_hdr->ip_tot_len, + htons(ip_len)); l3_hdr->ip_tot_len = htons(ip_len); } } diff --git a/lib/ipf.c b/lib/ipf.c index 507db2aea..e1dee5907 100644 --- a/lib/ipf.c +++ b/lib/ipf.c @@ -433,11 +433,9 @@ ipf_reassemble_v4_frags(struct ipf_list *ipf_list) len += rest_len; l3 = dp_packet_l3(pkt); ovs_be16 new_ip_frag_off = l3->ip_frag_off & ~htons(IP_MORE_FRAGMENTS); - if (!dp_packet_hwol_is_ipv4(pkt)) { - l3->ip_csum = recalc_csum16(l3->ip_csum, l3->ip_frag_off, - new_ip_frag_off); - l3->ip_csum = recalc_csum16(l3->ip_csum, l3->ip_tot_len, htons(len)); - } + l3->ip_csum = recalc_csum16(l3->ip_csum, l3->ip_frag_off, + new_ip_frag_off); + l3->ip_csum = recalc_csum16(l3->ip_csum, l3->ip_tot_len, htons(len)); l3->ip_tot_len = htons(len); l3->ip_frag_off = new_ip_frag_off; dp_packet_set_l2_pad_size(pkt, 0); @@ -1185,21 +1183,19 @@ ipf_post_execute_reass_pkts(struct ipf *ipf, } else { struct ip_header *l3_frag = dp_packet_l3(frag_i->pkt); struct ip_header *l3_reass = dp_packet_l3(pkt); - if (!dp_packet_hwol_is_ipv4(frag_i->pkt)) { - ovs_be32 reass_ip = - get_16aligned_be32(&l3_reass->ip_src); - ovs_be32 frag_ip = - get_16aligned_be32(&l3_frag->ip_src); - - l3_frag->ip_csum = recalc_csum32(l3_frag->ip_csum, - frag_ip, - reass_ip); - reass_ip = get_16aligned_be32(&l3_reass->ip_dst); - frag_ip = get_16aligned_be32(&l3_frag->ip_dst); - l3_frag->ip_csum = recalc_csum32(l3_frag->ip_csum, - frag_ip, - reass_ip); - } + ovs_be32 reass_ip = + get_16aligned_be32(&l3_reass->ip_src); + ovs_be32 frag_ip = + get_16aligned_be32(&l3_frag->ip_src); + + l3_frag->ip_csum = recalc_csum32(l3_frag->ip_csum, + frag_ip, + reass_ip); + reass_ip = get_16aligned_be32(&l3_reass->ip_dst); + frag_ip = get_16aligned_be32(&l3_frag->ip_dst); + l3_frag->ip_csum = recalc_csum32(l3_frag->ip_csum, + frag_ip, + reass_ip); l3_frag->ip_src = l3_reass->ip_src; l3_frag->ip_dst = l3_reass->ip_dst; -- 2.27.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev