On Wed, Feb 26, 2025 at 5:36 PM David Marchand
<david.march...@redhat.com> wrote:
> diff --git a/lib/netdev-native-tnl.c b/lib/netdev-native-tnl.c
> index 90201ddcab..3ffc7da724 100644
> --- a/lib/netdev-native-tnl.c
> +++ b/lib/netdev-native-tnl.c
> @@ -112,7 +112,7 @@ netdev_tnl_ip_extract_tnl_md(struct dp_packet *packet,
> struct flow_tnl *tnl,
>
> /* A packet coming from a network device might have the
> * csum already checked. In this case, skip the check. */
> - if (OVS_UNLIKELY(!dp_packet_hwol_l3_csum_ipv4_ol(packet))) {
> + if (OVS_UNLIKELY(dp_packet_ip_checksum_unknown(packet))) {
Ouch, wrong.
dp_packet_ip_checksum_bad() must be checked too (and similar issue in
next patch for L4).
> if (csum(ip, IP_IHL(ip->ip_ihl_ver) * 4)) {
> VLOG_WARN_RL(&err_rl, "ip packet has invalid checksum");
> return NULL;
[snip]
> diff --git a/lib/packets.c b/lib/packets.c
> index 05aa5c7664..46e2fb323e 100644
> --- a/lib/packets.c
> +++ b/lib/packets.c
> @@ -1149,8 +1149,8 @@ packet_set_ipv4_addr(struct dp_packet *packet,
> }
> }
>
> - if (dp_packet_hwol_l3_ipv4(packet)) {
> - dp_packet_ol_reset_ip_csum_good(packet);
> + if (dp_packet_ip_checksum_valid(packet)) {
> + dp_packet_ip_checksum_set_partial(packet);
> } else {
> nh->ip_csum = recalc_csum32(nh->ip_csum, old_addr, new_addr);
> }
And ouch again.
This triggers a bug with conntrack when natting an "inner" IP packet
embedded in a ICMP error packet.
This is because the conntrack code "fakes" a L3/L4 packets by playing
with l3_ofs and l4_ofs before restoring them.
This was revealed when I tried to mark packets as checksum good in the
extract_l3_ipv4 helper.
--
David Marchand
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
