linux-sctp.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH ipsec] esp: delete NETIF_F_SCTP_CRC bit from features for esp offload
@ 2021-03-19  7:35 Xin Long
  2021-03-23  8:14 ` Steffen Klassert
  0 siblings, 1 reply; 2+ messages in thread
From: Xin Long @ 2021-03-19  7:35 UTC (permalink / raw)
  To: linux-sctp, netdev
  Cc: Marcelo Ricardo Leitner, Steffen Klassert, David S. Miller

Now in esp4/6_gso_segment(), before calling inner proto .gso_segment,
NETIF_F_CSUM_MASK bits are deleted, as HW won't be able to do the
csum for inner proto due to the packet encrypted already.

So the UDP/TCP packet has to do the checksum on its own .gso_segment.
But SCTP is using CRC checksum, and for that NETIF_F_SCTP_CRC should
be deleted to make SCTP do the csum in own .gso_segment as well.

In Xiumei's testing with SCTP over IPsec/veth, the packets are kept
dropping due to the wrong CRC checksum.

Reported-by: Xiumei Mu <xmu@redhat.com>
Fixes: 7862b4058b9f ("esp: Add gso handlers for esp4 and esp6")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 net/ipv4/esp4_offload.c | 6 ++++--
 net/ipv6/esp6_offload.c | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c
index 601f5fb..ed3de48 100644
--- a/net/ipv4/esp4_offload.c
+++ b/net/ipv4/esp4_offload.c
@@ -217,10 +217,12 @@ static struct sk_buff *esp4_gso_segment(struct sk_buff *skb,
 
 	if ((!(skb->dev->gso_partial_features & NETIF_F_HW_ESP) &&
 	     !(features & NETIF_F_HW_ESP)) || x->xso.dev != skb->dev)
-		esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK);
+		esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK |
+					    NETIF_F_SCTP_CRC);
 	else if (!(features & NETIF_F_HW_ESP_TX_CSUM) &&
 		 !(skb->dev->gso_partial_features & NETIF_F_HW_ESP_TX_CSUM))
-		esp_features = features & ~NETIF_F_CSUM_MASK;
+		esp_features = features & ~(NETIF_F_CSUM_MASK |
+					    NETIF_F_SCTP_CRC);
 
 	xo->flags |= XFRM_GSO_SEGMENT;
 
diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c
index 1ca516f..f35203a 100644
--- a/net/ipv6/esp6_offload.c
+++ b/net/ipv6/esp6_offload.c
@@ -254,9 +254,11 @@ static struct sk_buff *esp6_gso_segment(struct sk_buff *skb,
 	skb->encap_hdr_csum = 1;
 
 	if (!(features & NETIF_F_HW_ESP) || x->xso.dev != skb->dev)
-		esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK);
+		esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK |
+					    NETIF_F_SCTP_CRC);
 	else if (!(features & NETIF_F_HW_ESP_TX_CSUM))
-		esp_features = features & ~NETIF_F_CSUM_MASK;
+		esp_features = features & ~(NETIF_F_CSUM_MASK |
+					    NETIF_F_SCTP_CRC);
 
 	xo->flags |= XFRM_GSO_SEGMENT;
 
-- 
2.1.0


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH ipsec] esp: delete NETIF_F_SCTP_CRC bit from features for esp offload
  2021-03-19  7:35 [PATCH ipsec] esp: delete NETIF_F_SCTP_CRC bit from features for esp offload Xin Long
@ 2021-03-23  8:14 ` Steffen Klassert
  0 siblings, 0 replies; 2+ messages in thread
From: Steffen Klassert @ 2021-03-23  8:14 UTC (permalink / raw)
  To: Xin Long; +Cc: linux-sctp, netdev, Marcelo Ricardo Leitner, David S. Miller

On Fri, Mar 19, 2021 at 03:35:07PM +0800, Xin Long wrote:
> Now in esp4/6_gso_segment(), before calling inner proto .gso_segment,
> NETIF_F_CSUM_MASK bits are deleted, as HW won't be able to do the
> csum for inner proto due to the packet encrypted already.
> 
> So the UDP/TCP packet has to do the checksum on its own .gso_segment.
> But SCTP is using CRC checksum, and for that NETIF_F_SCTP_CRC should
> be deleted to make SCTP do the csum in own .gso_segment as well.
> 
> In Xiumei's testing with SCTP over IPsec/veth, the packets are kept
> dropping due to the wrong CRC checksum.
> 
> Reported-by: Xiumei Mu <xmu@redhat.com>
> Fixes: 7862b4058b9f ("esp: Add gso handlers for esp4 and esp6")
> Signed-off-by: Xin Long <lucien.xin@gmail.com>

Applied, thanks Xin!

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-03-23  8:15 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-19  7:35 [PATCH ipsec] esp: delete NETIF_F_SCTP_CRC bit from features for esp offload Xin Long
2021-03-23  8:14 ` Steffen Klassert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).