Prev: pm: Add runtime PM statistics to sysfs
Next: [PATCH] mmc: MMC 4.4 DDR support
From: Herbert Xu on 9 Jul 2010 03:20
On Fri, Jul 09, 2010 at 01:29:13AM +0300, Michael S. Tsirkin wrote:
> This adds a `CHECKSUM' target, which can be used in the iptables mangle
> table.
>
> You can use this target to compute and fill in the checksum in
> an IP packet that lacks a checksum. This is particularly useful,
> if you need to work around old applications such as dhcp clients,
> that do not work well with checksum offloads, but don't want to
> disable checksum offload in your device.
>
> The problem happens in the field with virtualized applications.
> For reference, see Red Hat bz 605555, as well as
> http://www.spinics.net/lists/kvm/msg37660.html
>
> Typical expected use (helps old dhclient binary running in a VM):
> iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
> --checksum-fill
>
> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com>

I'd think that this target would be protocol-agnostic, no?

Cheers,
--
Email: Herbert Xu <herbert(a)gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Jan Engelhardt on 9 Jul 2010 06:00

On Friday 2010-07-09 00:29, Michael S. Tsirkin wrote:
>
> include/linux/netfilter_ipv4/ipt_CHECKSUM.h | 18 +++++++
> net/ipv4/netfilter/Kconfig | 16 ++++++
> net/ipv4/netfilter/Makefile | 1 +
> net/ipv4/netfilter/ipt_CHECKSUM.c | 72 +++++++++++++++++++++++++++

New modules should use xt.

>+static unsigned int
>+checksum_tg(struct sk_buff *skb, const struct xt_action_param *par)
>+{
>+ if (skb->ip_summed == CHECKSUM_PARTIAL) {
>+ skb_checksum_help(skb);
>+ }

- {}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Patrick McHardy on 9 Jul 2010 11:20
Am 09.07.2010 00:29, schrieb Michael S. Tsirkin:
> This adds a `CHECKSUM' target, which can be used in the iptables mangle
> table.
>
> You can use this target to compute and fill in the checksum in
> an IP packet that lacks a checksum. This is particularly useful,
> if you need to work around old applications such as dhcp clients,
> that do not work well with checksum offloads, but don't want to
> disable checksum offload in your device.
>
> The problem happens in the field with virtualized applications.
> For reference, see Red Hat bz 605555, as well as
> http://www.spinics.net/lists/kvm/msg37660.html
>
> Typical expected use (helps old dhclient binary running in a VM):
> iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
> --checksum-fill

I'm not sure this is something we want to merge upstream and
support indefinitely. Dave suggested this as a temporary
out-of-tree workaround until the majority of guest dhcp clients
are fixed. Has anything changed that makes this course of
action impractical?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Jan Engelhardt on 9 Jul 2010 12:30

On Friday 2010-07-09 17:17, Patrick McHardy wrote:
>
>> This adds a `CHECKSUM' target, which can be used in the iptables mangle
>> table.
>>
>> You can use this target to compute and fill in the checksum in
>> an IP packet that lacks a checksum. This is particularly useful,
>> if you need to work around old applications such as dhcp clients,
>> that do not work well with checksum offloads, but don't want to
>> disable checksum offload in your device.
>
>I'm not sure this is something we want to merge upstream and
>support indefinitely.

We could put it into Xtables-addons. That would also be consistent
with Dave's suggestion.

>Dave suggested this as a temporary
>out-of-tree workaround until the majority of guest dhcp clients
>are fixed. Has anything changed that makes this course of
>action impractical?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Patrick McHardy on 9 Jul 2010 12:40
Am 09.07.2010 18:26, schrieb Jan Engelhardt:
>
> On Friday 2010-07-09 17:17, Patrick McHardy wrote:
>>
>>> This adds a `CHECKSUM' target, which can be used in the iptables mangle
>>> table.
>>>
>>> You can use this target to compute and fill in the checksum in
>>> an IP packet that lacks a checksum. This is particularly useful,
>>> if you need to work around old applications such as dhcp clients,
>>> that do not work well with checksum offloads, but don't want to
>>> disable checksum offload in your device.
>>
>> I'm not sure this is something we want to merge upstream and
>> support indefinitely.
>
> We could put it into Xtables-addons. That would also be consistent
> with Dave's suggestion.

Sure, that would be fine with me.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 |  Next  |  Last
Pages: 1 2 3 4
Prev: pm: Add runtime PM statistics to sysfs
Next: [PATCH] mmc: MMC 4.4 DDR support