This fixes an endianness bug in sys/netinet/ip_reass_test. Just use the code from RFC 1071.
Details
kyua test ip_reass_test
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
It seems this bug shows only after D57518 because, before that change, the loopback interface with IFCAP_RXCSUM enabled just told IP for each packet that the checksum has been checked and is valid. After that change, the loopback interface does not pretend that anymore, and IP validates the checksum.
This fix looks good to me.
Thanks! Stupid question: how did that happen that after Timo's change the loopback actually does check checksums?
Cause we actually plan in the opposite direction: packets known to be valid (never went over a wire) shall not be checked.
It is not the loopback that does checksum validation. It has never validated the checksum.
Before my change (D57518), loopback lied. For each packet, loopback just indicated that it has validated the checksum and that the checksum is correct. In consequence, IP skipped checksum validation.
In general, this kind of lying for a packet received is problematic. If the packet is not for the host and the host sends it out (e.g., due to IP routing), the packet goes on the wire without a valid checksum.
When using loopback, the checksum does not need to be computed at all. If IP sends a packet, it uses transmit checksum offloading (for IP, by setting the CSUM_IP flag), and loopback leaves the offloading flags set. When IP receives a packet with CSUM_IP set, it skips validation.
For the test, BPF is used. It could set CSUM_IP when creating the mbuf. However, I've never used BPF and don't know if that's a good idea.
I still can't understand :(
It is not the loopback that does checksum validation. It has never validated the checksum.
Before my change (D57518), loopback lied. For each packet, loopback just indicated that it has validated the checksum and that the checksum is correct. In consequence, IP skipped checksum validation.
In general, this kind of lying for a packet received is problematic. If the packet is not for the host and the host sends it out (e.g., due to IP routing), the packet goes on the wire without a valid checksum.
How is it possible that a packet received on loopback would go outside? I can imagine only policy routing by ipfw/pf.
When using loopback, the checksum does not need to be computed at all. If IP sends a packet, it uses transmit checksum offloading (for IP, by setting the CSUM_IP flag), and loopback leaves the offloading flags set. When IP receives a packet with CSUM_IP set, it skips validation.
For the test, BPF is used. It could set CSUM_IP when creating the mbuf. However, I've never used BPF and don't know if that's a good idea.
Definitely not a correct idea in general! The bpf is supposed to send on the wire exactly what application has written.
It's hard to imagine a use case with loopback but vtnet, for example, did this kind of lying too. It did set checksum validated and checksum correct when it received a packet with transmit checksum offloading flag set. So, if a VM that uses vtnet received a packet with transmit checksum offloading flag set, it set the flags checksum validated and checksum correct. If that VM does IP routing and the host sends that packet out, it would be on the wire with an incorrect checksum. This was fixed by D51686.
The tap interface is another example. It still does this kind of lying because it uses an old version of the vtnet implementation. This is what D57299 fixes.
This is what I meant with In general. Even though, for loopback, this kind of lying is an issue only in a very special case, I don't think pretending something that hasn't been done is a good way. Here, it hides a bug.
When using loopback, the checksum does not need to be computed at all. If IP sends a packet, it uses transmit checksum offloading (for IP, by setting the CSUM_IP flag), and loopback leaves the offloading flags set. When IP receives a packet with CSUM_IP set, it skips validation.
For the test, BPF is used. It could set CSUM_IP when creating the mbuf. However, I've never used BPF and don't know if that's a good idea.Definitely not a correct idea in general! The bpf is supposed to send on the wire exactly what application has written.