From f4f4d2f5cc6a75b88c5e650606c7257b84ef10e4 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 26 Feb 2016 08:01:53 +0100
Subject: [PATCH] =?utf8?q?fix=20#896:=20veth:=20don=E2=80=99t=20modify=20i?=
 =?utf8?q?p=5Fsummed?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 Makefile                           |  2 +
 changelog.Debian                   |  2 +
 veth-do-not-modify-ip_summed.patch | 73 ++++++++++++++++++++++++++++++
 3 files changed, 77 insertions(+)
 create mode 100644 veth-do-not-modify-ip_summed.patch

diff --git a/Makefile b/Makefile
index 51ec8af..98df3ed 100644
--- a/Makefile
+++ b/Makefile
@@ -193,6 +193,8 @@ ${KERNEL_SRC}/README: ${KERNEL_SRC}.org/README
 	cp ${KERNEL_SRC}/drivers/vhost/scsi.c ${KERNEL_SRC}/drivers/vhost/scsi.c.backup	
 	# vhost-scsi compile fixes
 	cd ${KERNEL_SRC}; patch -p1 <../vhost-scsi-fixes.patch
+	# fix veth checksum errors
+	cd ${KERNEL_SRC}; patch -p1 <../veth-do-not-modify-ip_summed.patch
 	sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
 	touch $@
 
diff --git a/changelog.Debian b/changelog.Debian
index 7e32b8f..947701b 100644
--- a/changelog.Debian
+++ b/changelog.Debian
@@ -3,6 +3,8 @@ pve-kernel-3.10.0 (3.10.0-44) unstable; urgency=low
   * update to kernel-3.10.0-327.10.1.el7.src.rpm
   
   * bump api version to 17-pve
+  
+  * fix #896: veth: donât modify ip_summed
 
  -- Proxmox Support Team <support@proxmox.com>  Thu, 25 Feb 2016 17:17:43 +0100
 
diff --git a/veth-do-not-modify-ip_summed.patch b/veth-do-not-modify-ip_summed.patch
new file mode 100644
index 0000000..adf67df
--- /dev/null
+++ b/veth-do-not-modify-ip_summed.patch
@@ -0,0 +1,73 @@
+From ce8c839b74e3017996fad4e1b7ba2e2625ede82f Mon Sep 17 00:00:00 2001
+From: Vijay Pandurangan <vijayp@vijayp.ca>
+Date: Fri, 18 Dec 2015 14:34:59 -0500
+Subject: =?UTF-8?q?veth:=20don=E2=80=99t=20modify=20ip=5Fsummed;=20doing?=
+ =?UTF-8?q?=20so=20treats=20packets=20with=20bad=20checksums=20as=20good.?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Packets that arrive from real hardware devices have ip_summed ==
+CHECKSUM_UNNECESSARY if the hardware verified the checksums, or
+CHECKSUM_NONE if the packet is bad or it was unable to verify it. The
+current version of veth will replace CHECKSUM_NONE with
+CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to
+a veth device to be delivered to the application. This caused applications
+at Twitter to receive corrupt data when network hardware was corrupting
+packets.
+
+We believe this was added as an optimization to skip computing and
+verifying checksums for communication between containers. However, locally
+generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as
+written does nothing for them. As far as we can tell, after removing this
+code, these packets are transmitted from one stack to another unmodified
+(tcpdump shows invalid checksums on both sides, as expected), and they are
+delivered correctly to applications. We didnât test every possible network
+configuration, but we tried a few common ones such as bridging containers,
+using NAT between the host and a container, and routing from hardware
+devices to containers. We have effectively deployed this in production at
+Twitter (by disabling RX checksum offloading on veth devices).
+
+This code dates back to the first version of the driver, commit
+<e314dbdc1c0dc6a548ecf> ("[NET]: Virtual ethernet device driver"), so I
+suspect this bug occurred mostly because the driver API has evolved
+significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix
+packet checksumming") (in December 2010) fixed this for packets that get
+created locally and sent to hardware devices, by not changing
+CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming
+in from hardware devices.
+
+Co-authored-by: Evan Jones <ej@evanjones.ca>
+Signed-off-by: Evan Jones <ej@evanjones.ca>
+Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+Cc: Phil Sutter <phil@nwl.cc>
+Cc: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
+Cc: netdev@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Vijay Pandurangan <vijayp@vijayp.ca>
+Acked-by: Cong Wang <cwang@twopensource.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ drivers/net/veth.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/drivers/net/veth.c b/drivers/net/veth.c
+index 0ef4a5a..ba21d07 100644
+--- a/drivers/net/veth.c
++++ b/drivers/net/veth.c
+@@ -117,12 +117,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
+ 		kfree_skb(skb);
+ 		goto drop;
+ 	}
+-	/* don't change ip_summed == CHECKSUM_PARTIAL, as that
+-	 * will cause bad checksum on forwarded packets
+-	 */
+-	if (skb->ip_summed == CHECKSUM_NONE &&
+-	    rcv->features & NETIF_F_RXCSUM)
+-		skb->ip_summed = CHECKSUM_UNNECESSARY;
+ 
+ 	if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
+ 		struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats);
+-- 
+cgit v0.12
+
-- 
2.39.2