On Sun, Apr 21, 2024 at 04:22:32PM +0200, Ismael Luceno wrote: > It was observed in the wild that pairs of consecutive packets would leave > the IPVS with the same wrong checksum, and the issue only went away when > disabling GSO. > > IPVS needs to avoid computing the SCTP checksum when using GSO. I am placing this into the nf.git tree for submission upstream in the next pull request, unless stated otherwise. Thanks. > Fixes: 90017accff61 ("sctp: Add GSO support", 2016-06-02) > Co-developed-by: Firo Yang <firo.yang@xxxxxxxx> > Signed-off-by: Ismael Luceno <iluceno@xxxxxxx> > Tested-by: Andreas Taschner <andreas.taschner@xxxxxxxx> > CC: Michal Kubeček <mkubecek@xxxxxxxx> > CC: Simon Horman <horms@xxxxxxxxxxxx> > CC: Julian Anastasov <ja@xxxxxx> > CC: lvs-devel@xxxxxxxxxxxxxxx > CC: netfilter-devel@xxxxxxxxxxxxxxx > CC: netdev@xxxxxxxxxxxxxxx > CC: coreteam@xxxxxxxxxxxxx > --- > > Notes: > Changes since v1: > * Added skb_is_gso before skb_is_gso_sctp. > * Added "Fixes" tag. > > net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c > index a0921adc31a9..1e689c714127 100644 > --- a/net/netfilter/ipvs/ip_vs_proto_sctp.c > +++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c > @@ -126,7 +126,8 @@ sctp_snat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp, > if (sctph->source != cp->vport || payload_csum || > skb->ip_summed == CHECKSUM_PARTIAL) { > sctph->source = cp->vport; > - sctp_nat_csum(skb, sctph, sctphoff); > + if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb)) > + sctp_nat_csum(skb, sctph, sctphoff); > } else { > skb->ip_summed = CHECKSUM_UNNECESSARY; > } > @@ -174,7 +175,8 @@ sctp_dnat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp, > (skb->ip_summed == CHECKSUM_PARTIAL && > !(skb_dst(skb)->dev->features & NETIF_F_SCTP_CRC))) { > sctph->dest = cp->dport; > - sctp_nat_csum(skb, sctph, sctphoff); > + if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb)) > + sctp_nat_csum(skb, sctph, sctphoff); > } else if (skb->ip_summed != CHECKSUM_PARTIAL) { > skb->ip_summed = CHECKSUM_UNNECESSARY; > } > -- > 2.43.0 > >