| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
I'm using GRE tunnel (transparent Ethernet bridging flavor) over
WireGuard interface to be able to bridge L2 network segments. The
typical protocol chain looks like this IP->GRE->EthernetHeader->IP->UDP.
UDP here is the packet sent from the L2 network segment which is
tunneled using GRE over Wireguard. Indeed, there is a checksum inside
UDP header which is, as a rule, kept partially calculated while packet
travels through network stack and outer protocols are added until the
packet reaches WG device which exposes NETIF_F_HW_CSUM feature meaning
it can handle checksum offload for all protocols.
But the problem here is that skb_checksum_setup called from
encrypt_packet handles only TCP/UDP protocols under top level IP, but in
my case there is a GRE protocol there, so skb_checksum_help is not
called and packet continues its life with unfinished (broken) checksum
and gets encrypted as-is. When such packet is received by other side and
reaches L2 networks it's seen there with a broken checksum inside the
UDP header.
The fact that Wireguard on the receiving side sets skb->ip_summed to
CHECKSUM_UNNECESSARY partially mitigates the problem by telling network
stack on the receiving side that validation of the checksum is not
necessary, so local TCP stack, for example, works fine. But it doesn't
help in situations when packet needs to be forwarded further (sent out
from the box). In this case there is no way we can tell next hop that
checksum verification for this packet is not necessary, we just send it
out with bad checksum and packet gets dropped on the next hop box.
I think the issue of the original code was the wrong usage of
skb_checksum_setup, simply because it's not needed in this case.
Instead, we can just rely on ip_summed skb field to see if partial
checksum needs to be finalized or not. Note that many other drivers in
kernel follow this approach.
In summary:
- skb_checksum_setup can only handle TCP/UDP protocols under top level
IP header, packets with other protocols (like GRE) are sent out by
Wireguard with unfinished partial checksums which causes problems on
receiving side (bad checksums).
- encrypt_packet gets skb prepared by network stack, so there is no need
to setup the checksum from scratch, but just perform hw checksum offload
using software helper skb_checksum_help for packet which explicitly
require it as denoted by CHECKSUM_PARTIAL.
Signed-off-by: Andrejs Hanins <ahanins@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This means we do less computation on encapsulated payloads.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This way other devices that use Android style wakelocks will also have
the same semantics. We also move this logic into the handler so that
it's slightly cleaner and gives us some opportunity to leave a normal
comment.
Suggested-by: Theodore Ts'o <tytso@mit.edu>
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
If struct timer_list has not been setup, it is zeroed, in which case
timer_pending is false, so calling del_timer is safe. Calling del_timer
is also safe on a timer that has already been del_timer'd. And calling
del_timer is safe after a peer is dead, since the whole point of it
being dead is that no more timers are created and all contexts
eventually stop. Finally del_timer uses a lock, which means it's safe to
call it concurrently.
Therefore, we do not need any guards around calls to del_timer. While
we're at it, we can get rid of the old lingering timers_enabled boolean
which wasn't doing anything anyway anymore.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
peer_remove calls sets is_dead to true and calls timers_stop before putting
the last reference, which means whenever timers do actually trigger,
they should only trigger with a reference, and therefore we don't need
the maybe_zero dance. This also narrows the scope of using maybe_zero to
just be lookup structures (the two hashtables and allowedips), which is
what the idiom is actually meant for.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Otherwise if gcc's optimizer is able to look far in but not overly far
in, we wind up with "warning: 'key' may be used uninitialized in this
function [-Wmaybe-uninitialized]".
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This is a significant rearrangement that makes things less clear, to satisfy
a checkpatch.pl requirement.
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This required a bit of pruning of our christmas trees.
Suggested-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
It's not used for anything, and LKML doesn't like the type being used as
an index value.
Suggested-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This will make it so that kernels not having arch/$(SRCARCH)/Kbuild no
longer give any (non-fatal) grep errors such as "grep: arch/arm64/Kbuild:
No such file or directory".
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Commit ad5e4210 (global: rename include'd C files to be .c) breaks
install target for dkms sources. Fix installing selftest/*.c.
Suggested-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Pros: clearer if you're not familiar with the shift idiom, uses kernel
macro.
Cons: doesn't work any more if the lvalue ever ceases to be a bool.
Neutral: generates the same machine code.
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Or, put differently, we don't want to go chasing down random versions of
clang used by XDA users, so we just disable this checking on clang all
together.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Android kernels backported it, complicating things.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This is done by 259 other files in the kernel tree:
linux $ rg '#include.*\.c' -l | wc -l
259
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
