On Tue, Jul 2, 2019 at 12:17 PM He Zhe <zhe...@windriver.com> wrote: > > > > On 7/2/19 9:16 PM, He Zhe wrote: > > > > On 7/2/19 9:04 PM, Bruce Ashfield wrote: > >> On Tue, Jul 2, 2019 at 4:54 AM <zhe...@windriver.com> wrote: > >>> From: He Zhe <zhe...@windriver.com> > >>> > >>> The patch has already been applied on the tree. This would trigger > >>> re-application when features/net/net.scc included. > >> Nothing should be including net.scc directly from a KERNEL_FEATURES. > >> It is a patch + config block. > >> So we won't be reverting this. Whatever is triggering that extra > >> patching is using the wrong feature > >> fragment. > >> > >> How exactly are you triggering the issue ? > > I'm triggering the issue from features/net/team/team.scc which includes > > net.scc. > > Would team.scc be considered an acceptable usage?
Possibly. But since there's no description in the .scc file, it is hard to say :D But going by the git history, it is possible that it is useful as an optional feature. In situations such as this, we break the included .scc file into an "-enable" and a "config" variant. team.scc should include the config variant, leaving the standard/base, and BSPs to include the full .scc which is both patches and the config. Bruce > > Thanks, > Zhe > > > > > Zhe > > > >> Bruce > >> > >>> This reverts commit b5776165c9d346c30356b9d95debd69588d58323. > >>> --- > >>> features/net/net.scc | 1 - > >>> ...Fix-remainder-of-pseudo-header-protocol-0.patch | 92 > >>> ---------------------- > >>> 2 files changed, 93 deletions(-) > >>> delete mode 100644 > >>> features/net/netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch > >>> > >>> diff --git a/features/net/net.scc b/features/net/net.scc > >>> index 722b320..4a4e0fb 100644 > >>> --- a/features/net/net.scc > >>> +++ b/features/net/net.scc > >>> @@ -1,3 +1,2 @@ > >>> > >>> kconf hardware net.cfg > >>> -patch netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch > >>> diff --git > >>> a/features/net/netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch > >>> b/features/net/netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch > >>> deleted file mode 100644 > >>> index d1fdbf9..0000000 > >>> --- > >>> a/features/net/netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch > >>> +++ /dev/null > >>> @@ -1,92 +0,0 @@ > >>> -From b383959122e464ccdc21f6b37af88152d29cdf95 Mon Sep 17 00:00:00 2001 > >>> -From: He Zhe <zhe...@windriver.com> > >>> -Date: Tue, 25 Jun 2019 18:15:50 +0800 > >>> -Subject: [PATCH] netfilter: Fix remainder of pseudo-header protocol 0 > >>> -MIME-Version: 1.0 > >>> -Content-Type: text/plain; charset=UTF-8 > >>> -Content-Transfer-Encoding: 8bit > >>> - > >>> -Since v5.1-rc1, some types of packets do not get unreachable reply with > >>> the > >>> -following iptables setting. Fox example, > >>> - > >>> -$ iptables -A INPUT -p icmp --icmp-type 8 -j REJECT > >>> -$ ping 127.0.0.1 -c 1 > >>> -PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. > >>> -— 127.0.0.1 ping statistics — > >>> -1 packets transmitted, 0 received, 100% packet loss, time 0ms > >>> - > >>> -We should have got the following reply from command line, but we did not. > >>> -From 127.0.0.1 icmp_seq=1 Destination Port Unreachable > >>> - > >>> -Yi Zhao reported it and narrowed it down to: > >>> -7fc38225363d ("netfilter: reject: skip csum verification for protocols > >>> that don't support it"), > >>> - > >>> -This is because nf_ip_checksum still expects pseudo-header protocol type > >>> 0 for > >>> -packets that are of neither TCP or UDP, and thus ICMP packets are > >>> mistakenly > >>> -treated as TCP/UDP. > >>> - > >>> -This patch corrects the conditions in nf_ip_checksum and all other > >>> places that > >>> -still call it with protocol 0. > >>> - > >>> -Fixes: 7fc38225363d ("netfilter: reject: skip csum verification for > >>> protocols that don't support it") > >>> -Reported-by: Yi Zhao <yi.z...@windriver.com> > >>> -Signed-off-by: He Zhe <zhe...@windriver.com> > >>> -Signed-off-by: Bruce Ashfield <bruce.ashfi...@gmail.com> > >>> ---- > >>> - net/netfilter/nf_conntrack_proto_icmp.c | 2 +- > >>> - net/netfilter/nf_nat_proto.c | 2 +- > >>> - net/netfilter/utils.c | 5 +++-- > >>> - 3 files changed, 5 insertions(+), 4 deletions(-) > >>> - > >>> -diff --git a/net/netfilter/nf_conntrack_proto_icmp.c > >>> b/net/netfilter/nf_conntrack_proto_icmp.c > >>> -index a824367ed518..dd53e2b20f6b 100644 > >>> ---- a/net/netfilter/nf_conntrack_proto_icmp.c > >>> -+++ b/net/netfilter/nf_conntrack_proto_icmp.c > >>> -@@ -218,7 +218,7 @@ int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, > >>> - /* See ip_conntrack_proto_tcp.c */ > >>> - if (state->net->ct.sysctl_checksum && > >>> - state->hook == NF_INET_PRE_ROUTING && > >>> -- nf_ip_checksum(skb, state->hook, dataoff, 0)) { > >>> -+ nf_ip_checksum(skb, state->hook, dataoff, IPPROTO_ICMP)) { > >>> - icmp_error_log(skb, state, "bad hw icmp checksum"); > >>> - return -NF_ACCEPT; > >>> - } > >>> -diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c > >>> -index 07da07788f6b..83a24cc5753b 100644 > >>> ---- a/net/netfilter/nf_nat_proto.c > >>> -+++ b/net/netfilter/nf_nat_proto.c > >>> -@@ -564,7 +564,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff > >>> *skb, > >>> - > >>> - if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) > >>> - return 0; > >>> -- if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) > >>> -+ if (nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_ICMP)) > >>> - return 0; > >>> - > >>> - inside = (void *)skb->data + hdrlen; > >>> -diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c > >>> -index 06dc55590441..51b454d8fa9c 100644 > >>> ---- a/net/netfilter/utils.c > >>> -+++ b/net/netfilter/utils.c > >>> -@@ -17,7 +17,8 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned > >>> int hook, > >>> - case CHECKSUM_COMPLETE: > >>> - if (hook != NF_INET_PRE_ROUTING && hook != > >>> NF_INET_LOCAL_IN) > >>> - break; > >>> -- if ((protocol == 0 && !csum_fold(skb->csum)) || > >>> -+ if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP && > >>> -+ !csum_fold(skb->csum)) || > >>> - !csum_tcpudp_magic(iph->saddr, iph->daddr, > >>> - skb->len - dataoff, protocol, > >>> - skb->csum)) { > >>> -@@ -26,7 +27,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned > >>> int hook, > >>> - } > >>> - /* fall through */ > >>> - case CHECKSUM_NONE: > >>> -- if (protocol == 0) > >>> -+ if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) > >>> - skb->csum = 0; > >>> - else > >>> - skb->csum = csum_tcpudp_nofold(iph->saddr, > >>> iph->daddr, > >>> --- > >>> -2.19.1 > >>> - > >>> -- > >>> 2.7.4 > >>> > >> -- > >> - Thou shalt not follow the NULL pointer, for chaos and madness await > >> thee at its end > >> - "Use the force Harry" - Gandalf, Star Trek II > >> > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II -- _______________________________________________ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto