On Tue, Jul 2, 2019 at 12:17 PM He Zhe <zhe...@windriver.com> wrote:
>
>
>
> On 7/2/19 9:16 PM, He Zhe wrote:
> >
> > On 7/2/19 9:04 PM, Bruce Ashfield wrote:
> >> On Tue, Jul 2, 2019 at 4:54 AM <zhe...@windriver.com> wrote:
> >>> From: He Zhe <zhe...@windriver.com>
> >>>
> >>> The patch has already been applied on the tree. This would trigger
> >>> re-application when features/net/net.scc included.
> >> Nothing should be including net.scc directly from a KERNEL_FEATURES.
> >> It is a patch + config block.
> >> So we won't be reverting this. Whatever is triggering that extra
> >> patching is using the wrong feature
> >> fragment.
> >>
> >> How exactly are you triggering the issue ?
> > I'm triggering the issue from features/net/team/team.scc which includes
> > net.scc.
>
> Would team.scc be considered an acceptable usage?
Possibly.
But since there's no description in the .scc file, it is hard to say
:D But going by the git history, it is possible that it is useful as
an optional feature.
In situations such as this, we break the included .scc file into an
"-enable" and a "config" variant. team.scc should include the config
variant, leaving the standard/base, and BSPs to include the full .scc
which is both patches and the config.
Bruce
>
> Thanks,
> Zhe
>
> >
> > Zhe
> >
> >> Bruce
> >>
> >>> This reverts commit b5776165c9d346c30356b9d95debd69588d58323.
> >>> ---
> >>> features/net/net.scc | 1 -
> >>> ...Fix-remainder-of-pseudo-header-protocol-0.patch | 92
> >>> ----------------------
> >>> 2 files changed, 93 deletions(-)
> >>> delete mode 100644
> >>> features/net/netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch
> >>>
> >>> diff --git a/features/net/net.scc b/features/net/net.scc
> >>> index 722b320..4a4e0fb 100644
> >>> --- a/features/net/net.scc
> >>> +++ b/features/net/net.scc
> >>> @@ -1,3 +1,2 @@
> >>>
> >>> kconf hardware net.cfg
> >>> -patch netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch
> >>> diff --git
> >>> a/features/net/netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch
> >>> b/features/net/netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch
> >>> deleted file mode 100644
> >>> index d1fdbf9..0000000
> >>> ---
> >>> a/features/net/netfilter-Fix-remainder-of-pseudo-header-protocol-0.patch
> >>> +++ /dev/null
> >>> @@ -1,92 +0,0 @@
> >>> -From b383959122e464ccdc21f6b37af88152d29cdf95 Mon Sep 17 00:00:00 2001
> >>> -From: He Zhe <zhe...@windriver.com>
> >>> -Date: Tue, 25 Jun 2019 18:15:50 +0800
> >>> -Subject: [PATCH] netfilter: Fix remainder of pseudo-header protocol 0
> >>> -MIME-Version: 1.0
> >>> -Content-Type: text/plain; charset=UTF-8
> >>> -Content-Transfer-Encoding: 8bit
> >>> -
> >>> -Since v5.1-rc1, some types of packets do not get unreachable reply with
> >>> the
> >>> -following iptables setting. Fox example,
> >>> -
> >>> -$ iptables -A INPUT -p icmp --icmp-type 8 -j REJECT
> >>> -$ ping 127.0.0.1 -c 1
> >>> -PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
> >>> -— 127.0.0.1 ping statistics —
> >>> -1 packets transmitted, 0 received, 100% packet loss, time 0ms
> >>> -
> >>> -We should have got the following reply from command line, but we did not.
> >>> -From 127.0.0.1 icmp_seq=1 Destination Port Unreachable
> >>> -
> >>> -Yi Zhao reported it and narrowed it down to:
> >>> -7fc38225363d ("netfilter: reject: skip csum verification for protocols
> >>> that don't support it"),
> >>> -
> >>> -This is because nf_ip_checksum still expects pseudo-header protocol type
> >>> 0 for
> >>> -packets that are of neither TCP or UDP, and thus ICMP packets are
> >>> mistakenly
> >>> -treated as TCP/UDP.
> >>> -
> >>> -This patch corrects the conditions in nf_ip_checksum and all other
> >>> places that
> >>> -still call it with protocol 0.
> >>> -
> >>> -Fixes: 7fc38225363d ("netfilter: reject: skip csum verification for
> >>> protocols that don't support it")
> >>> -Reported-by: Yi Zhao <yi.z...@windriver.com>
> >>> -Signed-off-by: He Zhe <zhe...@windriver.com>
> >>> -Signed-off-by: Bruce Ashfield <bruce.ashfi...@gmail.com>
> >>> ----
> >>> - net/netfilter/nf_conntrack_proto_icmp.c | 2 +-
> >>> - net/netfilter/nf_nat_proto.c | 2 +-
> >>> - net/netfilter/utils.c | 5 +++--
> >>> - 3 files changed, 5 insertions(+), 4 deletions(-)
> >>> -
> >>> -diff --git a/net/netfilter/nf_conntrack_proto_icmp.c
> >>> b/net/netfilter/nf_conntrack_proto_icmp.c
> >>> -index a824367ed518..dd53e2b20f6b 100644
> >>> ---- a/net/netfilter/nf_conntrack_proto_icmp.c
> >>> -+++ b/net/netfilter/nf_conntrack_proto_icmp.c
> >>> -@@ -218,7 +218,7 @@ int nf_conntrack_icmpv4_error(struct nf_conn *tmpl,
> >>> - /* See ip_conntrack_proto_tcp.c */
> >>> - if (state->net->ct.sysctl_checksum &&
> >>> - state->hook == NF_INET_PRE_ROUTING &&
> >>> -- nf_ip_checksum(skb, state->hook, dataoff, 0)) {
> >>> -+ nf_ip_checksum(skb, state->hook, dataoff, IPPROTO_ICMP)) {
> >>> - icmp_error_log(skb, state, "bad hw icmp checksum");
> >>> - return -NF_ACCEPT;
> >>> - }
> >>> -diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c
> >>> -index 07da07788f6b..83a24cc5753b 100644
> >>> ---- a/net/netfilter/nf_nat_proto.c
> >>> -+++ b/net/netfilter/nf_nat_proto.c
> >>> -@@ -564,7 +564,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff
> >>> *skb,
> >>> -
> >>> - if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
> >>> - return 0;
> >>> -- if (nf_ip_checksum(skb, hooknum, hdrlen, 0))
> >>> -+ if (nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_ICMP))
> >>> - return 0;
> >>> -
> >>> - inside = (void *)skb->data + hdrlen;
> >>> -diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c
> >>> -index 06dc55590441..51b454d8fa9c 100644
> >>> ---- a/net/netfilter/utils.c
> >>> -+++ b/net/netfilter/utils.c
> >>> -@@ -17,7 +17,8 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned
> >>> int hook,
> >>> - case CHECKSUM_COMPLETE:
> >>> - if (hook != NF_INET_PRE_ROUTING && hook !=
> >>> NF_INET_LOCAL_IN)
> >>> - break;
> >>> -- if ((protocol == 0 && !csum_fold(skb->csum)) ||
> >>> -+ if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP &&
> >>> -+ !csum_fold(skb->csum)) ||
> >>> - !csum_tcpudp_magic(iph->saddr, iph->daddr,
> >>> - skb->len - dataoff, protocol,
> >>> - skb->csum)) {
> >>> -@@ -26,7 +27,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned
> >>> int hook,
> >>> - }
> >>> - /* fall through */
> >>> - case CHECKSUM_NONE:
> >>> -- if (protocol == 0)
> >>> -+ if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP)
> >>> - skb->csum = 0;
> >>> - else
> >>> - skb->csum = csum_tcpudp_nofold(iph->saddr,
> >>> iph->daddr,
> >>> ---
> >>> -2.19.1
> >>> -
> >>> --
> >>> 2.7.4
> >>>
> >> --
> >> - Thou shalt not follow the NULL pointer, for chaos and madness await
> >> thee at its end
> >> - "Use the force Harry" - Gandalf, Star Trek II
> >>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
--
_______________________________________________
linux-yocto mailing list
linux-yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/linux-yocto
