Ethernet Products
Determine ramifications of Intel® Ethernet products and technologies
5374 Discussions

[ice] `rx_errros` is too sensitive to IP/TCP attack packets (Intel E810-XXVDA4)

Shiu202050
Beginner
109 Views

When using Intel E810-XXVDA4, there is an issue where rx_errors easily increases due to attack packets.

 

After some investigation, I found that the E810 controller counts the checksum errors separately for each layer, with separate counters.

See
- Intel ® Ethernet Controller E810 Datasheet
   
- https://www.intel.co.jp/content/www/jp/ja/content-details/613875/intel-ethernet-controller-e810-datasheet.html

         - 7.6.3.1 Status/Error.0 Field
         - 7.6.3.2 Status/Error.1 Field

 

On the other hand, the 'ice' driver aggregated the checksum errors from all network layers into 'hw_csum_rx_error'.

See
- https://github.com/torvalds/linux/blob/v6.13/drivers/net/ethernet/intel/ice/ice_txrx_lib.c#L122-L150

 

At last, 'hw_csum_rx_error' is added to 'rx_errors'.

See
- https://github.com/torvalds/linux/blob/v6.13/drivers/net/ethernet/intel/ice/ice_main.c#L6976-L6990

 

Normally, a broken NIC can be identified by an increment in the 'rx_length_errors' value.

However, it can be a problem if there is a slight contact failure (such as compatibility issues between GIGABYTE servers and Intel genuine NICs).

In this case, only the checksum error counter will increase, making it impossible to distinguish between a poor connection and an attack packet.

This causes problems in hardware monitoring operations.

 

Is it possible to separate the IP/TCP bad checksum counters from 'rx_errors' in the 'ice' driver implementation?

 

0 Kudos
0 Replies
Reply