[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] UDP checksums broken in Dom0 -> DomU vif transfer



On Tue, 2011-12-20 at 09:43 +0000, Jean Guyader wrote:
> On 20 December 2011 10:37, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> > The issue is that dom0 does checksum offload which means the checksum is
> > not valid on the domU end, although we know the packet is intact because
> > it never hit the wire.
> >
> > The network stack deals with this because skb->ip_summed is set
> > appropriately but when e.g. raw sockets are used it can ends up exposing
> > getting exposed to userspace.
> >
> > We don't want to do the checksum by default since there are performance
> > gains from avoiding it in the general case. Note that "tx off" turns of
> > TCP and UDP checksum offload.
> >
> > It's not clear where the bug is here, it could be a bug in dhclinet for
> > dropping the packet or perhaps this is something that raw socket driver
> > should be correcting (based on ip_summed) as the packet passes through
> > to userspace?
> >
> > I'm not sure but this might impact native hardware too -- depends on the
> > H/W's handling of the checksum field on RX, you'd hope they mostly just
> > leave it alone, but I'm not sure how e.g. LRO/GRO effects things?
> >
> 
> I've seen this issue in the past. I belive the bug is in dhclient.
> dhclient checks the checksum on the packets and drop them if it's wrong.

Indeed, googling around a bit shows that this dhclient bug affects more
than just Xen, e.g. virtio and even some native hardware appear to be
effected.

http://marc.info/?l=kvm&m=121882968407525&w=2
https://qa.mandriva.com/show_bug.cgi?id=63320
https://bugs.mageia.org/show_bug.cgi?id=1243
http://pkgs.fedoraproject.org/gitweb/?p=dhcp.git;a=blob_plain;f=dhcp-4.2.2-xen-checksum.patch;hb=HEAD

The OP didn't say what distro or version of dhclient he was using but I
think the right place to report this would be to the distro since it
appears to be using an out of date dhclient. In the meantime disabling
offload seems like a reasonable local workaround but it is not a fix we
should apply by default.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.