[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] UDP checksums broken in Dom0 -> DomU vif transfer

On Tue, 2011-12-20 at 09:43 +0000, Jean Guyader wrote:
> On 20 December 2011 10:37, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> > The issue is that dom0 does checksum offload which means the checksum is
> > not valid on the domU end, although we know the packet is intact because
> > it never hit the wire.
> >
> > The network stack deals with this because skb->ip_summed is set
> > appropriately but when e.g. raw sockets are used it can ends up exposing
> > getting exposed to userspace.
> >
> > We don't want to do the checksum by default since there are performance
> > gains from avoiding it in the general case. Note that "tx off" turns of
> > TCP and UDP checksum offload.
> >
> > It's not clear where the bug is here, it could be a bug in dhclinet for
> > dropping the packet or perhaps this is something that raw socket driver
> > should be correcting (based on ip_summed) as the packet passes through
> > to userspace?
> >
> > I'm not sure but this might impact native hardware too -- depends on the
> > H/W's handling of the checksum field on RX, you'd hope they mostly just
> > leave it alone, but I'm not sure how e.g. LRO/GRO effects things?
> >
> I've seen this issue in the past. I belive the bug is in dhclient.
> dhclient checks the checksum on the packets and drop them if it's wrong.

Indeed, googling around a bit shows that this dhclient bug affects more
than just Xen, e.g. virtio and even some native hardware appear to be


The OP didn't say what distro or version of dhclient he was using but I
think the right place to report this would be to the distro since it
appears to be using an out of date dhclient. In the meantime disabling
offload seems like a reasonable local workaround but it is not a fix we
should apply by default.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.