[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] DNAT TCP checksum error

oups, mea culpa...

the "ethtool -K eth0 tx off" corrects the problem, but how to solve the problem 
within the kernel ?

Jean-Luc


> Message du 01/04/06 17:26
> De : "jean-luc.voisin" <jean-luc.voisin@xxxxxxxxxxxxxxx>
> A : "Jason" <xen@xxxxxxxxxxxxxxxxx>
> Copie à : xen-users@xxxxxxxxxxxxxxxxxxx
> Objet : Re: [Xen-users] DNAT TCP checksum error
> 
> Thank for your quick answer Jason,
> 
> First of all, note that I'm not a kernel/xen expert, I just try to make my 
> system working for a proof of concept
> I googled a lot before sending this email to the xen list.
> 
> Following your advise, I took a look in  
> /usr/src/linux-2.6.12.6-xen-r3/net/ipv4/netfilter/ and found following files :
> ip_nat_proto_tcp.c
> ip_nat_proto_tcp.c.orig
> ip_nat_proto_udp.c
> ip_nat_proto_udp.c.orig
> 
> These files have been downloaded via the "emerge -av xen-sources" gentoo 
> command, I didn't modify thse files.
> 
> "diff ip_nat_proto_udp.c.orig ip_nat_proto_udp.c" gives :
> 116,117c116,123
> <     if (hdr->check) /* 0 is a special case meaning no checksum */
> <             hdr->check = ip_nat_cheat_check(~oldip, newip,
> ---
> >     
> >     if (hdr->check) { /* 0 is a special case meaning no checksum */
> >             if ((*pskb)->proto_csum_blank) {
> >                     hdr->check = ip_nat_cheat_check(oldip, ~newip, 
> >                                     ip_nat_cheat_check(*portptr ^ 0xFFFF, 
> >                                             newport, hdr->check));
> >             } else {
> >                     hdr->check = ip_nat_cheat_check(~oldip, newip,
> 120a127,128
> >             }
> >     }
> 
> "diff ip_nat_proto_tcp.c.orig ip_nat_proto_tcp.c" gives :
> 131c131,136
> <     hdr->check = ip_nat_cheat_check(~oldip, newip,
> ---
> >     if ((*pskb)->proto_csum_blank) {
> >             hdr->check = ip_nat_cheat_check(oldip, ~newip,
> >                             ip_nat_cheat_check(oldport ^ 0xFFFF,
> >                                     newport, hdr->check));
> >     } else { 
> >             hdr->check = ip_nat_cheat_check(~oldip, newip,
> 134a140
> >     }
> 
> so I assume that the patch is applied. I recompiled both kernel dom0 and 
> domU, but always some behavior.
> I also tried the "ethtool -K eth0 tx off" command without success.
> At this moment, I run out of ideas. 
> 
> Thanks for your help
> 
> Jean-Luc 
> 
> > Message du 31/03/06 17:44
> > De : "Jason" <xen@xxxxxxxxxxxxxxxxx>
> > A : "jean-luc.voisin" <jean-luc.voisin@xxxxxxxxxxxxxxx>
> > Copie à : xen-users@xxxxxxxxxxxxxxxxxxx
> > Objet : Re: [Xen-users] DNAT TCP checksum error
> > 
> > Some of us on the devel list have been talking about this very behaviour.  
> > The patch that you are
> > referencing works very well (at least for me). If that patch wont apply on 
> > its own, it is trivial
> > to edit the file by hand since you are only replacing a single line. Good 
> > luck!
> > 
> > -- 
> > Jason
> > The place where you made your stand never mattered,
> > only that you were there... and still on your feet
> > 
> > On Fri, 31 Mar 2006, jean-luc.voisin wrote:
> > 
> > > Hi all,
> > > I'm running xen on gentoo since few months without problems. I recently 
> > > installed shorewall (firewall) on domU. This domain has 3 network 
> > > interfaces. One (eth1) is connected to internet through a cable modem. 
> > > other are dmz (eth2) and internal network (eth0). I configured shorewall 
> > > to accept and nat http connections from net zone (internet) to my smtp 
> > > gateway in DMZ. These kind of connections doesn't work with xen. I ran 
> > > ethereal on my laptop which simulated http requests from eth1 subnet and 
> > > I found that tcp packets (replies) sent by the firewall have checksums 
> > > errors.
> > > Then I checked in bugzilla and found a patch for a similar bug(447). 
> > > Source code seems to be correct regarding this patch. The linux kernel is 
> > > : linux 2.6.12.6, xen version 3.0.1, gentoo package : 
> > > xen-sources-2.6.12.6-r3 (02 Mar 2006)
> > >
> > > Any ideas ?
> > > Thanks
> > > Jean-Luc
> > 
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
> > 
> > 
> >
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 
> 
>

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.