WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] Fix NAT for domU checksum offload

To: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] Fix NAT for domU checksum offload
From: Jon Mason <jdmason@xxxxxxxxxx>
Date: Fri, 14 Oct 2005 18:16:10 -0500
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 14 Oct 2005 23:14:50 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <A95E2296287EAD4EB592B5DEEFCE0E9D32E3C9@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Mail-followup-to: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
References: <A95E2296287EAD4EB592B5DEEFCE0E9D32E3C9@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.8i
On Sat, Oct 15, 2005 at 12:09:36AM +0100, Ian Pratt wrote:
> > Below is a fix for the current problem of checksum offload 
> > not working in a NAT'ed network.  The cause is the 
> > NAT/iptables code incorrectly modifying the TCP/UDP checksum 
> > (for the checksum offload case).  The original code assumes a 
> > valid checksum, which is not the case for checksum offload 
> > packets (which has a complimented, partial checksum for the 
> > hardware to use).  The fix is to compliment the new address 
> > and not compliment the old address (which is complimented in 
> > the partial checksum), and roll that with the 
> > ip_nat_cheat_check function.
> 
> Thanks for looking into this -- this issue has been nagging away for a
> long time.

Sorry it took me so long.  Hopefully, I can knock out the IPSec one
faster.

> > There are two "versions" of the patch below.  The first 
> > version is a diff to show the actual changes made to the 
> > ip_nat_proto_udp.c and ip_nat_proto_tcp.c file (as it is 
> > difficult/impossible to tell from the second patch).  The 
> > second version is the one to commit to the tree (which 
> > creates 2 new files in the sparse directory).
> 
> Would we be better off committing the first patch to the patches
> directory rather than adding to the sparse tree.

You are right.  Patch to follow.

> Do you think you could send this upstream via davem?

I can send this to DaveM, but it is very Xen specific.  Should we wait
for the big Xen/Linux merge for this, or is he currently going through
the changes?

> [Today has been a good day for vanquishing bugs. We're working on a few
> save/restore fixes and have a list of tools issues, but 32bit isn't in
> too bad shape right now.]
> 
> Ian
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel