WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Xen checksumming bug with IPsec ESP packets

from [Nivedita Singhvi] [Permanent Link][Original]
To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Xen checksumming bug with IPsec ESP packets
From: Nivedita Singhvi <nsnix@xxxxxxxxxxx>
Date: Thu, 04 Aug 2005 18:03:18 -0700
Cc: caceres@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxx, "Jonathan M. McCune" <jonmccune@xxxxxxx>, jaegert@xxxxxxxxxx, sailer@xxxxxxxxxx
Delivery-date: Fri, 05 Aug 2005 01:01:44 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <e82174aa4369ea9370eccca5d8b31d71@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <42F0F054.9030003@xxxxxxx> <e82174aa4369ea9370eccca5d8b31d71@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.8 (X11/20041020) 
Keir Fraser wrote:


On 3 Aug 2005, at 17:27, Jonathan M. McCune wrote:
We fixed this by removing the addition of flag NETIF_F_IP_CSUM in drivers/xen/netfront/netfront.c:create_netdev(). I believe this tells the kernel to just always do the checksum in software. Thus, the broken optimization for TCP/UDP packets gets bypassed. 


Permanent Solution:

???

That's why I posted this message... :-)
I suspect the ESP code would need to be made aware of the csum_blank field, and fill in before forwarding. There are doubtless other paths that may need similar tweaks (e.g., NAT IP masquerading is untested I think, although there's a fair chance it'll just work). 

Apart from the above 'proper fix', simple not-so-hacky solutions include:
 * Run 'ethtool -K tx off' in each domU
* Add an option to netback in domain0 to fill in checksums itself if not done by domU. * Allow netback to advertise to domUs whether it accepts non-checksummed packets, and have an option to set this advertisement when you start netback. 

Keir, Jonathan,

I stuck the above in a bugzilla entry (#143) just for better
tracking.  Jonathan, would you be able to test patches?

thanks,
Nivedita

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [PATCH] network -> network-bridge rename WAS: Re: [Xen-devel] RE: help with bugs, Ian Pratt
Next by Date:  Re: [Xen-devel] Xen checksumming bug with IPsec ESP packets, Jonathan M. McCune
Previous by Thread:  Re: [Xen-devel] Xen checksumming bug with IPsec ESP packets, Keir Fraser
Next by Thread:  Re: [Xen-devel] Xen checksumming bug with IPsec ESP packets, Jonathan M. McCune
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy