| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] XEN and ipq_read
On Tue, Apr 27, 2010 at 11:31:33AM +0300, plamen .. wrote:
> Hi all,
>
> I'm using Ubuntu Hardy, Xen version 3.2.1-rc1-pre, Dom0 kernel 2.6.24-27-xen,
> PV DomU kernel 2.6.24-27-xen.
>
> I'm setting DomU as a router having iptables 1.3.8. I put an IDS system Snort
> in inline mode (IPS) on the router, which is configured to retrieve specific
> packets from kernel (iptables ... -j QUEUE and ip_queue module). At first
> snort started to report errors on each received packet. After a little bit of
> debugging and doing a sample application to test ipq_read() I found that raw
> data sent from kernel contains about 24 bytes more than expected. The
> additional bytes are in the meta data structure before the real packet
> content. This breaks raw data parsing. After a little bit of additional
> debugging I noticed that this happens only on Xen DomU VMs. On Dom0 it work
> fine, on other servers not running Xen it works also fine.
>
> Currently I'm about to install rtr DomU as HVM and I think it will work fine,
> but I don't want to leave it like this in production.
>
> Is there any reason in xen kernel to break sending packets from kernel to
> user space through the ip_queue module ? If so is there any way to work
> around this issue ?
>
Did you try disabling all network offloading settings in the domU?
(and if that doesn't help, then also in all interfaces/bridges/vifs on dom0).
Other than that you might want to upgrade your Xen and kernels, they're pretty
old
and known to have problems/bugs.
(Only the kernel versions should affect packet processing though).
-- Pasi
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home