WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] DNAT TCP checksum error

from [jean-luc.voisin] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] DNAT TCP checksum error
From: "jean-luc.voisin" <jean-luc.voisin@xxxxxxxxxxxxxxx>
Date: Sat, 1 Apr 2006 20:15:29 +0200 (CEST)
Cc: xen@xxxxxxxxxxxxxxxxx
Delivery-date: Sat, 01 Apr 2006 18:17:23 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Reply-to: jean-luc.voisin@xxxxxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
oups, mea culpa...

the "ethtool -K eth0 tx off" corrects the problem, but how to solve the problem 
within the kernel ?

Jean-Luc


> Message du 01/04/06 17:26
> De : "jean-luc.voisin" <jean-luc.voisin@xxxxxxxxxxxxxxx>
> A : "Jason" <xen@xxxxxxxxxxxxxxxxx>
> Copie à : xen-users@xxxxxxxxxxxxxxxxxxx
> Objet : Re: [Xen-users] DNAT TCP checksum error
> 
> Thank for your quick answer Jason,
> 
> First of all, note that I'm not a kernel/xen expert, I just try to make my 
> system working for a proof of concept
> I googled a lot before sending this email to the xen list.
> 
> Following your advise, I took a look in  
> /usr/src/linux-2.6.12.6-xen-r3/net/ipv4/netfilter/ and found following files :
> ip_nat_proto_tcp.c
> ip_nat_proto_tcp.c.orig
> ip_nat_proto_udp.c
> ip_nat_proto_udp.c.orig
> 
> These files have been downloaded via the "emerge -av xen-sources" gentoo 
> command, I didn't modify thse files.
> 
> "diff ip_nat_proto_udp.c.orig ip_nat_proto_udp.c" gives :
> 116,117c116,123
> <     if (hdr->check) /* 0 is a special case meaning no checksum */
> <             hdr->check = ip_nat_cheat_check(~oldip, newip,
> ---
> >     
> >     if (hdr->check) { /* 0 is a special case meaning no checksum */
> >             if ((*pskb)->proto_csum_blank) {
> >                     hdr->check = ip_nat_cheat_check(oldip, ~newip, 
> >                                     ip_nat_cheat_check(*portptr ^ 0xFFFF, 
> >                                             newport, hdr->check));
> >             } else {
> >                     hdr->check = ip_nat_cheat_check(~oldip, newip,
> 120a127,128
> >             }
> >     }
> 
> "diff ip_nat_proto_tcp.c.orig ip_nat_proto_tcp.c" gives :
> 131c131,136
> <     hdr->check = ip_nat_cheat_check(~oldip, newip,
> ---
> >     if ((*pskb)->proto_csum_blank) {
> >             hdr->check = ip_nat_cheat_check(oldip, ~newip,
> >                             ip_nat_cheat_check(oldport ^ 0xFFFF,
> >                                     newport, hdr->check));
> >     } else { 
> >             hdr->check = ip_nat_cheat_check(~oldip, newip,
> 134a140
> >     }
> 
> so I assume that the patch is applied. I recompiled both kernel dom0 and 
> domU, but always some behavior.
> I also tried the "ethtool -K eth0 tx off" command without success.
> At this moment, I run out of ideas. 
> 
> Thanks for your help
> 
> Jean-Luc 
> 
> > Message du 31/03/06 17:44
> > De : "Jason" <xen@xxxxxxxxxxxxxxxxx>
> > A : "jean-luc.voisin" <jean-luc.voisin@xxxxxxxxxxxxxxx>
> > Copie à : xen-users@xxxxxxxxxxxxxxxxxxx
> > Objet : Re: [Xen-users] DNAT TCP checksum error
> > 
> > Some of us on the devel list have been talking about this very behaviour.  
> > The patch that you are
> > referencing works very well (at least for me). If that patch wont apply on 
> > its own, it is trivial
> > to edit the file by hand since you are only replacing a single line. Good 
> > luck!
> > 
> > -- 
> > Jason
> > The place where you made your stand never mattered,
> > only that you were there... and still on your feet
> > 
> > On Fri, 31 Mar 2006, jean-luc.voisin wrote:
> > 
> > > Hi all,
> > > I'm running xen on gentoo since few months without problems. I recently 
> > > installed shorewall (firewall) on domU. This domain has 3 network 
> > > interfaces. One (eth1) is connected to internet through a cable modem. 
> > > other are dmz (eth2) and internal network (eth0). I configured shorewall 
> > > to accept and nat http connections from net zone (internet) to my smtp 
> > > gateway in DMZ. These kind of connections doesn't work with xen. I ran 
> > > ethereal on my laptop which simulated http requests from eth1 subnet and 
> > > I found that tcp packets (replies) sent by the firewall have checksums 
> > > errors.
> > > Then I checked in bugzilla and found a patch for a similar bug(447). 
> > > Source code seems to be correct regarding this patch. The linux kernel is 
> > > : linux 2.6.12.6, xen version 3.0.1, gentoo package : 
> > > xen-sources-2.6.12.6-r3 (02 Mar 2006)
> > >
> > > Any ideas ?
> > > Thanks
> > > Jean-Luc
> > 
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
> > 
> > 
> >
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 
> 
>

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] "asm_offsets.h": No such file or directory (trying to boot a SATA device), Íñigo Careaga
Next by Date:  Re: [Xen-users] DNAT TCP checksum error, Javier Guerra
Previous by Thread:  Re: [Xen-users] DNAT TCP checksum error, jean-luc.voisin
Next by Thread:  Re: [Xen-users] DNAT TCP checksum error, Javier Guerra
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy