[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[win-pv-devel] Hi, a question about the checksum offload and WinDivert

  • To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Haohao Lee <hayatelee@xxxxxxxxx>
  • Date: Tue, 6 Nov 2018 16:33:38 +0800
  • Delivery-date: Tue, 06 Nov 2018 08:33:54 +0000
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

Hi Xen folks,

I am a Windows application developer. We developed an application which modifies packets and rejects them back into the network stack to do some network proxy transparently.

We achieved this by using WinDivert (https://reqrypt.org/windivert.html) that is a tool/driver allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack.

Our app worked well on physical Windows machines but on Xen virtual machines we encountered a problem.

- Everything works well before we start our app.
- Network traffic is blocked after the app is started, even a single SYN packet couldn't be sent out.

If we disable the checksum offload in Xen Net Driver, everything starts to work again.

Testing Environment:
Xen Virtual Machine: Windows 7 Sp1 x64 with latest updates
Xen Net Driver: Driver version xennet.sys version

I have a couple of questions:
1. Is this a problem of WinDivert driver or Xen Net driver from your perspective?
2. If this belongs to Xen Net driver, does the latest driver fix this?
3. I found many articles on the Internet which teach people to disable checksum offload (and other kinds of offload) for Xen virtual machines, e.g. some tutorials from AWS. Why is this option ON by default if it shouldn't be, or is there any introduction about the context why it is ON by default? I know what TCP/IP checksum is, but in virtual machine context, I have no idea if it is necessary or not.

Any comment or suggestion is appreciated.


win-pv-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.