Xen project Mailing List

Re: [win-pv-devel] Hi, a question about the checksum offload and WinDivert

To: 'Haohao Lee' <hayatelee@xxxxxxxxx>, "win-pv-devel@xxxxxxxxxxxxxxxxxxxx" <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>

From: Paul Durrant <Paul.Durrant@xxxxxxxxxx>

Date: Tue, 6 Nov 2018 11:06:30 +0000

Accept-language: en-GB, en-US

Delivery-date: Tue, 06 Nov 2018 11:06:37 +0000

List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

Thread-index: AQHUdat9G2WPL2aKIEqbPQ4FNX+EHKVCk0Jw

Thread-topic: [win-pv-devel] Hi, a question about the checksum offload and WinDivert

De-htmling... My responses indented: --- From: win-pv-devel [mailto:win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Haohao Lee Sent: 06 November 2018 08:34 To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx Subject: [win-pv-devel] Hi, a question about the checksum offload and WinDivert Hi Xen folks, Background: I am a Windows application developer. We developed an application which modifies packets and rejects them back into the network stack to do some network proxy transparently. We achieved this by using WinDivert (https://reqrypt.org/windivert.html) that is a tool/driver allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack. Our app worked well on physical Windows machines but on Xen virtual machines we encountered a problem. Problem: - Everything works well before we start our app. - Network traffic is blocked after the app is started, even a single SYN packet couldn't be sent out. Workaround: If we disable the checksum offload in Xen Net Driver, everything starts to work again. > Hi Hao, > > Which checksum offload? Just TCP or IPv4 too? Testing Environment: Xen Virtual Machine: Windows 7 Sp1 x64 with latest updates Xen Net Driver: Driver version 3.0.144.590 xennet.sys version 2.3.0.144 I have a couple of questions: 1. Is this a problem of WinDivert driver or Xen Net driver from your perspective? > Since the stable (i.e. 8.x) drivers pass all logo tests (which have detailed > checks of the semantics of checksum offload, LSO, etc.) the I'd say the > problem lies in the application. One thing to try is disabling LRO though.. > this is disabled for logo testing since the version of NDIS we use doesn't > actually support it. (Moving to a newer NDIS is on the TODO list). 2. If this belongs to Xen Net driver, does the latest driver fix this? 3. I found many articles on the Internet which teach people to disable checksum offload (and other kinds of offload) for Xen virtual machines, e.g. some tutorials from AWS. Why is this option ON by default if it shouldn't be, or is there any introduction about the context why it is ON by default? I know what TCP/IP checksum is, but in virtual machine context, I have no idea if it is necessary or not. Any comment or suggestion is appreciated. > The answer is "it's complicated" :-) The default set of offloads is the set > we use in Citrix branded versions of the drivers for XenServer and, whilst > there used to be many issues with such offloads in the past (pre Xenserver > 7.x), we have not had *any* reports from the field to suggest there are any > current issues with checksum or large packet offloads in the 8.x drivers. > > Cheers, > > Paul Thanks Hao _______________________________________________ win-pv-devel mailing list win-pv-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/win-pv-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.