[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [win-pv-devel] Hi, a question about the checksum offload and WinDivert

On Tue, Nov 6, 2018 at 7:06 PM Paul Durrant <Paul.Durrant@xxxxxxxxxx> wrote:
> De-htmling...
> My responses indented:
> ---
> From: win-pv-devel [mailto:win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On 
> Behalf Of Haohao Lee
> Sent: 06 November 2018 08:34
> To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
> Subject: [win-pv-devel] Hi, a question about the checksum offload and 
> WinDivert
> Hi Xen folks,
> Background:
> I am a Windows application developer. We developed an application which 
> modifies packets and rejects them back into the network stack to do some 
> network proxy transparently.
> We achieved this by using WinDivert (https://reqrypt.org/windivert.html) that 
> is a tool/driver allows user-mode applications to capture/modify/drop network 
> packets sent to/from the Windows network stack.
> Our app worked well on physical Windows machines but on Xen virtual machines 
> we encountered a problem.
> Problem:
> - Everything works well before we start our app.
> - Network traffic is blocked after the app is started, even a single SYN 
> packet couldn't be sent out.
> Workaround:
> If we disable the checksum offload in Xen Net Driver, everything starts to 
> work again.
> > Hi Hao,
> >
> > Which checksum offload? Just TCP or IPv4 too?
> > > The driver property does not mention IP or TCP, just checksum offload 
> > > (But our problem only occurs for TCP)
> > > Here I have a screenshot 
> > > https://user-images.githubusercontent.com/238419/47770931-46b6ad80-dd1c-11e8-8010-42d05baf018b.png
> Testing Environment:
> Xen Virtual Machine: Windows 7 Sp1 x64 with latest updates
> Xen Net Driver: Driver version xennet.sys version
> I have a couple of questions:
> 1. Is this a problem of WinDivert driver or Xen Net driver from your 
> perspective?
> > Since the stable (i.e. 8.x) drivers pass all logo tests (which have 
> > detailed checks of the semantics of checksum offload, LSO, etc.) the I'd 
> > say the problem lies in the application. One thing to try is disabling LRO 
> > though.. this is disabled for logo testing since the version of NDIS we use 
> > doesn't actually support it. (Moving to a newer NDIS is on the TODO list).
> > > New findings, If I disable checksum offload, the average throughput goes 
> > > up from 600Mbit/s to 1Gbit/s as well. Therefore now I suspect there may 
> > > be something wrong with this option ON.
> 2. If this belongs to Xen Net driver, does the latest driver fix this?
> 3. I found many articles on the Internet which teach people to disable 
> checksum offload (and other kinds of offload) for Xen virtual machines, e.g. 
> some tutorials from AWS. Why is this option ON by default if it shouldn't be, 
> or is there any introduction about the context why it is ON by default? I 
> know what TCP/IP checksum is, but in virtual machine context, I have no idea 
> if it is necessary or not.
> Any comment or suggestion is appreciated.
> > The answer is "it's complicated" :-) The default set of offloads is the set 
> > we use in Citrix branded versions of the drivers for XenServer and, whilst 
> > there used to be many issues with such offloads in the past (pre Xenserver 
> > 7.x), we have not had *any* reports from the field to suggest there are any 
> > current issues with checksum or large packet offloads in the 8.x drivers.
> > > By the way, it seems I cannot install 8.x Xen Net Driver directly. The OS 
> > > keeps telling me my old driver is the best one.
> >
> > Cheers,
> >
> > Paul
> Thanks
> Hao

win-pv-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.