[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [win-pv-devel] Hi, a question about the checksum offload and WinDivert


On Wed, Nov 7, 2018 at 12:12 AM Paul Durrant <Paul.Durrant@xxxxxxxxxx> wrote:
>
> > -----Original Message-----
> > From: win-pv-devel [mailto:win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On
> > Behalf Of Haohao Lee
> > Sent: 06 November 2018 16:01
> > To: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
> > Cc: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
> > Subject: Re: [win-pv-devel] Hi, a question about the checksum offload and
> > WinDivert
> >
> > On Tue, Nov 6, 2018 at 7:06 PM Paul Durrant <Paul.Durrant@xxxxxxxxxx>
> > wrote:
> > >
> > > De-htmling...
> > >
> > > My responses indented:
> > >
> > > ---
> > > From: win-pv-devel [mailto:win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On
> > Behalf Of Haohao Lee
> > > Sent: 06 November 2018 08:34
> > > To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
> > > Subject: [win-pv-devel] Hi, a question about the checksum offload and
> > WinDivert
> > >
> > > Hi Xen folks,
> > >
> > > Background:
> > > I am a Windows application developer. We developed an application which
> > modifies packets and rejects them back into the network stack to do some
> > network proxy transparently.
> > >
> > > We achieved this by using WinDivert (https://reqrypt.org/windivert.html)
> > that is a tool/driver allows user-mode applications to capture/modify/drop
> > network packets sent to/from the Windows network stack.
> > >
> > > Our app worked well on physical Windows machines but on Xen virtual
> > machines we encountered a problem.
> > >
> > > Problem:
> > > - Everything works well before we start our app.
> > > - Network traffic is blocked after the app is started, even a single SYN
> > packet couldn't be sent out.
> > >
> > > Workaround:
> > > If we disable the checksum offload in Xen Net Driver, everything starts
> > to work again.
> > >
> > > > Hi Hao,
> > > >
> > > > Which checksum offload? Just TCP or IPv4 too?
> > > > > The driver property does not mention IP or TCP, just checksum
> > offload (But our problem only occurs for TCP)
> > > > > Here I have a screenshot https://user-
> > images.githubusercontent.com/238419/47770931-46b6ad80-dd1c-11e8-8010-
> > 42d05baf018b.png
>
> Ok, that tells me you are not using Xen Project PV drivers. Where did you get your PV drivers from?
> > It should be from Citrix Virtual Desktop solution. Here is a screenshot of the driver version
> > Can I use Xen Project PV drivers for Citrix Products for they are still Xen Server based anyway?
> >
> > Thanks for you kind response so far. 
>
>   Paul
>
> > >
> > > Testing Environment:
> > > Xen Virtual Machine: Windows 7 Sp1 x64 with latest updates
> > > Xen Net Driver: Driver version 3.0.144.590 xennet.sys version 2.3.0.144
> > >
> > > I have a couple of questions:
> > > 1. Is this a problem of WinDivert driver or Xen Net driver from your
> > perspective?
> > >
> > > > Since the stable (i.e. 8.x) drivers pass all logo tests (which have
> > detailed checks of the semantics of checksum offload, LSO, etc.) the I'd
> > say the problem lies in the application. One thing to try is disabling LRO
> > though.. this is disabled for logo testing since the version of NDIS we
> > use doesn't actually support it. (Moving to a newer NDIS is on the TODO
> > list).
> > > > > New findings, If I disable checksum offload, the average throughput
> > goes up from 600Mbit/s to 1Gbit/s as well. Therefore now I suspect there
> > may be something wrong with this option ON.
> > >
> > > 2. If this belongs to Xen Net driver, does the latest driver fix this?
> > > 3. I found many articles on the Internet which teach people to disable
> > checksum offload (and other kinds of offload) for Xen virtual machines,
> > e.g. some tutorials from AWS. Why is this option ON by default if it
> > shouldn't be, or is there any introduction about the context why it is ON
> > by default? I know what TCP/IP checksum is, but in virtual machine
> > context, I have no idea if it is necessary or not.
> > >
> > > Any comment or suggestion is appreciated.
> > >
> > > > The answer is "it's complicated" :-) The default set of offloads is
> > the set we use in Citrix branded versions of the drivers for XenServer
> > and, whilst there used to be many issues with such offloads in the past
> > (pre Xenserver 7.x), we have not had *any* reports from the field to
> > suggest there are any current issues with checksum or large packet
> > offloads in the 8.x drivers.
> > > > > By the way, it seems I cannot install 8.x Xen Net Driver directly.
> > The OS keeps telling me my old driver is the best one.
> > > >
> > > > Cheers,
> > > >
> > > > Paul
> > >
> > > Thanks
> > >
> > > Hao
> >
> > _______________________________________________
> > win-pv-devel mailing list
> > win-pv-devel@xxxxxxxxxxxxxxxxxxxx
> > https://lists.xenproject.org/mailman/listinfo/win-pv-devel
_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/win-pv-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.