|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] Network Checksum Removal
On 25 May 2005, at 22:38, Cédric Schieli wrote: The response from the original SYN goes through the third rule, but the ACKs don't. I added a rule to log packets with invalid state and the ACKs got logged. This may be a hard one to fix. The problem is probably that the packets coming from domU haven't been checksummed, so a checksum check will fail. We set ip_summed==CHECKSUM_UNNECESSARY, but perhaps the firewall code checksums anyway, or the bridge is clobbering ip_summed when it locally delivers. :-( veth0 is careful to preserve CHECKSUM_UNNECESSARY -- it may be worth trying it out rather than bringing up your IP interface on the bridge device. See tools/examples/network for an example script that brings up veth0. If that doesn't work then I'm not sure there's a clean solution (ie. one that doesn;t require hacking the network stack), other than disabling checksum offload. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |