[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen checksumming bug with IPsec ESP packets

I can test patches until the end of August.


Nivedita Singhvi wrote:

Keir Fraser wrote:

On 3 Aug 2005, at 17:27, Jonathan M. McCune wrote:

We fixed this by removing the addition of flag NETIF_F_IP_CSUM in drivers/xen/netfront/netfront.c:create_netdev(). I believe this tells the kernel to just always do the checksum in software. Thus, the broken optimization for TCP/UDP packets gets bypassed.

Permanent Solution:


That's why I posted this message... :-)

I suspect the ESP code would need to be made aware of the csum_blank field, and fill in before forwarding. There are doubtless other paths that may need similar tweaks (e.g., NAT IP masquerading is untested I think, although there's a fair chance it'll just work).

Apart from the above 'proper fix', simple not-so-hacky solutions include:
 * Run 'ethtool -K tx off' in each domU
* Add an option to netback in domain0 to fill in checksums itself if not done by domU. * Allow netback to advertise to domUs whether it accepts non-checksummed packets, and have an option to set this advertisement when you start netback.

Keir, Jonathan,

I stuck the above in a bugzilla entry (#143) just for better
tracking.  Jonathan, would you be able to test patches?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.