|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] DNAT TCP checksum error
Thank for your quick answer Jason,
First of all, note that I'm not a kernel/xen expert, I just try to make my
system working for a proof of concept
I googled a lot before sending this email to the xen list.
Following your advise, I took a look in
/usr/src/linux-2.6.12.6-xen-r3/net/ipv4/netfilter/ and found following files :
ip_nat_proto_tcp.c
ip_nat_proto_tcp.c.orig
ip_nat_proto_udp.c
ip_nat_proto_udp.c.orig
These files have been downloaded via the "emerge -av xen-sources" gentoo
command, I didn't modify thse files.
"diff ip_nat_proto_udp.c.orig ip_nat_proto_udp.c" gives :
116,117c116,123
< if (hdr->check) /* 0 is a special case meaning no checksum */
< hdr->check = ip_nat_cheat_check(~oldip, newip,
---
>
> if (hdr->check) { /* 0 is a special case meaning no checksum */
> if ((*pskb)->proto_csum_blank) {
> hdr->check = ip_nat_cheat_check(oldip, ~newip,
> ip_nat_cheat_check(*portptr ^ 0xFFFF,
> newport, hdr->check));
> } else {
> hdr->check = ip_nat_cheat_check(~oldip, newip,
120a127,128
> }
> }
"diff ip_nat_proto_tcp.c.orig ip_nat_proto_tcp.c" gives :
131c131,136
< hdr->check = ip_nat_cheat_check(~oldip, newip,
---
> if ((*pskb)->proto_csum_blank) {
> hdr->check = ip_nat_cheat_check(oldip, ~newip,
> ip_nat_cheat_check(oldport ^ 0xFFFF,
> newport, hdr->check));
> } else {
> hdr->check = ip_nat_cheat_check(~oldip, newip,
134a140
> }
so I assume that the patch is applied. I recompiled both kernel dom0 and domU,
but always some behavior.
I also tried the "ethtool -K eth0 tx off" command without success.
At this moment, I run out of ideas.
Thanks for your help
Jean-Luc
> Message du 31/03/06 17:44
> De : "Jason" <xen@xxxxxxxxxxxxxxxxx>
> A : "jean-luc.voisin" <jean-luc.voisin@xxxxxxxxxxxxxxx>
> Copie à : xen-users@xxxxxxxxxxxxxxxxxxx
> Objet : Re: [Xen-users] DNAT TCP checksum error
>
> Some of us on the devel list have been talking about this very behaviour.
> The patch that you are
> referencing works very well (at least for me). If that patch wont apply on
> its own, it is trivial
> to edit the file by hand since you are only replacing a single line. Good
> luck!
>
> --
> Jason
> The place where you made your stand never mattered,
> only that you were there... and still on your feet
>
> On Fri, 31 Mar 2006, jean-luc.voisin wrote:
>
> > Hi all,
> > I'm running xen on gentoo since few months without problems. I recently
> > installed shorewall (firewall) on domU. This domain has 3 network
> > interfaces. One (eth1) is connected to internet through a cable modem.
> > other are dmz (eth2) and internal network (eth0). I configured shorewall to
> > accept and nat http connections from net zone (internet) to my smtp gateway
> > in DMZ. These kind of connections doesn't work with xen. I ran ethereal on
> > my laptop which simulated http requests from eth1 subnet and I found that
> > tcp packets (replies) sent by the firewall have checksums errors.
> > Then I checked in bugzilla and found a patch for a similar bug(447). Source
> > code seems to be correct regarding this patch. The linux kernel is : linux
> > 2.6.12.6, xen version 3.0.1, gentoo package : xen-sources-2.6.12.6-r3 (02
> > Mar 2006)
> >
> > Any ideas ?
> > Thanks
> > Jean-Luc
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>
>
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |