From: "David S. Miller" <davem@redhat.com>
To: Harald Welte <laforge@netfilter.org>
Cc: mukansai@emailplus.org, scott.feldman@intel.com,
netfilter-devel@lists.netfilter.org,
linux-kernel@vger.kernel.org
Subject: Re: TSO and netfilter (Re: Extremely slow network with e1000 & ip_conntrack)
Date: Thu, 11 Dec 2003 17:41:36 -0800 [thread overview]
Message-ID: <20031211174136.1ed23e2e.davem@redhat.com> (raw)
In-Reply-To: <20031211110315.GJ22826@sunbeam.de.gnumonks.org>
On Thu, 11 Dec 2003 12:03:15 +0100
Harald Welte <laforge@netfilter.org> wrote:
> The only interesting case is in ip_output.c:ip_queue_xmit(), where
> tso_size and tso_segs are calculated, before NF_IP_LOCAL_OUT is run.
>
> But changing the content or the size of the tcp payload should not
> affect those calculations.
It changes at least tso_segs, since if you decrease of increase the
size of the payload the number of real TCP/IP packets the TSO engine
will end up spitting out could be different.
The one netfilter module I'm most concerned about is the one that
handles non-passive FTP, I remember that one did strange things with
the data stream, removed TCP options, and stuff like that.
> A real problem would be resizing the TCP header (where th.doff is
> affected). But I cannot think of any case where any of the current
> netfilter/iptables/conntrack/nat code does that.
As mentioned above, I thought the netfilter module handling non-passive
FTP stripped TCP options.
> Even in the past, when
> we used to remove SACKPERM from the tcp header, we just NOP'ed it out
> instead of resizing the header.
This may be what I was thinking about.
> > Another area for inspection are the cases where TCP header bits are
> > changed and thus the checksum needs to be adjusted.
>
> Why is this a problem? The netfilter code has to adjust the checksum
> anyway... or is the checksum calculation for TSO-enabled skb's
> different?
Currently all the TSO supporting drivers set the ip and tcp header
checksum values themselves as appropriate, so there are no worries in
this area.
next prev parent reply other threads:[~2003-12-12 1:43 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-04 6:51 Extremely slow network with e1000 & ip_conntrack Feldman, Scott
2003-12-04 12:36 ` Stephen Lee
2003-12-04 18:24 ` David S. Miller
2003-12-05 20:45 ` Stephen Lee
2003-12-05 20:28 ` David S. Miller
2003-12-05 22:20 ` Stephen Lee
2003-12-05 22:56 ` David S. Miller
2003-12-11 7:26 ` Harald Welte
2003-12-11 8:25 ` Henrik Nordstrom
2003-12-11 11:03 ` TSO and netfilter (Re: Extremely slow network with e1000 & ip_conntrack) Harald Welte
2003-12-12 1:41 ` David S. Miller [this message]
2003-12-12 7:01 ` Harald Welte
2003-12-12 8:00 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031211174136.1ed23e2e.davem@redhat.com \
--to=davem@redhat.com \
--cc=laforge@netfilter.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mukansai@emailplus.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=scott.feldman@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox