Re: UDP checksums broken in Dom0 -> DomU vif transfer

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: Michal Suchanek <hramrach@centrum.cz>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Konrad Rzeszutek Wilk <konrad@darnok.org>,
	"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
	Jean Guyader <jean.guyader@gmail.com>
Subject: Re: UDP checksums broken in Dom0 -> DomU vif transfer
Date: Tue, 20 Dec 2011 12:57:48 +0100	[thread overview]
Message-ID: <CAOMqctTOC_te2QRqFUC45+cq1qCBcQyMdvQcu4Brpw-kAiYnBg@mail.gmail.com> (raw)
In-Reply-To: <1324374914.23729.22.camel@zakaz.uk.xensource.com>

On 20 December 2011 10:55, Ian Campbell <Ian.Campbell@citrix.com> wrote:
> On Tue, 2011-12-20 at 09:43 +0000, Jean Guyader wrote:
>> On 20 December 2011 10:37, Ian Campbell <Ian.Campbell@citrix.com> wrote:
>> > The issue is that dom0 does checksum offload which means the checksum is
>> > not valid on the domU end, although we know the packet is intact because
>> > it never hit the wire.
>> >
>> > The network stack deals with this because skb->ip_summed is set
>> > appropriately but when e.g. raw sockets are used it can ends up exposing
>> > getting exposed to userspace.
>> >
>> > We don't want to do the checksum by default since there are performance
>> > gains from avoiding it in the general case. Note that "tx off" turns of
>> > TCP and UDP checksum offload.
>> >
>> > It's not clear where the bug is here, it could be a bug in dhclinet for
>> > dropping the packet or perhaps this is something that raw socket driver
>> > should be correcting (based on ip_summed) as the packet passes through
>> > to userspace?
>> >
>> > I'm not sure but this might impact native hardware too -- depends on the
>> > H/W's handling of the checksum field on RX, you'd hope they mostly just
>> > leave it alone, but I'm not sure how e.g. LRO/GRO effects things?
>> >
>>
>> I've seen this issue in the past. I belive the bug is in dhclient.
>> dhclient checks the checksum on the packets and drop them if it's wrong.
>
> Indeed, googling around a bit shows that this dhclient bug affects more
> than just Xen, e.g. virtio and even some native hardware appear to be
> effected.
>
> http://marc.info/?l=kvm&m=121882968407525&w=2
> https://qa.mandriva.com/show_bug.cgi?id=63320
> https://bugs.mageia.org/show_bug.cgi?id=1243
> http://pkgs.fedoraproject.org/gitweb/?p=dhcp.git;a=blob_plain;f=dhcp-4.2.2-xen-checksum.patch;hb=HEAD
>
> The OP didn't say what distro or version of dhclient he was using but I
> think the right place to report this would be to the distro since it
> appears to be using an out of date dhclient. In the meantime disabling
> offload seems like a reasonable local workaround but it is not a fix we
> should apply by default.

Thanks for the links

I am running Ubuntu in the DomU.

Michal

next prev parent reply	other threads:[~2011-12-20 11:57 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-12-19  9:27 UDP checksums broken in Dom0 -> DomU vif transfer Michal Suchanek
2011-12-19 14:29 ` Konrad Rzeszutek Wilk
2011-12-19 15:20   ` Michal Suchanek
2011-12-19 19:43     ` Konrad Rzeszutek Wilk
2011-12-20  9:37       ` Ian Campbell
2011-12-20  9:43         ` Jean Guyader
2011-12-20  9:55           ` Ian Campbell
2011-12-20 11:57             ` Michal Suchanek [this message]
2011-12-20 15:35               ` Konrad Rzeszutek Wilk
2011-12-20 16:19                 ` Ian Campbell
2011-12-20 20:03                   ` Konrad Rzeszutek Wilk
2011-12-21 10:22                     ` Ian Campbell
2012-01-02  9:14                 ` Stefan Bader

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAOMqctTOC_te2QRqFUC45+cq1qCBcQyMdvQcu4Brpw-kAiYnBg@mail.gmail.com \
    --to=hramrach@centrum.cz \
    --cc=Ian.Campbell@citrix.com \
    --cc=jean.guyader@gmail.com \
    --cc=konrad@darnok.org \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).