WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Re: tcp wrong checksum

Ian Jackson writes ("tcp wrong checksum"):
> Ideally I would like to COMPLETELY DISABLE this fragile optimisation.
> Is there a way to do that ?

I found that the answer is no.  Hardcoded in the Xen 3.0.1 network
backend driver (in the supplied patch to Linux 2.6.12) is the notion
that packets `outbound' through the network backend (destined for a
frontend in another guest) do not ever need to be checksummed.

I presume that this is the result of the following chain of reasoning:
 1. The backend is in dom0 and the frontend is in some domU.
 2. domU does not have and use any physical network hardware.
 3. The domU does not act as a router-encapsulator. (eg,
    run a VPN client, tunnel endpoint, etc. etc.)
 4. The domU will always know correctly whether the packet
    originated from dom0 (checksum not needed, not calculated) or from
    some other machine and just came via domU (checksum calculated and
    needed).
 5. Therefore all packets leaving dom0 for domU will terminate
    on that domU and do not need to be checksummed.
(It is possible that there's something fancy happening in the
frontend; I briefly looked at that code but didn't take the time to
understand it fully.)

All of the assumptions 1-4 can be false.  1-3 can be false in many
network topologies and the system should not assume that the network
topology is as set up by the provided default configuration scripts.
4 is apparently false in my case and caused the symptoms I saw.

I have applied the patch below to my 2.6.12 + Xen 3.0.1 kernel, and
that has made my symptoms go away.

I think the whole approach here needs to be rethought.  I found some
documentation about NETIF_F_NO_CSUM:
 
http://efault.net/npat/docs_and_postings/net_device-features/net_device-features.txt
and it's clear from that (and my analysis as set out above) that
NETIF_NO_CSUM is not always appropriate for the vif backend even if
the guest with the frontend can always know correctly whether the
packet was in fact checksummed at the origin and therefore whether it
should be checked.

Thanks,
Ian.

--- linux-2.6.12/drivers/xen/netback/interface.c~       2006-03-07 
11:22:12.000000000 +0000
+++ linux-2.6.12/drivers/xen/netback/interface.c        2006-03-07 
14:56:13.000000000 +0000
@@ -77,7 +77,7 @@
        dev->get_stats       = netif_be_get_stats;
        dev->open            = net_open;
        dev->stop            = net_close;
-       dev->features        = NETIF_F_NO_CSUM;
+       dev->features        = 0;
 
        /* Disable queuing. */
        dev->tx_queue_len = 0;

-- 
Ian Jackson, at home.           Local/personal: ijackson@xxxxxxxxxxxxxxxxxxxxxx
ian@xxxxxxxxxxxxxxxxxxxxxxxx       http://www.chiark.greenend.org.uk/~ijackson/
Problems mailing me ?  Send postmaster@chiark the bounce (bypasses the blocks).

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>