|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-devel
Re: [Xen-devel] Xen checksumming bug with IPsec ESP packets 
| 
I can test patches until the end of August.
Cheers,
-Jon
Nivedita Singhvi wrote:
 
Keir Fraser wrote:
 
On 3 Aug 2005, at 17:27, Jonathan M. McCune wrote:
 We fixed this by removing the addition of flag NETIF_F_IP_CSUM in 
drivers/xen/netfront/netfront.c:create_netdev().  I believe this 
tells the kernel to just always do the checksum in software.  Thus, 
the broken optimization for TCP/UDP packets gets bypassed.
Permanent Solution:
???
That's why I posted this message... :-)
 
I suspect the ESP code would need to be made aware of the csum_blank 
field, and fill in before forwarding. There are doubtless other paths 
that may need similar tweaks (e.g., NAT IP masquerading is untested I 
think, although there's a fair chance it'll just work). 
Apart from the above 'proper fix', simple not-so-hacky solutions 
include: 
 * Run 'ethtool -K tx off' in each domU
* Add an option to netback in domain0 to fill in checksums itself if 
not done by domU.
 * Allow netback to advertise to domUs whether it accepts 
non-checksummed packets, and have an option to set this advertisement 
when you start netback.
 
Keir, Jonathan,
I stuck the above in a bugzilla entry (#143) just for better
tracking.  Jonathan, would you be able to test patches?
thanks,
Nivedita
 
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
 | 
 |  | 
  
    |  |  |