This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Masquerading problems - XenU 3.0 on x86_64

To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Masquerading problems - XenU 3.0 on x86_64
From: Jim Pick <jim@xxxxxxxxxxx>
Date: Sun, 09 Apr 2006 13:18:34 -0700
Cc: xen-devel Devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, netfilter-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 09 Apr 2006 13:18:57 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <6677c9ee1b32caad4ff87bf462512ee3@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <44384EDA.2080106@xxxxxxxxxxx> <6677c9ee1b32caad4ff87bf462512ee3@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.5 (X11/20040208)
Keir Fraser wrote:

On 9 Apr 2006, at 01:01, Jim Pick wrote:

I'm trying to migrate my Xen sessions installed on 32-bit Xen 2.0 server to a 64-bit Xen 3.0 server.

On the Xen 2.0 server (32-bit), I built a DomU kernel with masquerading, and I use that to do NAT for some private networks running on the same box.

When I tried to do it with Xen 3.0 (64-bit), I couldn't get it to work. I had to build a custom DomU kernel (from xen-3.0-testing.hg, 2.6.16, 2 days ago) in order to include the netfilter/iptables code. ICMP works. TCP doesn't. Non-masquerading traffic is OK. I had the same problems with the 2.6.12 kernel from Xen 3.0.1.

I captured some of the traffic, and ethereal is showing that the masqueraded traffic being output has bad TCP checksums.

I'm going to have to do some debugging to try to figure out what's going wrong.

Has anybody else encountered this? Also, if it's already been fixed somewhere, I'd love to know. Any Netfilter debugging tips would also be appreciated.

Turn off tx checksum offload in your domU's using ethtool. We had fixed some forms of NAT with our checksum offload, but maybe not for your type of setup.

That fixed it.  Thanks!


 - Jim

Xen-devel mailing list