[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Fix NAT for domU checksum offload

On Sat, Oct 15, 2005 at 12:09:36AM +0100, Ian Pratt wrote:
> > Below is a fix for the current problem of checksum offload 
> > not working in a NAT'ed network.  The cause is the 
> > NAT/iptables code incorrectly modifying the TCP/UDP checksum 
> > (for the checksum offload case).  The original code assumes a 
> > valid checksum, which is not the case for checksum offload 
> > packets (which has a complimented, partial checksum for the 
> > hardware to use).  The fix is to compliment the new address 
> > and not compliment the old address (which is complimented in 
> > the partial checksum), and roll that with the 
> > ip_nat_cheat_check function.
> Thanks for looking into this -- this issue has been nagging away for a
> long time.

Sorry it took me so long.  Hopefully, I can knock out the IPSec one

> > There are two "versions" of the patch below.  The first 
> > version is a diff to show the actual changes made to the 
> > ip_nat_proto_udp.c and ip_nat_proto_tcp.c file (as it is 
> > difficult/impossible to tell from the second patch).  The 
> > second version is the one to commit to the tree (which 
> > creates 2 new files in the sparse directory).
> Would we be better off committing the first patch to the patches
> directory rather than adding to the sparse tree.

You are right.  Patch to follow.

> Do you think you could send this upstream via davem?

I can send this to DaveM, but it is very Xen specific.  Should we wait
for the big Xen/Linux merge for this, or is he currently going through
the changes?

> [Today has been a good day for vanquishing bugs. We're working on a few
> save/restore fixes and have a list of tools issues, but 32bit isn't in
> too bad shape right now.]
> Ian
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.