|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] XEN and ipq_read
On Tue, Apr 27, 2010 at 11:31:33AM +0300, plamen .. wrote: > Hi all, > > I'm using Ubuntu Hardy, Xen version 3.2.1-rc1-pre, Dom0 kernel 2.6.24-27-xen, > PV DomU kernel 2.6.24-27-xen. > > I'm setting DomU as a router having iptables 1.3.8. I put an IDS system Snort > in inline mode (IPS) on the router, which is configured to retrieve specific > packets from kernel (iptables ... -j QUEUE and ip_queue module). At first > snort started to report errors on each received packet. After a little bit of > debugging and doing a sample application to test ipq_read() I found that raw > data sent from kernel contains about 24 bytes more than expected. The > additional bytes are in the meta data structure before the real packet > content. This breaks raw data parsing. After a little bit of additional > debugging I noticed that this happens only on Xen DomU VMs. On Dom0 it work > fine, on other servers not running Xen it works also fine. > > Currently I'm about to install rtr DomU as HVM and I think it will work fine, > but I don't want to leave it like this in production. > > Is there any reason in xen kernel to break sending packets from kernel to > user space through the ip_queue module ? If so is there any way to work > around this issue ? > Did you try disabling all network offloading settings in the domU? (and if that doesn't help, then also in all interfaces/bridges/vifs on dom0). Other than that you might want to upgrade your Xen and kernels, they're pretty old and known to have problems/bugs. (Only the kernel versions should affect packet processing though). -- Pasi _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |