Networking under Xen
Colin Percival
cperciva at freebsd.org
Wed Jul 15 07:55:43 UTC 2015
On 07/15/15 00:44, Kristof Provost wrote:
>> On 14 Jul 2015, at 21:23, Mark Felder <feld at FreeBSD.org> wrote:
>> On Tue, Jul 14, 2015, at 13:54, Colin Percival wrote:
>>> More precisely *pf* is a known issue. It's inserting TCP checksums
>>> into TSO packets. I reported this a long time ago and I don't know
>>> why pf still hasn't been fixed.
>>
>> I think Kristof may have solved this in HEAD with all of the care and
>> feeding he has been doing to pf, but I haven't verified.
>
> I wouldn’t expect so. As far as I know I’ve not fixed anything TSO or
> checksum related.
In my tests, deleting these lines from pf_ioctl.c
3570 /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */
3571 if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
3572 in_delayed_cksum(*m);
3573 (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
3574 }
unbreaks pf+TSO on EC2 instances. I'm not entirely sure why these lines
are there in the first place, which is why I didn't want to simply go in
and remove them -- but it may be that wrapping those lines in something
like "if ((csum_flags & CSUM_TSO) == 0)" would solve the problem without
breaking anything else.
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
More information about the freebsd-xen
mailing list