Networking under Xen
Colin Percival
cperciva at freebsd.org
Mon Jul 27 01:03:01 UTC 2015
On 07/26/15 06:16, Kristof Provost wrote:
> On 2015-07-15 00:54:25 (-0700), Colin Percival <cperciva at freebsd.org> wrote:
>> In my tests, deleting these lines from pf_ioctl.c
>> 3570 /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */
>> [...]
>> unbreaks pf+TSO on EC2 instances. I'm not entirely sure why these lines
>> are there in the first place, which is why I didn't want to simply go in
>> and remove them -- but it may be that wrapping those lines in something
>> like "if ((csum_flags & CSUM_TSO) == 0)" would solve the problem without
>> breaking anything else.
>
> I think the reason for this checksum calculation is that pf sometimes
> modifies the packet, so it also updates the checksum.
Aha, this is exactly the sort of thing I was worried about. I'm glad you
understand this stuff better than me.
> It doesn't work on Xen TSO interfaces because (I assume) it expects to
> get the pseudo header checksum, not the full checksum.
> It's not entirely clear to my why it's not broken on my hardware (which
> claims TSO support), but perhaps Xen is more picky than actual hardware.
I'm not 100% certain about this, but I don't think Xen is doing anything
with the checksum; rather, everything is being passed through to the
underlying hardware, and some NICs are pickier than others.
I'll refrain from commenting on your plans for fixing this since, as I
mentioned above, you understand how pf and the network stack work far better
than I do. :-)
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
More information about the freebsd-xen
mailing list