[Lxc-users] Huge ammount of invalid checksum packets on macvlan
Daniel Lezcano
daniel.lezcano at free.fr
Mon Feb 21 16:07:31 UTC 2011
On 02/21/2011 04:34 PM, Andrian Nord wrote:
> Greetings, Daniel.
>
> On Mon, Feb 21, 2011 at 04:20:59PM +0100, Daniel Lezcano wrote:
>
> 2.6.37 kernel with gentoo linux patches (doesn't affect any low-system
> stuff, AFAIK).
> lxc-0.7.2 is used.
>
> Reproducable on two different machines.
> I'm using tcpdump -vvv for bad checksum detection. This also affects
> traffic from container to hardware node (as it's using macvlan to
> communicate with containers by itself).
>
> Also, I've got same problem on UDP packets coming from lan on other
> server and it was worked around by disabeling tx and rx checksum offload
> via ethtool. But dummy devices doesn't allow this.
I am not sure it is a bug. If we go outside of the container context and
we do the following:
ssh 127.0.0.1
tcpdump -vvv -i lo
We will get the same errors AFAICS.
There is also in the man page the following option:
-K Don't attempt to verify IP, TCP, or UDP checksums. This is useful for
inter‐
faces that perform some or all of those checksum calculation in
hardware; other‐
wise, all outgoing TCP checksums will be flagged as bad.
IMO, the checksum is not needed for the virtual macvlan devices, hence
the checksum is not computed and the checksum tcp packet is not filled.
As the skb's are flagged as 'checksum not necessary' the packets are not
dropped by the kernel and are delivered to the network stack. tcpdump
intercept the raw packet and analyse the header. It will see a bad value
as this one is a default value.
I Cc'ed the netdev mailing list and Patrick in case my analysis is wrong
or incomplete.
Thanks
-- Daniel
More information about the lxc-users
mailing list