On Fri, Aug 01, 2014 at 10:36:17AM +0300, Julian Anastasov wrote: > The tunneling method should properly use tunnel encapsulation. > Fixes problem with CHECKSUM_PARTIAL packets when TCP/UDP csum > offload is supported. > > Thanks to Alex Gartrell for reporting the problem, providing > solution and for all suggestions. With this patch is Alex's patch "[PATCH ipvs] ipvs: invoke skb_checksum_help prior to encapsulation in tunnel xmit " also needed? > > Reported-by: Alex Gartrell <agartrell@xxxxxx> > Signed-off-by: Julian Anastasov <ja@xxxxxx> > Signed-off-by: Alex Gartrell <agartrell@xxxxxx> > --- > net/netfilter/ipvs/ip_vs_xmit.c | 20 ++++++++++++++++---- > 1 file changed, 16 insertions(+), 4 deletions(-) > > I'm not sure if TUN mode worked with HW csum enabled, one with > such hardware can check if the breakage happens after some kernel > version. > > Here is what I found for skb->encapsulation and support in drivers > > - GRO started to use CHECKSUM_PARTIAL for TCP long time ago > > - the skb->encapsulation support is added in 3.8 > > - BNX2 started to use inner header depending on skb->encapsulation > in 3.10 > > - i40e appears in 3.12 and started to use inner header depending on > skb->encapsulation > > - iptunnel_handle_offloads() is added in 3.13. This patch > uses this function. > > - mlx4 started to use inner header depending on skb->encapsulation > in 3.14 > > - benet started to use inner header depending on skb->encapsulation > in 3.14 > > As result, I'm not sure that all devices support tunneled TCP/UDP, > I see some drivers supported csum offload (CHECKSUM_PARTIAL) only > if not tunneled. In the future if problem happens with csum > offload we should check if the driver has support for tunneled > TCP/UDP. Otherwise, user can disable the csum offload for device > or as alternative we can add sysctl var in IPVS to call > iptunnel_handle_offloads with csum_help = true. > > For now I don't know which stable kernels wihout > iptunnel_handle_offloads() function may need some alternative fix. > > diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c > index 73ba1cc..5371654 100644 > --- a/net/netfilter/ipvs/ip_vs_xmit.c > +++ b/net/netfilter/ipvs/ip_vs_xmit.c > @@ -38,6 +38,7 @@ > #include <net/route.h> /* for ip_route_output */ > #include <net/ipv6.h> > #include <net/ip6_route.h> > +#include <net/ip_tunnels.h> > #include <net/addrconf.h> > #include <linux/icmpv6.h> > #include <linux/netfilter.h> > @@ -862,11 +863,15 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, > old_iph = ip_hdr(skb); > } > > - skb->transport_header = skb->network_header; > - > /* fix old IP header checksum */ > ip_send_check(old_iph); > > + skb = iptunnel_handle_offloads(skb, false, SKB_GSO_IPIP); > + if (IS_ERR(skb)) > + goto tx_error; > + > + skb->transport_header = skb->network_header; > + > skb_push(skb, sizeof(struct iphdr)); > skb_reset_network_header(skb); > memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); > @@ -900,7 +905,8 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, > return NF_STOLEN; > > tx_error: > - kfree_skb(skb); > + if (!IS_ERR(skb)) > + kfree_skb(skb); > rcu_read_unlock(); > LeaveFunction(10); > return NF_STOLEN; > @@ -953,6 +959,11 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, > old_iph = ipv6_hdr(skb); > } > > + /* GSO: we need to provide proper SKB_GSO_ value for IPv6 */ > + skb = iptunnel_handle_offloads(skb, false, 0); /* SKB_GSO_SIT/IPV6 */ > + if (IS_ERR(skb)) > + goto tx_error; > + > skb->transport_header = skb->network_header; > > skb_push(skb, sizeof(struct ipv6hdr)); > @@ -988,7 +999,8 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, > return NF_STOLEN; > > tx_error: > - kfree_skb(skb); > + if (!IS_ERR(skb)) > + kfree_skb(skb); > rcu_read_unlock(); > LeaveFunction(10); > return NF_STOLEN; > -- > 1.9.0 > -- To unsubscribe from this list: send the line "unsubscribe lvs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
