[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#382985: marked as done (teergrubes NATted connections due to mangled IPv4 checksums)

Your message dated Tue, 3 Jun 2008 16:23:55 +0200
with message-id <20080603142355.GH6571@stro.at>
and subject line Re: teergrubes NATted connections due to mangled IPv4 checksums
has caused the Debian Bug report #382985,
regarding teergrubes NATted connections due to mangled IPv4 checksums
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
382985: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382985
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: linux-image-2.6.16-2-xen-686
Version: 2.6.16-17
Severity: grave

A recently added optimization skips checksums on all packets it
believes are destined for another Xen domain inside the same box.
Too bad, it is sometimes wrong -- an analysis can be found on
http://lists.xensource.com/archives/html/xen-users/2006-03/msg00159.html

This had been fixed before -- NETIF_F_NO_CSUM was changed to 0;
however, in the current version of the Xen patch in unstable it is
again enabled, set to NETIF_F_IP_CSUM (ie, IPv4 tcp and udp only) this
time.
Unfortunately, an idiot running nearly only IPv6 can miss this bug,
unknowingly teergrubing other hosts.  I've personally managed to do
this to lists.debian.org, making it keep a number of exim4 processes
trying to deliver mail to my server.  Thus, it was suggested to file
this bug as 'grave'.

IPv4 ICMP, all IPv6 and connections which actually don't leave the
box work fine; same for those which get bridged away to a physical
interface without passing through NAT.

The fix: as in the quoted link, change
  dev->features        = NETIF_F_IP_CSUM;
to
  dev->features        = 0;

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (202, 'unstable'), (201, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-xen-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages linux-image-2.6.16-2-xen-686 depends on:
ii  initramfs-tools [linux-initra 0.73c      tools for generating an initramfs
ii  linux-modules-2.6.16-2-xen-68 2.6.16-17  Linux kernel modules 2.6.16 image

Versions of packages linux-image-2.6.16-2-xen-686 recommends:
ii  libc6-xen                     2.3.6-19   GNU C Library: Shared libraries [X

-- no debconf information

--- End Message ---
--- Begin Message --- 
> The fix: as in the quoted link, change
> dev->features        = NETIF_F_IP_CSUM;
>   to
> dev->features        = 0;
 

upstream 2.6.26-rc4 has still
netdev->features        = NETIF_F_IP_CSUM;
so i doubt that this bug report is valid.


closing


-- 
maks

--- End Message ---
Reply to: