Package: base
Severity: normal
Tags: upstream
Dear Maintainer,
* What led up to the situation?
Checksum calcualtion for outgoing tcp packages had been moved from the
kernel to the network interface card (ethX or wlanX).
Thus when capturing data with tcpdump / Wireshark/ pcap invalid checksums
occur. Thus it is no longer possible to determine which packages had invalid
checksums and will be discarded.
Therefore TCP-offloading needs to be manually deactivated with ethtool.
* What exactly did you do (or not do) that was effective (or
ineffective)?
I deactivated all netwark card features and thus expected the kernel to
calculate the outgoing checksums:
su
ethtool -K eth0 rx off tx off sg off tso off gso off
* What was the outcome of this action?
All features are activated according ethtool:
ethtool -k eth0
Features for eth0:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ipv4: off [fixed]
tx-checksum-unneeded: off [fixed]
tx-checksum-ip-generic: off
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: off
tx-scatter-gather: off
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
tx-tcp-segmentation: off
tx-tcp-ecn-segmentation: off [fixed]
tx-tcp6-segmentation: off
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]
I entered:
wget www.heise.de
While tracking the traffic with tcpdump (see "incorrect" for checksums of
traffic in outgoing direction (Donald.fritz.box.43681 > redirector.heise.de):
tcpdump -i eth0 -vvv tcp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
18:57:13.399866 IP (tos 0x0, ttl 64, id 50216, offset 0, flags [DF], proto TCP
(6), length 60)
Donald.fritz.box.43681 > redirector.heise.de.http: Flags [S], cksum 0xc4a8
(incorrect -> 0x573c), seq 2174976360, win 14600, options [mss 1460,sackOK,TS
val 345408 ecr 0,nop,wscale 6], length 0
18:57:13.413922 IP (tos 0x0, ttl 245, id 15109, offset 0, flags [DF], proto TCP
(6), length 60)
redirector.heise.de.http > Donald.fritz.box.43681: Flags [S.], cksum 0x6a7a
(correct), seq 3901327278, ack 2174976361, win 4356, options [mss
1452,nop,nop,TS val 2361400012 ecr 345408,sackOK,eol], length 0
18:57:13.413989 IP (tos 0x0, ttl 64, id 50217, offset 0, flags [DF], proto TCP
(6), length 52)
Donald.fritz.box.43681 > redirector.heise.de.http: Flags [.], cksum 0xc4a0
(incorrect -> 0x6e2d), seq 1, ack 1, win 14600, options [nop,nop,TS val 345412
ecr 2361400012], length 0
18:57:13.414200 IP (tos 0x0, ttl 64, id 50218, offset 0, flags [DF], proto TCP
(6), length 160)
Donald.fritz.box.43681 > redirector.heise.de.http: Flags [P.], cksum 0x03dd
(correct), seq 1:109, ack 1, win 14600, options [nop,nop,TS val 345412 ecr
2361400012], length 108
18:57:13.434350 IP (tos 0x0, ttl 245, id 15510, offset 0, flags [DF], proto TCP
(6), length 544)
redirector.heise.de.http > Donald.fritz.box.43681: Flags [P.], cksum 0x7e69
(correct), seq 1:493, ack 109, win 4464, options [nop,nop,TS val 2361400030 ecr
345412], length 492
18:57:13.434438 IP (tos 0x0, ttl 64, id 50219, offset 0, flags [DF], proto TCP
(6), length 52)
Donald.fritz.box.43681 > redirector.heise.de.http: Flags [.], cksum 0xc4a0
(incorrect -> 0x680e), seq 109, ack 493, win 15544, options [nop,nop,TS val
345417 ecr 2361400030], length 0
18:57:13.434456 IP (tos 0x0, ttl 245, id 15512, offset 0, flags [DF], proto TCP
(6), length 52)
redirector.heise.de.http > Donald.fritz.box.43681: Flags [F.], cksum 0x935a
(correct), seq 493, ack 109, win 4464, options [nop,nop,TS val 2361400030 ecr
345412], length 0
18:57:13.434716 IP (tos 0x0, ttl 64, id 50220, offset 0, flags [DF], proto TCP
(6), length 52)
Donald.fritz.box.43681 > redirector.heise.de.http: Flags [R.], cksum 0xc4a0
(incorrect -> 0x6809), seq 109, ack 494, win 15544, options [nop,nop,TS val
345417 ecr 2361400030], length 0
18:57:13.436862 IP (tos 0x0, ttl 64, id 57218, offset 0, flags [DF], proto TCP
(6), length 60)
Donald.fritz.box.51718 > www.heise.de.http: Flags [S], cksum 0xc4ad
(incorrect -> 0x4e36), seq 1372822219, win 14600, options [mss 1460,sackOK,TS
val 345417 ecr 0,nop,wscale 6], length 0
18:57:13.452346 IP (tos 0x0, ttl 245, id 16086, offset 0, flags [DF], proto TCP
(6), length 60)
www.heise.de.http > Donald.fritz.box.51718: Flags [S.], cksum 0x133b
(correct), seq 2147368525, ack 1372822220, win 4356, options [mss
1452,nop,nop,TS val 2361400050 ecr 345417,sackOK,eol], length 0
18:57:13.452421 IP (tos 0x0, ttl 64, id 57219, offset 0, flags [DF], proto TCP
(6), length 52)
Donald.fritz.box.51718 > www.heise.de.http: Flags [.], cksum 0xc4a5
(incorrect -> 0x16ee), seq 1, ack 1, win 14600, options [nop,nop,TS val 345421
ecr 2361400050], length 0
18:57:13.452674 IP (tos 0x0, ttl 64, id 57220, offset 0, flags [DF], proto TCP
(6), length 164)
Donald.fritz.box.51718 > www.heise.de.http: Flags [P.], cksum 0xbdf3
(correct), seq 1:113, ack 1, win 14600, options [nop,nop,TS val 345421 ecr
2361400050], length 112
18:57:13.573991 IP (tos 0x0, ttl 245, id 19085, offset 0, flags [DF], proto TCP
(6), length 52)
www.heise.de.http > Donald.fritz.box.51718: Flags [.], cksum 0x3d9c
(correct), seq 1, ack 113, win 4468, options [nop,nop,TS val 2361400168 ecr
345421], length 0
18:57:13.897574 IP (tos 0x0, ttl 245, id 28551, offset 0, flags [DF], proto TCP
(6), length 1492)
www.heise.de.http > Donald.fritz.box.51718: Flags [.], cksum 0x5721
(correct), seq 1:1441, ack 113, win 4468, options [nop,nop,TS val 2361400495
ecr 345421], length 1440
18:57:13.897634 IP (tos 0x0, ttl 64, id 57221, offset 0, flags [DF], proto TCP
(6), length 52)
Donald.fritz.box.51718 > www.heise.de.http: Flags [.], cksum 0xc4a5
(incorrect -> 0x043a), seq 113, ack 1441, win 17280, options [nop,nop,TS val
345532 ecr 2361400495], length 0
18:57:13.897652 IP (tos 0x0, ttl 245, id 28552, offset 0, flags [DF], proto TCP
(6), length 60)
www.heise.de.http > Donald.fritz.box.51718: Flags [P.], cksum 0xc6fc
(correct), seq 1441:1449, ack 113, win 4468, options [nop,nop,TS val 2361400495
ecr 345421], length 8
18:57:13.897669 IP (tos 0x0, ttl 64, id 57222, offset 0, flags [DF], proto TCP
(6), length 52)
Donald.fritz.box.51718 > www.heise.de.http: Flags [.], cksum 0xc4a5
(incorrect -> 0x0431), seq 113, ack 1449, win 17280, options [nop,nop,TS val
345533 ecr 2361400495], length 0
18:57:13.898942 IP (tos 0x0, ttl 245, id 28553, offset 0, flags [DF], proto TCP
(6), length 1492)
www.heise.de.http > Donald.fritz.box.51718: Flags [.], cksum 0x8c13
(correct), seq 1449:2889, ack 113, win 4468, options [nop,nop,TS val 2361400495
ecr 345421], length 1440
18:57:13.898964 IP (tos 0x0, ttl 64, id 57223, offset 0, flags [DF], proto TCP
(6), length 52)
Donald.fritz.box.51718 > www.heise.de.http: Flags [.], cksum 0xc4a5
(incorrect -> 0xf350), seq 113, ack 2889, win 20160, options [nop,nop,TS val
345533 ecr 2361400495], length 0
* What outcome did you expect instead?
I expected valid checksums of taced outgoing packages.
Note:
I did the same test on debian testing. Here the tcpdump checksums were ok
(correct).
-- System Information:
Debian Release: 7.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
