Bug 197344 - tx checksum broken on XEN
Summary: tx checksum broken on XEN
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.1-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-xen mailing list
Depends on:
Reported: 2015-02-05 09:09 UTC by Andreas Pflug
Modified: 2016-05-09 16:08 UTC (History)
5 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Pflug 2015-02-05 09:09:15 UTC
This issue might be related to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192013 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=154428 , but I found it to be NOT pf specific.

I've been testing pfSense 2.2 on Xen 4.1, and got the same issue as https://forum.pfsense.org/index.php?topic=85797.15 : routing traffic through the FreeBSD 10.1 machine that uses xn* interface hardly works and gives abysmal performance. Packets leaving the router contain an invalid checksum, and don't reach the target VM's tcp stack.

A workaround (with at least 50% performance penalty) is to disable tx offloading on all router interfaces in dom0, i.e. calling 

ethtool -K vif{N}.{x} tx off

The issue can be observed whether the pf firewall is active or not, so it appears to be a FreeBSD xen-netfront driver problem.
Comment 1 Andreas Pflug 2016-01-29 08:06:57 UTC
Problem still present with FreeBSD 10.2 p11 (used in OPNsense 16.1)
Comment 2 Roger Pau Monné freebsd_committer 2016-05-09 10:37:55 UTC
AFAICT, this is possibly a duplicate of PR 188261, can you please confirm that the issues you are seeing always happen when doing packet forwarding?

Also, and in order to try to solve this, can you please post a very simple configuration that can be used to reproduce the issue?
Comment 3 Andreas Pflug 2016-05-09 16:08:30 UTC
#188261 apparently describes the same problem.

How to reproduce:

DomU #1 <-> DomU/Router <-> DomU #2
all on same Xen host.

Accessing DomU#2 from DomU#1 (e.g. ssh) hardly works, until tx checksum is disabled. When a host that's not hosted on the same Xen machine is involved, everything works as expected.

Tested with Xen4.1 and 4.4, DomU/Router FreeBSD 10.1 (pfSense) and 10.2 (opnSense).