Repository: mesos Updated Branches: refs/heads/master 0ca126fa8 -> afd56ea59
Turn off rx checksum offloading for veth in container. This ensures the container network stack checksums ingress packets. This is only for the network/port_mapping isolator. Review: https://reviews.apache.org/r/41158 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/afd56ea5 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/afd56ea5 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/afd56ea5 Branch: refs/heads/master Commit: afd56ea597f5c8de227802640e690a0e3fcb36a8 Parents: 0ca126f Author: Cong Wang <[email protected]> Authored: Thu Dec 10 14:23:15 2015 -0800 Committer: Ian Downes <[email protected]> Committed: Thu Dec 10 14:26:34 2015 -0800 ---------------------------------------------------------------------- .../mesos/isolators/network/port_mapping.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/afd56ea5/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp b/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp index 89bb36f..7c1724a 100644 --- a/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp +++ b/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp @@ -1094,6 +1094,12 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags) return Error("Check command 'tc' failed: " + checkCommandTc.error()); } + Try<string> checkCommandEthtool = os::shell("ethtool --version"); + if (checkCommandEthtool.isError()) { + return Error("Check command 'ethtool' failed: " + + checkCommandEthtool.error()); + } + Try<string> checkCommandIp = os::shell("ip link show"); if (checkCommandIp.isError()) { return Error("Check command 'ip' failed: " + checkCommandIp.error()); @@ -3563,6 +3569,13 @@ string PortMappingIsolatorProcess::scripts(Info* info) script << "ip link set " << lo << " address " << hostMAC << " mtu " << hostEth0MTU << " up\n"; + // NOTE: This is mostly a kernel issue: in veth_xmit() the kernel + // tags the packet's checksum as UNNECESSARY if we do not disable it + // here, this causes a corrupt packet to be delivered into the stack + // when we receive a packet with a bad checksum. Disabling rx + // checksum offloading ensures the TCP layer will checksum and drop + // it. + script << "ethtool -K " << eth0 << " rx off\n"; script << "ip link set " << eth0 << " address " << hostMAC << " up\n"; script << "ip addr add " << hostIPNetwork << " dev " << eth0 << "\n";
