Formerly when userspace TSO was enabled but with a non-DKDK interface without support IP checksum offloading, FTP NAT connections would fail if the packet length changed. This can happen if the packets length changes during L7 NAT translation, predominantly with FTP.
Now we correct the IP header checksum if hwol is disabled or if DPDK will not handle the IP checksum. This fixes the conntrack - IPv4 FTP Passive with DNAT" test when run with check-system-tso. Reported-by: Flavio Leitner <[email protected]> Signed-off-by: Mike Pattrick <[email protected]> --- lib/conntrack.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 33a1a9295..1b8a26ac2 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -3402,7 +3402,8 @@ handle_ftp_ctl(struct conntrack *ct, const struct conn_lookup_ctx *ctx, } if (seq_skew) { ip_len = ntohs(l3_hdr->ip_tot_len) + seq_skew; - if (!dp_packet_hwol_is_ipv4(pkt)) { + if (!dp_packet_hwol_is_ipv4(pkt) || + !dp_packet_ip_checksum_valid(pkt)) { l3_hdr->ip_csum = recalc_csum16(l3_hdr->ip_csum, l3_hdr->ip_tot_len, htons(ip_len)); -- 2.27.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
