This is an automatically generated e-mail. To reply, visit:

Review request for mesos, Ian Downes and Jie Yu.

Repository: mesos


We noticed that in some cases we delivered some corrupt packets to applications 
running in our containers. This is clearly wrong. 

Here is what happens:

1) We receive a corrupt packet externally
2) The hardware driver is able to checksum it and notices it has a bad checksum
3) The driver delivers this packet anyway to wait for TCP layer to checksum it 
again and then drop it
4) This packet is moved to a veth interface because it is for a container
5) Both sides of the veth pair have RX checksum offloading by default
6) The veth_xmit() marks the packet's checksum as UNNECESSARY since its peer 
device has rx checksum offloading
7) Packet is moved into the container TCP/IP stack
8) TCP layer is not going to checksum it since it is not necessary
9) The packet gets delivered to application layer



Diff: https://reviews.apache.org/r/41158/diff/


1) Turn rx checksum off manually and the bug is gone
2) Test this patch and verify rx checksum is turned off as expected.
3) I don't see any noticable performance issue after turning this off


Cong Wang

Reply via email to