I am with problems using method NAT and having that to make use of "ethtool - K eth0 tx off" - Why is being necessary the indiscriminate use of "tx off"? - That is one bug or resource? It will be corrected? Another fact is, if the use of "tx off", we would not be compromising the security? Greetings, -- Leonardo Pinto listas#openlogic dot com br _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Sun, May 28 ''06 at 09:39, Leonardo Pinto wrote:> I am with problems using method NAT and having that to make use of > "ethtool - K eth0 tx off"we all have (well, at last with 3.0.1, I''m not 100% sure if this has been fixed with 3.0.2)> - Why is being necessary the indiscriminate use of "tx off"?EPARSE> - That is one bug or resource? It will be corrected?It''s a bug. And shortly before 3.0.2 was relesed there were some attempts to fix it. It is intended as an optimisztion, but it failed for some (or IMHO most real world) setups.> Another fact is, if the use of "tx off", we would not be compromising > the security?EPARSE But disableing TX checksum offloading (that''s what ethtool -K tx off does) does not affect security at all. The CPU only has to compute the checksum off all outgoing packages, even if the package is intended for another domU or the Dom0 where not computing the checksum could save some CPU cycles (as coruption of the package is VERY unlikely). -- /"\ Goetz Bock at blacknet dot de -- secure mobile Linux everNETting \ / (c) 2006 Creative Commons, Attribution-ShareAlike 2.0 de X [ 1. Use descriptive subjects - 2. Edit a reply for brevity - ] / \ [ 3. Reply to the list - 4. Read the archive *before* you post ] _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Much thankful by the answers, had been very valuable. Not, really this bug is not corrected still. At least in the DomU it continues being necessary disable checksum. I am using the version: xen-3.0.2-0.FC5.3 Before (in <= 3.0.1) it needed in both domains, DomU and Dom0. I also perceived that checksum in the internal domains was not thus much-needed. Beyond this control being made by the proper net-board (in Dom0), "could save some CPU cycles". Evidently, improving the performance in the transmitted packages. My grammatical corrections are not so necessary, seem that you, for the little that understood, it answered me to all the questions. It forgives me the bad English. - The question that remained is: When fixed this bug, WE MUST then disable checksum in internal domains, in favor of the performance? Much thankful, -- Leonardo Pinto listas#openlogic dot com br On Sun, 28 May 2006 23:04:56 -0300 (BRT), xen-users-request wrote> On Sun, May 28 ''06 at 09:39, Leonardo Pinto wrote: > > I am with problems using method NAT and having that to make use of > > "ethtool - K eth0 tx off" > > we all have (well, at last with 3.0.1, I''m not 100% sure if this has > been fixed with 3.0.2) > > > - Why is being necessary the indiscriminate use of "tx off"? > > EPARSE > > > - That is one bug or resource? It will be corrected? > > It''s a bug. And shortly before 3.0.2 was relesed there were some > attempts to fix it. > > It is intended as an optimisztion, but it failed for some (or IMHO most > real world) setups. > > > Another fact is, if the use of "tx off", we would not be compromising > > the security? > > EPARSE > > But disableing TX checksum offloading (that''s what ethtool -K tx off > does) does not affect security at all. The CPU only has to compute > the checksum off all outgoing packages, even if the package is intended > for another domU or the Dom0 where not computing the checksum could save > some CPU cycles (as coruption of the package is VERY unlikely). > -- > /"\ Goetz Bock at blacknet dot de -- secure mobile Linux_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Mon, May 29 ''06 at 18:12, Leonardo Pinto wrote:> - The question that remained is: When fixed this bug, WE MUST then > disable checksum in internal domains, in favor of the performance?Well, you''re not disabeling checksumming but disabelding checksum offloading. So you''re actually _EN_abeling checksumming. When the bug is fixed, you can use the checksum offloading. This will speedup inter domain network traffic. -- /"\ Goetz Bock at blacknet dot de -- secure mobile Linux everNETting \ / (c) 2006 Creative Commons, Attribution-ShareAlike 2.0 de X [ 1. Use descriptive subjects - 2. Edit a reply for brevity - ] / \ [ 3. Reply to the list - 4. Read the archive *before* you post ] _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users