On Tue, Apr 27, 2010 at 11:31:33AM +0300, plamen ..
wrote:> Hi all,
>
> I''m using Ubuntu Hardy, Xen version 3.2.1-rc1-pre, Dom0 kernel
2.6.24-27-xen, PV DomU kernel 2.6.24-27-xen.
>
> I''m setting DomU as a router having iptables 1.3.8. I put an IDS
system Snort in inline mode (IPS) on the router, which is configured to retrieve
specific packets from kernel (iptables ... -j QUEUE and ip_queue module). At
first snort started to report errors on each received packet. After a little bit
of debugging and doing a sample application to test ipq_read() I found that raw
data sent from kernel contains about 24 bytes more than expected. The additional
bytes are in the meta data structure before the real packet content. This breaks
raw data parsing. After a little bit of additional debugging I noticed that this
happens only on Xen DomU VMs. On Dom0 it work fine, on other servers not running
Xen it works also fine.
>
> Currently I''m about to install rtr DomU as HVM and I think it will
work fine, but I don''t want to leave it like this in production.
>
> Is there any reason in xen kernel to break sending packets from kernel to
user space through the ip_queue module ? If so is there any way to work around
this issue ?
>
Did you try disabling all network offloading settings in the domU?
(and if that doesn''t help, then also in all interfaces/bridges/vifs on
dom0).
Other than that you might want to upgrade your Xen and kernels, they''re
pretty old
and known to have problems/bugs.
(Only the kernel versions should affect packet processing though).
-- Pasi
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
lists.xensource.com/xen-devel