lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110221173945.GA8588@nord.niifaq.ru>
Date:	Mon, 21 Feb 2011 20:39:45 +0300
From:	Andrian Nord <nightnord@...il.com>
To:	Daniel Lezcano <daniel.lezcano@...e.fr>
Cc:	lxc-users@...ts.sourceforge.net, Patrick McHardy <kaber@...sh.net>,
	Linux Netdev List <netdev@...r.kernel.org>
Subject: Re: [Lxc-users] Huge ammount of invalid checksum packets on macvlan

On Mon, Feb 21, 2011 at 05:07:31PM +0100, Daniel Lezcano wrote:
> IMO, the checksum is not needed for the virtual macvlan devices, hence 
Well, maybe then I've made a horrible mistake of asking the wrong
question. It's not a bad checksums that are wondering me, but very poor
network traffic performance: I'm getting about ~25kbps of
/dev/zero-to-/dev/null copy via netcat between hosts and mysql queries
from container other than mysql's are horribly laggy.

Strangely enough - while there is such bug on both systems, they are
behaving differently.

First system (router):
   eth1          eth0       dummy0
|----|------------|-----------|-----|   macvlans        |------------|
|  macvlan "lan"  |           |-------------------------| containers |
|   /  \          |           |     |                   | -----------|
|--|---|----------|-----------|-----|                    
   |   |          |           | macvlan                   
   |   |     |----------------|------|
  ---  |     |  eth0  eth1   eth2    | Router-container
  LAN  |     |         |             |
  ---  \---------------/             |
             |-----------------------|


And bug appears much less when copying from container to container, or
from container to HN (but still noticeable, especially in mysql queries),
but it's seen very well when copying from LAN to container. netcat copy
transfer rate shows enormous ~300 Mbps.
/proc/net/dev show many transfer errors but 0 receive errors.

Second system (server):
   eth0         eth1       dummy0
|----------------------------|---------------|
|             no carrier     |-macvlan "lxc" |
|----------------------------|---------------|
                             |
		|---------------------------|
		|        containers         |
		|---------------------------|

We can't link macvlans on eth1, as it has no carrier and macvlans are
not working in this case. Here bug is seen very well, even in
transferring packets from container to container (netcat copy transfer
rate is ~40kbps on this system).
/proc/net/dev show may errors in both directions.

First system is slightly more powerful, but difference in
between-container performance is just too big. Also, tcpdump on both
system reports kernel-dropped packets in great amount.

P.S. netcat copy is:
lxc1) nc6 -l -p 12345 > /dev/null
lxc2) dd if=/dev/zero | nc6 lxc1 12345

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ