Re: TCP_MD5 and Intel e1000
From: David Miller
Date: Tue May 22 2007 - 06:14:43 EST
From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
Date: Tue, 22 May 2007 18:36:47 +0900 (JST)
> In article <20070522105738.f03cb83b.dada1@xxxxxxxxxxxxx> (at Tue, 22 May 2007 10:57:38 +0200), Eric Dumazet <dada1@xxxxxxxxxxxxx> says:
>
> > > I have tried to set up quagga with tcp-md5 support from kernel. All seems ok
> > > with a intel e100 NIC, but as i testetd with a intel e1000 NIC the tcp
> > > packets have an invalid md5 digest.
> > > If i run tcpdump on the mashine the packets are generated, it shows on the
> > > outgoing interface invalid md5 digests.
> > > Are there known issues about tcp-md5 and e1000 NICs?
> :
> > You could try "ethtool -K tx off", and/or other ethtool -K settings
>
> Disabling offloading should help; currently tcp-md5 stack
> blindly copy md5-signature from the first segment
> which is not appropriate for rest of segments.
It is clear we should disable TSO for sockets making use of TCP-MD5.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/