Problem¶

I used af-packet to capture packets from docker interface and set bpf filter to ignore traffic.
I found `stats`'s decoder.invalid was increasing.

Configuration¶

docker0's offload¶

Features for docker0:
rx-checksumming: off [fixed]
tx-checksumming: on
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: on
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: off
tx-scatter-gather: off
tx-scatter-gather-fraglist: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off
tx-tcp-ecn-segmentation: off
tx-tcp-mangleid-segmentation: off
tx-tcp6-segmentation: off
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off [fixed]
rx-vlan-offload: off [fixed]
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: on [fixed]
netns-local: on [fixed]
tx-gso-robust: off [requested on]
tx-fcoe-segmentation: off [requested on]
tx-gre-segmentation: on
tx-gre-csum-segmentation: on
tx-ipxip4-segmentation: on
tx-ipxip6-segmentation: on
tx-udp_tnl-segmentation: on
tx-udp_tnl-csum-segmentation: on
tx-gso-partial: on
tx-tunnel-remcsum-segmentation: on
tx-sctp-segmentation: on
tx-esp-segmentation: on
tx-udp-segmentation: on
tx-gso-list: on
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: on
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
hw-tc-offload: off [fixed]
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
rx-udp_tunnel-port-offload: off [fixed]
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
rx-gro-hw: off [fixed]
tls-hw-record: off [fixed]
rx-gro-list: off
macsec-hw-offload: off [fixed]
rx-udp-gro-forwarding: off
hsr-tag-ins-offload: off [fixed]
hsr-tag-rm-offload: off [fixed]
hsr-fwd-offload: off [fixed]
hsr-dup-offload: off [fixed]

af-packet configuration

af-packet:
- interface: docker0
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
use-mmap: yes
tpacket-v3: yes
ring-size: 100000
block-size: 1048576
block-timeout: 10
buffer-size: 1048576
bpf-filter: host 172.17.0.3
checksum-checks: no
mmap-locked: yes
use-emergency-flush: no

Debug
When I used gdb to debug, I set a breakpoint, I found IPv4 payload length is not equal actual len.

(gdb) b DecodeIPV4Packet
(gdb) if (unlikely(len < IPV4_GET_RAW_IPLEN(ip4h))) {
ENGINE_SET_INVALID_EVENT(p, IPV4_TRUNC_PKT);
return NULL;
}

(gdb) p len
$1 = 1510
(gdb) p (uint16_t)ntohs((ip4h)->ip_len)
$2 = 3071

My Solution
I changed pcap_compile's snaplen_arg to MAX_PAYLOAD_SIZE, the problem never happen again. I want to know what is the problem.

Does the traffic come from a real interface? If so, then the various offloads need to be disabled on that interface as well.

Victor Julien wrote in #note-2:

Does the traffic come from a real interface? If so, then the various offloads need to be disabled on that interface as well.

No, the traffic come from local process.