Project

General

Profile

Actions

Support #7340

open

AF_PACKET Set BPF problem

Added by QianKai Lin about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
Affected Versions:
Label:
Beginner, C

Description

Problem

I used af-packet to capture packets from docker interface and set bpf filter to ignore traffic.
I found `stats`'s decoder.invalid was increasing.

Configuration

docker0's offload

Features for docker0:
rx-checksumming: off [fixed]
tx-checksumming: on
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: on
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: off
tx-scatter-gather: off
tx-scatter-gather-fraglist: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off
tx-tcp-ecn-segmentation: off
tx-tcp-mangleid-segmentation: off
tx-tcp6-segmentation: off
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off [fixed]
rx-vlan-offload: off [fixed]
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: on [fixed]
netns-local: on [fixed]
tx-gso-robust: off [requested on]
tx-fcoe-segmentation: off [requested on]
tx-gre-segmentation: on
tx-gre-csum-segmentation: on
tx-ipxip4-segmentation: on
tx-ipxip6-segmentation: on
tx-udp_tnl-segmentation: on
tx-udp_tnl-csum-segmentation: on
tx-gso-partial: on
tx-tunnel-remcsum-segmentation: on
tx-sctp-segmentation: on
tx-esp-segmentation: on
tx-udp-segmentation: on
tx-gso-list: on
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: on
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
hw-tc-offload: off [fixed]
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
rx-udp_tunnel-port-offload: off [fixed]
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
rx-gro-hw: off [fixed]
tls-hw-record: off [fixed]
rx-gro-list: off
macsec-hw-offload: off [fixed]
rx-udp-gro-forwarding: off
hsr-tag-ins-offload: off [fixed]
hsr-tag-rm-offload: off [fixed]
hsr-fwd-offload: off [fixed]
hsr-dup-offload: off [fixed]

af-packet configuration

af-packet:
- interface: docker0
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
use-mmap: yes
tpacket-v3: yes
ring-size: 100000
block-size: 1048576
block-timeout: 10
buffer-size: 1048576
bpf-filter: host 172.17.0.3
checksum-checks: no
mmap-locked: yes
use-emergency-flush: no

Debug

When I used gdb to debug, I set a breakpoint, I found IPv4 payload length is not equal actual len.

(gdb) b DecodeIPV4Packet
(gdb)  if (unlikely(len < IPV4_GET_RAW_IPLEN(ip4h))) {
        ENGINE_SET_INVALID_EVENT(p, IPV4_TRUNC_PKT);
        return NULL;
    }

(gdb) p len
$1 = 1510
(gdb) p (uint16_t)ntohs((ip4h)->ip_len)
$2 = 3071

My Solution

I changed pcap_compile's snaplen_arg to MAX_PAYLOAD_SIZE, the problem never happen again.

Actions #1

Updated by QianKai Lin about 1 month ago

Problem

I used af-packet to capture packets from docker interface and set bpf filter to ignore traffic.
I found `stats`'s decoder.invalid was increasing.

Configuration

docker0's offload

Features for docker0:
rx-checksumming: off [fixed]
tx-checksumming: on
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: on
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: off
tx-scatter-gather: off
tx-scatter-gather-fraglist: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off
tx-tcp-ecn-segmentation: off
tx-tcp-mangleid-segmentation: off
tx-tcp6-segmentation: off
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off [fixed]
rx-vlan-offload: off [fixed]
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: on [fixed]
netns-local: on [fixed]
tx-gso-robust: off [requested on]
tx-fcoe-segmentation: off [requested on]
tx-gre-segmentation: on
tx-gre-csum-segmentation: on
tx-ipxip4-segmentation: on
tx-ipxip6-segmentation: on
tx-udp_tnl-segmentation: on
tx-udp_tnl-csum-segmentation: on
tx-gso-partial: on
tx-tunnel-remcsum-segmentation: on
tx-sctp-segmentation: on
tx-esp-segmentation: on
tx-udp-segmentation: on
tx-gso-list: on
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: on
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
hw-tc-offload: off [fixed]
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
rx-udp_tunnel-port-offload: off [fixed]
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
rx-gro-hw: off [fixed]
tls-hw-record: off [fixed]
rx-gro-list: off
macsec-hw-offload: off [fixed]
rx-udp-gro-forwarding: off
hsr-tag-ins-offload: off [fixed]
hsr-tag-rm-offload: off [fixed]
hsr-fwd-offload: off [fixed]
hsr-dup-offload: off [fixed]

af-packet configuration

af-packet:
- interface: docker0
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
use-mmap: yes
tpacket-v3: yes
ring-size: 100000
block-size: 1048576
block-timeout: 10
buffer-size: 1048576
bpf-filter: host 172.17.0.3
checksum-checks: no
mmap-locked: yes
use-emergency-flush: no

Debug
When I used gdb to debug, I set a breakpoint, I found IPv4 payload length is not equal actual len.

(gdb) b DecodeIPV4Packet
(gdb) if (unlikely(len < IPV4_GET_RAW_IPLEN(ip4h))) {
ENGINE_SET_INVALID_EVENT(p, IPV4_TRUNC_PKT);
return NULL;
}

(gdb) p len
$1 = 1510
(gdb) p (uint16_t)ntohs((ip4h)->ip_len)
$2 = 3071

My Solution
I changed pcap_compile's snaplen_arg to MAX_PAYLOAD_SIZE, the problem never happen again. I want to know what is the problem.

Actions #2

Updated by Victor Julien about 1 month ago

Does the traffic come from a real interface? If so, then the various offloads need to be disabled on that interface as well.

Actions #3

Updated by Juliana Fajardini Reichow about 1 month ago

  • Description updated (diff)

Updated description to reduce font sizes and hopefully improve readability, a bit.

Actions #4

Updated by QianKai Lin about 1 month ago

Victor Julien wrote in #note-2:

Does the traffic come from a real interface? If so, then the various offloads need to be disabled on that interface as well.

No, the traffic come from local process.

Actions

Also available in: Atom PDF