Support #7340
Updated by Juliana Fajardini Reichow about 1 month ago
*Problem* h1. Problem I used af-packet to capture packets from docker interface and set bpf filter to ignore traffic. I found `stats`'s decoder.invalid was increasing. *Configuration* h1. Configuration *docker0's offload* h2. docker0's offload <pre><code class="shell"> Features for docker0: rx-checksumming: off [fixed] tx-checksumming: on tx-checksum-ipv4: off [fixed] tx-checksum-ip-generic: on tx-checksum-ipv6: off [fixed] tx-checksum-fcoe-crc: off [fixed] tx-checksum-sctp: off [fixed] scatter-gather: off tx-scatter-gather: off tx-scatter-gather-fraglist: off tcp-segmentation-offload: off tx-tcp-segmentation: off tx-tcp-ecn-segmentation: off tx-tcp-mangleid-segmentation: off tx-tcp6-segmentation: off generic-segmentation-offload: off generic-receive-offload: off large-receive-offload: off [fixed] rx-vlan-offload: off [fixed] tx-vlan-offload: on ntuple-filters: off [fixed] receive-hashing: off [fixed] highdma: on rx-vlan-filter: off [fixed] vlan-challenged: off [fixed] tx-lockless: on [fixed] netns-local: on [fixed] tx-gso-robust: off [requested on] tx-fcoe-segmentation: off [requested on] tx-gre-segmentation: on tx-gre-csum-segmentation: on tx-ipxip4-segmentation: on tx-ipxip6-segmentation: on tx-udp_tnl-segmentation: on tx-udp_tnl-csum-segmentation: on tx-gso-partial: on tx-tunnel-remcsum-segmentation: on tx-sctp-segmentation: on tx-esp-segmentation: on tx-udp-segmentation: on tx-gso-list: on fcoe-mtu: off [fixed] tx-nocache-copy: off loopback: off [fixed] rx-fcs: off [fixed] rx-all: off [fixed] tx-vlan-stag-hw-insert: on rx-vlan-stag-hw-parse: off [fixed] rx-vlan-stag-filter: off [fixed] l2-fwd-offload: off [fixed] hw-tc-offload: off [fixed] esp-hw-offload: off [fixed] esp-tx-csum-hw-offload: off [fixed] rx-udp_tunnel-port-offload: off [fixed] tls-hw-tx-offload: off [fixed] tls-hw-rx-offload: off [fixed] rx-gro-hw: off [fixed] tls-hw-record: off [fixed] rx-gro-list: off macsec-hw-offload: off [fixed] rx-udp-gro-forwarding: off hsr-tag-ins-offload: off [fixed] hsr-tag-rm-offload: off [fixed] hsr-fwd-offload: off [fixed] hsr-dup-offload: off [fixed] </code></pre> *af-packet configuration* h2. af-packet configuration <pre><code class="yaml"> af-packet: - interface: docker0 cluster-id: 99 cluster-type: cluster_flow defrag: yes use-mmap: yes tpacket-v3: yes ring-size: 100000 block-size: 1048576 block-timeout: 10 buffer-size: 1048576 bpf-filter: host 172.17.0.3 checksum-checks: no mmap-locked: yes use-emergency-flush: no </code></pre> *Debug* h1. Debug When I used gdb to debug, I set a breakpoint, I found IPv4 payload length is not equal actual len. <pre><code class="shell"> (gdb) b DecodeIPV4Packet (gdb) if (unlikely(len < IPV4_GET_RAW_IPLEN(ip4h))) { ENGINE_SET_INVALID_EVENT(p, IPV4_TRUNC_PKT); return NULL; } (gdb) p len $1 = 1510 (gdb) p (uint16_t)ntohs((ip4h)->ip_len) $2 = 3071 </code></pre> *My Solution* h1. My Solution I changed pcap_compile's snaplen_arg to MAX_PAYLOAD_SIZE, the problem never happen again.