#153 pcap/ndis bridge can't connent to colinux|tcp checksum error

open
nobody
5
2009-08-01
2009-03-16
Anonymous
No

Hi,

i've upgraded my really old colinux install to the lastest develoment snapshot (20090315 and 20090305 for modules and kernel).

Trying to setup networking i've seen that using pcap-bridge or ndis-bridge doesn't let me to connect to the colinux machine:
- if i try to do a ping from colinux to host machine all goes ok
- if i try to do a ping from my host machine to colinux all goes ok
- if i try to download something from the web server that resides on host machine or from internet trought colinux (using wget for example) all goes ok
- if i try to connect to a netcat server or an openssh server that resieds on colinux from the host machine it doesn't do anything.
- if i try to connect to a netcat server or an openssh server that resides on colinux from a machine in the lan all goes ok

Doing more tests revealed that the problem is with TCP packets because i tried to set up a netcat udp server on port 53 and testing it trought nslookup shows that colinux machine recived the request.

I get the same problem using ndis-bridge and using pcap-bridge: from kernel messages all seems to be ok!

Discussion

  • daniele_dll

    daniele_dll - 2009-03-16

    Note:

    when i upgraded i've launched the necessary remove/install driver as requested in readme file

     
  • Henry N.

    Henry N. - 2009-03-16

    That should be simple. I have the same symptom on my Intel PCI-Express. My card is a "Realtek RTL8102E Family PCI-E Fast Ethernet NIC". I can not connect via ssh from Host to coLinux.
    tcpdump on coLinux or Wireshark on Windows let's see the problem: The card does not accept packets with checksum errors.

    To make it usable, go into network card "Hardware options" - "Extensions" - Properties: "Checksum" - and change the Value into "Disable".

    Here is an example session of ssh connect from host to coLinux (the failed case).
    tcpdump on coLinux:

    20:44:36.847616 arp who-has 192.168.2.100 tell 192.168.2.104
    20:44:36.847616 arp reply 192.168.2.100 is-at 00:21:85:56:fb:35
    20:44:41.647688 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.2.104.22 > 192.168.2.100.1057: S, cksum 0xabbc (correct), 1094183181:1094183181(0) ack 309852530 win 5840
    20:44:41.657689 IP (tos 0x0, ttl 128, id 434, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.2.100.1057 > 192.168.2.104.22: ., cksum 0x8637 (incorrect (-> 0xef50), ack 1 win 65535
    20:44:53.647869 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.2.104.22 > 192.168.2.100.1057: S, cksum 0xabbc (correct), 1094183181:1094183181(0) ack 309852530 win 5840
    20:44:53.647869 IP (tos 0x0, ttl 128, id 435, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.2.100.1057 > 192.168.2.104.22: ., cksum 0x8637 (incorrect (-> 0xef50), ack 1 win 65535

    The same output with Wireshark on Windows:
    6 5.016498 00:ff:99:88:b0:00 00:21:85:56:fb:35 ARP Who has 192.168.2.100? Tell 192.168.2.104
    7 5.016521 00:21:85:56:fb:35 00:ff:99:88:b0:00 ARP 192.168.2.100 is at 00:21:85:56:fb:35
    8 9.829057 192.168.2.104 192.168.2.100 TCP ssh > startron [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
    9 9.829114 192.168.2.100 192.168.2.104 TCP [TCP Dup ACK 3#2] startron > ssh [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
    10 21.814002 192.168.2.104 192.168.2.100 TCP ssh > startron [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
    11 21.814062 192.168.2.100 192.168.2.104 TCP [TCP Dup ACK 3#3] startron > ssh [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0

    I leave this bug opened, because it would be nicer to calculate the checksum before submit it into the windows network stack. Disable the receiver is a workaround.

     
  • Nobody/Anonymous

    Really thanks!

    But, just a question: where i could look to fix checksum calculation? into conet module or into ndis/pcap-bridge daemon?

     
  • Henry N.

    Henry N. - 2009-03-25

    Inside Linux kernel exist some options, for example NETIF_F_IP_CSUM and NETIF_F_HW_CSUM. Both are not set, so Linux kernel should calculate the checksum. But I think, it does not. As I see, it does not for TCP and UDP packets. If you grep for these macros you will see how other net-drivers forwards this checksum calculation to the hardware chip.

    For coLinux we need to add this calculation in conet Linux kernel driver.

    Some interesting comments will find in Linux kernel header near the macro NETIF_F_IP_CSUM.

     
  • Nobody/Anonymous

    thank you!

    i hope to give a look this weekend

     
  • Nobody/Anonymous

    Try installing VirtualBox

    With IP Checksumming enabled on my Realtek adaptor, NDIS Bridging cannot ping each other but with Virtualbox installed and its networking component assigned - it seems that my NDIS Bridge works perfect with no errors..

    Its been running my webserver fine for a month :P

     
  • Henry N.

    Henry N. - 2009-08-01
    • summary: Using pcap/ndis bridge can't connent to colinux services --> pcap/ndis bridge can't connent to colinux|tcp checksum error
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks