Package: linux-image-2.6.16-2-xen-686 Version: 2.6.16-17 Severity: grave A recently added optimization skips checksums on all packets it believes are destined for another Xen domain inside the same box. Too bad, it is sometimes wrong -- an analysis can be found on http://lists.xensource.com/archives/html/xen-users/2006-03/msg00159.html
This had been fixed before -- NETIF_F_NO_CSUM was changed to 0; however, in the current version of the Xen patch in unstable it is again enabled, set to NETIF_F_IP_CSUM (ie, IPv4 tcp and udp only) this time. Unfortunately, an idiot running nearly only IPv6 can miss this bug, unknowingly teergrubing other hosts. I've personally managed to do this to lists.debian.org, making it keep a number of exim4 processes trying to deliver mail to my server. Thus, it was suggested to file this bug as 'grave'. IPv4 ICMP, all IPv6 and connections which actually don't leave the box work fine; same for those which get bridged away to a physical interface without passing through NAT. The fix: as in the quoted link, change dev->features = NETIF_F_IP_CSUM; to dev->features = 0; -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (202, 'unstable'), (201, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-xen-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages linux-image-2.6.16-2-xen-686 depends on: ii initramfs-tools [linux-initra 0.73c tools for generating an initramfs ii linux-modules-2.6.16-2-xen-68 2.6.16-17 Linux kernel modules 2.6.16 image Versions of packages linux-image-2.6.16-2-xen-686 recommends: ii libc6-xen 2.3.6-19 GNU C Library: Shared libraries [X -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
