114159 – tcpdump cannot deal with TSO packets

Bug 114159 - tcpdump cannot deal with TSO packets

Summary: tcpdump cannot deal with TSO packets

Status:	RESOLVED WONTFIX

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	Network (show other bugs)
Version:	Beta 3
Hardware:	Other All

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Petr Ostadal
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-08-30 16:05 UTC by Olaf Kirch
Modified:	2008-06-25 09:52 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Proposed patch (698 bytes, patch) 2005-09-07 09:42 UTC, Olaf Kirch	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olaf Kirch 2005-08-30 16:05:50 UTC

When the kernel transmits TCP packets through a NIC that is capable 
of TSO (TCP segmentation offload), it will set up a fake IP header 
since all the IP magic is done by the network card. In particular, the 
IP tot_len field will be zero. 
 
When tcpdump or ethereal sees such a packet, it will not print the packet's 
contents, but print "IP bad-len" instead. This is not very helpful when 
trying to debug network problems - I ran into this problem 2-3 times 
in the last few weeks when dealing with SLES L3 bugs. 
 
The tcpdump code already has support for this; there's a '#ifdef GUESS_TSO' 
define in print-ip.c. I propose to add a #define GUESS_TSO somewhere 
at the top of the file in order to enable this useful hack. 
 
I assume a similar hack exists for ethereal.

Comment 1 Marian Jancar 2005-09-01 10:21:13 UTC

I have added the GUESS_TSO, where to test it (and make sure the TSO is used)?

Comment 2 Olaf Kirch 2005-09-01 10:33:16 UTC

You can try any of the tcp dumps in bug 105539, for instance 
http://rudin.suse.de:8888/attachment.cgi?id=47765 
 
They have lots of those packets. Displaying this with tcpdump -nr should 
show a lot of those: IP bad-len 0 
 
Thanks, 
Olaf

Comment 3 Marian Jancar 2005-09-01 10:56:50 UTC

the GUESS_TSO works

epsilon:/# tcpdump -nr x.log | grep bad
reading from file x.log, link-type EN10MB (Ethernet)
epsilon:/#

Comment 4 Petr Ostadal 2005-09-06 09:55:07 UTC

I can't find the hack for ethereal, where did you hear about it?
For tcpdump it is fixed and for SL10 I think is too late, I decrease severity to
normal.

Comment 5 Olaf Kirch 2005-09-07 09:42:48 UTC

Created attachment 49027 [details]
Proposed patch

Comment 6 Olaf Kirch 2005-09-07 09:43:21 UTC

Something like the above patch should help. Beware, this is untested.

Comment 7 Petr Ostadal 2005-09-21 13:25:22 UTC

Proposed patch doesn't work in ethereal, I will investigate it later.

Comment 8 Gerald Pfeifer 2006-03-12 21:59:18 UTC

Petr, what's the status of this?

Comment 9 Petr Ostadal 2006-03-13 08:49:14 UTC

I didn't catch this, I will investigate it in the next distro.

Comment 10 Stephan Kulow 2008-06-25 09:32:57 UTC

mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy)

Comment 11 Stephan Kulow 2008-06-25 09:34:22 UTC

mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy)

Comment 12 Stephan Kulow 2008-06-25 09:40:51 UTC

mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy)

Comment 13 Stephan Kulow 2008-06-25 09:52:32 UTC

Closing old LATER+REMIND bugs as WONTFIX - if you still plan to work on it, feel free to reopen and set to ASSIGNED.

In case the report saw repeated reopen comments, it's due to bugzilla timing out on the huge request ;(