-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
padding? lose packets when offload is enabled on mellanox #993
Comments
I Forwarded your message on what looks like a kernel/hardware bug in IPsec to our ipsec-devel list where the kernel and hardware people are. They might respond here or else I will forward any responses I will get in this issue.
|
Oh! Many thanks!!! I tried upgrade fw to last one. |
On Mon, Jan 23, 2023 at 09:14:14PM -0500, Paul Wouters via Devel wrote:
Forwarding a message on what looks like a kernel/hardware bug in IPsec
See #993
We tried to reproduce it on kernel v6.2-rc5 with latest released FW and
everything worked as expected without any packet drops.
Thanks
|
We got a response from nvidia/mellanox:
|
On Thu, 26 Jan 2023, Leon Romanovsky wrote:
On Mon, Jan 23, 2023 at 09:14:14PM -0500, Paul Wouters via Devel wrote:
>
> Forwarding a message on what looks like a kernel/hardware bug in IPsec
>
> See #993
We tried to reproduce it on kernel v6.2-rc5 with latest released FW and
everything worked as expected without any packet drops.
Thanks for the quick response. We have relayed this reply. Probably they
will wait for the 6.2 release kernel for testing, but if/once I hear
something, I will let you know.
Paul
|
Thanks! |
Thanks!
I have this error with 6.2.0-rc5 and last FW too so it mean problem with my kernel's config.
It means I enabled some options with I have this weird problem.
(Some option that Intel can work good and brings troubles to mlx).
Odd. You did not set compress=yes right ? That might cause a difference in processing for smaller and bigger packets.
Can you show /proc/net/xfrm_stat after you cause some dropped packets ? All values should be 0, if not that might indicate where to look.
Paul
|
compress=no Yes there are errors in /proc/net/xfrm_stat XfrmInNoStates 1 |
On Jan 28, 2023, at 01:50, AnatoliChe ***@***.***> wrote:
----==_mimepart_63d4c597beb89_6a59c5bc14320c8
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
compress=no
I had problems with compression so last 5 years I'm switching it off at once.
Good.
Yes there are errors in /proc/net/xfrm_stat
XfrmInNoStates 1
XfrmOutNoStates 2
XfrmAcquireError 19
Interesting. Can you redo this, show the nonzero values and then “ip xfrm policy” and “ip xfrm state” and “ipsec status” ?
There is verbose command to (ip -v of the above commands ?) that might provide insights. (Not at a computer now)
|
sure ip xfrm state from other side: src 192.168.44.101/32 dst 192.168.44.102/32 ethtool -i eth7 ethtool -k eth7 | grep esp ethtool --show-offload eth7 ipsec status cat /proc/net/xfrm_stat but I guess it canbe related with ipsec restart. |
it's not related with padding, it's DX6's problem. |
I again confirmed, I cannot reproduce this issue: root@tundra:~# ping 10.0.1.1 -s 3 root@tundra:~# ping 10.0.1.1 -s 4 sorry, nothing we can do. |
Hi! I believe it's problem with kernel/driver/firmware, but maybe you can help.
When hw offload is enabled all packets shorter then 12 bytes are loosing.
It's problem is appearing with MT28841 (Mellanox/Nvidia ConnectX-6 Dx EN adapter card, 25GbE, Dual-port SFP28, PCIe 4.0 x8, Crypto and Secure Boot MCX621102AC-ADAT)
kernel 5.15.89
driver: mlx5_core
firmware-version: 22.32.1010
With Intel cards no problems.
and enabled hardware offload
I can ping do
ping 192.168.44.1 with 0% packet loss
can do
ping 192.168.44.1 -s 4
12 bytes from 192.168.4.1: icmp_seq=1 ttl=64
with 0% packet loss
but
ping 192.168.44.101 -s 3
it's 11 bytes 0%
I can see ougoing packet with length 44
and no incoming ESP at the other side.
As only length of ESP 48 bytes it's works.
With disables offload everything works.
Looks like problems with padding?
Could you help please?
The text was updated successfully, but these errors were encountered: