Bug 1567072
Summary: | [ovs]can't capture output packet using tcpdump when nfp nic was added to ovs bridge vlan_mode=native-tagged | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | LiLiang <liali> |
Component: | tcpdump | Assignee: | Michal Ruprich <mruprich> |
Status: | CLOSED NOTABUG | QA Contact: | qe-baseos-daemons |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.5 | CC: | atragler, echaudro, jakub.kicinski, jomiller, liali, louis.peens, msekleta, pablo.cascon, pieter.jansenvanvuuren, qding, simon.horman |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-21 13:57:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
LiLiang
2018-04-13 11:46:02 UTC
Can you let me know if this is with or without hardware offload (tc flower)? (In reply to Eelco Chaudron from comment #2) > Can you let me know if this is with or without hardware offload (tc flower)? without hardware offload I'm assuming this is working on the other system with the none NFP nic. Pablo, is this a known issue/limitation? Can you quickly check before I dig deeper into this? Thanks for the bug report and highlighting. This is not expected. If you can please check the netdev statistics with "ethtool -S" and ifconfig to see if the "output packet" are accounted somehow. tcpdump should show the outgoing packets if I'm not mistaken regardless of the netdev/NIC (In reply to Pablo Cascon from comment #5) > Thanks for the bug report and highlighting. This is not expected. If you can > please check the netdev statistics with "ethtool -S" and ifconfig to see if > the "output packet" are accounted somehow. tcpdump should show the outgoing > packets if I'm not mistaken regardless of the netdev/NIC I ping with option -i 0.001: ping 192.168.3.253 -i 0.001 & It seems all "output packet" are accounted. [root@hp-dl380g9-01 topo]# ethtool -S ens2np0 | grep dev_tx_pkts dev_tx_pkts: 5766 [root@hp-dl380g9-01 topo]# ethtool -S ens2np0 | grep dev_tx_pkts dev_tx_pkts: 6802 [root@hp-dl380g9-01 topo]# ethtool -S ens2np0 | grep dev_tx_pkts dev_tx_pkts: 7425 [root@hp-dl380g9-01 topo]# ethtool -S ens2np0 | grep dev_tx_pkts dev_tx_pkts: 8013 [root@hp-dl380g9-01 topo]# ethtool -S ens2np0 | grep dev_tx_pkts dev_tx_pkts: 8670 [root@hp-dl380g9-01 topo]# ethtool -S ens2np0 | grep dev_tx_pkts dev_tx_pkts: 9154 [root@hp-dl380g9-01 topo]# ifconfig ens2np0 ens2np0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 2001::215:4dff:fe13:424 prefixlen 64 scopeid 0x0<global> ether 00:15:4d:13:04:24 txqueuelen 1000 (Ethernet) RX packets 24674 bytes 2508003 (2.3 MiB) RX errors 0 dropped 500 overruns 0 frame 0 TX packets 23312 bytes 2377176 (2.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@hp-dl380g9-01 topo]# ifconfig ens2np0 ens2np0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 2001::215:4dff:fe13:424 prefixlen 64 scopeid 0x0<global> ether 00:15:4d:13:04:24 txqueuelen 1000 (Ethernet) RX packets 25504 bytes 2592621 (2.4 MiB) RX errors 0 dropped 500 overruns 0 frame 0 TX packets 24141 bytes 2461734 (2.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@hp-dl380g9-01 topo]# ifconfig ens2np0 ens2np0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 2001::215:4dff:fe13:424 prefixlen 64 scopeid 0x0<global> ether 00:15:4d:13:04:24 txqueuelen 1000 (Ethernet) RX packets 30470 bytes 3099213 (2.9 MiB) RX errors 0 dropped 500 overruns 0 frame 0 TX packets 29097 bytes 2967246 (2.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Hmm so dev_tx_pkts goes up, that's the NIC saying the pkts are sent, tcpdump filter issue? (In reply to Pablo Cascon from comment #7) > Hmm so dev_tx_pkts goes up, that's the NIC saying the pkts are sent, tcpdump > filter issue? I don't think so. No this issue when using tcpdump with other drivers. Assigning this to Pablo as he is troubleshooting this already. Bug replicated even without VMs (just regular netdevs). Somehow without the tcpdump filter all pkts can be seen. And with the filter only the ingress ones get filtered. Investigating This is due to our CoreNIC firmware choosing not to support VLAN stripping and inserting in the datapath. tcpdump doesn't actually test in its filters for the VLAN case. It so happens that most NICs today strip and report the VLAN tag out-of-band, so it's never part of the frame. This has negligible performance advantages so we don't do that. In our case VLAN tag is present inside the frame data. You can see RX frames in tcpdump because stack will strip the VLAN tag before the tcpdump hook, on TX path the hook is after VLAN insertion, so BPF filter is using wrong offsets. One can investigate the filter byte code with -d option, with sufficient BPF knowledge :) # tcpdump -pi p4p1 -d 'host 10.22.100.2' (000) ldh [12] (001) jeq #0x800 jt 2 jf 6 (002) ld [26] (003) jeq #0xa166402 jt 12 jf 4 (004) ld [30] (005) jeq #0xa166402 jt 12 jf 13 (006) jeq #0x806 jt 8 jf 7 (007) jeq #0x8035 jt 8 jf 13 (008) ld [28] (009) jeq #0xa166402 jt 12 jf 10 (010) ld [38] (011) jeq #0xa166402 jt 12 jf 13 (012) ret #262144 (013) ret #0 You can see the offsets are hard coded and there is no 0x8100 test only test for offset 12 (ethtype) is 0x0800, so IP. The same exact behaviour can be seen with any other vendor if rx-vlan-offload and tx-vlan-offload are set to off in ethtool: # ethtool -K eth4 rxvlan off txvlan off Now you will only see received frames. tcpdump and VLANs are always causing trouble: http://netoptimizer.blogspot.com/2010/09/tcpdump-vs-vlan-tags.html https://christian-rossow.de/articles/tcpdump_filter_mixed_tagged_and_untagged_VLAN_traffic.php Changing this BZ's component to 'tcpdump' as it is its limitation. Closing per request of Netronome as this is a stale bz. |