CLASSIFICATION: UNCLASSIFIED So it appears that thinking this was related to pf_ring was a red herring; instead, some digging found that the Large Receive Offload option of the Intel NIC in use (using ixgbe driver) was on and that can cause problems with any attempt at bridging, etc. When I disable lro using ethtool on the two interfaces feeding the "dummy0" interface, the kernel warnings stop. This bug report brought me to this solution: https://bugzilla.kernel.org/show_bug.cgi?id=82471
-----Original Message----- From: Knick, Scott E CTR (US) Sent: Tuesday, July 28, 2015 2:35 PM To: '[email protected]' <[email protected]> Subject: RE: WARNING: at net/core/dev.c:1921 skb_warn_bad_offload (UNCLASSIFIED) CLASSIFICATION: UNCLASSIFIED OK, since I got no bites from that, let me throw in what I just confirmed is involved: Evidently my use of the "tc" utility from iproute2 to combine interfaces for monitoring purposes. Specifically, if I never attempt to create a combined "dummy" interface from multiple physical interfaces, then the kernel never logs any tainted warnings. When I've created such an interface and then set any interfaces "feeding it" to promiscuous mode, then the warnings start; as soon as I turn off promiscuous mode on the interfaces going into the dummy, the warnings stop. Here is an excerpt from my /sbin/ifup-local script that is attempting to combine together any network interfaces it's told to into a single "dummy" interface that a single instance of Snort, etc., can then monitor. Would you expect that attempts to do what is done here would lead to the kernel warnings I've mentioned when the pf_ring kernel module is loaded? DEVICE=$1 CONFIG="/usr/local/etc/my.conf" EXCLUDED=( `/usr/local/bin/get_cfg.py "${CONFIG}" Common excl_int none` ) PROG=/usr/local/bin/tc # If this device is not in the list of devices that should be excluded from the # dummy0 interface if [[ ! "${EXCLUDED[@]}" =~ ${DEVICE} ]]; then if [[ `ip link show dev ${DEVICE} up` == "" ]]; then ip link set dev ${DEVICE} up fi if [[ `ip link show dev ${DEVICE} | grep PROMISC` == "" ]]; then ip link set dev ${DEVICE} promisc on fi if [[ `${PROG} qdisc show dev ${DEVICE} | grep ingress` == "" ]]; then echo "" echo "Adding ${DEVICE} to dummy0 interface..." ${PROG} qdisc add dev ${DEVICE} ingress ${PROG} filter add dev ${DEVICE} parent ffff: protocol all u32 match u8 0 0 action mirred egress mirror dev dummy0 ${PROG} qdisc replace dev ${DEVICE} parent root prio NODE_ID=`${PROG} qdisc show dev ${DEVICE} | awk -F'[: ]' '/prio/ { print $3 }'` ${PROG} filter add dev ${DEVICE} parent ${NODE_ID}: protocol all u32 match u32 0 0 action mirred egress mirror dev dummy0 fi # Ensure the dummy0 interface is in promiscuous mode and is up if [[ `ip link show dev dummy0 | grep PROMISC` == "" ]]; then ip link set dev dummy0 promisc on fi if [[ `ip link show dev dummy0 up` == "" ]]; then ip link set dev dummy0 up fi fi -----Original Message----- From: Knick, Scott E CTR (US) Sent: Monday, July 27, 2015 10:04 AM To: '[email protected]' <[email protected]> Subject: WARNING: at net/core/dev.c:1921 skb_warn_bad_offload (UNCLASSIFIED) CLASSIFICATION: UNCLASSIFIED Hello all, I've recently compiled the pf_ring version of libpcap distributed with pf_ring and linked my Snort and Daemonlogger binaries against it. Naturally, I also have the pf_ring kernel module loaded. This is all on a RHEL 6.6 system running kernel 2.6.32-504.el6.x86_64. While everything appears to work well, and in particular I'm seeing 0% packet loss in both Snort and Daemonlogger as I had hoped, I am seeing some warnings from the kernel in /var/log/messages. Below is an example, and all such warnings appear to be related to the skb_warn_bad_offload() call mentioned. Can anyone provide any guidance on correcting the warning? I've tried changing the offload settings of the two network cards involved using ethtool, but it appears to have no effect on the warnings. Any thoughts are appreciated. Jul 27 07:57:53 my-sys kernel: ------------[ cut here ]------------ Jul 27 07:57:53 my-sys kernel: WARNING: at net/core/dev.c:1921 skb_warn_bad_offload+0x99/0xb0() (Tainted: G W --------------- ) Jul 27 07:57:53 my-sys kernel: Hardware name: PowerEdge R710 Jul 27 07:57:53 my-sys kernel: : caps=(0x15865, 0x0) len=7306 data_len=7240 ip_summed=1 Jul 27 07:57:53 my-sys kernel: Modules linked in: nfnetlink_queue nfnetlink_log nfnetlink pf_ring(U) sch_prio act_mirred cls_u32 dummy sch_ingress ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables ip6_tables ipv6 xfs exportfs ipmi_devintf sg ses enclosure power_meter acpi_ipmi ipmi_si ipmi_msghandler microcode serio_raw iTCO_wdt iTCO_vendor_support ixgbe dca ptp pps_core mdio bnx2 dcdbas lpc_ich mfd_core i7core_edac edac_core shpchp ext4 jbd2 mbcache sr_mod cdrom usb_storage sd_mod crc_t10dif pata_acpi ata_generic ata_piix megaraid_sas dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib] Jul 27 07:57:53 my-sys kernel: Pid: 0, comm: swapper Tainted: G W --------------- 2.6.32-504.el6.x86_64 #1 Jul 27 07:57:53 my-sys kernel: Call Trace: Jul 27 07:57:53 my-sys kernel: <IRQ> [<ffffffff81074df7>] ? warn_slowpath_common+0x87/0xc0 Jul 27 07:57:53 my-sys kernel: [<ffffffff81074ee6>] ? warn_slowpath_fmt+0x46/0x50 Jul 27 07:57:53 my-sys kernel: [<ffffffff812924c5>] ? __ratelimit+0xd5/0x120 Jul 27 07:57:53 my-sys kernel: [<ffffffff8145cf79>] ? skb_warn_bad_offload+0x99/0xb0 Jul 27 07:57:53 my-sys kernel: [<ffffffff81461601>] ? __skb_gso_segment+0x71/0xc0 Jul 27 07:57:53 my-sys kernel: [<ffffffff81461663>] ? skb_gso_segment+0x13/0x20 Jul 27 07:57:53 my-sys kernel: [<ffffffff8146170b>] ? dev_hard_start_xmit+0x9b/0x480 Jul 27 07:57:53 my-sys kernel: [<ffffffff81461894>] ? dev_hard_start_xmit+0x224/0x480 Jul 27 07:57:53 my-sys kernel: [<ffffffff81461d2d>] ? dev_queue_xmit+0x1bd/0x320 Jul 27 07:57:53 my-sys kernel: [<ffffffffa00bc558>] ? tcf_mirred+0x158/0x1e0 [act_mirred] Jul 27 07:57:53 my-sys kernel: [<ffffffff814832f5>] ? tcf_action_exec+0x55/0xb0 Jul 27 07:57:53 my-sys kernel: [<ffffffffa009f9f4>] ? u32_classify+0x244/0x2a0 [cls_u32] Jul 27 07:57:53 my-sys kernel: [<ffffffff810b0760>] ? tick_sched_timer+0x0/0xc0 Jul 27 07:57:53 my-sys kernel: [<ffffffff8147f4d4>] ? tc_classify_compat+0x44/0x90 Jul 27 07:57:53 my-sys kernel: [<ffffffff8147f935>] ? tc_classify+0x55/0xa0 Jul 27 07:57:53 my-sys kernel: [<ffffffffa005e15b>] ? ingress_enqueue+0x2b/0x94 [sch_ingress] Jul 27 07:57:53 my-sys kernel: [<ffffffff8145c6a4>] ? __netif_receive_skb+0x2c4/0x750 Jul 27 07:57:53 my-sys kernel: [<ffffffff8145c88b>] ? __netif_receive_skb+0x4ab/0x750 Jul 27 07:57:53 my-sys kernel: [<ffffffff81460588>] ? netif_receive_skb+0x58/0x60 Jul 27 07:57:53 my-sys kernel: [<ffffffff81460690>] ? napi_skb_finish+0x50/0x70 Jul 27 07:57:53 my-sys kernel: [<ffffffff81461f69>] ? napi_gro_receive+0x39/0x50 Jul 27 07:57:53 my-sys kernel: [<ffffffffa018fbda>] ? ixgbe_clean_rx_irq+0x26a/0xc90 [ixgbe] Jul 27 07:57:53 my-sys kernel: [<ffffffffa0195693>] ? ixgbe_poll+0x453/0x7e0 [ixgbe] Jul 27 07:57:53 my-sys kernel: [<ffffffff81462083>] ? net_rx_action+0x103/0x2f0 Jul 27 07:57:53 my-sys kernel: [<ffffffff8107d8b1>] ? __do_softirq+0xc1/0x1e0 Jul 27 07:57:53 my-sys kernel: [<ffffffff810eaa90>] ? handle_IRQ_event+0x60/0x170 Jul 27 07:57:53 my-sys kernel: [<ffffffff8100c30c>] ? call_softirq+0x1c/0x30 Jul 27 07:57:53 my-sys kernel: [<ffffffff8100fc15>] ? do_softirq+0x65/0xa0 Jul 27 07:57:53 my-sys kernel: [<ffffffff8107d765>] ? irq_exit+0x85/0x90 Jul 27 07:57:53 my-sys kernel: [<ffffffff81533b45>] ? do_IRQ+0x75/0xf0 Jul 27 07:57:53 my-sys kernel: [<ffffffff8100b9d3>] ? ret_from_intr+0x0/0x11 Jul 27 07:57:53 my-sys kernel: <EOI> [<ffffffff812ea5ee>] ? intel_idle+0xde/0x170 Jul 27 07:57:53 my-sys kernel: [<ffffffff812ea5d1>] ? intel_idle+0xc1/0x170 Jul 27 07:57:53 my-sys kernel: [<ffffffff810b1176>] ? tick_nohz_stop_sched_tick+0x296/0x3c0 Jul 27 07:57:53 my-sys kernel: [<ffffffff81425b97>] ? cpuidle_idle_call+0xa7/0x140 Jul 27 07:57:53 my-sys kernel: [<ffffffff81009fc6>] ? cpu_idle+0xb6/0x110 Jul 27 07:57:53 my-sys kernel: [<ffffffff81522e2c>] ? start_secondary+0x2be/0x301 Jul 27 07:57:53 my-sys kernel: ---[ end trace 67d6d1cb4b33daef ]--- -- Scott Knick CLASSIFICATION: UNCLASSIFIED CLASSIFICATION: UNCLASSIFIED CLASSIFICATION: UNCLASSIFIED
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
