-
TCP checksum errorSecurity in CPS/Networking 2020. 8. 6. 16:03
tcpdump를 이용해 http 패킷 정보를 보던 중 checksum error 가 발생하였습니다. 물론 네트워크의 근본 원인을 파악한 후 해결을 했지만,
일시 방편으로 문제를 해결하고자 ethool을 사용해 옵션을 변경해 보았습니다.
기본적으로 tx/rx 체크섬 체크는 enable 되어 있으며 아래처럼 ethtool을 사용해 해당 설정을 읽어오거나 일시적으로 rx-checksumming, tx-checksumming 을 off 시킬 수 있습니다. 다만 데이터 링크단에서의 HW 시그널 이슈로 인해 패킷 정보가 바뀐 경우가 아닌 악의적으로 패킷의 헤더 정보가 바뀐 경우가 있으니 임의적으로 해당 옵션은 disable 하는 것은 추천하지 않으며, 일시적인 문제가 아니라 지속적으로 발생한다면 근본 원인을 찾아 해결하는 것이 우선일 것 같습니다.
$> ethtool --show-offload ens1f1
Features for ens1f1: rx-checksumming: off tx-checksumming: off tx-checksum-ipv4: off [fixed] tx-checksum-ip-generic: off tx-checksum-ipv6: off [fixed] tx-checksum-fcoe-crc: off [fixed] tx-checksum-sctp: off [fixed] scatter-gather: on tx-scatter-gather: on tx-scatter-gather-fraglist: off [fixed] tcp-segmentation-offload: off tx-tcp-segmentation: off [requested on] tx-tcp-ecn-segmentation: off [fixed] tx-tcp-mangleid-segmentation: off tx-tcp6-segmentation: off [requested on] udp-fragmentation-offload: off generic-segmentation-offload: on generic-receive-offload: on large-receive-offload: off [fixed] rx-vlan-offload: on tx-vlan-offload: on ntuple-filters: off [fixed] receive-hashing: on highdma: on [fixed] rx-vlan-filter: on [fixed] vlan-challenged: off [fixed] tx-lockless: off [fixed] netns-local: off [fixed] tx-gso-robust: off [fixed] tx-fcoe-segmentation: off [fixed] tx-gre-segmentation: off [fixed] tx-gre-csum-segmentation: off [fixed] tx-ipxip4-segmentation: off [fixed] tx-ipxip6-segmentation: off [fixed] tx-udp_tnl-segmentation: off [fixed] tx-udp_tnl-csum-segmentation: off [fixed] tx-gso-partial: off [fixed] tx-sctp-segmentation: off [fixed] tx-esp-segmentation: off [fixed] tx-udp-segmentation: off [fixed] fcoe-mtu: off [fixed] tx-nocache-copy: off loopback: off [fixed] rx-fcs: off rx-all: off tx-vlan-stag-hw-insert: off [fixed] rx-vlan-stag-hw-parse: off [fixed] rx-vlan-stag-filter: off [fixed] l2-fwd-offload: off [fixed] hw-tc-offload: off [fixed] esp-hw-offload: off [fixed] esp-tx-csum-hw-offload: off [fixed] rx-udp_tunnel-port-offload: off [fixed] tls-hw-tx-offload: off [fixed] tls-hw-rx-offload: off [fixed] rx-gro-hw: off [fixed] tls-hw-record: off [fixed$> sudo ethtool -K ens1f1 tx off rx off
'Security in CPS > Networking' 카테고리의 다른 글
[HPE] Aruba 2920 OFPFMFC_EPERM error (0) 2020.08.10 [ryu] HPE arura 2920 using openflow 1.3 (0) 2020.08.06 Ryu_manager Openflow1.0 -> Openflow1.3 변경 (0) 2020.08.04 [Openflow] Physical Port of FeatureResponse (0) 2020.07.31 [Openflow] FeatureRequest and FeatureResponse (0) 2020.07.31