Packet truncation issue

[nirlya]

Hi Troy!

Your -s parameter seems to not respect Standard libpcap truncation because my network probe does not accept it. How do you truncate the packets ?

Thx in advance!

[troydhanson]

If you’re transmitting truncated packets, that will confuse anything that expects well formed packets on the wire. Is it an option in your environment to raise the MTU so you don’t need to truncate?

On Mar 15, 2018, at 3:53 AM, nirlya notifications@github.com wrote:

Hi Troy!

Your -s parameter seems to not respect Standard libpcap truncation because my network probe does not accept it. How do you truncate the packets ?

Thx in advance!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/troydhanson/fluxcap/issues/2, or mute the thread https://github.com/notifications/unsubscribe-auth/AA0S6IksuCCTh0oBmoMEua9JgB1Vm5erks5teXU7gaJpZM4SrEyS.

[nirlya]

Sadly not. In fact, the fluxcap GRE tunnel does not fragment packets before send it and truncate it seems my only solution.

[troydhanson]

Did you disable offloading on the original capture interface? By default the NIC hardware coalesces packets but this causes havoc when your intention is to retransmit them.

You’re right about the GRE tunnel lacking fragmentation support. That could be a useful feature.

On Mar 15, 2018, at 10:13 PM, nirlya notifications@github.com wrote:

Sadly not. In fact, the fluxcap GRE tunnel does not fragment packets before send it and truncate it seems my only solution.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[nirlya]

Here is ethtool result on the capture interface :

# ethtool -k ens192 Features for ens192: rx-checksumming: on tx-checksumming: on tx-checksum-ipv4: off [fixed] tx-checksum-ip-generic: on tx-checksum-ipv6: off [fixed] tx-checksum-fcoe-crc: off [fixed] tx-checksum-sctp: off [fixed] scatter-gather: on tx-scatter-gather: on tx-scatter-gather-fraglist: off [fixed] tcp-segmentation-offload: off tx-tcp-segmentation: off tx-tcp-ecn-segmentation: off [fixed] tx-tcp6-segmentation: off udp-fragmentation-offload: off [fixed] generic-segmentation-offload: off generic-receive-offload: off large-receive-offload: off rx-vlan-offload: on tx-vlan-offload: on ntuple-filters: off [fixed] receive-hashing: off [fixed] highdma: on rx-vlan-filter: on [fixed] vlan-challenged: off [fixed] tx-lockless: off [fixed] netns-local: off [fixed] tx-gso-robust: off [fixed] tx-fcoe-segmentation: off [fixed] tx-gre-segmentation: off [fixed] tx-ipip-segmentation: off [fixed] tx-sit-segmentation: off [fixed] tx-udp_tnl-segmentation: off [fixed] tx-mpls-segmentation: off [fixed] fcoe-mtu: off [fixed] tx-nocache-copy: off loopback: off [fixed] rx-fcs: off [fixed] rx-all: off [fixed] tx-vlan-stag-hw-insert: off [fixed] rx-vlan-stag-hw-parse: off [fixed] rx-vlan-stag-filter: off [fixed] busy-poll: off [fixed]

If I reduce output interface MTU size to the MTU LAN fluxcap crashes with sendto message :

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1600

/usr/local/bin/fluxcap -tx -i ens160 -E gretap:X.X.X.X o1 & warning: -s advised with GRE encapsulation sendto: Message too long

[troydhanson]

The offload settings look correct. The GRE tunnel adds something like 24 bytes to each packet. So, I think it captures a large packet, and then GRE encapsulation makes it larger yet. Then it exceeds the MTU on the LAN, when you try to transmit it.

I think the choices are (1) to increase the LAN MTU (to the capture MTU plus 100 or so), but you said this not an option; (2) truncate using -s 1476 (or so), but then the downstream tools need to expect some packets to be truncated after the GRE wrapper is removed; or (3) to add fragmentation support to the fluxcap GRE encapsulator.

I can think about the third option, but I can make no promises.

On Mar 15, 2018, at 11:46 PM, nirlya notifications@github.com wrote:

Here is ethtool result on the capture interface :

ethtool -k ens192

Features for ens192: rx-checksumming: on tx-checksumming: on tx-checksum-ipv4: off [fixed] tx-checksum-ip-generic: on tx-checksum-ipv6: off [fixed] tx-checksum-fcoe-crc: off [fixed] tx-checksum-sctp: off [fixed] scatter-gather: on tx-scatter-gather: on tx-scatter-gather-fraglist: off [fixed] tcp-segmentation-offload: off tx-tcp-segmentation: off tx-tcp-ecn-segmentation: off [fixed] tx-tcp6-segmentation: off udp-fragmentation-offload: off [fixed] generic-segmentation-offload: off generic-receive-offload: off large-receive-offload: off rx-vlan-offload: on tx-vlan-offload: on ntuple-filters: off [fixed] receive-hashing: off [fixed] highdma: on rx-vlan-filter: on [fixed] vlan-challenged: off [fixed] tx-lockless: off [fixed] netns-local: off [fixed] tx-gso-robust: off [fixed] tx-fcoe-segmentation: off [fixed] tx-gre-segmentation: off [fixed] tx-ipip-segmentation: off [fixed] tx-sit-segmentation: off [fixed] tx-udp_tnl-segmentation: off [fixed] tx-mpls-segmentation: off [fixed] fcoe-mtu: off [fixed] tx-nocache-copy: off loopback: off [fixed] rx-fcs: off [fixed] rx-all: off [fixed] tx-vlan-stag-hw-insert: off [fixed] rx-vlan-stag-hw-parse: off [fixed] rx-vlan-stag-filter: off [fixed] busy-poll: off [fixed]

If I reduce output interface MTU size to the MTU LAN fluxcap crashes with sendto message :

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1600

/usr/local/bin/fluxcap -tx -i ens160 -E gretap:X.X.X.X o1 &

warning: -s advised with GRE encapsulation

sendto: Message too long

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/troydhanson/fluxcap/issues/2#issuecomment-373423224, or mute the thread https://github.com/notifications/unsubscribe-auth/AA0S6N6Rn4DvcR77z5BMk6VV4rJchEWMks5teoy_gaJpZM4SrEyS.

[troydhanson]

I added support for IP fragmentation in the GRE encapsulation modes. There is no longer a need to use the -s truncation option. Instead it fragments automatically when needed. Testing looked good so far. Thank you for suggesting the feature.

[troydhanson]

Also note the feature is on the branch gre-frag-support in commit 2f34e7c910e13b850019d42dd8e2bc2e305bff65. Please do not use master, as it's a mess right now.

[nirlya]

Awesome, it works well with my tests ! Also I disabled Offload on the gretap receiver interface.

[troydhanson]

Great, glad to hear it!