From dbf786c6b33d7ee58477b1ade35f39910fb2c654 Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Tue, 16 Jun 2020 16:33:12 -0700 Subject: Add runsc options to set checksum offloading status --tx-checksum-offload= enable TX checksum offload (default: false) --rx-checksum-offload= enable RX checksum offload (default: true) Fixes #2989 PiperOrigin-RevId: 316781309 --- runsc/boot/config.go | 8 ++++++++ runsc/boot/network.go | 5 ++++- runsc/main.go | 6 +++++- runsc/sandbox/network.go | 16 +++++++++------- 4 files changed, 26 insertions(+), 9 deletions(-) (limited to 'runsc') diff --git a/runsc/boot/config.go b/runsc/boot/config.go index bcec7e4db..bb01b8fb5 100644 --- a/runsc/boot/config.go +++ b/runsc/boot/config.go @@ -187,6 +187,12 @@ type Config struct { // SoftwareGSO indicates that software segmentation offload is enabled. SoftwareGSO bool + // TXChecksumOffload indicates that TX Checksum Offload is enabled. + TXChecksumOffload bool + + // RXChecksumOffload indicates that RX Checksum Offload is enabled. + RXChecksumOffload bool + // QDisc indicates the type of queuening discipline to use by default // for non-loopback interfaces. QDisc QueueingDiscipline @@ -299,6 +305,8 @@ func (c *Config) ToFlags() []string { "--ref-leak-mode=" + refsLeakModeToString(c.ReferenceLeakMode), "--gso=" + strconv.FormatBool(c.HardwareGSO), "--software-gso=" + strconv.FormatBool(c.SoftwareGSO), + "--rx-checksum-offload=" + strconv.FormatBool(c.RXChecksumOffload), + "--tx-checksum-offload=" + strconv.FormatBool(c.TXChecksumOffload), "--overlayfs-stale-read=" + strconv.FormatBool(c.OverlayfsStaleRead), "--qdisc=" + c.QDisc.String(), } diff --git a/runsc/boot/network.go b/runsc/boot/network.go index 0af30456e..14d2f56a5 100644 --- a/runsc/boot/network.go +++ b/runsc/boot/network.go @@ -123,6 +123,8 @@ type FDBasedLink struct { Routes []Route GSOMaxSize uint32 SoftwareGSOEnabled bool + TXChecksumOffload bool + RXChecksumOffload bool LinkAddress net.HardwareAddr QDisc QueueingDiscipline @@ -236,7 +238,8 @@ func (n *Network) CreateLinksAndRoutes(args *CreateLinksAndRoutesArgs, _ *struct PacketDispatchMode: fdbased.RecvMMsg, GSOMaxSize: link.GSOMaxSize, SoftwareGSOEnabled: link.SoftwareGSOEnabled, - RXChecksumOffload: true, + TXChecksumOffload: link.TXChecksumOffload, + RXChecksumOffload: link.RXChecksumOffload, }) if err != nil { return err diff --git a/runsc/main.go b/runsc/main.go index 920ed84a5..c9f47c579 100644 --- a/runsc/main.go +++ b/runsc/main.go @@ -71,7 +71,9 @@ var ( platformName = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm.") network = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.") hardwareGSO = flag.Bool("gso", true, "enable hardware segmentation offload if it is supported by a network device.") - softwareGSO = flag.Bool("software-gso", true, "enable software segmentation offload when hardware ofload can't be enabled.") + softwareGSO = flag.Bool("software-gso", true, "enable software segmentation offload when hardware offload can't be enabled.") + txChecksumOffload = flag.Bool("tx-checksum-offload", false, "enable TX checksum offload.") + rxChecksumOffload = flag.Bool("rx-checksum-offload", true, "enable RX checksum offload.") qDisc = flag.String("qdisc", "fifo", "specifies which queueing discipline to apply by default to the non loopback nics used by the sandbox.") fileAccess = flag.String("file-access", "exclusive", "specifies which filesystem to use for the root mount: exclusive (default), shared. Volume mounts are always shared.") fsGoferHostUDS = flag.Bool("fsgofer-host-uds", false, "allow the gofer to mount Unix Domain Sockets.") @@ -223,6 +225,8 @@ func main() { Network: netType, HardwareGSO: *hardwareGSO, SoftwareGSO: *softwareGSO, + TXChecksumOffload: *txChecksumOffload, + RXChecksumOffload: *rxChecksumOffload, LogPackets: *logPackets, Platform: platformType, Strace: *strace, diff --git a/runsc/sandbox/network.go b/runsc/sandbox/network.go index 209bfdb20..deee619f3 100644 --- a/runsc/sandbox/network.go +++ b/runsc/sandbox/network.go @@ -62,7 +62,7 @@ func setupNetwork(conn *urpc.Client, pid int, spec *specs.Spec, conf *boot.Confi // Build the path to the net namespace of the sandbox process. // This is what we will copy. nsPath := filepath.Join("/proc", strconv.Itoa(pid), "ns/net") - if err := createInterfacesAndRoutesFromNS(conn, nsPath, conf.HardwareGSO, conf.SoftwareGSO, conf.NumNetworkChannels, conf.QDisc); err != nil { + if err := createInterfacesAndRoutesFromNS(conn, nsPath, conf.HardwareGSO, conf.SoftwareGSO, conf.TXChecksumOffload, conf.RXChecksumOffload, conf.NumNetworkChannels, conf.QDisc); err != nil { return fmt.Errorf("creating interfaces from net namespace %q: %v", nsPath, err) } case boot.NetworkHost: @@ -115,7 +115,7 @@ func isRootNS() (bool, error) { // createInterfacesAndRoutesFromNS scrapes the interface and routes from the // net namespace with the given path, creates them in the sandbox, and removes // them from the host. -func createInterfacesAndRoutesFromNS(conn *urpc.Client, nsPath string, hardwareGSO bool, softwareGSO bool, numNetworkChannels int, qDisc boot.QueueingDiscipline) error { +func createInterfacesAndRoutesFromNS(conn *urpc.Client, nsPath string, hardwareGSO bool, softwareGSO bool, txChecksumOffload bool, rxChecksumOffload bool, numNetworkChannels int, qDisc boot.QueueingDiscipline) error { // Join the network namespace that we will be copying. restore, err := joinNetNS(nsPath) if err != nil { @@ -197,11 +197,13 @@ func createInterfacesAndRoutesFromNS(conn *urpc.Client, nsPath string, hardwareG } link := boot.FDBasedLink{ - Name: iface.Name, - MTU: iface.MTU, - Routes: routes, - NumChannels: numNetworkChannels, - QDisc: qDisc, + Name: iface.Name, + MTU: iface.MTU, + Routes: routes, + TXChecksumOffload: txChecksumOffload, + RXChecksumOffload: rxChecksumOffload, + NumChannels: numNetworkChannels, + QDisc: qDisc, } // Get the link for the interface. -- cgit v1.2.3