[dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum while decrementing ttl

De Lara Guarch, Pablo pablo.de.lara.guarch at intel.com
Wed Oct 26 04:29:30 CEST 2016



> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal at nxp.com]
> Sent: Wednesday, October 19, 2016 1:38 AM
> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev at dpdk.org
> Subject: RE: [PATCH] examples/ipsec-secgw: Update checksum while
> decrementing ttl
> 
> 
> 
> -----Original Message-----
> From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch at intel.com]
> Sent: Monday, October 17, 2016 10:35 PM
> To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy at intel.com>; Akhil
> Goyal <akhil.goyal at nxp.com>; dev at dpdk.org
> Subject: RE: [PATCH] examples/ipsec-secgw: Update checksum while
> decrementing ttl
> 
> 
> 
> > -----Original Message-----
> > From: Gonzalez Monroy, Sergio
> > Sent: Monday, October 10, 2016 5:05 AM
> > To: De Lara Guarch, Pablo; Akhil Goyal; dev at dpdk.org
> > Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while
> > decrementing ttl
> >
> > On 07/10/2016 21:53, De Lara Guarch, Pablo wrote:
> > >> -----Original Message-----
> > >> From: Akhil Goyal [mailto:akhil.goyal at nxp.com]
> > >> Sent: Tuesday, October 04, 2016 11:33 PM
> > >> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev at dpdk.org
> > >> Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while
> > >> decrementing ttl
> > >>
> > >> On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote:
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Sergio
> > Gonzalez
> > >>>> Monroy
> > >>>> Sent: Monday, September 26, 2016 6:28 AM
> > >>>> To: akhil.goyal at nxp.com; dev at dpdk.org
> > >>>> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update
> > checksum
> > >>>> while decrementing ttl
> > >>>>
> > >>>> Hi Akhil,
> > >>>>
> > >>>> This application relies on checksum offload in both outbound and
> > >> inbound
> > >>>> paths (PKT_TX_IP_CKSUM flag).
> > >> [Akhil]Agreed that the application relies on checksum offload, but
> > >> here we are talking about the inner ip header. Inner IP checksum
> > >> will be updated on the next end point after decryption. This would
> > >> expect that the next end point must have checksum offload
> > >> capability. What if we are capturing the encrypted packets on
> > >> wireshark or say send it to some other machine which does not run
> > >> DPDK and do not know about
> > checksum
> > >> offload, then wireshark/other machine will not be able to get the
> > >> correct the checksum and will show error.
> >
> > Understood, we need to have a valid inner checksum.
> > RFC1624 states that the computation would be incorrect in
> > corner/boundary case.
> > I reckon you are basing your incremental update on RFC1141?
> >
> > Also I think you should take care of endianess and increment the
> > checksum with
> > host_to_be(0x0100) instead of +1.
> >
> > >>>> Because we assume that we always forward the packet in both
> > >>>> paths,
> > we
> > >>>> decrement the ttl in both inbound and outbound.
> > >>>> You seem to only increment (recalculate) the checksum of the
> > >>>> inner IP header in the outbound path but not the inbound path.
> > >> [Akhil]Correct I missed out the inbound path.
> > >>>> Also, in the inbound path you have to consider a possible ECN
> > >>>> value
> > >> update.
> > >> [Akhil]If I take care of the ECN then it would mean I need to
> > >> calculate the checksum completely, incremental checksum wont give
> correct results.
> > >> This would surely impact performance. Any suggestion on how should
> > >> we take care of ECN update. Should I recalculate the checksum and
> > >> send the patch for ECN update? Or do we have a better solution.
> >
> > If I am understanding the RFCs mentioned above correctly, you should
> > be able to do incremental checksum update for any 16bit field/value of
> > the IP header.
> > I don't see no reason why you couldn't do something like that, except
> > that you would have to follow the full equation instead of just adding
> > 0x0100, which would be always the case when decrementing TTL.
> >
> > What do you think?
> 
> Any comments, Akhil?
> 
> Ok.. will send next version soon.

Hi Akhil,
Are you sending that version soon? It won't make it the RC2, but it may be merged for RC3.

Thanks,
Pablo



More information about the dev mailing list