lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Sun, 13 Jul 2014 16:01:21 -0700
From:	Tom Herbert <>
To:	Sharat Masetty <>
Cc:	David Miller <>,
	Linux Netdev List <>
Subject: Re: [PATCH v2 0/4] net: Checksum offload changes - Part IV

On Thu, Jul 10, 2014 at 10:40 PM, Sharat Masetty <> wrote:
>> Don't do skb_checksum more than once per packet
> Was wondering in which cases does the stack perform the checksum more
> than once? __skb_checksum_complete_head() already sets the ip_summed
> to CHECKSUM_UNNECESSARY, so future checksum calculations are avoided.

Consider the following scenario:

1) VXLAN packet is receive with non-zero UDP checksum and driver did
not set checksum unnecessary.
2) Stack computes and verifies UDP checksum and sets ip_summed to
3) Packet enters UDP tunnel processing, ip_summed is set to
CHECKSUM_NONE since skb->encapsulation == 0
4) Stack will then recompute checksum for an encapsulated TCP packet.

So in this case the bytes in the TCP header and all its data were
checksum twice. To avoid this we don't set CHECKSUM_UNNECESSARY but
keep ip_summed == CHECKSUM_COMPLETE.

There are other cases where the packet can be checksummed twice, for
instance it checksum is bad I believe both GRO and normal path will
compute it (still need to fix this).


> What am I missing?
> Thanks
> Sharat
> On Wed, Jun 11, 2014 at 4:46 PM, David Miller <> wrote:
>> From: Tom Herbert <>
>> Date: Tue, 10 Jun 2014 18:54:03 -0700 (PDT)
>>> I am working on overhauling RX checksum offload. Goals of this effort
>>> are:
>>> - Specify what exactly it means when driver returns CHECKSUM_UNNECESSARY
>>> - Preserve CHECKSUM_COMPLETE through encapsulation layers
>>> - Don't do skb_checksum more than once per packet
>>> - Unify GRO and non-GRO csum verification as much as possible
>>> - Unify the checksum functions (checksum_init)
>>> - Simply code
>>> What is in this fourth patch set:
>>> - Preserve CHECKSUM_COMPLETE instead of changing it to
>>>   CHECKSUM_UNNECESSARY. This allows correct reuse in validating multiple
>>>   csums in a packet.
>>> - When SW needs to compute the packet checksum, save it as
>>>   CHECKSUM_COMPLETE. Also mark that checksum was compute by SW.
>>> - Add skb_gro_postpull_rcsum to udp and vxlan to make GRO work with
>>> v2: Removed patch setting skb_encapsulation when validating checksum
>>>     in tcp_gro_receive
>>> Please review carefully and test if possible, mucking with basic
>>> checksum functions is always a little precarious :-)
>> Series applied, thanks Tom.
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to
>> More majordomo info at
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists