lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20151225.234146.1839604131444627126.davem@davemloft.net>
Date:	Fri, 25 Dec 2015 23:41:46 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	tom@...bertland.com
Cc:	ecree@...arflare.com, netdev@...r.kernel.org
Subject: Re: [PATCH net-next 0/2] Local checksum offload for VXLAN

From: Tom Herbert <tom@...bertland.com>
Date: Thu, 17 Dec 2015 10:06:13 -0800

> On Thu, Dec 17, 2015 at 7:27 AM, Edward Cree <ecree@...arflare.com> wrote:
>> When the inner packet checksum is offloaded, the outer UDP checksum is easy
>>  to calculate as it doesn't depend on the payload (because the inner checksum
>>  cancels out everything from the inner packet except the pseudo header).
>> Thus, transmit checksums for VXLAN (and in principle other encapsulations,
>>  but I haven't enabled it for / tested with those) can be offloaded on any
>>  device supporting NETIF_F_HW_CSUM.  Only the innermost checksum has to be
>>  offloaded, the rest are filled in by the stack.
>> Tested by hacking a driver to report NETIF_F_HW_CSUM, call skb_checksum_help
>>  before transmitting a packet, and not actually offload anything to the hw.
>> In principle it should also be possible to apply this technique when the
>>  inner packet has been checksummed by software, but only if skb->csum_start
>>  and skb->csum_offset have been filled in to describe the inner checksum.
>>  However in this case it is easier to use skb->csum and skb->csum_start, as
>>  gso_make_checksum() already does - a similar but simpler technique.  It's
>>  not clear to me where else this should be done, so this is out of scope for
>>  this patch series.
>>
> Edward, it took me a while to understand how this works, but this
> really is an amazing trick! This implies that we don't need to worry
> about HW support for offloading multiple checksums.
> 
> I'm not sure that we need bits in VXLAN or any other encapsulation. It
> should be sufficient in udp_set_csum that if we already have
> CHECKSUM_PARTIAL that can always be used to do local checksum offload.
> This is also should be independent as to whether the device does
> NETIF_F_HW_CSUM or can offload  NETIF_F_IP[V6]_CSUM for encapsulated
> packets.
> 
> It would be nice to have a more formal documentation also. This is a
> very powerful mechanism but the math behind it and requirements are
> subtle.

I also think this is amazing, but should be generalized.

Also the pseudo header bits should be optimized a bit, running
skb_checksum_help() on a two byte part of the packet can certainly be
improved for example. :-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ