lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKgT0Ud3DWAB+se3nH2Ub+LB+UeMssyFkD=qaBdU3F6_E3u2-A@mail.gmail.com>
Date:	Fri, 29 Apr 2016 14:31:47 -0700
From:	Alexander Duyck <alexander.duyck@...il.com>
To:	Michael Chan <michael.chan@...adcom.com>
Cc:	Alexander Duyck <aduyck@...antis.com>,
	Eugenia Emantayev <eugenia@...lanox.com>,
	Bruce W Allan <bruce.w.allan@...el.com>,
	Saeed Mahameed <saeedm@...lanox.com>,
	Netdev <netdev@...r.kernel.org>,
	intel-wired-lan <intel-wired-lan@...ts.osuosl.org>,
	Ariel Elior <ariel.elior@...gic.com>,
	Michael Chan <mchan@...adcom.com>
Subject: Re: [RFC PATCH 4/5] bnxt: Add support for segmentation of tunnels
 with outer checksums

On Fri, Apr 29, 2016 at 2:29 PM, Michael Chan <michael.chan@...adcom.com> wrote:
> On Fri, Apr 29, 2016 at 2:17 PM, Alexander Duyck
> <alexander.duyck@...il.com> wrote:
>> On Wed, Apr 27, 2016 at 9:32 PM, Michael Chan <michael.chan@...adcom.com> wrote:
>>> On Wed, Apr 27, 2016 at 8:21 AM, Alexander Duyck
>>> <alexander.duyck@...il.com> wrote:
>>>> On Tue, Apr 26, 2016 at 10:55 PM, Michael Chan
>>>> <michael.chan@...adcom.com> wrote:
>>>>> On Tue, Apr 19, 2016 at 12:06 PM, Alexander Duyck <aduyck@...antis.com> wrote:
>>>>>> This patch assumes that the bnxt hardware will ignore existing IPv4/v6
>>>>>> header fields for length and checksum as well as the length and checksum
>>>>>> fields for outer UDP and GRE headers.
>>>>>>
>>>>>> I have no means of testing this as I do not have any bnx2x hardware but
>>>>>> thought I would submit it as an RFC to see if anyone out there wants to
>>>>>> test this and see if this does in fact enable this functionality allowing
>>>>>> us to to segment tunneled frames that have an outer checksum.
>>>>>>
>>>>>> Signed-off-by: Alexander Duyck <aduyck@...antis.com>
>>>>>
>>>>> Hi Alex, I just did a very quick test of this patch on our bnxt
>>>>> hardware and it seemed to work.
>>>>>
>>>>> I created a vxlan endpoint with udpcsum enabled and I saw TSO packets
>>>>> getting through.  I've verified that our hardware can be programmed to
>>>>> either ignore outer UDP checksum or to calculate it.  Current default
>>>>> is to ignore ipv4 UDP checksum and calculate ipv6 UDP checksum.
>>>>> Thanks.
>>>>
>>>> Are you saying you can natively support UDP tunnel with outer checksum
>>>> offload then?
>>>
>>> Yes.  Calculate or ignore the outer UDP checksum.
>>
>> I was just thinking about this.  When you say you compute the IPv6
>> checksum how is it you are specifying to the hardware that you want to
>> do that?  Is it something you can configure per packet or is it
>> something that is configured for the VXLAN flow?
>
> In the current version of the hardware, it is a global (chip-wide)
> setting.  1 bit to control outer ipv4 vxlan and 1 bit for outer ipv6
> vxlan.
>
>>
>> I just want to make sure you aren't adding checksums to IPv6 tunnels
>> that specify that they don't want a checksum, or stripping them from
>> v4 tunnels that do want a checksum.
>
> If the global setting has outer UDP checksum enabled, it will be
> calculated no matter what.  If the setting is disabled, it will just
> ignore it without overwriting it.

Okay so if that is the case we may want to make it so that we ignore
checksum for both IPv4 and IPv6 and then we can just provide it via
GSO_PARTIAL in the case we want it.  Otherwise you are technically
mangling the frames by inserting a checksum on the outer header even
though the tunnel was not configured for it.  If you can point me
toward the point in the code where that is happening I can probably
make it a part of this patch.

Thanks.

- Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ