All of lore.kernel.org
 help / color / mirror / Atom feed
From: Thomas Graf <tgraf@suug.ch>
To: Tom Herbert <tom@herbertland.com>
Cc: Edward Cree <ecree@solarflare.com>,
	David Miller <davem@davemloft.net>,
	Linux Kernel Network Developers <netdev@vger.kernel.org>
Subject: Re: Checksum offload queries
Date: Wed, 9 Dec 2015 02:56:02 +0100	[thread overview]
Message-ID: <20151209015602.GB19097@pox.localdomain> (raw)
In-Reply-To: <CALx6S36aMvroE0mWz9+9EU+newrfkUqqFO+6T5YZVh_9xrMJLg@mail.gmail.com>

On 12/08/15 at 09:04am, Tom Herbert wrote:
> There are other reasons why CHECKSUM_COMPLETE is preferable:
> 
> - CHECKSUM_COMPLETE  is more robust. We have no way to validate that
> the device is actually correct in CHECKSUM_UNNECESSARY. For instance,
> how do we know that there isn't some failure in the device where
> everything is being marked as good even if it's not. With
> CHECKSUM_COMPLETE it is the host that actually makes the decision of
> whether the checksum is correct it is highly unlikely that failing
> checksum calculation on the device won't be detected. HW failures and
> bugs are real concern.
> -  CHECKSUM_UNNECESSARY does not report bad checksums. There is a
> csum_bad flag in the sk_buff that could be set if the driver detects a
> bad checksum in the packet, but no drivers seem to be setting that
> currently. So for any packets with bad checksums the stack will need
> to compute the checksum itself, so this potentially becomes the basis
> of a DDOS attack. CHECKSUM_COMPLETE does not have this problem, we get
> the checksum of the packet rather the checksum is correct or not.

If I understood Edward correctly, his proposal would be for the
card to provide both, the csum as for CHECKSUM_COMPLETE plus the
validation yes/no hint. It would be up to the kernel to decide
whether to validate itself or trust the card.

I'm all in favour CHECKSUM_COMPLETE as the only way to go but 
we should be aware that it depends on the penetration of RCO in
hardware VTEPs.

  reply	other threads:[~2015-12-09  1:56 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-07 15:39 Checksum offload queries Edward Cree
2015-12-07 17:29 ` Tom Herbert
2015-12-07 17:52   ` Tom Herbert
2015-12-08 16:03   ` Edward Cree
2015-12-08 16:43     ` Tom Herbert
2015-12-08 18:03       ` Edward Cree
2015-12-08 17:09     ` David Miller
2015-12-08 17:24       ` Edward Cree
2015-12-08 17:28         ` David Miller
2015-12-07 19:38 ` David Miller
2015-12-08 14:42   ` Edward Cree
2015-12-08 17:04     ` Tom Herbert
2015-12-09  1:56       ` Thomas Graf [this message]
2015-12-09 16:08         ` Tom Herbert
2015-12-09 22:29           ` Thomas Graf
2015-12-09 22:51             ` Tom Herbert
2015-12-09 23:13               ` Thomas Graf
2015-12-08 17:06     ` David Miller
2015-12-09 12:14       ` Edward Cree
2015-12-09 16:01         ` Tom Herbert
2015-12-09 17:28           ` Edward Cree
2015-12-09 17:31             ` David Laight
2015-12-09 18:00             ` Tom Herbert
2015-12-09 22:21               ` Thomas Graf
2015-12-09 22:42                 ` Tom Herbert
2015-12-09 22:44                   ` Thomas Graf
2015-12-10 15:49               ` Edward Cree
2015-12-10 16:26                 ` Tom Herbert
2015-12-10 20:28                   ` Edward Cree
2015-12-10 21:02                     ` Rustad, Mark D
2015-12-14 15:11                     ` [RFC PATCH net-next 0/2] Local checksum offload for VXLAN Edward Cree
2015-12-14 15:13                       ` [PATCH 1/2] net: udp: local checksum offload for encapsulation Edward Cree
2015-12-14 17:16                         ` Tom Herbert
2015-12-15 18:07                           ` Edward Cree
2015-12-14 15:13                       ` [PATCH 2/2] net: vxlan: enable local checksum offload on HW_CSUM devices Edward Cree
2015-12-11 23:50             ` Checksum offload queries Tom Herbert
2015-12-12 16:41               ` Sowmini Varadhan
2015-12-12 17:24                 ` Tom Herbert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151209015602.GB19097@pox.localdomain \
    --to=tgraf@suug.ch \
    --cc=davem@davemloft.net \
    --cc=ecree@solarflare.com \
    --cc=netdev@vger.kernel.org \
    --cc=tom@herbertland.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.