From: Matthieu Baerts <matthieu.baerts@tessares.net>
To: Mat Martineau <mathew.j.martineau@linux.intel.com>
Cc: MPTCP Upstream <mptcp@lists.linux.dev>
Subject: Re: Checksum support: default behaviour
Date: Fri, 18 Jun 2021 16:23:02 +0200 [thread overview]
Message-ID: <996ded10-b6d9-e6c3-bb29-3150bd2dd284@tessares.net> (raw)
In-Reply-To: <eac91c93-e4cb-4196-6daa-c9711606aa40@tessares.net>
Hi Mat,
On 14/06/2021 17:54, Matthieu Baerts wrote:
> Hi Mat,
>
> Thank you for your reply!
>
> On 12/06/2021 06:05, Mat Martineau wrote:
>> On Fri, 11 Jun 2021, Matthieu Baerts wrote:
>>
>>> Hello,
>>>
>>> With the current checksum support series from Geliang and Paolo
>>> available in our tree, the default behaviour is not to use this checksum
>>> feature.
>>>
>>> Should we eventually do the opposite and have it enabled by default?
>>>
>>> I do understand this has a cost in terms of performances but this could
>>> help detecting nasty middleboxes, i.e. the ones that modify the TCP
>>> packets without modifying MPTCP options if needed.
>>>
>>> On the other hand, I don't have numbers showing if these middleboxes are
>>> rare or not.
>>>
>>> But also, the main issue I see if we enable the checksum support by
>>> default is that we are no longer able to talk to servers not supporting
>>> it (<5.13), no?
>>>
>>> WDYT?
>>>
>>
>> I lean toward leaving checksums off by default, based on what I've heard
>> from community members. It sounds like large deployments haven't seen
>> checksums catch many problems? Some actual data about the frequency of
>> checksum failures would really help.
>
> I don't have data but I asked around and the checksum support has been
> added for middleboxes like Application-level gateway (ALG) or the ones
> modifying HTTP to add more content, inject JS, etc.
>
> For the ALG, I know that they are needed for NAT, e.g. for FTP to change
> the IP/port inside the payload. But in this case, I don't think it is
> supposed to change the size of the packet, only bytes inside. (except if
> we switch from v4 to v6?). So in theory, MPTCP DSS doesn't need to be
> updated.
There might be issues with protocol like FTP: the IP address is
represented in plain text which means it will likely change the size of
the packet. DSS mapping will no longer be correct. If we reduce the
size, we might take a bit of time to realise we will never get the
missing bit.
But we should detect it at some points and yeah, that's FTP...
Cheers,
Matt
--
Tessares | Belgium | Hybrid Access Solutions
www.tessares.net
prev parent reply other threads:[~2021-06-18 14:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-11 14:59 Checksum support: default behaviour Matthieu Baerts
2021-06-12 4:05 ` Mat Martineau
2021-06-14 10:39 ` Paolo Abeni
2021-06-14 15:58 ` Matthieu Baerts
2021-06-14 15:54 ` Matthieu Baerts
2021-06-18 14:23 ` Matthieu Baerts [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=996ded10-b6d9-e6c3-bb29-3150bd2dd284@tessares.net \
--to=matthieu.baerts@tessares.net \
--cc=mathew.j.martineau@linux.intel.com \
--cc=mptcp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.