bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Daniel Borkmann <daniel@iogearbox.net>
To: Alan Maguire <alan.maguire@oracle.com>,
	Lorenz Bauer <lmb@cloudflare.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	bpf <bpf@vger.kernel.org>,
	kernel-team <kernel-team@cloudflare.com>,
	Jakub Kicinski <kuba@kernel.org>
Subject: Re: Checksum behaviour of bpf_redirected packets
Date: Mon, 1 Jun 2020 22:13:12 +0200	[thread overview]
Message-ID: <835af597-c346-e178-09c4-9f67c9480020@iogearbox.net> (raw)
In-Reply-To: <alpine.LRH.2.21.2006011839430.623@localhost>

On 6/1/20 7:48 PM, Alan Maguire wrote:
> On Wed, 13 May 2020, Lorenz Bauer wrote:
> 
>>>> Option 1: always downgrade UNNECESSARY to NONE
>>>> - Easiest to back port
>>>> - The helper is safe by default
>>>> - Performance impact unclear
>>>> - No escape hatch for Cilium
>>>>
>>>> Option 2: add a flag to force CHECKSUM_NONE
>>>> - New UAPI, can this be backported?
>>>> - The helper isn't safe by default, needs documentation
>>>> - Escape hatch for Cilium
>>>>
>>>> Option 3: downgrade to CHECKSUM_NONE, add flag to skip this
>>>> - New UAPI, can this be backported?
>>>> - The helper is safe by default
>>>> - Escape hatch for Cilium (though you'd need to detect availability of the
>>>>     flag somehow)
>>>
>>> This seems most reasonable to me; I can try and cook a proposal for tomorrow as
>>> potential fix. Even if we add a flag, this is still backportable to stable (as
>>> long as the overall patch doesn't get too complex and the backport itself stays
>>> compatible uapi-wise to latest kernels. We've done that before.). I happen to
>>> have two ixgbe NICs on some of my test machines which seem to be setting the
>>> CHECKSUM_UNNECESSARY, so I'll run some experiments from over here as well.
>>
>> Great! I'm happy to test, of course.
> 
> I had a go at implementing option 3 as a few colleagues ran into this
> problem. They confirmed the fix below resolved the issue.  Daniel is
> this  roughly what you had in mind? I can submit a patch for the bpf
> tree if that's acceptable with the new flag. Do we need a few
> tests though?

Coded this [0] up last week which Lorenz gave a spin as well. Originally wanted to
get it out Friday night, but due to internal release stuff it got too late Fri night
and didn't want to rush it at 3am anymore, so the series as fixes is going out tomorrow
morning [today was public holiday in CH over here].

Thanks,
Daniel

   [0] https://git.kernel.org/pub/scm/linux/kernel/git/dborkman/bpf.git/log/?h=pr/adjust-csum

  reply	other threads:[~2020-06-01 20:13 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-04 16:11 Checksum behaviour of bpf_redirected packets Lorenz Bauer
2020-05-06  1:28 ` Alexei Starovoitov
2020-05-06 16:24   ` Lorenz Bauer
2020-05-06 17:26     ` Jakub Kicinski
2020-05-06 21:55     ` Daniel Borkmann
2020-05-07 15:54       ` Lorenz Bauer
2020-05-07 16:43         ` Daniel Borkmann
2020-05-07 21:25           ` Jakub Kicinski
2020-05-11  9:31             ` Lorenz Bauer
2020-05-11  9:29           ` Lorenz Bauer
2020-05-12 21:25             ` Daniel Borkmann
2020-05-13 14:14               ` Lorenz Bauer
2020-06-01 17:48                 ` Alan Maguire
2020-06-01 20:13                   ` Daniel Borkmann [this message]
2020-06-01 21:25                     ` Alan Maguire
2020-06-02 10:13                       ` Lorenz Bauer
2020-06-02 15:01                         ` Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=835af597-c346-e178-09c4-9f67c9480020@iogearbox.net \
    --to=daniel@iogearbox.net \
    --cc=alan.maguire@oracle.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=bpf@vger.kernel.org \
    --cc=kernel-team@cloudflare.com \
    --cc=kuba@kernel.org \
    --cc=lmb@cloudflare.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).