From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id CB3236943 for ; Mon, 10 Oct 2016 14:05:39 +0200 (CEST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP; 10 Oct 2016 05:05:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,324,1473145200"; d="scan'208";a="178299901" Received: from smonroyx-mobl.ger.corp.intel.com (HELO [10.252.13.124]) ([10.252.13.124]) by fmsmga004.fm.intel.com with ESMTP; 10 Oct 2016 05:05:20 -0700 To: "De Lara Guarch, Pablo" , Akhil Goyal , "dev@dpdk.org" References: <20160926163300.22990-1-akhil.goyal@nxp.com> <53327b5c-9a6f-9336-fbb7-109204a8ff0b@nxp.com> From: Sergio Gonzalez Monroy Message-ID: <73f643bf-9ca8-f38a-fbfb-5a127d9d01b5@intel.com> Date: Mon, 10 Oct 2016 13:05:19 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum while decrementing ttl X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 12:05:40 -0000 On 07/10/2016 21:53, De Lara Guarch, Pablo wrote: >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Tuesday, October 04, 2016 11:33 PM >> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev@dpdk.org >> Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while >> decrementing ttl >> >> On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: >>> >>>> -----Original Message----- >>>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez >>>> Monroy >>>> Sent: Monday, September 26, 2016 6:28 AM >>>> To: akhil.goyal@nxp.com; dev@dpdk.org >>>> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum >>>> while decrementing ttl >>>> >>>> Hi Akhil, >>>> >>>> This application relies on checksum offload in both outbound and >> inbound >>>> paths (PKT_TX_IP_CKSUM flag). >> [Akhil]Agreed that the application relies on checksum offload, but here >> we are talking about the inner ip header. Inner IP checksum will be >> updated on the next end point after decryption. This would expect that >> the next end point must have checksum offload capability. What if we are >> capturing the encrypted packets on wireshark or say send it to some >> other machine which does not run DPDK and do not know about checksum >> offload, then wireshark/other machine will not be able to get the >> correct the checksum and will show error. Understood, we need to have a valid inner checksum. RFC1624 states that the computation would be incorrect in corner/boundary case. I reckon you are basing your incremental update on RFC1141? Also I think you should take care of endianess and increment the checksum with host_to_be(0x0100) instead of +1. >>>> Because we assume that we always forward the packet in both paths, we >>>> decrement the ttl in both inbound and outbound. >>>> You seem to only increment (recalculate) the checksum of the inner IP >>>> header in the outbound path but not the inbound path. >> [Akhil]Correct I missed out the inbound path. >>>> Also, in the inbound path you have to consider a possible ECN value >> update. >> [Akhil]If I take care of the ECN then it would mean I need to calculate >> the checksum completely, incremental checksum wont give correct results. >> This would surely impact performance. Any suggestion on how should we >> take care of ECN update. Should I recalculate the checksum and send the >> patch for ECN update? Or do we have a better solution. If I am understanding the RFCs mentioned above correctly, you should be able to do incremental checksum update for any 16bit field/value of the IP header. I don't see no reason why you couldn't do something like that, except that you would have to follow the full equation instead of just adding 0x0100, which would be always the case when decrementing TTL. What do you think? Sergio >>> Any further comments here, Akhil? >>> >>> Thanks, >>> Pablo >>> >> [Akhil] Sorry I missed out the previous reply from Sergio. > Any more comments, Sergio? > > Pablo >> Thanks, >> Akhil