From: su sai <spiderdetective.ss@gmail.com>
To: Thomas Monjalon <thomas@monjalon.net>
Cc: stephen@networkplumber.org, dev@dpdk.org,
Marat Khalili <marat.khalili@huawei.com>
Subject: Re: [v3] net/cksum: compute raw cksum for several segments
Date: Tue, 12 Aug 2025 11:03:36 +0800 [thread overview]
Message-ID: <CAFQeoKi8W8WAYUY1OuSn+qMgG1c2V7PjLjEH608m894TpLOVvw@mail.gmail.com> (raw)
In-Reply-To: <4313463.1IzOArtZ34@thomas>
[-- Attachment #1: Type: text/plain, Size: 3691 bytes --]
Hi Thomas Monjalon,
First, let's describe the scenario where we discovered the problem at that
time as follows:
This error can be reproduced as follows:
1. In the client ECS with an MTU of 1500, initiate traffic using the
command "iperf3 -c {dst ip} -b 1m -M 125 -t 8000". It will trigger TCP
segmentation.
2. On the host machine, TCP segmentation is performed through the
'rte_gso_segment' function.
3. After the gso, a packet in one mbuf will be split into multiple segments.
4. When calculating the TCP checksum using the 'rte_raw_cksum_mbuf'
function, it will enter the 'hard case: process checksum of several
segments' of the function. At this point, a calculation error may occur.
5. In the destination ECS, the InCsumErrors statistic can be viewed using
the command "netstat -st | grep -i csum". The erroneous packets can also be
confirmed via the tcpdump command.
The following is a detailed description of a captured erroneous packet.
The hex stream of the packet is as follows:
00163e0b6bd2eeffffffffff0800450000a50d7a40004006b94bc0a8f91dc0a8f91ed5d2145146f9d990e10d6a2d8010020040a200000101080a95ac86ba091145d3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
This is a packet in the format of Eth + IPv4 + TCP + Payload.
Taking the above-mentioned packet as an example, the calculation process of
'rte_raw_cksum_mbuf' is as follows:
1. Due to the small MSS, TSO fragmentation was triggered, generating 3
mbufs.
2. The data_len of the first mbuf is 66 bytes, containing the Ethernet
header, IPv4 header, and TCP header.
3. The data_len of the second mbuf is 61 bytes.
4. The data_len of the third mbuf is 52 bytes.
5. When calculating the checksum of the TCP header for such an mbuf chain
using the rte_raw_cksum_mbuf function, the 'tmp' value obtained during the
calculation of the third mbuf is 0x19FFE6.
6. After applying rte_bswap16, tmp becomes 0xE6FF, with 0x19 discarded.
This results in an incorrect final checksum.
Second, Not all multiseg packets will cause calculation errors in the
'rte_raw_cksum_mbuf' function. There are two cases that can lead to
incorrect final results.
1. If the value of 'tmp' is greater than 0xFFFF, 'tmp =
rte_bswap16((uint16_t)tmp)' will drop high 16 bit.
2. Both 'tmp' and 'sum' is uint32_t, if the value of 'sum' is greater than
0xFFFFFFFF, 'sum += tmp' will drop the carry when overflow.
Third, in our online cloud network, we found that the problem only occurs
when there are 3 or more segments. I believe that the aforementioned issue
may be triggered when there are 3 or more segments, but a test case with 3
segments is sufficient to detect this problem.
On Mon, Aug 11, 2025 at 10:42 PM Thomas Monjalon <thomas@monjalon.net>
wrote:
> Hello,
>
> 04/08/2025 05:54, Su Sai:
> > The rte_raw_cksum_mbuf function is used to compute
> > the raw checksum of a packet.
> > If the packet payload stored in multi mbuf, the function
> > will goto the hard case. In hard case,
> > the variable 'tmp' is a type of uint32_t,
> > so rte_bswap16 will drop high 16 bit.
> > Meanwhile, the variable 'sum' is a type of uint32_t,
> > so 'sum += tmp' will drop the carry when overflow.
> > Both drop will make cksum incorrect.
> > This commit fixes the above bug.
>
> Thank you for the fix and the associated test.
>
> Please could describe the exact condition to get a wrong checksum?
> Does it happen with all multiseg packets?
> 3 segments is a minimum? Any other constraint to reproduce?
>
>
>
[-- Attachment #2: Type: text/html, Size: 4247 bytes --]
prev parent reply other threads:[~2025-08-12 3:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-31 9:55 [PATCH] " 苏赛
2025-07-31 10:51 ` Marat Khalili
2025-07-31 11:03 ` Marat Khalili
2025-07-31 11:31 ` [External] " Su Sai
2025-07-31 11:43 ` Marat Khalili
2025-07-31 11:46 ` Marat Khalili
2025-07-31 12:22 ` zhoumin
2025-08-01 7:26 ` Su Sai
2025-08-01 15:28 ` [v2] " Su Sai
2025-08-01 16:39 ` Marat Khalili
2025-08-02 11:08 ` [v3] " Su Sai
2025-08-03 16:08 ` Stephen Hemminger
2025-08-04 3:54 ` Su Sai
2025-08-05 8:55 ` Marat Khalili
2025-08-11 14:42 ` Thomas Monjalon
2025-08-12 3:03 ` su sai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFQeoKi8W8WAYUY1OuSn+qMgG1c2V7PjLjEH608m894TpLOVvw@mail.gmail.com \
--to=spiderdetective.ss@gmail.com \
--cc=dev@dpdk.org \
--cc=marat.khalili@huawei.com \
--cc=stephen@networkplumber.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).