> -----Original Message----- > From: Gonzalez Monroy, Sergio > Sent: Monday, October 10, 2016 5:05 AM > To: De Lara Guarch, Pablo; Akhil Goyal; dev at dpdk.org > Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > decrementing ttl > > On 07/10/2016 21:53, De Lara Guarch, Pablo wrote: > >> -----Original Message----- > >> From: Akhil Goyal [mailto:akhil.goyal at nxp.com] > >> Sent: Tuesday, October 04, 2016 11:33 PM > >> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev at dpdk.org > >> Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > >> decrementing ttl > >> > >> On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: > >>> > >>>> -----Original Message----- > >>>> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Sergio > Gonzalez > >>>> Monroy > >>>> Sent: Monday, September 26, 2016 6:28 AM > >>>> To: akhil.goyal at nxp.com; dev at dpdk.org > >>>> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update > checksum > >>>> while decrementing ttl > >>>> > >>>> Hi Akhil, > >>>> > >>>> This application relies on checksum offload in both outbound and > >> inbound > >>>> paths (PKT_TX_IP_CKSUM flag). > >> [Akhil]Agreed that the application relies on checksum offload, but here > >> we are talking about the inner ip header. Inner IP checksum will be > >> updated on the next end point after decryption. This would expect that > >> the next end point must have checksum offload capability. What if we are > >> capturing the encrypted packets on wireshark or say send it to some > >> other machine which does not run DPDK and do not know about > checksum > >> offload, then wireshark/other machine will not be able to get the > >> correct the checksum and will show error. > > Understood, we need to have a valid inner checksum. > RFC1624 states that the computation would be incorrect in > corner/boundary case. > I reckon you are basing your incremental update on RFC1141? > > Also I think you should take care of endianess and increment the > checksum with > host_to_be(0x0100) instead of +1. > > >>>> Because we assume that we always forward the packet in both paths, > we > >>>> decrement the ttl in both inbound and outbound. > >>>> You seem to only increment (recalculate) the checksum of the inner IP > >>>> header in the outbound path but not the inbound path. > >> [Akhil]Correct I missed out the inbound path. > >>>> Also, in the inbound path you have to consider a possible ECN value > >> update. > >> [Akhil]If I take care of the ECN then it would mean I need to calculate > >> the checksum completely, incremental checksum wont give correct results. > >> This would surely impact performance. Any suggestion on how should we > >> take care of ECN update. Should I recalculate the checksum and send the > >> patch for ECN update? Or do we have a better solution. > > If I am understanding the RFCs mentioned above correctly, you should be > able to do > incremental checksum update for any 16bit field/value of the IP header. > I don't see no reason why you couldn't do something like that, except > that you would > have to follow the full equation instead of just adding 0x0100, which > would be always > the case when decrementing TTL. > > What do you think?
Any comments, Akhil?
