-----Original Message----- From: De Lara Guarch, Pablo [mailto:pablo.de.lara.gua...@intel.com] Sent: Monday, October 17, 2016 10:35 PM To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy at intel.com>; Akhil Goyal <akhil.goyal at nxp.com>; dev at dpdk.org Subject: RE: [PATCH] examples/ipsec-secgw: Update checksum while decrementing ttl
> -----Original Message----- > From: Gonzalez Monroy, Sergio > Sent: Monday, October 10, 2016 5:05 AM > To: De Lara Guarch, Pablo; Akhil Goyal; dev at dpdk.org > Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > decrementing ttl > > On 07/10/2016 21:53, De Lara Guarch, Pablo wrote: > >> -----Original Message----- > >> From: Akhil Goyal [mailto:akhil.goyal at nxp.com] > >> Sent: Tuesday, October 04, 2016 11:33 PM > >> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev at dpdk.org > >> Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > >> decrementing ttl > >> > >> On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: > >>> > >>>> -----Original Message----- > >>>> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Sergio > Gonzalez > >>>> Monroy > >>>> Sent: Monday, September 26, 2016 6:28 AM > >>>> To: akhil.goyal at nxp.com; dev at dpdk.org > >>>> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update > checksum > >>>> while decrementing ttl > >>>> > >>>> Hi Akhil, > >>>> > >>>> This application relies on checksum offload in both outbound and > >> inbound > >>>> paths (PKT_TX_IP_CKSUM flag). > >> [Akhil]Agreed that the application relies on checksum offload, but > >> here we are talking about the inner ip header. Inner IP checksum > >> will be updated on the next end point after decryption. This would > >> expect that the next end point must have checksum offload > >> capability. What if we are capturing the encrypted packets on > >> wireshark or say send it to some other machine which does not run > >> DPDK and do not know about > checksum > >> offload, then wireshark/other machine will not be able to get the > >> correct the checksum and will show error. > > Understood, we need to have a valid inner checksum. > RFC1624 states that the computation would be incorrect in > corner/boundary case. > I reckon you are basing your incremental update on RFC1141? > > Also I think you should take care of endianess and increment the > checksum with > host_to_be(0x0100) instead of +1. > > >>>> Because we assume that we always forward the packet in both > >>>> paths, > we > >>>> decrement the ttl in both inbound and outbound. > >>>> You seem to only increment (recalculate) the checksum of the > >>>> inner IP header in the outbound path but not the inbound path. > >> [Akhil]Correct I missed out the inbound path. > >>>> Also, in the inbound path you have to consider a possible ECN > >>>> value > >> update. > >> [Akhil]If I take care of the ECN then it would mean I need to > >> calculate the checksum completely, incremental checksum wont give correct > >> results. > >> This would surely impact performance. Any suggestion on how should > >> we take care of ECN update. Should I recalculate the checksum and > >> send the patch for ECN update? Or do we have a better solution. > > If I am understanding the RFCs mentioned above correctly, you should > be able to do incremental checksum update for any 16bit field/value of > the IP header. > I don't see no reason why you couldn't do something like that, except > that you would have to follow the full equation instead of just adding > 0x0100, which would be always the case when decrementing TTL. > > What do you think? Any comments, Akhil? Ok.. will send next version soon.