> -----Original Message----- > From: Bill Fischofer [mailto:bill.fischo...@linaro.org] > Sent: Tuesday, March 28, 2017 3:05 PM > To: Savolainen, Petri (Nokia - FI/Espoo) <petri.savolainen@nokia-bell- > labs.com> > Cc: lng-odp-forward <lng-odp@lists.linaro.org> > Subject: Re: [lng-odp] [API-NEXT PATCH] api: packet: add per packet > checksum control > > On Tue, Mar 28, 2017 at 6:39 AM, Savolainen, Petri (Nokia - FI/Espoo) > <petri.savolai...@nokia-bell-labs.com> wrote: > > It's a mandatory feature when forwarding: "Forwarded packets need to > maintain original, end-to-end checksum value.". A box in the middle must > not re-compute e.g. L4 checksum. If it would do that, it could introduce > an error in payload data and update the checksum accordingly. The > receiving end would not notice the error, since checksum matches. > > If the middle box can't be trusted not to tamper with the payload when > forwarding, why would you trust it not to "cover its tracks" by > recomputing checksums, or remember to call this API? End-to-end > integrity is why protocols like IPsec are used. >
L4 checksums are end-to-end, not per link. L4 checksum protects e.g. against memory errors in mid boxes (switches and routers). What would be the point of having a per link L4 checksum? Link layer has CRC/checksum per link already. Is this use case clear now ? -Petri
