[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about TCP checksum offload in Xen


I'm working on verifying TCP checksums on incoming packets in Mirage, but I've run into a bit of a problem. 

If TCP checksum offload is turned on on a virtual interface (this is the default), and if the TCP connection is local to the machine, it looks like Xen does not calculate the checksum at all.  This may be valid because Xen may be providing a stronger guarantee, but it means that incoming packets don't have a valid checksum in the header.  This then means that in Mirage we can't just have checksum verification turned on all the time.  This would have been the safe fall back option and detecting that checksum offload is on, and then not duplicating the verification in Mirage would have been an optimisation.  But it looks like this is not an option.  Now I need to know for every incoming packet whether checksum verification should be done or not.  It should ideally be for every packet since chksum offload can be turned off and on on the VIF and existing tcp connections should continue.  If not every packet, I need to get a notification or efficiently detect right away that the setting is changed on the VIF.

Help / suggestions please.





Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.