Re: Question about TCP checksum offload in Xen

[Anil Madhavapeddy <anil@xxxxxxxxxx>]

On Tue, Dec 03, 2013 at 01:00:23PM +0000, Balraj Singh wrote:
> Hi,
> 
> I'm working on verifying TCP checksums on incoming packets in Mirage, but
> I've run into a bit of a problem.
> 
> If TCP checksum offload is turned on on a virtual interface (this is the
> default), and if the TCP connection is local to the machine, it looks like
> Xen does not calculate the checksum at all.  This may be valid because Xen
> may be providing a stronger guarantee, but it means that incoming packets
> don't have a valid checksum in the header.  This then means that in Mirage
> we can't just have checksum verification turned on all the time.  This
> would have been the safe fall back option and detecting that checksum
> offload is on, and then not duplicating the verification in Mirage would
> have been an optimisation.  But it looks like this is not an option.  Now I
> need to know for every incoming packet whether checksum verification should
> be done or not.  It should ideally be for every packet since chksum offload
> can be turned off and on on the VIF and existing tcp connections should
> continue.  If not every packet, I need to get a notification or efficiently
> detect right away that the setting is changed on the VIF.

This is a question that seems to keep coming up even for Linux and
Windows, as the combination of local<->local VMs vs local<->off-host and
the checksum offload is quite confusing.

CCing xen-devel: is the appropriate behaviour for a guest VM that wants to
use checksum offloading in all situations documented anywhere?

-- 
Anil Madhavapeddy                                 http://anil.recoil.org