[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] Question about TCP checksum offload in Xen

> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxx [mailto:xen-devel-
> bounces@xxxxxxxxxxxxx] On Behalf Of Richard Mortier
> Sent: 05 December 2013 11:45
> To: Ian Campbell
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx; Balraj Singh; Mirage List; Anil
> Madhavapeddy
> Subject: Re: [Xen-devel] Question about TCP checksum offload in Xen
> On 5 Dec 2013, at 11:39, Ian Campbell wrote:
> > On Thu, 2013-12-05 at 11:29 +0000, Anil Madhavapeddy wrote:
> >> On Tue, Dec 03, 2013 at 01:00:23PM +0000, Balraj Singh wrote:
> >>> Hi,
> >>>
> >>> I'm working on verifying TCP checksums on incoming packets in Mirage,
> but
> >>> I've run into a bit of a problem.
> >>>
> >>> If TCP checksum offload is turned on on a virtual interface (this is the
> >>> default), and if the TCP connection is local to the machine, it looks like
> >>> Xen does not calculate the checksum at all.  This may be valid because
> Xen
> >>> may be providing a stronger guarantee, but it means that incoming
> packets
> >>> don't have a valid checksum in the header.  This then means that in
> Mirage
> >>> we can't just have checksum verification turned on all the time.  This
> >>> would have been the safe fall back option and detecting that checksum
> >>> offload is on, and then not duplicating the verification in Mirage would
> >>> have been an optimisation.  But it looks like this is not an option.  Now 
> >>> I
> >>> need to know for every incoming packet whether checksum verification
> should
> >>> be done or not.  It should ideally be for every packet since chksum
> offload
> >>> can be turned off and on on the VIF and existing tcp connections should
> >>> continue.  If not every packet, I need to get a notification or 
> >>> efficiently
> >>> detect right away that the setting is changed on the VIF.
> >>
> >> This is a question that seems to keep coming up even for Linux and
> >> Windows, as the combination of local<->local VMs vs local<->off-host and
> >> the checksum offload is quite confusing.
> >>
> >> CCing xen-devel: is the appropriate behaviour for a guest VM that wants
> to
> >> use checksum offloading in all situations documented anywhere?
> >
> > I don't understand the question/concern. If you have enabled checksum
> > offload then of course you don't recalculate the checksum, that's the
> > whole point of offloading it.
> i think balraj's question arises because the status of checksum offload can
> change mid-tcp-flow. how does he know whether it's on or off for a given
> packet?

Why do you assert that it can change mid-flow? The configuration is decided at 
ring connect time. Nothing should change after that. If, at that time, the 
frontend declares it can handle packets with no checksum then clearly it may 
get some packets that do have checksum as well as ones that don't, depending on 
where they originated.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.