On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: > > >> -----Original Message----- >> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Sergio Gonzalez >> Monroy >> Sent: Monday, September 26, 2016 6:28 AM >> To: akhil.goyal at nxp.com; dev at dpdk.org >> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum >> while decrementing ttl >> >> Hi Akhil, >> >> This application relies on checksum offload in both outbound and inbound >> paths (PKT_TX_IP_CKSUM flag). [Akhil]Agreed that the application relies on checksum offload, but here we are talking about the inner ip header. Inner IP checksum will be updated on the next end point after decryption. This would expect that the next end point must have checksum offload capability. What if we are capturing the encrypted packets on wireshark or say send it to some other machine which does not run DPDK and do not know about checksum offload, then wireshark/other machine will not be able to get the correct the checksum and will show error. >> >> Because we assume that we always forward the packet in both paths, we >> decrement the ttl in both inbound and outbound. >> You seem to only increment (recalculate) the checksum of the inner IP >> header in the outbound path but not the inbound path. [Akhil]Correct I missed out the inbound path. >> >> Also, in the inbound path you have to consider a possible ECN value update. [Akhil]If I take care of the ECN then it would mean I need to calculate the checksum completely, incremental checksum wont give correct results. This would surely impact performance. Any suggestion on how should we take care of ECN update. Should I recalculate the checksum and send the patch for ECN update? Or do we have a better solution. > > Any further comments here, Akhil? > > Thanks, > Pablo > [Akhil] Sorry I missed out the previous reply from Sergio.
Thanks, Akhil >> >> Sergio >> >> >> On 26/09/2016 17:32, akhil.goyal at nxp.com wrote: >>> From: Akhil Goyal <akhil.goyal at nxp.com> >>> >>> In IPsec-secgw application when TTL is decremented in IP header >>> before forwarding the packet, checksum needs to be updated. >>> >>> In this patch an incremental checksum is added. >>> Other applications(like l3fwd) are also doing so. >>> >>> Signed-off-by: Akhil Goyal <akhil.goyal at nxp.com> >>> --- >>> examples/ipsec-secgw/ipip.h | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h >>> index ff1dccd..ef059a9 100644 >>> --- a/examples/ipsec-secgw/ipip.h >>> +++ b/examples/ipsec-secgw/ipip.h >>> @@ -56,6 +56,7 @@ ipip_outbound(struct rte_mbuf *m, uint32_t offset, >> uint32_t is_ipv6, >>> if (inip4->ip_v == IPVERSION) { >>> /* XXX This should be done by the forwarding engine instead >> */ >>> inip4->ip_ttl -= 1; >>> + inip4->ip_sum += 1; >>> ds_ecn = inip4->ip_tos; >>> } else { >>> inip6 = (struct ip6_hdr *)inip4; >> >> > >