We have code in various hot-paths (ip_*_input()) that looks like this:
/* Check the IP header checksum. */
if (IS_IP_HDR_HWCKSUM(mctl_present, mp, ill)) {
/* Clear the IP header h/w cksum flag */
DB_CKSUMFLAGS(mp) &= ~HCK_IPV4_HDRCKSUM;
} else {
#define uph ((uint16_t *)ipha)
sum = uph[0] + uph[1] + uph[2] + uph[3] + uph[4] + uph[5] +
uph[6] + uph[7] + uph[8] + uph[9];
#undef uph
/* finish doing IP checksum */
sum = (sum & 0xFFFF) + (sum >> 16);
sum = ~(sum + (sum >> 16)) & 0xFFFF;
/*
* Don't verify header checksum if this packet is coming
* back from AH/ESP as we already did it.
*/
if (!mctl_present && sum != 0 && sum != 0xFFFF) {
BUMP_MIB(ill->ill_ip_mib, ipIfStatsInCksumErrs);
freemsg(first_mp);
return;
}
}
This seems silly that we recompute the IP header checksum just to ignore it.
In detangle, I had updated this code for ip_proto_input(), which has the
ADDED possibility of ESP-in-UDP as something that shouldn't recompute the IP
header checksum (thanks Nico).
So I have changed those hot paths to look like:
/* Check the IP header checksum. */
if (IS_IP_HDR_HWCKSUM(mctl_present, mp, ill)) {
/* Clear the IP header h/w cksum flag */
DB_CKSUMFLAGS(mp) &= ~HCK_IPV4_HDRCKSUM;
} else if (!mctl_present) {
/*
* Don't verify header checksum if this packet is coming
* back from AH/ESP as we already did it.
*/
#define uph ((uint16_t *)ipha)
sum = uph[0] + uph[1] + uph[2] + uph[3] + uph[4] + uph[5] +
uph[6] + uph[7] + uph[8] + uph[9];
#undef uph
/* finish doing IP checksum */
sum = (sum & 0xFFFF) + (sum >> 16);
sum = ~(sum + (sum >> 16)) & 0xFFFF;
if (sum != 0 && sum != 0xFFFF) {
BUMP_MIB(ill->ill_ip_mib, ipIfStatsInCksumErrs);
freemsg(first_mp);
return;
}
}
You should look at ip.c in http://cr.opensolaris.org/~danmcd/detangle/ to see
these changes (which honestly just occurred to me now).
I'll be running a full battery of tests, of course, first thing tomorrow.
Dan
_______________________________________________
networking-discuss mailing list
[email protected]
