Re: [ovs-dev] [PATCH v4 03/19] ipf: Consider checksum only for fragmented packets.

Sat, 05 Apr 2025 10:29:47 -0700 

On Thu, Mar 13, 2025 at 8:44 AM David Marchand
<david.march...@redhat.com> wrote:
>
> Currently, the reassembly code drops bad checksum (non fragmented)
> packets before those reach the conntrack code.
> This is not something one would expect from ipf_is_valid_v4_frag() /
> ipf_extract_frags_from_batch() functions.

I think it does make sense to combine both checksum tests as you have.
But I don't think this commit message completely matches up with the
change here.


>
> While at it, add coverage counters so that checksum validation impact
> can be monitored.
>
> Signed-off-by: David Marchand <david.march...@redhat.com>
> ---
>  lib/ipf.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/lib/ipf.c b/lib/ipf.c
> index b76181e793..0066aeb50b 100644
> --- a/lib/ipf.c
> +++ b/lib/ipf.c
> @@ -36,6 +36,7 @@
>
>  VLOG_DEFINE_THIS_MODULE(ipf);
>  COVERAGE_DEFINE(ipf_stuck_frag_list_purged);
> +COVERAGE_DEFINE(ipf_l3csum_checked);
>  COVERAGE_DEFINE(ipf_l3csum_err);
>
>  enum {
> @@ -583,11 +584,6 @@ ipf_list_state_transition(struct ipf *ipf, struct 
> ipf_list *ipf_list,
>  static bool
>  ipf_is_valid_v4_frag(struct ipf *ipf, struct dp_packet *pkt)
>  {
> -    if (OVS_UNLIKELY(dp_packet_ip_checksum_bad(pkt))) {
> -        COVERAGE_INC(ipf_l3csum_err);
> -        goto invalid_pkt;
> -    }
> -
>      const struct eth_header *l2 = dp_packet_eth(pkt);
>      const struct ip_header *l3 = dp_packet_l3(pkt);
>
> @@ -617,8 +613,12 @@ ipf_is_valid_v4_frag(struct ipf *ipf, struct dp_packet 
> *pkt)
>          goto invalid_pkt;
>      }
>
> -    if (OVS_UNLIKELY(!dp_packet_ip_checksum_good(pkt)
> -                     && csum(l3, ip_hdr_len) != 0)) {
> +    bool bad_csum = dp_packet_ip_checksum_bad(pkt);
> +    if (OVS_UNLIKELY(!bad_csum && !dp_packet_ip_checksum_good(pkt))) {
> +        COVERAGE_INC(ipf_l3csum_checked);
> +        bad_csum = csum(l3, ip_hdr_len);
> +    }
> +    if (OVS_UNLIKELY(bad_csum)) {
>          COVERAGE_INC(ipf_l3csum_err);
>          goto invalid_pkt;
>      }
> --
> 2.48.1
>

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to