From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anil Madhavapeddy <anil@recoil.org>
Subject: Re: Question about TCP checksum offload in Xen
Date: Thu, 5 Dec 2013 11:29:53 +0000
Message-ID: <20131205112952.GF14792@dark.recoil.org>
References: <CANeYhgE44vTfP8mGQ5nvd8gyBbV_uLiTOgpdUmAYzeW4_KHpMw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <avsm@dark.recoil.org>) id 1VoX7z-0005oE-Ha
	for xen-devel@lists.xenproject.org; Thu, 05 Dec 2013 11:29:56 +0000
Content-Disposition: inline
In-Reply-To: <CANeYhgE44vTfP8mGQ5nvd8gyBbV_uLiTOgpdUmAYzeW4_KHpMw@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Balraj Singh <balrajsingh@ieee.org>, xen-devel@lists.xenproject.org
Cc: Mirage List <cl-mirage@lists.cam.ac.uk>
List-Id: xen-devel@lists.xenproject.org

On Tue, Dec 03, 2013 at 01:00:23PM +0000, Balraj Singh wrote:
> Hi,
> 
> I'm working on verifying TCP checksums on incoming packets in Mirage, but
> I've run into a bit of a problem.
> 
> If TCP checksum offload is turned on on a virtual interface (this is the
> default), and if the TCP connection is local to the machine, it looks like
> Xen does not calculate the checksum at all.  This may be valid because Xen
> may be providing a stronger guarantee, but it means that incoming packets
> don't have a valid checksum in the header.  This then means that in Mirage
> we can't just have checksum verification turned on all the time.  This
> would have been the safe fall back option and detecting that checksum
> offload is on, and then not duplicating the verification in Mirage would
> have been an optimisation.  But it looks like this is not an option.  Now I
> need to know for every incoming packet whether checksum verification should
> be done or not.  It should ideally be for every packet since chksum offload
> can be turned off and on on the VIF and existing tcp connections should
> continue.  If not every packet, I need to get a notification or efficiently
> detect right away that the setting is changed on the VIF.

This is a question that seems to keep coming up even for Linux and
Windows, as the combination of local<->local VMs vs local<->off-host and
the checksum offload is quite confusing.

CCing xen-devel: is the appropriate behaviour for a guest VM that wants to
use checksum offloading in all situations documented anywhere?

-- 
Anil Madhavapeddy                                 http://anil.recoil.org