* [PATCH nf-next] NAT: skip checksum on offload SCTP packets
@ 2016-12-05 14:33 Davide Caratti
2016-12-06 10:44 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Davide Caratti @ 2016-12-05 14:33 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy, Jozsef Kadlecsik,
David S . Miller
Cc: netfilter-devel, coreteam
SCTP GSO and hardware can do CRC32c computation after netfilter processing,
so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed
is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE
when the NAT code computes the CRC, to prevent offloaders from computing
it again (on ixgbe this resulted in a transmission with wrong L4 checksum).
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
---
Notes:
on a veth pair, where GSO is available and some performance evaluation
can be done, a netperf SCTP_STREAM has been run recording the number
of invocations of crc32c() versus the number of invocations of
sctp_manip_pkt(), before and after the patch was applied:
$perf record -e "probe:crc32c,probe:sctp_manip_pkt" -aR -- \
$netperf -H $host -t SCTP_STREAM -p 2000 -l 30
$perf script | grep crc32c | wc -l
$perf script | grep sctp_manip_pkt | wc -l
nf_nat_proto_sctp.c | crc32c hits | sctp_manip_pkt hits | throughput
---------------------+-------------+---------------------+------------
unpatched | 10493 | 3314 | 1.17 Gbit/s
patched | 6100 | 3326 | 1.19 Gbit/s
net/netfilter/nf_nat_proto_sctp.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_nat_proto_sctp.c b/net/netfilter/nf_nat_proto_sctp.c
index 2e14108..31d3586 100644
--- a/net/netfilter/nf_nat_proto_sctp.c
+++ b/net/netfilter/nf_nat_proto_sctp.c
@@ -47,7 +47,10 @@ sctp_manip_pkt(struct sk_buff *skb,
hdr->dest = tuple->dst.u.sctp.port;
}
- hdr->checksum = sctp_compute_cksum(skb, hdroff);
+ if (skb->ip_summed != CHECKSUM_PARTIAL) {
+ hdr->checksum = sctp_compute_cksum(skb, hdroff);
+ skb->ip_summed = CHECKSUM_NONE;
+ }
return true;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nf-next] NAT: skip checksum on offload SCTP packets
2016-12-05 14:33 [PATCH nf-next] NAT: skip checksum on offload SCTP packets Davide Caratti
@ 2016-12-06 10:44 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-12-06 10:44 UTC (permalink / raw)
To: Davide Caratti
Cc: Patrick McHardy, Jozsef Kadlecsik, David S . Miller,
netfilter-devel, coreteam
On Mon, Dec 05, 2016 at 03:33:57PM +0100, Davide Caratti wrote:
> SCTP GSO and hardware can do CRC32c computation after netfilter processing,
> so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed
> is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE
> when the NAT code computes the CRC, to prevent offloaders from computing
> it again (on ixgbe this resulted in a transmission with wrong L4 checksum).
Applied, thanks Davide.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-12-06 10:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-05 14:33 [PATCH nf-next] NAT: skip checksum on offload SCTP packets Davide Caratti
2016-12-06 10:44 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).