Keir Fraser
2005-May-27 11:03 UTC
[Xen-devel] [PATCH] Avoid unncessary checksum validation in TCP/UDP netfilter
The TCP/UDP connection-tracking code in netfilter validates the checksum of incoming packets, to prevent nastier errors further down the road. This check is unnecessary if the skb is marked as CHECKSUM_UNNECESSARY. This patch will improve performance for networkinterfaces that perform CHECKSUM_UNNECESSARY-style checksum offload (that''s most modern ones). More importantly (for me :-)) is that this makes netfilter play nicely with checksum avoidance in the Xen virtual machine monitor. Inter-domain traffic has no checksum calculated, so validation checks will fail even though the packet data is good. Of course, this avoidance relies on the network stack respecting CHECKSUM_UNNECESSARY. Signed-off-by: Keir Fraser <Keir.Fraser@xl.cam.ac.uk> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Phil Oester
2005-May-27 11:20 UTC
[Xen-devel] Re: [PATCH] Avoid unncessary checksum validation in TCP/UDP netfilter
On Fri, May 27, 2005 at 12:03:08PM +0100, Keir Fraser wrote:> The TCP/UDP connection-tracking code in netfilter validates the > checksum of incoming packets, to prevent nastier errors further down > the road. This check is unnecessary if the skb is marked as > CHECKSUM_UNNECESSARY.It seems at least part of this has already been merged in 2.6.12-rc http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=721ddbf522b422d554479a7ab15c0955798f16ee;hp=2b87c1974be605d5bdb1ee769188d7e03fb2ddc8;hb=31da185d8162ae0f30a13ed945f1f4d28d158133;f=net/ipv4/netfilter/ip_conntrack_proto_tcp.c Phil _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2005-May-28 08:48 UTC
[Xen-devel] Re: [PATCH] Avoid unncessary checksum validation in TCP/UDP netfilter
On 27 May 2005, at 12:20, Phil Oester wrote:> On Fri, May 27, 2005 at 12:03:08PM +0100, Keir Fraser wrote: >> The TCP/UDP connection-tracking code in netfilter validates the >> checksum of incoming packets, to prevent nastier errors further down >> the road. This check is unnecessary if the skb is marked as >> CHECKSUM_UNNECESSARY. > > It seems at least part of this has already been merged in 2.6.12-rcIt would be great if the UDP code also would observe CHECKSUM_UNNECESSARY. I''ll wait for 2.6.12 to appear and then submit a new patch if UDP has been missed. Thanks, Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Patrick McHardy
2005-Jun-12 15:06 UTC
[Xen-devel] Re: [netfilter-core] Re: [PATCH] Avoid unncessary checksum validation in TCP/UDP netfilter
Keir Fraser wrote:> On 27 May 2005, at 12:20, Phil Oester wrote: >> On Fri, May 27, 2005 at 12:03:08PM +0100, Keir Fraser wrote: >> >>> The TCP/UDP connection-tracking code in netfilter validates the >>> checksum of incoming packets, to prevent nastier errors further down >>> the road. This check is unnecessary if the skb is marked as >>> CHECKSUM_UNNECESSARY. >> >> It seems at least part of this has already been merged in 2.6.12-rc > > It would be great if the UDP code also would observe > CHECKSUM_UNNECESSARY. I''ll wait for 2.6.12 to appear and then submit a > new patch if UDP has been missed.TCP was changed to fix a regression with loopback packets. I''ve added the UDP part of your patch to my 2.6.13 tree. Regards Patrick _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel