On Fri, Mar 25, 2016 at 7:46 PM, Ben Greear <gree...@candelatech.com> wrote: > A real NIC can either do hardware checksums, or it cannot. If it > cannot, then the host must do it on the CPU for both transmit and > receive. > > Veth is not a real NIC, and it cannot do hardware checksum offloading. > > So, we either lie and pretend it does, or we eat massive amounts > of CPU usage to calculate and check checksums when sending across > a veth pair. >
That's a good point. Does anyone know what the overhead actually is these days? >>> Any frame sent from a socket can be considered to be a local packet in my >>> opinion. >> >> >> I'm not sure that's totally right. Your bridge is adding a delay to >> your packets; it could just as easily be simulating corruption by >> corrupting 5% of packets going through it. If this change allows >> corrupt packets to be delivered to an application when they could not >> be delivered if the packets were routed via physical eths, I think >> that is a bug. > > > I actually do support corrupting the frame, but what I normally do is > corrupt the contents > of the packet, and then recalculate the IP checksum (and TCP if it applies) > and send it on its way. The receiving NIC and stack will pass the frame up > to > the application since the checksums match, and it would be up the > application > to deal with it. So, I can easily cause an application to receive corrupted > frames over physical eths. > > I can also corrupt without updating the checksums in case you want to > test another systems NIC and/or stack. > > But, if I am purposely corrupting a frame destined for veth, then the only > reason > I would want the stack to check the checksums is if I were testing my own > stack's checksum logic, and that seems to be a pretty limited use. In the common case you're 100% right. OTOH, there's something disconcerting about an abstraction layer lying and behaving unexpectedly. Most traffic that originates on a machine can have its checksums safely ignored. Whatever the reason is (maybe, as you say you're testing checksums – on the other hand maybe there's a bug in your code somewhere), I really feel like we should try to figure out a way to ensure that this optimization is at the very least opt-in… > > > Thanks, > Ben > > -- > Ben Greear <gree...@candelatech.com> > Candela Technologies Inc http://www.candelatech.com >
