Edward Cree <ec...@solarflare.com> wrote: > I have just realised something startling. Assuming the inner protocol uses > the ones complement checksum in the way IP, UDP and TCP do, the outer > checksum can be computed *without looking at the payload*. Why? Because the > ones complement sum of (say) a correctly checksummed UDP datagram is simply > the complement of the ones complement sum of the pseudo header. Similarly, > the ones complement sum of a correctly checksummed IP header is zero. > Therefore, the outer checksum depends _only_ on the inner and outer pseudo > headers and the encapsulation headers. For example, with UDP encapsulated in > VXLAN, we have the following packet structure: > ETH IP UDP VXLAN inner-ETH inner-IP inner-UDP PAYLOAD > and the outer checksum equals > ~([outer_pseudo] + [UDP] + [VXLAN] + [inner-ETH] + ~[inner_pseudo]) > where [] denotes summation, and all addition is ones complement. > This can easily be computed in software, especially as the stack already has > ~[inner_pseudo]: it's stored in the inner checksum field to help inner > checksum offload. > > Have I made a mistake in my ones-complement maths, or is outer checksum > offload as unnecessary as IP header checksum offload?
I agree with the overall observation, in that the outer checksum can be derived from the inner one. I think that the inner-ip header needs to be added (after subtracting out the inner_pseudo as you indicate above), because the entire raw inner IP header needs to be included in the outer checksum. I haven't thought this all through in detail yet. It would be really nice to have a function that implemented something like this. Could one be structured to handle most encapsulations? -- Mark Rustad, Networking Division, Intel Corporation
signature.asc
Description: Message signed with OpenPGP using GPGMail
