SCTP GSO and hardware can do CRC32c computation after netfilter processing,
so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed
is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE
when the NAT code computes the CRC, to prevent offloaders from computing
it again (on ixgbe this resulted in a transmission with wrong L4 checksum).
Signed-off-by: Davide Caratti <dcaratti@xxxxxxxxxx>
---
Notes:
on a veth pair, where GSO is available and some performance evaluation
can be done, a netperf SCTP_STREAM has been run recording the number
of invocations of crc32c() versus the number of invocations of
sctp_manip_pkt(), before and after the patch was applied:
$perf record -e "probe:crc32c,probe:sctp_manip_pkt" -aR -- \
$netperf -H $host -t SCTP_STREAM -p 2000 -l 30
$perf script | grep crc32c | wc -l
$perf script | grep sctp_manip_pkt | wc -l
nf_nat_proto_sctp.c | crc32c hits | sctp_manip_pkt hits | throughput
---------------------+-------------+---------------------+------------
unpatched | 10493 | 3314 | 1.17 Gbit/s
patched | 6100 | 3326 | 1.19 Gbit/s
net/netfilter/nf_nat_proto_sctp.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_nat_proto_sctp.c b/net/netfilter/nf_nat_proto_sctp.c
index 2e14108..31d3586 100644
--- a/net/netfilter/nf_nat_proto_sctp.c
+++ b/net/netfilter/nf_nat_proto_sctp.c
@@ -47,7 +47,10 @@ sctp_manip_pkt(struct sk_buff *skb,
hdr->dest = tuple->dst.u.sctp.port;
}
- hdr->checksum = sctp_compute_cksum(skb, hdroff);
+ if (skb->ip_summed != CHECKSUM_PARTIAL) {
+ hdr->checksum = sctp_compute_cksum(skb, hdroff);
+ skb->ip_summed = CHECKSUM_NONE;
+ }
return true;
}
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
