The surprising complexity of checksums in TCP/IP

Video in TIB AV-Portal: The surprising complexity of checksums in TCP/IP

Formal Metadata

The surprising complexity of checksums in TCP/IP
reworking the checksum handling in the OpenBSD network stack
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
The well-known IP and TCP/UDP (and less well known, ICMP) checksums seem pretty much straighforward. Digging into the network stack reveals a surprising complexity dealing with them and updating. The rise of hardware checksum offloading didn't exactly make things easier. It goes so far that the old "pseudo header checksum" hack where parts of the checksum are precaclucated on the template PCBs and updated on the way out made its way into some of the hardware offloading engines. The talk explains how IP and protocol (UDP/TCP and ICMP) checksums are handled in the OpenBSD network stack and pf, both traditionally and after redesigning. This includes a closer view on performance impact - while the IP checksum only covers the header, the protocol checksums cover the entire payload, which makes them comparably expensive to verify recalculate. While the actual math is dirt cheap, the data access is not, and for forwarded packets we would not access the payload otherwise. Several different output pathes like the regular IP output, the bridging case and various tunneling/encapsulation mechanisms make things harder. The redesigned checksumming mechanism pretty much centralizes the checksum handling instead of having it all over the place, making dealing with the checksums in the rest of the stack much easier. It also allows us to benefit a little more from the NICs' offloading capabilities and fixes a long-standing bug which prevented us from enabling protocol checksum offloading on the RX side on many chipsets.
Kolmogorov complexity Multiplication sign Materialization (paranormal) Stack (abstract data type) Mereology
Email Email Algorithm Group action Structural load 1 (number) Sound effect Variance Set (mathematics) Mereology Word Different (Kate Ryan album) Summierbarkeit Communications protocol Summierbarkeit Communications protocol Computer worm
Email Freeware Divisor Firewall (computing) Execution unit Calculation Graph coloring Cache (computing) Read-only memory Semiconductor memory Different (Kate Ryan album) Band matrix Personal digital assistant Touch typing Cuboid Computer worm Integer Endliche Modelltheorie Computer architecture Email Information Interior (topology) Band matrix Mathematics Cache (computing) Befehlsprozessor Personal digital assistant Calculation Right angle Cycle (graph theory) Computer worm
Implementation Mereology Rule of inference Measurement Revision control Summierbarkeit Computing platform Compilation album Computer architecture Task (computing) Area Assembly language Electronic mailing list Code Generic programming Benchmark Data mining Type theory Befehlsprozessor Process (computing) Personal digital assistant Computing platform Figurate number Table (information) Alpha (investment)
Email Freeware Service (economics) Length Source code Mereology Disk read-and-write head Field (computer science) Number Cache (computing) Different (Kate Ryan album) Office suite System identification Communications protocol Router (computing) Summierbarkeit Error message Data type Source code Service (economics) Algorithm Email Matching (graph theory) Interior (topology) Length Field (computer science) Type theory Software Calculation Revision control Right angle Communications protocol Resultant Router (computing) Address space
Point (geometry) Email Dataflow Slide rule Implementation Functional (mathematics) System call Code Decision theory Multiplication sign Translation (relic) Function (mathematics) Mass Mereology Field (computer science) Fraction (mathematics) Mathematics Videoconferencing Software testing Arrow of time Implementation output Local ring Summierbarkeit Task (computing) Electric generator Decision theory Field (computer science) Line (geometry) System call Open set Personal digital assistant Phase transition output Right angle Musical ensemble Object (grammar) Figurate number
Multiplication sign Interface (computing) Sound effect Set (mathematics) Function (mathematics) Plastikkarte Cartesian coordinate system Mereology Mathematics Film editing Bridging (networking) Personal digital assistant Operator (mathematics) Personal digital assistant Software Bridging (networking) Interface (computing) Right angle Summierbarkeit
Randomization Decision theory Device driver Online help Mass Broadcasting (networking) Bridging (networking) Software Formal verification Flag Summierbarkeit Email Arm Interface (computing) Point (geometry) Drop (liquid) Coroutine Device driver Grass (card game) Pointer (computer programming) Broadcasting (networking) Software Bridging (networking) Interface (computing) Formal verification Hacker (term) Flag
Email Group action Context awareness Server (computing) Divisor Covering space Stack (abstract data type) Mereology Entire function Measurement Bridging (networking) Computer hardware Computer worm Communications protocol Summierbarkeit Covering space Standard deviation Email Projective plane Code Mereology CAN bus Software Right angle Object (grammar) Communications protocol Computer worm
Word Word System call Cellular automaton Personal digital assistant Maxima and minima Control flow Content (media) Summierbarkeit
Email Trail Game controller Inheritance (object-oriented programming) Table (information) State of matter Firewall (computing) Source code Mereology IP address Field (computer science) Template (C++) Network socket Hash function Personal digital assistant Flag Communications protocol Email Trail Information Block (periodic table) State of matter Stack (abstract data type) Mereology Control flow Template (C++) Connected space Inclusion map Hash function Network socket Block (periodic table) Table (information) Communications protocol Local ring
Email Intel Email Interface (computing) Theory Mereology Disk read-and-write head Product (business) Personal digital assistant Computer hardware Software Computer hardware Interface (computing) Theorem Endliche Modelltheorie Communications protocol Conditional-access module Physical system Computer worm Flag
Email Server (computing) Programmable read-only memory Covering space Source code Client (computing) Field (computer science) Causality Software Computer hardware Touch typing Communications protocol Summierbarkeit Proxy server Address space Social class Email Mereology Density of states File Transfer Protocol Mathematics Word Software Computer hardware Right angle Metric system Communications protocol Resultant Address space
Email Email Functional (mathematics) System call State of matter Semantics (computer science) Theory Value-added network Power (physics) Software Personal digital assistant Different (Kate Ryan album) Personal digital assistant Software Cuboid Flag Musical ensemble Communications protocol Summierbarkeit Communications protocol Computer worm Flag
Point (geometry) Slide rule Functional (mathematics) Code Interface (computing) Projective plane Set (mathematics) Distance Process (computing) Software Personal digital assistant Software Core dump Interface (computing) Right angle Communications protocol Summierbarkeit Flag
Email Context awareness System call State of matter Euler angles Multiplication sign Covering space Mathematical singularity Client (computing) Personal digital assistant Local ring Error message Exception handling Metropolitan area network Electric generator Decision theory Kolmogorov complexity Moment (mathematics) Parameter (computer programming) Mereology Open set Connected space Message passing Bridging (networking) Interface (computing) Right angle Resultant Spacetime Mapping Inheritance (object-oriented programming) Divisor Real number Translation (relic) Plastikkarte Content (media) Entire function Value-added network Element (mathematics) Frequency Software Computer worm output Implementation Communications protocol Summierbarkeit Execution unit Stack (abstract data type) Faculty (division) Inclusion map Mathematics Error message Personal digital assistant Computer worm
Block (periodic table) Code Student's t-test Goodness of fit Cache (computing) Algebra Different (Kate Ryan album) Personal digital assistant Oval Personal digital assistant Computer worm Summierbarkeit Computer worm
Email Implementation Proxy server View (database) Virtual machine Device driver Process capability index Disk read-and-write head Mereology Protein folding Latent heat Semiconductor memory Personal digital assistant Software testing Endliche Modelltheorie Summierbarkeit Arc (geometry) Social class Physical system Presentation of a group Electric generator Total S.A. Bit Cache (computing) Software Personal digital assistant Computer hardware Right angle
Point (geometry) Functional (mathematics) Divisor Computer file Code State of matter Virtual machine Device driver Water vapor Function (mathematics) Raw image format Number Measurement Sound effect Moore's law Roundness (object) Population density Cache (computing) Different (Kate Ryan album) Semiconductor memory Bridging (networking) Software Personal digital assistant Flag Summierbarkeit Physical system Electric generator Software engineering Surface Projective plane Code Sound effect Airy function Benchmark Power (physics) Personal digital assistant Computer hardware Lie group Bridging (networking) Statement (computer science) Faktorenanalyse Cycle (graph theory) Damping Physical system Electric current
Area Surface Email Functional (mathematics) Online help Surface Online help Axiom Chain Software testing Software testing Musical ensemble Local ring
Area Server (computing) Neighbourhood (graph theory) Control flow Stack (abstract data type) Checklist System call Field (computer science) Wave packet Particle system Uniform resource locator Befehlsprozessor Process (computing) Bit rate Causality Different (Kate Ryan album) Semiconductor memory Single-precision floating-point format Authorization Software testing Right angle Musical ensemble Arithmetic progression Writing
Area Building Sign (mathematics) Game controller Sampling (statistics) Right angle System call Demoscene
Right angle
welcome I and then and saving you from the when my part no was the idea here I had can obviously you might have come across materials and therefore of the entity or entities or what else ordering but you know just or whatever is that a long time before I actually start my my talk I do have a question you know we had this earthquake yesterday and there's was this thing use the conference sponsors earthquake I've been into that before and so just 1 question is
there a nuclear power plant near here OK then I can go on
I'm going to talk about the year Jackson to describe it but there are mostly mostly talking about 2 sets of Texans here once the I can check some of the other is the the so called protocol checks on that mostly is use if I do this it's does not have European effects along all explained in a way that doesn't make any difference at all these actually check summary algorithm is really really really simple but it's really just the most of the one's complement sum of all the variance indeed I the I P header or and have almost the entire package would come back to that later the i-th and just covers the IP header welded the protocol checksum covers part of the IP header the action tropical header and the entire payloads so there's performance
considerations and that need being mostly involved the firewalls colors and everything I care about forward packets not locally generated once all that much the actual mouth the checks on this during during the cheap I spent many many many years profiling and you cannot even trying the check something function any very noticeably up in the in the Congress so the calculations can be considered completely free they're just talking about the Mafia but that's basically talking about the use integer units right the limiting factor the virology latency and bandwidth memory and so we care about caches RAM and was this is mostly relevant for modern architectures and all architectures that doesn't really make a difference of the course their memory relatively should CPU is fast on model systems memories comparably box small the course this user so got them fast check something data
that already is in the carriage is essentially free because the cash this is fast so In the following case that and the cost of the dealing with the the the the forewarning the IP header is of course need that information for foreign right so I P header checksum free I think it's it's not having that that checks on which they often point of as a performance improvement doesn't make a difference you can't even measure so the few cycles we spent 4 to calculate the checks on the 6 we spent away from memory some data that they have to be fetched from memory that is very very expensive so in the 401 is usually don't touch the payload of packet right so fetching the data just to check some of expensive costs a set the memories some
platforms have all the mines checksumming implementation I find a list of architectures to kind of interesting I 36 . 64 and S H have a simpler and motivations and alpha-HCH 64 the and 68 k is 88 is part and the banks have optimized C implementations that actually my containers and reported in all but the interesting but is that the most modern architectures to see here do not have architecture-specific Jackson implementations of course they don't need them I'll be
optimized was actually faster the I 386 a simpler version is certainly written from 386 right the assumptions being made about that you will almost certainly not true for a for a like they just restoration the Xeon CPU and even colleges in in other areas we have encountered several cases there'll be the highly optimized assembler versions were actually it's way way way slower than the generic CD version because the compilers combined job displacement of status and the rules were written for CPU architectures from 10 to 15 years ago so there's a task you were asking me what type of their the last table benchmark and figure out whether they are actually any faster than of generic C version thank you yet the so
dust cover the entire head of the IP header is rather simple you have the I convergence which is always for always not the underlying the type of service you but it's the type of services you have the total length of the IP packet the other length is just the header length and that pretty much constantly stays pretty much I have here key idea in the IP offices for fragments you have TTL which each and every router on that has recommend and that is the part of the text of the protocol that's just the number indicating whether it's easy review or something else no actual checksum and of course the source and destination errors so since every router has to decrement of the TTL it has to update the checksum right check some itself is part of the checks but the cost of the way the algorithm works you have to send the checks and future 0 run the algorithm over it and the value that comes out of that you put into that field if you want to verify the checks on your on the very same algorithm over the entire here again with the check place and if the result is 0 you if it's not 0 the checksum doesn't match so
as I keep repeating the IP header is being cash that's almost guarantees for was about what the networks that just forewarning that's right recalculation is free so don't worry offloading the IP checksum calculation to them at the 1st part doesn't make a difference anymore that I've already at that it like 12 or 13 years ago and solid gain for all of them something like 7 to 8 per cent today not measurable
so the implementation of music the basic flow of a packet of Europe the forward is at the input calling IP forward calling I the output I the input is this quite complicated use it follows that takes the decision of the packet is local to be forwarded or not deliverable and it does quality of test which is the entry point to to PF if it's a looked at the packet to be delivered locally it's just been handed off to the upper layers like if it's to be forwarded while you're recalling I forward and all the books tell you that I can follow does the routing that is actually a line the broad look up and everything else happens might be important is being passed on to a forward all that I can forward task is well decrement video and I think that's on the next slide it's no it's not while it deals with the
ice and they are a generation if only figure out the channels for the fact that the efforts and very nice if you're in most cases rights and the SNP arrow quotes the original PAC part is the time in the middle of get into the details on that later so that I could forward keeps a copy of the fraction of the packets falling calls like the output and I think if i the phase and thus the appear generation doesn't really do any routing I the output is the most complicated of these functions in the forewarning is it's actually trivial these the the mass of code and their deals with locally generated packets that do not have the he hadn't use of his stuff filtering yet what is not completely at the output once again quantity of tests for the of objects and right after P of test i at the output recalculates the IP checksum unconditionally and once to you to to cover the decreased plant in the field of course but there's also the possibility that the after changes right by the epidermis translation locally generated packet sitting at the output at that point must have the full checks on the checks on
handling in clear be used to update the IP checksum clear for each and every change we made of course like the output following the attacks on the army right after the if this was utterly and completely useless while not completely because there's the bridge on the bridge the bridge operator and their too of course does not decrement particularly if you're a doesn't make any changes to the applicant whatsoever so the approach does not really need to update the checksum but that doesn't need to the bridge the special case all over this but the 2nd reason but this is the worst 1 so to solve that and to stop stop TF from having to fiddle with the checksum all the time the solution of course is to make the rich behave like a regular up a path right and that's what I didn't but well wait a 2nd there's strikes some floating for much each spend
every never interferes cut that has been made in this century and the most that have been made in the last decade of the last century can do it as well Our stack had notified ages ago to use probably came from previous that I don't really know a set that's been bumped ages ago it basically like this the delay checksumming and to know the outbound effects once we know the outcome of the case we can check this interface for offloading have abilities if it does have offloading capabilities to just do little magic to tell them to please update the checks on which obviously striver dependent but there's a generic like this that indicating check something and move all if we do not have the offloading abilities and the other part we used to calculate this is softer right there on the
inbound side on the other side of the out there respectively the driver just sets a flag in the arm of packet header indicating the checksums don't for the checksums that that all verification routines well we now have them for what was the bill joint disease of I know hindrance the final directly will that all over the place and I don't think now but at the start of the verification routines look for those like if it does have the good flexible on detects and find move if it does have the back legs well you're gonna just drop the packets if it doesn't have any resort to software surprise the bridge
comes in the way again the biggest problem I ran into the the British and this is the 2nd reason why eventually was not able to remove all the special case in from the only half of what it is that the bridge as a prospect for broadcast it basically works like that the packet comes in it already has a pointer to the article interface like the bridge decided on its that helpful interface for broadcast that this a kind of random decisions so we look at the look at the the in the awful accountability flecks of that kind of randomly chosen interface if it happens to have a full interval which is we would not software at so world and said grass the bridge just copies the packet over and over and over and sense of honor interface but this is after after we've looked at the lecture so it would go out without a checksum on all interfaces that do not have a fully capabilities not all that good uh if there's anybody who wants to do me a favor remove that Ross short it shouldn't be too hard but I was in the middle of this massive but didn't need that little mass on top
task and so the at they all the edit checks on handling and PS I was able to remove after a fixed the bridge as expected was already mentioned I'm completely unable to measure any performance benefit of modern hardware because also it's basically free but this context considerably simplified the cold and quite frankly the architects 11 here was just wrong what happened there's 10 12 years ago when we started hacking on the of the the PS group including myself considered to be considered as BPF factors so we did everything together but didn't really look at the network stick around and well that changed fortunately and now consider the not considerably after the you know the integral part of the network stack and we don't necessarily do everything you have just because your key effectors the look at the whole picture which is what we should have done 10 years ago so now
let's go to the for other projects which are much more problematic so as I mentioned that cover only a part of of the European Why I don't know it doesn't really make sense to me but that's what the standards they do cover the entire protocol here of course because PE header checksum does not cover it and you want everything in the packet to become a right and this is critical paid to cover the entire payload so that makes a potentially very very expensive to who are relatively spoken very expensive to to recalculate the check because as I keep mentioning the payload is almost certainly not cash for full packets and the handling and P for the Protocol checksums when we're doing that when we change for its Soviet-era server but you obviously have to objects as as well so do exactly the same thing update the checksum on the
fly and that's how that looks and this makes me 1 of 1 of its nested quality of of checks some fuck up all over the place so please note that the uh up most called different from all the in the in the inside quotes but this is really easy to screw this
cell and it was not the place to but I we do have to call have checked some for couple sorry fix up to avert we touched in the package for each and every single word and after some fixed needs the old words and the new words to calculate the delta and applied so it needs to see all word you work and the checks all
is the direct never states have so-called protocol control blocks to track connections and keep state and TCP and UDP but you refuse connectionless does not really have the right nor wrong in state and the state of course it has like uh state and then obviously and I think in the other users as well but the PCB are being looked up using hash tables and then obviously that's a separate talk that I gave 2 years ago the piece these can be linked to the PS so if you're if you're a firewall and we already looked up at the up state just formal pointed to the set of clean you will go up what that does bring us something like 8 9 per cent or so so that was not requirement 78 per cent for something that nice soul I'm whatever whenever a socket is opened there's a template PCB being created but I want to cover the following 2 listening socket here as the new called introducing the course that's the that's the part that you use to follow and to understand but once you find you know and local IP address the local part so what they doing back then let's check some of of the source of of URIs and source port installed that partial check some in the template PC now you're getting
connection and you're calling except that leads to well and use that obviously and we recover the the copy the template PCB to refuse to be fought for that new connection read that the other side IP and port information and update the checksum the PCB you for those fields we just edit this is called the pseudo header checksum the reply packets like that's coming in from the other side just have to verify right but the reply packets that we send out obviously have to check so so read take it that partial checksum from the PCB into the packet centers all the way down to the stack with the need to check something flag and some very laid down there you update the checksum actually update is not entirely true here but I'll come back to that we'll fix the checksum to cover the entire pain or as well so all bound in
Theorem pretty late in the upper part just looked at the checksum flex in the protocol that in the in the packet header we compared the to the reference capabilities so there's basically 3 cases the packets as I need check something and the interface so as I can do it well find just move on it'll do it for us there's the case that the packets of find something and the interface is not capable of doing this well we need to do this and softer this used to be somewhere in the middle of the state and with this as much knowledge as possible so they're basically operating in a model where we assume that we always have checks and and if not we can only be awful engines if the packet says it doesn't reject something obviously going to be ready for single phobia
the partial Texas and the pseudo header checksum from the PCB that gets copied into the actual packets that's the head that might have helped which the 300 today it is actually kind of product it complicates things a lot but unfortunately some of the hardware vendors internalize the site in hot there and unfortunately this is mostly included broccoli so say that real-time but this right real techniques including brought Columbus and it'll unbroken require substantial header IP checksum to be invariant to correct they just updated for the payload all the other offloading engines don't care what's there recalculate checks and completely and food that
leads us to the famous redirect to local most so the packets coming from the local obviously needs check something right so if you redirect to local say you redirect all packets coming from from the land that that go to after logical form after feudal you redirect them to the local and foreign aid for anyone to your FTP proxy right so we have to proxy sense the reply back to the client not the reply to the client obviously must not coming from 127 a long way from lifted up used at so pf S to rewrite the source of us but the every the source address that obviously needs to take care of the check now that packet being locally generated at the pseudo header checks pf has no way to see whether packet has a full check some of some had check of some other partial checks so we have updates those fields that updates the checksum for it or intersect the people who had a checksum doesn't cover the entire your motif like that that are not being covered by the of the optic and the checksum protected the for for a few that's not covered in in this so as as long as you're just with the
appearance of that kind of words but is sold as a touch something else blows up and you always touch something else the software check something and doesn't care just calculus check something available calculates that recalculation causal variants the same hardware doesn't care just computes the texts but the half a realignment metrics and being there is doomed updates already broken updating broken checks leads to broken checks the result of that is that the protocol checksum offloading just as would on that class of hardware of for at least 10 years not and that unfortunately that least means the G and the lacks that's what 99 per cent of the server market so the
offloading almost everything made in this case it's not that I'm saying this decade not the century has offloading support not necessary for a states but let's stick to the relevant topics unfortunately and there are quite a few silicon box that the most spectacular and to lately but then you get the composite Int'l 10 G 1 when you enable protocol checks offloading which only has a business and touching TCP and UDP packets right corrupted also have it's not even supposed to touch them so covers the payload and we have 2 different behavior of the offloading induced this is considerably more complicated than the IP header checksum but we can summarize this into 3 cases we don't have offloading we have half halfway offloading with the semantics already is required just being updated and we have a full of
so we always want to work with the new world we always want to work under the assumption that we we have offloaded cost considerably simplifies the handling all over the static when the hidden out of power that does not have that capability will be emulated in software so for that we now what a function properly the items that fiddling all over the place called I and projects out that that's all the magic it just looks at the flags does that bands calls the suffer engine if needed and there's the I and delay check some for 4 and prize there was no i and 6 the late checks on requires I don't know I don't know why it wasn't there my theory is that the successful so that does make a difference anyway we call that
projects of functions very very late we certainly know 1 rich interface you're going to send the packet out by that in the old were at the core of most early on in most cases new or the right of course the defense already but not all of them unfortunately so now that's much easier that means that that entire rest of this that does not have to care about checksums anymore all it needs to do is to modify the factor on generate the package whatever you to change the packet is set of like a distance checksumming Don and foremost this means there doesn't have to to be in you know much about offloading anywhere that was all over the place before this also means that we can remove pretty much all check some handling from PF itself if we have a small for that set of like minded checksumming while their so I simply that this slide will of the size
simply I simply has a checksum as well I remodeled that and thing after that case if you knew that he had been there actually is no harder that has received the checksum offloading of those appointments as processing defects tend to be small and that's a set free and software should there ever we want that would be true for us to to implement them but if I don't expect that to happen but the point is I simply being the same as these if you intuitively makes makes the code much easier on the handling all of this that much easier the performance of the same and
moment time or which the results
so as I mentioned before I simply error message called the packet they refer to well they have to if you think about moving the clients entities of people attitude to the destination for some reason it's legislation is unreachable elements on the 1st factor or somewhere on and on and established connection doesn't really matter after dropping that packet course it's not a literal sense that I simply are and you as a client have to have a way to match this I simply to your little PCB CCB describing the TCP session right because wanted to the TCP session dollar house the start the ice and PR come also that is the heart of the fact that it refers to now there's never got worse translation well you're translating packets we unfortunately also have to translate the fault affected inside the simply packets and also price the snow off on support for the period from the quote technique world that has a checksum to In most cases it is truncated anyway so there's no way to verify the check some of the called the packet inside the I simply faculty so we don't have to care if it's not truncated nothing happens in the end care there's 1 I would cause an exception because it's not really real world disapproval state the that we use to generate Deerdre's beard beards your your p-vectors throw what our stack of features in the and and even payload that you throw it all started a fight unless you have tried to make this data and then state receive those packets get as well and skip the is the only thing in the world that I'm aware of that actually verifies the check something inside before the packet in sight of the ICPR a message so this would be easily fixable because you could just recalculated check the non-truncated case I have not implemented that would could do it should be reasonably simple and the cost space is a request text tiny you're talking they're talking topmost 68 by so consequences
India the old way was the update the checks what happens when you have data broken Texas well you get a broken check so that's good but now they're not getting any more the replacing the checks the recalculating and we have had coming in the broken checks on the use of adjustments and recalculate the checksum that it's not problem anymore we just fix it up to that's not good for hiding data corruption so before we do that we unfortunately have to verify the existing checks on anything that that's halfway saying that's really be costly offloading engines tell us whether it was the checksum was correct or not right but if there's no that's potentially expensive the cost the payload once again not
cash the new coat is so much nicer and cleaner and there's so much more that we can clean up now but do redirect to local most block is gone because you're here during the check so much later anyway so we don't have to care about the difference between the so that it takes a lot this eventually allows us to any will be engines on all of these these strips that require the student checksums and well the MPEG and eggs are pretty much 99 per cent of the summer markets unfortunately there is 1 case that suffers considerably that is
doing that when you do not have any offloading capabilities now let's put this into perspective if you're doing anything else but pure packet forwarding the total cost of packet forwarding is basically nothing if you run if you run a proxy and try to measure the cost of your packet handling from doesn't matter it's bounded measurable if you're running a history class told you get a certain that so the peg following costs Chinese English becomes a kind of bit more extensive this would not really heard from if you are a if you're running your you're not something out of and terrible performance sorry you're doing something wrong what we could do to fix the problem as calculate check over the head of before and after the of applied the delta as well but that means they cannot use any of engines to cost Northallerton's has support for no verified part of the checksum then apply until all software which also means that we heard the offloading case considerably given that pretty much everything has offloading I read the optimized for the offloading case them for the model for the case right and the Walt architectures that tend to not have any offloading capital of folds offers much the cost relatively speaking the memories from the in micro
benchmarking In that case on the very very modern and 64 system like the latest generation is the only I think we use the EMS and disabled the offloading the driver but this is a completely made up case that's not realistic at all we're losing something between 5 and 10 per cent depending on the traffic but this depends a lot on the specific topic implementation of the machine the course this depends on caches on the Test Act achitectures is the layer to because shared between this view course or not and stuff like that but it depends a lot on the busses PCI is much worse than PCA and as that class of machines pretty certainly has offloading capabilities so in my book this is acceptable if you have such a machine that we find in the y you have caught to so let's
benchmark for the better use of the offloading engine speed you make not on that mentioned was the current generation is young and she was holding I cannot remember any difference on why the raw computing power that the currency on surface is sole well there so fast they have so much raw computing power the conscious of big and fast but it just doesn't make a difference anymore because of the limiting factors or other factors the limiting factors are latency foremost latency round with the of plant usually it's latency to use cash to memory to the busses for almost the and we're not even talking about the latency of submission it so in micro benchmarking even if there is an effect is completely hidden this might be different if you're actually doing something else on the machine was used was a few cycles I don't think that really matters but some people lecture on a water system of handsome and using until they get it make the signal 7 per cent increase I keep coming back to the 7 per cent hydrogen with the checksum that's the magic number there
so but that with a much much much clearer and much better structured code we pave the road for future improvements there's so much clean up possible afterwards last not least this is just less cold and this code is nicely contained in 1 file in 1 spot and not spread all over the all over the state there's a nice and simple API to call instead of fiddling with the eternal the the entire but we can actually remove that and absolute had checksum dense in the in the PC these press well what's the point of pre-calculated that there is no performance benefit at all it's all just remove the antenna checksum late in the output In those new I and II and 6 projects function and we only actually need to do that in the following case because the other 2 cases the software engine hold recalculation anyway at the same hospital for a technician anywhere we can't unfortunately not distinguish and the full of loading from the needs that to chivalric checksum offloading we could modify the drivers to signal that up but there's no point since calculating that is so cheap that checking the flag is almost all have shaken the flag is still somewhat provided does just that make a difference the British special case K using all over the statements about the biggest reason for the bridge special special case is gone gondolas there's just that brought us take remaining yes there know that picture actually for most of the so we briefly
touched the surface area this is such a complicated I would have lost a lot of hair over 240 human faster and we have to get technology Christian reluctant its many of them use the different a lot of acknowledgment for this because he was the 1st want to actually understand that redirect locals 1 and a very remember him and sitting there and explaining this us more than once and eventually be understood what was going on as well and just a couple of years later I started working on the he also that a lot of testing and finally have something working there was a
lot of help and support from like below pool of I think got this right that's might be and the as the and they did a lot of the testing from the last please because they have access to an axiom and I don't the I the 60 they check something was written by Kenneth but the ship so finding the TCP header and in in IP is that simple it's fixed also basically finding the TCP header and I music the function doesn't fit once during you have to you have to move over and over the chain of headers and hope that nothing was wrong so I'm working on this
since late felt tend there's been a lot of hackathons that that are used for this test in the eyes the 1 organized by that we've been enactment more than once organized field pop and the 1 true if into Ljubljana Slovenia everything in Budapest in Germany Portugal we just have been to New Zealand which was also and I really want to thank all the people that make this possible the other occasion merited making progress on those of the other conferences and so this European Siegel commercial break you're going to have furiously column of September and motto is really nice I so you do want to cut the call for papers is still open for another of the nineties or so that so we want speakers you already have plenty of submissions but more spent the but also want his music and course so just here Europe why good from whatever let's go location to tumult 0 by the way this conference you have
a higher you is bad enough that I have to explain the what was affected it'll last nite I think in the poem this a area of are there any questions all I forgot another commercial break the I still need jingle for this lineage single stop in the middle of the talk commercial break so if you want know more about you have there's also a book of the for the material you carry of 2 copies rates so i'd like deeply suggest you get a copy so also book 1st almost brand brand new absolute the 2nd Edition by Michael 1st I detect review review on both of these books so opposed to many of the other of just write something publishers and then and then figure out that they got it all wrong these are technically trained as close to correct is that as it gets onto the training of course yes so if you want that find Michael is going to sell to you to didn't get a 2nd working for free not In this work if you I do it all the all the stuff actually does not really get hurt because it doesn't that the difference between the CPU speed and the memory access is all that think there still the hit this is not remotely as big as you stuff there you forcefully disable the authority of the it's only once what is it's worth of I told you based on so is how have it is only in in sixties you way when those kind of everyone and everything you just mentioned has offloading that works yeah well it's attending course it's no it's it's the she chips that implement the proper full-offloading it's not the server chips that internalized ahead is this is really bad you are following for performance is not really any anymore it is question 1 the cost of some items in the marketing checklist FIL the what they were well I can tell you how I want us to recycle our suppliers the 95 more cause lower you higher but you don't want to exactly you don't get to pick its onboard anywhere on any more questions while this year my neighborhood is kind of crazy it is so might my never declared autonomy from the surroundings that a couple of years ago of course this is just the this being a job right but this kind of describes the the the feeling that in the area everything works like a tiny tiny tiny village everybody knows everybody but they're surrounded by the 2nd biggest city in Germany and Europe in the middle of so once a year they're having fixed rate for us and for some reason that we don't understand the City of Hamburg things we need to get a permit for this well we don't think so and we're doing this for more than 25 years now so each and every year that the fossils but the bigger than the year before to give you an idea of more than 10 thousand people throughout the and over the years b but recently got a little better like 5 years ago when was 1st the city of Hamburg sent us 4 thousand 500 policemen 7 more attendance 110 so what happens is they come in and around 10 PM they get everybody that walk the streets for 2 hours then that is off again the particles works for
no more questions
Christian I will also you can take all of your all of your backyard fucking ways we keep we keep calling the riot control police desireable calls because that's how they look and of the 1 year and look out of my area where even though and there's 2 of them standing in my garden but what a 2nd side of the door I don't think you want to view my garden serving you know that the house next door has been supported the whole thing stories you all abandoned building but nobody should have also has been declared squalid each and every year and at the evening everybody got hold the ball is closed but that for some reason they thought they had to do something about its sent policemen kick everybody and then just wait a 2nd you could not talk to the owner of the schooling so they desperately try reach couldn't then realized should we don't have any right to be in this building at all they have to go again and the people responded can back to what the real of understanding in my backyard science that we all don't wanna be here they keep need to secure the scene of whatever not in my backyard in but but but will you can sample that little sense style thing the there's a Bush behind it is going to have to work with not my problem they did develop put up a sign stepping on the long private of 4 people wearing uniforms the bonds of that however anybody have technical question anybody has therefore mu 2 or of OK then please by the books but different commercial by the host country reviews the gone is the goal of my hosted from a company you anything out biochemistry is it is to the later the foundation the kind you can be I
I don't know also you have to the value of and on the right I and
I'm not smart enough for that you know you can you OK all of them went to


  536 ms - page object


AV-Portal 3.20.1 (bea96f1033d39fbe77f82542458e108105398441)