[RFC PATCH bpf-next v1 0/7] xdp: RX checksum metadata hint and checksum assertion over redirect
From: Vladimir Vdovin <hidden>
Date: 2026-06-30 19:17:55
Also in:
bpf
This series lets XDP programs work with the hardware RX checksum verdict: read what the NIC concluded about a packet, and carry a "the L4 checksum is correct" assertion across a redirect so the stack does not revalidate it in software. When an XDP program redirects a frame to a cpumap (or any other path that rebuilds an skb from an xdp_frame via __xdp_build_skb_from_frame()), the HW RX checksum status is lost and the stack revalidates the L4 checksum in software. Two kfuncs are added: - bpf_xdp_metadata_rx_csum(): a device-bound RX-metadata hint, like the existing rx_hash / rx_vlan_tag ones. It reports enum xdp_csum_status (XDP_CSUM_NONE / XDP_CSUM_VERIFIED) and is implemented for mlx5e, ice and veth. - bpf_xdp_assert_rx_csum(): a generic, non-device-bound kfunc that lets the program assert the L4 checksum is correct. It sets a buff flag that rides into the xdp_frame, and __xdp_build_skb_from_frame() turns it into skb->ip_summed = CHECKSUM_UNNECESSARY. The kernel cannot verify the assertion; the program takes responsibility, as it already does when rewriting packet contents. Posted as RFC to get feedback on: - whether the read hint (bpf_xdp_metadata_rx_csum() and its driver support) belongs in this series at all. bpf_xdp_assert_rx_csum() is self-contained and already covers the main use case: a program that computes or fixes the L4 checksum itself, or trusts the source, and wants the rebuilt skb to skip software revalidation. The read hint is an optimization for programs that did not touch the payload and only want to relay the hardware verdict. These could just as well be two independent series (assert-only first); - the kfunc naming, bpf_xdp_assert_rx_csum() in particular. Testing: - new selftest xdp_cpumap_rx_csum drives a frame through a native-XDP veth into a cpumap redirect and checks, via fexit on __xdp_build_skb_from_frame(), that the rebuilt skb is CHECKSUM_UNNECESSARY iff the program called bpf_xdp_assert_rx_csum(); - xdp_metadata calls bpf_xdp_metadata_rx_csum() over veth and checks both verdicts: XDP_CSUM_NONE for an AF_XDP-injected frame and XDP_CSUM_VERIFIED for one sent through the stack. Vladimir Vdovin (7): xdp: let XDP programs assert the RX checksum over redirect selftests/bpf: add test for bpf_xdp_assert_rx_csum over cpumap xdp: add bpf_xdp_metadata_rx_csum() RX metadata kfunc net/mlx5e: support the rx_csum XDP metadata hint ice: support the rx_csum XDP metadata hint veth: support the rx_csum XDP metadata hint selftests/bpf: cover bpf_xdp_metadata_rx_csum in xdp_metadata Documentation/netlink/specs/netdev.yaml | 5 + drivers/net/ethernet/intel/ice/ice_txrx_lib.c | 32 ++++ .../net/ethernet/mellanox/mlx5/core/en/xdp.c | 23 +++ drivers/net/veth.c | 23 +++ include/net/xdp.h | 23 +++ include/uapi/linux/netdev.h | 3 + net/core/xdp.c | 73 ++++++++- tools/include/uapi/linux/netdev.h | 3 + .../bpf/prog_tests/xdp_cpumap_rx_csum.c | 150 ++++++++++++++++++ .../selftests/bpf/prog_tests/xdp_metadata.c | 10 ++ .../selftests/bpf/progs/bpf_tracing_net.h | 1 + .../bpf/progs/test_xdp_cpumap_rx_csum.c | 51 ++++++ .../selftests/bpf/progs/xdp_metadata.c | 9 ++ tools/testing/selftests/bpf/xdp_metadata.h | 8 + 14 files changed, 412 insertions(+), 2 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/xdp_cpumap_rx_csum.c create mode 100644 tools/testing/selftests/bpf/progs/test_xdp_cpumap_rx_csum.c base-commit: f456c1922c49e6be5ce407ddb74a6e61af5b65cf -- 2.47.0