Re: [RFC PATCH bpf-next v1 0/7] xdp: RX checksum metadata hint and checksum assertion over redirect
From: Lorenzo Bianconi <lorenzo@kernel.org>
Date: 2026-06-30 22:16:52
Also in:
bpf
On Jun 30, Stanislav Fomichev wrote:
On 06/30, Vladimir Vdovin wrote:quoted
This series lets XDP programs work with the hardware RX checksum verdict: read what the NIC concluded about a packet, and carry a "the L4 checksum is correct" assertion across a redirect so the stack does not revalidate it in software. When an XDP program redirects a frame to a cpumap (or any other path that rebuilds an skb from an xdp_frame via __xdp_build_skb_from_frame()), the HW RX checksum status is lost and the stack revalidates the L4 checksum in software. Two kfuncs are added: - bpf_xdp_metadata_rx_csum(): a device-bound RX-metadata hint, like the existing rx_hash / rx_vlan_tag ones. It reports enum xdp_csum_status (XDP_CSUM_NONE / XDP_CSUM_VERIFIED) and is implemented for mlx5e, ice and veth. - bpf_xdp_assert_rx_csum(): a generic, non-device-bound kfunc that lets the program assert the L4 checksum is correct. It sets a buff flag that rides into the xdp_frame, and __xdp_build_skb_from_frame() turns it into skb->ip_summed = CHECKSUM_UNNECESSARY. The kernel cannot verify the assertion; the program takes responsibility, as it already does when rewriting packet contents. Posted as RFC to get feedback on: - whether the read hint (bpf_xdp_metadata_rx_csum() and its driver support) belongs in this series at all. bpf_xdp_assert_rx_csum() is self-contained and already covers the main use case: a program that computes or fixes the L4 checksum itself, or trusts the source, and wants the rebuilt skb to skip software revalidation. The read hint is an optimization for programs that did not touch the payload and only want to relay the hardware verdict. These could just as well be two independent series (assert-only first); - the kfunc naming, bpf_xdp_assert_rx_csum() in particular. Testing: - new selftest xdp_cpumap_rx_csum drives a frame through a native-XDP veth into a cpumap redirect and checks, via fexit on __xdp_build_skb_from_frame(), that the rebuilt skb is CHECKSUM_UNNECESSARY iff the program called bpf_xdp_assert_rx_csum(); - xdp_metadata calls bpf_xdp_metadata_rx_csum() over veth and checks both verdicts: XDP_CSUM_NONE for an AF_XDP-injected frame and XDP_CSUM_VERIFIED for one sent through the stack.This was posted somewhat recently from Lorenzo (and had a fair bit of discussion), but there haven't been a follow up: https://lore.kernel.org/bpf/20260217-bpf-xdp-meta-rxcksum-v3-0-30024c50ba71@kernel.org/ (local)
Hi Vladimir and Stanislav, AFAIK in my series we are just missing the drv self-test requested by Jakub. I have not the time to look into it yet. @Vladimir: if you have any free-cycles, do you agree to introduce the missing test requested by Jakub to my series? Thanks in advance. Regards, Lorenzo
Attachments
- signature.asc [application/pgp-signature] 228 bytes