On Thu, May 16, 2019 at 10:57 AM Jakub Kicinski <[email protected]> wrote: > > The preferred method of reporting the Layer 4 (TCP) checksum offload > for packets decrypted by the device is to update the checksum field > to the correct value for clear text and report CHECKSUM_UNNECESSARY > or CHECKSUM_COMPLETE computed over clear text. However, the exact > semantics of RX checksum offload when NIC performs data modification > are not clear and subject to change.
when host is consuming the tcp stream I don't see the value of tcp checksum on top tls. In that sense CHECKSUM_UNNECESSARY is fine and no need to update checksum field. Even in case of sockmap and tcp stream redirect it is still fine. Only the tcp payload being redirected to a different tcp socket and the headers are gone. So imo in all cases CHECKSUM_UNNECESSARY is fine even without adjustment to checksum field. Obviously the hw/firmware should have checked tcp csum before doing decrypt.
