qubes-mirage-firewall icon indicating copy to clipboard operation
qubes-mirage-firewall copied to clipboard

Published 20 hours ago verified publisher icon mirage

Checksum offload

Open talex5 opened this issue 8 years ago • 0 comments

Currently, we don't checksum incoming packets and we calculate the full checksum when doing NAT. This means:

  1. We may fail to detect invalid incoming packets (although hopefully NetVM will check that for us).
  2. We calculate checksums that aren't needed (packet is going internally, or the hardware could add it).
  1. Packets routed internally from one Linux VM to another might lose the flag saying the checksum is invalid.

The Mirage NETWORK interface should be extended to allow us to read and write the checksum flags so we can set things correctly.

talex5 avatar Jan 02 '16 21:01 talex5