[ovs-dev] [PATCH] Document map members as separate columns

Ben Pfaff blp at nicira.com
Wed Sep 21 17:06:29 UTC 2011 

On Tue, Sep 20, 2011 at 03:51:32PM -0700, Jesse Gross wrote:
> On Tue, Sep 20, 2011 at 2:42 PM, Ben Pfaff <blp at nicira.com> wrote:
> > [csum option]
>
> This only applies to GRE (and GRE over IPsec by extension, although
> that doesn't really make sense) but it's in the section for all
> tunnels.  CAPWAP doesn't support checksums (and neither does vxlan
> when we implement it).

OK, here's an incremental:

diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 4741113..4135a25 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -991,16 +991,6 @@
         system default, typically 64).  Default is the system default TTL.
       </column>
       
-      <column name="options" key="csum">
-        Optional.  Compute GRE checksums on outgoing packets.  Checksums
-        present on incoming packets will be validated regardless of this
-        setting.  Note that GRE checksums impose a significant performance
-        penalty as they cover the entire packet.  As the contents of the packet
-        is typically covered by L3 and L4 checksums, this additional checksum
-        only adds value for the GRE and encapsulated Ethernet headers.  Default
-        is disabled, set to <code>true</code> to enable.
-      </column>
-
       <column name="options" key="df_inherit">
         Optional.  If enabled, the Don't Fragment bit will be copied from the
         inner IP headers (those of the encapsulated traffic) to the outer
@@ -1041,6 +1031,34 @@
         </p>
       </column>
 
+      <group title="Tunnel Options: gre and ipsec_gre only">
+        <p>
+          Only <code>gre</code> and <code>ipsec_gre</code> tunnels support
+          these options.
+        </p>
+
+        <column name="options" key="csum">
+          <p>
+            Optional.  Compute GRE checksums on outgoing packets.  Default is
+            disabled, set to <code>true</code> to enable.  Checksums present on
+            incoming packets will be validated regardless of this setting.
+	  </p>
+
+	  <p>
+	    GRE checksums impose a significant performance penalty because they
+	    cover the entire packet.  The encapsulated L3, L4, and L7 packet
+	    contents typically have their own checksums, so this additional
+	    checksum only adds value for the GRE and encapsulated L2 headers.
+          </p>
+
+          <p>
+	    This option is supported for <code>ipsec_gre</code>, but not useful
+	    because GRE checksums are weaker than, and redundant with, IPsec
+	    payload authentication.
+          </p>
+        </column>
+      </group>
+
       <group title="Tunnel Options: ipsec_gre only">
         <p>
           These options are supported only for <code>ipsec_gre</code> tunnels.

Thanks,

Ben.

More information about the dev mailing list