[ovs-dev] [PATCH] Document map members as separate columns
Ben Pfaff
blp at nicira.com
Wed Sep 21 17:06:29 UTC 2011
On Tue, Sep 20, 2011 at 03:51:32PM -0700, Jesse Gross wrote:
> On Tue, Sep 20, 2011 at 2:42 PM, Ben Pfaff <blp at nicira.com> wrote:
> > [csum option]
>
> This only applies to GRE (and GRE over IPsec by extension, although
> that doesn't really make sense) but it's in the section for all
> tunnels. CAPWAP doesn't support checksums (and neither does vxlan
> when we implement it).
OK, here's an incremental:
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 4741113..4135a25 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -991,16 +991,6 @@
system default, typically 64). Default is the system default TTL.
</column>
- <column name="options" key="csum">
- Optional. Compute GRE checksums on outgoing packets. Checksums
- present on incoming packets will be validated regardless of this
- setting. Note that GRE checksums impose a significant performance
- penalty as they cover the entire packet. As the contents of the packet
- is typically covered by L3 and L4 checksums, this additional checksum
- only adds value for the GRE and encapsulated Ethernet headers. Default
- is disabled, set to <code>true</code> to enable.
- </column>
-
<column name="options" key="df_inherit">
Optional. If enabled, the Don't Fragment bit will be copied from the
inner IP headers (those of the encapsulated traffic) to the outer
@@ -1041,6 +1031,34 @@
</p>
</column>
+ <group title="Tunnel Options: gre and ipsec_gre only">
+ <p>
+ Only <code>gre</code> and <code>ipsec_gre</code> tunnels support
+ these options.
+ </p>
+
+ <column name="options" key="csum">
+ <p>
+ Optional. Compute GRE checksums on outgoing packets. Default is
+ disabled, set to <code>true</code> to enable. Checksums present on
+ incoming packets will be validated regardless of this setting.
+ </p>
+
+ <p>
+ GRE checksums impose a significant performance penalty because they
+ cover the entire packet. The encapsulated L3, L4, and L7 packet
+ contents typically have their own checksums, so this additional
+ checksum only adds value for the GRE and encapsulated L2 headers.
+ </p>
+
+ <p>
+ This option is supported for <code>ipsec_gre</code>, but not useful
+ because GRE checksums are weaker than, and redundant with, IPsec
+ payload authentication.
+ </p>
+ </column>
+ </group>
+
<group title="Tunnel Options: ipsec_gre only">
<p>
These options are supported only for <code>ipsec_gre</code> tunnels.
Thanks,
Ben.
More information about the dev
mailing list