From: Leon Romanovsky <leon@kernel.org>
To: David Ahern <dsahern@kernel.org>
Cc: Tariq Toukan <tariqt@nvidia.com>,
Stephen Hemminger <stephen@networkplumber.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Jiri Pirko <jiri@nvidia.com>,
Dima Chumak <dchumak@nvidia.com>,
Jakub Kicinski <kuba@kernel.org>,
Saeed Mahameed <saeedm@nvidia.com>,
netdev@vger.kernel.org
Subject: Re: [PATCH iproute2-next V3 1/2] devlink: Support setting port function ipsec_crypto cap
Date: Tue, 3 Oct 2023 21:05:57 +0300 [thread overview]
Message-ID: <20231003180557.GC51282@unreal> (raw)
In-Reply-To: <0a1ed293-c709-eb93-f534-88d11e450a5f@kernel.org>
On Tue, Oct 03, 2023 at 08:46:51AM -0600, David Ahern wrote:
> On 10/2/23 4:43 AM, Tariq Toukan wrote:
> > From: Dima Chumak <dchumak@nvidia.com>
> >
> > Support port function commands to enable / disable IPsec crypto
> > offloads, this is used to control the port IPsec device capabilities.
> >
> > When IPsec crypto capability is disabled for a function of the port
> > (default), function cannot offload IPsec operation. When enabled, IPsec
> > operation can be offloaded by the function of the port.
> >
> > Enabling IPsec crypto offloads lets the kernel to delegate XFRM state
> > processing and encrypt/decrypt operation to the device hardware.
> >
> > Example of a PCI VF port which supports IPsec crypto offloads:
> >
> > $ devlink port show pci/0000:06:00.0/1
> > pci/0000:06:00.0/1: type eth netdev enp6s0pf0vf0 flavour pcivf pfnum 0 vfnum 0
> > function:
> > hw_addr 00:00:00:00:00:00 roce enable ipsec_crypto disable
> >
> > $ devlink port function set pci/0000:06:00.0/1 ipsec_crypto enable
> >
> > $ devlink port show pci/0000:06:00.0/1
> > pci/0000:06:00.0/1: type eth netdev enp6s0pf0vf0 flavour pcivf pfnum 0 vfnum 0
> > function:
> > hw_addr 00:00:00:00:00:00 roce enable ipsec_crypto enable
> >
>
> Why not just 'ipsec' instead of 'ipsec_crypto'? What value does the
> extra '_crypto' provide?
There are two IPsec offloaded modes: crypto offload and packet offload.
They need to be separated and can operate independently as these modes
per-SA/policy.
To make it more clear to users, we are using ipsec_crypto to be
explicit.
Thanks
>
>
>
next prev parent reply other threads:[~2023-10-03 18:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-02 10:43 [PATCH iproute2-next V3 0/2] devlink: Add port function attributes for ipsec Tariq Toukan
2023-10-02 10:43 ` [PATCH iproute2-next V3 1/2] devlink: Support setting port function ipsec_crypto cap Tariq Toukan
2023-10-03 14:46 ` David Ahern
2023-10-03 18:05 ` Leon Romanovsky [this message]
2023-10-02 10:43 ` [PATCH iproute2-next V3 2/2] devlink: Support setting port function ipsec_packet cap Tariq Toukan
2023-10-04 15:30 ` [PATCH iproute2-next V3 0/2] devlink: Add port function attributes for ipsec patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231003180557.GC51282@unreal \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=dchumak@nvidia.com \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
--cc=stephen@networkplumber.org \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.