All of lore.kernel.org
 help / color / mirror / Atom feed
From: Leon Romanovsky <leon@kernel.org>
To: Feng Wang <wangfe@google.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>,
	netdev@vger.kernel.org, herbert@gondor.apana.org.au,
	davem@davemloft.net
Subject: Re: [PATCH] [PATCH ipsec] xfrm: Store ipsec interface index
Date: Thu, 21 Mar 2024 11:32:48 +0200	[thread overview]
Message-ID: <20240321093248.GC14887@unreal> (raw)
In-Reply-To: <CADsK2K-WFG2+2NQ08xBq89ty-G-xcoV517Eq5D7kNePcT4z0MQ@mail.gmail.com>

On Wed, Mar 20, 2024 at 11:05:13AM -0700, Feng Wang wrote:
> Hi Steffen,
> 
> Thanks for your comment.  Firstly,  the patch is using the xfrm interface
> ID instead of network interface ID. Secondly, would you please point me to
> the 'packet offload drivers' in the kernel tree?

First, please don't reply to emails in top-post format.
Second, did you try to search for "packet offload drivers" in the kernel?
https://elixir.bootlin.com/linux/v6.8.1/source/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c#L1152

Thanks

> I want to understand how the offload driver can distinguish 2 ipsec
> sessions if two sessions accidentally have the same address/mask and proto
> values(same xfrm_selector)? The offload driver needs to find the
> corresponding encryption parameters to do the work.
> 
> Thank you for your help,
> 
> Feng
> 
> 
> 
> On Tue, Mar 19, 2024 at 9:33 PM Steffen Klassert <
> steffen.klassert@secunet.com> wrote:
> 
> > On Tue, Mar 19, 2024 at 10:15:13AM -0700, Feng Wang wrote:
> > > Hi Leon,
> > >
> > > There is no "packet offload driver" in the current kernel tree.  The
> > packet
> > > offload driver mostly is vendor specific, it implements hardware packet
> > > offload.
> >
> > There are 'packet offload drivers' in the kernel, that's why we
> > support this kind of offload. We don't add code for proprietary
> > drivers.
> >
> > > On Tue, Mar 19, 2024 at 1:42 AM Leon Romanovsky <leon@kernel.org> wrote:
> > >
> > > > On Mon, Mar 18, 2024 at 04:13:28PM -0700, Feng Wang wrote:
> > > > > From: wangfe <wangfe@google.com>
> > > > >
> > > > > When there are multiple ipsec sessions, packet offload driver
> > > > > can use the index to distinguish the packets from the different
> > > > > sessions even though xfrm_selector are same.
> > > >
> > > > Do we have such "packet offload driver" in the kernel tree?
> > > >
> > > > Thanks
> > > >
> > > > > Thus each packet is handled corresponding to its session parameter.
> > > > >
> > > > > Signed-off-by: wangfe <wangfe@google.com>
> > > > > ---
> > > > >  net/xfrm/xfrm_interface_core.c | 4 +++-
> > > > >  1 file changed, 3 insertions(+), 1 deletion(-)
> > > > >
> > > > > diff --git a/net/xfrm/xfrm_interface_core.c
> > > > b/net/xfrm/xfrm_interface_core.c
> > > > > index 21d50d75c260..996571af53e5 100644
> > > > > --- a/net/xfrm/xfrm_interface_core.c
> > > > > +++ b/net/xfrm/xfrm_interface_core.c
> > > > > @@ -506,7 +506,9 @@ xfrmi_xmit2(struct sk_buff *skb, struct
> > net_device
> > > > *dev, struct flowi *fl)
> > > > >       xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
> > > > >       skb_dst_set(skb, dst);
> > > > >       skb->dev = tdev;
> > > > > -
> > > > > +#ifdef CONFIG_XFRM_OFFLOAD
> > > > > +     skb->skb_iif = if_id;
> > > > > +#endif
> >
> > This looks wrong. The network interface ID is not the same as the xfrm
> > interface ID.
> >

  parent reply	other threads:[~2024-03-21  9:32 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-18 23:13 [PATCH] [PATCH ipsec] xfrm: Store ipsec interface index Feng Wang
2024-03-19  8:42 ` Leon Romanovsky
     [not found]   ` <CADsK2K_65Wytnr5y+5Biw=ebtb-+hO=K7hxhSNJd6X+q9nAieg@mail.gmail.com>
2024-03-20  4:33     ` Steffen Klassert
     [not found]       ` <CADsK2K-WFG2+2NQ08xBq89ty-G-xcoV517Eq5D7kNePcT4z0MQ@mail.gmail.com>
2024-03-21  9:32         ` Leon Romanovsky [this message]
     [not found]           ` <CADsK2K8=B=Yv4i6rzNdbuc-C6yc-pw6RSuRvKbsL2qYjsO9seg@mail.gmail.com>
2024-04-01 14:27             ` Leon Romanovsky
     [not found]               ` <CADsK2K-VLdiuxeP82bmuGvmU6z848mLpk+JBYdhXppOq0B76VA@mail.gmail.com>
2024-04-02  7:51                 ` Leon Romanovsky
     [not found]                   ` <CADsK2K8WvGmUdno5X=_ebNF1mzP9=kd1=ve31Tb5hSk+q4VTkg@mail.gmail.com>
2024-04-03  6:45                     ` Leon Romanovsky
2024-04-05 14:19                       ` Antony Antony

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240321093248.GC14887@unreal \
    --to=leon@kernel.org \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=netdev@vger.kernel.org \
    --cc=steffen.klassert@secunet.com \
    --cc=wangfe@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.