Re: [PATCH] xfrm: add SA information to the offloaded packet

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Leon Romanovsky <leon@kernel.org>
To: Feng Wang <wangfe@google.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>,
	netdev@vger.kernel.org, antony.antony@secunet.com
Subject: Re: [PATCH] xfrm: add SA information to the offloaded packet
Date: Fri, 30 Aug 2024 17:30:51 +0300	[thread overview]
Message-ID: <20240830143051.GA4000@unreal> (raw)
In-Reply-To: <CADsK2K8KqJThB3pkz7oAZT_4yXgy8v89TK83W50KaR-VSSKjOg@mail.gmail.com>

On Thu, Aug 29, 2024 at 02:19:25PM -0700, Feng Wang wrote:
> Hi Leon,
> 
> Thank you again for your thoughtful questions and comments. I'd like
> to provide further clarification and address your points:
> 
> SA Information Usage:
> 
> There are several instances in the kernel code where it's used, such
> as in esp4(6)_offload.c and xfrm.c. This clearly demonstrates how SA
> information is used. Moreover, passing this information to the driver
> shouldn't negatively impact those drivers that don't require it.
> Regarding a driver example, the function mlx5e_ipsec_feature_check
> caught my attention.
> https://elixir.bootlin.com/linux/v6.10/source/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h#L89)
> As you're more familiar with this codebase, I defer to your expertise
> on whether it's an appropriate sample. 

This function is not involved when packet is going to be offloaded for "IPsec packet offload".

> However, the crucial point is that including this information empowers certain drivers to leverage
> it without affecting those that don't need it.

Can you please provide a list of drivers that will benefit from this change?
Can you give a complete flow (including driver) which didn't work before
and will work after this change?

> 
> validate_xmit_xfrm Function:
> My primary goal in discussing the validate_xmit_xfrm function is to
> assure you that my patch maintains the existing packet offload code
> flow, avoiding any unintended disruption.

The whole idea of packet offload is to skip everything in XFRM stack and
present packet as plain text.

> 
> State Release:
> I've noticed that secpath_reset() is called before xfrm_output(). The
> sequence seems to be: xfrmi_xmit2 -> xfrmi_scrub_packet ->
> secpath_reset(), followed by xfrmi_xmit2 calling dst_output, which is
> essentially xfrm_output().
> I'm also open to moving the xfrm_state_hold(x) after the if (!xo)
> check block. This would ensure the state is held only when everything
> is ok. I'll gladly make this adjustment if you believe it's the better
> option.
> 
> Thank you once again for your valuable insights and collaboration.
> Your feedback is greatly appreciated!
> 
> Feng
>

next prev parent reply	other threads:[~2024-08-30 14:30 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-22 20:02 [PATCH] xfrm: add SA information to the offloaded packet Feng Wang
2024-08-28  5:32 ` Steffen Klassert
2024-08-28 11:26   ` Leon Romanovsky
2024-08-28 21:25     ` Feng Wang
2024-08-29 10:38       ` Leon Romanovsky
2024-08-29 21:19         ` Feng Wang
2024-08-30 14:30           ` Leon Romanovsky [this message]
2024-08-31  0:27             ` Feng Wang
2024-08-31 17:36               ` Leon Romanovsky
2024-08-31 17:39   ` Leon Romanovsky
2024-09-02  7:44     ` Steffen Klassert
2024-09-02  9:44       ` Leon Romanovsky
2024-09-03 18:19         ` Feng Wang
2024-09-03 19:04           ` Leon Romanovsky
2024-09-04 17:41             ` Feng Wang
2024-09-05  7:49               ` Leon Romanovsky
2024-09-05 18:18                 ` Feng Wang
2024-09-09  9:09         ` Steffen Klassert
2024-09-09 10:02           ` Steffen Klassert
2024-09-11 10:40           ` Leon Romanovsky
2024-09-11 23:43             ` Feng Wang
2024-09-16  8:10               ` Leon Romanovsky
2024-09-24 10:07               ` Steffen Klassert
2024-09-24 10:34             ` Steffen Klassert
2024-09-24 17:57               ` Feng Wang
2024-09-24 18:10                 ` Steffen Klassert
2024-09-25  8:19                   ` Leon Romanovsky
2024-09-25  8:29               ` Leon Romanovsky
2024-09-02  7:47 ` Steffen Klassert
  -- strict thread matches above, loose matches on Subject: below --
2024-11-12 19:22 Feng Wang
2024-11-14 10:27 ` Leon Romanovsky
2024-11-18 19:28   ` Feng Wang
2024-11-19 12:51     ` Leon Romanovsky
2024-11-19 19:15   ` Feng Wang
2024-08-12 18:23 Feng Wang
2024-08-19  6:06 ` Steffen Klassert
2024-08-22 20:11   ` Feng Wang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240830143051.GA4000@unreal \
    --to=leon@kernel.org \
    --cc=antony.antony@secunet.com \
    --cc=netdev@vger.kernel.org \
    --cc=steffen.klassert@secunet.com \
    --cc=wangfe@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.