From: Antony Antony <antony.antony@secunet.com>
To: Leon Romanovsky <leon@kernel.org>
Cc: Feng Wang <wangfe@google.com>, <netdev@vger.kernel.org>,
<steffen.klassert@secunet.com>, <antony.antony@secunet.com>
Subject: Re: [PATCH 1/2] xfrm: add SA information to the offloaded packet
Date: Wed, 6 Nov 2024 14:41:11 +0100 [thread overview]
Message-ID: <Zytx9xmqgHQ7eMPa@moon.secunet.de> (raw)
In-Reply-To: <20241106121724.GB5006@unreal>
> On Tue, Nov 05, 2024 at 03:41:15PM -0800, Feng Wang wrote:
> > Hi Leon,
> > I checked the current tree and there are no drivers who support packet
> > offload. Even for the mlx5 driver, it only supports crypto offload
> > mode.
>
> I don't know what to add here. We already had this discussion for more
> than once.
> https://lore.kernel.org/all/ZfpnCIv+8eYd7CpO@gauss3.secunet.de/
> Let's me cite Steffen:
>
> "There are 'packet offload drivers' in the kernel, that's why we
> support this kind of offload."
>
> > If I miss anything, please let me know.
> > Since the driver only requires the Security Association (SA) to
> > perform the necessary transformations, policy information is not
> > needed. Storing policy information, matching the policy and checking
> > the if_id within the driver wouldn't provide much benefit.
>
> You need to make sure that policy and SA has match in their selectors,
> and IMHO you can't add support to SA without adding same support to
> policy.
when a packet enters an XFRMi, xfrm_lookup_with_ifid() is called?
What does that call return, incase of packet offload?
My guess is that call is returning NULL and that is why Feng is trying hard code
state here?
I imagine the policy may not match because that policy has
offload packet? May be this look up need to handle packet offload?
>
> > It would increase CPU and memory usage without a clear advantage.
> > For all other suggestions, I totally agree with you.
> >
> > Thanks,
> > Feng
next prev parent reply other threads:[~2024-11-06 13:47 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-04 23:32 [PATCH 1/2] xfrm: add SA information to the offloaded packet Feng Wang
2024-11-05 7:32 ` Leon Romanovsky
2024-11-05 23:41 ` Feng Wang
2024-11-06 12:17 ` Leon Romanovsky
2024-11-06 13:41 ` Antony Antony [this message]
2024-11-07 0:14 ` Feng Wang
2024-11-07 8:52 ` Antony Antony
2024-11-07 11:50 ` Leon Romanovsky
2024-11-08 0:32 ` Feng Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zytx9xmqgHQ7eMPa@moon.secunet.de \
--to=antony.antony@secunet.com \
--cc=leon@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=wangfe@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.