From: Leon Romanovsky <leon@kernel.org>
To: David Ahern <dsahern@kernel.org>
Cc: Tariq Toukan <tariqt@nvidia.com>,
Stephen Hemminger <stephen@networkplumber.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Jiri Pirko <jiri@nvidia.com>,
Dima Chumak <dchumak@nvidia.com>,
Jakub Kicinski <kuba@kernel.org>,
Saeed Mahameed <saeedm@nvidia.com>,
netdev@vger.kernel.org
Subject: Re: [PATCH iproute2-next V3 1/2] devlink: Support setting port function ipsec_crypto cap
Date: Tue, 3 Oct 2023 21:05:57 +0300 [thread overview]
Message-ID: <20231003180557.GC51282@unreal> (raw)
In-Reply-To: <0a1ed293-c709-eb93-f534-88d11e450a5f@kernel.org>
On Tue, Oct 03, 2023 at 08:46:51AM -0600, David Ahern wrote:
> On 10/2/23 4:43 AM, Tariq Toukan wrote:
> > From: Dima Chumak <dchumak@nvidia.com>
> >
> > Support port function commands to enable / disable IPsec crypto
> > offloads, this is used to control the port IPsec device capabilities.
> >
> > When IPsec crypto capability is disabled for a function of the port
> > (default), function cannot offload IPsec operation. When enabled, IPsec
> > operation can be offloaded by the function of the port.
> >
> > Enabling IPsec crypto offloads lets the kernel to delegate XFRM state
> > processing and encrypt/decrypt operation to the device hardware.
> >
> > Example of a PCI VF port which supports IPsec crypto offloads:
> >
> > $ devlink port show pci/0000:06:00.0/1
> > pci/0000:06:00.0/1: type eth netdev enp6s0pf0vf0 flavour pcivf pfnum 0 vfnum 0
> > function:
> > hw_addr 00:00:00:00:00:00 roce enable ipsec_crypto disable
> >
> > $ devlink port function set pci/0000:06:00.0/1 ipsec_crypto enable
> >
> > $ devlink port show pci/0000:06:00.0/1
> > pci/0000:06:00.0/1: type eth netdev enp6s0pf0vf0 flavour pcivf pfnum 0 vfnum 0
> > function:
> > hw_addr 00:00:00:00:00:00 roce enable ipsec_crypto enable
> >
>
> Why not just 'ipsec' instead of 'ipsec_crypto'? What value does the
> extra '_crypto' provide?
There are two IPsec offloaded modes: crypto offload and packet offload.
They need to be separated and can operate independently as these modes
per-SA/policy.
To make it more clear to users, we are using ipsec_crypto to be
explicit.
Thanks
>
>
>
next prev parent reply other threads:[~2023-10-03 18:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-02 10:43 [PATCH iproute2-next V3 0/2] devlink: Add port function attributes for ipsec Tariq Toukan
2023-10-02 10:43 ` [PATCH iproute2-next V3 1/2] devlink: Support setting port function ipsec_crypto cap Tariq Toukan
2023-10-03 14:46 ` David Ahern
2023-10-03 18:05 ` Leon Romanovsky [this message]
2023-10-02 10:43 ` [PATCH iproute2-next V3 2/2] devlink: Support setting port function ipsec_packet cap Tariq Toukan
2023-10-04 15:30 ` [PATCH iproute2-next V3 0/2] devlink: Add port function attributes for ipsec patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231003180557.GC51282@unreal \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=dchumak@nvidia.com \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
--cc=stephen@networkplumber.org \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).