From: Leon Romanovsky <leon@kernel.org>
To: steffen.klassert@secunet.com
Cc: Mike Yu <yumike@google.com>,
netdev@vger.kernel.org, stanleyjhu@google.com,
martinwu@google.com, chiachangwang@google.com
Subject: Re: [PATCH ipsec v3 0/4] Support IPsec crypto offload for IPv6 ESP and IPv4 UDP-encapsulated ESP data paths
Date: Thu, 11 Jul 2024 12:52:08 +0300 [thread overview]
Message-ID: <20240711095208.GN6668@unreal> (raw)
In-Reply-To: <20240710111654.4085575-1-yumike@google.com>
On Wed, Jul 10, 2024 at 07:16:50PM +0800, Mike Yu wrote:
> Currently, IPsec crypto offload is enabled for GRO code path. However, there
> are other code paths where the XFRM stack is involved; for example, IPv6 ESP
> packets handled by xfrm6_esp_rcv() in ESP layer, and IPv4 UDP-encapsulated
> ESP packets handled by udp_rcv() in UDP layer.
>
> This patchset extends the crypto offload support to cover these two cases.
> This is useful for devices with traffic accounting (e.g., Android), where GRO
> can lead to inaccurate accounting on the underlying network. For example, VPN
> traffic might not be counted on the wifi network interface wlan0 if the packets
> are handled in GRO code path before entering the network stack for accounting.
>
> Below is the RX data path scenario the crypto offload can be applied to.
>
> +-----------+ +-------+
> | HW Driver |-->| wlan0 |--------+
> +-----------+ +-------+ |
> v
> +---------------+ +------+
> +------>| Network Stack |-->| Apps |
> | +---------------+ +------+
> | |
> | v
> +--------+ +------------+
> | ipsec1 |<--| XFRM Stack |
> +--------+ +------------+
>
> v2 -> v3:
> - Correct ESP seq in esp_xmit().
> v1 -> v2:
> - Fix comment style.
>
> Mike Yu (4):
> xfrm: Support crypto offload for inbound IPv6 ESP packets not in GRO
> path
> xfrm: Allow UDP encapsulation in crypto offload control path
> xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP
> packet
> xfrm: Support crypto offload for outbound IPv4 UDP-encapsulated ESP
> packet
>
> net/ipv4/esp4.c | 8 +++++++-
> net/ipv4/esp4_offload.c | 17 ++++++++++++++++-
> net/xfrm/xfrm_device.c | 6 +++---
> net/xfrm/xfrm_input.c | 3 ++-
> net/xfrm/xfrm_policy.c | 5 ++++-
> 5 files changed, 32 insertions(+), 7 deletions(-)
Steffen,
If it helps, we tested v2 version and it didn't break anything for us :).
But we didn't test this specific functionality.
Thanks
>
> --
> 2.45.2.803.g4e1b14247a-goog
>
>
next prev parent reply other threads:[~2024-07-11 9:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-10 11:16 [PATCH ipsec v3 0/4] Support IPsec crypto offload for IPv6 ESP and IPv4 UDP-encapsulated ESP data paths Mike Yu
2024-07-10 11:16 ` [PATCH ipsec v3 1/4] xfrm: Support crypto offload for inbound IPv6 ESP packets not in GRO path Mike Yu
2024-07-10 11:16 ` [PATCH ipsec v3 2/4] xfrm: Allow UDP encapsulation in crypto offload control path Mike Yu
2024-07-10 11:16 ` [PATCH ipsec v3 3/4] xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP packet Mike Yu
2024-07-10 11:16 ` [PATCH ipsec v3 4/4] xfrm: Support crypto offload for outbound " Mike Yu
2024-07-11 9:52 ` Leon Romanovsky [this message]
2024-07-11 10:11 ` [PATCH ipsec v3 0/4] Support IPsec crypto offload for IPv6 ESP and IPv4 UDP-encapsulated ESP data paths Steffen Klassert
2024-07-12 3:02 ` Mike Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240711095208.GN6668@unreal \
--to=leon@kernel.org \
--cc=chiachangwang@google.com \
--cc=martinwu@google.com \
--cc=netdev@vger.kernel.org \
--cc=stanleyjhu@google.com \
--cc=steffen.klassert@secunet.com \
--cc=yumike@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).