public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed
From: Leon Romanovsky <leon@kernel.org>
To: Sabrina Dubroca <sd@queasysnail.net>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	Steffen Klassert <steffen.klassert@secunet.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Simon Horman <horms@kernel.org>, Ilan Tayari <ilant@mellanox.com>,
	Guy Shapiro <guysh@mellanox.com>,
	Yossi Kuperman <yossiku@mellanox.com>,
	Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH net] xfrm: always flush state and policy upon NETDEV_DOWN/NETDEV_UNREGISTER events
Date: Sun, 1 Feb 2026 15:12:53 +0200	[thread overview]
Message-ID: <20260201131253.GD34749@unreal> (raw)
In-Reply-To: <aXuFTJZ3SvaCBXj5@krikkit>

On Thu, Jan 29, 2026 at 05:05:32PM +0100, Sabrina Dubroca wrote:
> 2026-01-29, 19:16:30 +0900, Tetsuo Handa wrote:
> > On 2026/01/29 18:09, Leon Romanovsky wrote:
> > > On Thu, Jan 29, 2026 at 05:06:08PM +0900, Tetsuo Handa wrote:
> > >> On 2026/01/28 21:35, Leon Romanovsky wrote:
> > >>> On Wed, Jan 28, 2026 at 07:44:02PM +0900, Tetsuo Handa wrote:
> > >>>> On 2026/01/28 19:24, Leon Romanovsky wrote:
> > >>>>> I think this can work, but IMHO the more robust approach is to ensure that all
> > >>>>> states and policies are removed when the NETIF_F_HW_ESP feature bit is cleared.
> > >>>>
> > >>>> The transaction will become complicated, for dev->features manipulation
> > >>>> function can fail.
> > >>>
> > >>> Line above returning NOTIFY_OK, check that NETIF_F_HW_ESP is cleared,
> > >>> and remove everything.
> > >>
> > >> That answer needs more clarification. I came to get confused about what we should do.
> > >>
> > >> Question 1:
> > >>
> > >>   Since NETIF_F_HW_ESP is a hardware dependent flag, not all "struct net_device"
> > >>   support NETIF_F_HW_ESP flag. Is this interpretation correct?
> > > 
> > > Yes, however any device (SW or HW) should set this flag if they want to
> > > provide IPsec offload.
> > 
> > OK. There are "IPsec with offload" and "IPsec without offload".
> > Both cases use code in net/xfrm/ directory.
> > 
> > Users (not the kernel source but Linux administrator) can choose
> > "IPsec without offload" by clearing the NETIF_F_HW_ESP bit via
> > "ethtool -K $dev esp-hw-offload off" command even if $dev supports
> > both "IPsec with offload" and "IPsec without offload".
> 
> We should avoid talking about "IPsec with/without offload" when this
> can mean multiple different things:
> 
>  - ip xfrm state add ... offload ...
>    (and the offload request actually succeeded)
>  - packet going through all the offload code and to the device
>  - device with NETIF_F_HW_ESP set in dev->features
>  - device with ->xdo_dev_state_add
> 
> (I'm probably forgetting a few more)

At least for me, "IPsec with offload" means all together:
device has ->xdo_dev_state_add + NETIF_F_HW_ESP bit + "ip xfrm state add ... offload
..."

I don't think that it is correct thing to adapt core code to something
specific to netdevsim which was introduced to emulate missing HW device.
Like in real HW device, the expectation is to have NETIF_F_HW_ESP bit,
we should have that bit in netdevsim too.

Thanks

  reply	other threads:[~2026-02-01 13:12 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-27 15:32 [PATCH net] xfrm: always flush state and policy upon NETDEV_DOWN/NETDEV_UNREGISTER events Tetsuo Handa
2026-01-28 10:24 ` Leon Romanovsky
2026-01-28 10:44   ` Tetsuo Handa
2026-01-28 12:35     ` Leon Romanovsky
2026-01-29  8:06       ` Tetsuo Handa
2026-01-29  9:09         ` Leon Romanovsky
2026-01-29 10:16           ` Tetsuo Handa
2026-01-29 10:32             ` Tetsuo Handa
2026-01-29 16:05             ` Sabrina Dubroca
2026-02-01 13:12               ` Leon Romanovsky [this message]
2026-02-01 14:17                 ` Tetsuo Handa
2026-01-29 15:59         ` Sabrina Dubroca

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260201131253.GD34749@unreal \
    --to=leon@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=guysh@mellanox.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=horms@kernel.org \
    --cc=ilant@mellanox.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=sd@queasysnail.net \
    --cc=steffen.klassert@secunet.com \
    --cc=yossiku@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox