From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19620C4332F for ; Tue, 22 Nov 2022 06:28:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231792AbiKVG2U (ORCPT ); Tue, 22 Nov 2022 01:28:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229728AbiKVG2R (ORCPT ); Tue, 22 Nov 2022 01:28:17 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD2F512771 for ; Mon, 21 Nov 2022 22:27:54 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 86FCDB8122F for ; Tue, 22 Nov 2022 06:27:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A5A6CC433D6; Tue, 22 Nov 2022 06:27:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1669098472; bh=MH/yqZD3LWWVAMcNMt6lFR86KMSWUyjyKO1yYV67qNs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=oviZiir+KXmCiNBf0drGAYt5D5vN49gNPPGyOKKSAwVxOUBeL8DPuQj/YDsEDTpYt 9dRuYPmcFl0FWcQw5QSbDu1FLXfQ5ywaUJr1fmHdmi/SjRVuK0Xyitj176VkfRLYUe NbtoettThsdYmA7hsjK/qMgITTLDIVinc8eRQ7btr0rxdMTOrotoChNl+gIvSSm4fL hAZOt6Y/3JmWOjB6hsZKxv+5sX6LpYaDc4zFlzAHQkPVB/mvHNk9XHGsfsNxgud42M jWKHvpN6vWVdfGbZmwR7p2cUnkUjFWnHkdKn6onVZgWiVqyCHsFc7pIKO/61AszRQe QK0HFS1+ECZmQ== Date: Tue, 22 Nov 2022 08:27:48 +0200 From: Leon Romanovsky To: Herbert Xu Cc: Steffen Klassert , "David S. Miller" , Eric Dumazet , Jakub Kicinski , netdev@vger.kernel.org Subject: Re: [PATCH xfrm-next v7 6/8] xfrm: speed-up lookup of HW policies Message-ID: References: <20221121094404.GU704954@gauss3.secunet.de> <20221121110926.GV704954@gauss3.secunet.de> <20221121112521.GX704954@gauss3.secunet.de> <20221121121040.GY704954@gauss3.secunet.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Tue, Nov 22, 2022 at 12:29:12PM +0800, Herbert Xu wrote: > On Mon, Nov 21, 2022 at 03:21:45PM +0200, Leon Romanovsky wrote: > > > > The thing is that this SW acquire flow is a fraction case, as it applies > > to locally generated traffic. > > A router can trigger an acquire on forwarded packets too. Without > larvals this could quickly overwhelm the router. This series doesn't support tunnel mode yet. Maybe I was not clear, but I wanted to say what in eswitch case and tunnel mode, the packets will be handled purely by HW without raising into SW core. It is so called transparent IPsec, where all configuration is done on hypervisor, so VMs connected through eswitch will get already decrypted traffic which is routed through eswitch NIC logic without passing hypervisor data path. Steffen expected to see changes to acquire logic as part of this series and in my explanation, I tried to explain why it is not needed now and how will it be implemented later. Thanks > > Cheers, > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt