* [PATCH net] Bonding: update bond device XFRM features based on current active slave
@ 2024-09-18 8:35 Hangbin Liu
2024-09-18 9:40 ` Nikolay Aleksandrov
2024-09-24 13:17 ` Paolo Abeni
0 siblings, 2 replies; 5+ messages in thread
From: Hangbin Liu @ 2024-09-18 8:35 UTC (permalink / raw)
To: netdev
Cc: Jay Vosburgh, Andy Gospodarek, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Jarod Wilson, Nikolay Aleksandrov,
Simon Horman, linux-kernel, Hangbin Liu
XFRM offload is supported in active-backup mode. However, if the current
active slave does not support it, we should disable it on bond device.
Otherwise, ESP traffic may fail due to the downlink not supporting the
feature.
Reproducer:
# ip link add bond0 type bond
# ip link add type veth
# ip link set bond0 type bond mode 1 miimon 100
# ip link set veth0 master bond0
# ethtool -k veth0 | grep esp
tx-esp-segmentation: off [fixed]
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
# ethtool -k bond0 | grep esp
tx-esp-segmentation: on
esp-hw-offload: on
esp-tx-csum-hw-offload: on
After fix:
# ethtool -k bond0 | grep esp
tx-esp-segmentation: off [requested on]
esp-hw-offload: off [requested on]
esp-tx-csum-hw-offload: off [requested on]
Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
drivers/net/bonding/bond_main.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index b560644ee1b1..33f7fde15c65 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -1353,6 +1353,10 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active)
call_netdevice_notifiers(NETDEV_NOTIFY_PEERS,
bond->dev);
}
+
+#ifdef CONFIG_XFRM_OFFLOAD
+ netdev_update_features(bond->dev);
+#endif /* CONFIG_XFRM_OFFLOAD */
}
}
@@ -1524,6 +1528,11 @@ static netdev_features_t bond_fix_features(struct net_device *dev,
features = netdev_increment_features(features,
slave->dev->features,
mask);
+#ifdef CONFIG_XFRM_OFFLOAD
+ if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
+ slave == rtnl_dereference(bond->curr_active_slave))
+ features &= slave->dev->features & BOND_XFRM_FEATURES;
+#endif /* CONFIG_XFRM_OFFLOAD */
}
features = netdev_add_tso_features(features, mask);
--
2.39.3 (Apple Git-146)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net] Bonding: update bond device XFRM features based on current active slave
2024-09-18 8:35 [PATCH net] Bonding: update bond device XFRM features based on current active slave Hangbin Liu
@ 2024-09-18 9:40 ` Nikolay Aleksandrov
2024-09-24 13:17 ` Paolo Abeni
1 sibling, 0 replies; 5+ messages in thread
From: Nikolay Aleksandrov @ 2024-09-18 9:40 UTC (permalink / raw)
To: Hangbin Liu, netdev
Cc: Jay Vosburgh, Andy Gospodarek, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Jarod Wilson, Simon Horman,
linux-kernel
On 18/09/2024 11:35, Hangbin Liu wrote:
> XFRM offload is supported in active-backup mode. However, if the current
> active slave does not support it, we should disable it on bond device.
> Otherwise, ESP traffic may fail due to the downlink not supporting the
> feature.
>
> Reproducer:
> # ip link add bond0 type bond
> # ip link add type veth
> # ip link set bond0 type bond mode 1 miimon 100
> # ip link set veth0 master bond0
> # ethtool -k veth0 | grep esp
> tx-esp-segmentation: off [fixed]
> esp-hw-offload: off [fixed]
> esp-tx-csum-hw-offload: off [fixed]
> # ethtool -k bond0 | grep esp
> tx-esp-segmentation: on
> esp-hw-offload: on
> esp-tx-csum-hw-offload: on
>
> After fix:
> # ethtool -k bond0 | grep esp
> tx-esp-segmentation: off [requested on]
> esp-hw-offload: off [requested on]
> esp-tx-csum-hw-offload: off [requested on]
>
> Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load")
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
> ---
> drivers/net/bonding/bond_main.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index b560644ee1b1..33f7fde15c65 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -1353,6 +1353,10 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active)
> call_netdevice_notifiers(NETDEV_NOTIFY_PEERS,
> bond->dev);
> }
> +
> +#ifdef CONFIG_XFRM_OFFLOAD
> + netdev_update_features(bond->dev);
> +#endif /* CONFIG_XFRM_OFFLOAD */
> }
> }
>
> @@ -1524,6 +1528,11 @@ static netdev_features_t bond_fix_features(struct net_device *dev,
> features = netdev_increment_features(features,
> slave->dev->features,
> mask);
> +#ifdef CONFIG_XFRM_OFFLOAD
> + if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
> + slave == rtnl_dereference(bond->curr_active_slave))
> + features &= slave->dev->features & BOND_XFRM_FEATURES;
> +#endif /* CONFIG_XFRM_OFFLOAD */
> }
> features = netdev_add_tso_features(features, mask);
>
Nice catch,
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] Bonding: update bond device XFRM features based on current active slave
2024-09-18 8:35 [PATCH net] Bonding: update bond device XFRM features based on current active slave Hangbin Liu
2024-09-18 9:40 ` Nikolay Aleksandrov
@ 2024-09-24 13:17 ` Paolo Abeni
2024-09-25 6:47 ` Hangbin Liu
1 sibling, 1 reply; 5+ messages in thread
From: Paolo Abeni @ 2024-09-24 13:17 UTC (permalink / raw)
To: Hangbin Liu, netdev
Cc: Jay Vosburgh, Andy Gospodarek, David S. Miller, Eric Dumazet,
Jakub Kicinski, Jarod Wilson, Nikolay Aleksandrov, Simon Horman,
linux-kernel
On 9/18/24 10:35, Hangbin Liu wrote:
> XFRM offload is supported in active-backup mode. However, if the current
> active slave does not support it, we should disable it on bond device.
> Otherwise, ESP traffic may fail due to the downlink not supporting the
> feature.
Why would the excessive features exposed by the bond device will be a
problem? later dev_queue_xmit() on the lower device should take care of
needed xfrm offload in validate_xmit_xfrm(), no?
Let segmentation happening as late as possible is usually a win.
Cheers,
Paolo
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] Bonding: update bond device XFRM features based on current active slave
2024-09-24 13:17 ` Paolo Abeni
@ 2024-09-25 6:47 ` Hangbin Liu
2024-09-25 13:21 ` Hangbin Liu
0 siblings, 1 reply; 5+ messages in thread
From: Hangbin Liu @ 2024-09-25 6:47 UTC (permalink / raw)
To: Paolo Abeni, Steffen Klassert, Sabrina Dubroca
Cc: netdev, Jay Vosburgh, Andy Gospodarek, David S. Miller,
Eric Dumazet, Jakub Kicinski, Jarod Wilson, Nikolay Aleksandrov,
Simon Horman, linux-kernel
On Tue, Sep 24, 2024 at 03:17:25PM +0200, Paolo Abeni wrote:
>
>
> On 9/18/24 10:35, Hangbin Liu wrote:
> > XFRM offload is supported in active-backup mode. However, if the current
> > active slave does not support it, we should disable it on bond device.
> > Otherwise, ESP traffic may fail due to the downlink not supporting the
> > feature.
>
> Why would the excessive features exposed by the bond device will be a
> problem? later dev_queue_xmit() on the lower device should take care of
> needed xfrm offload in validate_xmit_xfrm(), no?
I'm not very sure. In validate_xmit_xfrm() it looks the lower dev won't
check again if the upper dev has validated.
/* This skb was already validated on the upper/virtual dev */
if ((x->xso.dev != dev) && (x->xso.real_dev == dev))
return skb;
Hi Sabrina, Steffen, if the upper dev validate failed, what would happen?
Just drop the skb or go via software path?
>
> Let segmentation happening as late as possible is usually a win.
Yes, indeed.
Thanks
Hangbin
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] Bonding: update bond device XFRM features based on current active slave
2024-09-25 6:47 ` Hangbin Liu
@ 2024-09-25 13:21 ` Hangbin Liu
0 siblings, 0 replies; 5+ messages in thread
From: Hangbin Liu @ 2024-09-25 13:21 UTC (permalink / raw)
To: Paolo Abeni, Steffen Klassert, Sabrina Dubroca
Cc: netdev, Jay Vosburgh, Andy Gospodarek, David S. Miller,
Eric Dumazet, Jakub Kicinski, Jarod Wilson, Nikolay Aleksandrov,
Simon Horman, linux-kernel
On Wed, Sep 25, 2024 at 06:47:27AM +0000, Hangbin Liu wrote:
> On Tue, Sep 24, 2024 at 03:17:25PM +0200, Paolo Abeni wrote:
> >
> >
> > On 9/18/24 10:35, Hangbin Liu wrote:
> > > XFRM offload is supported in active-backup mode. However, if the current
> > > active slave does not support it, we should disable it on bond device.
> > > Otherwise, ESP traffic may fail due to the downlink not supporting the
> > > feature.
> >
> > Why would the excessive features exposed by the bond device will be a
> > problem? later dev_queue_xmit() on the lower device should take care of
> > needed xfrm offload in validate_xmit_xfrm(), no?
>
> I'm not very sure. In validate_xmit_xfrm() it looks the lower dev won't
> check again if the upper dev has validated.
>
> /* This skb was already validated on the upper/virtual dev */
> if ((x->xso.dev != dev) && (x->xso.real_dev == dev))
> return skb;
>
> Hi Sabrina, Steffen, if the upper dev validate failed, what would happen?
> Just drop the skb or go via software path?
Hmm, I saw a similar commit 28581b9c2c94 ("bond: Disable TLS features
indication"). I will check the history and see if we can do like this.
Thanks
Hangbin
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-09-25 13:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-18 8:35 [PATCH net] Bonding: update bond device XFRM features based on current active slave Hangbin Liu
2024-09-18 9:40 ` Nikolay Aleksandrov
2024-09-24 13:17 ` Paolo Abeni
2024-09-25 6:47 ` Hangbin Liu
2024-09-25 13:21 ` Hangbin Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).