lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 14 May 2024 11:46:26 +0100
From: Simon Horman <horms@...nel.org>
To: Bharat Bhushan <bbhushan2@...vell.com>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Sunil Kovvuri Goutham <sgoutham@...vell.com>,
	Geethasowjanya Akula <gakula@...vell.com>,
	Subbaraya Sundeep Bhatta <sbhatta@...vell.com>,
	Hariprasad Kelam <hkelam@...vell.com>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"edumazet@...gle.com" <edumazet@...gle.com>,
	"kuba@...nel.org" <kuba@...nel.org>,
	"pabeni@...hat.com" <pabeni@...hat.com>,
	Jerin Jacob <jerinj@...vell.com>,
	Linu Cherian <lcherian@...vell.com>,
	"richardcochran@...il.com" <richardcochran@...il.com>
Subject: Re: [EXTERNAL] Re: [net-next,v2 5/8] cn10k-ipsec: Add SA add/delete
 support for outb inline ipsec

On Tue, May 14, 2024 at 06:52:38AM +0000, Bharat Bhushan wrote:
> Please see inline
> 
> > -----Original Message-----
> > From: Simon Horman <horms@...nel.org>

..

> > > +static const struct xfrmdev_ops cn10k_ipsec_xfrmdev_ops = {
> > > +	.xdo_dev_state_add	= cn10k_ipsec_add_state,
> > > +	.xdo_dev_state_delete	= cn10k_ipsec_del_state,
> > > +};
> > > +
> > 
> > cn10k_ipsec_xfrmdev_ops is unused.
> > Perhaps it, along with it's callbacks,
> > should be added by the function that uses it?
> 
> I wanted to enable ipsec offload in last patch of the series 
> ("[net-next,v2 8/8] cn10k-ipsec: Enable outbound inline ipsec offload")

I appreciate the patchset being split up like this.

> Is it okay to set xfrmdev_ops in this patch without setting NETIF_F_HW_ESP (below two lines of last patch)
> +	/* Set xfrm device ops */
> +	netdev->xfrmdev_ops = &cn10k_ipsec_xfrmdev_ops;
> 
> Last patch will set below flags.
> +	netdev->hw_features |= NETIF_F_HW_ESP;
> +	netdev->hw_enc_features |= NETIF_F_HW_ESP;
> +

IMHO, yes, something like that would be fine, as long as it leads to a
working system (with a feature not enabled).  Perhaps it would be good to
include a comment in the code about this to make it clear what is going on.

..

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ