lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 9 Nov 2022 06:51:25 +0000
From:   Yinjun Zhang <yinjun.zhang@...igine.com>
To:     Leon Romanovsky <leon@...nel.org>
CC:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Chengtian Liu <chengtian.liu@...igine.com>,
        HuanHuan Wang <huanhuan.wang@...igine.com>,
        Louis Peens <louis.peens@...igine.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        oss-drivers <oss-drivers@...igine.com>,
        Simon Horman <simon.horman@...igine.com>
Subject: RE: [PATCH net-next v3 3/3] nfp: implement xfrm callbacks and expose
 ipsec offload feature to upper layer

On Tue, 8 Nov 2022 20:42:59 +0200, Leon Romanovsky wrote:
> On Tue, Nov 08, 2022 at 01:28:20AM +0000, Yinjun Zhang wrote:
> > On Mon, 7 Nov 2022 14:40:53 +0200, Leon Romanovsky wrote:
> > > On Mon, Nov 07, 2022 at 09:46:46AM +0000, Yinjun Zhang wrote:
> > > > On Mon, 7 Nov 2022 08:14:12 +0200, Leon Romanovsky wrote:
> > > > <...>
> > > > > > +
> > > > > > +	/* General */
> > > > > > +	switch (x->props.mode) {
> > > > > > +	case XFRM_MODE_TUNNEL:
> > > > > > +		cfg->ctrl_word.mode = NFP_IPSEC_PROTMODE_TUNNEL;
> > > > > > +		break;
> > > > > > +	case XFRM_MODE_TRANSPORT:
> > > > > > +		cfg->ctrl_word.mode = NFP_IPSEC_PROTMODE_TRANSPORT;
> > > > > > +		break;
> > > > >
> > > > > Why is it important for IPsec crypto? The HW logic must be the same for
> > > > > all modes. There are no differences between transport and tunnel.
> > > >
> > > > As I mentioned above, it's differentiated in HW to support more features.
> > >
> > > You are adding crypto offload, so please don't try to sneak "more" features.
> > >
> >
> > No sneaking, just have to conform to the design of HW, so that things are not
> > messed up.
> 
> So what is the answer to my question above "Why is it important for IPsec crypto?"?

It indeed doesn't affect the functionality with crypto-only while no protocol involved,
just some statistics is related since different modes go into different paths in HW. 

> 
> Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ