| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aL5YamjbZB5gsL30@fedora>
Date: Mon, 8 Sep 2025 04:15:38 +0000
From: Hangbin Liu <liuhangbin@...il.com>
To: Sabrina Dubroca <sd@...asysnail.net>
Cc: netdev@...r.kernel.org, Jay Vosburgh <jv@...sburgh.net>,
Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Jiri Pirko <jiri@...nulli.us>, Simon Horman <horms@...nel.org>,
Ido Schimmel <idosch@...dia.com>, Shuah Khan <shuah@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>,
Kuniyuki Iwashima <kuniyu@...gle.com>,
Ahmed Zaki <ahmed.zaki@...el.com>,
Alexander Lobakin <aleksander.lobakin@...el.com>,
bridge@...ts.linux.dev, linux-kselftest@...r.kernel.org
Subject: Re: [PATCHv2 net-next 5/5] selftests/net: add offload checking test
for virtual interface
On Sat, Sep 06, 2025 at 11:30:58PM +0200, Sabrina Dubroca wrote:
> > +check_xfrm()
> > +{
> > + local dev=$1
> > + local src=192.0.2.1
> > + local dst=192.0.2.2
> > + local key="0x3132333435363738393031323334353664636261"
> > +
> > + RET=0
> > +
> > + ip -n "$ns" xfrm state flush
> > + ip -n "$ns" xfrm state add proto esp src "$src" dst "$dst" spi 9 \
> > + mode transport reqid 42 aead "rfc4106(gcm(aes))" "$key" 128 \
> > + sel src "$src"/24 dst "$dst"/24 offload dev "$dev" dir out
>
> It's maybe not something you would expect, but this codepath will not
> check that NETIF_F_HW_ESP is set on $dev (you can verify that by
> running "ip xfrm state add ... offload ..." on the same bond+netdevsim
> combination before/after toggling esp-hw-offload on/off for the
> bond). Why not use __check_offload again for this feature?
The esp-hw-offload is fixed on netdevsim
# ethtool -k eni0np1 | grep -i esp-hw-offload
esp-hw-offload: on [fixed]
There is no way to disable it. After we add the netdevsim to bond,
the bond also shows "esp-hw-offload off" as the flag is inherit
in dev->hw_enc_features, not dev->features.
It looks the only way to check if bond dev->hw_enc_features has NETIF_F_HW_ESP
is try set xfrm offload. As
static int xfrm_api_check(struct net_device *dev)
{
#ifdef CONFIG_XFRM_OFFLOAD
if ((dev->features & NETIF_F_HW_ESP_TX_CSUM) &&
!(dev->features & NETIF_F_HW_ESP))
return NOTIFY_BAD;
if ((dev->features & NETIF_F_HW_ESP) &&
(!(dev->xfrmdev_ops &&
dev->xfrmdev_ops->xdo_dev_state_add &&
dev->xfrmdev_ops->xdo_dev_state_delete)))
return NOTIFY_BAD;
Please correct me if I made any mistake.
Thanks
Hangbin
Powered by blists - more mailing lists