drivers/net/bonding/bond_main.c | 9 +++++++++ 1 file changed, 9 insertions(+)
XFRM offload is supported in active-backup mode. However, if the current
active slave does not support it, we should disable it on bond device.
Otherwise, ESP traffic may fail due to the downlink not supporting the
feature.
Reproducer:
# ip link add bond0 type bond
# ip link add type veth
# ip link set bond0 type bond mode 1 miimon 100
# ip link set veth0 master bond0
# ethtool -k veth0 | grep esp
tx-esp-segmentation: off [fixed]
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
# ethtool -k bond0 | grep esp
tx-esp-segmentation: on
esp-hw-offload: on
esp-tx-csum-hw-offload: on
After fix:
# ethtool -k bond0 | grep esp
tx-esp-segmentation: off [requested on]
esp-hw-offload: off [requested on]
esp-tx-csum-hw-offload: off [requested on]
Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
drivers/net/bonding/bond_main.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index b560644ee1b1..33f7fde15c65 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -1353,6 +1353,10 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active)
call_netdevice_notifiers(NETDEV_NOTIFY_PEERS,
bond->dev);
}
+
+#ifdef CONFIG_XFRM_OFFLOAD
+ netdev_update_features(bond->dev);
+#endif /* CONFIG_XFRM_OFFLOAD */
}
}
@@ -1524,6 +1528,11 @@ static netdev_features_t bond_fix_features(struct net_device *dev,
features = netdev_increment_features(features,
slave->dev->features,
mask);
+#ifdef CONFIG_XFRM_OFFLOAD
+ if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
+ slave == rtnl_dereference(bond->curr_active_slave))
+ features &= slave->dev->features & BOND_XFRM_FEATURES;
+#endif /* CONFIG_XFRM_OFFLOAD */
}
features = netdev_add_tso_features(features, mask);
--
2.39.3 (Apple Git-146)
On 9/18/24 10:35, Hangbin Liu wrote: > XFRM offload is supported in active-backup mode. However, if the current > active slave does not support it, we should disable it on bond device. > Otherwise, ESP traffic may fail due to the downlink not supporting the > feature. Why would the excessive features exposed by the bond device will be a problem? later dev_queue_xmit() on the lower device should take care of needed xfrm offload in validate_xmit_xfrm(), no? Let segmentation happening as late as possible is usually a win. Cheers, Paolo
On Tue, Sep 24, 2024 at 03:17:25PM +0200, Paolo Abeni wrote: > > > On 9/18/24 10:35, Hangbin Liu wrote: > > XFRM offload is supported in active-backup mode. However, if the current > > active slave does not support it, we should disable it on bond device. > > Otherwise, ESP traffic may fail due to the downlink not supporting the > > feature. > > Why would the excessive features exposed by the bond device will be a > problem? later dev_queue_xmit() on the lower device should take care of > needed xfrm offload in validate_xmit_xfrm(), no? I'm not very sure. In validate_xmit_xfrm() it looks the lower dev won't check again if the upper dev has validated. /* This skb was already validated on the upper/virtual dev */ if ((x->xso.dev != dev) && (x->xso.real_dev == dev)) return skb; Hi Sabrina, Steffen, if the upper dev validate failed, what would happen? Just drop the skb or go via software path? > > Let segmentation happening as late as possible is usually a win. Yes, indeed. Thanks Hangbin
On Wed, Sep 25, 2024 at 06:47:27AM +0000, Hangbin Liu wrote: > On Tue, Sep 24, 2024 at 03:17:25PM +0200, Paolo Abeni wrote: > > > > > > On 9/18/24 10:35, Hangbin Liu wrote: > > > XFRM offload is supported in active-backup mode. However, if the current > > > active slave does not support it, we should disable it on bond device. > > > Otherwise, ESP traffic may fail due to the downlink not supporting the > > > feature. > > > > Why would the excessive features exposed by the bond device will be a > > problem? later dev_queue_xmit() on the lower device should take care of > > needed xfrm offload in validate_xmit_xfrm(), no? > > I'm not very sure. In validate_xmit_xfrm() it looks the lower dev won't > check again if the upper dev has validated. > > /* This skb was already validated on the upper/virtual dev */ > if ((x->xso.dev != dev) && (x->xso.real_dev == dev)) > return skb; > > Hi Sabrina, Steffen, if the upper dev validate failed, what would happen? > Just drop the skb or go via software path? Hmm, I saw a similar commit 28581b9c2c94 ("bond: Disable TLS features indication"). I will check the history and see if we can do like this. Thanks Hangbin
On 18/09/2024 11:35, Hangbin Liu wrote: > XFRM offload is supported in active-backup mode. However, if the current > active slave does not support it, we should disable it on bond device. > Otherwise, ESP traffic may fail due to the downlink not supporting the > feature. > > Reproducer: > # ip link add bond0 type bond > # ip link add type veth > # ip link set bond0 type bond mode 1 miimon 100 > # ip link set veth0 master bond0 > # ethtool -k veth0 | grep esp > tx-esp-segmentation: off [fixed] > esp-hw-offload: off [fixed] > esp-tx-csum-hw-offload: off [fixed] > # ethtool -k bond0 | grep esp > tx-esp-segmentation: on > esp-hw-offload: on > esp-tx-csum-hw-offload: on > > After fix: > # ethtool -k bond0 | grep esp > tx-esp-segmentation: off [requested on] > esp-hw-offload: off [requested on] > esp-tx-csum-hw-offload: off [requested on] > > Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load") > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > --- > drivers/net/bonding/bond_main.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c > index b560644ee1b1..33f7fde15c65 100644 > --- a/drivers/net/bonding/bond_main.c > +++ b/drivers/net/bonding/bond_main.c > @@ -1353,6 +1353,10 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active) > call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, > bond->dev); > } > + > +#ifdef CONFIG_XFRM_OFFLOAD > + netdev_update_features(bond->dev); > +#endif /* CONFIG_XFRM_OFFLOAD */ > } > } > > @@ -1524,6 +1528,11 @@ static netdev_features_t bond_fix_features(struct net_device *dev, > features = netdev_increment_features(features, > slave->dev->features, > mask); > +#ifdef CONFIG_XFRM_OFFLOAD > + if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP && > + slave == rtnl_dereference(bond->curr_active_slave)) > + features &= slave->dev->features & BOND_XFRM_FEATURES; > +#endif /* CONFIG_XFRM_OFFLOAD */ > } > features = netdev_add_tso_features(features, mask); > Nice catch, Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
© 2016 - 2024 Red Hat, Inc.