On Sat, Sep 06, 2025 at 11:30:58PM +0200, Sabrina Dubroca wrote:
> > +check_xfrm()
> > +{
> > + local dev=$1
> > + local src=192.0.2.1
> > + local dst=192.0.2.2
> > + local key="0x3132333435363738393031323334353664636261"
> > +
> > + RET=0
> > +
> > + ip -n "$ns" xfrm state flush
> > + ip -n "$ns" xfrm state add proto esp src "$src" dst "$dst" spi 9 \
> > + mode transport reqid 42 aead "rfc4106(gcm(aes))" "$key" 128 \
> > + sel src "$src"/24 dst "$dst"/24 offload dev "$dev" dir out
>
> It's maybe not something you would expect, but this codepath will not
> check that NETIF_F_HW_ESP is set on $dev (you can verify that by
> running "ip xfrm state add ... offload ..." on the same bond+netdevsim
> combination before/after toggling esp-hw-offload on/off for the
> bond). Why not use __check_offload again for this feature?
The esp-hw-offload is fixed on netdevsim
# ethtool -k eni0np1 | grep -i esp-hw-offload
esp-hw-offload: on [fixed]
There is no way to disable it. After we add the netdevsim to bond,
the bond also shows "esp-hw-offload off" as the flag is inherit
in dev->hw_enc_features, not dev->features.
It looks the only way to check if bond dev->hw_enc_features has NETIF_F_HW_ESP
is try set xfrm offload. As
static int xfrm_api_check(struct net_device *dev)
{
#ifdef CONFIG_XFRM_OFFLOAD
if ((dev->features & NETIF_F_HW_ESP_TX_CSUM) &&
!(dev->features & NETIF_F_HW_ESP))
return NOTIFY_BAD;
if ((dev->features & NETIF_F_HW_ESP) &&
(!(dev->xfrmdev_ops &&
dev->xfrmdev_ops->xdo_dev_state_add &&
dev->xfrmdev_ops->xdo_dev_state_delete)))
return NOTIFY_BAD;
Please correct me if I made any mistake.
Thanks
Hangbin
