2025-09-08, 04:15:38 +0000, Hangbin Liu wrote:
On Sat, Sep 06, 2025 at 11:30:58PM +0200, Sabrina Dubroca wrote:
+check_xfrm() +{
- local dev=$1
- local src=192.0.2.1
- local dst=192.0.2.2
- local key="0x3132333435363738393031323334353664636261"
- RET=0
- ip -n "$ns" xfrm state flush
- ip -n "$ns" xfrm state add proto esp src "$src" dst "$dst" spi 9 \
mode transport reqid 42 aead "rfc4106(gcm(aes))" "$key" 128 \sel src "$src"/24 dst "$dst"/24 offload dev "$dev" dir outIt's maybe not something you would expect, but this codepath will not check that NETIF_F_HW_ESP is set on $dev (you can verify that by running "ip xfrm state add ... offload ..." on the same bond+netdevsim combination before/after toggling esp-hw-offload on/off for the bond). Why not use __check_offload again for this feature?
The esp-hw-offload is fixed on netdevsim
# ethtool -k eni0np1 | grep -i esp-hw-offload esp-hw-offload: on [fixed]
There is no way to disable it.
I don't think this is intentional. nsim_ipsec_init only adds NSIM_ESP_FEATURES to ->features but not to ->hw_features, but I think it was just forgotten. I added a few in 494bd83bb519 ("netdevsim: add more hw_features"), extending nsim_ipsec_init (and nsim_macsec_init since I made the same mistake) to also add features to ->hw_features would make sense to me.
After we add the netdevsim to bond, the bond also shows "esp-hw-offload off" as the flag is inherit in dev->hw_enc_features, not dev->features.
Did you mean dev->hw_features?
It looks the only way to check if bond dev->hw_enc_features has NETIF_F_HW_ESP is try set xfrm offload. As
Was this test meant to check hw_enc_features?
To check hw_enc_features, I think the only way would be sending GSO packets, since it's only used in those situations.
static int xfrm_api_check(struct net_device *dev) {
But this doesn't get called when creating a new xfrm state. Trying to create a new offloaded xfrm state doesn't look at any of the netdev->*features (and we can't change that behavior anymore).
xfrm_api_check only gets called for NETDEV_REGISTER/NETDEV_FEAT_CHANGE to validate whether the netdevice is set up correctly.
#ifdef CONFIG_XFRM_OFFLOAD if ((dev->features & NETIF_F_HW_ESP_TX_CSUM) && !(dev->features & NETIF_F_HW_ESP)) return NOTIFY_BAD;
if ((dev->features & NETIF_F_HW_ESP) && (!(dev->xfrmdev_ops && dev->xfrmdev_ops->xdo_dev_state_add && dev->xfrmdev_ops->xdo_dev_state_delete))) return NOTIFY_BAD;Please correct me if I made any mistake.
Thanks Hangbin