Re: [EXTERNAL] Re: [net-next,v2 5/8] cn10k-ipsec: Add SA add/delete support for outb inline ipsec

[Simon Horman]

On Tue, May 14, 2024 at 06:52:38AM +0000, Bharat Bhushan wrote:
> Please see inline
> 
> > -----Original Message-----
> > From: Simon Horman <horms@xxxxxxxxxx>

..

> > > +static const struct xfrmdev_ops cn10k_ipsec_xfrmdev_ops = {
> > > +	.xdo_dev_state_add	= cn10k_ipsec_add_state,
> > > +	.xdo_dev_state_delete	= cn10k_ipsec_del_state,
> > > +};
> > > +
> > 
> > cn10k_ipsec_xfrmdev_ops is unused.
> > Perhaps it, along with it's callbacks,
> > should be added by the function that uses it?
> 
> I wanted to enable ipsec offload in last patch of the series 
> ("[net-next,v2 8/8] cn10k-ipsec: Enable outbound inline ipsec offload")

I appreciate the patchset being split up like this.

> Is it okay to set xfrmdev_ops in this patch without setting NETIF_F_HW_ESP (below two lines of last patch)
> +	/* Set xfrm device ops */
> +	netdev->xfrmdev_ops = &cn10k_ipsec_xfrmdev_ops;
> 
> Last patch will set below flags.
> +	netdev->hw_features |= NETIF_F_HW_ESP;
> +	netdev->hw_enc_features |= NETIF_F_HW_ESP;
> +

IMHO, yes, something like that would be fine, as long as it leads to a
working system (with a feature not enabled).  Perhaps it would be good to
include a comment in the code about this to make it clear what is going on.

..