Re: [net-next PATCH v9 6/8] cn10k-ipsec: Process outbound ipsec crypto offload

From: Paolo Abeni
Date: Tue Nov 12 2024 - 09:35:54 EST

Next message: Petr Pavlu: "Re: [RFC PATCH 2/3] module: Don't fail module loading when setting ro_after_init section RO failed"
Previous message: Bartosz Golaszewski: "Re: (subset) [PATCH v5 0/4] gpio: rockchip: Update the GPIO driver"
In reply to: Bharat Bhushan: "[net-next PATCH v9 6/8] cn10k-ipsec: Process outbound ipsec crypto offload"
Next in thread: Bharat Bhushan: "Re: [net-next PATCH v9 6/8] cn10k-ipsec: Process outbound ipsec crypto offload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> @@ -32,6 +33,16 @@ static bool otx2_xdp_rcv_pkt_handler(struct otx2_nic *pfvf,
> struct otx2_cq_queue *cq,
> bool *need_xdp_flush);
>
> +static void otx2_sq_set_sqe_base(struct otx2_snd_queue *sq,
> + struct sk_buff *skb)
> +{
> + if (unlikely(xfrm_offload(skb)))
> + sq->sqe_base = sq->sqe_ring->base + sq->sqe_size +
> + (sq->head * (sq->sqe_size * 2));

Not blocking, but I don't think the unlikely() is appropriate here and
below. Some workloads will definitely see more ipsec encrypted packets
than unencrypted ones.

Perhaps you could protect such checks with a static_branch enabled when
at least a SA is configured.

/P

Next message: Petr Pavlu: "Re: [RFC PATCH 2/3] module: Don't fail module loading when setting ro_after_init section RO failed"
Previous message: Bartosz Golaszewski: "Re: (subset) [PATCH v5 0/4] gpio: rockchip: Update the GPIO driver"
In reply to: Bharat Bhushan: "[net-next PATCH v9 6/8] cn10k-ipsec: Process outbound ipsec crypto offload"
Next in thread: Bharat Bhushan: "Re: [net-next PATCH v9 6/8] cn10k-ipsec: Process outbound ipsec crypto offload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]