Re: [net-next PATCH v9 6/8] cn10k-ipsec: Process outbound ipsec crypto offload

From: Bharat Bhushan
Date: Fri Nov 15 2024 - 05:16:59 EST


On Tue, Nov 12, 2024 at 6:20 PM Paolo Abeni <pabeni@xxxxxxxxxx> wrote:
>
> > @@ -32,6 +33,16 @@ static bool otx2_xdp_rcv_pkt_handler(struct otx2_nic *pfvf,
> > struct otx2_cq_queue *cq,
> > bool *need_xdp_flush);
> >
> > +static void otx2_sq_set_sqe_base(struct otx2_snd_queue *sq,
> > + struct sk_buff *skb)
> > +{
> > + if (unlikely(xfrm_offload(skb)))
> > + sq->sqe_base = sq->sqe_ring->base + sq->sqe_size +
> > + (sq->head * (sq->sqe_size * 2));
>
> Not blocking, but I don't think the unlikely() is appropriate here and
> below. Some workloads will definitely see more ipsec encrypted packets
> than unencrypted ones.

Idea is to give priority to plane packets, so added unlikely.

>
> Perhaps you could protect such checks with a static_branch enabled when
> at least a SA is configured.

This is a good idea, will add static_branch when at least a SA is configured.

Thanks
-Bharat

>
> /P
>
>