On Fri, Jun 19, 2020 at 6:26 AM Jeff Kirsher <jeffrey.t.kirs...@intel.com> wrote: > > On Wed, Jun 10, 2020 at 1:18 PM Jarod Wilson <ja...@redhat.com> wrote: > > > > This is an initial functional implementation for doing pass-through of > > hardware encryption from bonding device to capable slaves, in active-backup > > bond setups. This was developed and tested using ixgbe-driven Intel x520 > > interfaces with libreswan and a transport mode connection, primarily using > > netperf, with assorted connection failures forced during transmission. The > > failover works quite well in my testing, and overall performance is right > > on par with offload when running on a bare interface, no bond involved. > > > > Caveats: this is ONLY enabled for active-backup, because I'm not sure > > how one would manage multiple offload handles for different devices all > > running at the same time in the same xfrm, and it relies on some minor > > changes to both the xfrm code and slave device driver code to get things > > to behave, and I don't have immediate access to any other hardware that > > could function similarly, but the NIC driver changes are minimal and > > straight-forward enough that I've included what I think ought to be > > enough for mlx5 devices too. > > > > v2: reordered patches, switched (back) to using CONFIG_XFRM_OFFLOAD > > to wrap the code additions and wrapped overlooked additions. > > > > Jarod Wilson (4): > > xfrm: bail early on slave pass over skb > > ixgbe_ipsec: become aware of when running as a bonding slave > > mlx5: become aware of when running as a bonding slave > > bonding: support hardware encryption offload to slaves ... > Was this ever sent to netdev (the more appropriate ML)?
I believe so, but I'd neglected to notice net-next was closed at the time, so I was holding on to it to resubmit once net-next is opened back up. -- Jarod Wilson ja...@redhat.com