[Intel-wired-lan] [net-queue PATCH] ixgbe: check that ipsec is available on the chip
Shannon Nelson
shannon.nelson at oracle.com
Tue Jun 5 17:20:42 UTC 2018
On 6/5/2018 9:55 AM, Alexander Duyck wrote:
> On Tue, Jun 5, 2018 at 9:22 AM, Shannon Nelson
> <shannon.nelson at oracle.com> wrote:
>> On 6/5/2018 5:10 AM, zhuyj wrote:
>>>
>>> In the mainline kernel source code, it seems that the above does not
>>> exist. Do you use the latest ixgbe source code from e1000 maillist?
>>> And can we use "ethtool -K" to enable/disable ipsec offload?
>>
>>
>> I believe it is in Linux v4.15 and later. Be sure to enable
>> CONFIG_INET_ESP_OFFLOAD and CONFIG_INET6_ESP_OFFLOAD to enable all the IPsec
>> offload features.
>>
>> Since the output shows "[fixed]", the user is not able to change it on the
>> fly.
>>
>> sln
>
> I'm pretty sure the "[fixed]" was due to a bug. Specifically we were
> setting the bits in hw_enc_features instead of hw_features. I fixed
> that in the patch set I submitted yesterday.
No, that wasn't a bug, that was intended: turning the offload on and off
willy-nilly will only serve to confuse the XFRM/IPsec offloads. If you
don't want to use an offload, don't create and IPsec SA with the
'offload' tag.
sln
>
> - Alex
>
More information about the Intel-wired-lan
mailing list