On 11/11/2020 1:44 AM, Jakub Kicinski wrote:
On Sun, 8 Nov 2020 16:43:09 +0200 Tariq Toukan wrote:
@@ -528,3 +528,7 @@ Drivers should ignore the changes to TLS the device feature
flags.
These flags will be acted upon accordingly by the core ``ktls`` code.
TLS device feature flags only control adding of new TLS connection
offloads, old connections will remain active after flags are cleared.
+
+The TLS encryption cannot be offloaded to device if checksum calculation
+is not, hence the TLS TX device feature flag is cleared when HW_CSUM is
+disabled.
This makes it sound like the driver will fall back to software crypto
if L4 csum offload gets disabled, is this your intention?
Seems at odds with the paragraph above it.
Actually, TLS feature bit acts on new connections, while CSUM feature
bit acts immediately, so for old connections we still have a gap.
I think of adding logic in netif_skb_features or tls_validate_xmit_skb,
but it's not trivial.
I'll resubmit when i figure out a clean way that covers all cases and is
consistent with TLS feature bit behavior.
Regards,
Tariq
diff --git a/net/core/dev.c b/net/core/dev.c
index 9499a414d67e..26c9b059cade 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -9584,6 +9584,11 @@ static netdev_features_t netdev_fix_features(struct
net_device *dev,
}
}
+ if ((features & NETIF_F_HW_TLS_TX) && !(features & NETIF_F_HW_CSUM)) {
+ netdev_dbg(dev, "Dropping TLS TX HW offload feature since no CSUM
feature.\n");
+ features &= ~NETIF_F_HW_TLS_TX;
+ }
+
return features;
}
