On Sat, Sep 06, 2025 at 11:30:58PM +0200, Sabrina Dubroca wrote:
+check_xfrm() +{
- local dev=$1
- local src=192.0.2.1
- local dst=192.0.2.2
- local key="0x3132333435363738393031323334353664636261"
- RET=0
- ip -n "$ns" xfrm state flush
- ip -n "$ns" xfrm state add proto esp src "$src" dst "$dst" spi 9 \
mode transport reqid 42 aead "rfc4106(gcm(aes))" "$key" 128 \sel src "$src"/24 dst "$dst"/24 offload dev "$dev" dir outIt's maybe not something you would expect, but this codepath will not check that NETIF_F_HW_ESP is set on $dev (you can verify that by running "ip xfrm state add ... offload ..." on the same bond+netdevsim combination before/after toggling esp-hw-offload on/off for the bond). Why not use __check_offload again for this feature?
The esp-hw-offload is fixed on netdevsim
# ethtool -k eni0np1 | grep -i esp-hw-offload esp-hw-offload: on [fixed]
There is no way to disable it. After we add the netdevsim to bond, the bond also shows "esp-hw-offload off" as the flag is inherit in dev->hw_enc_features, not dev->features.
It looks the only way to check if bond dev->hw_enc_features has NETIF_F_HW_ESP is try set xfrm offload. As
static int xfrm_api_check(struct net_device *dev) { #ifdef CONFIG_XFRM_OFFLOAD if ((dev->features & NETIF_F_HW_ESP_TX_CSUM) && !(dev->features & NETIF_F_HW_ESP)) return NOTIFY_BAD;
if ((dev->features & NETIF_F_HW_ESP) && (!(dev->xfrmdev_ops && dev->xfrmdev_ops->xdo_dev_state_add && dev->xfrmdev_ops->xdo_dev_state_delete))) return NOTIFY_BAD;
Please correct me if I made any mistake.
Thanks Hangbin