lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 23 Sep 2016 09:53:37 +0200
From:   Steffen Klassert <steffen.klassert@...unet.com>
To:     <netdev@...r.kernel.org>
CC:     Steffen Klassert <steffen.klassert@...unet.com>,
        Sowmini Varadhan <sowmini.varadhan@...cle.com>,
        Ilan Tayari <ilant@...lanox.com>,
        "Boris Pismenny" <borisp@...lanox.com>,
        Ariel Levkovich <lariel@...lanox.com>,
        "Hay, Joshua A" <joshua.a.hay@...el.com>
Subject: [PATCH RFC] IPsec performance optimizations

This patchset adds several performance optimizations for the ESP IPsec
protocol. This RFC version is intended to be a discussion base for the
IPsec workshop at the netdev 1.2 conference.

The patchset has two parts, patches 1 - 4 are software optimizations.
These patches are complete and could go upstream after some review.

Patch 5 - 11 are needed to create an API for ESP offload to network
devices. Mellanox prepares the mlx5 driver for the use of the created
API, see 

https://git.kernel.org/cgit/linux/kernel/git/klassert/linux-stk.git/?h=net-next-ipsec-offload-api3

This part is still under development, changes are very likely before
it can go upstream.

Patch 1 and 2 try to avoid the linearization of ESP packets whenever
possible.

Patch 3 prepares the generic networking codepath for IPsec GRO.

Patch 4 implements software GRO a codepath for ESP on ipv4 and ipv6.

Patch 5 extends the skbuff gso_type to unsigned int. We need a GSO
flag for ESP, but all available gso_type flags are currently in use.

Patch 6 adds the needed netdev features to configure IPsec offloads.

Patch 7 adds gso handlers for esp4 and esp6, currently only used
in combination with ESP hardware offload.

Patch 8 - 9 prepares for IPsec hardware offloading.

Patch 10 implements an IPsec hardware offloading API.

Patch 11 allows for TSO and checksum offloading of the inner IPsec packet.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ