| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Dec 2017 09:03:25 -0800
From: Alexander Duyck <alexander.duyck@...il.com>
To: Shannon Nelson <shannon.nelson@...cle.com>
Cc: intel-wired-lan <intel-wired-lan@...ts.osuosl.org>,
Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
Steffen Klassert <steffen.klassert@...unet.com>,
Sowmini Varadhan <sowmini.varadhan@...cle.com>,
Netdev <netdev@...r.kernel.org>
Subject: Re: [Intel-wired-lan] [next-queue 04/10] ixgbe: add ipsec data structures
On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson
<shannon.nelson@...cle.com> wrote:
> Set up the data structures to be used by the ipsec offload.
>
> Signed-off-by: Shannon Nelson <shannon.nelson@...cle.com>
> ---
> drivers/net/ethernet/intel/ixgbe/ixgbe.h | 5 ++++
> drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h | 40 ++++++++++++++++++++++++++
> 2 files changed, 45 insertions(+)
>
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> index 1e11462..9487750 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> @@ -622,6 +622,7 @@ struct ixgbe_adapter {
> #define IXGBE_FLAG2_EEE_CAPABLE BIT(14)
> #define IXGBE_FLAG2_EEE_ENABLED BIT(15)
> #define IXGBE_FLAG2_RX_LEGACY BIT(16)
> +#define IXGBE_FLAG2_IPSEC_ENABLED BIT(17)
>
> /* Tx fast path data */
> int num_tx_queues;
> @@ -772,6 +773,10 @@ struct ixgbe_adapter {
>
> #define IXGBE_RSS_KEY_SIZE 40 /* size of RSS Hash Key in bytes */
> u32 *rss_key;
> +
> +#ifdef CONFIG_XFRM
> + struct ixgbe_ipsec *ipsec;
> +#endif /* CONFIG_XFRM */
> };
>
> static inline u8 ixgbe_max_rss_indices(struct ixgbe_adapter *adapter)
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
> index 017b13f..cb9a4be 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
> @@ -47,4 +47,44 @@
> #define IXGBE_RXMOD_DECRYPT 0x00000008
> #define IXGBE_RXMOD_IPV6 0x00000010
>
> +struct rx_sa {
> + struct hlist_node hlist;
> + struct xfrm_state *xs;
> + u32 ipaddr[4];
ipaddr should be stored as a __be32, not a u32.
> + u32 key[4];
> + u32 salt;
> + u32 mode;
> + u8 iptbl_ind;
> + bool used;
> + bool decrypt;
> +};
> +
> +struct rx_ip_sa {
> + u32 ipaddr[4];
Same thing here.
> + u32 ref_cnt;
> + bool used;
> +};
> +
> +struct tx_sa {
> + struct xfrm_state *xs;
> + u32 key[4];
> + u32 salt;
> + bool encrypt;
> + bool used;
> +};
> +
> +struct ixgbe_ipsec_tx_data {
> + u32 flags;
> + u16 trailer_len;
> + u16 sa_idx;
> +};
> +
> +struct ixgbe_ipsec {
> + u16 num_rx_sa;
> + u16 num_tx_sa;
> + struct rx_ip_sa *ip_tbl;
> + struct rx_sa *rx_tbl;
> + struct tx_sa *tx_tbl;
> + DECLARE_HASHTABLE(rx_sa_list, 8);
The hash table seems a bit on the small side. You might look at
increasing this to something like 32 in order to try and cut down on
the load in each bucket since the upper limit is 1K or so isn't it?
> +};
> #endif /* _IXGBE_IPSEC_H_ */
> --
> 2.7.4
>
> _______________________________________________
> Intel-wired-lan mailing list
> Intel-wired-lan@...osl.org
> https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
Powered by blists - more mailing lists