lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250220213959.504304-1-tariqt@nvidia.com>
Date: Thu, 20 Feb 2025 23:39:50 +0200
From: Tariq Toukan <tariqt@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>, "Andrew
 Lunn" <andrew+netdev@...n.ch>
CC: Gal Pressman <gal@...dia.com>, Mark Bloch <mbloch@...dia.com>, "Saeed
 Mahameed" <saeedm@...dia.com>, Leon Romanovsky <leon@...nel.org>, Tariq
 Toukan <tariqt@...dia.com>, <netdev@...r.kernel.org>,
	<linux-rdma@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Jianbo Liu
	<jianbol@...dia.com>
Subject: [PATCH net-next 0/8] net/mlx5e: Move IPSec policy check after decryption

Hi,

This series by Jianbo adds IPsec policy check after decryption.

In current mlx5 driver, the policy check is done before decryption for
IPSec crypto and packet offload. This series changes that order to
make it consistent with the processing in kernel xfrm. Besides, RX
state with UPSPEC selector is supported correctly after new steering
table is added after decryption and before the policy check.

Regards,
Tariq

Jianbo Liu (8):
  net/mlx5e: Add helper function to update IPSec default destination
  net/mlx5e: Change the destination of IPSec RX SA miss rule
  net/mlx5e: Add correct match to check IPSec syndromes for switchdev
    mode
  net/mlx5e: Move IPSec policy check after decryption
  net/mlx5e: Skip IPSec RX policy check for crypto offload
  net/mlx5e: Add num_reserved_entries param for ipsec_ft_create()
  net/mlx5e: Add pass flow group for IPSec RX status table
  net/mlx5e: Support RX xfrm state selector's UPSPEC for packet offload

 .../net/ethernet/mellanox/mlx5/core/en/fs.h   |   4 +-
 .../mellanox/mlx5/core/en_accel/ipsec.h       |   5 +
 .../mellanox/mlx5/core/en_accel/ipsec_fs.c    | 620 +++++++++++++++---
 .../mellanox/mlx5/core/en_accel/ipsec_stats.c |   1 +
 .../mellanox/mlx5/core/esw/ipsec_fs.c         |  15 +-
 .../mellanox/mlx5/core/esw/ipsec_fs.h         |   5 +
 include/linux/mlx5/eswitch.h                  |   2 +
 7 files changed, 558 insertions(+), 94 deletions(-)


base-commit: 5d6ba5ab8582aa35c1ee98e47af28e6f6772596c
-- 
2.45.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ