lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210614143349.74866-1-huyn@nvidia.com>
Date:   Mon, 14 Jun 2021 17:33:46 +0300
From:   Huy Nguyen <huyn@...dia.com>
To:     <netdev@...r.kernel.org>
CC:     <steffen.klassert@...unet.com>, <saeedm@...dia.com>,
        <borisp@...dia.com>, <raeds@...dia.com>, <danielj@...dia.com>,
        <yossiku@...dia.com>, <kuba@...nel.org>, <huyn@...dia.com>
Subject: [PATCH net-next v5 0/3] Fix IPsec crypto offloads with vxlan tunnel

v4 -> v5:
  - Fix double initialization of xo in xfrm_get_inner_ipproto

v3 -> v4:
 - Check explicitly for skb->ecapsulation before calling xfrm_get_inner_ipproto.
 - Move patche set to net-next

v2 -> v3:
  - Fix bug in patch 003 when checking for xo null pointer in mlx5e_ipsec_feature_check
  - Fix bug of accidentally commenting out memset in patch 003

v1 -> v2:
  - Move inner_ipproto into xfrm_offload structure.
  - Fix static code analysis errors.
  - skip checking for skb->encapsulation to be more flexible for vendor

This small series fixes ipsec TX offloads with vxlan overlay on top of
the offloaded ipsec packet, the driver (mlx5) was lacking such information
and the skb->encapsulation bit wasn't enough as indication to reach the
vxlan inner headers, as a solution we mark the tunnel in the offloaded
context of ipsec.

Huy Nguyen (3):
  net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet
  net/xfrm: Add inner_ipproto into sec_path
  net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload

 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c  | 65 ++++++++++++++-----
 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h  | 37 ++++++++---
 .../net/ethernet/mellanox/mlx5/core/en_main.c |  8 ++-
 include/net/xfrm.h                            |  1 +
 net/xfrm/xfrm_output.c                        | 41 +++++++++++-
 5 files changed, 124 insertions(+), 28 deletions(-)

-- 
2.24.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ