| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20221209093310.4018731-1-steffen.klassert@secunet.com>
Date: Fri, 9 Dec 2022 10:33:10 +0100
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>,
Steffen Klassert <steffen.klassert@...unet.com>,
<netdev@...r.kernel.org>
Subject: pull request (net-next): ipsec-next 2022-12-09
1) Add xfrm packet offload core API.
From Leon Romanovsky.
2) Add xfrm packet offload support for mlx5.
From Leon Romanovsky and Raed Salem.
3) Fix a typto in a error message.
From Colin Ian King.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 65e6af6cebefbf7d8d8ac52b71cd251c2071ad00:
net: ethernet: mtk_wed: fix sleep while atomic in mtk_wed_wo_queue_refill (2022-12-02 21:23:02 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git tags/ipsec-next-2022-12-09
for you to fetch changes up to abe2343d37c2b4361547d5d31e17340ff9ec7356:
xfrm: Fix spelling mistake "oflload" -> "offload" (2022-12-09 09:09:40 +0100)
----------------------------------------------------------------
ipsec-next-2022-12-09
----------------------------------------------------------------
Colin Ian King (1):
xfrm: Fix spelling mistake "oflload" -> "offload"
Leon Romanovsky (36):
xfrm: add new packet offload flag
xfrm: allow state packet offload mode
xfrm: add an interface to offload policy
xfrm: add TX datapath support for IPsec packet offload mode
xfrm: add RX datapath protection for IPsec packet offload mode
xfrm: speed-up lookup of HW policies
xfrm: add support to HW update soft and hard limits
xfrm: document IPsec packet offload mode
net/mlx5: Return ready to use ASO WQE
net/mlx5: Add HW definitions for IPsec packet offload
net/mlx5e: Advertise IPsec packet offload support
net/mlx5e: Store replay window in XFRM attributes
net/mlx5e: Remove extra layers of defines
net/mlx5e: Create symmetric IPsec RX and TX flow steering structs
net/mlx5e: Use mlx5 print routines for low level IPsec code
net/mlx5e: Remove accesses to priv for low level IPsec FS code
net/mlx5e: Create Advanced Steering Operation object for IPsec
net/mlx5e: Create hardware IPsec packet offload objects
net/mlx5e: Move IPsec flow table creation to separate function
net/mlx5e: Refactor FTE setup code to be more clear
net/mlx5e: Flatten the IPsec RX add rule path
net/mlx5e: Make clear what IPsec rx_err does
net/mlx5e: Group IPsec miss handles into separate struct
net/mlx5e: Generalize creation of default IPsec miss group and rule
net/mlx5e: Create IPsec policy offload tables
net/mlx5e: Add XFRM policy offload logic
net/mlx5e: Use same coding pattern for Rx and Tx flows
net/mlx5e: Configure IPsec packet offload flow steering
net/mlx5e: Improve IPsec flow steering autogroup
net/mlx5e: Skip IPsec encryption for TX path without matching policy
net/mlx5e: Provide intermediate pointer to access IPsec struct
net/mlx5e: Store all XFRM SAs in Xarray
net/mlx5e: Update IPsec soft and hard limits
net/mlx5e: Handle hardware IPsec limits events
net/mlx5e: Handle ESN update events
net/mlx5e: Open mlx5 driver to accept IPsec packet offload
Raed Salem (1):
net/mlx5e: Add statistics for Rx/Tx IPsec offloaded flows
Steffen Klassert (3):
Merge branch 'Extend XFRM core to allow packet offload configuration'
Merge branch 'mlx5 IPsec packet offload support (Part I)'
Merge branch 'mlx5 IPsec packet offload support (Part II)'
Documentation/networking/xfrm_device.rst | 62 +-
.../chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 4 +
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 5 +
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 5 +
drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 +
drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 3 +-
.../net/ethernet/mellanox/mlx5/core/en/tc/meter.c | 1 -
.../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 356 +++++--
.../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 132 ++-
.../mellanox/mlx5/core/en_accel/ipsec_fs.c | 1069 ++++++++++++++------
.../mellanox/mlx5/core/en_accel/ipsec_offload.c | 303 +++++-
.../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 22 +-
.../mellanox/mlx5/core/en_accel/ipsec_stats.c | 52 +
drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 1 +
drivers/net/ethernet/mellanox/mlx5/core/en_stats.h | 1 +
drivers/net/ethernet/mellanox/mlx5/core/eq.c | 5 +
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 6 +-
drivers/net/ethernet/mellanox/mlx5/core/lib/aso.c | 7 +-
drivers/net/ethernet/mellanox/mlx5/core/lib/aso.h | 4 +-
drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 5 +
drivers/net/netdevsim/ipsec.c | 5 +
include/linux/mlx5/mlx5_ifc.h | 53 +-
include/linux/netdevice.h | 4 +
include/net/xfrm.h | 124 ++-
include/uapi/linux/xfrm.h | 6 +
net/xfrm/xfrm_device.c | 109 +-
net/xfrm/xfrm_output.c | 12 +-
net/xfrm/xfrm_policy.c | 85 +-
net/xfrm/xfrm_state.c | 191 +++-
net/xfrm/xfrm_user.c | 20 +
30 files changed, 2141 insertions(+), 512 deletions(-)
Powered by blists - more mailing lists