lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Dec 2022 10:33:10 +0100 From: Steffen Klassert <steffen.klassert@...unet.com> To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org> CC: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert <steffen.klassert@...unet.com>, <netdev@...r.kernel.org> Subject: pull request (net-next): ipsec-next 2022-12-09 1) Add xfrm packet offload core API. From Leon Romanovsky. 2) Add xfrm packet offload support for mlx5. From Leon Romanovsky and Raed Salem. 3) Fix a typto in a error message. From Colin Ian King. Please pull or let me know if there are problems. Thanks! The following changes since commit 65e6af6cebefbf7d8d8ac52b71cd251c2071ad00: net: ethernet: mtk_wed: fix sleep while atomic in mtk_wed_wo_queue_refill (2022-12-02 21:23:02 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git tags/ipsec-next-2022-12-09 for you to fetch changes up to abe2343d37c2b4361547d5d31e17340ff9ec7356: xfrm: Fix spelling mistake "oflload" -> "offload" (2022-12-09 09:09:40 +0100) ---------------------------------------------------------------- ipsec-next-2022-12-09 ---------------------------------------------------------------- Colin Ian King (1): xfrm: Fix spelling mistake "oflload" -> "offload" Leon Romanovsky (36): xfrm: add new packet offload flag xfrm: allow state packet offload mode xfrm: add an interface to offload policy xfrm: add TX datapath support for IPsec packet offload mode xfrm: add RX datapath protection for IPsec packet offload mode xfrm: speed-up lookup of HW policies xfrm: add support to HW update soft and hard limits xfrm: document IPsec packet offload mode net/mlx5: Return ready to use ASO WQE net/mlx5: Add HW definitions for IPsec packet offload net/mlx5e: Advertise IPsec packet offload support net/mlx5e: Store replay window in XFRM attributes net/mlx5e: Remove extra layers of defines net/mlx5e: Create symmetric IPsec RX and TX flow steering structs net/mlx5e: Use mlx5 print routines for low level IPsec code net/mlx5e: Remove accesses to priv for low level IPsec FS code net/mlx5e: Create Advanced Steering Operation object for IPsec net/mlx5e: Create hardware IPsec packet offload objects net/mlx5e: Move IPsec flow table creation to separate function net/mlx5e: Refactor FTE setup code to be more clear net/mlx5e: Flatten the IPsec RX add rule path net/mlx5e: Make clear what IPsec rx_err does net/mlx5e: Group IPsec miss handles into separate struct net/mlx5e: Generalize creation of default IPsec miss group and rule net/mlx5e: Create IPsec policy offload tables net/mlx5e: Add XFRM policy offload logic net/mlx5e: Use same coding pattern for Rx and Tx flows net/mlx5e: Configure IPsec packet offload flow steering net/mlx5e: Improve IPsec flow steering autogroup net/mlx5e: Skip IPsec encryption for TX path without matching policy net/mlx5e: Provide intermediate pointer to access IPsec struct net/mlx5e: Store all XFRM SAs in Xarray net/mlx5e: Update IPsec soft and hard limits net/mlx5e: Handle hardware IPsec limits events net/mlx5e: Handle ESN update events net/mlx5e: Open mlx5 driver to accept IPsec packet offload Raed Salem (1): net/mlx5e: Add statistics for Rx/Tx IPsec offloaded flows Steffen Klassert (3): Merge branch 'Extend XFRM core to allow packet offload configuration' Merge branch 'mlx5 IPsec packet offload support (Part I)' Merge branch 'mlx5 IPsec packet offload support (Part II)' Documentation/networking/xfrm_device.rst | 62 +- .../chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 4 + drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 5 + drivers/net/ethernet/intel/ixgbevf/ipsec.c | 5 + drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 3 +- .../net/ethernet/mellanox/mlx5/core/en/tc/meter.c | 1 - .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 356 +++++-- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 132 ++- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 1069 ++++++++++++++------ .../mellanox/mlx5/core/en_accel/ipsec_offload.c | 303 +++++- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 22 +- .../mellanox/mlx5/core/en_accel/ipsec_stats.c | 52 + drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_stats.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/eq.c | 5 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/lib/aso.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/lib/aso.h | 4 +- drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 5 + drivers/net/netdevsim/ipsec.c | 5 + include/linux/mlx5/mlx5_ifc.h | 53 +- include/linux/netdevice.h | 4 + include/net/xfrm.h | 124 ++- include/uapi/linux/xfrm.h | 6 + net/xfrm/xfrm_device.c | 109 +- net/xfrm/xfrm_output.c | 12 +- net/xfrm/xfrm_policy.c | 85 +- net/xfrm/xfrm_state.c | 191 +++- net/xfrm/xfrm_user.c | 20 + 30 files changed, 2141 insertions(+), 512 deletions(-)
Powered by blists - more mailing lists