| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230321071830.GN36557@unreal>
Date: Tue, 21 Mar 2023 09:18:30 +0200
From: Leon Romanovsky <leon@...nel.org>
To: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
Cc: Steffen Klassert <steffen.klassert@...unet.com>,
Paul Blakey <paulb@...dia.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
netdev@...r.kernel.org, Saeed Mahameed <saeedm@...dia.com>,
Raed Salem <raeds@...dia.com>
Subject: Re: [GIT PULL] Extend packet offload to fully support libreswan
On Mon, Mar 20, 2023 at 11:47:22AM +0200, Leon Romanovsky wrote:
> The following patches are an outcome of Raed's work to add packet
> offload support to libreswan [1].
>
> The series includes:
> * Priority support to IPsec policies
> * Statistics per-SA (visible through "ip -s xfrm state ..." command)
> * Support to IKE policy holes
> * Fine tuning to acquire logic.
>
> Thanks
>
> [1] https://github.com/libreswan/libreswan/pull/986
> Link: https://lore.kernel.org/all/cover.1678714336.git.leon@kernel.org
> Signed-off-by: Leon Romanovsky <leon@...nel.org>
>
> ----------------------------------------------------------------
>
> The following changes since commit eeac8ede17557680855031c6f305ece2378af326:
>
> Linux 6.3-rc2 (2023-03-12 16:36:44 -0700)
>
> are available in the Git repository at:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/ tags/ipsec-libreswan-mlx5
>
> for you to fetch changes up to 5a6cddb89b51d99a7702e63829644a5860dd9c41:
>
> net/mlx5e: Update IPsec per SA packets/bytes count (2023-03-20 11:29:52 +0200)
>
> ----------------------------------------------------------------
> Paul Blakey (3):
> net/mlx5: fs_chains: Refactor to detach chains from tc usage
> net/mlx5: fs_core: Allow ignore_flow_level on TX dest
> net/mlx5e: Use chains for IPsec policy priority offload
>
> Raed Salem (6):
> xfrm: add new device offload acquire flag
> xfrm: copy_to_user_state fetch offloaded SA packets/bytes statistics
> net/mlx5e: Allow policies with reqid 0, to support IKE policy holes
> net/mlx5e: Support IPsec acquire default SA
> net/mlx5e: Use one rule to count all IPsec Tx offloaded traffic
> net/mlx5e: Update IPsec per SA packets/bytes count
>
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 71 ++++--
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 13 +-
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 528 +++++++++++++++++++++++++++++++++++----------
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c | 32 ++-
> drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 20 +-
> drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 6 +-
> drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +-
> drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c | 89 ++++----
> drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.h | 9 +-
> include/net/xfrm.h | 5 +
> net/xfrm/xfrm_state.c | 1 +
> net/xfrm/xfrm_user.c | 2 +
> 12 files changed, 553 insertions(+), 228 deletions(-)
Hi,
I see that this PR is marked as "Needs ACK" in patchworks:
https://patchwork.kernel.org/project/netdevbpf/patch/20230320094722.1009304-1-leon@kernel.org/
Steffen already acked on XFRM patches:
https://lore.kernel.org/netdev/ZBgjsw8exj1c46lW@gauss3.secunet.de/
https://lore.kernel.org/netdev/ZBgj07C1o39NFJW5@gauss3.secunet.de/
https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/commit/?h=ipsec-libreswan-mlx5&id=c9fa320b00cff04980b8514d497068e59a8ee131
https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/commit/?h=ipsec-libreswan-mlx5&id=e0aeb9b90acf6ee7c2d11141522ffbb5481734d3
and mlx5 ipsec is my responsibility.
So who should extra ack on this series?
Thanks
Powered by blists - more mailing lists