lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230403064154.12443-1-leon@kernel.org>
Date:   Mon,  3 Apr 2023 09:41:54 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
Cc:     Steffen Klassert <steffen.klassert@...unet.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        netdev@...r.kernel.org, Saeed Mahameed <saeedm@...dia.com>,
        Raed Salem <raeds@...dia.com>
Subject: [GIT PULL] Improve IPsec limits, ESN and replay window

This series overcomes existing hardware limitations in Mellanox ConnectX
devices around handling IPsec soft and hard limits.

In addition, the ESN logic is tied and added an interface to configure
replay window sequence numbers through existing iproute2 interface.

  ip xfrm state ... [ replay-seq SEQ ] [ replay-oseq SEQ ]
                    [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]

Link: https://lore.kernel.org/all/cover.1680162300.git.leonro@nvidia.com
Signed-off-by: Leon Romanovsky <leon@...nel.org>

----------------------------------------------------------------

The following changes since commit 5a6cddb89b51d99a7702e63829644a5860dd9c41:

  net/mlx5e: Update IPsec per SA packets/bytes count (2023-03-20 11:29:52 +0200)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/ tags/ipsec-esn-replay

for you to fetch changes up to 9f758558e309d11ef31dbdabdb1e3aa1003aebf9:

  net/mlx5e: Simulate missing IPsec TX limits hardware functionality (2023-04-03 09:29:47 +0300)

----------------------------------------------------------------
Leon Romanovsky (10):
      net/mlx5e: Factor out IPsec ASO update function
      net/mlx5e: Prevent zero IPsec soft/hard limits
      net/mlx5e: Add SW implementation to support IPsec 64 bit soft and hard limits
      net/mlx5e: Overcome slow response for first IPsec ASO WQE
      xfrm: don't require advance ESN callback for packet offload
      net/mlx5e: Remove ESN callbacks if it is not supported
      net/mlx5e: Set IPsec replay sequence numbers
      net/mlx5e: Reduce contention in IPsec workqueue
      net/mlx5e: Generalize IPsec work structs
      net/mlx5e: Simulate missing IPsec TX limits hardware functionality

 .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c   | 329 ++++++++++++++++++---
 .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h   |  47 ++-
 .../mellanox/mlx5/core/en_accel/ipsec_fs.c         |  31 +-
 .../mellanox/mlx5/core/en_accel/ipsec_offload.c    | 198 ++++++++++---
 net/xfrm/xfrm_device.c                             |   2 +-
 5 files changed, 496 insertions(+), 111 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ