| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1689757619.git.leon@kernel.org> Date: Wed, 19 Jul 2023 12:26:52 +0300 From: Leon Romanovsky <leon@...nel.org> To: Steffen Klassert <steffen.klassert@...unet.com>, Jakub Kicinski <kuba@...nel.org> Cc: Leon Romanovsky <leonro@...dia.com>, Eric Dumazet <edumazet@...gle.com>, Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org, Paolo Abeni <pabeni@...hat.com>, Saeed Mahameed <saeedm@...dia.com>, Simon Horman <simon.horman@...igine.com>, Ilia Lin <quic_ilial@...cinc.com> Subject: [PATCH net-next 0/4] Support UDP encapsulation in packet offload mode From: Leon Romanovsky <leonro@...dia.com> Hi, As was raised by Ilia in this thread [1], the ESP over UDP feature is supported in packet offload mode. So comes this series, which adds relevant bits to the mlx5 driver and opens XFRM core code to accept such configuration. NAT-T is part of IKEv2 and strongswan uses it automatically [2]. [1] https://lore.kernel.org/all/20230718092405.4124345-1-quic_ilial@quicinc.com [2] https://wiki.strongswan.org/projects/1/wiki/NatTraversal Leon Romanovsky (4): net/mlx5: Add relevant capabilities bits to support NAT-T net/mlx5e: Check for IPsec NAT-T support net/mlx5e: Support IPsec NAT-T functionality xfrm: Support UDP encapsulation in packet offload mode .../mellanox/mlx5/core/en_accel/ipsec.c | 27 +++++++- .../mellanox/mlx5/core/en_accel/ipsec.h | 12 +++- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 61 ++++++++++++++----- .../mlx5/core/en_accel/ipsec_offload.c | 6 ++ include/linux/mlx5/mlx5_ifc.h | 7 ++- net/xfrm/xfrm_device.c | 13 ++-- 6 files changed, 100 insertions(+), 26 deletions(-) -- 2.41.0
Powered by blists - more mailing lists