| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Jul 2023 14:28:11 +0300 From: Leon Romanovsky <leon@...nel.org> To: Jakub Kicinski <kuba@...nel.org> Cc: Leon Romanovsky <leonro@...dia.com>, Steffen Klassert <steffen.klassert@...unet.com>, Eric Dumazet <edumazet@...gle.com>, Jianbo Liu <jianbol@...dia.com>, Mark Bloch <mbloch@...dia.com>, netdev@...r.kernel.org, Paolo Abeni <pabeni@...hat.com>, Saeed Mahameed <saeedm@...dia.com>, "David S . Miller" <davem@...emloft.net>, Simon Horman <simon.horman@...igine.com> Subject: [PATCH net-next v1 00/13] mlx5 IPsec packet offload support in eswitch mode From: Leon Romanovsky <leonro@...dia.com> Changelog: v1: * Fixed ipv6 flow steering table destination in IPsec initialization routine. * Removed Fixes line from "net/mlx5: Compare with..." patch as this fix is required for this series only. * Added patch to enforce same order for HW and SW IPsec flows when TC is involved, which is "host <-> IPsec <-> TC <-> "wire"/switch". v0: https://lore.kernel.org/all/cover.1689064922.git.leonro@nvidia.com ------------------------------------------------------------------------- Hi, This series from Jianbo adds mlx5 IPsec packet offload support in eswitch offloaded mode. It works exactly like "regular" IPsec, nothing special, except now users can switch to switchdev before adding IPsec rules. devlink dev eswitch set pci/0000:06:00.0 mode switchdev Same configurations as here: https://lore.kernel.org/netdev/cover.1670005543.git.leonro@nvidia.com/ Packet offload mode: ip xfrm state offload packet dev <if-name> dir <in|out> ip xfrm policy .... offload packet dev <if-name> Crypto offload mode: ip xfrm state offload crypto dev <if-name> dir <in|out> or (backward compatibility) ip xfrm state offload dev <if-name> dir <in|out> Thanks Jianbo Liu (13): net/mlx5e: Add function to get IPsec offload namespace net/mlx5e: Change the parameter of IPsec RX skb handle function net/mlx5e: Prepare IPsec packet offload for switchdev mode net/mlx5e: Refactor IPsec RX tables creation and destruction net/mlx5e: Support IPsec packet offload for RX in switchdev mode net/mlx5e: Handle IPsec offload for RX datapath in switchdev mode net/mlx5e: Refactor IPsec TX tables creation net/mlx5e: Support IPsec packet offload for TX in switchdev mode net/mlx5: Compare with old_dest param to modify rule destination net/mlx5e: Make IPsec offload work together with eswitch and TC net/mlx5e: Modify and restore TC rules for IPSec TX rules net/mlx5e: Add get IPsec offload stats for uplink representor net/mlx5e: Make TC and IPsec offloads mutually exclusive on a netdev .../net/ethernet/mellanox/mlx5/core/Makefile | 4 + .../ethernet/mellanox/mlx5/core/en/rep/tc.c | 17 +- .../mellanox/mlx5/core/en_accel/ipsec.c | 2 + .../mellanox/mlx5/core/en_accel/ipsec.h | 65 +- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 708 +++++++++++++----- .../mlx5/core/en_accel/ipsec_offload.c | 5 +- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 25 +- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h | 6 +- .../net/ethernet/mellanox/mlx5/core/en_rep.c | 1 + .../net/ethernet/mellanox/mlx5/core/en_rx.c | 3 +- .../net/ethernet/mellanox/mlx5/core/en_tc.c | 47 ++ .../mellanox/mlx5/core/esw/ipsec_fs.c | 325 ++++++++ .../mellanox/mlx5/core/esw/ipsec_fs.h | 67 ++ .../net/ethernet/mellanox/mlx5/core/eswitch.h | 17 + .../mellanox/mlx5/core/eswitch_offloads.c | 174 ++++- .../net/ethernet/mellanox/mlx5/core/fs_core.c | 14 +- include/linux/mlx5/driver.h | 2 + include/linux/mlx5/eswitch.h | 3 + include/linux/mlx5/fs.h | 2 + 19 files changed, 1270 insertions(+), 217 deletions(-) create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.h -- 2.41.0
Powered by blists - more mailing lists