lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c8020dae-50ec-436b-b3df-a4ceab259806@intel.com>
Date: Tue, 30 Jul 2024 11:45:01 +0200
From: Wojciech Drewek <wojciech.drewek@...el.com>
To: Tariq Toukan <tariqt@...dia.com>, "David S. Miller" <davem@...emloft.net>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, "Eric
 Dumazet" <edumazet@...gle.com>
CC: <netdev@...r.kernel.org>, Saeed Mahameed <saeedm@...dia.com>, Gal Pressman
	<gal@...dia.com>, Leon Romanovsky <leonro@...dia.com>, Rahul Rameshbabu
	<rrameshbabu@...dia.com>
Subject: Re: [PATCH net 6/8] net/mlx5e: Require mlx5 tc classifier action
 support for IPsec prio capability



On 30.07.2024 08:16, Tariq Toukan wrote:
> From: Rahul Rameshbabu <rrameshbabu@...dia.com>
> 
> Require mlx5 classifier action support when creating IPSec chains in
> offload path. MLX5_IPSEC_CAP_PRIO should only be set if CONFIG_MLX5_CLS_ACT
> is enabled. If CONFIG_MLX5_CLS_ACT=n and MLX5_IPSEC_CAP_PRIO is set,
> configuring IPsec offload will fail due to the mlxx5 ipsec chain rules
> failing to be created due to lack of classifier action support.
> 
> Fixes: fa5aa2f89073 ("net/mlx5e: Use chains for IPsec policy priority offload")
> Signed-off-by: Rahul Rameshbabu <rrameshbabu@...dia.com>
> Reviewed-by: Leon Romanovsky <leonro@...dia.com>
> Signed-off-by: Tariq Toukan <tariqt@...dia.com>
> ---

Reviewed-by: Wojciech Drewek <wojciech.drewek@...el.com>

>  .../ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c   | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
> index 6e00afe4671b..797db853de36 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c
> @@ -51,9 +51,10 @@ u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev)
>  		    MLX5_CAP_FLOWTABLE_NIC_RX(mdev, decap))
>  			caps |= MLX5_IPSEC_CAP_PACKET_OFFLOAD;
>  
> -		if ((MLX5_CAP_FLOWTABLE_NIC_TX(mdev, ignore_flow_level) &&
> -		     MLX5_CAP_FLOWTABLE_NIC_RX(mdev, ignore_flow_level)) ||
> -		    MLX5_CAP_ESW_FLOWTABLE_FDB(mdev, ignore_flow_level))
> +		if (IS_ENABLED(CONFIG_MLX5_CLS_ACT) &&
> +		    ((MLX5_CAP_FLOWTABLE_NIC_TX(mdev, ignore_flow_level) &&
> +		      MLX5_CAP_FLOWTABLE_NIC_RX(mdev, ignore_flow_level)) ||
> +		     MLX5_CAP_ESW_FLOWTABLE_FDB(mdev, ignore_flow_level)))
>  			caps |= MLX5_IPSEC_CAP_PRIO;
>  
>  		if (MLX5_CAP_FLOWTABLE_NIC_TX(mdev,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ