| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250109094321.2268124-1-steffen.klassert@secunet.com>
Date: Thu, 9 Jan 2025 10:43:04 +0100
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert
<steffen.klassert@...unet.com>, <netdev@...r.kernel.org>
Subject: [PATCH 0/17] pull request (net-next): ipsec-next 2025-01-09
1) Implement the AGGFRAG protocol and basic IP-TFS (RFC9347) functionality.
From Christian Hopps.
2) Support ESN context update to hardware for TX.
From Jianbo Liu.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 152d00a913969514967ad3f962b3b1c8983eb2d7:
r8169: simplify setting hwmon attribute visibility (2024-12-04 19:44:22 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git tags/ipsec-next-2025-01-09
for you to fetch changes up to 7082a6dc84ebba9dbdf65727b5bc4af92a2d31d3:
net/mlx5e: Update TX ESN context for IPSec hardware offload (2025-01-07 13:12:11 +0100)
----------------------------------------------------------------
ipsec-next-2025-01-09
----------------------------------------------------------------
Christian Hopps (15):
xfrm: config: add CONFIG_XFRM_IPTFS
include: uapi: protocol number and packet structs for AGGFRAG in ESP
xfrm: netlink: add config (netlink) options
xfrm: add mode_cbs module functionality
xfrm: add generic iptfs defines and functionality
xfrm: iptfs: add new iptfs xfrm mode impl
xfrm: iptfs: add user packet (tunnel ingress) handling
xfrm: iptfs: share page fragments of inner packets
xfrm: iptfs: add fragmenting of larger than MTU user packets
xfrm: iptfs: add basic receive packet (tunnel egress) handling
xfrm: iptfs: handle received fragmented inner packets
xfrm: iptfs: add reusing received skb for the tunnel egress packet
xfrm: iptfs: add skb-fragment sharing code
xfrm: iptfs: handle reordering of received packets
xfrm: iptfs: add tracepoint functionality
Jianbo Liu (2):
xfrm: Support ESN context update to hardware for TX
net/mlx5e: Update TX ESN context for IPSec hardware offload
Steffen Klassert (1):
Merge branch 'Add IP-TFS mode to xfrm'
Documentation/networking/xfrm_device.rst | 3 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +
.../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 37 +-
include/net/xfrm.h | 44 +
include/uapi/linux/in.h | 2 +
include/uapi/linux/ip.h | 16 +
include/uapi/linux/ipsec.h | 3 +-
include/uapi/linux/snmp.h | 2 +
include/uapi/linux/xfrm.h | 9 +-
net/ipv4/esp4.c | 3 +-
net/ipv6/esp6.c | 3 +-
net/netfilter/nft_xfrm.c | 3 +-
net/xfrm/Kconfig | 16 +
net/xfrm/Makefile | 1 +
net/xfrm/trace_iptfs.h | 218 ++
net/xfrm/xfrm_compat.c | 10 +-
net/xfrm/xfrm_device.c | 4 +-
net/xfrm/xfrm_input.c | 18 +-
net/xfrm/xfrm_iptfs.c | 2764 ++++++++++++++++++++
net/xfrm/xfrm_output.c | 6 +
net/xfrm/xfrm_policy.c | 26 +-
net/xfrm/xfrm_proc.c | 2 +
net/xfrm/xfrm_replay.c | 1 +
net/xfrm/xfrm_state.c | 84 +
net/xfrm/xfrm_user.c | 77 +
25 files changed, 3313 insertions(+), 42 deletions(-)
create mode 100644 net/xfrm/trace_iptfs.h
create mode 100644 net/xfrm/xfrm_iptfs.c
Powered by blists - more mailing lists