From patchwork Thu Feb 20 21:39:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tariq Toukan X-Patchwork-Id: 13984524 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2075.outbound.protection.outlook.com [40.107.92.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 23E132638B8; Thu, 20 Feb 2025 21:41:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740087664; cv=fail; b=QfLGmzlS/PlAHNfYwe0s3OYvMWZkZTcfc1uuGFGmFM3chLVw/v79XVgyBCl/S+c6tZLGxLA2tHlTXFVgHeBWNGn9dbuyzKvXQT4h6Yhsn6B4OVHLsqicxsU6+K5uPsYYwfwPv9i/J6RL9+XPyCXxSQl7c8YgbXLSVoqRJyad28E= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740087664; c=relaxed/simple; bh=rhhVF5oHD97YHuWAIHw7c+umqMt0g2jvEeiO5jVUFos=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=UOMWQlnOi9KR94C9j0cgXbypGlYyU8KbULhgwxuZzMHEnokXoJ/1zadDVE/zFkkfFmUBSXT/Y17I5fAPTbztvTohl29KEpK+CsSDVS5vSmEEvLToDL25cScIebs/BogWNhEC24YG87W8hBVaxmOvwUoXFGLAnee5KdubDSKdPNM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=dek5FiXo; arc=fail smtp.client-ip=40.107.92.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="dek5FiXo" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xtgUqxEUyITN3lqteqNivapAocn8mYyhtq26veP0KPEHZa87Q+l+ROvjCl2WDOTl1FCENLrcHaUF6wfOiRoaNtAOiaqX5CSziVXTAsP5tNCeqlc4IuGvEoHHRFOQag5HqP+98krh43H7xm2XG6gCoyXBHX2BhhLGBGLui21Kp1rIqsoY9auWQwjAvv9/y7pQ/FtZJPPdarN9mTJzrV6lcqvkN0L0TPblqvUsZgBKXzZOEaaZLfp+kfRwmtbAcXaagnQuffxdzJ2rvAn7kPSmr62rIzOtA1thNwddHfUgct2bLsxgh17Yy5Z1aFVsAluQQbS87XgsHXy26qObIeMlXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eZI4YGyeyBiOWEiiV5OuMBv0V24LtnJljyPE2c4Bslc=; b=Qp7/N1NISAU4taPv/N4c/CXEs5tOexACz1One+7NuKE7uK5s09m/sk+YPZTnsdgR9O1ePA9IzPBVLUbi4onV5j0XvJSdPMtqWJkQO7aGWqVUcZLNd/2U4LsI8ixyywSTll+xqhm8luaKn+tEa9qivJCB2VK5N6Kbzqsoiht6+Yb3Ua6LAWn4fr78ANamNWppwKBL/LkH2fjhWZzVEFnEQ2r9WW34JEv4vu44QQGuWUq+IgmcNho3f5BfjPG4GB6SvNIg8bicvKkHvUxX+cQfGn1bnO2+NNKL+/j4nNtmuUPdRox4D1Tkwbn95C1RwbAZT2Omg/8ONtyyjNmd0PXqZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=davemloft.net smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eZI4YGyeyBiOWEiiV5OuMBv0V24LtnJljyPE2c4Bslc=; b=dek5FiXoeuDZm+VIaME/X6TQskUpzhx0vNzwf99aW/Mv1hGp89mMxS7h3RdNQto4/VutCumfNIOsSQVgJhFIulbZGs5UDWmaa3tUAQm7ljnM6ziUglEJKwKtw1zpOKb4RHPUVu6MeD2lOqf6hrqwOoxFQ2AkPSAiEmRNvpjfd6r8ag4TOHKALnO484sRdyJ6zSGVPXTrLkX14PUaQSe/PKTf3Ca8xoKZuyQi1OsbTq9bKJh0oqwN00CgcG4JntIWrW6qwDkwuS2EFATPm7kP4Xh7F+BlkuCaJHnRqwo/5NPDTmDzCZz6sQZnnPrYjTyXWX2GlAvKsS5gu4EtXG+vyA== Received: from SA0PR12CA0012.namprd12.prod.outlook.com (2603:10b6:806:6f::17) by CY8PR12MB8411.namprd12.prod.outlook.com (2603:10b6:930:6e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.16; Thu, 20 Feb 2025 21:40:58 +0000 Received: from SN1PEPF00026368.namprd02.prod.outlook.com (2603:10b6:806:6f:cafe::1a) by SA0PR12CA0012.outlook.office365.com (2603:10b6:806:6f::17) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.15 via Frontend Transport; Thu, 20 Feb 2025 21:40:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by SN1PEPF00026368.mail.protection.outlook.com (10.167.241.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.11 via Frontend Transport; Thu, 20 Feb 2025 21:40:58 +0000 Received: from drhqmail203.nvidia.com (10.126.190.182) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 20 Feb 2025 13:40:42 -0800 Received: from drhqmail201.nvidia.com (10.126.190.180) by drhqmail203.nvidia.com (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Thu, 20 Feb 2025 13:40:41 -0800 Received: from vdi.nvidia.com (10.127.8.10) by mail.nvidia.com (10.126.190.180) with Microsoft SMTP Server id 15.2.1544.14 via Frontend Transport; Thu, 20 Feb 2025 13:40:38 -0800 From: Tariq Toukan To: "David S. Miller" , Jakub Kicinski , Paolo Abeni , Eric Dumazet , "Andrew Lunn" CC: Gal Pressman , Mark Bloch , "Saeed Mahameed" , Leon Romanovsky , Tariq Toukan , , , , Jianbo Liu Subject: [PATCH net-next 0/8] net/mlx5e: Move IPSec policy check after decryption Date: Thu, 20 Feb 2025 23:39:50 +0200 Message-ID: <20250220213959.504304-1-tariqt@nvidia.com> X-Mailer: git-send-email 2.45.0 Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-NV-OnPremToCloud: AnonymousSubmission X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00026368:EE_|CY8PR12MB8411:EE_ X-MS-Office365-Filtering-Correlation-Id: c4f37fb3-c47b-4470-81e2-08dd51f7432f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013; X-Microsoft-Antispam-Message-Info: =?utf-8?q?5BnUxZzMewle7v8+68FxKfm4+QxBmtC?= =?utf-8?q?DpnkeG3bJEsgunnKZKGN0uk7HC8GzrZCWl5i79tKSVkphBUXPnC8FxpYOWT2Hg6xI?= =?utf-8?q?N5/VnfwqkCxece0Y4kJD8IqytJ8Ohh9OtbWm9huTyeem7XV/XQrAXVL4a/W2YDYFO?= =?utf-8?q?sH+VNFKrwyEEPoI+5ndqEkj0VCUvuLYAWBl8sT3nq8I+KKkwxw/xCv5zg2SYqPO3U?= =?utf-8?q?YNH1O9rxd1WSvWh8uovNv0pt/KyjuhdgDDM0TKO0go4Thuf1MC9ywNqEGRBcEsqJX?= =?utf-8?q?K3vW8rVdW28/sA0c+CFQzBB0hRubSbCrw5bgkFgdeMG6JaFoMqhrnjc0PulmJvkzj?= =?utf-8?q?ACtRzGYNeaIC4XtP9tkP97oL9gI0A2gkXSsyFyj/uKW/pCtiKMeqzz+7hH/c2TKK9?= =?utf-8?q?V6rHxg8fP7Wma3sjAu81x3X4WQWc5JtbezrTyWFO9YxKU/teTr11RVOL2LRz3u8Ui?= =?utf-8?q?1ldmBnfU1kARL91lT0t3S42UIMXYTG2isMCYNompsJfjGazc1tbnDLyZlhkTbeqcl?= =?utf-8?q?0z846a7ypPSq9s8+UotoY6N9u3smOWPeYD2czzgPQs1/Ng4Y87cC+RZwLIz2akLA+?= =?utf-8?q?s9F7eqslXaguvypR8TnDjUxRIB4HkEy6pDkcIwxIjlJLsDCHt5ic6zf+qHi26h8qb?= =?utf-8?q?NmvYiE9TnAgfcT04TI+O8bC7+MpWpz3uqswTF+/WYhBsKsVm448KNTzxU+zKvakx7?= =?utf-8?q?spKrlla1zDJ+GVpuOQGQkCZcYom09SGXRCJSx45YTsMHH8fOTLfqX/54+nj8ifmYp?= =?utf-8?q?36o85RkR/xAYy77cjIyqkARsectjOMNI+HLfGSzf819Q7fN683tBua0DnDVVkK8UR?= =?utf-8?q?755Kc2gfHvlXQegaSsQm7mInSIXoBExCuaBwB8vpLqazdtSeGODu6Hm8o48uwepqa?= =?utf-8?q?W5vzo0Bl0vLukd+Y97YoeUJoVnlLCjIbLAC2cJCqi8oecrZBhffVmnNLpNlUpWLqk?= =?utf-8?q?P8W1a1Ld9pVtDSfm8jBwzEmuhotpzAF83vshOM8+EsNEmpk1CMMtyTPsX74A78Cdr?= =?utf-8?q?62Tur2t6vJ9gxFrJt8xz3CoqE6dzKGaSgF8FuF70MOnK9G/WoksfWy7aTlZksCHCT?= =?utf-8?q?Td1+fzBBFMioa9FTU7EiNVBLIEoEHBG9t6pKRB2lu8LErfGfvblByK1n2tuzus4YN?= =?utf-8?q?i0eZjZoCbDEr7lnkrKhkudhQKw6NSJbVSIr/5ejn5HXxyKGNkOQW0MrhPmo22TVCd?= =?utf-8?q?rqnLmgh0ZuxHqRucFv1YErDZX2Nw7jbhaziOKRjvICUQr7JfmXGIBHJeL5BveKL5p?= =?utf-8?q?NiidM/QRf44AUPJHEb36qFP4c1RVIbPvOdDECifooF28h5FLR6p8N+Ft1k/xSw8DH?= =?utf-8?q?2SKPQ/bfQi0CcFR93aOp3712Z2lLVBciuhQTiYDKjX5tqi1n6odgr/5aBoA1cRhoK?= =?utf-8?q?i/HgG8PS1kQFnvazxKJrnPQwC7iub7foPQRwIvFHgeuDfdupbj9HjU=3D?= X-Forefront-Antispam-Report: CIP:216.228.118.232;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc7edge1.nvidia.com;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2025 21:40:58.1187 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c4f37fb3-c47b-4470-81e2-08dd51f7432f X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.118.232];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00026368.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB8411 Hi, This series by Jianbo adds IPsec policy check after decryption. In current mlx5 driver, the policy check is done before decryption for IPSec crypto and packet offload. This series changes that order to make it consistent with the processing in kernel xfrm. Besides, RX state with UPSPEC selector is supported correctly after new steering table is added after decryption and before the policy check. Regards, Tariq Jianbo Liu (8): net/mlx5e: Add helper function to update IPSec default destination net/mlx5e: Change the destination of IPSec RX SA miss rule net/mlx5e: Add correct match to check IPSec syndromes for switchdev mode net/mlx5e: Move IPSec policy check after decryption net/mlx5e: Skip IPSec RX policy check for crypto offload net/mlx5e: Add num_reserved_entries param for ipsec_ft_create() net/mlx5e: Add pass flow group for IPSec RX status table net/mlx5e: Support RX xfrm state selector's UPSPEC for packet offload .../net/ethernet/mellanox/mlx5/core/en/fs.h | 4 +- .../mellanox/mlx5/core/en_accel/ipsec.h | 5 + .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 620 +++++++++++++++--- .../mellanox/mlx5/core/en_accel/ipsec_stats.c | 1 + .../mellanox/mlx5/core/esw/ipsec_fs.c | 15 +- .../mellanox/mlx5/core/esw/ipsec_fs.h | 5 + include/linux/mlx5/eswitch.h | 2 + 7 files changed, 558 insertions(+), 94 deletions(-) base-commit: 5d6ba5ab8582aa35c1ee98e47af28e6f6772596c