[RESEND,net,v3,0/3] Fix IPsec crypto offloads with vxlan tunnel

Message ID	20210603160045.11805-1-huyn@nvidia.com (mailing list archive)
Headers	show Return-Path: <netdev-owner@kernel.org> Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; From: Huy Nguyen <huyn@nvidia.com> To: <netdev@vger.kernel.org> CC: <steffen.klassert@secunet.com>, <saeedm@nvidia.com>, <borisp@nvidia.com>, <raeds@nvidia.com>, <danielj@nvidia.com>, <yossiku@nvidia.com>, <kuba@kernel.org>, <huyn@nvidia.com> Subject: [RESEND PATCH net v3 0/3] Fix IPsec crypto offloads with vxlan tunnel Date: Thu, 3 Jun 2021 19:00:42 +0300 Message-ID: <20210603160045.11805-1-huyn@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk
Series	Fix IPsec crypto offloads with vxlan tunnel \| expand [RESEND,net,v3,0/3] Fix IPsec crypto offloads with vxlan tunnel [RESEND,net,v3,1/3] net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet [RESEND,net,v3,2/3] net/xfrm: Add inner_ipproto into sec_path [RESEND,net,v3,3/3] net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload

Message ID

20210603160045.11805-1-huyn@nvidia.com (mailing list archive)

Headers

Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.112.34 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.112.34; helo=mail.nvidia.com;
From: Huy Nguyen <huyn@nvidia.com>
To: <netdev@vger.kernel.org>
CC: <steffen.klassert@secunet.com>, <saeedm@nvidia.com>,
        <borisp@nvidia.com>, <raeds@nvidia.com>, <danielj@nvidia.com>,
        <yossiku@nvidia.com>, <kuba@kernel.org>, <huyn@nvidia.com>
Subject: [RESEND PATCH net v3 0/3] Fix IPsec crypto offloads with vxlan tunnel
Date: Thu, 3 Jun 2021 19:00:42 +0300
Message-ID: <20210603160045.11805-1-huyn@nvidia.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2021 16:01:00.6022
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 bb1c09b4-a435-4485-f05b-08d926a8c855
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.112.34];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 CO1NAM11FT010.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2337
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

Series

Fix IPsec crypto offloads with vxlan tunnel | expand

Message

Huy Nguyen June 3, 2021, 4 p.m. UTC

v1 -> v2:
  - Move inner_ipproto into xfrm_offload structure.
  - Fix static code analysis errors.
  - skip checking for skb->encapsulation to be more flexible for vendor

v2 -> v3:
  - Fix bug in patch 003 when checking for xo null pointer in mlx5e_ipsec_feature_check
  - Fix bug of accidentally commenting out memset in patch 003

This small series fixes ipsec TX offloads with vxlan overlay on top of
the offloaded ipsec packet, the driver (mlx5) was lacking such information
and the skb->encapsulation bit wasn't enough as indication to reach the
vxlan inner headers, as a solution we mark the tunnel in the offloaded
context of ipsec.

Huy Nguyen (3):
  net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet
  net/xfrm: Add inner_ipproto into sec_path
  net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload

 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c  | 65 ++++++++++++++-----
 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h  | 37 ++++++++---
 .../net/ethernet/mellanox/mlx5/core/en_main.c |  8 ++-
 include/net/xfrm.h                            |  1 +
 net/xfrm/xfrm_output.c                        | 44 ++++++++++++-
 5 files changed, 127 insertions(+), 28 deletions(-)

Comments

Steffen Klassert June 4, 2021, 7:57 a.m. UTC | #1

On Thu, Jun 03, 2021 at 07:00:42PM +0300, Huy Nguyen wrote:
> v1 -> v2:
>   - Move inner_ipproto into xfrm_offload structure.
>   - Fix static code analysis errors.
>   - skip checking for skb->encapsulation to be more flexible for vendor
> 
> v2 -> v3:
>   - Fix bug in patch 003 when checking for xo null pointer in mlx5e_ipsec_feature_check
>   - Fix bug of accidentally commenting out memset in patch 003
> 
> This small series fixes ipsec TX offloads with vxlan overlay on top of
> the offloaded ipsec packet, the driver (mlx5) was lacking such information
> and the skb->encapsulation bit wasn't enough as indication to reach the
> vxlan inner headers, as a solution we mark the tunnel in the offloaded
> context of ipsec.

This patchset does not look like a fix. It looks more that you add
a feature that was not supported before, so the pachset should
go to -next.

Also, who should merge that pachset? I contains xfrm and mlx5
parts.