[net-next,v5,0/3] Fix IPsec crypto offloads with vxlan tunnel

Message ID	20210614143349.74866-1-huyn@nvidia.com (mailing list archive)
Headers	show Return-Path: <netdev-owner@kernel.org> Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; From: Huy Nguyen <huyn@nvidia.com> To: <netdev@vger.kernel.org> CC: <steffen.klassert@secunet.com>, <saeedm@nvidia.com>, <borisp@nvidia.com>, <raeds@nvidia.com>, <danielj@nvidia.com>, <yossiku@nvidia.com>, <kuba@kernel.org>, <huyn@nvidia.com> Subject: [PATCH net-next v5 0/3] Fix IPsec crypto offloads with vxlan tunnel Date: Mon, 14 Jun 2021 17:33:46 +0300 Message-ID: <20210614143349.74866-1-huyn@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk
Series	Fix IPsec crypto offloads with vxlan tunnel \| expand [net-next,v5,0/3] Fix IPsec crypto offloads with vxlan tunnel [net-next,v5,1/3] net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet [net-next,v5,2/3] net/xfrm: Add inner_ipproto into sec_path [net-next,v5,3/3] net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload

Message ID

20210614143349.74866-1-huyn@nvidia.com (mailing list archive)

Headers

Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.112.34 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.112.34; helo=mail.nvidia.com;
From: Huy Nguyen <huyn@nvidia.com>
To: <netdev@vger.kernel.org>
CC: <steffen.klassert@secunet.com>, <saeedm@nvidia.com>,
        <borisp@nvidia.com>, <raeds@nvidia.com>, <danielj@nvidia.com>,
        <yossiku@nvidia.com>, <kuba@kernel.org>, <huyn@nvidia.com>
Subject: [PATCH net-next v5 0/3] Fix IPsec crypto offloads with vxlan tunnel
Date: Mon, 14 Jun 2021 17:33:46 +0300
Message-ID: <20210614143349.74866-1-huyn@nvidia.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jun 2021 14:34:00.2678
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 904796c6-8c0b-4b81-d506-08d92f417351
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.112.34];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 CO1NAM11FT040.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4873
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

Series

Fix IPsec crypto offloads with vxlan tunnel | expand

Message

Huy Nguyen June 14, 2021, 2:33 p.m. UTC

v4 -> v5:
  - Fix double initialization of xo in xfrm_get_inner_ipproto

v3 -> v4:
 - Check explicitly for skb->ecapsulation before calling xfrm_get_inner_ipproto.
 - Move patche set to net-next

v2 -> v3:
  - Fix bug in patch 003 when checking for xo null pointer in mlx5e_ipsec_feature_check
  - Fix bug of accidentally commenting out memset in patch 003

v1 -> v2:
  - Move inner_ipproto into xfrm_offload structure.
  - Fix static code analysis errors.
  - skip checking for skb->encapsulation to be more flexible for vendor

This small series fixes ipsec TX offloads with vxlan overlay on top of
the offloaded ipsec packet, the driver (mlx5) was lacking such information
and the skb->encapsulation bit wasn't enough as indication to reach the
vxlan inner headers, as a solution we mark the tunnel in the offloaded
context of ipsec.

Huy Nguyen (3):
  net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet
  net/xfrm: Add inner_ipproto into sec_path
  net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload

 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c  | 65 ++++++++++++++-----
 .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h  | 37 ++++++++---
 .../net/ethernet/mellanox/mlx5/core/en_main.c |  8 ++-
 include/net/xfrm.h                            |  1 +
 net/xfrm/xfrm_output.c                        | 41 +++++++++++-
 5 files changed, 124 insertions(+), 28 deletions(-)

Comments

Saeed Mahameed June 22, 2021, 9:53 p.m. UTC | #1

On Mon, 2021-06-14 at 17:33 +0300, Huy Nguyen wrote:
> v4 -> v5:
>   - Fix double initialization of xo in xfrm_get_inner_ipproto
> 
> v3 -> v4:
>  - Check explicitly for skb->ecapsulation before calling
> xfrm_get_inner_ipproto.
>  - Move patche set to net-next
> 
> v2 -> v3:
>   - Fix bug in patch 003 when checking for xo null pointer in
> mlx5e_ipsec_feature_check
>   - Fix bug of accidentally commenting out memset in patch 003
> 
> v1 -> v2:
>   - Move inner_ipproto into xfrm_offload structure.
>   - Fix static code analysis errors.
>   - skip checking for skb->encapsulation to be more flexible for
> vendor
> 
> This small series fixes ipsec TX offloads with vxlan overlay on top
> of
> the offloaded ipsec packet, the driver (mlx5) was lacking such
> information
> and the skb->encapsulation bit wasn't enough as indication to reach
> the
> vxlan inner headers, as a solution we mark the tunnel in the
> offloaded
> context of ipsec.
> 

Series applied to net-next-mlx5.

Thanks,
Saeed.