From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org, Raed Salem <raeds@nvidia.com>,
Maor Dickman <maord@nvidia.com>,
Saeed Mahameed <saeedm@nvidia.com>
Subject: [net 14/18] net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic
Date: Tue, 1 Feb 2022 21:04:00 -0800 [thread overview]
Message-ID: <20220202050404.100122-15-saeed@kernel.org> (raw)
In-Reply-To: <20220202050404.100122-1-saeed@kernel.org>
From: Raed Salem <raeds@nvidia.com>
IPsec crypto offload always set the ethernet segment checksum flags with
the inner L4 header checksum flag enabled for encapsulated IPsec offloaded
packet regardless of the encapsulated L4 header type, and even if it
doesn't exists in the first place, this breaks non TCP/UDP traffic as
such.
Set the inner L4 checksum flag only when the encapsulated L4 header
protocol is TCP/UDP using software parser swp_inner_l4_offset field as
indication.
Fixes: 5cfb540ef27b ("net/mlx5e: Set IPsec WAs only in IP's non checksum partial case.")
Signed-off-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Maor Dickman <maord@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
.../ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h
index b98db50c3418..428881e0adcb 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h
@@ -131,14 +131,17 @@ static inline bool
mlx5e_ipsec_txwqe_build_eseg_csum(struct mlx5e_txqsq *sq, struct sk_buff *skb,
struct mlx5_wqe_eth_seg *eseg)
{
- struct xfrm_offload *xo = xfrm_offload(skb);
+ u8 inner_ipproto;
if (!mlx5e_ipsec_eseg_meta(eseg))
return false;
eseg->cs_flags = MLX5_ETH_WQE_L3_CSUM;
- if (xo->inner_ipproto) {
- eseg->cs_flags |= MLX5_ETH_WQE_L4_INNER_CSUM | MLX5_ETH_WQE_L3_INNER_CSUM;
+ inner_ipproto = xfrm_offload(skb)->inner_ipproto;
+ if (inner_ipproto) {
+ eseg->cs_flags |= MLX5_ETH_WQE_L3_INNER_CSUM;
+ if (inner_ipproto == IPPROTO_TCP || inner_ipproto == IPPROTO_UDP)
+ eseg->cs_flags |= MLX5_ETH_WQE_L4_INNER_CSUM;
} else if (likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
eseg->cs_flags |= MLX5_ETH_WQE_L4_CSUM;
sq->stats->csum_partial_inner++;
--
2.34.1
next prev parent reply other threads:[~2022-02-02 5:06 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 5:03 [pull request][net 00/18] mlx5 fixes 2022-02-01 Saeed Mahameed
2022-02-02 5:03 ` [net 01/18] net/mlx5: Bridge, take rtnl lock in init error handler Saeed Mahameed
2022-02-02 14:30 ` patchwork-bot+netdevbpf
2022-02-02 5:03 ` [net 02/18] net/mlx5: Bridge, ensure dev_name is null-terminated Saeed Mahameed
2022-02-02 5:03 ` [net 03/18] net/mlx5e: TC, Reject rules with drop and modify hdr action Saeed Mahameed
2022-02-02 5:03 ` [net 04/18] net/mlx5e: Fix module EEPROM query Saeed Mahameed
2022-02-02 5:03 ` [net 05/18] net/mlx5: Use del_timer_sync in fw reset flow of halting poll Saeed Mahameed
2022-02-02 5:03 ` [net 06/18] net/mlx5e: TC, Reject rules with forward and drop actions Saeed Mahameed
2022-02-02 5:03 ` [net 07/18] net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE Saeed Mahameed
2022-02-02 5:03 ` [net 08/18] net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion Saeed Mahameed
2022-02-02 5:03 ` [net 09/18] net/mlx5e: Fix wrong calculation of header index in HW_GRO Saeed Mahameed
2022-02-02 5:03 ` [net 10/18] net/mlx5e: Fix broken SKB allocation in HW-GRO Saeed Mahameed
2022-02-02 5:03 ` [net 11/18] net/mlx5e: Fix handling of wrong devices during bond netevent Saeed Mahameed
2022-02-02 5:03 ` [net 12/18] net/mlx5: E-Switch, Fix uninitialized variable modact Saeed Mahameed
2022-02-02 5:03 ` [net 13/18] net/mlx5e: Don't treat small ceil values as unlimited in HTB offload Saeed Mahameed
2022-02-02 5:04 ` Saeed Mahameed [this message]
2022-02-02 5:04 ` [net 15/18] net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic Saeed Mahameed
2022-02-02 5:04 ` [net 16/18] net/mlx5e: Avoid implicit modify hdr for decap drop rule Saeed Mahameed
2022-02-02 5:04 ` [net 17/18] net/mlx5e: Use struct_group() for memcpy() region Saeed Mahameed
2022-02-02 5:04 ` [net 18/18] net/mlx5e: Avoid field-overflowing memcpy() Saeed Mahameed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220202050404.100122-15-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=maord@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=raeds@nvidia.com \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.