[net-next 14/15] net/mlx5e: Support IPsec upper protocol selector field offload for RX

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
	netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
	Emeel Hakim <ehakim@nvidia.com>, Raed Salem <raeds@nvidia.com>,
	Simon Horman <horms@kernel.org>,
	Leon Romanovsky <leonro@nvidia.com>
Subject: [net-next 14/15] net/mlx5e: Support IPsec upper protocol selector field offload for RX
Date: Tue, 22 Aug 2023 22:10:11 -0700	[thread overview]
Message-ID: <20230823051012.162483-15-saeed@kernel.org> (raw)
In-Reply-To: <20230823051012.162483-1-saeed@kernel.org>

From: Emeel Hakim <ehakim@nvidia.com>

Support RX policy/state upper protocol selector field offload,
to enable selecting RX traffic for IPsec operation based on l4
protocol UDP with specific source/destination port.

Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Reviewed-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
 .../net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c   | 10 ++++------
 .../ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c    |  2 ++
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index a577f0edabe8..2bbe232c2ffa 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -440,9 +440,8 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
 		return -EINVAL;
 	}
 
-	if (x->sel.proto != IPPROTO_IP &&
-	    (x->sel.proto != IPPROTO_UDP || x->xso.dir != XFRM_DEV_OFFLOAD_OUT)) {
-		NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");
+	if (x->sel.proto != IPPROTO_IP && x->sel.proto != IPPROTO_UDP) {
+		NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");
 		return -EINVAL;
 	}
 
@@ -983,9 +982,8 @@ static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev,
 		return -EINVAL;
 	}
 
-	if (sel->proto != IPPROTO_IP &&
-	    (sel->proto != IPPROTO_UDP || x->xdo.dir != XFRM_DEV_OFFLOAD_OUT)) {
-		NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");
+	if (x->selector.proto != IPPROTO_IP && x->selector.proto != IPPROTO_UDP) {
+		NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");
 		return -EINVAL;
 	}
 
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
index 3781c72d97f1..f5e29b7f5ba0 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
@@ -1243,6 +1243,7 @@ static int rx_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry)
 	setup_fte_spi(spec, attrs->spi);
 	setup_fte_esp(spec);
 	setup_fte_no_frags(spec);
+	setup_fte_upper_proto_match(spec, &attrs->upspec);
 
 	if (rx != ipsec->rx_esw)
 		err = setup_modify_header(ipsec, attrs->type,
@@ -1519,6 +1520,7 @@ static int rx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry)
 		setup_fte_addr6(spec, attrs->saddr.a6, attrs->daddr.a6);
 
 	setup_fte_no_frags(spec);
+	setup_fte_upper_proto_match(spec, &attrs->upspec);
 
 	switch (attrs->action) {
 	case XFRM_POLICY_ALLOW:
-- 
2.41.0

next prev parent reply	other threads:[~2023-08-23  5:10 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-23  5:09 [pull request][net-next 00/15] mlx5 updates 2023-08-22 Saeed Mahameed
2023-08-23  5:09 ` [net-next 01/15] net/mlx5: Rework devlink port alloc/free into init/cleanup Saeed Mahameed
2023-08-24 13:40   ` patchwork-bot+netdevbpf
2023-08-23  5:09 ` [net-next 02/15] net/mlx5: Push out SF devlink port init and cleanup code to separate helpers Saeed Mahameed
2023-08-23  5:10 ` [net-next 03/15] net/mlx5: Push devlink port PF/VF init/cleanup calls out of devlink_port_register/unregister() Saeed Mahameed
2023-08-23  5:10 ` [net-next 04/15] net/mlx5: Allow mlx5_esw_offloads_devlink_port_register() to register SFs Saeed Mahameed
2023-08-23  5:10 ` [net-next 05/15] net/mlx5: Introduce mlx5_eswitch_load/unload_sf_vport() and use it from SF code Saeed Mahameed
2023-08-23  5:10 ` [net-next 06/15] net/mlx5: Remove no longer used mlx5_esw_offloads_sf_vport_enable/disable() Saeed Mahameed
2023-08-23  5:10 ` [net-next 07/15] net/mlx5: Don't register ops for non-PF/VF/SF port and avoid checks in ops Saeed Mahameed
2023-08-23  5:10 ` [net-next 08/15] net/mlx5: Embed struct devlink_port into driver structure Saeed Mahameed
2023-08-23  5:10 ` [net-next 09/15] net/mlx5: Reduce number of vport lookups passing vport pointer instead of index Saeed Mahameed
2023-08-23  5:10 ` [net-next 10/15] net/mlx5: Return -EOPNOTSUPP in mlx5_devlink_port_fn_migratable_set() directly Saeed Mahameed
2023-08-23  5:10 ` [net-next 11/15] net/mlx5: Relax mlx5_devlink_eswitch_get() return value checking Saeed Mahameed
2023-08-23  5:10 ` [net-next 12/15] net/mlx5: Check vhca_resource_manager capability in each op and add extack msg Saeed Mahameed
2023-08-23  5:10 ` [net-next 13/15] net/mlx5: Store vport in struct mlx5_devlink_port and use it in port ops Saeed Mahameed
2023-08-23  5:10 ` Saeed Mahameed [this message]
2023-08-23  5:10 ` [net-next 15/15] net/mlx5e: Support IPsec upper TCP protocol selector Saeed Mahameed
2023-08-24  2:09 ` [pull request][net-next 00/15] mlx5 updates 2023-08-22 Jakub Kicinski

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a577f0edabe dfblob:2bbe232c2ff dfblob:3781c72d97f
dfblob:f5e29b7f5ba )
 OR (
bs:"[net-next 14/15] net/mlx5e: Support IPsec upper protocol selector field offload for RX" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230823051012.162483-15-saeed@kernel.org \
    --to=saeed@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=ehakim@nvidia.com \
    --cc=horms@kernel.org \
    --cc=kuba@kernel.org \
    --cc=leonro@nvidia.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=raeds@nvidia.com \
    --cc=saeedm@nvidia.com \
    --cc=tariqt@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.