From: Tariq Toukan <tariqt@nvidia.com>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>,
"Andrew Lunn" <andrew+netdev@lunn.ch>
Cc: Gal Pressman <gal@nvidia.com>, Mark Bloch <mbloch@nvidia.com>,
"Saeed Mahameed" <saeedm@nvidia.com>,
Leon Romanovsky <leon@kernel.org>,
Tariq Toukan <tariqt@nvidia.com>, <netdev@vger.kernel.org>,
<linux-rdma@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
Jianbo Liu <jianbol@nvidia.com>
Subject: [PATCH net-next 0/8] net/mlx5e: Move IPSec policy check after decryption
Date: Thu, 20 Feb 2025 23:39:50 +0200 [thread overview]
Message-ID: <20250220213959.504304-1-tariqt@nvidia.com> (raw)
Hi,
This series by Jianbo adds IPsec policy check after decryption.
In current mlx5 driver, the policy check is done before decryption for
IPSec crypto and packet offload. This series changes that order to
make it consistent with the processing in kernel xfrm. Besides, RX
state with UPSPEC selector is supported correctly after new steering
table is added after decryption and before the policy check.
Regards,
Tariq
Jianbo Liu (8):
net/mlx5e: Add helper function to update IPSec default destination
net/mlx5e: Change the destination of IPSec RX SA miss rule
net/mlx5e: Add correct match to check IPSec syndromes for switchdev
mode
net/mlx5e: Move IPSec policy check after decryption
net/mlx5e: Skip IPSec RX policy check for crypto offload
net/mlx5e: Add num_reserved_entries param for ipsec_ft_create()
net/mlx5e: Add pass flow group for IPSec RX status table
net/mlx5e: Support RX xfrm state selector's UPSPEC for packet offload
.../net/ethernet/mellanox/mlx5/core/en/fs.h | 4 +-
.../mellanox/mlx5/core/en_accel/ipsec.h | 5 +
.../mellanox/mlx5/core/en_accel/ipsec_fs.c | 620 +++++++++++++++---
.../mellanox/mlx5/core/en_accel/ipsec_stats.c | 1 +
.../mellanox/mlx5/core/esw/ipsec_fs.c | 15 +-
.../mellanox/mlx5/core/esw/ipsec_fs.h | 5 +
include/linux/mlx5/eswitch.h | 2 +
7 files changed, 558 insertions(+), 94 deletions(-)
base-commit: 5d6ba5ab8582aa35c1ee98e47af28e6f6772596c
--
2.45.0
next reply other threads:[~2025-02-20 21:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-20 21:39 Tariq Toukan [this message]
2025-02-20 21:39 ` [PATCH net-next 1/8] net/mlx5e: Add helper function to update IPSec default destination Tariq Toukan
2025-02-20 21:39 ` [PATCH net-next 2/8] net/mlx5e: Change the destination of IPSec RX SA miss rule Tariq Toukan
2025-02-20 21:39 ` [PATCH net-next 3/8] net/mlx5e: Add correct match to check IPSec syndromes for switchdev mode Tariq Toukan
2025-02-20 21:39 ` [PATCH net-next 4/8] net/mlx5e: Move IPSec policy check after decryption Tariq Toukan
2025-02-20 21:39 ` [PATCH net-next 5/8] net/mlx5e: Skip IPSec RX policy check for crypto offload Tariq Toukan
2025-02-20 21:39 ` [PATCH net-next 6/8] net/mlx5e: Add num_reserved_entries param for ipsec_ft_create() Tariq Toukan
2025-02-20 21:39 ` [PATCH net-next 7/8] net/mlx5e: Add pass flow group for IPSec RX status table Tariq Toukan
2025-02-20 21:39 ` [PATCH net-next 8/8] net/mlx5e: Support RX xfrm state selector's UPSPEC for packet offload Tariq Toukan
2025-02-25 2:30 ` [PATCH net-next 0/8] net/mlx5e: Move IPSec policy check after decryption patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250220213959.504304-1-tariqt@nvidia.com \
--to=tariqt@nvidia.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gal@nvidia.com \
--cc=jianbol@nvidia.com \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=mbloch@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox