* [GIT PULL] Extend packet offload to fully support libreswan
@ 2023-03-20 9:47 Leon Romanovsky
2023-03-21 7:18 ` Leon Romanovsky
2023-03-23 5:10 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 5+ messages in thread
From: Leon Romanovsky @ 2023-03-20 9:47 UTC (permalink / raw)
To: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni
Cc: Steffen Klassert, Paul Blakey, Herbert Xu, netdev, Saeed Mahameed,
Raed Salem
The following patches are an outcome of Raed's work to add packet
offload support to libreswan [1].
The series includes:
* Priority support to IPsec policies
* Statistics per-SA (visible through "ip -s xfrm state ..." command)
* Support to IKE policy holes
* Fine tuning to acquire logic.
Thanks
[1] https://github.com/libreswan/libreswan/pull/986
Link: https://lore.kernel.org/all/cover.1678714336.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
----------------------------------------------------------------
The following changes since commit eeac8ede17557680855031c6f305ece2378af326:
Linux 6.3-rc2 (2023-03-12 16:36:44 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/ tags/ipsec-libreswan-mlx5
for you to fetch changes up to 5a6cddb89b51d99a7702e63829644a5860dd9c41:
net/mlx5e: Update IPsec per SA packets/bytes count (2023-03-20 11:29:52 +0200)
----------------------------------------------------------------
Paul Blakey (3):
net/mlx5: fs_chains: Refactor to detach chains from tc usage
net/mlx5: fs_core: Allow ignore_flow_level on TX dest
net/mlx5e: Use chains for IPsec policy priority offload
Raed Salem (6):
xfrm: add new device offload acquire flag
xfrm: copy_to_user_state fetch offloaded SA packets/bytes statistics
net/mlx5e: Allow policies with reqid 0, to support IKE policy holes
net/mlx5e: Support IPsec acquire default SA
net/mlx5e: Use one rule to count all IPsec Tx offloaded traffic
net/mlx5e: Update IPsec per SA packets/bytes count
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 71 ++++--
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 13 +-
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 528 +++++++++++++++++++++++++++++++++++----------
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c | 32 ++-
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 20 +-
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 6 +-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +-
drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c | 89 ++++----
drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.h | 9 +-
include/net/xfrm.h | 5 +
net/xfrm/xfrm_state.c | 1 +
net/xfrm/xfrm_user.c | 2 +
12 files changed, 553 insertions(+), 228 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [GIT PULL] Extend packet offload to fully support libreswan
2023-03-20 9:47 [GIT PULL] Extend packet offload to fully support libreswan Leon Romanovsky
@ 2023-03-21 7:18 ` Leon Romanovsky
2023-03-21 19:37 ` Jakub Kicinski
2023-03-23 5:10 ` patchwork-bot+netdevbpf
1 sibling, 1 reply; 5+ messages in thread
From: Leon Romanovsky @ 2023-03-21 7:18 UTC (permalink / raw)
To: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni
Cc: Steffen Klassert, Paul Blakey, Herbert Xu, netdev, Saeed Mahameed,
Raed Salem
On Mon, Mar 20, 2023 at 11:47:22AM +0200, Leon Romanovsky wrote:
> The following patches are an outcome of Raed's work to add packet
> offload support to libreswan [1].
>
> The series includes:
> * Priority support to IPsec policies
> * Statistics per-SA (visible through "ip -s xfrm state ..." command)
> * Support to IKE policy holes
> * Fine tuning to acquire logic.
>
> Thanks
>
> [1] https://github.com/libreswan/libreswan/pull/986
> Link: https://lore.kernel.org/all/cover.1678714336.git.leon@kernel.org
> Signed-off-by: Leon Romanovsky <leon@kernel.org>
>
> ----------------------------------------------------------------
>
> The following changes since commit eeac8ede17557680855031c6f305ece2378af326:
>
> Linux 6.3-rc2 (2023-03-12 16:36:44 -0700)
>
> are available in the Git repository at:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/ tags/ipsec-libreswan-mlx5
>
> for you to fetch changes up to 5a6cddb89b51d99a7702e63829644a5860dd9c41:
>
> net/mlx5e: Update IPsec per SA packets/bytes count (2023-03-20 11:29:52 +0200)
>
> ----------------------------------------------------------------
> Paul Blakey (3):
> net/mlx5: fs_chains: Refactor to detach chains from tc usage
> net/mlx5: fs_core: Allow ignore_flow_level on TX dest
> net/mlx5e: Use chains for IPsec policy priority offload
>
> Raed Salem (6):
> xfrm: add new device offload acquire flag
> xfrm: copy_to_user_state fetch offloaded SA packets/bytes statistics
> net/mlx5e: Allow policies with reqid 0, to support IKE policy holes
> net/mlx5e: Support IPsec acquire default SA
> net/mlx5e: Use one rule to count all IPsec Tx offloaded traffic
> net/mlx5e: Update IPsec per SA packets/bytes count
>
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 71 ++++--
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 13 +-
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 528 +++++++++++++++++++++++++++++++++++----------
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_offload.c | 32 ++-
> drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 20 +-
> drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 6 +-
> drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +-
> drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c | 89 ++++----
> drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.h | 9 +-
> include/net/xfrm.h | 5 +
> net/xfrm/xfrm_state.c | 1 +
> net/xfrm/xfrm_user.c | 2 +
> 12 files changed, 553 insertions(+), 228 deletions(-)
Hi,
I see that this PR is marked as "Needs ACK" in patchworks:
https://patchwork.kernel.org/project/netdevbpf/patch/20230320094722.1009304-1-leon@kernel.org/
Steffen already acked on XFRM patches:
https://lore.kernel.org/netdev/ZBgjsw8exj1c46lW@gauss3.secunet.de/
https://lore.kernel.org/netdev/ZBgj07C1o39NFJW5@gauss3.secunet.de/
https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/commit/?h=ipsec-libreswan-mlx5&id=c9fa320b00cff04980b8514d497068e59a8ee131
https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/commit/?h=ipsec-libreswan-mlx5&id=e0aeb9b90acf6ee7c2d11141522ffbb5481734d3
and mlx5 ipsec is my responsibility.
So who should extra ack on this series?
Thanks
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [GIT PULL] Extend packet offload to fully support libreswan
2023-03-21 7:18 ` Leon Romanovsky
@ 2023-03-21 19:37 ` Jakub Kicinski
2023-03-22 5:58 ` Leon Romanovsky
0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2023-03-21 19:37 UTC (permalink / raw)
To: Leon Romanovsky
Cc: David S. Miller, Eric Dumazet, Paolo Abeni, Steffen Klassert,
Paul Blakey, Herbert Xu, netdev, Saeed Mahameed, Raed Salem
On Tue, 21 Mar 2023 09:18:30 +0200 Leon Romanovsky wrote:
> So who should extra ack on this series?
Me or I, hard to tell because of the missing verb.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [GIT PULL] Extend packet offload to fully support libreswan
2023-03-21 19:37 ` Jakub Kicinski
@ 2023-03-22 5:58 ` Leon Romanovsky
0 siblings, 0 replies; 5+ messages in thread
From: Leon Romanovsky @ 2023-03-22 5:58 UTC (permalink / raw)
To: Jakub Kicinski
Cc: David S. Miller, Eric Dumazet, Paolo Abeni, Steffen Klassert,
Paul Blakey, Herbert Xu, netdev, Saeed Mahameed, Raed Salem
On Tue, Mar 21, 2023 at 12:37:15PM -0700, Jakub Kicinski wrote:
> On Tue, 21 Mar 2023 09:18:30 +0200 Leon Romanovsky wrote:
> > So who should extra ack on this series?
>
> Me or I, hard to tell because of the missing verb.
I was under impression that "ack" can be used as verb in mailing list
dialect of English language.
Thanks
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [GIT PULL] Extend packet offload to fully support libreswan
2023-03-20 9:47 [GIT PULL] Extend packet offload to fully support libreswan Leon Romanovsky
2023-03-21 7:18 ` Leon Romanovsky
@ 2023-03-23 5:10 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-03-23 5:10 UTC (permalink / raw)
To: Leon Romanovsky
Cc: davem, edumazet, kuba, pabeni, steffen.klassert, paulb, herbert,
netdev, saeedm, raeds
Hello:
This pull request was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Mon, 20 Mar 2023 11:47:22 +0200 you wrote:
> The following patches are an outcome of Raed's work to add packet
> offload support to libreswan [1].
>
> The series includes:
> * Priority support to IPsec policies
> * Statistics per-SA (visible through "ip -s xfrm state ..." command)
> * Support to IKE policy holes
> * Fine tuning to acquire logic.
>
> [...]
Here is the summary with links:
- [GIT,PULL] Extend packet offload to fully support libreswan
https://git.kernel.org/netdev/net-next/c/e4d264e87aa2
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-03-23 5:10 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-20 9:47 [GIT PULL] Extend packet offload to fully support libreswan Leon Romanovsky
2023-03-21 7:18 ` Leon Romanovsky
2023-03-21 19:37 ` Jakub Kicinski
2023-03-22 5:58 ` Leon Romanovsky
2023-03-23 5:10 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).