From: Leon Romanovsky <leon@kernel.org>
To: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Leon Romanovsky <leonro@nvidia.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>,
Paul Blakey <paulb@nvidia.com>, Raed Salem <raeds@nvidia.com>,
Saeed Mahameed <saeedm@nvidia.com>
Subject: [PATCH xfrm-next 0/9] Extend packet offload to fully support libreswan
Date: Tue, 14 Mar 2023 10:58:35 +0200 [thread overview]
Message-ID: <cover.1678714336.git.leon@kernel.org> (raw)
From: Leon Romanovsky <leonro@nvidia.com>
Hi Steffen,
The following patches are an outcome of Raed's work to add packet
offload support to libreswan [1].
The series includes:
* Priority support to IPsec policies
* Statistics per-SA (visible through "ip -s xfrm state ..." command)
* Support to IKE policy holes
* Fine tuning to acquire logic.
--------------------------
Future submission roadmap, which can be seen here [2]:
* Support packet offload in IPsec tunnel mode
* Rework lifetime counters support to avoid HW bugs/limitations
* Some general cleanup.
So how do you want me to route the patches, as they have a dependency between them?
xfrm-next/net-next/mlx5-next?
Thanks
[1] https://github.com/libreswan/libreswan/pull/986q
[2] https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git/log/?h=xfrm-next
Paul Blakey (3):
net/mlx5: fs_chains: Refactor to detach chains from tc usage
net/mlx5: fs_core: Allow ignore_flow_level on TX dest
net/mlx5e: Use chains for IPsec policy priority offload
Raed Salem (6):
xfrm: add new device offload acquire flag
xfrm: copy_to_user_state fetch offloaded SA packets/bytes statistics
net/mlx5e: Allow policies with reqid 0, to support IKE policy holes
net/mlx5e: Support IPsec acquire default SA
net/mlx5e: Use one rule to count all IPsec Tx offloaded traffic
net/mlx5e: Update IPsec per SA packets/bytes count
.../mellanox/mlx5/core/en_accel/ipsec.c | 71 ++-
.../mellanox/mlx5/core/en_accel/ipsec.h | 13 +-
.../mellanox/mlx5/core/en_accel/ipsec_fs.c | 528 ++++++++++++++----
.../mlx5/core/en_accel/ipsec_offload.c | 32 +-
.../net/ethernet/mellanox/mlx5/core/en_tc.c | 20 +-
.../mellanox/mlx5/core/eswitch_offloads.c | 6 +-
.../net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +-
.../mellanox/mlx5/core/lib/fs_chains.c | 89 ++-
.../mellanox/mlx5/core/lib/fs_chains.h | 9 +-
include/net/xfrm.h | 5 +
net/xfrm/xfrm_state.c | 1 +
net/xfrm/xfrm_user.c | 2 +
12 files changed, 553 insertions(+), 228 deletions(-)
--
2.39.2
next reply other threads:[~2023-03-14 8:58 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-14 8:58 Leon Romanovsky [this message]
2023-03-14 8:58 ` [PATCH xfrm-next 1/9] net/mlx5: fs_chains: Refactor to detach chains from tc usage Leon Romanovsky
2023-03-14 8:58 ` [PATCH xfrm-next 2/9] net/mlx5: fs_core: Allow ignore_flow_level on TX dest Leon Romanovsky
2023-03-14 8:58 ` [PATCH xfrm-next 3/9] net/mlx5e: Use chains for IPsec policy priority offload Leon Romanovsky
2023-03-14 8:58 ` [PATCH xfrm-next 4/9] xfrm: add new device offload acquire flag Leon Romanovsky
2023-03-20 9:13 ` Steffen Klassert
2023-03-14 8:58 ` [PATCH xfrm-next 5/9] xfrm: copy_to_user_state fetch offloaded SA packets/bytes statistics Leon Romanovsky
2023-03-20 9:13 ` Steffen Klassert
2023-03-14 8:58 ` [PATCH xfrm-next 6/9] net/mlx5e: Allow policies with reqid 0, to support IKE policy holes Leon Romanovsky
2023-03-14 8:58 ` [PATCH xfrm-next 7/9] net/mlx5e: Support IPsec acquire default SA Leon Romanovsky
2023-03-14 8:58 ` [PATCH xfrm-next 8/9] net/mlx5e: Use one rule to count all IPsec Tx offloaded traffic Leon Romanovsky
2023-03-14 8:58 ` [PATCH xfrm-next 9/9] net/mlx5e: Update IPsec per SA packets/bytes count Leon Romanovsky
2023-03-19 7:23 ` [PATCH xfrm-next 0/9] Extend packet offload to fully support libreswan Leon Romanovsky
2023-03-20 8:56 ` Steffen Klassert
2023-03-20 9:09 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1678714336.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=leonro@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=paulb@nvidia.com \
--cc=raeds@nvidia.com \
--cc=saeedm@nvidia.com \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).