From: Leon Romanovsky <leon@kernel.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Leon Romanovsky <leonro@nvidia.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
Eric Dumazet <edumazet@google.com>,
Jianbo Liu <jianbol@nvidia.com>, Mark Bloch <mbloch@nvidia.com>,
netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>,
Saeed Mahameed <saeedm@nvidia.com>,
"David S . Miller" <davem@davemloft.net>,
Simon Horman <simon.horman@corigine.com>
Subject: [PATCH net-next v1 00/13] mlx5 IPsec packet offload support in eswitch mode
Date: Mon, 31 Jul 2023 14:28:11 +0300 [thread overview]
Message-ID: <cover.1690802064.git.leon@kernel.org> (raw)
From: Leon Romanovsky <leonro@nvidia.com>
Changelog:
v1:
* Fixed ipv6 flow steering table destination in IPsec initialization routine.
* Removed Fixes line from "net/mlx5: Compare with..." patch as this fix
is required for this series only.
* Added patch to enforce same order for HW and SW IPsec flows when TC
is involved, which is "host <-> IPsec <-> TC <-> "wire"/switch".
v0: https://lore.kernel.org/all/cover.1689064922.git.leonro@nvidia.com
-------------------------------------------------------------------------
Hi,
This series from Jianbo adds mlx5 IPsec packet offload support in eswitch
offloaded mode.
It works exactly like "regular" IPsec, nothing special, except
now users can switch to switchdev before adding IPsec rules.
devlink dev eswitch set pci/0000:06:00.0 mode switchdev
Same configurations as here:
https://lore.kernel.org/netdev/cover.1670005543.git.leonro@nvidia.com/
Packet offload mode:
ip xfrm state offload packet dev <if-name> dir <in|out>
ip xfrm policy .... offload packet dev <if-name>
Crypto offload mode:
ip xfrm state offload crypto dev <if-name> dir <in|out>
or (backward compatibility)
ip xfrm state offload dev <if-name> dir <in|out>
Thanks
Jianbo Liu (13):
net/mlx5e: Add function to get IPsec offload namespace
net/mlx5e: Change the parameter of IPsec RX skb handle function
net/mlx5e: Prepare IPsec packet offload for switchdev mode
net/mlx5e: Refactor IPsec RX tables creation and destruction
net/mlx5e: Support IPsec packet offload for RX in switchdev mode
net/mlx5e: Handle IPsec offload for RX datapath in switchdev mode
net/mlx5e: Refactor IPsec TX tables creation
net/mlx5e: Support IPsec packet offload for TX in switchdev mode
net/mlx5: Compare with old_dest param to modify rule destination
net/mlx5e: Make IPsec offload work together with eswitch and TC
net/mlx5e: Modify and restore TC rules for IPSec TX rules
net/mlx5e: Add get IPsec offload stats for uplink representor
net/mlx5e: Make TC and IPsec offloads mutually exclusive on a netdev
.../net/ethernet/mellanox/mlx5/core/Makefile | 4 +
.../ethernet/mellanox/mlx5/core/en/rep/tc.c | 17 +-
.../mellanox/mlx5/core/en_accel/ipsec.c | 2 +
.../mellanox/mlx5/core/en_accel/ipsec.h | 65 +-
.../mellanox/mlx5/core/en_accel/ipsec_fs.c | 708 +++++++++++++-----
.../mlx5/core/en_accel/ipsec_offload.c | 5 +-
.../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 25 +-
.../mellanox/mlx5/core/en_accel/ipsec_rxtx.h | 6 +-
.../net/ethernet/mellanox/mlx5/core/en_rep.c | 1 +
.../net/ethernet/mellanox/mlx5/core/en_rx.c | 3 +-
.../net/ethernet/mellanox/mlx5/core/en_tc.c | 47 ++
.../mellanox/mlx5/core/esw/ipsec_fs.c | 325 ++++++++
.../mellanox/mlx5/core/esw/ipsec_fs.h | 67 ++
.../net/ethernet/mellanox/mlx5/core/eswitch.h | 17 +
.../mellanox/mlx5/core/eswitch_offloads.c | 174 ++++-
.../net/ethernet/mellanox/mlx5/core/fs_core.c | 14 +-
include/linux/mlx5/driver.h | 2 +
include/linux/mlx5/eswitch.h | 3 +
include/linux/mlx5/fs.h | 2 +
19 files changed, 1270 insertions(+), 217 deletions(-)
create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c
create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.h
--
2.41.0
next reply other threads:[~2023-07-31 11:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-31 11:28 Leon Romanovsky [this message]
2023-07-31 11:28 ` [PATCH net-next v1 01/13] net/mlx5e: Add function to get IPsec offload namespace Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 02/13] net/mlx5e: Change the parameter of IPsec RX skb handle function Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 03/13] net/mlx5e: Prepare IPsec packet offload for switchdev mode Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 04/13] net/mlx5e: Refactor IPsec RX tables creation and destruction Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 05/13] net/mlx5e: Support IPsec packet offload for RX in switchdev mode Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 06/13] net/mlx5e: Handle IPsec offload for RX datapath " Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 07/13] net/mlx5e: Refactor IPsec TX tables creation Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 08/13] net/mlx5e: Support IPsec packet offload for TX in switchdev mode Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 09/13] net/mlx5: Compare with old_dest param to modify rule destination Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 10/13] net/mlx5e: Make IPsec offload work together with eswitch and TC Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 11/13] net/mlx5e: Modify and restore TC rules for IPSec TX rules Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 12/13] net/mlx5e: Add get IPsec offload stats for uplink representor Leon Romanovsky
2023-07-31 11:28 ` [PATCH net-next v1 13/13] net/mlx5e: Make TC and IPsec offloads mutually exclusive on a netdev Leon Romanovsky
2023-08-03 1:50 ` [PATCH net-next v1 00/13] mlx5 IPsec packet offload support in eswitch mode patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1690802064.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jianbol@nvidia.com \
--cc=kuba@kernel.org \
--cc=leonro@nvidia.com \
--cc=mbloch@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
--cc=simon.horman@corigine.com \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).