Skip to content

L
linux
Commit c338325f authored by Emeel Hakim's avatar Emeel Hakim Committed by Saeed Mahameed
Browse files
Options

net/mlx5e: Support IPsec upper protocol selector field offload for RX 

Support RX policy/state upper protocol selector field offload,
to enable selecting RX traffic for IPsec operation based on l4
protocol UDP with specific source/destination port.
Signed-off-by: default avatarEmeel Hakim <ehakim@nvidia.com>
Reviewed-by: default avatarRaed Salem <raeds@nvidia.com>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
parent 7d833520
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 6 deletions
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
View file @ c338325f
...@@ -440,9 +440,8 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev, ...@@ -440,9 +440,8 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
return -EINVAL; return -EINVAL;
} }
if (x->sel.proto != IPPROTO_IP && if (x->sel.proto != IPPROTO_IP && x->sel.proto != IPPROTO_UDP) {
(x->sel.proto != IPPROTO_UDP || x->xso.dir != XFRM_DEV_OFFLOAD_OUT)) { NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");
NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");
return -EINVAL; return -EINVAL;
} }
...@@ -983,9 +982,8 @@ static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev, ...@@ -983,9 +982,8 @@ static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev,
return -EINVAL; return -EINVAL;
} }
if (sel->proto != IPPROTO_IP && if (x->selector.proto != IPPROTO_IP && x->selector.proto != IPPROTO_UDP) {
(sel->proto != IPPROTO_UDP || x->xdo.dir != XFRM_DEV_OFFLOAD_OUT)) { NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");
NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");
return -EINVAL; return -EINVAL;
} }
......
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
View file @ c338325f
...@@ -1243,6 +1243,7 @@ static int rx_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry) ...@@ -1243,6 +1243,7 @@ static int rx_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry)
setup_fte_spi(spec, attrs->spi); setup_fte_spi(spec, attrs->spi);
setup_fte_esp(spec); setup_fte_esp(spec);
setup_fte_no_frags(spec); setup_fte_no_frags(spec);
setup_fte_upper_proto_match(spec, &attrs->upspec);
if (rx != ipsec->rx_esw) if (rx != ipsec->rx_esw)
err = setup_modify_header(ipsec, attrs->type, err = setup_modify_header(ipsec, attrs->type,
...@@ -1519,6 +1520,7 @@ static int rx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry) ...@@ -1519,6 +1520,7 @@ static int rx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry)
setup_fte_addr6(spec, attrs->saddr.a6, attrs->daddr.a6); setup_fte_addr6(spec, attrs->saddr.a6, attrs->daddr.a6);
setup_fte_no_frags(spec); setup_fte_no_frags(spec);
setup_fte_upper_proto_match(spec, &attrs->upspec);
switch (attrs->action) { switch (attrs->action) {
case XFRM_POLICY_ALLOW: case XFRM_POLICY_ALLOW:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7