1. 11 Jul, 2022 7 commits
    • Ratheesh Kannoth's avatar
      octeontx2-af: devlink configuration support · ef83e186
      Ratheesh Kannoth authored
      CN10KB silicon supports Exact match feature. This feature can be disabled
      through devlink configuration. Devlink command fails if DMAC filter rules
      are already present. Once disabled, legacy RPM based DMAC filters will be
      configured.
      Signed-off-by: default avatarRatheesh Kannoth <rkannoth@marvell.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      ef83e186
    • Ratheesh Kannoth's avatar
      octeontx2-af: Exact match scan from kex profile · 812103ed
      Ratheesh Kannoth authored
      CN10KB silicon supports exact match table. Scanning KEX
      profile should check for exact match feature is enabled
      and then set profile masks properly.
      
      These kex profile masks are required to configure NPC
      MCAM drop rules. If there is a miss in exact match table,
      these drop rules will drop those packets.
      Signed-off-by: default avatarRatheesh Kannoth <rkannoth@marvell.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      812103ed
    • Ratheesh Kannoth's avatar
      octeontx2-af: Exact match support · b747923a
      Ratheesh Kannoth authored
      CN10KB silicon has support for exact match table. This table
      can be used to match maimum 64 bit value of KPU parsed output.
      Hit/non hit in exact match table can be used as a KEX key to
      NPC mcam.
      
      This patch makes use of Exact match table to increase number of
      DMAC filters supported. NPC  mcam is no more need for each of these
      DMAC entries as will be populated in Exact match table.
      
      This patch implements following
      
      1. Initialization of exact match table only for CN10KB.
      2. Add/del/update interface function for exact match table.
      Signed-off-by: default avatarRatheesh Kannoth <rkannoth@marvell.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      b747923a
    • Ratheesh Kannoth's avatar
      octeontx2-af: Use hashed field in MCAM key · 56d9f5fd
      Ratheesh Kannoth authored
      CN10KB variant of CN10K series of silicons supports
      a new feature where in a large protocol field
      (eg 128bit IPv6 DIP) can be condensed into a small
      hashed 32bit data. This saves a lot of space in MCAM key
      and allows user to add more protocol fields into the filter.
      A max of two such protocol data can be hashed.
      This patch adds support for hashing IPv6 SIP and/or DIP.
      Signed-off-by: default avatarSuman Ghosh <sumang@marvell.com>
      Signed-off-by: default avatarRatheesh Kannoth <rkannoth@marvell.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      56d9f5fd
    • Jilin Yuan's avatar
      fddi/skfp: fix repeated words in comments · edb2c347
      Jilin Yuan authored
      Delete the redundant word 'test'.
      Signed-off-by: default avatarJilin Yuan <yuanjilin@cdjrlc.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      edb2c347
    • Jilin Yuan's avatar
      ethernet/via: fix repeated words in comments · 1377a5b2
      Jilin Yuan authored
      Delete the redundant word 'driver'.
      Signed-off-by: default avatarJilin Yuan <yuanjilin@cdjrlc.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1377a5b2
    • sewookseo's avatar
      net: Find dst with sk's xfrm policy not ctl_sk · e22aa148
      sewookseo authored
      If we set XFRM security policy by calling setsockopt with option
      IPV6_XFRM_POLICY, the policy will be stored in 'sock_policy' in 'sock'
      struct. However tcp_v6_send_response doesn't look up dst_entry with the
      actual socket but looks up with tcp control socket. This may cause a
      problem that a RST packet is sent without ESP encryption & peer's TCP
      socket can't receive it.
      This patch will make the function look up dest_entry with actual socket,
      if the socket has XFRM policy(sock_policy), so that the TCP response
      packet via this function can be encrypted, & aligned on the encrypted
      TCP socket.
      
      Tested: We encountered this problem when a TCP socket which is encrypted
      in ESP transport mode encryption, receives challenge ACK at SYN_SENT
      state. After receiving challenge ACK, TCP needs to send RST to
      establish the socket at next SYN try. But the RST was not encrypted &
      peer TCP socket still remains on ESTABLISHED state.
      So we verified this with test step as below.
      [Test step]
      1. Making a TCP state mismatch between client(IDLE) & server(ESTABLISHED).
      2. Client tries a new connection on the same TCP ports(src & dst).
      3. Server will return challenge ACK instead of SYN,ACK.
      4. Client will send RST to server to clear the SOCKET.
      5. Client will retransmit SYN to server on the same TCP ports.
      [Expected result]
      The TCP connection should be established.
      
      Cc: Maciej Żenczykowski <maze@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Cc: Sehee Lee <seheele@google.com>
      Signed-off-by: default avatarSewook Seo <sewookseo@google.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e22aa148
  2. 09 Jul, 2022 22 commits
  3. 08 Jul, 2022 11 commits