projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 59592cf)
net/mlx5e: Store replay window in XFRM attributes
authorLeon Romanovsky <leonro@nvidia.com>
Fri, 2 Dec 2022 20:10:25 +0000 (22:10 +0200)
committerSteffen Klassert <steffen.klassert@secunet.com>
Tue, 6 Dec 2022 12:55:59 +0000 (13:55 +0100)
As a preparation for future extension of IPsec hardware object to allow
configuration of packet offload mode, extend the XFRM validator to check
replay window values.

Reviewed-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c patch | blob | history
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h patch | blob | history

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index e641153..734b486 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -166,6 +166,7 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
                attrs->esn = sa_entry->esn_state.esn;
                if (sa_entry->esn_state.overlap)
                        attrs->flags |= MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP;
+               attrs->replay_window = x->replay_esn->replay_window;
        }
 
        /* action */
@@ -257,6 +258,17 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
                netdev_info(netdev, "Unsupported xfrm offload type\n");
                return -EINVAL;
        }
+       if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET) {
+               if (x->replay_esn && x->replay_esn->replay_window != 32 &&
+                   x->replay_esn->replay_window != 64 &&
+                   x->replay_esn->replay_window != 128 &&
+                   x->replay_esn->replay_window != 256) {
+                       netdev_info(netdev,
+                                   "Unsupported replay window size %u\n",
+                                   x->replay_esn->replay_window);
+                       return -EINVAL;
+               }
+       }
        return 0;
 }
 
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
index fa052a8..6fe5567 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
@@ -83,6 +83,7 @@ struct mlx5_accel_esp_xfrm_attrs {
        } daddr;
 
        u8 is_ipv6;
+       u32 replay_window;
 };
 
 enum mlx5_ipsec_cap {
Domain: System / Kernel;