Skip to content

Commit

Permalink
net/mlx5e: Open mlx5 driver to accept IPsec packet offload
Browse files Browse the repository at this point in the history 
Enable configuration of IPsec packet offload through XFRM state add
interface together with moving specific to IPsec packet mode limitations
to specific switch-case section.

Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
  • Loading branch information
Leon Romanovsky authored and Steffen Klassert committed Dec 8, 2022
1 parent cee137a commit 37d244a
Showing 1 changed file with 31 additions and 10 deletions.
41 changes: 31 additions & 10 deletions drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,11 +191,6 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
netdev_info(netdev, "Only IPv4/6 xfrm states may be offloaded\n");
return -EINVAL;
}
if (x->props.mode != XFRM_MODE_TRANSPORT &&
x->props.mode != XFRM_MODE_TUNNEL) {
dev_info(&netdev->dev, "Only transport and tunnel xfrm states may be offloaded\n");
return -EINVAL;
}
if (x->id.proto != IPPROTO_ESP) {
netdev_info(netdev, "Only ESP xfrm state may be offloaded\n");
return -EINVAL;
Expand Down Expand Up @@ -229,11 +224,32 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
netdev_info(netdev, "Cannot offload xfrm states with geniv other than seqiv\n");
return -EINVAL;
}
if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
netdev_info(netdev, "Unsupported xfrm offload type\n");
return -EINVAL;
}
if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET) {
switch (x->xso.type) {
case XFRM_DEV_OFFLOAD_CRYPTO:
if (!(mlx5_ipsec_device_caps(priv->mdev) &
MLX5_IPSEC_CAP_CRYPTO)) {
netdev_info(netdev, "Crypto offload is not supported\n");
return -EINVAL;
}

if (x->props.mode != XFRM_MODE_TRANSPORT &&
x->props.mode != XFRM_MODE_TUNNEL) {
netdev_info(netdev, "Only transport and tunnel xfrm states may be offloaded\n");
return -EINVAL;
}
break;
case XFRM_DEV_OFFLOAD_PACKET:
if (!(mlx5_ipsec_device_caps(priv->mdev) &
MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {
netdev_info(netdev, "Packet offload is not supported\n");
return -EINVAL;
}

if (x->props.mode != XFRM_MODE_TRANSPORT) {
netdev_info(netdev, "Only transport xfrm states may be offloaded in packet mode\n");
return -EINVAL;
}

if (x->replay_esn && x->replay_esn->replay_window != 32 &&
x->replay_esn->replay_window != 64 &&
x->replay_esn->replay_window != 128 &&
Expand Down Expand Up @@ -263,6 +279,11 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
"Hard packet limit must be greater than soft one\n");
return -EINVAL;
}
break;
default:
netdev_info(netdev, "Unsupported xfrm offload type %d\n",
x->xso.type);
return -EINVAL;
}
return 0;
}
Expand Down

0 comments on commit 37d244a

Please sign in to comment.