Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/851124/?format=api
{ "id": 851124, "url": "http://patchwork.ozlabs.org/api/patches/851124/?format=api", "web_url": "http://patchwork.ozlabs.org/project/intel-wired-lan/patch/1513728002-7643-8-git-send-email-shannon.nelson@oracle.com/", "project": { "id": 46, "url": "http://patchwork.ozlabs.org/api/projects/46/?format=api", "name": "Intel Wired Ethernet development", "link_name": "intel-wired-lan", "list_id": "intel-wired-lan.osuosl.org", "list_email": "intel-wired-lan@osuosl.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1513728002-7643-8-git-send-email-shannon.nelson@oracle.com>", "list_archive_url": null, "date": "2017-12-19T23:59:59", "name": "[v3,next-queue,07/10] ixgbe: process the Rx ipsec offload", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "785c4972b2a7b936f63aa0e4a01041c7bfd53053", "submitter": { "id": 70766, "url": "http://patchwork.ozlabs.org/api/people/70766/?format=api", "name": "Shannon Nelson", "email": "shannon.nelson@oracle.com" }, "delegate": { "id": 68, "url": "http://patchwork.ozlabs.org/api/users/68/?format=api", "username": "jtkirshe", "first_name": "Jeff", "last_name": "Kirsher", "email": "jeffrey.t.kirsher@intel.com" }, "mbox": "http://patchwork.ozlabs.org/project/intel-wired-lan/patch/1513728002-7643-8-git-send-email-shannon.nelson@oracle.com/mbox/", "series": [ { "id": 19548, "url": "http://patchwork.ozlabs.org/api/series/19548/?format=api", "web_url": "http://patchwork.ozlabs.org/project/intel-wired-lan/list/?series=19548", "date": "2017-12-19T23:59:56", "name": "ixgbe: Add ipsec offload", "version": 3, "mbox": "http://patchwork.ozlabs.org/series/19548/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/851124/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/851124/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<intel-wired-lan-bounces@osuosl.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "intel-wired-lan@lists.osuosl.org" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "intel-wired-lan@lists.osuosl.org" ], "Authentication-Results": [ "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=osuosl.org\n\t(client-ip=140.211.166.137; helo=fraxinus.osuosl.org;\n\tenvelope-from=intel-wired-lan-bounces@osuosl.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=oracle.com header.i=@oracle.com\n\theader.b=\"TpAc5CG/\"; dkim-atps=neutral" ], "Received": [ "from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3z1ZfM3MpFz9sBW\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 20 Dec 2017 11:00:27 +1100 (AEDT)", "from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 08C2187D4C;\n\tWed, 20 Dec 2017 00:00:26 +0000 (UTC)", "from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id MyOuQCO42taN; Wed, 20 Dec 2017 00:00:24 +0000 (UTC)", "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id C8AAE879F4;\n\tWed, 20 Dec 2017 00:00:24 +0000 (UTC)", "from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 6BC251CEF84\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tWed, 20 Dec 2017 00:00:22 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 67F6288BD9\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tWed, 20 Dec 2017 00:00:22 +0000 (UTC)", "from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id LOaR8Vi5KmKo for <intel-wired-lan@lists.osuosl.org>;\n\tWed, 20 Dec 2017 00:00:21 +0000 (UTC)", "from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id C5DAD8893F\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tWed, 20 Dec 2017 00:00:21 +0000 (UTC)", "from pps.filterd (aserp2120.oracle.com [127.0.0.1])\n\tby aserp2120.oracle.com (8.16.0.21/8.16.0.21) with SMTP id\n\tvBJNpxEp015884; Wed, 20 Dec 2017 00:00:17 GMT", "from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])\n\tby aserp2120.oracle.com with ESMTP id 2eycsu0acy-1\n\t(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256\n\tverify=OK); Wed, 20 Dec 2017 00:00:17 +0000", "from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])\n\tby aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id vBK00GMX031890\n\t(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256\n\tverify=FAIL); Wed, 20 Dec 2017 00:00:16 GMT", "from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24])\n\tby userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id\n\tvBK00FHD006694; Wed, 20 Dec 2017 00:00:15 GMT", "from slnelson-mint18.us.oracle.com (/10.159.142.109)\n\tby default (Oracle Beehive Gateway v4.0)\n\twith ESMTP ; Tue, 19 Dec 2017 16:00:15 -0800" ], "X-Virus-Scanned": [ "amavisd-new at osuosl.org", "amavisd-new at osuosl.org" ], "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;\n\th=from : to : cc :\n\tsubject : date : message-id : in-reply-to : references;\n\ts=corp-2017-10-26; \n\tbh=HtiLFl6NTVqJ4jYZ3qXDkyYVj60bOfQzhaty45QiERU=;\n\tb=TpAc5CG/QluBFZozDq3xdmE69mkUOzEATzIwnNs0yh47sKmgweluroEJn2ROn4mIuv/1\n\tPlsL4yw6/o9MmWyCqwpvf5NGh4i6M7Nr3DrlBVG/51Cu9Y29p1kXWD+fXkMVqyhhK3Ii\n\teGFFmN2DGs6idw1tApqbTCdyfZXUO4juJiRqwHKe60kWE8F83SN21KBCiZfKZzduNlki\n\tZtDYnposbKRVAKQQsNIATMf0mXSUHjH7HVMD8ISzxQ5+Wn8C9fjAQY93Hz0JMe2c0Ith\n\t6es7RcvVXf8RTkqA3gM3dZHKHwIiP2Gkpye+SimId9cpSDQAmyF5tdJWmEbkHg+X/bQe\n\tzA== ", "From": "Shannon Nelson <shannon.nelson@oracle.com>", "To": "intel-wired-lan@lists.osuosl.org, jeffrey.t.kirsher@intel.com", "Date": "Tue, 19 Dec 2017 15:59:59 -0800", "Message-Id": "<1513728002-7643-8-git-send-email-shannon.nelson@oracle.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1513728002-7643-1-git-send-email-shannon.nelson@oracle.com>", "References": "<1513728002-7643-1-git-send-email-shannon.nelson@oracle.com>", "X-Proofpoint-Virus-Version": "vendor=nai engine=5900 definitions=8750\n\tsignatures=668650", "X-Proofpoint-Spam-Details": "rule=notspam policy=default score=0 suspectscore=0\n\tmalwarescore=0\n\tphishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999\n\tadultscore=0 classifier=spam adjust=0 reason=mlx scancount=1\n\tengine=8.0.1-1711220000 definitions=main-1712190335", "Subject": "[Intel-wired-lan] [PATCH v3 next-queue 07/10] ixgbe: process the Rx\n\tipsec offload", "X-BeenThere": "intel-wired-lan@osuosl.org", "X-Mailman-Version": "2.1.24", "Precedence": "list", "List-Id": "Intel Wired Ethernet Linux Kernel Driver Development\n\t<intel-wired-lan.osuosl.org>", "List-Unsubscribe": "<https://lists.osuosl.org/mailman/options/intel-wired-lan>, \n\t<mailto:intel-wired-lan-request@osuosl.org?subject=unsubscribe>", "List-Archive": "<http://lists.osuosl.org/pipermail/intel-wired-lan/>", "List-Post": "<mailto:intel-wired-lan@osuosl.org>", "List-Help": "<mailto:intel-wired-lan-request@osuosl.org?subject=help>", "List-Subscribe": "<https://lists.osuosl.org/mailman/listinfo/intel-wired-lan>, \n\t<mailto:intel-wired-lan-request@osuosl.org?subject=subscribe>", "Cc": "steffen.klassert@secunet.com, sowmini.varadhan@oracle.com,\n\tnetdev@vger.kernel.org", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "intel-wired-lan-bounces@osuosl.org", "Sender": "\"Intel-wired-lan\" <intel-wired-lan-bounces@osuosl.org>" }, "content": "If the chip sees and decrypts an ipsec offload, set up the skb\nsp pointer with the ralated SA info. Since the chip is rude\nenough to keep to itself the table index it used for the\ndecryption, we have to do our own table lookup, using the\nhash for speed.\n\nSigned-off-by: Shannon Nelson <shannon.nelson@oracle.com>\n---\n drivers/net/ethernet/intel/ixgbe/ixgbe.h | 6 ++\n drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 89 ++++++++++++++++++++++++++\n drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +\n 3 files changed, 98 insertions(+)", "diff": "diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h b/drivers/net/ethernet/intel/ixgbe/ixgbe.h\nindex af690c2..a094b23 100644\n--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h\n+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h\n@@ -1011,9 +1011,15 @@ s32 ixgbe_negotiate_fc(struct ixgbe_hw *hw, u32 adv_reg, u32 lp_reg,\n void ixgbe_init_ipsec_offload(struct ixgbe_adapter *adapter);\n void ixgbe_stop_ipsec_offload(struct ixgbe_adapter *adapter);\n void ixgbe_ipsec_restore(struct ixgbe_adapter *adapter);\n+void ixgbe_ipsec_rx(struct ixgbe_ring *rx_ring,\n+\t\t union ixgbe_adv_rx_desc *rx_desc,\n+\t\t struct sk_buff *skb);\n #else\n static inline void ixgbe_init_ipsec_offload(struct ixgbe_adapter *adapter) { };\n static inline void ixgbe_stop_ipsec_offload(struct ixgbe_adapter *adapter) { };\n static inline void ixgbe_ipsec_restore(struct ixgbe_adapter *adapter) { };\n+static inline void ixgbe_ipsec_rx(struct ixgbe_ring *rx_ring,\n+\t\t\t\t union ixgbe_adv_rx_desc *rx_desc,\n+\t\t\t\t struct sk_buff *skb) { };\n #endif /* CONFIG_XFRM_OFFLOAD */\n #endif /* _IXGBE_H_ */\ndiff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c\nindex 9cf120d..a9b8f5c 100644\n--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c\n+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c\n@@ -374,6 +374,35 @@ static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable)\n }\n \n /**\n+ * ixgbe_ipsec_find_rx_state - find the state that matches\n+ * @ipsec: pointer to ipsec struct\n+ * @daddr: inbound address to match\n+ * @proto: protocol to match\n+ * @spi: SPI to match\n+ *\n+ * Returns a pointer to the matching SA state information\n+ **/\n+static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec,\n+\t\t\t\t\t\t __be32 daddr, u8 proto,\n+\t\t\t\t\t\t __be32 spi)\n+{\n+\tstruct rx_sa *rsa;\n+\tstruct xfrm_state *ret = NULL;\n+\n+\trcu_read_lock();\n+\thash_for_each_possible_rcu(ipsec->rx_sa_list, rsa, hlist, spi)\n+\t\tif (spi == rsa->xs->id.spi &&\n+\t\t daddr == rsa->xs->id.daddr.a4 &&\n+\t\t proto == rsa->xs->id.proto) {\n+\t\t\tret = rsa->xs;\n+\t\t\txfrm_state_hold(ret);\n+\t\t\tbreak;\n+\t\t}\n+\trcu_read_unlock();\n+\treturn ret;\n+}\n+\n+/**\n * ixgbe_ipsec_parse_proto_keys - find the key and salt based on the protocol\n * @xs: pointer to xfrm_state struct\n * @mykey: pointer to key array to populate\n@@ -672,6 +701,66 @@ static const struct xfrmdev_ops ixgbe_xfrmdev_ops = {\n };\n \n /**\n+ * ixgbe_ipsec_rx - decode ipsec bits from Rx descriptor\n+ * @rx_ring: receiving ring\n+ * @rx_desc: receive data descriptor\n+ * @skb: current data packet\n+ *\n+ * Determine if there was an ipsec encapsulation noticed, and if so set up\n+ * the resulting status for later in the receive stack.\n+ **/\n+void ixgbe_ipsec_rx(struct ixgbe_ring *rx_ring,\n+\t\t union ixgbe_adv_rx_desc *rx_desc,\n+\t\t struct sk_buff *skb)\n+{\n+\tstruct ixgbe_adapter *adapter = netdev_priv(rx_ring->netdev);\n+\tu16 pkt_info = le16_to_cpu(rx_desc->wb.lower.lo_dword.hs_rss.pkt_info);\n+\tu16 ipsec_pkt_types = IXGBE_RXDADV_PKTTYPE_IPSEC_AH |\n+\t\t\t\tIXGBE_RXDADV_PKTTYPE_IPSEC_ESP;\n+\tstruct ixgbe_ipsec *ipsec = adapter->ipsec;\n+\tstruct xfrm_offload *xo = NULL;\n+\tstruct xfrm_state *xs = NULL;\n+\tstruct iphdr *iph;\n+\tu8 *c_hdr;\n+\t__be32 spi;\n+\tu8 proto;\n+\n+\t/* we can assume no vlan header in the way, b/c the\n+\t * hw won't recognize the IPsec packet and anyway the\n+\t * currently vlan device doesn't support xfrm offload.\n+\t */\n+\t/* TODO: not supporting IPv6 yet */\n+\tiph = (struct iphdr *)(skb->data + ETH_HLEN);\n+\tc_hdr = (u8 *)iph + iph->ihl * 4;\n+\tswitch (pkt_info & ipsec_pkt_types) {\n+\tcase IXGBE_RXDADV_PKTTYPE_IPSEC_AH:\n+\t\tspi = ((struct ip_auth_hdr *)c_hdr)->spi;\n+\t\tproto = IPPROTO_AH;\n+\t\tbreak;\n+\tcase IXGBE_RXDADV_PKTTYPE_IPSEC_ESP:\n+\t\tspi = ((struct ip_esp_hdr *)c_hdr)->spi;\n+\t\tproto = IPPROTO_ESP;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn;\n+\t}\n+\n+\txs = ixgbe_ipsec_find_rx_state(ipsec, iph->daddr, proto, spi);\n+\tif (unlikely(!xs))\n+\t\treturn;\n+\n+\tskb->sp = secpath_dup(skb->sp);\n+\tif (unlikely(!skb->sp))\n+\t\treturn;\n+\n+\tskb->sp->xvec[skb->sp->len++] = xs;\n+\tskb->sp->olen++;\n+\txo = xfrm_offload(skb);\n+\txo->flags = CRYPTO_DONE;\n+\txo->status = CRYPTO_SUCCESS;\n+}\n+\n+/**\n * ixgbe_init_ipsec_offload - initialize security registers for IPSec operation\n * @adapter: board private structure\n **/\ndiff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c\nindex 04e8b26..0ee1e5e 100644\n--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c\n+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c\n@@ -1755,6 +1755,9 @@ static void ixgbe_process_skb_fields(struct ixgbe_ring *rx_ring,\n \n \tskb_record_rx_queue(skb, rx_ring->queue_index);\n \n+\tif (ixgbe_test_staterr(rx_desc, IXGBE_RXDADV_STAT_SECP))\n+\t\tixgbe_ipsec_rx(rx_ring, rx_desc, skb);\n+\n \tskb->protocol = eth_type_trans(skb, dev);\n }\n \n", "prefixes": [ "v3", "next-queue", "07/10" ] }