| Message ID | 1644541056-5861-1-git-send-email-bodong@nvidia.com |
|---|---|
| Headers | show |
| Series | Add inner ipproto and fix in sec_path | expand |
Acked-by: Tim Gardner <tim.gardner@canonical.com> Patch 2 has been merged upstream. On 2/10/22 5:57 PM, Bodong Wang wrote: > The inner_ipproto saves the inner IP protocol of the plain > text packet. This allows vendor's IPsec feature making offload > decision at skb's features_check and configuring hardware at > ndo_start_xmit. > > For example, ConnectX6-DX IPsec device needs the plaintext's > IP protocol to support partial checksum offload on > VXLAN/GENEVE packet over IPsec transport mode tunnel. > > As this data unrelated to the specific driver (the inner ip protocol of the > plain text) then it makes sense to provide it in the xfrm stack layer to > avoid code duplication in various drivers and do it on the fly in the xfrm > layer instead of reparse the packet at the driver layer. This is handled by > patch 1. > > However, patch 1 did not handle the case where IPsec is used in tunnel mode. > Patch 2 fixed the bug. > > V0->V1: > Fix cherry-pick commit SHA for both patches > > Huy Nguyen (1): > net/xfrm: Add inner_ipproto into sec_path > > Raed Salem (1): > net/xfrm: IPsec tunnel mode fix inner_ipproto setting in sec_path > > include/net/xfrm.h | 1 + > net/xfrm/xfrm_output.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++- > 2 files changed, 61 insertions(+), 1 deletion(-) >
Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com> Thanks, - Luke On Thu, Feb 10, 2022 at 4:58 PM Bodong Wang <bodong@nvidia.com> wrote: > The inner_ipproto saves the inner IP protocol of the plain > text packet. This allows vendor's IPsec feature making offload > decision at skb's features_check and configuring hardware at > ndo_start_xmit. > > For example, ConnectX6-DX IPsec device needs the plaintext's > IP protocol to support partial checksum offload on > VXLAN/GENEVE packet over IPsec transport mode tunnel. > > As this data unrelated to the specific driver (the inner ip protocol of the > plain text) then it makes sense to provide it in the xfrm stack layer to > avoid code duplication in various drivers and do it on the fly in the xfrm > layer instead of reparse the packet at the driver layer. This is handled by > patch 1. > > However, patch 1 did not handle the case where IPsec is used in tunnel > mode. > Patch 2 fixed the bug. > > V0->V1: > Fix cherry-pick commit SHA for both patches > > Huy Nguyen (1): > net/xfrm: Add inner_ipproto into sec_path > > Raed Salem (1): > net/xfrm: IPsec tunnel mode fix inner_ipproto setting in sec_path > > include/net/xfrm.h | 1 + > net/xfrm/xfrm_output.c | 61 > +++++++++++++++++++++++++++++++++++++++++++++++++- > 2 files changed, 61 insertions(+), 1 deletion(-) > > -- > 1.8.3.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >
On 11.02.22 01:57, Bodong Wang wrote: > The inner_ipproto saves the inner IP protocol of the plain > text packet. This allows vendor's IPsec feature making offload > decision at skb's features_check and configuring hardware at > ndo_start_xmit. > > For example, ConnectX6-DX IPsec device needs the plaintext's > IP protocol to support partial checksum offload on > VXLAN/GENEVE packet over IPsec transport mode tunnel. > > As this data unrelated to the specific driver (the inner ip protocol of the > plain text) then it makes sense to provide it in the xfrm stack layer to > avoid code duplication in various drivers and do it on the fly in the xfrm > layer instead of reparse the packet at the driver layer. This is handled by > patch 1. > > However, patch 1 did not handle the case where IPsec is used in tunnel mode. > Patch 2 fixed the bug. > > V0->V1: > Fix cherry-pick commit SHA for both patches > > Huy Nguyen (1): > net/xfrm: Add inner_ipproto into sec_path > > Raed Salem (1): > net/xfrm: IPsec tunnel mode fix inner_ipproto setting in sec_path > > include/net/xfrm.h | 1 + > net/xfrm/xfrm_output.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++- > 2 files changed, 61 insertions(+), 1 deletion(-) > Applied to focal:linux-bluefield, removing the 'linux-next' tag from the provenance of patch 2/2. Thanks, Kleber