| Message ID | 20210614143349.74866-1-huyn@nvidia.com |
|---|---|
| Headers | show |
| Series | Fix IPsec crypto offloads with vxlan tunnel | expand |
On Mon, Jun 14, 2021 at 05:33:48PM +0300, Huy Nguyen wrote: > The inner_ipproto saves the inner IP protocol of the plain > text packet. This allows vendor's IPsec feature making offload > decision at skb's features_check and configuring hardware at > ndo_start_xmit. > > For example, ConnectX6-DX IPsec device needs the plaintext's > IP protocol to support partial checksum offload on > VXLAN/GENEVE packet over IPsec transport mode tunnel. > > Signed-off-by: Raed Salem <raeds@nvidia.com> > Signed-off-by: Huy Nguyen <huyn@nvidia.com> > Cc: Steffen Klassert <steffen.klassert@secunet.com> In case you want to route this through the mlx5 tree: Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
On Mon, 2021-06-14 at 17:33 +0300, Huy Nguyen wrote: > v4 -> v5: > - Fix double initialization of xo in xfrm_get_inner_ipproto > > v3 -> v4: > - Check explicitly for skb->ecapsulation before calling > xfrm_get_inner_ipproto. > - Move patche set to net-next > > v2 -> v3: > - Fix bug in patch 003 when checking for xo null pointer in > mlx5e_ipsec_feature_check > - Fix bug of accidentally commenting out memset in patch 003 > > v1 -> v2: > - Move inner_ipproto into xfrm_offload structure. > - Fix static code analysis errors. > - skip checking for skb->encapsulation to be more flexible for > vendor > > This small series fixes ipsec TX offloads with vxlan overlay on top > of > the offloaded ipsec packet, the driver (mlx5) was lacking such > information > and the skb->encapsulation bit wasn't enough as indication to reach > the > vxlan inner headers, as a solution we mark the tunnel in the > offloaded > context of ipsec. > Series applied to net-next-mlx5. Thanks, Saeed.