From patchwork Thu Jun 3 16:00:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Huy Nguyen X-Patchwork-Id: 454600 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F43AC47096 for ; Thu, 3 Jun 2021 16:01:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 62EB2613EE for ; Thu, 3 Jun 2021 16:01:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229823AbhFCQCs (ORCPT ); Thu, 3 Jun 2021 12:02:48 -0400 Received: from mail-mw2nam10on2069.outbound.protection.outlook.com ([40.107.94.69]:18849 "EHLO NAM10-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229597AbhFCQCr (ORCPT ); Thu, 3 Jun 2021 12:02:47 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MNhX6LjW4zyhjVplxcEYbgUzCrjL/hFxbaHnPH62CZPFYp3wT9njvXZRT7kZm9d0zK5S+JbyZ3DbWqe6jBLV2+jmCo229hugUOnq+pyYguYd+Xy5S0wuDYu72lmRhmbeQ1lvaFqYslSeEqlVrpK6DLsxkL/fDK5c3m5l4IoR8E5fckPZkcCQay737bx+6TdkoAM03efFRc/AvzmzAkQzm5Me/aiKVoxwCef74+80hnxoIC7rB082UPI4ctPyihgk1Gxb2DLO5ZX4+J+5PnpQDn4Fq6stXssSHkBa86kOApzoDT2fhnkTVUF1crm3WzpJa7mrtO6WsjSteb9coU6DjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=elNJ8nhQtM0lNLDEP8V3pa0aVXHmIA7dRR8RS15Y8sg=; b=LRE/0lqQZDaOsX29/lv0WeSK2BlU1chlOD+QM8vpRbN+ULpgxRSQqJUOIoFdANsPfBSix7c59kB1V4oMTIoqTyFUP3bmhL8QGT6wtrdQlLdGXvcYNRiTnPSN9X36iLbipp16jBtWq0baJ8rmOAfJr5ldoaBOxlKgTsjisJxvtN49q6CPyhUZwhO/GPY2fGRrfQnml8qWyhecJJBsShwXIUWoTTMQzA5I9WukGuWG0CxHz5OPL31WRk8gUMIELTFXIoLr9M4XPZiri6gD5rgHV//Z0hYijnX5ybaG3DU10m2WxjvCDTlCOQ4TKVPd+V6mJW9QowmADcLfctmYW0Q1qg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=elNJ8nhQtM0lNLDEP8V3pa0aVXHmIA7dRR8RS15Y8sg=; b=eIukxRhuqwqUM6NDic46luW3ryjoJFZva8URqiKLPdmJwg2bQwUyQ2qivwQfMa4AvOvOu+Jqzn9+Ms8Q82enBsZMj2ezMYW5gW0nPBqnAGsWMLQu4VsYRklzcfjBp1w0vuHruQ7wwkffYakuNjqFGlA3schbIMCEijeBzV46gcbW4ZML3/4NyRVMepxj8F7rhSES0r+9NCubmgbXv/DCa/x9oLBD3yk24+mbQ6aIk5VDJv8kHg/Dl+KCr0H99Lgu0USWOkxzDdjeajk/gOyHD76cfsDU0XE5coPNk1/2NXHe8kiYaN/PWap1pCaP6wiHKU/eVSgIln9rzhYDFsbwyQ== Received: from CO2PR04CA0203.namprd04.prod.outlook.com (2603:10b6:104:5::33) by DM4PR12MB5328.namprd12.prod.outlook.com (2603:10b6:5:39f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.23; Thu, 3 Jun 2021 16:01:01 +0000 Received: from CO1NAM11FT010.eop-nam11.prod.protection.outlook.com (2603:10b6:104:5:cafe::de) by CO2PR04CA0203.outlook.office365.com (2603:10b6:104:5::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.15 via Frontend Transport; Thu, 3 Jun 2021 16:01:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; kernel.org; dkim=none (message not signed) header.d=none; kernel.org; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT010.mail.protection.outlook.com (10.13.175.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4195.22 via Frontend Transport; Thu, 3 Jun 2021 16:01:01 +0000 Received: from sw-mtx-036.mtx.labs.mlnx (172.20.187.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 3 Jun 2021 16:00:57 +0000 From: Huy Nguyen To: CC: , , , , , , , Subject: [RESEND PATCH net v3 1/3] net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet Date: Thu, 3 Jun 2021 19:00:43 +0300 Message-ID: <20210603160045.11805-2-huyn@nvidia.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210603160045.11805-1-huyn@nvidia.com> References: <20210603160045.11805-1-huyn@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [172.20.187.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 11874b06-d5e8-4d21-e161-08d926a8c8f0 X-MS-TrafficTypeDiagnostic: DM4PR12MB5328: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SGK+wFgfMPaYiAtTLqHwW49b+K7VIz3ZQhRUaxB0uCDEoHi+g85qKV+5HvMGZDeK05xhrWIcFg/B40hHQgfKFel5WQX2aRWkWl6auo6ol9cfGXw3sy/w1eKBuJFVNvfKiAx4qVUIb9t87jHg6eVMv645ER87eM3ZhWVjX5937S5+6W6JmND2ZtPWeYY9ZbLpkVk22QGppxCLNkXlbP+zh0Uc2EBLAqOncppcFJ8DpNOrmfIUQmAlSeqxjW1o8KmRxOWuuQ8MAQri5ARYkGQZOr01SD18Ko1srXW8ecnxHGkkBH1eY3NlFuFYu9f/m6qbBiDkT7+Qcx4CBOE6yeJnc2CGCYou3YylC7Y/6zeEs0vDaKdl2hk3kUa0fhRsIVFC/YZ5NRsNmYbTbG9NCdWx2Ste/YrUoUBiwRrscLoAlzDH5h5zEgrVxbE/61RTGIrC+wHwahSyZq3JMIhU6uJqqFSYPcPCZGaPVVxsXo7bjERKMhuLrTtDMmZLFk2nwIA3EzLggBFePh3iufoN2/ptXr1myueVOZLMtw8nKLM1W2QTvuviYj7ADC6P/AtiQRDggr/HERBwI4IHk0kX3W/J/nSgEqKrcS0rH1y0YKOTA+GFrVEx9shmfBDbet9Fi6Ki20P8BsaiMTHWcvrsrmTj7D3F06KkPaJJYzLmoWn6arQ= X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(396003)(346002)(136003)(39850400004)(376002)(36840700001)(46966006)(47076005)(82740400003)(86362001)(7636003)(83380400001)(82310400003)(356005)(36860700001)(6666004)(70586007)(70206006)(8936002)(8676002)(5660300002)(4326008)(478600001)(6916009)(107886003)(2906002)(1076003)(26005)(36906005)(316002)(36756003)(2616005)(336012)(426003)(54906003)(16526019)(186003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2021 16:01:01.6167 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 11874b06-d5e8-4d21-e161-08d926a8c8f0 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT010.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5328 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org mlx5e_ipsec_feature_check belongs to mlx5e_tunnel_features_check. Also, IPsec is not the default configuration so it should be checked at the end instead of the beginning of mlx5e_features_check. Fixes: 2ac9cfe78223 ("net/mlx5e: IPSec, Add Innova IPSec offload TX data path") Signed-off-by: Raed Salem Signed-off-by: Huy Nguyen --- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h | 15 +++++++++------ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 8 +++++--- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h index 3e80742a3caf..cfa98272e4a9 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h @@ -93,8 +93,8 @@ static inline bool mlx5e_ipsec_eseg_meta(struct mlx5_wqe_eth_seg *eseg) void mlx5e_ipsec_tx_build_eseg(struct mlx5e_priv *priv, struct sk_buff *skb, struct mlx5_wqe_eth_seg *eseg); -static inline bool mlx5e_ipsec_feature_check(struct sk_buff *skb, struct net_device *netdev, - netdev_features_t features) +static inline netdev_features_t +mlx5e_ipsec_feature_check(struct sk_buff *skb, netdev_features_t features) { struct sec_path *sp = skb_sec_path(skb); @@ -102,9 +102,11 @@ static inline bool mlx5e_ipsec_feature_check(struct sk_buff *skb, struct net_dev struct xfrm_state *x = sp->xvec[0]; if (x && x->xso.offload_handle) - return true; + return features; } - return false; + + /* Disable CSUM and GSO for software IPsec */ + return features & ~(NETIF_F_CSUM_MASK | NETIF_F_GSO_MASK); } #else @@ -120,8 +122,9 @@ static inline bool mlx5e_ipsec_eseg_meta(struct mlx5_wqe_eth_seg *eseg) } static inline bool mlx5_ipsec_is_rx_flow(struct mlx5_cqe64 *cqe) { return false; } -static inline bool mlx5e_ipsec_feature_check(struct sk_buff *skb, struct net_device *netdev, - netdev_features_t features) { return false; } +static inline netdev_features_t +mlx5e_ipsec_feature_check(struct sk_buff *skb, netdev_features_t features) +{ return features & ~(NETIF_F_CSUM_MASK | NETIF_F_GSO_MASK); } #endif /* CONFIG_MLX5_EN_IPSEC */ #endif /* __MLX5E_IPSEC_RXTX_H__ */ diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c index bca832cdc4cb..43c0a473cc9a 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c @@ -4278,6 +4278,11 @@ static netdev_features_t mlx5e_tunnel_features_check(struct mlx5e_priv *priv, /* Support Geneve offload for default UDP port */ if (port == GENEVE_UDP_PORT && mlx5_geneve_tx_allowed(priv->mdev)) return features; +#endif + break; +#ifdef CONFIG_MLX5_EN_IPSEC + case IPPROTO_ESP: + return mlx5e_ipsec_feature_check(skb, features); #endif } @@ -4295,9 +4300,6 @@ netdev_features_t mlx5e_features_check(struct sk_buff *skb, features = vlan_features_check(skb, features); features = vxlan_features_check(skb, features); - if (mlx5e_ipsec_feature_check(skb, netdev, features)) - return features; - /* Validate if the tunneled packet is being offloaded by HW */ if (skb->encapsulation && (features & NETIF_F_CSUM_MASK || features & NETIF_F_GSO_MASK)) From patchwork Thu Jun 3 16:00:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Huy Nguyen X-Patchwork-Id: 453824 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12C36C47082 for ; Thu, 3 Jun 2021 16:01:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ED654613EE for ; Thu, 3 Jun 2021 16:01:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229844AbhFCQCv (ORCPT ); Thu, 3 Jun 2021 12:02:51 -0400 Received: from mail-bn8nam11on2072.outbound.protection.outlook.com ([40.107.236.72]:6817 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229597AbhFCQCt (ORCPT ); Thu, 3 Jun 2021 12:02:49 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=No6tEjX8/6/qmQ+5CKK04AA8bqg9hemXoENWR7er7Msk6Q3bcYIlP5EMIJQw/9czxuQDqfophtp6PeVfMaruGMQMPhjF9ctc05WlPOupUd6qxv2g6uvXYJEVIt82j6oqpBo1TGSDMNP8hZESu282HW/Sa8lTOGGWcyrvxpRxlA9aTd7z51hXGdS5Ae73PFRJ0UkSEs4EdmOvAwdlvNu9i06KZC7p4o9kSdXYRxYY4Sz7Nw1kUZQzwRNLaBXGOdRsqKsJZp/zzBxBevWSrN6g/xkfjVOy9vrb/d564asLd15ZNl7y1feTOWTqEEchRX2kyzQdciiannlWAZV3fCTM8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dfytfx5zh+NQO/nUfitWTX6VIGQ0ANIycYXylTSL4gM=; b=e0bsNDBlCiMVESKzhR4mgDLV1QRtEoKmoFQj0ssRpm+K8Cg4jEwddRGh1B42KbB3y2Fy22y054DcwAO8JjQR/sNVCBlQ56BcQ9k59DLkd9J5l8+RbXI2V6bYmf48kKZUuplNjeF34BQ76abfqgmZvuPIkndMIxeYmeRvVP+S47dSCSx23Zw+lOD8DWxrbCW5wVKrOJXoBcEFTkTt/OoUpZAk/7BscpG6Qs5cT/JBN3EPbQ4GVb/U08v/w90pmlmVGUR2EUcqCrq+ypy+CA4+uN/LLsMbAy03qjaMhlK3s90XyNtoN7VXR9v4T5RAG7EFdiGONmRHDCC0WdQHuViY+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dfytfx5zh+NQO/nUfitWTX6VIGQ0ANIycYXylTSL4gM=; b=mFz0ibYL4UQai12/P+W94g4QMy/bX8n3afBpAGfTvZYe2srCo1DovTjELoiOhNqfCVcumTbwbvJRuwYM19iKXB2V7GnNjuZkny8M4imUeFACpv+aOfxl98ldOtY1+xEj7DXogl2ykLoEr9dM/JW3+o9BnBL1Pru8HOuXdp7B39D1m7JVecQ4c8jCk3v+PGl9FhL9Cbi8hwU0M4CqxTJQZcgBrm7zfxIRMfAfhXlJeoIt39mrsB9eZKMCrD1Un+mF3c6RLkYNSbFi03IZrPCHRh2PZeZD++oEv2nDkNxQg81gf1LgROCN2/Qm6RFN0z6G8cONnCdNxUyb5uHlD+bcjw== Received: from CO2PR04CA0193.namprd04.prod.outlook.com (2603:10b6:104:5::23) by BL0PR12MB2466.namprd12.prod.outlook.com (2603:10b6:207:4e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.20; Thu, 3 Jun 2021 16:01:03 +0000 Received: from CO1NAM11FT010.eop-nam11.prod.protection.outlook.com (2603:10b6:104:5:cafe::9c) by CO2PR04CA0193.outlook.office365.com (2603:10b6:104:5::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.15 via Frontend Transport; Thu, 3 Jun 2021 16:01:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; kernel.org; dkim=none (message not signed) header.d=none; kernel.org; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT010.mail.protection.outlook.com (10.13.175.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4195.22 via Frontend Transport; Thu, 3 Jun 2021 16:01:03 +0000 Received: from sw-mtx-036.mtx.labs.mlnx (172.20.187.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 3 Jun 2021 16:00:59 +0000 From: Huy Nguyen To: CC: , , , , , , , Subject: [RESEND PATCH net v3 2/3] net/xfrm: Add inner_ipproto into sec_path Date: Thu, 3 Jun 2021 19:00:44 +0300 Message-ID: <20210603160045.11805-3-huyn@nvidia.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210603160045.11805-1-huyn@nvidia.com> References: <20210603160045.11805-1-huyn@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [172.20.187.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 45efb2be-de08-4fae-304a-08d926a8ca22 X-MS-TrafficTypeDiagnostic: BL0PR12MB2466: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WF2rvSXUJe3GZjTxpFcrhxKkD+6FY1jaSHPlOC82DjfiZ/ysxwEQ/r2lO3l59DYArr2vxaY/bgU0Zrh23Oyeuw9V4Dn8jQh/2muXxT/byUT8ZLpUw8APickq2QxR7iwMMNxIMi8gOpeuyvHwnbJNQMjIkDCEO8yf4gyvs0wVvD6I0gomsYooIpAJvIpeDGs2jseM16NmJSQG2pn/LMEuQIed6Uska1qtKs7JAatbexYzp7lvwf6I1i2OLDAp8ae+Rk6zUkwM59JONV5FzOfFXFdoAikoQrlBPMq/RtXcHKwU4tUAdJ/nWPEihYEpxOZOs98ltFZoHjNdaA2kuiGjtt4AZOWdwj7iz4Iofmaurptyb0vTT7MZWgBluPvecv2AeyYDXj7qfTRSF1qOo8EWxbpzGlbC63dlvBYq/EJmd0QmGG92dOySFxqYd1/nUu19m1Uu467bjARmeKwGmG086m5m7GgKe3ptorXKal/eMH/qBC/p0VVIRQnFv7cOk4+zboGUJUFVv/oBbdTfuJcnLEMLEWeUDXXhjJyGU7Ykfrz5VYQsabvVYIQXRnkJsDpOIkXfdhXIc546aQs7G9Nhbf3YfXdbrNQSQuIGnSDFmzUhR3TASG9em04/4I2iqga01twilcnt0DAoeuM1nS9Iq7IQCNw2T1AhuEhMNvfntug= X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(136003)(39860400002)(396003)(346002)(376002)(36840700001)(46966006)(4326008)(36756003)(70586007)(6916009)(2906002)(26005)(8936002)(5660300002)(8676002)(107886003)(70206006)(478600001)(54906003)(426003)(316002)(36906005)(2616005)(86362001)(36860700001)(1076003)(336012)(82310400003)(83380400001)(16526019)(186003)(356005)(7636003)(82740400003)(47076005)(6666004); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2021 16:01:03.6125 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 45efb2be-de08-4fae-304a-08d926a8ca22 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT010.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2466 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The inner_ipproto saves the inner IP protocol of the plain text packet. This allows vendor's IPsec feature making offload decision at skb's features_check and configuring hardware at ndo_start_xmit. For example, ConnectX6-DX IPsec device needs the plaintext's IP protocol to support partial checksum offload on VXLAN/GENEVE packet over IPsec transport mode tunnel. Signed-off-by: Raed Salem Signed-off-by: Huy Nguyen Cc: Steffen Klassert --- include/net/xfrm.h | 1 + net/xfrm/xfrm_output.c | 44 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 6e11db6fa0ab..c51da30d2542 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1025,6 +1025,7 @@ struct xfrm_offload { #define CRYPTO_INVALID_PROTOCOL 128 __u8 proto; + __u8 inner_ipproto; }; struct sec_path { diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index e4cb0ff4dcf4..cd70d2ea5d8b 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -565,6 +565,46 @@ static int xfrm_output_gso(struct net *net, struct sock *sk, struct sk_buff *skb return 0; } +/* For partial checksum offload, the outer header checksum is calculated + * by software and the inner header checksum is calculated by hardware. + * This requires hardware to know the inner packet type to calculate + * the inner header checksum. Save inner ip protocol here to avoid + * traversing the packet in the vendor's xmit code. + * If the encap type is IPIP, just save skb->inner_ipproto. Otherwise, + * get the ip protocol from the IP header. + */ +static void xfrm_get_inner_ipproto(struct sk_buff *skb) +{ + struct xfrm_offload *xo = xfrm_offload(skb); + const struct ethhdr *eth; + + if (!skb->inner_protocol) + return; + + xo = xfrm_offload(skb); + if (!xo) + return; + + if (skb->inner_protocol_type == ENCAP_TYPE_IPPROTO) { + xo->inner_ipproto = skb->inner_ipproto; + return; + } + + if (skb->inner_protocol_type != ENCAP_TYPE_ETHER) + return; + + eth = (struct ethhdr *)skb_inner_mac_header(skb); + + switch (ntohs(eth->h_proto)) { + case ETH_P_IPV6: + xo->inner_ipproto = inner_ipv6_hdr(skb)->nexthdr; + break; + case ETH_P_IP: + xo->inner_ipproto = inner_ip_hdr(skb)->protocol; + break; + } +} + int xfrm_output(struct sock *sk, struct sk_buff *skb) { struct net *net = dev_net(skb_dst(skb)->dev); @@ -594,12 +634,14 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) kfree_skb(skb); return -ENOMEM; } - skb->encapsulation = 1; + skb->encapsulation = 1; sp->olen++; sp->xvec[sp->len++] = x; xfrm_state_hold(x); + xfrm_get_inner_ipproto(skb); + if (skb_is_gso(skb)) { if (skb->inner_protocol) return xfrm_output_gso(net, sk, skb); From patchwork Thu Jun 3 16:00:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Huy Nguyen X-Patchwork-Id: 454599 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85C1FC47098 for ; Thu, 3 Jun 2021 16:01:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6F231613B8 for ; Thu, 3 Jun 2021 16:01:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229845AbhFCQCx (ORCPT ); Thu, 3 Jun 2021 12:02:53 -0400 Received: from mail-mw2nam12on2068.outbound.protection.outlook.com ([40.107.244.68]:4856 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229597AbhFCQCv (ORCPT ); Thu, 3 Jun 2021 12:02:51 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kgawUveFIurZAzefwQ3s6B4p6QWcXJJMdZ3OeZjSzW1lTt7LKKx+vB9F8EDMgmfmym89YcPsEluKSp8jL13f1DReXg11pP037nK5QtyjzMRxHFTSl/abiX/xU8yxJp3w/KpfAVFqlUd+VxpNLBdN8cRel9PtQnS+WSfH2r58ZHC4mUksdpLzCN+KBFWnzDQvIHjpl5r4X5rSnHW+jCqBwhpKt3FwqT+UnFEdhA9nh6UZMomM3wfbYX3vLDL0hHAn6IVGOKEdTpP+MThML99UTTl6q9FWmw7jVavl2ZGgr2ZLimQJIeI+jWCfF8xWe+/xwACbCYfUIpNGMS74XbGBxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JOPEvOWR+vBRcDHftT2f4kk0Q+4SjhtYtpUmLF15pd8=; b=miigDaivvUDIgmsaPQnHYsGh5fdUDkqO1N5pcEDfR7Igm8QN63b0m2cTJA/SFhCIouTliUxkccpS1FcgbBOtZb6exvEXJze0yrvODEvMdZfGGnvwOBLYd+731BnyGvAjbifqBIPcqA2fGTVX63XLH62QcciyN6jDnrYbM91A32LBDoejNiHzyLYk9M6S/dDM0NeUDemnVjIYjC67PDMT8wo8NAj+MBmc8inWZXjhAVeZOjIDJKYwEE5DhY5C1N8NZpjeujAIDLAQupiCG4IzFk+OY5QdYWoTevYwu0bhuJUZl/mHGLFUK6fpMVVQ+HHdmIfY+ZAnlXijNdDbPzUbRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JOPEvOWR+vBRcDHftT2f4kk0Q+4SjhtYtpUmLF15pd8=; b=t8/6/DQ08Yvn0PAm1Z4ezeteZ1G7qUcXeolOJ02qkyDAob3LdsCazr57f3VTOvJUpAVIvzWnzT79JXal8LY636WZuCrrvcZyFMQ+AIrFBZw4YE/dzf+OUvDfV81UIrmHqaaiz7nthKjeCqULJlEApYpt71O2LfXTSt3Ke0l2yUr+t4GPOVnNj2SyHv5hfwBCL+G5YPiwdj3n70dLAxxOAyOSPo5h2MLzfAu7+dNsMHnr0ddqy5Y6zbU8f6DbHeSHwelEa+7z7YLen1wzUC73TIcugfadMYxMyFLZSGFXxJk46LXCuKt6DrD9sRviCOIMQZAru6BKlv8VpX8EAHJz1A== Received: from CO2PR04CA0186.namprd04.prod.outlook.com (2603:10b6:104:5::16) by DM6PR12MB4880.namprd12.prod.outlook.com (2603:10b6:5:1bc::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.21; Thu, 3 Jun 2021 16:01:05 +0000 Received: from CO1NAM11FT010.eop-nam11.prod.protection.outlook.com (2603:10b6:104:5:cafe::9d) by CO2PR04CA0186.outlook.office365.com (2603:10b6:104:5::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.22 via Frontend Transport; Thu, 3 Jun 2021 16:01:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; kernel.org; dkim=none (message not signed) header.d=none; kernel.org; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT010.mail.protection.outlook.com (10.13.175.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4195.22 via Frontend Transport; Thu, 3 Jun 2021 16:01:05 +0000 Received: from sw-mtx-036.mtx.labs.mlnx (172.20.187.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 3 Jun 2021 16:01:01 +0000 From: Huy Nguyen To: CC: , , , , , , , Subject: [RESEND PATCH net v3 3/3] net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload Date: Thu, 3 Jun 2021 19:00:45 +0300 Message-ID: <20210603160045.11805-4-huyn@nvidia.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210603160045.11805-1-huyn@nvidia.com> References: <20210603160045.11805-1-huyn@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [172.20.187.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 30ce3a14-7e79-4a7a-f789-08d926a8cb63 X-MS-TrafficTypeDiagnostic: DM6PR12MB4880: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ibpGNHWkYBF7iiKrvQDlbQz+w07zBPIMMKX15DIqmIGrzCAxnvmxTRQjmYBVNujlqKG3jzfP2yuJsR/6aQ44a/xLsIF6D+P1ajf0fS5F1cVkC1l2tuRibq7OPqB+8Y/7EIP7pqNq4eDNm3ZwdUk8goiS6yN6m53gXJ/Ns2S4nwFsdB8Qv/4oBhZQjEKXA9LI36wVV265LHOG1Qplxgl0VEs1zL3VrUnhQipdT9F7R1qJzNVurGwxKoyTtBUBEE8L7B4isBUOOUOKhiI4tEGKKMRA0MftNp+9MBtRKNkV4SUJ7UlEUKGxcPctjif74W/4UgmrEWMtBsbsD63wVlxKrGu+wpAEsBzuoeSiZFEh4shi0fH1tp6/tqlkqz44rjH2pP38pskS/IvUTWW0AljbqYl6a/jIEDy8mc2eDrxVuPGzogGTEzpLGvPCO80NB9D7d0EOL1DABmDogcQqraJ2J0i4acZdWcciYhjwzXkq7nTR8ZjC6NK11R0U8b8AT6HL9BFSnn5Zc4Ou3JIOW6lIqbS7UlB7HSGHQ5B+CIbOT5rodICIcR6wr6tLm5TA2+5kxr7NRJ1OQiOZy1QNZIrPenv4OhYwFTkI9V0lMBKWvqEEMYfemlBCXrVeJgGojGKiPAxp21InS/aiCWSoD0jc1yAHteulV37LwCboZsN20Ro= X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(376002)(396003)(136003)(39850400004)(346002)(36840700001)(46966006)(6916009)(2906002)(186003)(36756003)(86362001)(47076005)(36860700001)(107886003)(356005)(7636003)(6666004)(82740400003)(54906003)(4326008)(82310400003)(36906005)(8676002)(5660300002)(8936002)(426003)(2616005)(70586007)(26005)(70206006)(83380400001)(478600001)(316002)(16526019)(1076003)(336012); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2021 16:01:05.7193 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 30ce3a14-7e79-4a7a-f789-08d926a8cb63 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT010.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4880 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The packet is VXLAN packet over IPsec transport mode tunnel which has the following format: [IP1 | ESP | UDP | VXLAN | IP2 | TCP] NVIDIA ConnectX card cannot do checksum offload for two L4 headers. The solution is using the checksum partial offload similar to VXLAN | TCP packet. Hardware calculates IP1, IP2 and TCP checksums and software calculates UDP checksum. However, unlike VXLAN | TCP case, IPsec's mlx5 driver cannot access the inner plaintext IP protocol type. Therefore, inner_ipproto is added in the sec_path structure to provide this information. Also, utilize the skb's csum_start to program L4 inner checksum offset. While at it, remove the call to mlx5e_set_eseg_swp and setup software parser fields directly in mlx5e_ipsec_set_swp. mlx5e_set_eseg_swp is not needed as the two features (GENEVE and IPsec) are different and adding this sharing layer creates unnecessary complexity and affect performance. For the case VXLAN packet over IPsec tunnel mode tunnel, checksum offload is disabled because the hardware does not support checksum offload for three L3 (IP) headers. Fixes: 2ac9cfe78223 ("net/mlx5e: IPSec, Add Innova IPSec offload TX data path") Signed-off-by: Raed Salem Signed-off-by: Huy Nguyen Cc: Steffen Klassert --- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 65 ++++++++++++++----- .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h | 24 ++++++- 2 files changed, 70 insertions(+), 19 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c index a97e8d205094..33de8f0092a6 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c @@ -136,8 +136,6 @@ static void mlx5e_ipsec_set_swp(struct sk_buff *skb, struct mlx5_wqe_eth_seg *eseg, u8 mode, struct xfrm_offload *xo) { - struct mlx5e_swp_spec swp_spec = {}; - /* Tunnel Mode: * SWP: OutL3 InL3 InL4 * Pkt: MAC IP ESP IP L4 @@ -146,23 +144,58 @@ static void mlx5e_ipsec_set_swp(struct sk_buff *skb, * SWP: OutL3 InL4 * InL3 * Pkt: MAC IP ESP L4 + * + * Tunnel(VXLAN TCP/UDP) over Transport Mode + * SWP: OutL3 InL3 InL4 + * Pkt: MAC IP ESP UDP VXLAN IP L4 */ - swp_spec.l3_proto = skb->protocol; - swp_spec.is_tun = mode == XFRM_MODE_TUNNEL; - if (swp_spec.is_tun) { - if (xo->proto == IPPROTO_IPV6) { - swp_spec.tun_l3_proto = htons(ETH_P_IPV6); - swp_spec.tun_l4_proto = inner_ipv6_hdr(skb)->nexthdr; - } else { - swp_spec.tun_l3_proto = htons(ETH_P_IP); - swp_spec.tun_l4_proto = inner_ip_hdr(skb)->protocol; - } - } else { - swp_spec.tun_l3_proto = skb->protocol; - swp_spec.tun_l4_proto = xo->proto; + + /* Shared settings */ + eseg->swp_outer_l3_offset = skb_network_offset(skb) / 2; + if (skb->protocol == htons(ETH_P_IPV6)) + eseg->swp_flags |= MLX5_ETH_WQE_SWP_OUTER_L3_IPV6; + + /* Tunnel mode */ + if (mode == XFRM_MODE_TUNNEL) { + eseg->swp_inner_l3_offset = skb_inner_network_offset(skb) / 2; + eseg->swp_inner_l4_offset = skb_inner_transport_offset(skb) / 2; + if (xo->proto == IPPROTO_IPV6) + eseg->swp_flags |= MLX5_ETH_WQE_SWP_INNER_L3_IPV6; + if (inner_ip_hdr(skb)->protocol == IPPROTO_UDP) + eseg->swp_flags |= MLX5_ETH_WQE_SWP_INNER_L4_UDP; + return; + } + + /* Transport mode */ + if (mode != XFRM_MODE_TRANSPORT) + return; + + if (!xo->inner_ipproto) { + eseg->swp_inner_l3_offset = skb_network_offset(skb) / 2; + eseg->swp_inner_l4_offset = skb_inner_transport_offset(skb) / 2; + if (skb->protocol == htons(ETH_P_IPV6)) + eseg->swp_flags |= MLX5_ETH_WQE_SWP_INNER_L3_IPV6; + if (xo->proto == IPPROTO_UDP) + eseg->swp_flags |= MLX5_ETH_WQE_SWP_INNER_L4_UDP; + return; + } + + /* Tunnel(VXLAN TCP/UDP) over Transport Mode */ + switch (xo->inner_ipproto) { + case IPPROTO_UDP: + eseg->swp_flags |= MLX5_ETH_WQE_SWP_INNER_L4_UDP; + fallthrough; + case IPPROTO_TCP: + eseg->swp_inner_l3_offset = skb_inner_network_offset(skb) / 2; + eseg->swp_inner_l4_offset = (skb->csum_start + skb->head - skb->data) / 2; + if (skb->protocol == htons(ETH_P_IPV6)) + eseg->swp_flags |= MLX5_ETH_WQE_SWP_INNER_L3_IPV6; + break; + default: + break; } - mlx5e_set_eseg_swp(skb, eseg, &swp_spec); + return; } void mlx5e_ipsec_set_iv_esn(struct sk_buff *skb, struct xfrm_state *x, diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h index cfa98272e4a9..5120a59361e6 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h @@ -96,16 +96,34 @@ void mlx5e_ipsec_tx_build_eseg(struct mlx5e_priv *priv, struct sk_buff *skb, static inline netdev_features_t mlx5e_ipsec_feature_check(struct sk_buff *skb, netdev_features_t features) { + struct xfrm_offload *xo = xfrm_offload(skb); struct sec_path *sp = skb_sec_path(skb); - if (sp && sp->len) { + if (sp && sp->len && xo) { struct xfrm_state *x = sp->xvec[0]; - if (x && x->xso.offload_handle) - return features; + if (!x || !x->xso.offload_handle) + goto out_disable; + + if (xo->inner_ipproto) { + /* Cannot support tunnel packet over IPsec tunnel mode + * because we cannot offload three IP header csum + */ + if (x->props.mode == XFRM_MODE_TUNNEL) + goto out_disable; + + /* Only support UDP or TCP L4 checksum */ + if (xo->inner_ipproto != IPPROTO_UDP && + xo->inner_ipproto != IPPROTO_TCP) + goto out_disable; + } + + return features; + } /* Disable CSUM and GSO for software IPsec */ +out_disable: return features & ~(NETIF_F_CSUM_MASK | NETIF_F_GSO_MASK); }