All of lore.kernel.org
 help / color / mirror / Atom feed
* [GIT PULL] Improve IPsec limits, ESN and replay window
@ 2023-04-03  6:41 Leon Romanovsky
  2023-04-04 16:30 ` Leon Romanovsky
  0 siblings, 1 reply; 2+ messages in thread
From: Leon Romanovsky @ 2023-04-03  6:41 UTC (permalink / raw)
  To: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni
  Cc: Steffen Klassert, Herbert Xu, netdev, Saeed Mahameed, Raed Salem

This series overcomes existing hardware limitations in Mellanox ConnectX
devices around handling IPsec soft and hard limits.

In addition, the ESN logic is tied and added an interface to configure
replay window sequence numbers through existing iproute2 interface.

  ip xfrm state ... [ replay-seq SEQ ] [ replay-oseq SEQ ]
                    [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]

Link: https://lore.kernel.org/all/cover.1680162300.git.leonro@nvidia.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>

----------------------------------------------------------------

The following changes since commit 5a6cddb89b51d99a7702e63829644a5860dd9c41:

  net/mlx5e: Update IPsec per SA packets/bytes count (2023-03-20 11:29:52 +0200)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/ tags/ipsec-esn-replay

for you to fetch changes up to 9f758558e309d11ef31dbdabdb1e3aa1003aebf9:

  net/mlx5e: Simulate missing IPsec TX limits hardware functionality (2023-04-03 09:29:47 +0300)

----------------------------------------------------------------
Leon Romanovsky (10):
      net/mlx5e: Factor out IPsec ASO update function
      net/mlx5e: Prevent zero IPsec soft/hard limits
      net/mlx5e: Add SW implementation to support IPsec 64 bit soft and hard limits
      net/mlx5e: Overcome slow response for first IPsec ASO WQE
      xfrm: don't require advance ESN callback for packet offload
      net/mlx5e: Remove ESN callbacks if it is not supported
      net/mlx5e: Set IPsec replay sequence numbers
      net/mlx5e: Reduce contention in IPsec workqueue
      net/mlx5e: Generalize IPsec work structs
      net/mlx5e: Simulate missing IPsec TX limits hardware functionality

 .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c   | 329 ++++++++++++++++++---
 .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h   |  47 ++-
 .../mellanox/mlx5/core/en_accel/ipsec_fs.c         |  31 +-
 .../mellanox/mlx5/core/en_accel/ipsec_offload.c    | 198 ++++++++++---
 net/xfrm/xfrm_device.c                             |   2 +-
 5 files changed, 496 insertions(+), 111 deletions(-)

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [GIT PULL] Improve IPsec limits, ESN and replay window
  2023-04-03  6:41 [GIT PULL] Improve IPsec limits, ESN and replay window Leon Romanovsky
@ 2023-04-04 16:30 ` Leon Romanovsky
  0 siblings, 0 replies; 2+ messages in thread
From: Leon Romanovsky @ 2023-04-04 16:30 UTC (permalink / raw)
  To: Steffen Klassert
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	Herbert Xu, netdev, Saeed Mahameed, Raed Salem

On Mon, Apr 03, 2023 at 09:41:54AM +0300, Leon Romanovsky wrote:
> This series overcomes existing hardware limitations in Mellanox ConnectX
> devices around handling IPsec soft and hard limits.
> 
> In addition, the ESN logic is tied and added an interface to configure
> replay window sequence numbers through existing iproute2 interface.
> 
>   ip xfrm state ... [ replay-seq SEQ ] [ replay-oseq SEQ ]
>                     [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]
> 
> Link: https://lore.kernel.org/all/cover.1680162300.git.leonro@nvidia.com
> Signed-off-by: Leon Romanovsky <leon@kernel.org>
> 
> ----------------------------------------------------------------
> 
> The following changes since commit 5a6cddb89b51d99a7702e63829644a5860dd9c41:
> 
>   net/mlx5e: Update IPsec per SA packets/bytes count (2023-03-20 11:29:52 +0200)
> 
> are available in the Git repository at:
> 
>   https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/ tags/ipsec-esn-replay
> 
> for you to fetch changes up to 9f758558e309d11ef31dbdabdb1e3aa1003aebf9:
> 
>   net/mlx5e: Simulate missing IPsec TX limits hardware functionality (2023-04-03 09:29:47 +0300)
> 
> ----------------------------------------------------------------
> Leon Romanovsky (10):
>       net/mlx5e: Factor out IPsec ASO update function
>       net/mlx5e: Prevent zero IPsec soft/hard limits
>       net/mlx5e: Add SW implementation to support IPsec 64 bit soft and hard limits
>       net/mlx5e: Overcome slow response for first IPsec ASO WQE
>       xfrm: don't require advance ESN callback for packet offload

Hi Steffen,

Can you please provide your Acked-by for this patch?
https://lore.kernel.org/all/9f3dfc3fef2cfcd191f0c5eee7cf0aa74e7f7786.1680162300.git.leonro@nvidia.com

Thanks


>       net/mlx5e: Remove ESN callbacks if it is not supported
>       net/mlx5e: Set IPsec replay sequence numbers
>       net/mlx5e: Reduce contention in IPsec workqueue
>       net/mlx5e: Generalize IPsec work structs
>       net/mlx5e: Simulate missing IPsec TX limits hardware functionality
> 
>  .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c   | 329 ++++++++++++++++++---
>  .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h   |  47 ++-
>  .../mellanox/mlx5/core/en_accel/ipsec_fs.c         |  31 +-
>  .../mellanox/mlx5/core/en_accel/ipsec_offload.c    | 198 ++++++++++---
>  net/xfrm/xfrm_device.c                             |   2 +-
>  5 files changed, 496 insertions(+), 111 deletions(-)

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-04-04 16:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-03  6:41 [GIT PULL] Improve IPsec limits, ESN and replay window Leon Romanovsky
2023-04-04 16:30 ` Leon Romanovsky

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.