diff options
| author | Leon Romanovsky <leonro@nvidia.com> | 2022-12-02 22:10:25 +0200 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2022-12-06 13:55:59 +0100 |
| commit | cded6d80129babde53627efe32d164842cdd23a0 (patch) | |
| tree | 55fcb9336f0a8967806c7e2217522bcee4391292 /drivers/net/ethernet/mellanox | |
| parent | 59592cfdf8a44fd1f25cf16f4e25edc7f1a4e709 (diff) | |
| download | linux-stable-cded6d80129babde53627efe32d164842cdd23a0.tar.gz linux-stable-cded6d80129babde53627efe32d164842cdd23a0.tar.bz2 linux-stable-cded6d80129babde53627efe32d164842cdd23a0.zip | |
net/mlx5e: Store replay window in XFRM attributes
As a preparation for future extension of IPsec hardware object to allow
configuration of packet offload mode, extend the XFRM validator to check
replay window values.
Reviewed-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'drivers/net/ethernet/mellanox')
| -rw-r--r-- | drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 12 | ||||
| -rw-r--r-- | drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 |
2 files changed, 13 insertions, 0 deletions
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c index e6411533f911..734b486db5d6 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c @@ -166,6 +166,7 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, attrs->esn = sa_entry->esn_state.esn; if (sa_entry->esn_state.overlap) attrs->flags |= MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP; + attrs->replay_window = x->replay_esn->replay_window; } /* action */ @@ -257,6 +258,17 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) netdev_info(netdev, "Unsupported xfrm offload type\n"); return -EINVAL; } + if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET) { + if (x->replay_esn && x->replay_esn->replay_window != 32 && + x->replay_esn->replay_window != 64 && + x->replay_esn->replay_window != 128 && + x->replay_esn->replay_window != 256) { + netdev_info(netdev, + "Unsupported replay window size %u\n", + x->replay_esn->replay_window); + return -EINVAL; + } + } return 0; } diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h index fa052a89c4dd..6fe55675bee9 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h @@ -83,6 +83,7 @@ struct mlx5_accel_esp_xfrm_attrs { } daddr; u8 is_ipv6; + u32 replay_window; }; enum mlx5_ipsec_cap { |