[SRU][F:linux-bluefield][PATCH 0/2] Add inner ipproto and fix in sec_path
Bodong Wang
bodong at nvidia.com
Wed Feb 9 16:39:10 UTC 2022
The inner_ipproto saves the inner IP protocol of the plain
text packet. This allows vendor's IPsec feature making offload
decision at skb's features_check and configuring hardware at
ndo_start_xmit.
For example, ConnectX6-DX IPsec device needs the plaintext's
IP protocol to support partial checksum offload on
VXLAN/GENEVE packet over IPsec transport mode tunnel.
As this data unrelated to the specific driver (the inner ip protocol of the
plain text) then it makes sense to provide it in the xfrm stack layer to
avoid code duplication in various drivers and do it on the fly in the xfrm
layer instead of reparse the packet at the driver layer. This is handled by
patch 1.
However, patch 1 did not handle the case where IPsec is used in tunnel mode.
Patch 2 fixed the bug.
Huy Nguyen (1):
net/xfrm: Add inner_ipproto into sec_path
Raed Salem (1):
net/xfrm: IPsec tunnel mode fix inner_ipproto setting in sec_path
include/net/xfrm.h | 1 +
net/xfrm/xfrm_output.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 61 insertions(+), 1 deletion(-)
--
1.8.3.1
More information about the kernel-team
mailing list