[SRU][J:linux-bluefield][PATCH v1 00/32] support IPsec full offload
Tony Duan
yifeid at nvidia.com
Wed Sep 6 16:30:30 UTC 2023
BugLink: https://bugs.launchpad.net/bugs/2034578
Align Kernel IPsec Full offload implementation in the DPU to the upstream Full
offload in all components: OFED, Strongswan, etc. This commit is in order for
DPU Kernel IPsec to include policy offload and be fully aligned to what
ConnectX Kernel customers will use.
Most of the changes are already in uptream. In this commit, it contains 32
patches include 4 reverts, 27 cherry-picks and 1 conflict resolver.
Most of the patches are clean cherry-pick. The conflict are mainly
focus on driver part and netdev_***() related functions. I ignored
driver change and keep dev_***() unchanged.
This commit also depends on
"[SRU][J:linux-bluefield][PATCH v1 0/1] UBUNTU: [Config] bluefield: disable MLX5, and vendor drivers."
(https://lists.ubuntu.com/archives/kernel-team/2023-September/142502.html)
which is still under review.
Merege request: https://code.launchpad.net/~yifeid/ubuntu/+source/linux-bluefield/+git/linux-bluefield/+merge/450800
Edward Cree (1):
netlink: add support for formatted extack messages
Leon Romanovsky (21):
xfrm: delete not used number of external headers
xfrm: rename xfrm_state_offload struct to allow reuse
xfrm: store and rely on direction to construct offload flags
xfrm: drop not needed flags variable in XFRM offload struct
xfrm: Remove not-used total variable
xfrm: add new packet offload flag
xfrm: allow state packet offload mode
xfrm: add an interface to offload policy
xfrm: add TX datapath support for IPsec packet offload mode
xfrm: speed-up lookup of HW policies
xfrm: add support to HW update soft and hard limits
xfrm: document IPsec packet offload mode
xfrm: extend add policy callback to set failure reason
xfrm: extend add state callback to set failure reason
netlink: provide an ability to set default extack message
xfrm: don't require advance ESN callback for packet offload
xfrm: release all offloaded policy memory
xfrm: add missed call to delete offloaded policies
xfrm: Support UDP encapsulation in packet offload mode
xfrm: delete offloaded policy
xfrm: don't skip free of empty state in acquire policy
Raed Salem (2):
xfrm: add new device offload acquire flag
xfrm: copy_to_user_state fetch offloaded SA packets/bytes statistics
Sabrina Dubroca (3):
xfrm: add extack support to xfrm_dev_state_add
xfrm: add extack to verify_policy_type
xfrm: propagate extack to all netlink doit handlers
Tony Duan (5):
Revert "UBUNTU: SAUCE: net/xfrm: Fix XFRM flags validity check"
Revert "UBUNTU: SAUCE: xfrm: Check if_id in xfrm full offload"
Revert "UBUNTU: SAUCE: net/xfrm: Add support for xfrm full offload"
Revert "UBUNTU: SAUCE: net/xfrm: IPsec full offload support for
lifetime limit"
UBUNTU: SAUCE: xfrm: fix conflict for netdev and tx stats
Documentation/networking/xfrm_device.rst | 64 +++++-
drivers/net/bonding/bond_main.c | 8 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 5 +-
.../chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 10 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 11 +-
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 9 +-
.../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 7 +-
drivers/net/netdevsim/ipsec.c | 8 +-
include/linux/netdevice.h | 6 +-
include/linux/netlink.h | 39 +++-
include/net/xfrm.h | 99 +++++++++-
include/uapi/linux/xfrm.h | 7 +-
net/bridge/br_switchdev.c | 10 +-
net/xfrm/xfrm_device.c | 146 ++++++++++++--
net/xfrm/xfrm_output.c | 22 +--
net/xfrm/xfrm_policy.c | 127 +++++++-----
net/xfrm/xfrm_state.c | 215 ++++++++++++++++-----
net/xfrm/xfrm_user.c | 121 ++++++++----
18 files changed, 708 insertions(+), 206 deletions(-)
--
1.8.3.1
More information about the kernel-team
mailing list