Public bug reported:
* Explain the bug(s)
The inner_ipproto saves the inner IP protocol of the plain
text packet. This allows vendor's IPsec feature making offload
decision at skb's features_check and configuring hardware at
ndo_start_xmit.
For example, ConnectX6-DX IPsec device needs the plaintext's
IP protocol to support partial checksum offload on
VXLAN/GENEVE packet over IPsec transport mode tunnel
* Brief explanation of fixes
As this data unrelated to the specific driver (the inner ip protocol of the
plain text) then
it makes sense to provide it in the xfrm stack layer to avoid code duplication
in various drivers
and do it on the fly in the xfrm layer instead of reparse the packet at the
driver layer.
* How to test
Need to make sure that the code compiles post this change, run TCP encapsulated
traffic (for example using vxlan) when IPSec crypto offload with transport mode
is configured
* What it could break.
NA, this function adds data to a new field introduced to struct xfrm_offload,
so if not used it have no effect and it is assigned in stack and used in driver
so if driver does not used it then no effect.
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1960427
Title:
Add inner_ipproto into sec_path
Status in linux-bluefield package in Ubuntu:
New
Bug description:
* Explain the bug(s)
The inner_ipproto saves the inner IP protocol of the plain
text packet. This allows vendor's IPsec feature making offload
decision at skb's features_check and configuring hardware at
ndo_start_xmit.
For example, ConnectX6-DX IPsec device needs the plaintext's
IP protocol to support partial checksum offload on
VXLAN/GENEVE packet over IPsec transport mode tunnel
* Brief explanation of fixes
As this data unrelated to the specific driver (the inner ip protocol of the
plain text) then
it makes sense to provide it in the xfrm stack layer to avoid code
duplication in various drivers
and do it on the fly in the xfrm layer instead of reparse the packet at the
driver layer.
* How to test
Need to make sure that the code compiles post this change, run TCP
encapsulated traffic (for example using vxlan) when IPSec crypto offload with
transport mode is configured
* What it could break.
NA, this function adds data to a new field introduced to struct
xfrm_offload, so if not used it have no effect and it is assigned in stack and
used in driver so if driver does not used it then no effect.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1960427/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
