[PATCH next-queue 1/3] ixgbe: check for 128-bit authentication

Make sure the Security Association is using a 128-bit authentication, since that's the only size that the hardware offload supports. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +++- drivers/net/ethernet

Re: [PATCH ipsec,v2] net: xfrm_policy: fix device unregistration hang

Acked-by: Shannon Nelson <shannon.nel...@oracle.com> --- include/net/xfrm.h | 11 +++-- net/xfrm/xfrm_device.c | 2 ++ net/xfrm/xfrm_policy.c | 66 ++ 3 files changed, 72 insertions(+), 7 deletions(-) diff --git a/include/net/xfrm

Re: [PATCH ipsec] net: xfrm_policy: fix device unregistration hang

On 2/12/2018 9:21 AM, Eyal Birger wrote: In setups like the following: Host A --Host B tun0 -- ipsec -- eth0 -- eth0 -- ipsec -- tun0 where tun0 are tunnel devices using dst_cache (ipip, ipip6, etc...). Unregistration of an underlying eth0 device leads to the

Re: [net-next,06/15] i40e: change flags to use 64 bits

On 2/7/2018 7:09 AM, James Hogan wrote: On Fri, Jan 26, 2018 at 01:24:50PM -0800, Jeff Kirsher wrote: From: Alice Michael As we have added more flags, we need to now use more bits and have over flooded the 32 bit size. So make it 64. Also change all the existing

Re: [PATCH net-next] sun: Add SPDX license tags to Sun network drivers

On 2/7/2018 3:59 AM, Julian Calaby wrote: Hi Shannon, On Wed, Feb 7, 2018 at 6:34 AM, Shannon Nelson <shannon.nel...@oracle.com> wrote: Add the appropriate SPDX license tags to the Sun network drivers as outlined in Documentation/process/license-rules.rst. Signed-off-by: Shannon

[PATCH net-next] sun: Add SPDX license tags to Sun network drivers

Add the appropriate SPDX license tags to the Sun network drivers as outlined in Documentation/process/license-rules.rst. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/sun/Kconfig | 1 + drivers/net/ethernet/sun/cassini.c| 1 + drive

Re: [Intel-wired-lan] Possible read-modify-write bug in ixgbe x550 phy setup

On 2/2/2018 1:08 PM, Tantilov, Emil S wrote: Just FYI - we looked at the reads and confirmed that there is no functional bug in the code because as it happens the CX1/SR bits is the only bits that are read and set and as such we don't lose any data. This of course means that the read is not

Re: [Intel-wired-lan] Possible read-modify-write bug in ixgbe x550 phy setup

On 2/1/2018 4:34 PM, Tantilov, Emil S wrote: -Original Message- From: Intel-wired-lan [mailto:intel-wired-lan-boun...@osuosl.org] On Behalf Of Shannon Nelson Sent: Thursday, February 01, 2018 3:46 PM To: Tantilov, Emil S <emil.s.tanti...@intel.com> Cc: netdev@vger.kernel.org; intel

Possible read-modify-write bug in ixgbe x550 phy setup

if (ret_val) return ret_val; The assignments to reg_phy_ext look wrong to me - perhaps those should be '|=' rather than '='? sln -- ========== Shannon Nelson shannon.nel...@oracle.com Parents can't afford to be squeamish

Re: macvlan devices and vlan interaction

On 1/29/2018 3:01 PM, Keller, Jacob E wrote: Hi, I'm currently investigating how macvlan devices behave in regards to vlan support, and found some interesting behavior that I am not sure how best to correct, or what the right path forward is. If I create a macvlan device: ip link add link

Re: [PATCH xfrm v1] xfrm: fix error flow in case of add state fails

ed-off-by: Boris Pismeny <bor...@mellanox.com> Thanks - I was wondering about that a couple of days ago and hadn't gotten back to it. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- net/xfrm/xfrm_device.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/xfrm/x

Re: [PATCH next-queue 2/2] ixgbe: add unlikely notes to tx fastpath expressions

On 1/18/2018 1:06 AM, Yanjun Zhu wrote: On 2018/1/9 6:47, Shannon Nelson wrote: Add unlikely() to a few error checking expressions in the Tx offload handling. Suggested-by: Yanjun Zhu <yanjun@oracle.com> Hi, I am fine with this patch. I have a question. The ipsec feature is sup

[PATCH] ixgbe: fix ipv6 support for ipsec offload

bit. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 39 ++ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel

Re: [PATCH net-next v3] xfrm: Add ESN support for IPSec HW offload

1: - Added documentation Changes from v2: - Due to Shannon Nelson's request, xfrm_dev_state_add() fails if ESN is requested and xdo_dev_state_advance_esn() is not implemented This works for me - thanks! Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- Documentation/networki

[PATCH 0/2] ixgbe: ipsec offload and sparc support

These are a couple of tweaks I found while making sure that the ipsec offload would work on SPARC. Shannon Nelson (2): ixgbe: ipsec offload for sparc ixgbe: use compiler constants in Rx path drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 14 +++--- 1 file changed, 7 insertions

[PATCH 2/2] ixgbe: use compiler constants in Rx path

Rather than swapping runtime bytes to compare to constants, let the compiler swap the constants and save a couple of runtuime cycles. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 10 +- 1 file changed, 5 insertions

[PATCH 1/2] ixgbe: ipsec offload for sparc

Add a couple of byteswaps needed to make the ipsec offload work on big-endian SPARC platforms. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/et

Re: [PATCH net-next v2] xfrm: Add ESN support for IPSec HW offload

On 1/11/2018 5:51 AM, Aviad Yehezkel wrote: On 1/11/2018 10:28 AM, Yossi Kuperman wrote: From: Shannon Nelson [mailto:shannon.nel...@oracle.com] Sent: Thursday, January 11, 2018 5:21 AM On 1/10/2018 3:09 PM, Yossi Kuperman wrote: On 10 Jan 2018, at 19:36, Shannon Nelson <shannon.

Re: [PATCH net-next v2] xfrm: Add ESN support for IPSec HW offload

On 1/10/2018 3:09 PM, Yossi Kuperman wrote: On 10 Jan 2018, at 19:36, Shannon Nelson <shannon.nel...@oracle.com> wrote: On 1/10/2018 2:34 AM, yoss...@mellanox.com wrote: From: Yossef Efraim <yoss...@mellanox.com> This patch adds ESN support to IPsec device offload. Adding new

Re: [PATCH net-next v2] xfrm: Add ESN support for IPSec HW offload

On 1/10/2018 2:34 AM, yoss...@mellanox.com wrote: From: Yossef Efraim This patch adds ESN support to IPsec device offload. Adding new xfrm device operation to synchronize device ESN. Signed-off-by: Yossef Efraim --- Changes from v1: - Added

[PATCH next-queue 2/2] ixgbe: add unlikely notes to tx fastpath expressions

Add unlikely() to a few error checking expressions in the Tx offload handling. Suggested-by: Yanjun Zhu <yanjun@oracle.com> Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 8 1 file changed, 4 insertions(+),

[PATCH next-queue 1/2] ixgbe: fix clean hw loop count

Fix a cut-paste error so that we can clean all the table entries. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipse

Re: [PATCH v3 next-queue 08/10] ixgbe: process the Tx ipsec offload

On 12/22/2017 12:24 AM, Yanjun Zhu wrote: On 2017/12/20 8:00, Shannon Nelson wrote: If the skb has a security association referenced in the skb, then set up the Tx descriptor with the ipsec offload bits.  While we're here, we fix an oddly named field in the context descriptor struct

[PATCH ipsec-next] xfrm: update the stats documentation

Add a couple of stats that aren't in the documentation file and rework the top description to be a little more readable. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- Documentation/networking/xfrm_proc.txt | 20 ++-- 1 file changed, 14 insertions(+), 6 del

[PATCH next-queue] ixgbe: no ipsec offload for 82598

Don't try to set up ipsec offload on the oldest part of the ixgbe family. Suggested-by: Yanjun Zhu <yanjun@oracle.com> Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 3 +++ 1 file changed, 3 insertions(+) diff --g

Re: [PATCH v3 next-queue 00/10] ixgbe: Add ipsec offload

On 12/20/2017 11:09 PM, Yanjun Zhu wrote: On 2017/12/21 14:39, Yanjun Zhu wrote: On 2017/12/20 7:59, Shannon Nelson wrote: This is an implementation of the ipsec hardware offload feature for the ixgbe driver and Intel's 10Gbe series NICs: x540, x550, 82599. Hi, Nelson I notice that the ipsec

Re: [PATCH v3 next-queue 05/10] ixgbe: add ipsec offload add and remove SA

On 12/20/2017 6:21 PM, Marcelo Ricardo Leitner wrote: On Wed, Dec 20, 2017 at 05:39:13PM -0800, Shannon Nelson wrote: On 12/20/2017 5:17 PM, Marcelo Ricardo Leitner wrote: Hi, On Tue, Dec 19, 2017 at 03:59:57PM -0800, Shannon Nelson wrote: +} + +static const struct xfrmdev_ops

Re: [PATCH v3 next-queue 05/10] ixgbe: add ipsec offload add and remove SA

On 12/20/2017 5:17 PM, Marcelo Ricardo Leitner wrote: Hi, On Tue, Dec 19, 2017 at 03:59:57PM -0800, Shannon Nelson wrote: +} + +static const struct xfrmdev_ops ixgbe_xfrmdev_ops = { + .xdo_dev_state_add = ixgbe_ipsec_add_sa, + .xdo_dev_state_delete = ixgbe_ipsec_del_sa

Re: [PATCH v3 ipsec-next 3/3] xfrm: wrap xfrmdev_ops with offload config

On 12/20/2017 8:03 AM, Marcelo Ricardo Leitner wrote: On Tue, Dec 19, 2017 at 03:35:49PM -0800, Shannon Nelson wrote: There's no reason to define netdev->xfrmdev_ops if the offload facility is not CONFIG'd in. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> This one

[PATCH v3 next-queue 06/10] ixgbe: restore offloaded SAs after a reset

On a chip reset most of the table contents are lost, so must be restored. This scans the driver's ipsec tables and restores both the filled and empty table slots to their pre-reset values. v2: during restore, clean the tables before restarting Signed-off-by: Shannon Nelson <shannon.

[PATCH v3 next-queue 02/10] ixgbe: add ipsec register access routines

value Use the addr as __be32 Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/Makefile | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe.h | 6 + drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 161 + drive

[PATCH v3 next-queue 10/10] ixgbe: register ipsec offload with the xfrm subsystem

of NETIF_F_HW_CSUM_BIT to NETIF_F_HW_CSUM Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 17 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 6 ++ 2 files changed, 23 insertions(+) diff --git a/drivers/net/ethernet

[PATCH v3 next-queue 03/10] ixgbe: add ipsec engine start and stop routines

Add in the code for running and stopping the hardware ipsec encryption/decryption engine. It is good to keep the engine off when not in use in order to save on the power draw. v2: add limiter to do-while loop waiting for paths to drain Signed-off-by: Shannon Nelson <shannon.nel...@oracle.

[PATCH v3 next-queue 01/10] ixgbe: clean up ipsec defines

Clean up the ipsec/macsec descriptor bit definitions to match the rest of the defines and file organization. Also recognise the bit-definition overlap in the error mask macro. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_type.

[PATCH v3 next-queue 00/10] ixgbe: Add ipsec offload

sky kbuild robots v2: fixes after comments from Alex Shannon Nelson (10): ixgbe: clean up ipsec defines ixgbe: add ipsec register access routines ixgbe: add ipsec engine start and stop routines ixgbe: add ipsec data structures ixgbe: add ipsec offload add and remove SA ixgbe: restore

[PATCH v3 next-queue 09/10] ixgbe: ipsec offload stats

Add a simple statistic to count the ipsec offloads. v2: change per ring counter to adapter rx and tx counters move tx_ipsec count to the tx clean code Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe.h | 2 ++ drivers/net/et

[PATCH v3 next-queue 04/10] ixgbe: add ipsec data structures

Set up the data structures to be used by the ipsec offload. v2: ipaddr[] becomes __be32 increase the hash table size Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe.h | 5 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.

[PATCH v3 next-queue 07/10] ixgbe: process the Rx ipsec offload

If the chip sees and decrypts an ipsec offload, set up the skb sp pointer with the ralated SA info. Since the chip is rude enough to keep to itself the table index it used for the decryption, we have to do our own table lookup, using the hash for speed. Signed-off-by: Shannon Nelson <shannon.

[PATCH v3 next-queue 08/10] ixgbe: process the Tx ipsec offload

move the ixgbe_ipsec_tx() call to near the call to ixgbe_tso() drop the ipsec packet if the tx offload setup fails simplify the ixgbe_ipsec_tx() parameters by using 'first' leave out the ixgbe_tso() changes since we don't support TSO with ipsec yet. Signed-off-by: Shannon Nelson

[PATCH v3 next-queue 05/10] ixgbe: add ipsec offload add and remove SA

that should be num_tx_sa change aes_gcm_name to a const array tighten up the key parsing code add another label to the init error handling move table deletion to a separate function Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/i

[PATCH v3 ipsec-next 1/3] xfrm: check for xdo_dev_state_free

The current XFRM code assumes that we've implemented the xdo_dev_state_free() callback, even if it is meaningless to the driver. This patch adds a check for it before calling, as done in other APIs, to prevent a NULL function pointer kernel crash. Signed-off-by: Shannon Nelson <shannon.

[PATCH v3 ipsec-next 0/3] xfrm: offload api fixes

from v1: - removed netdev_err() notes (Steffen) - fixed build when CONFIG_XFRM_OFFLOAD is off (kbuild robot) - split into multiple patches (me) Shannon Nelson (3): xfrm: check for xdo_dev_state_free xfrm: check for xdo_dev_ops add and delete xfrm: wrap xfrmdev_ops with offload config

[PATCH v3 ipsec-next 3/3] xfrm: wrap xfrmdev_ops with offload config

There's no reason to define netdev->xfrmdev_ops if the offload facility is not CONFIG'd in. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- include/linux/netdevice.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/netdevice.h b/incl

[PATCH v3 ipsec-next 2/3] xfrm: check for xdo_dev_ops add and delete

was setting xfrmdev_ops to NULL if the NETIF_F_HW_ESP bit was missing, which would probably surprise the driver later if the driver turned its NETIF_F_HW_ESP bit back on. We shouldn't be messing with the driver's callback list, so we stop doing that with this patch. Signed-off-by: Shannon Nelson

Re: [Intel-wired-lan] [PATCH v2 next-queue 08/10] ixgbe: process the Tx ipsec offload

On 12/15/2017 12:10 PM, kbuild test robot wrote: [...] drivers/net/ethernet/intel/ixgbe/ixgbe_main.c: In function 'ixgbe_xmit_frame_ring': drivers/net/ethernet/intel/ixgbe/ixgbe_main.c:8563:11: error: 'struct sk_buff' has no member named 'sp'; did you mean 'sk'? if (skb->sp &&

[PATCH v2 ipsec-next 3/3] xfrm: wrap xfrmdev_ops with offload config

There's no reason to define netdev->xfrmdev_ops if the offload facility is not CONFIG'd in. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- include/linux/netdevice.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/netdevice.h b/incl

[PATCH v2 ipsec-next 1/3] xfrm: check for xdo_dev_state_free

The current XFRM code assumes that we've implemented the xdo_dev_state_free() callback, even if it is meaningless to the driver. This patch adds a check for it before calling, as done in other APIs, to prevent a NULL function pointer kernel crash. Signed-off-by: Shannon Nelson <shannon.

[PATCH v2 ipsec-next 0/3] xfrm: offload api fixes

These are a couple of little fixes to the xfrm_offload API to make life just a little easier for the poor driver developer. Changes from v1: - removed netdev_err() notes (Steffen) - fixed build when CONFIG_XFRM_OFFLOAD is off (kbuild robot) - split into multiple patches (me) Shannon Nelson

[PATCH v2 ipsec-next 2/3] xfrm: check for xdo_dev_ops add and delete

This adds a check for the required add and delete functions up front at registration time to be sure both are defined. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- net/xfrm/xfrm_device.c | 16 1 file changed, 12 insertions(+), 4 deletions(-) diff --git

Re: [PATCH ipsec-next] xfrm: check for xdo_dev_state_free

On 12/13/2017 10:20 PM, Steffen Klassert wrote: On Mon, Dec 11, 2017 at 12:57:22PM -0800, Shannon Nelson wrote: The current XFRM code assumes that we've implemented the xdo_dev_state_free() callback, even if it is meaningless to the driver. + if (dev->featu

Re: [Intel-wired-lan] [PATCH v2 next-queue 08/10] ixgbe: process the Tx ipsec offload

On 12/12/2017 5:59 PM, Alexander Duyck wrote: On Tue, Dec 12, 2017 at 3:37 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: If the skb has a security association referenced in the skb, then set up the Tx descriptor with the ipsec offload bits. While we're here, we fix an oddly named

[PATCH v2 next-queue 04/10] ixgbe: add ipsec data structures

Set up the data structures to be used by the ipsec offload. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- v2: ipaddr[] becomes __be32 increase the hash table size drivers/net/ethernet/intel/ixgbe/ixgbe.h | 5 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.

[PATCH v2 next-queue 05/10] ixgbe: add ipsec offload add and remove SA

to mimic the hardware tables to make it easier to track what's in the hardware, and the SA table index is used for the XFRM offload handle. However, there is a hashing field in the Rx SA tracking that will be used to facilitate faster table searches in the Rx fast path. Signed-off-by: Shannon

[PATCH v2 next-queue 08/10] ixgbe: process the Tx ipsec offload

If the skb has a security association referenced in the skb, then set up the Tx descriptor with the ipsec offload bits. While we're here, we fix an oddly named field in the context descriptor struct. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- v2: use ihl != 5

[PATCH v2 next-queue 03/10] ixgbe: add ipsec engine start and stop routines

Add in the code for running and stopping the hardware ipsec encryption/decryption engine. It is good to keep the engine off when not in use in order to save on the power draw. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- v2: add limiter to do-while loop waiting for

[PATCH v2 next-queue 09/10] ixgbe: ipsec offload stats

Add a simple statistic to count the ipsec offloads. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- v2: change per ring counter to adapter rx and tx counters move tx_ipsec count to the tx clean code drivers/net/ethernet/intel/ixgbe/ixgbe.h | 2 ++ drivers/net/et

[PATCH v2 next-queue 10/10] ixgbe: register ipsec offload with the xfrm subsystem

With all the support code in place we can now link in the ipsec offload operations and set the ESP feature flag for the XFRM subsystem to see. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- v2: added the xdo_dev_state_free callback to make XFRM happy chang

[PATCH v2 next-queue 06/10] ixgbe: restore offloaded SAs after a reset

On a chip reset most of the table contents are lost, so must be restored. This scans the driver's ipsec tables and restores both the filled and empty table slots to their pre-reset values. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- v2: during restore, clean the tables

[PATCH v2 next-queue 01/10] ixgbe: clean up ipsec defines

Clean up the ipsec/macsec descriptor bit definitions to match the rest of the defines and file organization. Also recognise the bit-definition overlap in the error mask macro. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- v2: no changes drivers/net/ethernet/intel

[PATCH v2 next-queue 02/10] ixgbe: add ipsec register access routines

Add a few routines to make access to the ipsec registers just a little easier, and throw in the beginnings of an initialization. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- v2: Rx table selector becomes an enum with a shift Combine the clear table loops into one

[PATCH v2 next-queue 07/10] ixgbe: process the Rx ipsec offload

If the chip sees and decrypts an ipsec offload, set up the skb sp pointer with the ralated SA info. Since the chip is rude enough to keep to itself the table index it used for the decryption, we have to do our own table lookup, using the hash for speed. Signed-off-by: Shannon Nelson <shannon.

[PATCH v2 next-queue 00/10] ixgbe: Add ipsec offload

d dev eth4 dir in In both cases, the command "ip x s flush ; ip x p flush" will clean it all out and remove the offloads. Lastly, thanks to Alex Duyck for his early comments. Please see the individual patches for version update info. Shannon Nelson (10): ixgbe: clean up ipsec define

Re: [PATCH net-next v2] ip6_vti: adjust vti mtu according to mtu of output device

Alexey Kodanev <alexey.koda...@oracle.com> --- v2: * cleanup commit message issues (thanks to Shannon) Acked-by: Shannon Nelson <shannon.nel...@oracle.com> * handle the case when we don't have route but have device parameter * cast new MTU to int and then check the maximum

[PATCH ipsec-next] xfrm: check for xdo_dev_state_free

and delete functions up front at registration time to be sure both are defined, and complain if not. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- include/net/xfrm.h | 3 ++- net/xfrm/xfrm_device.c | 18 ++ 2 files changed, 16 insertions(+), 5 deletions(-)

Re: [PATCH net-next] ip6_vti: adjust vti mtu according to mtu of output device

On 12/8/2017 3:54 AM, Alexey Kodanev wrote: On 12/08/2017 10:02 AM, Steffen Klassert wrote: On Wed, Dec 06, 2017 at 07:38:19PM +0300, Alexey Kodanev wrote: Since you're planning to do a 2nd version anyway, can we get a couple of the commit message issues cleaned up? LTP/udp6_ipsec_vti

Re: [Intel-wired-lan] [next-queue 06/10] ixgbe: restore offloaded SAs after a reset

On 12/7/2017 1:52 PM, Alexander Duyck wrote: The reads/writes themselves should be cheap. These kind of things only get to be really expensive when you start looking at adding delays in between the writes/reads polling on things. As long as we aren't waiting milliseconds on things you can

Re: [Intel-wired-lan] [next-queue 06/10] ixgbe: restore offloaded SAs after a reset

On 12/7/2017 9:16 AM, Alexander Duyck wrote: On Wed, Dec 6, 2017 at 9:43 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: On 12/5/2017 9:30 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: On a chip reset most

Re: [Intel-wired-lan] [next-queue 08/10] ixgbe: process the Tx ipsec offload

On 12/7/2017 9:56 AM, Alexander Duyck wrote: You've suggested several things here, all good things to look into, which I will do, most now, some in the near future. Thanks! sln On Wed, Dec 6, 2017 at 9:43 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: On 12/5/2017 10

Re: [Intel-wired-lan] [next-queue 02/10] ixgbe: add ipsec register access routines

On 12/7/2017 8:02 AM, Alexander Duyck wrote: On Wed, Dec 6, 2017 at 9:43 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: Thanks, Alex, for your detailed comments, I do appreciate the time and thought you put into them. Responses below... sln On 12/5/2017 8:56 AM, Alexander Duyck

Re: [Intel-wired-lan] [next-queue 03/10] ixgbe: add ipsec engine start and stop routines

On 12/5/2017 8:22 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: Add in the code for running and stopping the hardware ipsec encryption/decryption engine. It is good to keep the engine off when not in use in order t

Re: [Intel-wired-lan] [next-queue 10/10] ixgbe: register ipsec offload with the xfrm subsystem

On 12/5/2017 12:11 PM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: With all the support code in place we can now link in the ipsec offload operations and set the ESP feature flag for the XFRM subsystem to see. Signed-off-by: S

Re: [Intel-wired-lan] [next-queue 07/10] ixgbe: process the Rx ipsec offload

On 12/5/2017 9:40 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: If the chip sees and decrypts an ipsec offload, set up the skb sp pointer with the ralated SA info. Since the chip is rude enough to keep to itself the table

Re: [Intel-wired-lan] [next-queue 09/10] ixgbe: ipsec offload stats

On 12/5/2017 11:53 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: Add a simple statistic to count the ipsec offloads. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/i

Re: [Intel-wired-lan] [next-queue 08/10] ixgbe: process the Tx ipsec offload

On 12/5/2017 10:13 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: If the skb has a security association referenced in the skb, then set up the Tx descriptor with the ipsec offload bits. While we're here, we fix an oddly named

Re: [Intel-wired-lan] [next-queue 06/10] ixgbe: restore offloaded SAs after a reset

On 12/5/2017 9:30 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: On a chip reset most of the table contents are lost, so must be restored. This scans the driver's ipsec tables and restores both the filled and empty table

Re: [Intel-wired-lan] [next-queue 05/10] ixgbe: implement ipsec add and remove of offloaded SA

On 12/5/2017 9:26 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: Add the functions for setting up and removing offloaded SAs (Security Associations) with the x540 hardware. We set up the callback structure but we don't y

Re: [Intel-wired-lan] [next-queue 02/10] ixgbe: add ipsec register access routines

Thanks, Alex, for your detailed comments, I do appreciate the time and thought you put into them. Responses below... sln On 12/5/2017 8:56 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: Add a few routines to make

Re: [Intel-wired-lan] [next-queue 04/10] ixgbe: add ipsec data structures

On 12/5/2017 9:03 AM, Alexander Duyck wrote: On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson <shannon.nel...@oracle.com> wrote: Set up the data structures to be used by the ipsec offload. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/i

[next-queue 10/10] ixgbe: register ipsec offload with the xfrm subsystem

With all the support code in place we can now link in the ipsec offload operations and set the ESP feature flag for the XFRM subsystem to see. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 4 drivers/net/ethernet/intel

[next-queue 04/10] ixgbe: add ipsec data structures

Set up the data structures to be used by the ipsec offload. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe.h | 5 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h | 40 ++ 2 files changed, 45 inse

[next-queue 05/10] ixgbe: implement ipsec add and remove of offloaded SA

to mimic the hardware tables to make it easier to track what's in the hardware, and the SA table index is used for the XFRM offload handle. However, there is a hashing field in the Rx SA tracking that will be used to facilitate faster table searches in the Rx fast path. Signed-off-by: Shannon

[next-queue 08/10] ixgbe: process the Tx ipsec offload

If the skb has a security association referenced in the skb, then set up the Tx descriptor with the ipsec offload bits. While we're here, we fix an oddly named field in the context descriptor struct. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel

[next-queue 00/10] ixgbe: Add ipsec offload

d dev eth4 dir in In both cases, the command "ip x s flush ; ip x p flush" will clean it all out and remove the offloads. Lastly, thanks to Alex Duyck for his early comments. Shannon Nelson (10): ixgbe: clean up ipsec defines ixgbe: add ipsec register access routines ixgbe: ad

[next-queue 02/10] ixgbe: add ipsec register access routines

Add a few routines to make access to the ipsec registers just a little easier, and throw in the beginnings of an initialization. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/Makefile | 1 + drivers/net/ethernet/intel/ixgbe/i

[next-queue 09/10] ixgbe: ipsec offload stats

Add a simple statistic to count the ipsec offloads. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 28 ++-- drivers/net/ethernet/intel

[next-queue 06/10] ixgbe: restore offloaded SAs after a reset

On a chip reset most of the table contents are lost, so must be restored. This scans the driver's ipsec tables and restores both the filled and empty table slots to their pre-reset values. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/i

[next-queue 07/10] ixgbe: process the Rx ipsec offload

If the chip sees and decrypts an ipsec offload, set up the skb sp pointer with the ralated SA info. Since the chip is rude enough to keep to itself the table index it used for the decryption, we have to do our own table lookup, using the hash for speed. Signed-off-by: Shannon Nelson <shannon.

[next-queue 01/10] ixgbe: clean up ipsec defines

Clean up the ipsec/macsec descriptor bit definitions to match the rest of the defines and file organization. Also recognise the bit-definition overlap in the error mask macro. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_type.

[next-queue 03/10] ixgbe: add ipsec engine start and stop routines

Add in the code for running and stopping the hardware ipsec encryption/decryption engine. It is good to keep the engine off when not in use in order to save on the power draw. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c

Re: [PATCH net v2 2/3] xfrm: Add an activate() offload dev op

On 12/3/2017 2:16 PM, Yossi Kuperman wrote: -Original Message- From: Shannon Nelson [mailto:shannon.nel...@oracle.com] Sent: Sunday, December 3, 2017 12:11 AM To: Aviv Heller <av...@mellanox.com>; Steffen Klassert <steffen.klass...@secunet.com> Cc: Herbert Xu <herb...@gond

Re: [PATCH net v2 2/3] xfrm: Add an activate() offload dev op

On 12/2/2017 2:33 PM, Yossi Kuperman wrote: On 1 Dec 2017, at 9:09, Steffen Klassert wrote: On Tue, Nov 28, 2017 at 07:55:41PM +0200, av...@mellanox.com wrote: From: Aviv Heller Adding the state to the offload device prior to replay init

Re: [PATCH net v2 2/3] xfrm: Add an activate() offload dev op

On 12/1/2017 11:47 AM, Shannon Nelson wrote: On 11/28/2017 9:55 AM, av...@mellanox.com wrote: From: Aviv Heller <av...@mellanox.com> Adding the state to the offload device prior to replay init in xfrm_state_construct() will result in NULL dereference if a matching ESP packet is re

Re: [RFC] virtio-net: help live migrate SR-IOV devices

On 11/30/2017 6:11 AM, Michael S. Tsirkin wrote: On Thu, Nov 30, 2017 at 10:08:45AM +0200, achiad shochat wrote: Re. problem #2: Indeed the best way to address it seems to be to enslave the VF driver netdev under a persistent anchor netdev. And it's indeed desired to allow (but not enforce) PV

Re: [PATCH net v2 2/3] xfrm: Add an activate() offload dev op

On 11/28/2017 9:55 AM, av...@mellanox.com wrote: From: Aviv Heller Adding the state to the offload device prior to replay init in xfrm_state_construct() will result in NULL dereference if a matching ESP packet is received in between. In order to inhibit driver offload

Re: [PATCH net-next 3/3] xfrm: Add ESN support for IPSec HW offload

On 11/28/2017 1:49 AM, yoss...@mellanox.com wrote: From: Yossef Efraim This patch adds ESN support to IPsec device offload. Adding new xfrm device operation to synchronize device ESN. Signed-off-by: Yossef Efraim --- include/linux/netdevice.h |

Re: [PATCH net-next 3/3] xfrm: Add ESN support for IPSec HW offload

On 11/30/2017 10:23 PM, Steffen Klassert wrote: On Tue, Nov 28, 2017 at 11:49:30AM +0200, yoss...@mellanox.com wrote: From: Yossef Efraim This patch adds ESN support to IPsec device offload. Adding new xfrm device operation to synchronize device ESN. Signed-off-by:

[PATCH ipsec] xfrm: add documentation for xfrm device offload api

Add a writeup on how to use the XFRM device offload API, and mention this new file in the index. Signed-off-by: Shannon Nelson <shannon.nel...@oracle.com> --- Documentation/networking/00-INDEX| 2 + Documentation/networking/xfrm_device.txt | 132 +++ 2

Re: [PATCH] macvlan: verify MTU before lowerdev xmit

On 11/14/2017 9:03 AM, Shannon Nelson wrote: On 11/14/2017 2:32 AM, Daniel Axtens wrote: If a macvlan device which is not in bridge mode receives a packet, it is sent straight to the lowerdev without checking against the device's MTU. This also happens for multicast traffic. Add

Re: [PATCH] macvlan: verify MTU before lowerdev xmit

(e.g. 1480) - do not set the MTU lower in the guest (e.g. keep at 1500) - netperf to a different host with the same high MTU - observe that currently, the driver will forward too-big packets - observe that with this patch the packets are dropped Cc: Shannon Nelson <shannon.nel...@oracle.

Re: [Intel-wired-lan] [jkirsher/next-queue PATCH 0/5] macvlan offload fixes

to be minor clean-ups to address the fact that we don't want packets to somehow stray and end up being transmitted on a queue that is supposed to be in use by a macvlan instead of the lowerdev itself. Other than the little misspelling I flagged, Acked-by: Shannon Nelson <shannon.nel...@oracle.

<    1   2   3   4   >