Commit c941da23 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Jakub Kicinski
Browse files

net/mlx5e: Accept tunnel mode for IPsec packet offload 



Open mlx5 driver to accept IPsec tunnel mode.

Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
Reviewed-by: default avatarSridhar Samudrala <sridhar.samudrala@intel.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 146c196b

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

+8 −7
Original line number Diff line number Diff line
@@ -422,6 +422,11 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev, 
		return -EINVAL;

	}



	if (x->props.mode != XFRM_MODE_TRANSPORT && x->props.mode != XFRM_MODE_TUNNEL) {

		NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm states may be offloaded");

		return -EINVAL;

	}



	switch (x->xso.type) {

	case XFRM_DEV_OFFLOAD_CRYPTO:

		if (!(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_CRYPTO)) {
@@ -429,11 +434,6 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev, 
			return -EINVAL;

		}



		if (x->props.mode != XFRM_MODE_TRANSPORT &&

		    x->props.mode != XFRM_MODE_TUNNEL) {

			NL_SET_ERR_MSG_MOD(extack, "Only transport and tunnel xfrm states may be offloaded");

			return -EINVAL;

		}

		break;

	case XFRM_DEV_OFFLOAD_PACKET:

		if (!(mlx5_ipsec_device_caps(mdev) &
@@ -442,8 +442,9 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev, 
			return -EINVAL;

		}



		if (x->props.mode != XFRM_MODE_TRANSPORT) {

			NL_SET_ERR_MSG_MOD(extack, "Only transport xfrm states may be offloaded in packet mode");

		if (x->props.mode == XFRM_MODE_TUNNEL &&

		    !(mlx5_ipsec_device_caps(mdev) & MLX5_IPSEC_CAP_TUNNEL)) {

			NL_SET_ERR_MSG_MOD(extack, "Packet offload is not supported for tunnel mode");

			return -EINVAL;

		}