Commit cded6d80 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Steffen Klassert
Browse files

net/mlx5e: Store replay window in XFRM attributes 



As a preparation for future extension of IPsec hardware object to allow
configuration of packet offload mode, extend the XFRM validator to check
replay window values.

Reviewed-by: default avatarRaed Salem <raeds@nvidia.com>
Reviewed-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 59592cfd

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

+12 −0
Original line number Diff line number Diff line
@@ -166,6 +166,7 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, 
		attrs->esn = sa_entry->esn_state.esn;

		if (sa_entry->esn_state.overlap)

			attrs->flags |= MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP;

		attrs->replay_window = x->replay_esn->replay_window;

	}



	/* action */
@@ -257,6 +258,17 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) 
		netdev_info(netdev, "Unsupported xfrm offload type\n");

		return -EINVAL;

	}

	if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET) {

		if (x->replay_esn && x->replay_esn->replay_window != 32 &&

		    x->replay_esn->replay_window != 64 &&

		    x->replay_esn->replay_window != 128 &&

		    x->replay_esn->replay_window != 256) {

			netdev_info(netdev,

				    "Unsupported replay window size %u\n",

				    x->replay_esn->replay_window);

			return -EINVAL;

		}

	}

	return 0;

}

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h

+1 −0
Original line number Diff line number Diff line
@@ -83,6 +83,7 @@ struct mlx5_accel_esp_xfrm_attrs { 
	} daddr;



	u8 is_ipv6;

	u32 replay_window;

};



enum mlx5_ipsec_cap {