tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

xfrm: Support ESN context update to hardware for TX

Previously xfrm_dev_state_advance_esn() was added for RX only. But
it's possible that ESN context also need to be synced to hardware for
TX, so call it for outbound in this patch.

Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

authored by

Jianbo Liu and committed by
Steffen Klassert 373b79af 59af653a

+9 -1
+2 -1
Documentation/networking/xfrm_device.rst
··· 169 169 170 170 hand the packet to napi_gro_receive() as usual 171 171 172 - In ESN mode, xdo_dev_state_advance_esn() is called from xfrm_replay_advance_esn(). 172 + In ESN mode, xdo_dev_state_advance_esn() is called from 173 + xfrm_replay_advance_esn() for RX, and xfrm_replay_overflow_offload_esn for TX. 173 174 Driver will check packet seq number and update HW ESN state machine if needed. 174 175 175 176 Packet offload mode:
+3
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
··· 6559 6559 { 6560 6560 struct adapter *adap = netdev2adap(x->xso.dev); 6561 6561 6562 + if (x->xso.dir != XFRM_DEV_OFFLOAD_IN) 6563 + return; 6564 + 6562 6565 if (!mutex_trylock(&uld_mutex)) { 6563 6566 dev_dbg(adap->pdev_dev, 6564 6567 "crypto uld critical resource is under use\n");
+3
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
··· 980 980 struct mlx5e_ipsec_sa_entry *sa_entry_shadow; 981 981 bool need_update; 982 982 983 + if (x->xso.dir != XFRM_DEV_OFFLOAD_IN) 984 + return; 985 + 983 986 need_update = mlx5e_ipsec_update_esn_state(sa_entry); 984 987 if (!need_update) 985 988 return;
+1
net/xfrm/xfrm_replay.c
··· 729 729 } 730 730 731 731 replay_esn->oseq = oseq; 732 + xfrm_dev_state_advance_esn(x); 732 733 733 734 if (xfrm_aevent_is_on(net)) 734 735 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);