Commit 37d244ad authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Steffen Klassert

net/mlx5e: Open mlx5 driver to accept IPsec packet offload

Enable configuration of IPsec packet offload through XFRM state add
interface together with moving specific to IPsec packet mode limitations
to specific switch-case section.
Reviewed-by: default avatarRaed Salem <raeds@nvidia.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent cee137a6
...@@ -191,11 +191,6 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) ...@@ -191,11 +191,6 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
netdev_info(netdev, "Only IPv4/6 xfrm states may be offloaded\n"); netdev_info(netdev, "Only IPv4/6 xfrm states may be offloaded\n");
return -EINVAL; return -EINVAL;
} }
if (x->props.mode != XFRM_MODE_TRANSPORT &&
x->props.mode != XFRM_MODE_TUNNEL) {
dev_info(&netdev->dev, "Only transport and tunnel xfrm states may be offloaded\n");
return -EINVAL;
}
if (x->id.proto != IPPROTO_ESP) { if (x->id.proto != IPPROTO_ESP) {
netdev_info(netdev, "Only ESP xfrm state may be offloaded\n"); netdev_info(netdev, "Only ESP xfrm state may be offloaded\n");
return -EINVAL; return -EINVAL;
...@@ -229,11 +224,32 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) ...@@ -229,11 +224,32 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
netdev_info(netdev, "Cannot offload xfrm states with geniv other than seqiv\n"); netdev_info(netdev, "Cannot offload xfrm states with geniv other than seqiv\n");
return -EINVAL; return -EINVAL;
} }
if (x->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) { switch (x->xso.type) {
netdev_info(netdev, "Unsupported xfrm offload type\n"); case XFRM_DEV_OFFLOAD_CRYPTO:
if (!(mlx5_ipsec_device_caps(priv->mdev) &
MLX5_IPSEC_CAP_CRYPTO)) {
netdev_info(netdev, "Crypto offload is not supported\n");
return -EINVAL; return -EINVAL;
} }
if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET) {
if (x->props.mode != XFRM_MODE_TRANSPORT &&
x->props.mode != XFRM_MODE_TUNNEL) {
netdev_info(netdev, "Only transport and tunnel xfrm states may be offloaded\n");
return -EINVAL;
}
break;
case XFRM_DEV_OFFLOAD_PACKET:
if (!(mlx5_ipsec_device_caps(priv->mdev) &
MLX5_IPSEC_CAP_PACKET_OFFLOAD)) {
netdev_info(netdev, "Packet offload is not supported\n");
return -EINVAL;
}
if (x->props.mode != XFRM_MODE_TRANSPORT) {
netdev_info(netdev, "Only transport xfrm states may be offloaded in packet mode\n");
return -EINVAL;
}
if (x->replay_esn && x->replay_esn->replay_window != 32 && if (x->replay_esn && x->replay_esn->replay_window != 32 &&
x->replay_esn->replay_window != 64 && x->replay_esn->replay_window != 64 &&
x->replay_esn->replay_window != 128 && x->replay_esn->replay_window != 128 &&
...@@ -263,6 +279,11 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) ...@@ -263,6 +279,11 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
"Hard packet limit must be greater than soft one\n"); "Hard packet limit must be greater than soft one\n");
return -EINVAL; return -EINVAL;
} }
break;
default:
netdev_info(netdev, "Unsupported xfrm offload type %d\n",
x->xso.type);
return -EINVAL;
} }
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment