git.baikalelectronics.ru Git - kernel.git/commit

author	Huy Nguyen <huyn@nvidia.com>
	Mon, 14 Jun 2021 14:33:49 +0000 (17:33 +0300)
committer	Saeed Mahameed <saeedm@nvidia.com>
	Tue, 22 Jun 2021 22:24:35 +0000 (15:24 -0700)
commit	1e19b9e9c1f561310180f7eb7bea8cf1795d7f15
tree	f8a67d7f69ddfd2f06d7e3e6221eb317272eef22	tree \| snapshot
parent	51e7d2b0e7cb05afb4b06ec1e4efe30c468e6ca8	commit \| diff

net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload

The packet is VXLAN packet over IPsec transport mode tunnel
which has the following format: [IP1 | ESP | UDP | VXLAN | IP2 | TCP]
NVIDIA ConnectX card cannot do checksum offload for two L4 headers.
The solution is using the checksum partial offload similar to
VXLAN | TCP packet. Hardware calculates IP1, IP2 and TCP checksums and
software calculates UDP checksum. However, unlike VXLAN | TCP case,
IPsec's mlx5 driver cannot access the inner plaintext IP protocol type.
Therefore, inner_ipproto is added in the sec_path structure
to provide this information. Also, utilize the skb's csum_start to
program L4 inner checksum offset.

While at it, remove the call to mlx5e_set_eseg_swp and setup software parser
fields directly in mlx5e_ipsec_set_swp. mlx5e_set_eseg_swp is not
needed as the two features (GENEVE and IPsec) are different and adding
this sharing layer creates unnecessary complexity and affect
performance.

For the case VXLAN packet over IPsec tunnel mode tunnel, checksum offload
is disabled because the hardware does not support checksum offload for
three L3 (IP) headers.

Signed-off-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Huy Nguyen <huyn@nvidia.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c		diff \| blob \| history
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h		diff \| blob \| history