Merge branch 'mlx5-macsec-extended-packet-number-and-replay-window-offload'
Saeed Mahameed says: ==================== mlx5 MACSec Extended packet number and replay window offload This is a follow up series to the previously submitted mlx5 MACsec offload [1] earlier this release cycle. In this series we add the support for MACsec Extended packet number and replay window offloads. First patch is a simple modification (code movements) to the core macsec code to allow exposing the EPN related user properties to the offloading device driver. The rest of the patches are mlx5 specific, we start off with fixing some trivial issues with mlx5 MACsec code, and a simple refactoring to allow additional functionality in mlx5 macsec to support EPN and window replay offloads. A) Expose mkey creation functionality to MACsec B) Expose ASO object to MACsec, to allow advanced steering operations, ASO objects are used to modify MACsec steering objects in fastpath. 1) Support MACsec offload extended packet number (EPN) MACsec EPN splits the packet number (PN) into two 32-bits fields, epn_lsb (32 least significant bits (LSBs) of PN) and epn_msb (32 most significant bits (MSBs) of PN). Epn_msb bits are managed by SW and for that HW is required to send an object change event of type EPN event notifying the SW to update the epn_msb in addition, once epn_msb is updated SW update HW with the new epn_msb value for HW to perform replay protection. To prevent HW from stopping while handling the event, SW manages another bit for HW called epn_overlap, HW uses the latter to get an indication regarding how to read the epn_msb value correctly while still receiving packets. Add epn event handling that updates the epn_overlap and epn_msb for every 2^31 packets according to the following logic: if epn_lsb crosses 2^31 (half sequence number wraparound) upon HW relevant event, SW updates the esn_overlap value to OLD (value = 1). When the epn_lsb crosses 2^32 (full sequence number wraparound) upon HW relevant event, SW updates the esn_overlap to NEW (value = 0) and increment the esn_msb. When using MACsec EPN a salt and short secure channel id (ssci) needs to be provided by the user, when offloading EPN need to pass this salt and ssci to the HW to be used in the initial vector (IV) calculations. 2) Support MACsec offload replay window Support setting replay window size for MACsec offload. Currently supported window size of 32, 64, 128 and 256 bit. Other values will be returned as invalid parameter. [1] https://lore.kernel.org/netdev/20220906052129.104507-1-saeed@kernel.org/ ==================== Link: https://lore.kernel.org/r/20220921181054.40249-1-saeed@kernel.orgSigned-off-by: Jakub Kicinski <kuba@kernel.org>
Showing
This diff is collapsed.
Please register or sign in to comment