Commit cded6d80 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Steffen Klassert

net/mlx5e: Store replay window in XFRM attributes

As a preparation for future extension of IPsec hardware object to allow
configuration of packet offload mode, extend the XFRM validator to check
replay window values.
Reviewed-by: default avatarRaed Salem <raeds@nvidia.com>
Reviewed-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 59592cfd
...@@ -166,6 +166,7 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, ...@@ -166,6 +166,7 @@ mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
attrs->esn = sa_entry->esn_state.esn; attrs->esn = sa_entry->esn_state.esn;
if (sa_entry->esn_state.overlap) if (sa_entry->esn_state.overlap)
attrs->flags |= MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP; attrs->flags |= MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP;
attrs->replay_window = x->replay_esn->replay_window;
} }
/* action */ /* action */
...@@ -257,6 +258,17 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) ...@@ -257,6 +258,17 @@ static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x)
netdev_info(netdev, "Unsupported xfrm offload type\n"); netdev_info(netdev, "Unsupported xfrm offload type\n");
return -EINVAL; return -EINVAL;
} }
if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET) {
if (x->replay_esn && x->replay_esn->replay_window != 32 &&
x->replay_esn->replay_window != 64 &&
x->replay_esn->replay_window != 128 &&
x->replay_esn->replay_window != 256) {
netdev_info(netdev,
"Unsupported replay window size %u\n",
x->replay_esn->replay_window);
return -EINVAL;
}
}
return 0; return 0;
} }
......
...@@ -83,6 +83,7 @@ struct mlx5_accel_esp_xfrm_attrs { ...@@ -83,6 +83,7 @@ struct mlx5_accel_esp_xfrm_attrs {
} daddr; } daddr;
u8 is_ipv6; u8 is_ipv6;
u32 replay_window;
}; };
enum mlx5_ipsec_cap { enum mlx5_ipsec_cap {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment