#
57f273ad |
|
17-Nov-2022 |
Huanhuan Wang <huanhuan.wang@corigine.com> |
nfp: add framework to support ipsec offloading A new metadata type and config structure are introduced to interact with firmware to support ipsec offloading. This feature relies on specific firmware that supports ipsec encrypt/decrypt by advertising related capability bit. The xfrm callbacks which interact with upper layer are implemented in the following patch. Based on initial work of Norm Bagley <norman.bagley@netronome.com>. Signed-off-by: Huanhuan Wang <huanhuan.wang@corigine.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
6a35ddc5 |
|
17-Dec-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: implement the stream sync RX resync The simple RX resync strategy controlled by the kernel does not guarantee as good results as if the device helps by detecting the potential record boundaries and keeping track of them. We've called this strategy stream scan in the tls-offload doc. Implement this strategy for the NFP. The device sends a request for record boundary confirmation, which is then recorded in per-TLS socket state and responded to once record is reached. Because the device keeps track of records passing after the request was sent the response is not as latency sensitive as when kernel just tries to tell the device the information about the next record. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9ed431c1 |
|
10-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: make use of kernel-driven TX resync When TCP stream gets out of sync (driver stops receiving skbs with expected TCP sequence numbers) request a TX resync from the kernel. We try to distinguish retransmissions from missed transmissions by comparing the sequence number to expected - if it's further than the expected one - we probably missed packets. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c0a4948e |
|
10-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: enable TLS RX offload Set ethtool TLS RX feature based on NIC capabilities, and enable TLS RX when connections are added for decryption. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c3991d39 |
|
05-Jun-2019 |
Dirk van der Merwe <dirk.vandermerwe@netronome.com> |
nfp: tls: add datapath support for TLS TX Prepend connection handle to each transmitted TLS packet. For each connection, the driver tracks the next sequence number expected. If an out of order packet is observed, the driver calls into the TLS kernel code to reencrypt that particular skb. Signed-off-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
232eeb1f |
|
05-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: add tls init code Add FW ABI defines and code for basic init of TLS offload. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|