#
4461568a |
|
07-Sep-2022 |
Kuniyuki Iwashima <kuniyu@amazon.com> |
tcp: Access &tcp_hashinfo via net. We will soon introduce an optional per-netns ehash. This means we cannot use tcp_hashinfo directly in most places. Instead, access it via net->ipv4.tcp_death_row.hashinfo. The access will be valid only while initialising tcp_hashinfo itself and creating/destroying each netns. Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
81ee0eb6 |
|
19-Apr-2022 |
Kuniyuki Iwashima <kuniyu@amazon.co.jp> |
ipv6: Use ipv6_only_sock() helper in condition. This patch replaces some sk_ipv6only tests with ipv6_only_sock(). Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.co.jp> Reviewed-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c0ead555 |
|
09-Dec-2020 |
Jakub Kicinski <kuba@kernel.org> |
nfp: silence set but not used warning with IPV6=n Test robot reports: drivers/net/ethernet/netronome/nfp/crypto/tls.c: In function 'nfp_net_tls_rx_resync_req': drivers/net/ethernet/netronome/nfp/crypto/tls.c:477:18: warning: variable 'ipv6h' set but not used [-Wunused-but-set-variable] 477 | struct ipv6hdr *ipv6h; | ^~~~~ In file included from include/linux/compiler_types.h:65, from <command-line>: drivers/net/ethernet/netronome/nfp/crypto/tls.c: In function 'nfp_net_tls_add': include/linux/compiler_attributes.h:208:41: warning: statement will never be executed [-Wswitch-unreachable] 208 | # define fallthrough __attribute__((__fallthrough__)) | ^~~~~~~~~~~~~ drivers/net/ethernet/netronome/nfp/crypto/tls.c:299:3: note: in expansion of macro 'fallthrough' 299 | fallthrough; | ^~~~~~~~~~~ Use the IPv6 header in the switch, it doesn't matter which header we use to read the version field. Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
ed30aef3 |
|
17-Nov-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
nfp: tls: Fix unreachable code issue Fix the following unreachable code issue: drivers/net/ethernet/netronome/nfp/crypto/tls.c: In function 'nfp_net_tls_add': include/linux/compiler_attributes.h:208:41: warning: statement will never be executed [-Wswitch-unreachable] 208 | # define fallthrough __attribute__((__fallthrough__)) | ^~~~~~~~~~~~~ drivers/net/ethernet/netronome/nfp/crypto/tls.c:299:3: note: in expansion of macro 'fallthrough' 299 | fallthrough; | ^~~~~~~~~~~ Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Simon Horman <simon.horman@netronome.com> Link: https://lore.kernel.org/r/20201117171347.GA27231@embeddedor Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
df561f66 |
|
23-Aug-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
treewide: Use fallthrough pseudo-keyword Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
|
#
6a35ddc5 |
|
17-Dec-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: implement the stream sync RX resync The simple RX resync strategy controlled by the kernel does not guarantee as good results as if the device helps by detecting the potential record boundaries and keeping track of them. We've called this strategy stream scan in the tls-offload doc. Implement this strategy for the NFP. The device sends a request for record boundary confirmation, which is then recorded in per-TLS socket state and responded to once record is reached. Because the device keeps track of records passing after the request was sent the response is not as latency sensitive as when kernel just tries to tell the device the information about the next record. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c3b64911 |
|
08-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: don't leave key material in freed FW cmsg skbs Make sure the contents of the skb which carried key material to the FW is cleared. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
b5d9a834 |
|
08-Jul-2019 |
Dirk van der Merwe <dirk.vandermerwe@netronome.com> |
net/tls: don't clear TX resync flag on error Introduce a return code for the tls_dev_resync callback. When the driver TX resync fails, kernel can retry the resync again until it succeeds. This prevents drivers from attempting to offload TLS packets if the connection is known to be out of sync. We don't worry about the RX resync since they will be retried naturally as more encrypted records get received. Signed-off-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
53601c68 |
|
08-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: use unique connection ids instead of 4-tuple for TX Connection 4 tuple reuse is slightly problematic - TLS socket and context do not get destroyed until all the associated skbs left the system and all references are released. This leads to stale connection entry in the device preventing addition of new one if the 4 tuple is reused quickly enough. Instead of using read 4 tuple as the key use a unique ID. Set the protocol to TCP and port to 0 to ensure no collisions with real connections. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
ff8869d5 |
|
08-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: move setting ipver_vlan to a helper Long lines are ugly. No functional changes. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0f93242d |
|
08-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: ignore queue limits for delete commands We need to do our best not to drop delete commands, otherwise we will have stale entries in the connection table. Ignore the control message queue limits for delete commands. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
31d16664 |
|
05-Jul-2019 |
Wei Yongjun <weiyongjun1@huawei.com> |
nfp: tls: fix error return code in nfp_net_tls_add() Fix to return negative error code -EINVAL from the error handling case instead of 0, as done elsewhere in this function. Fixes: 1f35a56cf586 ("nfp: tls: add/delete TLS TX connections") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9ed431c1 |
|
10-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: make use of kernel-driven TX resync When TCP stream gets out of sync (driver stops receiving skbs with expected TCP sequence numbers) request a TX resync from the kernel. We try to distinguish retransmissions from missed transmissions by comparing the sequence number to expected - if it's further than the expected one - we probably missed packets. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
eeb2efaf |
|
10-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
net/tls: generalize the resync callback Currently only RX direction is ever resynced, however, TX may also get out of sequence if packets get dropped on the way to the driver. Rename the resync callback and add a direction parameter. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c0a4948e |
|
10-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: enable TLS RX offload Set ethtool TLS RX feature based on NIC capabilities, and enable TLS RX when connections are added for decryption. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
cad228a3 |
|
10-Jun-2019 |
Dirk van der Merwe <dirk.vandermerwe@netronome.com> |
nfp: tls: implement RX TLS resync Enable kernel-controlled RX resync and propagate TLS connection RX resync from kernel TLS to firmware. Signed-off-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d7053e04 |
|
10-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: rename nfp_ccm_mbox_alloc() We need the name nfp_ccm_mbox_alloc() for allocating the mailbox communication channel itself. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
51a5e563 |
|
05-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: tls: add basic statistics Count TX TLS packets: successes, out of order, and dropped due to missing record info. Make sure the RX and TX completion statistics don't share cache lines with TX ones as much as possible. With TLS stats they are no longer reasonably aligned. Signed-off-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
1f35a56c |
|
05-Jun-2019 |
Dirk van der Merwe <dirk.vandermerwe@netronome.com> |
nfp: tls: add/delete TLS TX connections This patch adds the functionality to add and delete TLS connections on the NFP, received from the kernel TLS callbacks. Make use of the common control message (CCM) infrastructure to propagate the kernel state to firmware. Signed-off-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
232eeb1f |
|
05-Jun-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: add tls init code Add FW ABI defines and code for basic init of TLS offload. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|