| #
1fbce7de |
| 09-Feb-2025 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5 ipsec: return EOPNOTSUPP for unsupported SAs instead of EINVAL
The ipsec offload infra requires the EOPNOTSUPP error from driver to
understand that the SA is valid but offload cannot be perform
mlx5 ipsec: return EOPNOTSUPP for unsupported SAs instead of EINVAL
The ipsec offload infra requires the EOPNOTSUPP error from driver to
understand that the SA is valid but offload cannot be performed.
Sponsored by: NVidia networking
show more ...
|
| #
4c279534 |
| 09-Feb-2025 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5 ipsec: fix typo in the message
Sponsored by: NVidia networking
|
|
Revision tags: release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0 |
|
| #
8e5b07dd |
| 10-Oct-2024 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5_ipsec: add enough #ifdef IPSEC_OFFLOAD to make LINT_NOIP compilable
Reported by: kp
Sponsored by: NVidia networking
Fixes: 2851aafe96c1e357971f2b331fff837ead20522b
|
| #
2851aafe |
| 29-Sep-2024 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5 ipsec_offload: ensure that driver does not dereference dead sahindex
Take the sahtree rlock and check for the DEAD SA state before validating
and filling the SA xfrm attributes.
Sponsored by:
mlx5 ipsec_offload: ensure that driver does not dereference dead sahindex
Take the sahtree rlock and check for the DEAD SA state before validating
and filling the SA xfrm attributes.
Sponsored by: NVidia networking
show more ...
|
|
Revision tags: release/13.4.0 |
|
| #
205263ac |
| 30-Jul-2024 |
Ariel Ehrenberg <aehrenberg@nvidia.com> |
mlx5en: support ipsec offload on vlan if
Add vlan tag match to RX FS SA and policy rules
and report SA lifetime counter on vlan interface
in case SA was installed on vlan interface
Existing code di
mlx5en: support ipsec offload on vlan if
Add vlan tag match to RX FS SA and policy rules
and report SA lifetime counter on vlan interface
in case SA was installed on vlan interface
Existing code didn't have the net tag id as part of
the FS matching rules. This can cause applying
ipsec offload to the wrong interface.
This commit add tag id as part of FS matchers
and treat tag value 0 as no tag
Sponsored by: NVidia networking
show more ...
|
| #
828da10b |
| 13-Aug-2024 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5en: fix destroying tx sa_entry when installing rx sa_entry failed
In particular, do not cancel freed linux delayed work.
Sponsored by: NVidia networking
|
| #
e23731db |
| 22-Jul-2024 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5en: add IPSEC_OFFLOAD support
Right now, only IPv4 transport mode, with aes-gcm ESP, is supported.
Driver also cooperates with NAT-T, and obeys socket policies, which
makes IKEd like StrongSwan
mlx5en: add IPSEC_OFFLOAD support
Right now, only IPv4 transport mode, with aes-gcm ESP, is supported.
Driver also cooperates with NAT-T, and obeys socket policies, which
makes IKEd like StrongSwan working.
Sponsored by: NVIDIA networking
show more ...
|