| #
e23731db |
| 22-Jul-2024 |
Konstantin Belousov <kib@FreeBSD.org> |
mlx5en: add IPSEC_OFFLOAD support
Right now, only IPv4 transport mode, with aes-gcm ESP, is supported.
Driver also cooperates with NAT-T, and obeys socket policies, which
makes IKEd like StrongSwan
mlx5en: add IPSEC_OFFLOAD support
Right now, only IPv4 transport mode, with aes-gcm ESP, is supported.
Driver also cooperates with NAT-T, and obeys socket policies, which
makes IKEd like StrongSwan working.
Sponsored by: NVIDIA networking
show more ...
|
|
Revision tags: release/14.1.0, release/13.3.0, release/14.0.0 |
|
| #
95ee2897 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: two-line .h pattern
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0 |
|
| #
015f22f5 |
| 17-Feb-2022 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
mlx5en: Fix TLS worker thread race.
Create a dedicated free state, in case the taskqueue worker is still pending,
to avoid re-activation of a freed send tag.
MFC after: 1 week
Sponsored by: NVIDIA
mlx5en: Fix TLS worker thread race.
Create a dedicated free state, in case the taskqueue worker is still pending,
to avoid re-activation of a freed send tag.
MFC after: 1 week
Sponsored by: NVIDIA Networking
show more ...
|
| #
ebdb7006 |
| 17-Feb-2022 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
mlx5en: Improve RX- and TX- TLS refcounting.
Use the send tag refcounting mechanism to refcount the RX- and TX- TLS
send tags. Then it is no longer needed to wait for refcounts to reach
zero when de
mlx5en: Improve RX- and TX- TLS refcounting.
Use the send tag refcounting mechanism to refcount the RX- and TX- TLS
send tags. Then it is no longer needed to wait for refcounts to reach
zero when destroying RX- and TX- TLS send tags as a result of pending
data or WQE commands.
This also ensures that when TX-TLS and rate limiting is used at the same
time, the underlying SQ is not prematurely destroyed.
MFC after: 1 week
Sponsored by: NVIDIA Networking
show more ...
|
| #
84d7b8e7 |
| 01-Feb-2022 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
mlx5en: Implement TLS RX support.
TLS RX support is modeled after TLS TX support. The basic structures and layouts
are almost identical, except that the send tag created filters RX traffic and
not T
mlx5en: Implement TLS RX support.
TLS RX support is modeled after TLS TX support. The basic structures and layouts
are almost identical, except that the send tag created filters RX traffic and
not TX traffic.
The TLS RX tag keeps track of past TLS records up to a certain limit,
approximately 1 Gbyte of TCP data. TLS records of same length are joined
into a single database record.
Regularly the HW is queried for TLS RX progress information. The TCP sequence
number gotten from the HW is then matches against the database of TLS TCP
sequence number records and lengths. If a match is found a static params WQE
is queued on the IQ and the hardware should immediately resume decrypting TLS
data until the next non-sequential TCP packet arrives.
Offloading TLS RX data is supported for untagged, prio-tagged, and
regular VLAN traffic.
MFC after: 1 week
Sponsored by: NVIDIA Networking
show more ...
|