diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2025-02-24 18:15:19 -0800 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2025-02-24 18:15:19 -0800 |
| commit | 79936fcb77023a2275b028b323d3b50f33ad5947 (patch) | |
| tree | 4a45c4587e391926561a5c4e38e3bde8206210ca /include/linux | |
| parent | a3ad653c915990fcbb72f9d41c94628255278abc (diff) | |
| parent | c69046c3f2dcef3fe65eb771544547286934a865 (diff) | |
Merge branch 'net-mlx5e-move-ipsec-policy-check-after-decryption'
Tariq Toukan says:
====================
net/mlx5e: Move IPSec policy check after decryption
This series by Jianbo adds IPsec policy check after decryption.
In current mlx5 driver, the policy check is done before decryption for
IPSec crypto and packet offload. This series changes that order to
make it consistent with the processing in kernel xfrm. Besides, RX
state with UPSPEC selector is supported correctly after new steering
table is added after decryption and before the policy check.
====================
Link: https://patch.msgid.link/20250220213959.504304-1-tariqt@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/mlx5/eswitch.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/mlx5/eswitch.h b/include/linux/mlx5/eswitch.h index df73a2ccc9af..67256e776566 100644 --- a/include/linux/mlx5/eswitch.h +++ b/include/linux/mlx5/eswitch.h @@ -147,6 +147,8 @@ u32 mlx5_eswitch_get_vport_metadata_for_set(struct mlx5_eswitch *esw, /* reuse tun_opts for the mapped ipsec obj id when tun_id is 0 (invalid) */ #define ESW_IPSEC_RX_MAPPED_ID_MASK GENMASK(ESW_TUN_OPTS_BITS - 1, 0) +#define ESW_IPSEC_RX_MAPPED_ID_MATCH_MASK \ + GENMASK(31 - ESW_RESERVED_BITS, ESW_ZONE_ID_BITS) u8 mlx5_eswitch_mode(const struct mlx5_core_dev *dev); u16 mlx5_eswitch_get_total_vports(const struct mlx5_core_dev *dev); |