1. net: flow_dissector: Add IPSEC dissector.
Flow dissector patch reads IPSEC headers (ESP or AH)
from packet and retrieves the SPI header.
2. tc: flower: support for SPI.
TC control path changes to pass SPI field from userspace tools to
kernel.
3. tc: flower: Enable offload support IPSEC SPI field.
This patch enables offload flags for SPI.
4. octeontx2-pf: TC flower offload support for SPI field.
HW offload support for classification in octeontx2 driver.
.../net/ethernet/marvell/octeontx2/af/mbox.h | 4 ++
.../net/ethernet/marvell/octeontx2/af/npc.h | 1 +
.../marvell/octeontx2/af/rvu_debugfs.c | 4 ++
.../marvell/octeontx2/af/rvu_npc_fs.c | 11 ++++
.../ethernet/marvell/octeontx2/nic/otx2_tc.c | 27 ++++++++++
include/net/flow_dissector.h | 9 ++++
include/net/flow_offload.h | 6 +++
include/uapi/linux/pkt_cls.h | 3 ++
net/core/flow_dissector.c | 53 ++++++++++++++++++-
net/core/flow_offload.c | 7 +++
net/sched/cls_flower.c | 35 ++++++++++++
11 files changed, 159 insertions(+), 1 deletion(-)
--
2.25.1
This patch enables offload for TC classifier
flower rules which matches against SPI field.
Signed-off-by: Ratheesh Kannoth <[email protected]>
---
include/net/flow_offload.h | 6 ++++++
net/core/flow_offload.c | 7 +++++++
2 files changed, 13 insertions(+)
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
index 118082eae48c..9efa9a59e81f 100644
--- a/include/net/flow_offload.h
+++ b/include/net/flow_offload.h
@@ -64,6 +64,10 @@ struct flow_match_tcp {
struct flow_dissector_key_tcp *key, *mask;
};
+struct flow_match_ipsec {
+ struct flow_dissector_key_ipsec *key, *mask;
+};
+
struct flow_match_mpls {
struct flow_dissector_key_mpls *key, *mask;
};
@@ -116,6 +120,8 @@ void flow_rule_match_ports_range(const struct flow_rule *rule,
struct flow_match_ports_range *out);
void flow_rule_match_tcp(const struct flow_rule *rule,
struct flow_match_tcp *out);
+void flow_rule_match_ipsec(const struct flow_rule *rule,
+ struct flow_match_ipsec *out);
void flow_rule_match_icmp(const struct flow_rule *rule,
struct flow_match_icmp *out);
void flow_rule_match_mpls(const struct flow_rule *rule,
diff --git a/net/core/flow_offload.c b/net/core/flow_offload.c
index acfc1f88ea79..bc5169482710 100644
--- a/net/core/flow_offload.c
+++ b/net/core/flow_offload.c
@@ -146,6 +146,13 @@ void flow_rule_match_tcp(const struct flow_rule *rule,
}
EXPORT_SYMBOL(flow_rule_match_tcp);
+void flow_rule_match_ipsec(const struct flow_rule *rule,
+ struct flow_match_ipsec *out)
+{
+ FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPSEC, out);
+}
+EXPORT_SYMBOL(flow_rule_match_ipsec);
+
void flow_rule_match_icmp(const struct flow_rule *rule,
struct flow_match_icmp *out)
{
--
2.25.1