git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Jianbo Liu <jianbol@nvidia.com>
	Thu, 18 Sep 2025 07:19:21 +0000 (10:19 +0300)
committer	Jakub Kicinski <kuba@kernel.org>
	Fri, 19 Sep 2025 23:48:36 +0000 (16:48 -0700)
commit	c69ac57199eac5259a715314a5edeb4c30925934
tree	bafce459742843fbaba00ae504b52c4f52c7a7e9	tree \| snapshot
parent	9f24f0c4d4ddbd207e655697e78ef67a0374a481	commit \| diff

net/mlx5e: Recirculate decrypted packets into TTC table

In the commit 5e466345291a ("net/mlx5e: IPsec: Add IPsec steering in
local NIC RX"), the decrypted packets are handled in RX error flow
table. There is only one rule in the table, which forwards packets to
the default ESP TIR.

This patch updates the design to allow RSS after decryption. For ESP
traffic, SPI and IP addresses are the fields selected for RSS hash,
and it's common that only one SPI is configured in RX direction, so
RSS can't work properly as all the packets are hashed to one key in
this case. To take advantage of RSS and improve performance, the
decrypted packets need to be forwarded back to TTC table, where RSS
can work based on the decrypted packet types.

Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/1758179963-649455-3-git-send-email-tariqt@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c		diff \| blob \| blame \| history
drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c		diff \| blob \| blame \| history