xfrm: add new packet offload flag · tjh.dev/kernel@d14f28b

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

xfrm: add new packet offload flag

In the next patches, the xfrm core code will be extended to support
new type of offload - packet offload. In that mode, both policy and state
should be specially configured in order to perform whole offloaded data
path.

Full offload takes care of encryption, decryption, encapsulation and
other operations with headers.

As this mode is new for XFRM policy flow, we can "start fresh" with flag
bits and release first and second bit for future use.

Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

authored by

Leon Romanovsky and committed by

Steffen Klassert 3 years ago d14f28b8 65e6af6c

+18

4 changed files

expand all

include

net

xfrm.h

uapi

linux

xfrm.h

net

xfrm

xfrm_device.c

xfrm_user.c

include/net/xfrm.h

··· 131 131 XFRM_DEV_OFFLOAD_OUT, 132 132 }; 133 133 134 + enum { 135 + XFRM_DEV_OFFLOAD_UNSPECIFIED, 136 + XFRM_DEV_OFFLOAD_CRYPTO, 137 + XFRM_DEV_OFFLOAD_PACKET, 138 + }; 139 + 134 140 struct xfrm_dev_offload { 135 141 struct net_device *dev; 136 142 netdevice_tracker dev_tracker; 137 143 struct net_device *real_dev; 138 144 unsigned long offload_handle; 139 145 u8 dir : 2; 146 + u8 type : 2; 140 147 }; 141 148 142 149 struct xfrm_mode {

include/uapi/linux/xfrm.h

··· 519 519 */ 520 520 #define XFRM_OFFLOAD_IPV6 1 521 521 #define XFRM_OFFLOAD_INBOUND 2 522 + /* Two bits above are relevant for state path only, while 523 + * offload is used for both policy and state flows. 524 + * 525 + * In policy offload mode, they are free and can be safely reused. 526 + */ 527 + #define XFRM_OFFLOAD_PACKET 4 522 528 523 529 struct xfrm_userpolicy_default { 524 530 #define XFRM_USERPOLICY_UNSPEC 0

net/xfrm/xfrm_device.c

··· 291 291 else 292 292 xso->dir = XFRM_DEV_OFFLOAD_OUT; 293 293 294 + xso->type = XFRM_DEV_OFFLOAD_CRYPTO; 295 + 294 296 err = dev->xfrmdev_ops->xdo_dev_state_add(x); 295 297 if (err) { 296 298 xso->dev = NULL; 297 299 xso->dir = 0; 298 300 xso->real_dev = NULL; 299 301 netdev_put(dev, &xso->dev_tracker); 302 + xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED; 300 303 301 304 if (err != -EOPNOTSUPP) { 302 305 NL_SET_ERR_MSG(extack, "Device failed to offload this state");

net/xfrm/xfrm_user.c

··· 956 956 xuo->ifindex = xso->dev->ifindex; 957 957 if (xso->dir == XFRM_DEV_OFFLOAD_IN) 958 958 xuo->flags = XFRM_OFFLOAD_INBOUND; 959 + if (xso->type == XFRM_DEV_OFFLOAD_PACKET) 960 + xuo->flags |= XFRM_OFFLOAD_PACKET; 959 961 960 962 return 0; 961 963 }