From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751658AbeANJje (ORCPT + 1 other); Sun, 14 Jan 2018 04:39:34 -0500 Received: from mail-eopbgr40055.outbound.protection.outlook.com ([40.107.4.55]:47152 "EHLO EUR03-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750936AbeANJja (ORCPT ); Sun, 14 Jan 2018 04:39:30 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=yossefe@mellanox.com; From: yossefe@mellanox.com To: Jonathan Corbet , "David S. Miller" , Steffen Klassert , Herbert Xu , Yossef Efraim , Shannon Nelson , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Cc: borisp@mellanox.com, kliteyn@mellanox.com, yossiku@mellanox.com Subject: [PATCH net-next v3] xfrm: Add ESN support for IPSec HW offload Date: Sun, 14 Jan 2018 11:39:10 +0200 Message-Id: <1515922757-14792-1-git-send-email-yossefe@mellanox.com> X-Mailer: git-send-email 2.8.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [82.166.227.17] X-ClientProxiedBy: DB6P193CA0005.EURP193.PROD.OUTLOOK.COM (2603:10a6:6:29::15) To AM0PR0502MB3745.eurprd05.prod.outlook.com (2603:10a6:208:1e::14) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6a3a9cd7-2b7a-46af-c366-08d55b32b43c X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4604075)(4534125)(4602075)(4627221)(201703031133081)(201702281549075)(48565401081)(2017052603307)(7153060)(7193020);SRVR:AM0PR0502MB3745; X-Microsoft-Exchange-Diagnostics: 1;AM0PR0502MB3745;3:pA4isRVMmRyumUc9SlGRs8nLvl2bJMO/2EG4YHBhE7/0Y84FJArmfYqC2DCfIQpNiqTbix9NPjbuHxoz692uA4TxAkViEVwIUNYDpUGdVk5DtaMin3XM+umQQQr+WBCo3lDI2dH2rFuHX6PQ3krYdKKEdD/H4+pdw1GxkgbYPOzpkeXW+AbyTRmFjRQZZYhA2lHDba8Q772IJ+QcDQ2vtwFzHxXfPWpMDNawj+4S6IkIzc9UToi+PO4zl5OMxw/U;25:+NjgN9J0Xhl+9+VG2Hk1gEYs5xsxoIiPZyDEYr4eaqgzLdAFVZ7NrHogKsUfzeuTaC33mOqq/k31Dx3UCqeM1iEQBqAFPzNCKnZ7b9olTvKiuRAEOLPLk3b5zWmvG1pq2LqN56lnrshazaxe+9t/sr7FPTebGbCGy4yMGocLdQap+ziYTLeHQcszLx7aNIggzW5fkUPI7quIzRZOjHlaQf0l0H2VQ2RvD5IBjtzfInCOzChRXT96z5u3Y5GCkd0eLfqco/h2xFdsAVg2suIGWK9kaPQu9cp5zpGzIe8SM+gKtjfj6ONeSrFGIAI6j4jTXNCdeREz/V5sIbmcLtnrFw==;31:HJwAHxF4k6M4fApPc2HoLZyt8F4aNIuutKJsz/zTRY13efyoRfvxXfdb/XqXFHTmU3zhUtWdGkUMAzI4QC18oj2ob7zRt1Bpf/KRuf5KyxqinAVLNp9+tGwpWiBzmgbgO0dyf8h2r3ZDpi/ggNCUFi2LSDntAL5Z8p5mnnTfY5INUSybQqTSpg7sbr0l1tAAYDZ7QRiyTwKVRGpGWqmpUS5/tNNVd7LoXsNJWZ5teWE= X-MS-TrafficTypeDiagnostic: AM0PR0502MB3745: X-Microsoft-Exchange-Diagnostics: 1;AM0PR0502MB3745;20:XEa69+TJC7HsYilL/KsHvqJworGtVCUS0I2npzi7rwnBV8Mey07tsG3by5E5wrPG03rglcR+n1qpPTT6WePDAQYxF+VFV/OLQyWHluCXJ5OOGTqkrTW1zMsiXsljQRCqQ71GQwKgLHFxH2sQErgu50cQFycUK/sA2YiuWDXMALumGUIdz1AaEbr3K6w3SqT87WB/97agEFA/V8p2zyCoBQcde2SyJbByTGtdbcsGhzWRYaEosZnjRqtxJdHXIrzHZlskjt2ezD4Q2hOKsurRyQIK8arVSCnQFTJK03X7o3W2t8lk9Kyf5N9pWUJeFrO7RSnUa9+0BtZiIogwTS1dRtonpw3wCPJYqRT7Np0T2GXpwkI6ZteLYDrMwGxyGb+7mblN2oAl3pFn9dxdzPkzQuT+mOCUyI7II+6a/wvChNVsURT1yHg/PYJkiXC4RVK2ZVJBNJOWsFahTfyubsRXQ4BADvfCIU63CizE092iCjAEOrXSFULEZ7hEl5YF2Arg;4:6HhfoEbVdMbdix1vVduB+dvARdF5Pz7Kvb5rgKmT4r/hsHC+P+uVY1c2kamr/uo0RA4r/R92KX00Ce/+UYxvFyNErA+o9dNzT9y0/pngnpt71ZG06q5bOQ48a1msJypbXzg0HagND2FZXqKrmr25Enx1/DB/fLmMjn+ePf583T3PCec8jR+CK3/Dqt6fzRvo7fjTtu1c1J95jZJtX5KSYeqa5PFIR6AUhD8jLFcxE+8j+aOMs4CW7kY/Nmh0Ku+v3wOyjvpq0zILBB4HKYk89A== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(3231023)(944501161)(10201501046)(6055026)(6041268)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(6072148)(201708071742011);SRVR:AM0PR0502MB3745;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:AM0PR0502MB3745; X-Forefront-PRVS: 05529C6FDB X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(396003)(39380400002)(346002)(366004)(376002)(39860400002)(199004)(189003)(9686003)(6512007)(25786009)(33896004)(50466002)(36756003)(2906002)(6666003)(97736004)(51416003)(52116002)(8936002)(48376002)(6486002)(50226002)(8676002)(81156014)(68736007)(6506007)(81166006)(107886003)(386003)(478600001)(4326008)(47776003)(106356001)(316002)(5660300001)(16586007)(86362001)(7736002)(6116002)(3846002)(53936002)(85782001)(16526018)(110136005)(66066001)(105586002)(305945005)(59450400001)(85772001);DIR:OUT;SFP:1101;SCL:1;SRVR:AM0PR0502MB3745;H:dev-l-vrt-187.mtl.labs.mlnx;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;AM0PR0502MB3745;23:su5Bg4q64nkZCjFVlNlfcVL3HyyUGIlOq6Ks6Ye?= =?us-ascii?Q?B669UF5phWFQiagmxsNQ2GBJfwcIgGW0ADRME6Fr7jI4sTK6wCKPxvyDiZ4W?= =?us-ascii?Q?4+PV9czTQ5aJ/d9CadqZSyhhTFRf+sKCEIIHQncXFdUNVqb0gG08vT6rLgZf?= =?us-ascii?Q?IXjITa4eLf00JuAPYYZzJWNJniP4Kff+Upaaf0EPaxcI1D9aLywM4+KCNmEw?= =?us-ascii?Q?lKXOSC+96O90hpdsFs0xks7TvwfjCDnuxeUTj/al9gM1iVMppipcaMk5tWIR?= =?us-ascii?Q?bAnf7GA8gmmBEg6fZY+B3/CvIqVd/cUiHsl5zd5xlQ1s76BPaVrtszzIgbtF?= =?us-ascii?Q?Ju6noT2ROnj942IwNikLWvi4BlET36b5ILl3wuVUtyu5mW20rdg2A0QuR81T?= =?us-ascii?Q?09TuHukN8vKShj2CKE053jTsEmAUxrRcmaEDJgIm3kpnKpjASGtRMwX42075?= =?us-ascii?Q?WnHjBE+ZjciIRwahcmjzhFSzn0WSR6nMBbaPoZyC8Geg9c5rWTlUx2THyNKw?= =?us-ascii?Q?e05DbPa2dzAO6omaU0JCIcKeyRzTJzAvDd2GqItETTdJt+3CgockyXXN8320?= =?us-ascii?Q?xqFpTIFH5deSlXH15CY746saILgrcwkduMJ1y8MaJUShFyCVZPY83EL0BVlV?= =?us-ascii?Q?Nkfrccjkth7rte4y0tNwzcKATxR/yFTvRbEZwjUJvjpgrYODIYg+KRwzNMlH?= =?us-ascii?Q?2sZ7yy9rmoj/bYVvS7WQvGyGxGTBqndck3d562Du9vJ2qQ1QGyzB1xPrpE7t?= =?us-ascii?Q?xrvf+2JMwoVtn0c4MN+DQdpc7a0NPV/Vwnjo5QQ8zb/KBxEXigW7+KpcuYOl?= =?us-ascii?Q?EaKKaNiH0GR3QXdG9F3n5uN3DteFSgLkT2YmsTANYVB3d2s9vLbjSDoigf5z?= =?us-ascii?Q?ckXfIvwvN9FMEYtj4/4olfO3ZsGmVR5ZVlhr53d9K6aogdt7yWKvjTzHZIow?= =?us-ascii?Q?xxNO79i0qCbbvNqvtiomv5CvNMwZsRzUpQ7KqmuO8s1oMGHeGvUPoa128iqI?= =?us-ascii?Q?FRkN8M6Uu1L0X6DCqwk5uYRCsOkZJLBeu6V/uMdSn22tGGI0es572JC1k7to?= =?us-ascii?Q?4Z1QwcPjf78GwzhReSaXWJPhDF0R6NGlcUA7FHgvxNVSuaSua7lowOzyGuTc?= =?us-ascii?Q?I10MRnAutYidg+GVp1ib2XZ5Hjuqrwi/PfH3q7k6mICGtTRdbUnsMeg=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1;AM0PR0502MB3745;6:swq6FpDUcgJInSFem7SQoEefsywo64qmICPHJc5a6VQnIro5r8KscjKt1COEeSToj76vFm621loXaql1jraIWu8r+JSdRFH69oSuezF0SWSPXtKQAw7CxwIgu7hMBDUBr2cdC2ZOkP97xr4P03+kyYbwsaQ3ZYxCutV7flc9Ln5Ut0d7F5xqvj9XPDPuAnpE/UoodN8VeF3COu30kWcwWkOPo4mZDLmn5OU3Aopz0RYY0IS7X65dnSapEY9dPq9NtcU0xUbHZFnFyeWNg2W+y9dIGkiMvjSaA7gP3OJ6vx1HXumpwdEDgjPN1FCBStwT/0gzpsxNTc3LByG2Rx14xXyPVipwk0iPmjE6n8PIFf0=;5:dQkqlFuTAIhtM+Y2PoQEdQU+KclCKH1xOo7u7HgS9mF68tMeK/zqikSt9nkI1QoEF+XBwZxeRXNQjni048EaNF3iMWp5rDFgAkOtn5RyXx52EjNklL5+iQOIhIw/n7kPDVGxP9KTRt9crR/UnO7W+grwNqdQaKdlGrASFWevKaU=;24:bo2HcBAKfirGG+DSwU4A8V17cUCkKyr1pzm6eODvc2zGSdqy43pgxT1tBrC84anj71M5ilD58eMIBzdoNWkQxrULUyUS4NUv8uSgYeCYC6w=;7:GafAYSuOYES1c+mttw8r0VguUBT1a6LuMdYUBe6U2/DipuuS7BzwYPu94Z51BSCIlmCF1Zd7XHqMbPnoX48VqZTws6igDVZyW3iN/jimeYUZKQbUtRFco2zR0FXs5OrffkkjgaegQzzJng0S9n5pqZcH9xpPDVy0VQxoro4nfwFAf8+uW6NidvYCoCyXoV/Bo2ERJNTZO+j3RCZeN6RKJTkwYa6rNXIz5sR4R9t0w1e70bXd3kB2/7hwRtfsfB8n SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jan 2018 09:39:25.8166 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6a3a9cd7-2b7a-46af-c366-08d55b32b43c X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0502MB3745 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: From: Yossef Efraim This patch adds ESN support to IPsec device offload. Adding new xfrm device operation to synchronize device ESN. Signed-off-by: Yossef Efraim --- Changes from v1: - Added documentation Changes from v2: - Due to Shannon Nelson's request, xfrm_dev_state_add() fails if ESN is requested and xdo_dev_state_advance_esn() is not implemented --- Documentation/networking/xfrm_device.txt | 3 +++ include/linux/netdevice.h | 1 + include/net/xfrm.h | 12 ++++++++++++ net/xfrm/xfrm_device.c | 11 +++++++++-- net/xfrm/xfrm_replay.c | 2 ++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/Documentation/networking/xfrm_device.txt b/Documentation/networking/xfrm_device.txt index 2d9d588c..50c34ca 100644 --- a/Documentation/networking/xfrm_device.txt +++ b/Documentation/networking/xfrm_device.txt @@ -41,6 +41,7 @@ struct xfrmdev_ops { void (*xdo_dev_state_free) (struct xfrm_state *x); bool (*xdo_dev_offload_ok) (struct sk_buff *skb, struct xfrm_state *x); + void (*xdo_dev_state_advance_esn) (struct xfrm_state *x); }; The NIC driver offering ipsec offload will need to implement these @@ -117,6 +118,8 @@ the stack in xfrm_input(). hand the packet to napi_gro_receive() as usual +In ESN mode, xdo_dev_state_advance_esn() is called from xfrm_replay_advance_esn(). +Driver will check packet seq number and update HW ESN state machine if needed. When the SA is removed by the user, the driver's xdo_dev_state_delete() is asked to disable the offload. Later, xdo_dev_state_free() is called diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 352066e..3c81cd7 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -842,6 +842,7 @@ struct xfrmdev_ops { void (*xdo_dev_state_free) (struct xfrm_state *x); bool (*xdo_dev_offload_ok) (struct sk_buff *skb, struct xfrm_state *x); + void (*xdo_dev_state_advance_esn) (struct xfrm_state *x); }; #endif diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 079ea94..1ca2e6e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1901,6 +1901,14 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, struct xfrm_user_offload *xuo); bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x); +static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x) +{ + struct xfrm_state_offload *xso = &x->xso; + + if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn) + xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x); +} + static inline bool xfrm_dst_offload_ok(struct dst_entry *dst) { struct xfrm_state *x = dst->xfrm; @@ -1971,6 +1979,10 @@ static inline bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x return false; } +static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x) +{ +} + static inline bool xfrm_dst_offload_ok(struct dst_entry *dst) { return false; diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 7598250..93520106 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -147,8 +147,8 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, if (!x->type_offload) return -EINVAL; - /* We don't yet support UDP encapsulation, TFC padding and ESN. */ - if (x->encap || x->tfcpad || (x->props.flags & XFRM_STATE_ESN)) + /* We don't yet support UDP encapsulation and TFC padding. */ + if (x->encap || x->tfcpad) return -EINVAL; dev = dev_get_by_index(net, xuo->ifindex); @@ -178,6 +178,13 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, return 0; } + if (x->props.flags & XFRM_STATE_ESN && + !dev->xfrmdev_ops->xdo_dev_state_advance_esn) { + xso->dev = NULL; + dev_put(dev); + return -EINVAL; + } + xso->dev = dev; xso->num_exthdrs = 1; xso->flags = xuo->flags; diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 0250181..1d38c6a 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -551,6 +551,8 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) bitnr = replay_esn->replay_window - (diff - pos); } + xfrm_dev_state_advance_esn(x); + nr = bitnr >> 5; bitnr = bitnr & 0x1F; replay_esn->bmp[nr] |= (1U << bitnr); -- 2.8.1