| Message ID | 20240712025125.1926249-1-yumike@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Support IPsec crypto offload for IPv6 ESP and IPv4 UDP-encapsulated ESP data paths | expand |
On Fri, Jul 12, 2024 at 10:51:21AM +0800, Mike Yu wrote: > Currently, IPsec crypto offload is enabled for GRO code path. However, there > are other code paths where the XFRM stack is involved; for example, IPv6 ESP > packets handled by xfrm6_esp_rcv() in ESP layer, and IPv4 UDP-encapsulated > ESP packets handled by udp_rcv() in UDP layer. > > This patchset extends the crypto offload support to cover these two cases. > This is useful for devices with traffic accounting (e.g., Android), where GRO > can lead to inaccurate accounting on the underlying network. For example, VPN > traffic might not be counted on the wifi network interface wlan0 if the packets > are handled in GRO code path before entering the network stack for accounting. > > Below is the RX data path scenario the crypto offload can be applied to. > > +-----------+ +-------+ > | HW Driver |-->| wlan0 |--------+ > +-----------+ +-------+ | > v > +---------------+ +------+ > +------>| Network Stack |-->| Apps | > | +---------------+ +------+ > | | > | v > +--------+ +------------+ > | ipsec1 |<--| XFRM Stack | > +--------+ +------------+ > > v3 -> v4: > - Change the target tree to ipsec-next. > v2 -> v3: > - Correct ESP seq in esp_xmit(). > v1 -> v2: > - Fix comment style. > > Mike Yu (4): > xfrm: Support crypto offload for inbound IPv6 ESP packets not in GRO > path > xfrm: Allow UDP encapsulation in crypto offload control path > xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP > packet > xfrm: Support crypto offload for outbound IPv4 UDP-encapsulated ESP > packet Series applied, thanks a lot Mike!
Currently, IPsec crypto offload is enabled for GRO code path. However, there are other code paths where the XFRM stack is involved; for example, IPv6 ESP packets handled by xfrm6_esp_rcv() in ESP layer, and IPv4 UDP-encapsulated ESP packets handled by udp_rcv() in UDP layer. This patchset extends the crypto offload support to cover these two cases. This is useful for devices with traffic accounting (e.g., Android), where GRO can lead to inaccurate accounting on the underlying network. For example, VPN traffic might not be counted on the wifi network interface wlan0 if the packets are handled in GRO code path before entering the network stack for accounting. Below is the RX data path scenario the crypto offload can be applied to. +-----------+ +-------+ | HW Driver |-->| wlan0 |--------+ +-----------+ +-------+ | v +---------------+ +------+ +------>| Network Stack |-->| Apps | | +---------------+ +------+ | | | v +--------+ +------------+ | ipsec1 |<--| XFRM Stack | +--------+ +------------+ v3 -> v4: - Change the target tree to ipsec-next. v2 -> v3: - Correct ESP seq in esp_xmit(). v1 -> v2: - Fix comment style. Mike Yu (4): xfrm: Support crypto offload for inbound IPv6 ESP packets not in GRO path xfrm: Allow UDP encapsulation in crypto offload control path xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP packet xfrm: Support crypto offload for outbound IPv4 UDP-encapsulated ESP packet net/ipv4/esp4.c | 8 +++++++- net/ipv4/esp4_offload.c | 17 ++++++++++++++++- net/xfrm/xfrm_device.c | 6 +++--- net/xfrm/xfrm_input.c | 3 ++- net/xfrm/xfrm_policy.c | 5 ++++- 5 files changed, 32 insertions(+), 7 deletions(-)