[ipsec-next,v5,0/2] Update offload configuration with SA

Message

Chiachang Wang March 13, 2025, 2:36 a.m. UTC

The current Security Association (SA) offload setting
cannot be modified without removing and re-adding the
SA with the new configuration. Although existing netlink
messages allow SA migration, the offload setting will
be removed after migration.

This patchset enhances SA migration to include updating
the offload setting. This is beneficial for devices that
support IPsec session management.

Chiachang Wang (2):
  xfrm: Migrate offload configuration
  xfrm: Refactor migration setup during the cloning process

 include/net/xfrm.h     |  8 ++++++--
 net/key/af_key.c       |  2 +-
 net/xfrm/xfrm_policy.c |  4 ++--
 net/xfrm/xfrm_state.c  | 24 ++++++++++++++++--------
 net/xfrm/xfrm_user.c   | 15 ++++++++++++---
 5 files changed, 37 insertions(+), 16 deletions(-)

---
v4 -> v5:
 - Remove redundant xfrm_migrate pointer validation in the
   xfrm_state_clone_and_setup() method
v3 -> v4:
 - Change the target tree to ipsec-next
 - Rebase commit to adopt updated xfrm_init_state()
 - Remove redundant variable to rely on validiaty of pointer
 - Refactor xfrm_migrate copy into xfrm_state_clone and rename the
   method
v2 -> v3:
 - Update af_key.c to address kbuild error
v1 -> v2:
 - Revert "xfrm: Update offload configuration during SA update"
   change as the patch can be protentially handled in the
   hardware without the change.
 - Address review feedback to correct the logic in the
   xfrm_state_migrate in the migration offload configuration
   change.
 - Revise the commit message for "xfrm: Migrate offload configuration"
--
2.49.0.rc1.451.g8f38331e32-goog