From patchwork Tue May 10 10:49:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Romanovsky X-Patchwork-Id: 12844799 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F948C433EF for ; Tue, 10 May 2022 10:50:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240357AbiEJKx6 (ORCPT ); Tue, 10 May 2022 06:53:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37008 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240290AbiEJKx2 (ORCPT ); Tue, 10 May 2022 06:53:28 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CCE2A2AC0D4 for ; Tue, 10 May 2022 03:49:19 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8AC5EB81CBD for ; Tue, 10 May 2022 10:49:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CBD77C385CB; Tue, 10 May 2022 10:49:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1652179757; bh=Imekts7NADaq2I6t5Dpk8EkQ6dDB+2OFln8e4CrvQMw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tn65dioqyKJoovG+rSjuK7By/FuXu3nHuplcEViAUGadSdwjX8lsMSX57jZm1/k6z 87xJxT97hpepa+5FscsEKfTBlvZq0puHTOsWisHmrJ8cFy/yplPa0m9kfiLD9vQ74U MNgrBbDL0HUMHxQzVqpmHwZPNGXbYeTNPG+kOnA6NQ/VRz5isTIZYNMniFIP8xZ+NV gtjlQJaYQsLZ+xv61KzTGxlXmnnr+9khMH1s5g+ekN2E5AxnL4fqw0hj/ZCCNxEFv5 D9Ii/DbaKsCBz8jttCnraU6Cy1mxbfK/WeVoqgaZAhRS1PVOfdvuVp4pAHb8/u0V1P p3tN+TgnlKAYA== From: Leon Romanovsky To: Steffen Klassert , David Ahern Cc: Leon Romanovsky , "David S . Miller" , Herbert Xu , netdev@vger.kernel.org, Raed Salem , ipsec-devel Subject: [PATCH iproute2-next 1/4] Update kernel headers Date: Tue, 10 May 2022 13:49:05 +0300 Message-Id: X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com From: Leon Romanovsky Signed-off-by: Leon Romanovsky --- include/uapi/linux/xfrm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index 06ad9afb..1541e47b 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h @@ -519,6 +519,7 @@ struct xfrm_user_offload { */ #define XFRM_OFFLOAD_IPV6 1 #define XFRM_OFFLOAD_INBOUND 2 +#define XFRM_OFFLOAD_FULL 4 struct xfrm_userpolicy_default { #define XFRM_USERPOLICY_UNSPEC 0 From patchwork Tue May 10 10:49:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Romanovsky X-Patchwork-Id: 12844800 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4092C433F5 for ; Tue, 10 May 2022 10:50:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240178AbiEJKyU (ORCPT ); Tue, 10 May 2022 06:54:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240116AbiEJKxa (ORCPT ); Tue, 10 May 2022 06:53:30 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5DA12AF636 for ; Tue, 10 May 2022 03:49:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8B717B81CBA for ; Tue, 10 May 2022 10:49:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB279C385CD; Tue, 10 May 2022 10:49:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1652179761; bh=q85kHSKFW+m6NqQO8pVEdpYaF7aIaklkfY8ggfvASO4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NL9uJuSeuBXAO0VL/Vi6/tnGMS4Jq+E1AvikSe43/Cd2ojbZ2tmw31RgDQm3yiCIW ooFJ67Hs44cPVEAYn5CQ77UZtqNENY6hHXsaQ8s41wULQAOqZHD+FBOVZWDmgSxYoO 0OEdxhhScJGNfkhH83iz3boNb45fbbkn7/O70pNJQ2ZuqZdSuKh4SaKSp+aBgqXgQd J5rozQuF85DtiAAQlLLUitb9i+iOdlyd6v606oRSMSSZfXVX0WC3L82ZMiy95+YWbw imhZbbDwvhQA4EpT7otRZtuDL0drn3NSw5qPklBK8FhBvLOssijh9ke42XyZP6f0dn YbaNlgpCnufkw== From: Leon Romanovsky To: Steffen Klassert , David Ahern Cc: Leon Romanovsky , "David S . Miller" , Herbert Xu , netdev@vger.kernel.org, Raed Salem , ipsec-devel Subject: [PATCH iproute2-next 2/4] xfrm: prepare state offload logic to set mode Date: Tue, 10 May 2022 13:49:06 +0300 Message-Id: <740d6e75fc1c8f14d4c02b28bb9bca9210ca42b1.1652179360.git.leonro@nvidia.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com From: Leon Romanovsky The offload in xfrm state requires to provide device and direction in order to activate it. However, in the help section, device and direction were displayed as an optional. As a preparation to addition of full offload, let's fix the help section and refactor the code to be more clear. Signed-off-by: Leon Romanovsky --- ip/xfrm_state.c | 35 +++++++++++++++++++---------------- man/man8/ip-xfrm.8 | 5 +++++ 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index 6fee7efd..9b6659a1 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -61,7 +61,7 @@ static void usage(void) " [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]\n" " [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n" " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n" - " [ offload [dev DEV] dir DIR ]\n" + " [ offload dev DEV dir DIR ]\n" " [ output-mark OUTPUT-MARK [ mask MASK ] ]\n" " [ if_id IF_ID ] [ tfcpad LENGTH ]\n" "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n" @@ -272,7 +272,7 @@ static int xfrm_state_extra_flag_parse(__u32 *extra_flags, int *argcp, char ***a return 0; } -static int xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp) +static bool xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp) { int argc = *argcp; char **argv = *argvp; @@ -282,12 +282,12 @@ static int xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp) else if (strcmp(*argv, "out") == 0) *dir = 0; else - invarg("DIR value is invalid", *argv); + return false; *argcp = argc; *argvp = argv; - return 0; + return true; } static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv) @@ -429,24 +429,27 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv) addattr_l(&req.n, sizeof(req.buf), XFRMA_SEC_CTX, (void *)&ctx, ctx.sctx.len); } else if (strcmp(*argv, "offload") == 0) { - is_offload = true; NEXT_ARG(); if (strcmp(*argv, "dev") == 0) { NEXT_ARG(); ifindex = ll_name_to_index(*argv); - if (!ifindex) { - invarg("value after \"offload dev\" is invalid", *argv); - is_offload = false; - } - NEXT_ARG(); - } + if (!ifindex) + invarg("Invalid device name", *argv); + } else + invarg("Missing dev keyword", *argv); + + NEXT_ARG(); if (strcmp(*argv, "dir") == 0) { + bool is_dir; + NEXT_ARG(); - xfrm_offload_dir_parse(&dir, &argc, &argv); - } else { - invarg("value after \"offload dir\" is invalid", *argv); - is_offload = false; - } + is_dir = xfrm_offload_dir_parse(&dir, &argc, + &argv); + if (!is_dir) + invarg("DIR value is invalid", *argv); + } else + invarg("Missing DIR keyword", *argv); + is_offload = true; } else if (strcmp(*argv, "output-mark") == 0) { NEXT_ARG(); if (get_u32(&output_mark.v, *argv, 0)) diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 index bf725cab..4243a023 100644 --- a/man/man8/ip-xfrm.8 +++ b/man/man8/ip-xfrm.8 @@ -65,6 +65,11 @@ ip-xfrm \- transform configuration .IR MASK " ] ]" .RB "[ " if_id .IR IF-ID " ]" +.RB "[ " offload +.RB dev +.IR DEV " +.RB dir +.IR DIR " ]" .RB "[ " tfcpad .IR LENGTH " ]" From patchwork Tue May 10 10:49:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Romanovsky X-Patchwork-Id: 12844801 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25FB0C433EF for ; Tue, 10 May 2022 10:50:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239336AbiEJKy0 (ORCPT ); Tue, 10 May 2022 06:54:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240187AbiEJKxb (ORCPT ); Tue, 10 May 2022 06:53:31 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39FE82B0320 for ; Tue, 10 May 2022 03:49:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 489FBB81CB3 for ; Tue, 10 May 2022 10:49:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8EEC1C385A6; Tue, 10 May 2022 10:49:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1652179765; bh=f3wAxzZuaJVvubs7UniuqApoN0KAZ1lQTiDkYSb6WiY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Qrz+IHd9A+JdI3EdlF2+NmE5rvLXhP0PK0Yspnf0n2UrZGSmInyt+GcfosxxilUBJ 9or42yAKJtpyidsK52CwKgZMelVKSb0l5zmMnZlFzb8TGMWJ+lu52TBQsDYO4gQLji wpBPDSuRZoPSlJna1ClDm+U/JQgbRMNMDWksAw9wwKtq2BwpgUN66uFpYo1E+mLnXU +ldARwHgm8vu5/t3xiuOiTDZN504VfZEJILRTKFSRu4hWf3fuPzTlw6HG9lrlUOB86 bwxXb+r5YkTPOzPCBSluGN4oHpp4LU61x6PVL2bKyOu+wg+4Br1LfLbf94zbHzcOFU 6TjjgzWuF/R8w== From: Leon Romanovsky To: Steffen Klassert , David Ahern Cc: Leon Romanovsky , "David S . Miller" , Herbert Xu , netdev@vger.kernel.org, Raed Salem , ipsec-devel Subject: [PATCH iproute2-next 3/4] xfrm: add full offload mode to xfrm state Date: Tue, 10 May 2022 13:49:07 +0300 Message-Id: <100d6a0e10432177c75624965604e57ada077f2c.1652179360.git.leonro@nvidia.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com From: Leon Romanovsky Allow users to configure xfrm states with full offload type. Full offload mode: ip xfrm state offload full dev dir Crypto offload mode: ip xfrm state offload crypto dev dir ip xfrm state offload dev dir The latter variant configures crypto offload mode and is needed to provide backward compatibility. Signed-off-by: Leon Romanovsky --- ip/ipxfrm.c | 6 ++++-- ip/xfrm_state.c | 16 ++++++++++++++-- man/man8/ip-xfrm.8 | 1 + 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index 1c59596a..5117f483 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -895,8 +895,10 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, xuo = (struct xfrm_user_offload *) RTA_DATA(tb[XFRMA_OFFLOAD_DEV]); - fprintf(fp, "dev %s dir %s", ll_index_to_name(xuo->ifindex), - (xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out"); + fprintf(fp, "dev %s dir %s mode %s", + ll_index_to_name(xuo->ifindex), + (xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out", + (xuo->flags & XFRM_OFFLOAD_FULL) ? "full" : "crypto"); fprintf(fp, "%s", _SL_); } if (tb[XFRMA_IF_ID]) { diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index 9b6659a1..44887249 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -61,7 +61,7 @@ static void usage(void) " [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]\n" " [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n" " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n" - " [ offload dev DEV dir DIR ]\n" + " [ offload [ crypto | full ] dev DEV dir DIR ]\n" " [ output-mark OUTPUT-MARK [ mask MASK ] ]\n" " [ if_id IF_ID ] [ tfcpad LENGTH ]\n" "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n" @@ -312,7 +312,7 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv) struct xfrm_user_offload xuo = {}; unsigned int ifindex = 0; __u8 dir = 0; - bool is_offload = false; + bool is_offload = false, is_full_offload = false; __u32 replay_window = 0; __u32 seq = 0, oseq = 0, seq_hi = 0, oseq_hi = 0; char *idp = NULL; @@ -430,6 +430,16 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv) (void *)&ctx, ctx.sctx.len); } else if (strcmp(*argv, "offload") == 0) { NEXT_ARG(); + /* If user doesn't provide offload mode, treat it as + * crypto one for the backward compatibility. + */ + if (strcmp(*argv, "crypto") == 0) + NEXT_ARG(); + else if (strcmp(*argv, "full") == 0) { + is_full_offload = true; + NEXT_ARG(); + } + if (strcmp(*argv, "dev") == 0) { NEXT_ARG(); ifindex = ll_name_to_index(*argv); @@ -613,6 +623,8 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv) if (is_offload) { xuo.ifindex = ifindex; xuo.flags = dir; + if (is_full_offload) + xuo.flags |= XFRM_OFFLOAD_FULL; addattr_l(&req.n, sizeof(req.buf), XFRMA_OFFLOAD_DEV, &xuo, sizeof(xuo)); } diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 index 4243a023..e1b8aaab 100644 --- a/man/man8/ip-xfrm.8 +++ b/man/man8/ip-xfrm.8 @@ -66,6 +66,7 @@ ip-xfrm \- transform configuration .RB "[ " if_id .IR IF-ID " ]" .RB "[ " offload +.RB "[ " crypto | full " ]" .RB dev .IR DEV " .RB dir From patchwork Tue May 10 10:49:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Romanovsky X-Patchwork-Id: 12844802 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 288CFC433EF for ; Tue, 10 May 2022 10:50:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240430AbiEJKyc (ORCPT ); Tue, 10 May 2022 06:54:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240350AbiEJKxc (ORCPT ); Tue, 10 May 2022 06:53:32 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2291528F7C0 for ; Tue, 10 May 2022 03:49:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A0346617BD for ; Tue, 10 May 2022 10:49:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8636DC385CB; Tue, 10 May 2022 10:49:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1652179769; bh=dL6pPtIlWBvJeDVPdjZVdEYdi/gEKHlw/7zzFw+tzW4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=orJof4ybHoQxBG+eHwuWQuzA4hvVOcsTeCmEZoxdpVDsin6ebiWIexUh6JgWhAZ/7 Y365227oIqV3395BVH4bIBQWBLMT2E0hSuzcDheyHSW4pa+LNUjhIS4lBsA5tP5wMI jHUi8wvisbCLdLIpSc3dx+5HEy7mB77bi0TwOdMp9YheSGCh0GYoasKN85+l/eZITg aQBLfBet2+bGUcevO0NqVNY49fOF7wNiI8zrGffJFgseCfIfJejlV19k5vXNliw1v8 /kFSdzmTUPICFAwgBIGot1QnKJ/5PfP/ijorRsd7xgc6qGPVBMEylLPyvCDtB0NbOO lqLQptbpITtKQ== From: Leon Romanovsky To: Steffen Klassert , David Ahern Cc: Leon Romanovsky , "David S . Miller" , Herbert Xu , netdev@vger.kernel.org, Raed Salem , ipsec-devel Subject: [PATCH iproute2-next 4/4] xfrm: add an interface to offload policy Date: Tue, 10 May 2022 13:49:08 +0300 Message-Id: <86fa713b3c3d9c3b34535f940c1c6a9453cd72f0.1652179360.git.leonro@nvidia.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com From: Leon Romanovsky Extend at "ip xfrm policy" to allow policy offload to specific device. The syntax and the code follow already established pattern from the state offload. The only difference between them is that direction was already mandatory argument in policy configuration commands, so don't need to add direction handling logic like it was done for the state offload. The syntax is as follows: $ ip xfrm policy .... offload full dev Signed-off-by: Leon Romanovsky --- ip/ipxfrm.c | 18 +++++++++++------- ip/xfrm.h | 4 ++-- ip/xfrm_monitor.c | 2 +- ip/xfrm_policy.c | 26 ++++++++++++++++++++++++++ man/man8/ip-xfrm.8 | 8 ++++++++ 5 files changed, 48 insertions(+), 10 deletions(-) diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index 5117f483..cf9e05a4 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -688,8 +688,8 @@ done: return 0; } -void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, - FILE *fp, const char *prefix, bool nokeys) +void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, FILE *fp, + const char *prefix, bool nokeys, bool dir) { if (tb[XFRMA_MARK]) { struct rtattr *rta = tb[XFRMA_MARK]; @@ -895,9 +895,13 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, xuo = (struct xfrm_user_offload *) RTA_DATA(tb[XFRMA_OFFLOAD_DEV]); - fprintf(fp, "dev %s dir %s mode %s", - ll_index_to_name(xuo->ifindex), - (xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out", + + fprintf(fp, "dev %s ", + ll_index_to_name(xuo->ifindex)); + if (dir) + fprintf(fp, "dir %s ", + (xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out"); + fprintf(fp, "mode %s", (xuo->flags & XFRM_OFFLOAD_FULL) ? "full" : "crypto"); fprintf(fp, "%s", _SL_); } @@ -990,7 +994,7 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo, fprintf(fp, " (0x%s)", strxf_mask8(xsinfo->flags)); fprintf(fp, "%s", _SL_); - xfrm_xfrma_print(tb, xsinfo->family, fp, buf, nokeys); + xfrm_xfrma_print(tb, xsinfo->family, fp, buf, nokeys, true); if (!xfrm_selector_iszero(&xsinfo->sel)) { char sbuf[STRBUF_SIZE]; @@ -1096,7 +1100,7 @@ void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo, if (show_stats > 0) xfrm_lifetime_print(&xpinfo->lft, &xpinfo->curlft, fp, buf); - xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf, false); + xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf, false, false); } int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family, diff --git a/ip/xfrm.h b/ip/xfrm.h index 17dcf3fe..6f251603 100644 --- a/ip/xfrm.h +++ b/ip/xfrm.h @@ -124,8 +124,8 @@ const char *strxf_proto(__u8 proto); const char *strxf_ptype(__u8 ptype); void xfrm_selector_print(struct xfrm_selector *sel, __u16 family, FILE *fp, const char *prefix); -void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, - FILE *fp, const char *prefix, bool nokeys); +void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, FILE *fp, + const char *prefix, bool nokeys, bool dir); void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo, struct rtattr *tb[], FILE *fp, const char *prefix, const char *title, bool nokeys); diff --git a/ip/xfrm_monitor.c b/ip/xfrm_monitor.c index f67424c5..b0056d9d 100644 --- a/ip/xfrm_monitor.c +++ b/ip/xfrm_monitor.c @@ -199,7 +199,7 @@ static int xfrm_report_print(struct nlmsghdr *n, void *arg) parse_rtattr(tb, XFRMA_MAX, XFRMREP_RTA(xrep), len); - xfrm_xfrma_print(tb, family, fp, " ", nokeys); + xfrm_xfrma_print(tb, family, fp, " ", nokeys, true); if (oneline) fprintf(fp, "\n"); diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c index 4d825025..dd273eee 100644 --- a/ip/xfrm_policy.c +++ b/ip/xfrm_policy.c @@ -57,6 +57,7 @@ static void usage(void) " [ mark MARK [ mask MASK ] ] [ index INDEX ] [ ptype PTYPE ]\n" " [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ]\n" " [ if_id IF_ID ] [ LIMIT-LIST ] [ TMPL-LIST ]\n" + " [ offload full dev DEV] } ]\n" "Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n" " [ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n" " [ if_id IF_ID ]\n" @@ -260,6 +261,7 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv char *ptypep = NULL; char *sctxp = NULL; struct xfrm_userpolicy_type upt = {}; + struct xfrm_user_offload xuo = {}; char tmpls_buf[XFRM_TMPLS_BUF_SIZE] = {}; int tmpls_len = 0; struct xfrm_mark mark = {0, 0}; @@ -268,6 +270,8 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv char str[CTX_BUF_SIZE]; } ctx = {}; bool is_if_id_set = false; + unsigned int ifindex = 0; + bool is_offload = false; __u32 if_id = 0; while (argc > 0) { @@ -342,6 +346,21 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv if (get_u32(&if_id, *argv, 0)) invarg("IF_ID value is invalid", *argv); is_if_id_set = true; + } else if (strcmp(*argv, "offload") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "full") == 0) + NEXT_ARG(); + else + invarg("Invalid offload mode", *argv); + + if (strcmp(*argv, "dev") == 0) { + NEXT_ARG(); + ifindex = ll_name_to_index(*argv); + if (!ifindex) + invarg("Invalid device name", *argv); + } else + invarg("Missing dev keyword", *argv); + is_offload = true; } else { if (selp) duparg("unknown", *argv); @@ -387,6 +406,13 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv if (is_if_id_set) addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id); + if (is_offload) { + xuo.ifindex = ifindex; + xuo.flags |= XFRM_OFFLOAD_FULL; + addattr_l(&req.n, sizeof(req.buf), XFRMA_OFFLOAD_DEV, &xuo, + sizeof(xuo)); + } + if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 index e1b8aaab..cd1569dd 100644 --- a/man/man8/ip-xfrm.8 +++ b/man/man8/ip-xfrm.8 @@ -252,6 +252,10 @@ ip-xfrm \- transform configuration .IR FLAG-LIST " ]" .RB "[ " if_id .IR IF-ID " ]" +.RB "[ " offload +.RB full +.RB dev +.IR DEV " ]" .RI "[ " LIMIT-LIST " ] [ " TMPL-LIST " ]" .ti -8 @@ -593,6 +597,10 @@ of the packets emitted by the state .I IF-ID xfrm interface identifier used to in both xfrm policies and states +.TP +.I DEV +Network interface name used to offload policies and states + .sp .PP .TS