From patchwork Mon Dec 12 07:54:03 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leon Romanovsky <leon@kernel.org>
X-Patchwork-Id: 13070814
X-Patchwork-Delegate: dsahern@gmail.com
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7E8E5C4332F
	for <netdev@archiver.kernel.org>; Mon, 12 Dec 2022 07:54:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231336AbiLLHyb (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Mon, 12 Dec 2022 02:54:31 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38300 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231194AbiLLHy2 (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 12 Dec 2022 02:54:28 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org
 [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EA0F2B86A
        for <netdev@vger.kernel.org>; Sun, 11 Dec 2022 23:54:27 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id AA4EBB80B83
        for <netdev@vger.kernel.org>; Mon, 12 Dec 2022 07:54:26 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D9965C433EF;
        Mon, 12 Dec 2022 07:54:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1670831665;
        bh=5iNQHIrtbx5fBZUVOQRKW2JfC3gJUjQV8lLSrcoRTrA=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Es+sZLQnZ3lEmTzDCVNVqaFwk8gBo+dIFIZatqVkG7QnyG7YxhK2QEQOV7P9LXnVR
         Ix9/PUESlfIx8Yf4mG1URNJkDMYZ0OOEugRjDfL5dpJrfni320U9U/miTidBoIkUAJ
         oWafJ8iqcs65NIyTDEe/Ts+JOR6QgXvfCa7WdpJar3SXttLQ10KrQ8uBup/EED8BDE
         J/ADwO8PCfaaB8sv9jbZ/IrW0rY5UvdiKxneUeYNy11MAzjsR1E7XGC5wPLvab4TqD
         votqP0DKISCr1Aaa5o4KYMtx17NO8PKS6s2gu0NCMJL4hCxTHqVpJmqqejNrTfUlhs
         7ZLmawW8JbDsg==
From: Leon Romanovsky <leon@kernel.org>
To: Steffen Klassert <steffen.klassert@secunet.com>,
        David Ahern <dsahern@gmail.com>
Cc: Leon Romanovsky <leonro@nvidia.com>,
        Stephen Hemminger <stephen@networkplumber.org>,
        netdev@vger.kernel.org, Raed Salem <raeds@nvidia.com>
Subject: [PATCH iproute2-next v1 1/4] Update XFRM kernel header
Date: Mon, 12 Dec 2022 09:54:03 +0200
Message-Id: 
 <416ac3c4ca63a7747ed83e1b722f98c17a50bea2.1670830561.git.leonro@nvidia.com>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <cover.1670830561.git.leonro@nvidia.com>
References: <cover.1670830561.git.leonro@nvidia.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: dsahern@gmail.com

From: Leon Romanovsky <leonro@nvidia.com>

Sync XFRM header upto kernel commit d14f28b8c1de
("xfrm: add new packet offload flag")

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 include/uapi/linux/xfrm.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 4809f9be..23543c33 100644
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -519,6 +519,12 @@ struct xfrm_user_offload {
  */
 #define XFRM_OFFLOAD_IPV6	1
 #define XFRM_OFFLOAD_INBOUND	2
+/* Two bits above are relevant for state path only, while
+ * offload is used for both policy and state flows.
+ *
+ * In policy offload mode, they are free and can be safely reused.
+ */
+#define XFRM_OFFLOAD_PACKET	4
 
 struct xfrm_userpolicy_default {
 #define XFRM_USERPOLICY_UNSPEC	0
@@ -529,12 +535,14 @@ struct xfrm_userpolicy_default {
 	__u8				out;
 };
 
+#ifndef __KERNEL__
 /* backwards compatibility for userspace */
 #define XFRMGRP_ACQUIRE		1
 #define XFRMGRP_EXPIRE		2
 #define XFRMGRP_SA		4
 #define XFRMGRP_POLICY		8
 #define XFRMGRP_REPORT		0x20
+#endif
 
 enum xfrm_nlgroups {
 	XFRMNLGRP_NONE,

From patchwork Mon Dec 12 07:54:04 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leon Romanovsky <leon@kernel.org>
X-Patchwork-Id: 13070817
X-Patchwork-Delegate: dsahern@gmail.com
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AF956C4332F
	for <netdev@archiver.kernel.org>; Mon, 12 Dec 2022 07:54:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231487AbiLLHyz (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Mon, 12 Dec 2022 02:54:55 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38450 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231343AbiLLHyl (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 12 Dec 2022 02:54:41 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org
 [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F490B84D
        for <netdev@vger.kernel.org>; Sun, 11 Dec 2022 23:54:41 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id A9C9DB80B83
        for <netdev@vger.kernel.org>; Mon, 12 Dec 2022 07:54:39 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C08FAC433D2;
        Mon, 12 Dec 2022 07:54:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1670831678;
        bh=GTwvNyugaQUC66kTKwraZVvM6vyshj9vpIpNccMIgIQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Crh85dGDl0D1OUo5yaY7Gn/9BhBWpy7+YZO2Asb7bK8d1OrP4//g6cZPlhCz4bjLU
         z2BE5G73PL9Awq4y0hxZrNu8bGl0PYIz97f0xwo+PDCtqJshdPCHWoylwcKcEid9/x
         A4mrgc4XLUEMhf8UPwkW/QvUL7GlUFZ+FeJtc8MLM5NItgVY9Wi3fxxFmhDCkgYeXu
         ETw6E00maQbhRewJL5AUR1uittJYWmPozsF+vg3t0GFsa0X1mqSwRj8cg/983j3lOM
         VamLgyKmnmgGDea2wEtGK9ZdWaaY5jkyFfE1ZL26p9l9022V3C3wv14i25Y48g4i7h
         FUGV4SGZQHKVg==
From: Leon Romanovsky <leon@kernel.org>
To: Steffen Klassert <steffen.klassert@secunet.com>,
        David Ahern <dsahern@gmail.com>
Cc: Leon Romanovsky <leonro@nvidia.com>,
        Stephen Hemminger <stephen@networkplumber.org>,
        netdev@vger.kernel.org, Raed Salem <raeds@nvidia.com>
Subject: [PATCH iproute2-next v1 2/4] xfrm: prepare state offload logic to set
 mode
Date: Mon, 12 Dec 2022 09:54:04 +0200
Message-Id: 
 <0daa98d7cfb4e70856d13444d4bf6c4b3270a826.1670830561.git.leonro@nvidia.com>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <cover.1670830561.git.leonro@nvidia.com>
References: <cover.1670830561.git.leonro@nvidia.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: dsahern@gmail.com

From: Leon Romanovsky <leonro@nvidia.com>

The offload in xfrm state requires to provide device and direction
in order to activate it. However, in the help section, device and
direction were displayed as an optional.

As a preparation to addition of packet offload, let's fix the help
section and refactor the code to be more clear.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 ip/xfrm_state.c    | 35 +++++++++++++++++++----------------
 man/man8/ip-xfrm.8 |  5 +++++
 2 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index b2294d9f..6de2d28d 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -61,7 +61,7 @@ static void usage(void)
 		"        [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]\n"
 		"        [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n"
 		"        [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n"
-		"        [ offload [dev DEV] dir DIR ]\n"
+		"        [ offload dev DEV dir DIR ]\n"
 		"        [ output-mark OUTPUT-MARK [ mask MASK ] ]\n"
 		"        [ if_id IF_ID ] [ tfcpad LENGTH ]\n"
 		"Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n"
@@ -267,7 +267,7 @@ static int xfrm_state_extra_flag_parse(__u32 *extra_flags, int *argcp, char ***a
 	return 0;
 }
 
-static int xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp)
+static bool xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp)
 {
 	int argc = *argcp;
 	char **argv = *argvp;
@@ -277,12 +277,12 @@ static int xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp)
 	else if (strcmp(*argv, "out") == 0)
 		*dir = 0;
 	else
-		invarg("DIR value is invalid", *argv);
+		return false;
 
 	*argcp = argc;
 	*argvp = argv;
 
-	return 0;
+	return true;
 }
 
 static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
@@ -424,24 +424,27 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 			addattr_l(&req.n, sizeof(req.buf), XFRMA_SEC_CTX,
 				  (void *)&ctx, ctx.sctx.len);
 		} else if (strcmp(*argv, "offload") == 0) {
-			is_offload = true;
 			NEXT_ARG();
 			if (strcmp(*argv, "dev") == 0) {
 				NEXT_ARG();
 				ifindex = ll_name_to_index(*argv);
-				if (!ifindex) {
-					invarg("value after \"offload dev\" is invalid", *argv);
-					is_offload = false;
-				}
-				NEXT_ARG();
-			}
+				if (!ifindex)
+					invarg("Invalid device name", *argv);
+			} else
+				invarg("Missing dev keyword", *argv);
+
+			NEXT_ARG();
 			if (strcmp(*argv, "dir") == 0) {
+				bool is_dir;
+
 				NEXT_ARG();
-				xfrm_offload_dir_parse(&dir, &argc, &argv);
-			} else {
-				invarg("value after \"offload dir\" is invalid", *argv);
-				is_offload = false;
-			}
+				is_dir = xfrm_offload_dir_parse(&dir, &argc,
+								&argv);
+				if (!is_dir)
+					invarg("DIR value is invalid", *argv);
+			} else
+				invarg("Missing DIR keyword", *argv);
+			is_offload = true;
 		} else if (strcmp(*argv, "output-mark") == 0) {
 			NEXT_ARG();
 			if (get_u32(&output_mark.v, *argv, 0))
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index bf725cab..4243a023 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -65,6 +65,11 @@ ip-xfrm \- transform configuration
 .IR MASK " ] ]"
 .RB "[ " if_id
 .IR IF-ID " ]"
+.RB "[ " offload
+.RB dev
+.IR DEV "
+.RB dir
+.IR DIR " ]"
 .RB "[ " tfcpad
 .IR LENGTH " ]"
 

From patchwork Mon Dec 12 07:54:05 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leon Romanovsky <leon@kernel.org>
X-Patchwork-Id: 13070815
X-Patchwork-Delegate: dsahern@gmail.com
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A1F7CC4332F
	for <netdev@archiver.kernel.org>; Mon, 12 Dec 2022 07:54:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231445AbiLLHyj (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Mon, 12 Dec 2022 02:54:39 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38360 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231375AbiLLHyd (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 12 Dec 2022 02:54:33 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org
 [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62410B84D
        for <netdev@vger.kernel.org>; Sun, 11 Dec 2022 23:54:32 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 2105FB80B83
        for <netdev@vger.kernel.org>; Mon, 12 Dec 2022 07:54:31 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D3CDC433EF;
        Mon, 12 Dec 2022 07:54:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1670831669;
        bh=9Z9fWa06tNgRSrIq7xZY1/Knp1gppPuspRW3Zh83VwY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=W97oiqtyRrl0qMilMRwJMSUEeP5Lkv5ysuBhSuvtxp21+BQTMwVXrGUgpkQxUOF/t
         MvKpm3r18hpPdiC3JeLPkHzW7g+HvKHu6+986GXf59f+oO8xlb7PufPa3iUDgnmQNe
         FEWEzcPt/me/O41Viwj4U7SJFeNrBiL5126a4HJ/FYal7iX0prBdaCrFDejEQ0PiRx
         WEU1/Tl503WOE6GM8Jus1y4WtlFauInrLRGFaCdRJ1SUr96z0KDXnYcpqFb4fBKxgH
         SDhqk4cArcNRsHTjxJ2yGk/5C+d7HaDfrXEGMWDRXLkJaAx7P4ocUtDbMbmPX0PSGp
         GRaoqly1J4IBQ==
From: Leon Romanovsky <leon@kernel.org>
To: Steffen Klassert <steffen.klassert@secunet.com>,
        David Ahern <dsahern@gmail.com>
Cc: Leon Romanovsky <leonro@nvidia.com>,
        Stephen Hemminger <stephen@networkplumber.org>,
        netdev@vger.kernel.org, Raed Salem <raeds@nvidia.com>
Subject: [PATCH iproute2-next v1 3/4] xfrm: add packet offload mode to xfrm
 state
Date: Mon, 12 Dec 2022 09:54:05 +0200
Message-Id: 
 <9cbedf046af7c8014bc3295005d645e56a230da4.1670830561.git.leonro@nvidia.com>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <cover.1670830561.git.leonro@nvidia.com>
References: <cover.1670830561.git.leonro@nvidia.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: dsahern@gmail.com

From: Leon Romanovsky <leonro@nvidia.com>

Allow users to configure xfrm states with packet offload type.

Packet offload mode:
  ip xfrm state offload packet dev <if-name> dir <in|out>
Crypto offload mode:
  ip xfrm state offload crypto dev <if-name> dir <in|out>
  ip xfrm state offload dev <if-name> dir <in|out>

The latter variant configures crypto offload mode and is needed
to provide backward compatibility.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 ip/ipxfrm.c        |  6 ++++--
 ip/xfrm_state.c    | 16 ++++++++++++++--
 man/man8/ip-xfrm.8 |  1 +
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index 1c59596a..deb45817 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -895,8 +895,10 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
 
 		xuo = (struct xfrm_user_offload *)
 			RTA_DATA(tb[XFRMA_OFFLOAD_DEV]);
-		fprintf(fp, "dev %s dir %s", ll_index_to_name(xuo->ifindex),
-			(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out");
+		fprintf(fp, "dev %s dir %s mode %s",
+			ll_index_to_name(xuo->ifindex),
+			(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out",
+			(xuo->flags & XFRM_OFFLOAD_PACKET) ? "packet" : "crypto");
 		fprintf(fp, "%s", _SL_);
 	}
 	if (tb[XFRMA_IF_ID]) {
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index 6de2d28d..16c65e23 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -61,7 +61,7 @@ static void usage(void)
 		"        [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]\n"
 		"        [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n"
 		"        [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n"
-		"        [ offload dev DEV dir DIR ]\n"
+		"        [ offload [ crypto | packet ] dev DEV dir DIR ]\n"
 		"        [ output-mark OUTPUT-MARK [ mask MASK ] ]\n"
 		"        [ if_id IF_ID ] [ tfcpad LENGTH ]\n"
 		"Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n"
@@ -307,7 +307,7 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 	struct xfrm_user_offload xuo = {};
 	unsigned int ifindex = 0;
 	__u8 dir = 0;
-	bool is_offload = false;
+	bool is_offload = false, is_packet_offload = false;
 	__u32 replay_window = 0;
 	__u32 seq = 0, oseq = 0, seq_hi = 0, oseq_hi = 0;
 	char *idp = NULL;
@@ -425,6 +425,16 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 				  (void *)&ctx, ctx.sctx.len);
 		} else if (strcmp(*argv, "offload") == 0) {
 			NEXT_ARG();
+			/* If user doesn't provide offload mode, treat it as
+			 * crypto one for the backward compatibility.
+			 */
+			if (strcmp(*argv, "crypto") == 0)
+				NEXT_ARG();
+			else if (strcmp(*argv, "packet") == 0) {
+				is_packet_offload = true;
+				NEXT_ARG();
+			}
+
 			if (strcmp(*argv, "dev") == 0) {
 				NEXT_ARG();
 				ifindex = ll_name_to_index(*argv);
@@ -608,6 +618,8 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 	if (is_offload) {
 		xuo.ifindex = ifindex;
 		xuo.flags = dir;
+		if (is_packet_offload)
+			xuo.flags |= XFRM_OFFLOAD_PACKET;
 		addattr_l(&req.n, sizeof(req.buf), XFRMA_OFFLOAD_DEV, &xuo,
 			  sizeof(xuo));
 	}
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index 4243a023..a65cfa5f 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -66,6 +66,7 @@ ip-xfrm \- transform configuration
 .RB "[ " if_id
 .IR IF-ID " ]"
 .RB "[ " offload
+.RB "[ " crypto | packet " ]"
 .RB dev
 .IR DEV "
 .RB dir

From patchwork Mon Dec 12 07:54:06 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leon Romanovsky <leon@kernel.org>
X-Patchwork-Id: 13070816
X-Patchwork-Delegate: dsahern@gmail.com
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0D254C4332F
	for <netdev@archiver.kernel.org>; Mon, 12 Dec 2022 07:54:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231433AbiLLHyo (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Mon, 12 Dec 2022 02:54:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38484 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231346AbiLLHyj (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 12 Dec 2022 02:54:39 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A4B17CE2D
        for <netdev@vger.kernel.org>; Sun, 11 Dec 2022 23:54:36 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 55181B80B9A
        for <netdev@vger.kernel.org>; Mon, 12 Dec 2022 07:54:35 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7003CC433F0;
        Mon, 12 Dec 2022 07:54:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1670831674;
        bh=2wzGZKeJQvdu1+8luLE7TSHGEkwo6i7uf+AgmcJcad4=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Gbz1KfPvvULQue2sSs02kCGmCAoUPubhXVeXHotXDqej7ZeYfcjsPljnJhwh27LLd
         sEtBxSvXKV/c43O2rtTE+bmY1GWGHvce2fepCt4zIXNJRxgXjy9Hl1rfg0qnU6Dbv8
         /yGY7wtEOD8PF/NDkLHkQm+328KYXG41e63VDjxsQlOLutpBaa2oOPKQOfaTqxkmor
         V+Fumn1BGrZIA/bW3GS7QtHCGzvIR/OuYXnvAqGprDMpE1C4FvaeqDHsgeco8mrpOr
         9WaH0DXYigLssDrpEMAlqW0y7jk41fg2+UT1dJibuc2/B/lBOR9HNgIKn142u/6CVA
         ic5heRGJsxfTQ==
From: Leon Romanovsky <leon@kernel.org>
To: Steffen Klassert <steffen.klassert@secunet.com>,
        David Ahern <dsahern@gmail.com>
Cc: Leon Romanovsky <leonro@nvidia.com>,
        Stephen Hemminger <stephen@networkplumber.org>,
        netdev@vger.kernel.org, Raed Salem <raeds@nvidia.com>
Subject: [PATCH iproute2-next v1 4/4] xfrm: add an interface to offload policy
Date: Mon, 12 Dec 2022 09:54:06 +0200
Message-Id: 
 <b4a4601523a55b99d0ffdb3ffbcd7103c29cc0fe.1670830561.git.leonro@nvidia.com>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <cover.1670830561.git.leonro@nvidia.com>
References: <cover.1670830561.git.leonro@nvidia.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: dsahern@gmail.com

From: Leon Romanovsky <leonro@nvidia.com>

Extend at "ip xfrm policy" to allow policy offload to specific device.
The syntax and the code follow already established pattern from the
state offload.

The only difference between them is that direction was already mandatory
argument in policy configuration commands, so don't need to add direction
handling logic like it was done for the state offload.

The syntax is as follows:
 $ ip xfrm policy .... offload packet dev <if-name>

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 ip/ipxfrm.c        | 17 ++++++++++-------
 ip/xfrm.h          |  4 ++--
 ip/xfrm_monitor.c  |  2 +-
 ip/xfrm_policy.c   | 26 ++++++++++++++++++++++++++
 man/man8/ip-xfrm.8 |  8 ++++++++
 5 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index deb45817..7a1ebc95 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -688,8 +688,8 @@ done:
 	return 0;
 }
 
-void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
-		      FILE *fp, const char *prefix, bool nokeys)
+void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, FILE *fp,
+		      const char *prefix, bool nokeys, bool dir)
 {
 	if (tb[XFRMA_MARK]) {
 		struct rtattr *rta = tb[XFRMA_MARK];
@@ -895,9 +895,12 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
 
 		xuo = (struct xfrm_user_offload *)
 			RTA_DATA(tb[XFRMA_OFFLOAD_DEV]);
-		fprintf(fp, "dev %s dir %s mode %s",
-			ll_index_to_name(xuo->ifindex),
-			(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out",
+		fprintf(fp, "dev %s ",
+			ll_index_to_name(xuo->ifindex));
+		if (dir)
+			fprintf(fp, "dir %s ",
+			(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out");
+		fprintf(fp, "mode %s",
 			(xuo->flags & XFRM_OFFLOAD_PACKET) ? "packet" : "crypto");
 		fprintf(fp, "%s", _SL_);
 	}
@@ -990,7 +993,7 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
 		fprintf(fp, " (0x%s)", strxf_mask8(xsinfo->flags));
 	fprintf(fp, "%s", _SL_);
 
-	xfrm_xfrma_print(tb, xsinfo->family, fp, buf, nokeys);
+	xfrm_xfrma_print(tb, xsinfo->family, fp, buf, nokeys, true);
 
 	if (!xfrm_selector_iszero(&xsinfo->sel)) {
 		char sbuf[STRBUF_SIZE];
@@ -1096,7 +1099,7 @@ void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
 	if (show_stats > 0)
 		xfrm_lifetime_print(&xpinfo->lft, &xpinfo->curlft, fp, buf);
 
-	xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf, false);
+	xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf, false, false);
 }
 
 int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
diff --git a/ip/xfrm.h b/ip/xfrm.h
index 17dcf3fe..6f251603 100644
--- a/ip/xfrm.h
+++ b/ip/xfrm.h
@@ -124,8 +124,8 @@ const char *strxf_proto(__u8 proto);
 const char *strxf_ptype(__u8 ptype);
 void xfrm_selector_print(struct xfrm_selector *sel, __u16 family,
 			 FILE *fp, const char *prefix);
-void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
-		      FILE *fp, const char *prefix, bool nokeys);
+void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, FILE *fp,
+		      const char *prefix, bool nokeys, bool dir);
 void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
 			    struct rtattr *tb[], FILE *fp, const char *prefix,
 			   const char *title, bool nokeys);
diff --git a/ip/xfrm_monitor.c b/ip/xfrm_monitor.c
index f67424c5..b0056d9d 100644
--- a/ip/xfrm_monitor.c
+++ b/ip/xfrm_monitor.c
@@ -199,7 +199,7 @@ static int xfrm_report_print(struct nlmsghdr *n, void *arg)
 
 	parse_rtattr(tb, XFRMA_MAX, XFRMREP_RTA(xrep), len);
 
-	xfrm_xfrma_print(tb, family, fp, "  ", nokeys);
+	xfrm_xfrma_print(tb, family, fp, "  ", nokeys, true);
 
 	if (oneline)
 		fprintf(fp, "\n");
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index 4d825025..be5fcfed 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -57,6 +57,7 @@ static void usage(void)
 		"	[ mark MARK [ mask MASK ] ] [ index INDEX ] [ ptype PTYPE ]\n"
 		"	[ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ]\n"
 		"	[ if_id IF_ID ] [ LIMIT-LIST ] [ TMPL-LIST ]\n"
+		"	[ offload packet dev DEV] } ]\n"
 		"Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n"
 		"	[ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n"
 		"	[ if_id IF_ID ]\n"
@@ -260,6 +261,7 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
 	char *ptypep = NULL;
 	char *sctxp = NULL;
 	struct xfrm_userpolicy_type upt = {};
+	struct xfrm_user_offload xuo = {};
 	char tmpls_buf[XFRM_TMPLS_BUF_SIZE] = {};
 	int tmpls_len = 0;
 	struct xfrm_mark mark = {0, 0};
@@ -268,6 +270,8 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
 		char	str[CTX_BUF_SIZE];
 	} ctx = {};
 	bool is_if_id_set = false;
+	unsigned int ifindex = 0;
+	bool is_offload = false;
 	__u32 if_id = 0;
 
 	while (argc > 0) {
@@ -342,6 +346,21 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
 			if (get_u32(&if_id, *argv, 0))
 				invarg("IF_ID value is invalid", *argv);
 			is_if_id_set = true;
+		} else if (strcmp(*argv, "offload") == 0) {
+			NEXT_ARG();
+			if (strcmp(*argv, "packet") == 0)
+				NEXT_ARG();
+			else
+				invarg("Invalid offload mode", *argv);
+
+			if (strcmp(*argv, "dev") == 0) {
+				NEXT_ARG();
+				ifindex = ll_name_to_index(*argv);
+				if (!ifindex)
+					invarg("Invalid device name", *argv);
+			} else
+				invarg("Missing dev keyword", *argv);
+			is_offload = true;
 		} else {
 			if (selp)
 				duparg("unknown", *argv);
@@ -387,6 +406,13 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
 	if (is_if_id_set)
 		addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
 
+	if (is_offload) {
+		xuo.ifindex = ifindex;
+		xuo.flags |= XFRM_OFFLOAD_PACKET;
+		addattr_l(&req.n, sizeof(req.buf), XFRMA_OFFLOAD_DEV, &xuo,
+			  sizeof(xuo));
+	}
+
 	if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
 		exit(1);
 
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index a65cfa5f..3270f336 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -252,6 +252,10 @@ ip-xfrm \- transform configuration
 .IR FLAG-LIST " ]"
 .RB "[ " if_id
 .IR IF-ID " ]"
+.RB "[ " offload
+.RB packet
+.RB dev
+.IR DEV " ]"
 .RI "[ " LIMIT-LIST " ] [ " TMPL-LIST " ]"
 
 .ti -8
@@ -593,6 +597,10 @@ of the packets emitted by the state
 .I IF-ID
 xfrm interface identifier used to in both xfrm policies and states
 
+.TP
+.I DEV
+Network interface name used to offload policies and states
+
 .sp
 .PP
 .TS