From patchwork Mon Nov 4 23:32:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Feng Wang X-Patchwork-Id: 13862215 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8CF301F755C for ; Mon, 4 Nov 2024 23:33:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730763187; cv=none; b=h6TKNJMyKM7jT7clCKbK0p1tX6lV+Ot9tfBJvYszh79a1ZKmyazuF180mQyQr+aP15VG9a0F7gXndsjmYzXHCITiPUIK5iYgtjFghWl8iNnjP4nyY9Tiygs2dg1yapbYyTPrVMFI2OPKhKau+klQhH8JuZrx7N840abh8ee0JMg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730763187; c=relaxed/simple; bh=3qv8JMW22uYTPLZXnnQo6RAMhkzmPsDTF9IG82SZIFg=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=nIfAQQAq1tlCa5TTtAcaGBHQuE5uNb4SG/AuOxVHuo4OUw0c8VwC/dPxbm9tZpR023m/bVVycNNC9ze8FIWjIUgJhGUZUIyDDMPn1xvtfUmNWP/z7frbibdr/wDmBadipaKCHqqNdSuDZPIdtHZu60U53hfhkghrjZ/WecuIkec= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--wangfe.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=lmp314fa; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--wangfe.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lmp314fa" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e30c7a38bd7so5832656276.0 for ; Mon, 04 Nov 2024 15:33:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730763184; x=1731367984; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=znKZ1P5WRclxgS1HKUCpsAnIfR2nUnKfJeIz2j9vSwE=; b=lmp314faOTqp+X6vVM29iXyM6nCaQ37BkMPMZG0QaL9J0BEEJPTNO5JwfqsbhUvEW1 1fvBCE4gRfoTF/d4urGoRAX3BiSyU0enlplO7943J0sHRm9otcyFwGvBsjs5d+/Xskp+ 3Ar3ciaEXWmSWqjnVV16VO94rWkuTmG4j3gBETph99qVq6nc1tAYDh4vD7BjhV5US+ux 0E8YlZDQF73+BEuNq79Xh5SSdV/dPaH7a8mb+NXr9xEzsXJ7V4ReCb+ghhSvWFAHfLLF v5uVjzdxT/OyiUGVD5FEec/OtY28wutJzWZrUiAvDjsd70HwkQleuJhA+8ijsWtQm2ku pCTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730763184; x=1731367984; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=znKZ1P5WRclxgS1HKUCpsAnIfR2nUnKfJeIz2j9vSwE=; b=DaYMX+w+1gB0gzrrjSfih7VAVx7k/Ag8BmgwNBSe5CtZOPhZpilOz7dUturMGwJNa2 rg+prlMr3bzJKVXpd5MAUI7H3R7MMzRvg3Ylb2aMQMB1Q/2RU3PJgPmQlHu5q8K9YRoC AmvmpqA6Wd5aFIdhBi6j1pKednvO5BVzd32jFAjGtqFVzCsOQrjTj+19HlyFi3X8YFxs 48DvIsd7RwopLSc/RveQHKs5+N3yE5bYmBGsqJR8/sd1Q5mqMmjzqQGkuGrTTLW8yXWi 8fTldqfm43+OUkTF7l2mCE26naPJiw3jxWmdKk5AVSgKza00f7WlafbUC5HvRmMZQPrA uYaA== X-Gm-Message-State: AOJu0Yw+rH3a5v0kPRU4uvHHU/zfk4bZzqUW/5hElHtsTP+A7yqtoHsr 1HZLy7I8e3bOLBBkcVqTwNe9CVOJHImq+DdtZjTog26/B938TWIKJGexYVQQAzcY9ItxuAwCaPy bE3z6QEVgYXT+VsuX1VllKGR0i58/vxbHrOxLeRfPcCmAfStSzkLgP5AlPOd0dEbtFGxBMhHOPW TIacg99l36MOz64YrrbzTKWlo4WuShlFM7 X-Google-Smtp-Source: AGHT+IF3LY+2ImgwrEmcTM9sy2dde8XqAZ1jxvQI2uHxSpbZBqNaP/K9znLbSk89HeHC/i1FgLsoDx3Q4zw= X-Received: from wangfe.mtv.corp.google.com ([2a00:79e0:2e35:7:4cf7:d778:5c81:56cd]) (user=wangfe job=sendgmr) by 2002:a25:8289:0:b0:e2b:cca2:69e1 with SMTP id 3f1490d57ef6-e30e8d6b7edmr34739276.3.1730763183898; Mon, 04 Nov 2024 15:33:03 -0800 (PST) Date: Mon, 4 Nov 2024 15:32:51 -0800 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.47.0.199.ga7371fff76-goog Message-ID: <20241104233251.3387719-1-wangfe@google.com> Subject: [PATCH 1/2] xfrm: add SA information to the offloaded packet From: Feng Wang To: netdev@vger.kernel.org, steffen.klassert@secunet.com, antony.antony@secunet.com, leonro@nvidia.com Cc: wangfe@google.com X-Patchwork-Delegate: kuba@kernel.org From: wangfe In packet offload mode, append Security Association (SA) information to each packet, replicating the crypto offload implementation. The XFRM_XMIT flag is set to enable packet to be returned immediately from the validate_xmit_xfrm function, thus aligning with the existing code path for packet offload mode. This SA info helps HW offload match packets to their correct security policies. The XFRM interface ID is included, which is used in setups with multiple XFRM interfaces where source/destination addresses alone can't pinpoint the right policy. Enable packet offload mode on netdevsim and add code to check the XFRM interface ID. Signed-off-by: wangfe --- v3: https://lore.kernel.org/all/20240822200252.472298-1-wangfe@google.com/ - Add XFRM interface ID checking on netdevsim in the packet offload mode. v2: - Add why HW offload requires the SA info to the commit message v1: https://lore.kernel.org/all/20240812182317.1962756-1-wangfe@google.com/ --- --- drivers/net/netdevsim/ipsec.c | 24 +++++++++++++++++++++++- drivers/net/netdevsim/netdevsim.h | 1 + net/xfrm/xfrm_output.c | 21 +++++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c index f0d58092e7e9..1ce7447dd269 100644 --- a/drivers/net/netdevsim/ipsec.c +++ b/drivers/net/netdevsim/ipsec.c @@ -149,7 +149,8 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs, return -EINVAL; } - if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) { + if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO && + xs->xso.type != XFRM_DEV_OFFLOAD_PACKET) { NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type"); return -EINVAL; } @@ -165,6 +166,7 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs, memset(&sa, 0, sizeof(sa)); sa.used = true; sa.xs = xs; + sa.if_id = xs->if_id; if (sa.xs->id.proto & IPPROTO_ESP) sa.crypt = xs->ealg || xs->aead; @@ -224,10 +226,24 @@ static bool nsim_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs) return true; } +static int nsim_ipsec_add_policy(struct xfrm_policy *policy, + struct netlink_ext_ack *extack) +{ + return 0; +} + +static void nsim_ipsec_del_policy(struct xfrm_policy *policy) +{ +} + static const struct xfrmdev_ops nsim_xfrmdev_ops = { .xdo_dev_state_add = nsim_ipsec_add_sa, .xdo_dev_state_delete = nsim_ipsec_del_sa, .xdo_dev_offload_ok = nsim_ipsec_offload_ok, + + .xdo_dev_policy_add = nsim_ipsec_add_policy, + .xdo_dev_policy_delete = nsim_ipsec_del_policy, + }; bool nsim_ipsec_tx(struct netdevsim *ns, struct sk_buff *skb) @@ -272,6 +288,12 @@ bool nsim_ipsec_tx(struct netdevsim *ns, struct sk_buff *skb) return false; } + if (xs->if_id != tsa->if_id) { + netdev_err(ns->netdev, "unmatched if_id %d %d\n", + xs->if_id, tsa->if_id); + return false; + } + ipsec->tx++; return true; diff --git a/drivers/net/netdevsim/netdevsim.h b/drivers/net/netdevsim/netdevsim.h index bf02efa10956..4941b6e46d0a 100644 --- a/drivers/net/netdevsim/netdevsim.h +++ b/drivers/net/netdevsim/netdevsim.h @@ -41,6 +41,7 @@ struct nsim_sa { __be32 ipaddr[4]; u32 key[4]; u32 salt; + u32 if_id; bool used; bool crypt; bool rx; diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index e5722c95b8bb..a12588e7b060 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -706,6 +706,8 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) struct xfrm_state *x = skb_dst(skb)->xfrm; int family; int err; + struct xfrm_offload *xo; + struct sec_path *sp; family = (x->xso.type != XFRM_DEV_OFFLOAD_PACKET) ? x->outer_mode.family : skb_dst(skb)->ops->family; @@ -728,6 +730,25 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) kfree_skb(skb); return -EHOSTUNREACH; } + sp = secpath_set(skb); + if (!sp) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR); + kfree_skb(skb); + return -ENOMEM; + } + + sp->olen++; + sp->xvec[sp->len++] = x; + xfrm_state_hold(x); + + xo = xfrm_offload(skb); + if (!xo) { + secpath_reset(skb); + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR); + kfree_skb(skb); + return -EINVAL; + } + xo->flags |= XFRM_XMIT; return xfrm_output_resume(sk, skb, 0); } From patchwork Mon Nov 4 23:33:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Feng Wang X-Patchwork-Id: 13862216 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C84B01FE117 for ; Mon, 4 Nov 2024 23:33:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730763203; cv=none; b=qWsHo87JA+8LdNd66OiGwugE969jDsnuXjpBWVS/7/Ej8ekrzi5nMgzL4r8ej9PYue++UgjlYmFomajR65lDYE4WifBhCXUJI4RUuNpj3RbBsal6JAntALtGcDXruDUPelHxTwBdcUrsm/tuOBiCNomi4u8JO2iiohQb90xivsg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730763203; c=relaxed/simple; bh=LgQe7J5Py/2tAd8bMqhLOGuV2XDWPY4JY8JAJbwjIrc=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=urQ8vPk1v+TF9wUssXmt2ZjsXieigXNVPJ+3RhUFSgj9ZGx5irfJ6NLs8pPnY9IU+XsL1IKs96LywQSMfEE7wKm7UsAWByxqm5zldRfVNxzQbfajIr8CXWh5EZFXl+anPfXcHIXznOa+qS3IFIBnnOzP7GN8w42a3NpEtXIeSd8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--wangfe.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=cUX8sQYF; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--wangfe.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="cUX8sQYF" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e30ba241e7eso9077046276.2 for ; Mon, 04 Nov 2024 15:33:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730763201; x=1731368001; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=MLnYBvA6SkbTyLn/Rnb+BMsmOBhuuTv1NoPy4srfiBs=; b=cUX8sQYFpjmwclCn+2w88ER93tidQjvesgbs3Zt0h1n1IYQfoyxJhfJYBpu6mDlpUn 76I/hYRq0kA18JIlj3li0qDbbbkC3C/bdu3nvQm5gQag0bkd6rgCCFn40+Girhge1DDq aLE+cBgfAdaIIwB/EqnuzikizBWlxajGJwgQGzquVGlsqM+eiGGHqrdepVIrwmXL9Swt MTo+vih/LAOMuXZhuaIBU2uJBK0PaPrf48Ypd5IeQMGkWrPQifdn8ajYL+6dW2cYZw8a OwjvZiKQ9ahjRlRrWEj5FkV/LqivtROG8t+aL1CIXy+ST+w/YElSV3xnSVSkiCpYa9ZC 5P/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730763201; x=1731368001; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=MLnYBvA6SkbTyLn/Rnb+BMsmOBhuuTv1NoPy4srfiBs=; b=q1sNIVaBs++qoY+1YIRvCarPIq34k6NXe90M5H40GGjOdGcl1h4Mq3HUSaTZqjdlIf QskRiJYj5nXRh3Z188Nt+QhXexNn7El+U0B8c1iqv88eFfdIdggANhhsBRECvQHllVMA rCLVo48b7EjzGwxWJfLmlmG/kGmj1j0D4qJn7jEuD61HklrSyOQNlyOjA0WFifvVPTu+ WO4JrUIRiknmNzCfdzCH2hv32MBsP6qm0MTwaNNXKCdwI0Tz8Ge/+zM1sMlRk0mlGBL0 BLTQGFQZhP6h43egjV/iEFtiVor0s0oFLZQW86NuPJXNbIn9kEcipnek23VoS5kRcPE9 1VWQ== X-Gm-Message-State: AOJu0Yzwd49DFWH73Uj7HcOWCfdZZDdItZCUvUjIz6tRI41pLhQY1qtE mnqyshzbGOYQKaqMqyzh3jZ8q6m4tVI6WZ7pLbO4DJi7y9e0a/VcXgtBWba2x0WUhx+mXnjufSi NAO4a5d4MZVIbyr7m53uUMMQf4nTpGAeSX9ariO5LvFJ7UD7to4Lj65JrzrX3qHGaP89VWdBbq6 /cUv0hLZDDtDLB7ea5tEZ5ioTME0dv1zZF X-Google-Smtp-Source: AGHT+IFCFCbCym2iIwKVgJZm+K6KBwyQ04f57ctt6RCUWmsaqZxsOuBheuNLLAbxIfhbdMZ6s58Gy5fU4eI= X-Received: from wangfe.mtv.corp.google.com ([2a00:79e0:2e35:7:4cf7:d778:5c81:56cd]) (user=wangfe job=sendgmr) by 2002:a25:83c3:0:b0:e30:c79e:16bc with SMTP id 3f1490d57ef6-e30c79e1861mr22756276.8.1730763200199; Mon, 04 Nov 2024 15:33:20 -0800 (PST) Date: Mon, 4 Nov 2024 15:33:15 -0800 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.47.0.199.ga7371fff76-goog Message-ID: <20241104233315.3387982-1-wangfe@google.com> Subject: [PATCH 2/2] selftests: rtnetlink: add ipsec packet offload test From: Feng Wang To: netdev@vger.kernel.org, steffen.klassert@secunet.com, antony.antony@secunet.com, leonro@nvidia.com Cc: wangfe@google.com X-Patchwork-Delegate: kuba@kernel.org From: wangfe Duplicating kci_test_ipsec_offload to create a packet offload test. Using the netdevsim as a device for testing ipsec packet mode. Test the XFRM commands for setting up IPsec hardware packet offloads, especially configuring the XFRM interface ID. Signed-off-by: wangfe --- tools/testing/selftests/net/rtnetlink.sh | 124 +++++++++++++++++++++++ 1 file changed, 124 insertions(+) diff --git a/tools/testing/selftests/net/rtnetlink.sh b/tools/testing/selftests/net/rtnetlink.sh index bdf6f10d0558..4ce31625d593 100755 --- a/tools/testing/selftests/net/rtnetlink.sh +++ b/tools/testing/selftests/net/rtnetlink.sh @@ -24,6 +24,7 @@ ALL_TESTS=" kci_test_macsec_offload kci_test_ipsec kci_test_ipsec_offload + kci_test_ipsec_packet_offload kci_test_fdb_get kci_test_neigh_get kci_test_bridge_parent_id @@ -841,6 +842,129 @@ EOF end_test "PASS: ipsec_offload" } +#------------------------------------------------------------------- +# Example commands +# ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \ +# spi 0x07 mode tunnel reqid 0x07 replay-window 32 \ +# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ +# sel src 14.0.0.52/24 dst 14.0.0.70/24 +# offload packet dev ipsec1 dir out if_id 1 +# ip x p add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \ +# tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \ +# spi 0x07 mode tunnel reqid 0x07 \ +# offload packet dev ipsec1 if_id 1 +# +#------------------------------------------------------------------- +kci_test_ipsec_packet_offload() +{ + local ret=0 + algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" + srcip=192.168.123.3 + dstip=192.168.123.4 + sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/ + sysfsf=$sysfsd/ipsec + sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/ + probed=false + + if ! mount | grep -q debugfs; then + mount -t debugfs none /sys/kernel/debug/ &> /dev/null + fi + + # setup netdevsim since dummydev doesn't have offload support + if [ ! -w /sys/bus/netdevsim/new_device ] ; then + run_cmd modprobe -q netdevsim + if [ $ret -ne 0 ]; then + end_test "SKIP: ipsec_packet_offload can't load netdevsim" + return $ksft_skip + fi + probed=true + fi + + echo "0" > /sys/bus/netdevsim/new_device + while [ ! -d $sysfsnet ] ; do :; done + udevadm settle + dev=`ls $sysfsnet` + + ip addr add $netdevsimip dev $dev + ip link set $dev up + if [ ! -d $sysfsd ] ; then + end_test "FAIL: ipsec_packet_offload can't create device $dev" + return 1 + fi + if [ ! -f $sysfsf ] ; then + end_test "FAIL: ipsec_packet_offload netdevsim doesn't support offload" + return 1 + fi + + # flush to be sure there's nothing configured + ip x s flush ; ip x p flush + + # create offloaded out SA + run_cmd ip x p add offload packet dev $dev dir out src $srcip/24 \ + dst $dstip/24 tmpl proto esp src $srcip dst $dstip spi 9 \ + mode tunnel reqid 42 if_id $ipsec_if_id + + run_cmd ip x s add proto esp src $srcip dst $dstip spi 9 \ + mode tunnel reqid 42 $algo sel src $srcip/24 dst $dstip/24 \ + offload packet dev $dev dir out if_id $ipsec_if_id + + if [ $ret -ne 0 ]; then + end_test "FAIL: ipsec_packet_offload can't create SA" + return 1 + fi + + # does offload show up in ip output + lines=`ip x s list | grep -c "crypto offload parameters: dev $dev dir"` + if [ $lines -ne 1 ] ; then + check_err 1 + end_test "FAIL: ipsec_packet_offload SA missing from list output" + fi + + # setup xfrm interface + ip link add $ipsecdev type xfrm dev lo if_id $ipsec_if_id + ip link set $ipsecdev up + ip addr add $srcip/24 dev $ipsecdev + + # we didn't create a peer, make sure we can Tx + ip neigh add $dstip dev $dev lladdr 00:11:22:33:44:55 + # use ping to exercise the Tx path + ping -I $ipsecdev -c 3 -W 1 -i 0 $dstip >/dev/null + + # remove xfrm interface + ip link delete $ipsecdev + + # does driver have correct offload info + run_cmd diff $sysfsf - << EOF +SA count=1 tx=3 +sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000 +sa[0] spi=0x00000009 proto=0x32 salt=0x61626364 crypt=1 +sa[0] key=0x34333231 38373635 32313039 36353433 +EOF + if [ $? -ne 0 ] ; then + end_test "FAIL: ipsec_packet_offload incorrect driver data" + check_err 1 + fi + + # does offload get removed from driver + ip x s flush + ip x p flush + lines=`grep -c "SA count=0" $sysfsf` + if [ $lines -ne 1 ] ; then + check_err 1 + end_test "FAIL: ipsec_packet_offload SA not removed from driver" + fi + + # clean up any leftovers + echo 0 > /sys/bus/netdevsim/del_device + $probed && rmmod netdevsim + + if [ $ret -ne 0 ]; then + end_test "FAIL: ipsec_packet_offload" + return 1 + fi + end_test "PASS: ipsec_packet_offload" +} + kci_test_gretap() { DEV_NS=gretap00