xfrm: add new packet offload flag

In the next patches, the xfrm core code will be extended to support
new type of offload - packet offload. In that mode, both policy and state
should be specially configured in order to perform whole offloaded data
path.

Full offload takes care of encryption, decryption, encapsulation and
other operations with headers.

As this mode is new for XFRM policy flow, we can "start fresh" with flag
bits and release first and second bit for future use.

Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index e0cc6791c001c293e43c1341fb9e0cc97da8a8fc..b39d24fa2ef08a0cb967a4a51af7fe8c51bbdbba 100644 (file)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -131,12 +131,19 @@ enum {
        XFRM_DEV_OFFLOAD_OUT,
 };
 
+enum {
+       XFRM_DEV_OFFLOAD_UNSPECIFIED,
+       XFRM_DEV_OFFLOAD_CRYPTO,
+       XFRM_DEV_OFFLOAD_PACKET,
+};
+
 struct xfrm_dev_offload {
        struct net_device       *dev;
        netdevice_tracker       dev_tracker;
        struct net_device       *real_dev;
        unsigned long           offload_handle;
        u8                      dir : 2;
+       u8                      type : 2;
 };
 
 struct xfrm_mode {

diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 4f84ea7ee14c902ee473a843af97b396009e0a04..23543c33fee823064d59b5fb958be11bcfed8f77 100644 (file)
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -519,6 +519,12 @@ struct xfrm_user_offload {
  */
 #define XFRM_OFFLOAD_IPV6      1
 #define XFRM_OFFLOAD_INBOUND   2
+/* Two bits above are relevant for state path only, while
+ * offload is used for both policy and state flows.
+ *
+ * In policy offload mode, they are free and can be safely reused.
+ */
+#define XFRM_OFFLOAD_PACKET    4
 
 struct xfrm_userpolicy_default {
 #define XFRM_USERPOLICY_UNSPEC 0

diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 21269e8f2db4b6e6d47840d6d8e5c0cd5f75f41d..3b0c1ca8d4bb6ad295f07e7dbca49674559aab22 100644 (file)
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -291,12 +291,15 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
        else
                xso->dir = XFRM_DEV_OFFLOAD_OUT;
 
+       xso->type = XFRM_DEV_OFFLOAD_CRYPTO;
+
        err = dev->xfrmdev_ops->xdo_dev_state_add(x);
        if (err) {
                xso->dev = NULL;
                xso->dir = 0;
                xso->real_dev = NULL;
                netdev_put(dev, &xso->dev_tracker);
+               xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
 
                if (err != -EOPNOTSUPP) {
                        NL_SET_ERR_MSG(extack, "Device failed to offload this state");

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 0eb4696661c80b937df18c5a916093809c29bc62..c3b8c15327188c8106a3eb42e7aa4c78c8e9e589 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -956,6 +956,8 @@ static int copy_user_offload(struct xfrm_dev_offload *xso, struct sk_buff *skb)
        xuo->ifindex = xso->dev->ifindex;
        if (xso->dir == XFRM_DEV_OFFLOAD_IN)
                xuo->flags = XFRM_OFFLOAD_INBOUND;
+       if (xso->type == XFRM_DEV_OFFLOAD_PACKET)
+               xuo->flags |= XFRM_OFFLOAD_PACKET;
 
        return 0;
 }