lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 May 2022 13:49:07 +0300 From: Leon Romanovsky <leon@...nel.org> To: Steffen Klassert <steffen.klassert@...unet.com>, David Ahern <dsahern@...il.com> Cc: Leon Romanovsky <leonro@...dia.com>, "David S . Miller" <davem@...emloft.net>, Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org, Raed Salem <raeds@...dia.com>, ipsec-devel <devel@...ux-ipsec.org> Subject: [PATCH iproute2-next 3/4] xfrm: add full offload mode to xfrm state From: Leon Romanovsky <leonro@...dia.com> Allow users to configure xfrm states with full offload type. Full offload mode: ip xfrm state offload full dev <if-name> dir <in|out> Crypto offload mode: ip xfrm state offload crypto dev <if-name> dir <in|out> ip xfrm state offload dev <if-name> dir <in|out> The latter variant configures crypto offload mode and is needed to provide backward compatibility. Signed-off-by: Leon Romanovsky <leonro@...dia.com> --- ip/ipxfrm.c | 6 ++++-- ip/xfrm_state.c | 16 ++++++++++++++-- man/man8/ip-xfrm.8 | 1 + 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index 1c59596a..5117f483 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -895,8 +895,10 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, xuo = (struct xfrm_user_offload *) RTA_DATA(tb[XFRMA_OFFLOAD_DEV]); - fprintf(fp, "dev %s dir %s", ll_index_to_name(xuo->ifindex), - (xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out"); + fprintf(fp, "dev %s dir %s mode %s", + ll_index_to_name(xuo->ifindex), + (xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out", + (xuo->flags & XFRM_OFFLOAD_FULL) ? "full" : "crypto"); fprintf(fp, "%s", _SL_); } if (tb[XFRMA_IF_ID]) { diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index 9b6659a1..44887249 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -61,7 +61,7 @@ static void usage(void) " [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]\n" " [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n" " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n" - " [ offload dev DEV dir DIR ]\n" + " [ offload [ crypto | full ] dev DEV dir DIR ]\n" " [ output-mark OUTPUT-MARK [ mask MASK ] ]\n" " [ if_id IF_ID ] [ tfcpad LENGTH ]\n" "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n" @@ -312,7 +312,7 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv) struct xfrm_user_offload xuo = {}; unsigned int ifindex = 0; __u8 dir = 0; - bool is_offload = false; + bool is_offload = false, is_full_offload = false; __u32 replay_window = 0; __u32 seq = 0, oseq = 0, seq_hi = 0, oseq_hi = 0; char *idp = NULL; @@ -430,6 +430,16 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv) (void *)&ctx, ctx.sctx.len); } else if (strcmp(*argv, "offload") == 0) { NEXT_ARG(); + /* If user doesn't provide offload mode, treat it as + * crypto one for the backward compatibility. + */ + if (strcmp(*argv, "crypto") == 0) + NEXT_ARG(); + else if (strcmp(*argv, "full") == 0) { + is_full_offload = true; + NEXT_ARG(); + } + if (strcmp(*argv, "dev") == 0) { NEXT_ARG(); ifindex = ll_name_to_index(*argv); @@ -613,6 +623,8 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv) if (is_offload) { xuo.ifindex = ifindex; xuo.flags = dir; + if (is_full_offload) + xuo.flags |= XFRM_OFFLOAD_FULL; addattr_l(&req.n, sizeof(req.buf), XFRMA_OFFLOAD_DEV, &xuo, sizeof(xuo)); } diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 index 4243a023..e1b8aaab 100644 --- a/man/man8/ip-xfrm.8 +++ b/man/man8/ip-xfrm.8 @@ -66,6 +66,7 @@ ip-xfrm \- transform configuration .RB "[ " if_id .IR IF-ID " ]" .RB "[ " offload +.RB "[ " crypto | full " ]" .RB dev .IR DEV " .RB dir -- 2.35.1
Powered by blists - more mailing lists