>From 6d1ec5adddbe3a904591f465ff8487bc694de139 Mon Sep 17 00:00:00 2001 In-Reply-To: <20231113035219.920136-7-chopps@chopps.org> References: <20231113035219.920136-7-chopps@chopps.org> From: Antony Antony Date: Mon, 13 Nov 2023 14:20:45 +0100 Subject: [PATCH] xfrm iptfs migrate poc To: Christian Hopps Cc: devel@linux-ipsec.org, netdev@vger.kernel.org, Christian Hopps , Steffen Klassert via Devel From: Antony Antony proof of concept for IP-TFS migrate support Signed-off-by: Antony Antony --- include/net/xfrm.h | 1 + net/xfrm/xfrm_iptfs.c | 42 ++++++++++++++++++++++++++++++++++++------ net/xfrm/xfrm_state.c | 6 ++++++ 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index a6e0e848918d..176ab5ac436e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -456,6 +456,7 @@ struct xfrm_mode_cbs { int (*user_init)(struct net *net, struct xfrm_state *x, struct nlattr **attrs); int (*copy_to_user)(struct xfrm_state *x, struct sk_buff *skb); + int (*clone)(struct xfrm_state *orig, struct xfrm_state *x); u32 (*get_inner_mtu)(struct xfrm_state *x, int outer_mtu); diff --git a/net/xfrm/xfrm_iptfs.c b/net/xfrm/xfrm_iptfs.c index 65f7acdbe6a8..910c5e060931 100644 --- a/net/xfrm/xfrm_iptfs.c +++ b/net/xfrm/xfrm_iptfs.c @@ -2617,12 +2617,15 @@ static int iptfs_create_state(struct xfrm_state *x) { struct xfrm_iptfs_data *xtfs; - xtfs = kzalloc(sizeof(*xtfs), GFP_KERNEL); - if (!xtfs) - return -ENOMEM; - x->mode_data = xtfs; - - xtfs->x = x; + if (!x->mode_data) { + xtfs = kzalloc(sizeof(*xtfs), GFP_KERNEL); + if (!xtfs) + return -ENOMEM; + x->mode_data = xtfs; + xtfs->x = x; + } else { /* this is a cloned state */ + xtfs = (struct xfrm_iptfs_data *) x->mode_data; + } __skb_queue_head_init(&xtfs->queue); xtfs->init_delay_ns = xtfs->cfg.init_delay_us * NSECS_IN_USEC; @@ -2661,12 +2664,39 @@ static void iptfs_delete_state(struct xfrm_state *x) kfree_sensitive(xtfs); } +static int iptfs_clone(struct xfrm_state *orig, struct xfrm_state *x) +{ + struct xfrm_iptfs_data *xtfs; + struct xfrm_iptfs_config *xc; + + x->mode_data = kmemdup(orig->mode_data, sizeof(struct xfrm_iptfs_data), + GFP_KERNEL); + if (IS_ERR_OR_NULL(x->mode_data)) + return -ENOMEM; + + xtfs = (struct xfrm_iptfs_data *)x->mode_data; + xtfs->x = x; + xc = &xtfs->cfg; + if (xc->reorder_win_size) + xtfs->w_saved = kcalloc(xc->reorder_win_size, sizeof(*xtfs->w_saved), + GFP_KERNEL); + xtfs->ra_newskb = NULL; + memset(&xtfs->iptfs_timer, 0, sizeof(xtfs->iptfs_timer)); + memset(&xtfs->drop_timer, 0,sizeof(xtfs->drop_timer)); + memset(&xtfs->drop_lock, 0, sizeof(xtfs->drop_lock)); + + /* x->mode_cbs->create_state(x) will initialize the rest of xtfs */ + + return 0; +} + static const struct xfrm_mode_cbs iptfs_mode_cbs = { .owner = THIS_MODULE, .create_state = iptfs_create_state, .delete_state = iptfs_delete_state, .user_init = iptfs_user_init, .copy_to_user = iptfs_copy_to_user, + .clone = iptfs_clone, .get_inner_mtu = iptfs_get_inner_mtu, .input = iptfs_input, .output = iptfs_output_collect, diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 786f3fc0d428..fd592bf4d311 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -720,6 +720,7 @@ struct xfrm_state *xfrm_state_alloc(struct net *net) x->replay_maxage = 0; x->replay_maxdiff = 0; spin_lock_init(&x->lock); + x->mode_data = NULL; } return x; } @@ -1787,6 +1788,11 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, x->new_mapping = 0; x->new_mapping_sport = 0; + if (orig->mode_cbs && orig->mode_cbs->clone && orig->mode_data) { + if (orig->mode_cbs->clone(orig, x)) + goto error; + } + return x; error: -- 2.42.0