[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240702084452.2259237-1-yumike@google.com>
Date: Tue, 2 Jul 2024 16:44:47 +0800
From: Mike Yu <yumike@...gle.com>
To: netdev@...r.kernel.org, steffen.klassert@...unet.com
Cc: stanleyjhu@...gle.com, martinwu@...gle.com, chiachangwang@...gle.com,
yumike@...gle.com
Subject: [PATCH ipsec 0/4] Support IPsec crypto offload for IPv6 ESP and IPv4
UDP-encapsulated ESP data paths
Currently, IPsec crypto offload is enabled for GRO code path. However, there
are other code paths where the XFRM stack is involved; for example, IPv6 ESP
packets handled by xfrm6_esp_rcv() in ESP layer, and IPv4 UDP-encapsulated
ESP packets handled by udp_rcv() in UDP layer.
This patchset extends the crypto offload support to cover these two cases.
This is useful for devices with traffic accounting (e.g., Android), where GRO
can lead to inaccurate accounting on the underlying network. For example, VPN
traffic might not be counted on the wifi network interface wlan0 if the packets
are handled in GRO code path before entering the network stack for accounting.
Below is the RX data path scenario the crypto offload can be applied to.
+-----------+ +-------+
| HW Driver |-->| wlan0 |--------+
+-----------+ +-------+ |
v
+---------------+ +------+
+------>| Network Stack |-->| Apps |
| +---------------+ +------+
| |
| v
+--------+ +------------+
| ipsec1 |<--| XFRM Stack |
+--------+ +------------+
Mike Yu (4):
xfrm: Support crypto offload for inbound IPv6 ESP packets not in GRO
path
xfrm: Allow UDP encapsulation in crypto offload control path
xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP
packet
xfrm: Support crypto offload for outbound IPv4 UDP-encapsulated ESP
packet
net/ipv4/esp4.c | 7 ++++++-
net/ipv4/esp4_offload.c | 14 +++++++++++++-
net/xfrm/xfrm_device.c | 6 +++---
net/xfrm/xfrm_input.c | 3 ++-
net/xfrm/xfrm_policy.c | 5 ++++-
5 files changed, 28 insertions(+), 7 deletions(-)
--
2.45.2.803.g4e1b14247a-goog
Powered by blists - more mailing lists