[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240821105003.547460-2-liuhangbin@gmail.com>
Date: Wed, 21 Aug 2024 18:50:01 +0800
From: Hangbin Liu <liuhangbin@...il.com>
To: netdev@...r.kernel.org
Cc: Jay Vosburgh <j.vosburgh@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Eric Dumazet <edumazet@...gle.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Tariq Toukan <tariqt@...dia.com>,
Jianbo Liu <jianbol@...dia.com>,
Sabrina Dubroca <sd@...asysnail.net>,
Simon Horman <horms@...nel.org>,
Steffen Klassert <steffen.klassert@...unet.com>,
Hangbin Liu <liuhangbin@...il.com>
Subject: [PATCHv4 net-next 1/3] bonding: add common function to check ipsec device
This patch adds a common function to check the status of IPSec devices.
This function will be useful for future implementations, such as IPSec ESN
and state offload callbacks.
Suggested-by: Nikolay Aleksandrov <razor@...ckwall.org>
Reviewed-by: Nikolay Aleksandrov <razor@...ckwall.org>
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
drivers/net/bonding/bond_main.c | 47 ++++++++++++++++++++++++---------
1 file changed, 34 insertions(+), 13 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index f9633a6f8571..fe10ac66f26e 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -418,6 +418,38 @@ static int bond_vlan_rx_kill_vid(struct net_device *bond_dev,
/*---------------------------------- XFRM -----------------------------------*/
#ifdef CONFIG_XFRM_OFFLOAD
+/**
+ * bond_ipsec_dev - return the device for ipsec offload, or NULL if not exist
+ * caller must hold rcu_read_lock.
+ * @xs: pointer to transformer state struct
+ **/
+static struct net_device *bond_ipsec_dev(struct xfrm_state *xs)
+{
+ struct net_device *bond_dev = xs->xso.dev;
+ struct bonding *bond;
+ struct slave *slave;
+
+ if (!bond_dev)
+ return NULL;
+
+ bond = netdev_priv(bond_dev);
+ if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
+ return NULL;
+
+ slave = rcu_dereference(bond->curr_active_slave);
+ if (!slave)
+ return NULL;
+
+ if (!xs->xso.real_dev)
+ return NULL;
+
+ if (xs->xso.real_dev != slave->dev)
+ pr_warn_ratelimited("%s: (slave %s): not same with IPsec offload real dev %s\n",
+ bond_dev->name, slave->dev->name, xs->xso.real_dev->name);
+
+ return slave->dev;
+}
+
/**
* bond_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
@@ -595,23 +627,12 @@ static void bond_ipsec_del_sa_all(struct bonding *bond)
**/
static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
{
- struct net_device *bond_dev = xs->xso.dev;
struct net_device *real_dev;
- struct slave *curr_active;
- struct bonding *bond;
int err;
- bond = netdev_priv(bond_dev);
rcu_read_lock();
- curr_active = rcu_dereference(bond->curr_active_slave);
- real_dev = curr_active->dev;
-
- if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) {
- err = false;
- goto out;
- }
-
- if (!xs->xso.real_dev) {
+ real_dev = bond_ipsec_dev(xs);
+ if (!real_dev) {
err = false;
goto out;
}
--
2.45.0
Powered by blists - more mailing lists