[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240904003457.3847086-2-liuhangbin@gmail.com>
Date: Wed, 4 Sep 2024 08:34:55 +0800
From: Hangbin Liu <liuhangbin@...il.com>
To: netdev@...r.kernel.org
Cc: Jay Vosburgh <j.vosburgh@...il.com>,
Andy Gospodarek <andy@...yhouse.net>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Eric Dumazet <edumazet@...gle.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Tariq Toukan <tariqt@...dia.com>,
Jianbo Liu <jianbol@...dia.com>,
Sabrina Dubroca <sd@...asysnail.net>,
Simon Horman <horms@...nel.org>,
Steffen Klassert <steffen.klassert@...unet.com>,
Hangbin Liu <liuhangbin@...il.com>,
Jay Vosburgh <jv@...sburgh.net>
Subject: [PATCHv7 net-next 1/3] bonding: add common function to check ipsec device
This patch adds a common function to check the status of IPSec devices.
This function will be useful for future implementations, such as IPSec ESN
and state offload callbacks.
Suggested-by: Nikolay Aleksandrov <razor@...ckwall.org>
Reviewed-by: Nikolay Aleksandrov <razor@...ckwall.org>
Acked-by: Jay Vosburgh <jv@...sburgh.net>
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
drivers/net/bonding/bond_main.c | 50 ++++++++++++++++++++++++---------
1 file changed, 37 insertions(+), 13 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index f13d413ad26c..46f46fea9152 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -418,6 +418,41 @@ static int bond_vlan_rx_kill_vid(struct net_device *bond_dev,
/*---------------------------------- XFRM -----------------------------------*/
#ifdef CONFIG_XFRM_OFFLOAD
+/**
+ * bond_ipsec_dev - Get active device for IPsec offload
+ * @xs: pointer to transformer state struct
+ *
+ * Context: caller must hold rcu_read_lock.
+ *
+ * Return: the device for ipsec offload, or NULL if not exist.
+ **/
+static struct net_device *bond_ipsec_dev(struct xfrm_state *xs)
+{
+ struct net_device *bond_dev = xs->xso.dev;
+ struct bonding *bond;
+ struct slave *slave;
+
+ if (!bond_dev)
+ return NULL;
+
+ bond = netdev_priv(bond_dev);
+ if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
+ return NULL;
+
+ slave = rcu_dereference(bond->curr_active_slave);
+ if (!slave)
+ return NULL;
+
+ if (!xs->xso.real_dev)
+ return NULL;
+
+ if (xs->xso.real_dev != slave->dev)
+ pr_warn_ratelimited("%s: (slave %s): not same with IPsec offload real dev %s\n",
+ bond_dev->name, slave->dev->name, xs->xso.real_dev->name);
+
+ return slave->dev;
+}
+
/**
* bond_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
@@ -640,23 +675,12 @@ static void bond_ipsec_free_sa(struct xfrm_state *xs)
**/
static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
{
- struct net_device *bond_dev = xs->xso.dev;
struct net_device *real_dev;
- struct slave *curr_active;
- struct bonding *bond;
bool ok = false;
- bond = netdev_priv(bond_dev);
rcu_read_lock();
- curr_active = rcu_dereference(bond->curr_active_slave);
- if (!curr_active)
- goto out;
- real_dev = curr_active->dev;
-
- if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
- goto out;
-
- if (!xs->xso.real_dev)
+ real_dev = bond_ipsec_dev(xs);
+ if (!real_dev)
goto out;
if (!real_dev->xfrmdev_ops ||
--
2.45.0
Powered by blists - more mailing lists