Re: [PATCH net-next 1/9] netdevsim: a basic test PSP implementation

[Simon Horman <horms@kernel.org>]

On Wed, Sep 24, 2025 at 12:49:47PM -0700, Daniel Zahka wrote:
> From: Jakub Kicinski <kuba@kernel.org>
> 
> Provide a PSP implementation for netdevsim.
> 
> Use psp_dev_encapsulate() and psp_dev_rcv() to do actual encapsulation
> and decapsulation on skbs, but perform no encryption or decryption. In
> order to make encryption with a bad key result in a drop on the peer's
> rx side, we stash our psd's generation number in the first byte of each
> key before handing to the peer.
> 
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> Co-developed-by: Daniel Zahka <daniel.zahka@gmail.com>
> Signed-off-by: Daniel Zahka <daniel.zahka@gmail.com>

...

> diff --git a/drivers/net/netdevsim/psp.c b/drivers/net/netdevsim/psp.c
> new file mode 100644
> index 000000000000..cb568f89eb3e
> --- /dev/null
> +++ b/drivers/net/netdevsim/psp.c
> @@ -0,0 +1,218 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +#include <linux/ip.h>
> +#include <linux/skbuff.h>
> +#include <net/ip6_checksum.h>
> +#include <net/psp.h>
> +#include <net/sock.h>
> +
> +#include "netdevsim.h"
> +
> +enum skb_drop_reason
> +nsim_do_psp(struct sk_buff *skb, struct netdevsim *ns,
> +	    struct netdevsim *peer_ns, struct skb_ext **psp_ext)
> +{

...

> +	} else {
> +		struct ipv6hdr *ip6h;
> +		struct iphdr *iph;
> +		struct udphdr *uh;
> +		__wsum csum;
> +
> +		/* Do not decapsulate. Receive the skb with the udp and psp
> +		 * headers still there as if this is a normal udp packet.
> +		 * psp_dev_encapsulate() sets udp checksum to 0, so we need to
> +		 * provide a valid checksum here, so the skb isn't dropped.
> +		 */
> +		uh = udp_hdr(skb);
> +		csum = skb_checksum(skb, skb_transport_offset(skb),
> +				    ntohs(uh->len), 0);
> +
> +		switch (skb->protocol) {
> +		case htons(ETH_P_IP):
> +			iph = ip_hdr(skb);
> +			uh->check = udp_v4_check(ntohs(uh->len), iph->saddr,
> +						 iph->daddr, csum);
> +			break;
> +#if IS_ENABLED(CONFIG_IPV6)
> +		case htons(ETH_P_IPV6):
> +			ip6h = ipv6_hdr(skb);

ip6h is only used here. Which means that if CONFIG_IPV6 is not set then
compilers - e.g GCC 15.2.0 and Clang 21.1.1 - will warn when run with
-Wunused-variable.

Maybe no one cares. But if the scope of ip6h was reduced to here,
say by making this a block (using {}) and declaring iph6 inside it,
or using a helper, then things might be a bit cleaner.

> +			uh->check = udp_v6_check(ntohs(uh->len), &ip6h->saddr,
> +						 &ip6h->daddr, csum);
> +			break;
> +#endif
> +		}
> +
> +		uh->check	= uh->check ?: CSUM_MANGLED_0;
> +		skb->ip_summed	= CHECKSUM_NONE;
> +	}
> +
> +out_unlock:
> +	rcu_read_unlock();
> +	return rc;
> +}

...