From: David Dillow <dave@thedillows.org>
To: netdev@oss.sgi.com
Cc: dave@thedillows.org
Subject: [RFC BK 11/22] xfrm offload v2: Add offloading of inbound AH & ESP packets
Date: Mon, 10 Jan 2005 10:37:01 -0500 [thread overview]
Message-ID: <20040110014300.20@ori.thedillows.org> (raw)
In-Reply-To: 20040110014300.19@ori.thedillows.org
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2005/01/10 00:51:49-05:00 dave@thedillows.org
# Add crypto offload for inbound IPv4 AH xfrms.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
# net/ipv4/esp4.c
# 2005/01/10 00:51:33-05:00 dave@thedillows.org +30 -16
# Add crypto offload for inbound IPv4 AH xfrms.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
# net/ipv4/ah4.c
# 2005/01/10 00:51:33-05:00 dave@thedillows.org +13 -4
# Add crypto offload for inbound IPv4 AH xfrms.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
diff -Nru a/net/ipv4/ah4.c b/net/ipv4/ah4.c
--- a/net/ipv4/ah4.c 2005-01-10 01:18:35 -05:00
+++ b/net/ipv4/ah4.c 2005-01-10 01:18:35 -05:00
@@ -138,6 +138,7 @@
struct iphdr *iph;
struct ip_auth_hdr *ah;
struct ah_data *ahp;
+ int offload;
char work_buf[60];
if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr)))
@@ -164,6 +165,7 @@
ah = (struct ip_auth_hdr*)skb->data;
iph = skb->nh.iph;
+ offload = skb_pop_xfrm_result(skb);
memcpy(work_buf, iph, iph->ihl*4);
@@ -181,10 +183,17 @@
memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
skb_push(skb, skb->data - skb->nh.raw);
- ahp->icv(ahp, skb, ah->auth_data);
- if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) {
- x->stats.integrity_failed++;
- goto out;
+ if (offload & XFRM_OFFLOAD_AUTH) {
+ if (unlikely(offload & XFRM_OFFLOAD_AUTH_FAIL)) {
+ x->stats.integrity_failed++;
+ goto out;
+ }
+ } else {
+ ahp->icv(ahp, skb, ah->auth_data);
+ if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) {
+ x->stats.integrity_failed++;
+ goto out;
+ }
}
}
((struct iphdr*)work_buf)->protocol = ah->nexthdr;
diff -Nru a/net/ipv4/esp4.c b/net/ipv4/esp4.c
--- a/net/ipv4/esp4.c 2005-01-10 01:18:35 -05:00
+++ b/net/ipv4/esp4.c 2005-01-10 01:18:35 -05:00
@@ -164,6 +164,7 @@
int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen;
int nfrags;
int encap_len = 0;
+ int offload;
if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr)))
goto out;
@@ -171,22 +172,32 @@
if (elen <= 0 || (elen & (blksize-1)))
goto out;
+ offload = skb_pop_xfrm_result(skb);
+
/* If integrity check is required, do this. */
if (esp->auth.icv_full_len) {
- u8 sum[esp->auth.icv_full_len];
- u8 sum1[alen];
+ if (unlikely(offload & XFRM_OFFLOAD_AUTH_FAIL)) {
+ x->stats.integrity_failed++;
+ goto out;
+ }
+
+ if (!(offload & XFRM_OFFLOAD_AUTH)) {
+ u8 sum[esp->auth.icv_full_len];
+ u8 sum1[alen];
- esp->auth.icv(esp, skb, 0, skb->len-alen, sum);
+ esp->auth.icv(esp, skb, 0, skb->len-alen, sum);
- if (skb_copy_bits(skb, skb->len-alen, sum1, alen))
- BUG();
+ if (skb_copy_bits(skb, skb->len-alen, sum1, alen))
+ BUG();
- if (unlikely(memcmp(sum, sum1, alen))) {
- x->stats.integrity_failed++;
- goto out;
+ if (unlikely(memcmp(sum, sum1, alen))) {
+ x->stats.integrity_failed++;
+ goto out;
+ }
}
}
+ /* XXX I think this can be moved to the !offload case */
if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0)
goto out;
@@ -195,15 +206,12 @@
esph = (struct ip_esp_hdr*)skb->data;
iph = skb->nh.iph;
- /* Get ivec. This can be wrong, check against another impls. */
- if (esp->conf.ivlen)
- crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm));
-
- {
- u8 nexthdr[2];
+ if (!(offload & XFRM_OFFLOAD_CONF)) {
struct scatterlist *sg = &esp->sgbuf[0];
- u8 workbuf[60];
- int padlen;
+
+ /* Get ivec. This can be wrong, check against another impls. */
+ if (esp->conf.ivlen)
+ crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm));
if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
@@ -214,6 +222,12 @@
crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen);
if (unlikely(sg != &esp->sgbuf[0]))
kfree(sg);
+ }
+
+ {
+ u8 nexthdr[2];
+ u8 workbuf[60];
+ int padlen;
if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
BUG();
next prev parent reply other threads:[~2005-01-10 15:37 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-10 15:36 [RFC BK 0/22] xfrm offload v2: Add hardware assist for IPSEC crypto David Dillow
2005-01-10 15:36 ` [RFC BK 1/22] xfrm offload v2: Add direction information to xfrm_state David Dillow
2005-01-10 15:36 ` [RFC BK 2/22] xfrm offload v2: Add xfrm offload management calls to struct netdevice David Dillow
2005-01-10 15:36 ` [RFC BK 3/22] xfrm offload v2: Add offload management routines David Dillow
2005-01-10 15:36 ` [RFC BK 4/22] xfrm offload v2: Try to offload inbound xfrm_states David Dillow
2005-01-10 15:37 ` [RFC BK 5/22] xfrm offload v2: Attempt to offload bundled xfrm_states for outbound xfrms David Dillow
2005-01-10 15:37 ` [RFC BK 6/22] xfrm offload v2: add a parameter to xfrm_prune_bundles() David Dillow
2005-01-10 15:37 ` [RFC BK 7/22] xfrm offload v2: Allow device drivers to force recalculation of offloads David Dillow
2005-01-10 15:37 ` [RFC BK 8/22] xfrm offload v2: Add routines to manage applied offloads per skb David Dillow
2005-01-10 15:37 ` [RFC BK 9/22] xfrm offload v2: Split AH header initialization from zeroing of mutable fields David Dillow
2005-01-10 15:37 ` [RFC BK 10/22] xfrm offload v2: Add offloading of outbound AH & ESP packets David Dillow
2005-01-10 15:37 ` David Dillow [this message]
2005-01-10 15:37 ` [RFC BK 12/22] xfrm offload v2: Add ethtool support for crypto offload control David Dillow
2005-01-10 15:37 ` [RFC BK 13/22] xfrm offload v2: typhoon: Make the ipsec descriptor match actual usage David Dillow
2005-01-10 15:37 ` [RFC BK 14/22] xfrm offload v2: typhoon: add inbound offload result processing David Dillow
2005-01-10 15:37 ` [RFC BK 15/22] xfrm offload v2: typhoon: add outbound offload processing David Dillow
2005-01-10 15:37 ` [RFC BK 16/22] xfrm offload v2: typhoon: collect crypto offload capabilities David Dillow
2005-01-10 15:37 ` [RFC BK 17/22] xfrm offload v2: typhoon: split out setting of offloaded tasks David Dillow
2005-01-10 15:37 ` [RFC BK 18/22] xfrm offload v2: typhoon: add validation of offloaded xfrm_states David Dillow
2005-01-10 15:37 ` [RFC BK 19/22] xfrm offload v2: typhoon: add loading of xfrm_states to hardware David Dillow
2005-01-10 15:37 ` [RFC BK 20/22] xfrm offload v2: typhoon: add management of outbound bundles David Dillow
2005-01-10 15:37 ` [RFC BK 21/22] xfrm offload v2: typhoon: add callbacks to support crypto offload David Dillow
2005-01-10 15:37 ` [RFC BK 22/22] xfrm offload v2: Add some documentation for the IPSEC " David Dillow
2005-01-17 19:00 ` [RFC BK 0/22] xfrm offload v2: Add hardware assist for IPSEC crypto James Morris
2005-01-20 17:22 ` Dave Dillow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040110014300.20@ori.thedillows.org \
--to=dave@thedillows.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).