From: David Dillow <dave@thedillows.org>
To: netdev@oss.sgi.com
Cc: linux-kernel@vger.kernel.org, dave@thedillows.org
Subject: [RFC 2.6.10 10/22] AH, ESP: Add offloading of outbound packets
Date: Thu, 30 Dec 2004 03:48:36 -0500 [thread overview]
Message-ID: <20041230035000.19@ori.thedillows.org> (raw)
In-Reply-To: 20041230035000.18@ori.thedillows.org
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/12/30 00:44:50-05:00 dave@thedillows.org
# Add crypto processing for outbound AH and ESP xfrms (IPv4).
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
# net/ipv4/esp4.c
# 2004/12/30 00:44:32-05:00 dave@thedillows.org +35 -21
# Add crypto offload for outbound ESP (IPv4) xfrms. Note that we always
# generate a random IV, as we are not guaranteed to have any state in
# the software crypto engine (we may have always been offloaded), and
# we cannot rely on secure IV generation by the NIC driver/hw.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
# net/ipv4/ah4.c
# 2004/12/30 00:44:32-05:00 dave@thedillows.org +31 -21
# Add crypto offload for outbound AH (IPv4) xfrms. Note that the NIC
# driver/hw is responsible for zeroing the mutable IP header fields.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
diff -Nru a/net/ipv4/ah4.c b/net/ipv4/ah4.c
--- a/net/ipv4/ah4.c 2004-12-30 01:10:14 -05:00
+++ b/net/ipv4/ah4.c 2004-12-30 01:10:14 -05:00
@@ -83,31 +83,41 @@
ah->spi = x->id.spi;
ah->seq_no = htonl(x->replay.oseq + 1);
- iph->tos = top_iph->tos;
- iph->ttl = top_iph->ttl;
- iph->frag_off = top_iph->frag_off;
-
- if (top_iph->ihl != 5) {
- iph->daddr = top_iph->daddr;
- memcpy(iph+1, top_iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
- err = ip_clear_mutable_options(top_iph, &top_iph->daddr);
- if (err)
+ if (dst->xfrm_offload) {
+ err = -ENOMEM;
+ xfrm_offload_hold(dst->xfrm_offload);
+ if (skb_push_xfrm_offload(skb, dst->xfrm_offload)) {
+ xfrm_offload_release(dst->xfrm_offload);
goto error;
- }
+ }
+ } else {
+ /* Not offloaded, manually calculate the auth hash */
+ iph->tos = top_iph->tos;
+ iph->ttl = top_iph->ttl;
+ iph->frag_off = top_iph->frag_off;
+
+ if (top_iph->ihl != 5) {
+ iph->daddr = top_iph->daddr;
+ memcpy(iph+1, top_iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
+ err = ip_clear_mutable_options(top_iph, &top_iph->daddr);
+ if (err)
+ goto error;
+ }
- top_iph->tos = 0;
- top_iph->frag_off = 0;
- top_iph->ttl = 0;
- top_iph->check = 0;
+ top_iph->tos = 0;
+ top_iph->frag_off = 0;
+ top_iph->ttl = 0;
+ top_iph->check = 0;
- ahp->icv(ahp, skb, ah->auth_data);
+ ahp->icv(ahp, skb, ah->auth_data);
- top_iph->tos = iph->tos;
- top_iph->ttl = iph->ttl;
- top_iph->frag_off = iph->frag_off;
- if (top_iph->ihl != 5) {
- top_iph->daddr = iph->daddr;
- memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
+ top_iph->tos = iph->tos;
+ top_iph->ttl = iph->ttl;
+ top_iph->frag_off = iph->frag_off;
+ if (top_iph->ihl != 5) {
+ top_iph->daddr = iph->daddr;
+ memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
+ }
}
/* Delay incrementing the replay sequence until we know we're going
diff -Nru a/net/ipv4/esp4.c b/net/ipv4/esp4.c
--- a/net/ipv4/esp4.c 2004-12-30 01:10:14 -05:00
+++ b/net/ipv4/esp4.c 2004-12-30 01:10:14 -05:00
@@ -98,33 +98,47 @@
esph->spi = x->id.spi;
esph->seq_no = htonl(++x->replay.oseq);
- if (esp->conf.ivlen)
- crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
+ if (dst->xfrm_offload) {
+ xfrm_offload_hold(dst->xfrm_offload);
+ if (skb_push_xfrm_offload(skb, dst->xfrm_offload)) {
+ xfrm_offload_release(dst->xfrm_offload);
+ goto error;
+ }
+
+ if (esp->conf.ivlen)
+ get_random_bytes(esph->enc_data, esp->conf.ivlen);
+ } else {
+ if (esp->conf.ivlen)
+ crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
+
+ do {
+ struct scatterlist *sg = &esp->sgbuf[0];
- do {
- struct scatterlist *sg = &esp->sgbuf[0];
+ if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
+ sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
+ if (!sg)
+ goto error;
+ }
+ skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
+ crypto_cipher_encrypt(tfm, sg, sg, clen);
+ if (unlikely(sg != &esp->sgbuf[0]))
+ kfree(sg);
+ } while (0);
- if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
- sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
- if (!sg)
- goto error;
+ if (esp->conf.ivlen) {
+ memcpy(esph->enc_data, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
+ crypto_cipher_get_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
+ }
+
+ if (esp->auth.icv_full_len) {
+ esp->auth.icv(esp, skb, (u8*)esph-skb->data,
+ sizeof(struct ip_esp_hdr) + esp->conf.ivlen+clen, trailer->tail);
}
- skb_to_sgvec(skb, sg, esph->enc_data+esp->conf.ivlen-skb->data, clen);
- crypto_cipher_encrypt(tfm, sg, sg, clen);
- if (unlikely(sg != &esp->sgbuf[0]))
- kfree(sg);
- } while (0);
-
- if (esp->conf.ivlen) {
- memcpy(esph->enc_data, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
- crypto_cipher_get_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
}
- if (esp->auth.icv_full_len) {
- esp->auth.icv(esp, skb, (u8*)esph-skb->data,
- sizeof(struct ip_esp_hdr) + esp->conf.ivlen+clen, trailer->tail);
+ /* Need to account for auth data, offloading or not... */
+ if (esp->auth.icv_full_len)
pskb_put(skb, trailer, alen);
- }
ip_send_check(top_iph);
next prev parent reply other threads:[~2004-12-30 8:48 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-30 8:48 [RFC 2.6.10 0/22] Add hardware assist for IPSEC crypto David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 1/22] xfrm: Add direction information to xfrm_state David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 2/22] xfrm: Add xfrm offload management calls to struct netdevice David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 3/22] xfrm: Add offload management routines David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 4/22] xfrm: Try to offload inbound xfrm_states David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 5/22] xfrm: Attempt to offload bundled xfrm_states for outbound xfrms David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 6/22] xfrm: add a parameter to xfrm_prune_bundles() David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 7/22] xfrm: Allow device drivers to force recalculation of offloads David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 8/22] skbuff: Add routines to manage applied offloads per skb David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 9/22] AH: Split header initialization from zeroing of mutable fields David Dillow
2004-12-30 8:48 ` David Dillow [this message]
2004-12-30 8:48 ` [RFC 2.6.10 11/22] AH, ESP: Add offloading of inbound packets David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 12/22] ethtool: Add support for crypto offload David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 13/22] typhoon: Make the ipsec descriptor match actual usage David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 14/22] typhoon: add inbound offload result processing David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 15/22] typhoon: add outbound offload processing David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 16/22] typhoon: collect crypto offload capabilities David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 17/22] typhoon: split out setting of offloaded tasks David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 18/22] typhoon: add validation of offloaded xfrm_states David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 19/22] typhoon: add loading of xfrm_states to hardware David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 20/22] typhoon: add management of outbound bundles David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 21/22] typhoon: add callbacks to support crypto offload David Dillow
2004-12-30 8:48 ` [RFC 2.6.10 22/22] Add some documentation for the IPSEC " David Dillow
2005-01-21 23:23 ` [RFC 2.6.10 7/22] xfrm: Allow device drivers to force recalculation of offloads David S. Miller
2005-01-22 5:53 ` David Dillow
2005-01-26 6:11 ` David S. Miller
2005-01-21 23:21 ` [RFC 2.6.10 6/22] xfrm: add a parameter to xfrm_prune_bundles() David S. Miller
2004-12-30 23:34 ` [RFC 2.6.10 5/22] xfrm: Attempt to offload bundled xfrm_states for outbound xfrms Francois Romieu
2004-12-31 3:31 ` David Dillow
2005-01-21 23:20 ` David S. Miller
2005-01-22 5:53 ` David Dillow
2005-01-26 6:11 ` David S. Miller
2005-01-21 22:56 ` [RFC 2.6.10 4/22] xfrm: Try to offload inbound xfrm_states David S. Miller
2005-01-22 5:52 ` David Dillow
2005-01-26 6:13 ` David S. Miller
2005-01-21 22:47 ` [RFC 2.6.10 3/22] xfrm: Add offload management routines David S. Miller
2005-01-22 6:00 ` David Dillow
[not found] ` <1106373038.3691.39.camel@ori.thedillows.org>
[not found] ` <20050125221608.0cb067b2.davem@davemloft.net>
2005-01-26 21:30 ` David Dillow
2005-01-21 22:40 ` [RFC 2.6.10 2/22] xfrm: Add xfrm offload management calls to struct netdevice David S. Miller
2004-12-30 9:48 ` [RFC 2.6.10 1/22] xfrm: Add direction information to xfrm_state Jan-Benedict Glaw
2004-12-30 16:16 ` Dave Dillow
2004-12-30 16:36 ` Jan-Benedict Glaw
[not found] ` <200412301436.06653.ioe-lkml@axxeo.de>
2004-12-30 16:21 ` Dave Dillow
2005-01-21 22:38 ` David S. Miller
2005-01-22 5:50 ` David Dillow
2005-01-26 6:17 ` David S. Miller
2005-01-26 21:14 ` David Dillow
2005-01-21 22:35 ` [RFC 2.6.10 0/22] Add hardware assist for IPSEC crypto David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041230035000.19@ori.thedillows.org \
--to=dave@thedillows.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).