From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91842C433E6 for ; Fri, 28 Aug 2020 11:23:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6AEF9207DF for ; Fri, 28 Aug 2020 11:23:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729220AbgH1LXn (ORCPT ); Fri, 28 Aug 2020 07:23:43 -0400 Received: from lb1-smtp-cloud9.xs4all.net ([194.109.24.22]:53721 "EHLO lb1-smtp-cloud9.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729052AbgH1LWs (ORCPT ); Fri, 28 Aug 2020 07:22:48 -0400 Received: from cust-69a1f852 ([IPv6:fc0c:c154:b0a8:48a5:61f4:988:bf85:2ed5]) by smtp-cloud9.xs4all.net with ESMTPSA id BcHdkdUtuecrdBcHskzy7X; Fri, 28 Aug 2020 13:11:19 +0200 Date: Fri, 28 Aug 2020 13:11:01 +0200 From: Antony Antony To: Steffen Klassert , Herbert Xu , "David S. Miller" Cc: Antony Antony , netdev@vger.kernel.org Subject: [PATCH RFC] xfrm: fail to create ixgbe offload of IPsec tunnel mode sa Message-ID: <20200828111101.GA16518@AntonyAntony.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-CMAE-Envelope: MS4wfMhkVuCRrYSqhuV34ZvzEu3Vm10Yu8GVxWuRBAkp9vfBtrbjXvyRwI+GV6HsLES2rbrG8JZLVD9dO3rydCP4ztfWslPEnqk+eg9yHhlZ1S5V0BtCCWxQ 2zQ4US2nCzH/FEKcZQY7VV/A6wYy8ogJ8i5osHSPBsmX8LjxTIfiVh6AdsMNjuhSPXyVeH7wyWfWl5S8u30NL/rGk0K5vJXXQ84n3DyATFDn5Og6bp5to50I J/LeGVodd2lAL6GZNYY28lSrpIq7tX7SIG/nVsK/SuPh+lQD4nyjTnz1fb8QuRQQFlRSSpOYAqCtXb26rJV1Ml0LpOSgD8v8beuAS+hEGfCxaDUdfLUP2xHm rzvDSqQu17ka9gsKEtitnigq+P+Ekb8+Ma+LfdYsWlSfLsgE0K0= Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Based on talks and indirect references ixgbe driver does not support offloading IPsec tunnel mode. It only support transport mode. Now explicitly fail to avoid when trying to offload. Fixes: 63a67fe229ea ("ixgbe: add ipsec offload add and remove SA") Signed-off-by: Antony Antony --- I haven't tested this fix as I have no access to the hardware. This patch is based on a libreswan bug report. https://github.com/libreswan/libreswan/issues/252 Is it useful to this bug report in kernel commit message? drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 5 +++++ drivers/net/ethernet/intel/ixgbevf/ipsec.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index eca73526ac86..e2b978efcc5a 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -575,6 +575,11 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs) return -EINVAL; } + if (xs->props.mode != XFRM_MODE_TRANSPORT) { + netdev_err(dev, "Unsupported mode for ipsec offload\n"); + return -EINVAL; + } + if (ixgbe_ipsec_check_mgmt_ip(xs)) { netdev_err(dev, "IPsec IP addr clash with mgmt filters\n"); return -EINVAL; diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c index 5170dd9d8705..d11b3f3414ea 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c +++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c @@ -272,6 +272,11 @@ static int ixgbevf_ipsec_add_sa(struct xfrm_state *xs) return -EINVAL; } + if (xs->props.mode != XFRM_MODE_TRANSPORT) { + netdev_err(dev, "Unsupported mode for ipsec offload\n"); + return -EINVAL; + } + if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) { struct rx_sa rsa; -- 2.21.3