* [PATCHv6 net-next 1/3] bonding: add common function to check ipsec device
2024-08-29 9:31 [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions Hangbin Liu
@ 2024-08-29 9:31 ` Hangbin Liu
2024-08-29 9:31 ` [PATCHv6 net-next 2/3] bonding: Add ESN support to IPSec HW offload Hangbin Liu
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Hangbin Liu @ 2024-08-29 9:31 UTC (permalink / raw)
To: netdev
Cc: Jay Vosburgh, David S . Miller, Jakub Kicinski, Paolo Abeni,
Eric Dumazet, Nikolay Aleksandrov, Tariq Toukan, Jianbo Liu,
Sabrina Dubroca, Simon Horman, Steffen Klassert, Hangbin Liu,
Jay Vosburgh
This patch adds a common function to check the status of IPSec devices.
This function will be useful for future implementations, such as IPSec ESN
and state offload callbacks.
Suggested-by: Nikolay Aleksandrov <razor@blackwall.org>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Acked-by: Jay Vosburgh <jv@jvosburgh.net>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
drivers/net/bonding/bond_main.c | 50 ++++++++++++++++++++++++---------
1 file changed, 37 insertions(+), 13 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index a3b6e6c696b4..4eb4d13fcec9 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -418,6 +418,41 @@ static int bond_vlan_rx_kill_vid(struct net_device *bond_dev,
/*---------------------------------- XFRM -----------------------------------*/
#ifdef CONFIG_XFRM_OFFLOAD
+/**
+ * bond_ipsec_dev - Get active device for IPsec offload
+ * @xs: pointer to transformer state struct
+ *
+ * Context: caller must hold rcu_read_lock.
+ *
+ * Return: the device for ipsec offload, or NULL if not exist.
+ **/
+static struct net_device *bond_ipsec_dev(struct xfrm_state *xs)
+{
+ struct net_device *bond_dev = xs->xso.dev;
+ struct bonding *bond;
+ struct slave *slave;
+
+ if (!bond_dev)
+ return NULL;
+
+ bond = netdev_priv(bond_dev);
+ if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
+ return NULL;
+
+ slave = rcu_dereference(bond->curr_active_slave);
+ if (!slave)
+ return NULL;
+
+ if (!xs->xso.real_dev)
+ return NULL;
+
+ if (xs->xso.real_dev != slave->dev)
+ pr_warn_ratelimited("%s: (slave %s): not same with IPsec offload real dev %s\n",
+ bond_dev->name, slave->dev->name, xs->xso.real_dev->name);
+
+ return slave->dev;
+}
+
/**
* bond_ipsec_add_sa - program device with a security association
* @xs: pointer to transformer state struct
@@ -594,23 +629,12 @@ static void bond_ipsec_del_sa_all(struct bonding *bond)
**/
static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
{
- struct net_device *bond_dev = xs->xso.dev;
struct net_device *real_dev;
- struct slave *curr_active;
- struct bonding *bond;
bool ok = false;
- bond = netdev_priv(bond_dev);
rcu_read_lock();
- curr_active = rcu_dereference(bond->curr_active_slave);
- if (!curr_active)
- goto out;
- real_dev = curr_active->dev;
-
- if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
- goto out;
-
- if (!xs->xso.real_dev)
+ real_dev = bond_ipsec_dev(xs);
+ if (!real_dev)
goto out;
if (!real_dev->xfrmdev_ops ||
--
2.45.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCHv6 net-next 2/3] bonding: Add ESN support to IPSec HW offload
2024-08-29 9:31 [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions Hangbin Liu
2024-08-29 9:31 ` [PATCHv6 net-next 1/3] bonding: add common function to check ipsec device Hangbin Liu
@ 2024-08-29 9:31 ` Hangbin Liu
2024-08-29 9:31 ` [PATCHv6 net-next 3/3] bonding: support xfrm state update Hangbin Liu
2024-09-03 7:10 ` [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions Hangbin Liu
3 siblings, 0 replies; 7+ messages in thread
From: Hangbin Liu @ 2024-08-29 9:31 UTC (permalink / raw)
To: netdev
Cc: Jay Vosburgh, David S . Miller, Jakub Kicinski, Paolo Abeni,
Eric Dumazet, Nikolay Aleksandrov, Tariq Toukan, Jianbo Liu,
Sabrina Dubroca, Simon Horman, Steffen Klassert, Hangbin Liu,
Jay Vosburgh
Currently, users can see that bonding supports IPSec HW offload via ethtool.
However, this functionality does not work with NICs like Mellanox cards when
ESN (Extended Sequence Numbers) is enabled, as ESN functions are not yet
supported. This patch adds ESN support to the bonding IPSec device offload,
ensuring proper functionality with NICs that support ESN.
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Acked-by: Jay Vosburgh <jv@jvosburgh.net>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
drivers/net/bonding/bond_main.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 4eb4d13fcec9..f0d479c95dd9 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -648,10 +648,35 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
return ok;
}
+/**
+ * bond_advance_esn_state - ESN support for IPSec HW offload
+ * @xs: pointer to transformer state struct
+ **/
+static void bond_advance_esn_state(struct xfrm_state *xs)
+{
+ struct net_device *real_dev;
+
+ rcu_read_lock();
+ real_dev = bond_ipsec_dev(xs);
+ if (!real_dev)
+ goto out;
+
+ if (!real_dev->xfrmdev_ops ||
+ !real_dev->xfrmdev_ops->xdo_dev_state_advance_esn) {
+ pr_warn_ratelimited("%s: %s doesn't support xdo_dev_state_advance_esn\n", __func__, real_dev->name);
+ goto out;
+ }
+
+ real_dev->xfrmdev_ops->xdo_dev_state_advance_esn(xs);
+out:
+ rcu_read_unlock();
+}
+
static const struct xfrmdev_ops bond_xfrmdev_ops = {
.xdo_dev_state_add = bond_ipsec_add_sa,
.xdo_dev_state_delete = bond_ipsec_del_sa,
.xdo_dev_offload_ok = bond_ipsec_offload_ok,
+ .xdo_dev_state_advance_esn = bond_advance_esn_state,
};
#endif /* CONFIG_XFRM_OFFLOAD */
--
2.45.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCHv6 net-next 3/3] bonding: support xfrm state update
2024-08-29 9:31 [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions Hangbin Liu
2024-08-29 9:31 ` [PATCHv6 net-next 1/3] bonding: add common function to check ipsec device Hangbin Liu
2024-08-29 9:31 ` [PATCHv6 net-next 2/3] bonding: Add ESN support to IPSec HW offload Hangbin Liu
@ 2024-08-29 9:31 ` Hangbin Liu
2024-09-03 7:10 ` [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions Hangbin Liu
3 siblings, 0 replies; 7+ messages in thread
From: Hangbin Liu @ 2024-08-29 9:31 UTC (permalink / raw)
To: netdev
Cc: Jay Vosburgh, David S . Miller, Jakub Kicinski, Paolo Abeni,
Eric Dumazet, Nikolay Aleksandrov, Tariq Toukan, Jianbo Liu,
Sabrina Dubroca, Simon Horman, Steffen Klassert, Hangbin Liu,
Jay Vosburgh
The patch add xfrm statistics update for bonding IPsec offload.
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Acked-by: Jay Vosburgh <jv@jvosburgh.net>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
drivers/net/bonding/bond_main.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index f0d479c95dd9..79929a12fcb2 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -672,11 +672,36 @@ static void bond_advance_esn_state(struct xfrm_state *xs)
rcu_read_unlock();
}
+/**
+ * bond_xfrm_update_stats - Update xfrm state
+ * @xs: pointer to transformer state struct
+ **/
+static void bond_xfrm_update_stats(struct xfrm_state *xs)
+{
+ struct net_device *real_dev;
+
+ rcu_read_lock();
+ real_dev = bond_ipsec_dev(xs);
+ if (!real_dev)
+ goto out;
+
+ if (!real_dev->xfrmdev_ops ||
+ !real_dev->xfrmdev_ops->xdo_dev_state_update_stats) {
+ pr_warn_ratelimited("%s: %s doesn't support xdo_dev_state_update_stats\n", __func__, real_dev->name);
+ goto out;
+ }
+
+ real_dev->xfrmdev_ops->xdo_dev_state_update_stats(xs);
+out:
+ rcu_read_unlock();
+}
+
static const struct xfrmdev_ops bond_xfrmdev_ops = {
.xdo_dev_state_add = bond_ipsec_add_sa,
.xdo_dev_state_delete = bond_ipsec_del_sa,
.xdo_dev_offload_ok = bond_ipsec_offload_ok,
.xdo_dev_state_advance_esn = bond_advance_esn_state,
+ .xdo_dev_state_update_stats = bond_xfrm_update_stats,
};
#endif /* CONFIG_XFRM_OFFLOAD */
--
2.45.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions
2024-08-29 9:31 [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions Hangbin Liu
` (2 preceding siblings ...)
2024-08-29 9:31 ` [PATCHv6 net-next 3/3] bonding: support xfrm state update Hangbin Liu
@ 2024-09-03 7:10 ` Hangbin Liu
2024-09-03 15:56 ` Jakub Kicinski
3 siblings, 1 reply; 7+ messages in thread
From: Hangbin Liu @ 2024-09-03 7:10 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Jay Vosburgh, David S . Miller, netdev, Paolo Abeni, Eric Dumazet,
Nikolay Aleksandrov, Tariq Toukan, Jianbo Liu, Sabrina Dubroca,
Simon Horman, Steffen Klassert
Hi Jakub,
I saw the patchwork status[1] is Not Applicable. Is there anything I need
to update?
[1] https://patchwork.kernel.org/project/netdevbpf/patch/20240829093133.2596049-2-liuhangbin@gmail.com/
Thanks
Hangbin
On Thu, Aug 29, 2024 at 05:31:30PM +0800, Hangbin Liu wrote:
> Add 2 new xfrm state offload functions xdo_dev_state_advance_esn and
> xdo_dev_state_update_stats for bonding. The xdo_dev_state_free will be
> added by Jianbo's patchset [1]. I will add the bonding xfrm policy offload
> in future.
>
> v6: Use "Return: " based on ./scripts/kernel-doc (Simon Horman)
> v5: Rebase to latest net-next, update function doc (Jakub Kicinski)
> v4: Ratelimit pr_warn (Sabrina Dubroca)
> v3: Re-format bond_ipsec_dev, use slave_warn instead of WARN_ON (Nikolay Aleksandrov)
> Fix bond_ipsec_dev defination, add *. (Simon Horman, kernel test robot)
> Fix "real" typo (kernel test robot)
> v2: Add a function to process the common device checking (Nikolay Aleksandrov)
> Remove unused variable (Simon Horman)
> v1: lore.kernel.org/netdev/20240816035518.203704-1-liuhangbin@gmail.com
>
> Hangbin Liu (3):
> bonding: add common function to check ipsec device
> bonding: Add ESN support to IPSec HW offload
> bonding: support xfrm state update
>
> drivers/net/bonding/bond_main.c | 100 +++++++++++++++++++++++++++-----
> 1 file changed, 87 insertions(+), 13 deletions(-)
>
> --
> 2.45.0
>
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions
2024-09-03 7:10 ` [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions Hangbin Liu
@ 2024-09-03 15:56 ` Jakub Kicinski
2024-09-04 0:33 ` Hangbin Liu
0 siblings, 1 reply; 7+ messages in thread
From: Jakub Kicinski @ 2024-09-03 15:56 UTC (permalink / raw)
To: Hangbin Liu
Cc: Jay Vosburgh, David S . Miller, netdev, Paolo Abeni, Eric Dumazet,
Nikolay Aleksandrov, Tariq Toukan, Jianbo Liu, Sabrina Dubroca,
Simon Horman, Steffen Klassert
On Tue, 3 Sep 2024 15:10:48 +0800 Hangbin Liu wrote:
> I saw the patchwork status[1] is Not Applicable. Is there anything I need
> to update?
Majority of the time seemingly inexplicable Not Applicable status means
that DaveM tried to apply the patches and git am failed. Seems to be
the case here as well:
Failed to apply patch:
Applying: bonding: add common function to check ipsec device
Applying: bonding: Add ESN support to IPSec HW offload
error: sha1 information is lacking or useless (drivers/net/bonding/bond_main.c).
error: could not build fake ancestor
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0002 bonding: Add ESN support to IPSec HW offload
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCHv6 net-next 0/3] Bonding: support new xfrm state offload functions
2024-09-03 15:56 ` Jakub Kicinski
@ 2024-09-04 0:33 ` Hangbin Liu
0 siblings, 0 replies; 7+ messages in thread
From: Hangbin Liu @ 2024-09-04 0:33 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Jay Vosburgh, David S . Miller, netdev, Paolo Abeni, Eric Dumazet,
Nikolay Aleksandrov, Tariq Toukan, Jianbo Liu, Sabrina Dubroca,
Simon Horman, Steffen Klassert
On Tue, Sep 03, 2024 at 08:56:47AM -0700, Jakub Kicinski wrote:
> On Tue, 3 Sep 2024 15:10:48 +0800 Hangbin Liu wrote:
> > I saw the patchwork status[1] is Not Applicable. Is there anything I need
> > to update?
>
> Majority of the time seemingly inexplicable Not Applicable status means
> that DaveM tried to apply the patches and git am failed. Seems to be
> the case here as well:
Hi Jakub,
Thanks let me know this. Looks git rebase works but git am failed
due to the xdo_dev_state_free update.
.xdo_dev_state_free = bond_ipsec_free_sa,
Let me rebase and post again.
Hangbin
>
> Failed to apply patch:
> Applying: bonding: add common function to check ipsec device
> Applying: bonding: Add ESN support to IPSec HW offload
> error: sha1 information is lacking or useless (drivers/net/bonding/bond_main.c).
> error: could not build fake ancestor
> hint: Use 'git am --show-current-patch=diff' to see the failed patch
> hint: When you have resolved this problem, run "git am --continue".
> hint: If you prefer to skip this patch, run "git am --skip" instead.
> hint: To restore the original branch and stop patching, run "git am --abort".
> hint: Disable this message with "git config advice.mergeConflict false"
> Patch failed at 0002 bonding: Add ESN support to IPSec HW offload
>
^ permalink raw reply [flat|nested] 7+ messages in thread