Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754153AbeAJKgU (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Wed, 10 Jan 2018 05:36:20 -0500
Received: from mail-db5eur01on0064.outbound.protection.outlook.com ([104.47.2.64]:39872
        "EHLO EUR01-DB5-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1753618AbeAJKgQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Jan 2018 05:36:16 -0500
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=yossefe@mellanox.com; 
From: yossefe@mellanox.com
To: Jonathan Corbet <corbet@lwn.net>,
        "David S. Miller" <davem@davemloft.net>,
        Steffen Klassert <steffen.klassert@secunet.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Yossef Efraim <yossefe@mellanox.com>,
        Shannon Nelson <shannon.nelson@oracle.com>,
        linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org
Cc: borisp@mellanox.com, kliteyn@mellanox.com, yossiku@mellanox.com
Subject: [PATCH net-next v2] xfrm: Add ESN support for IPSec HW offload
Date: Wed, 10 Jan 2018 12:34:06 +0200
Message-Id: <1515580453-18470-1-git-send-email-yossefe@mellanox.com>
X-Mailer: git-send-email 2.8.1
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [82.166.227.17]
X-ClientProxiedBy: VI1PR0701CA0037.eurprd07.prod.outlook.com
 (2603:10a6:800:90::23) To AM0PR0502MB3747.eurprd05.prod.outlook.com
 (2603:10a6:208:1e::16)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: fbc10469-d2e1-4078-6b32-08d55815f7b6
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020);SRVR:AM0PR0502MB3747;
X-Microsoft-Exchange-Diagnostics: 1;AM0PR0502MB3747;3:sLwbknxSzkwufltGayVeh41gGNFXeb0GPuXXmWI0uQnFF8DpkmMwJBqkSqPApwOqzVwcGWWqohzKpt8ecwycLpQB+rWansXLCActjKJlJVCJgYU9fju6z5DZGzwxEpmjFp9oJrOjY7/40VJvnlOXSA1CSNXub1eokQ8AaUrY0iXpvG/cRBJZav0IuT9/NBwn30T8yp0g4a3V6IVB1n/PV+jtg1YBXGm5Bnhdn/saGpcwok7/gIOUG1nAn8mHB0bm;25:je/413n8cViDiDBypiXwuWmZzWElu1wKu9qf1JIy/11QmABby+JceDeWh2HQcMDjj5sQQbJsj4o3pnpgGOka0yBrLmeNgB7Kv7exfwduLOkJJTibL4jwoDtTfhFLWxPHOn8+/K5r/5KWSICssWkymjo5NTd/ZCNJJ7BwdIYA7lV4radgDoqEor8eZLDiyTPOVvjBmLntzNoSd07DerJSGBgbkL68+KLSjBbsL9InFLLLRg59fpVg7Aak7qeO8ggQS13O/9pseydS6cCHNHMgLFhzq52F6fhxWm21f20se1CSM1aEfb3dGO5SBJndeNBG3MbhC+vEl3npSUrKLLcRFA==;31:+/iYG9VeKCEl5+AiBmJ6SqCoFAX5AyRqk11xIklJ2l4ihkShxvDSSblGMDs88ldUkRFzPCv/i+Q8ztCrJL/bnmxOnoNzggllRMOAt58I6JGNqCkZT+hOfhkI8p0OZ53Q9JcgMY2/yktWlAeCee7ekmTclQGkg/ILryDl/ALWwsz1p0TgY2NfrqORaEg2Ho4qmEm+NjN4CLaOWm8pdvxUvYmdQxn4vSs2TnC6UdBwMVA=
X-MS-TrafficTypeDiagnostic: AM0PR0502MB3747:
X-Microsoft-Exchange-Diagnostics: 1;AM0PR0502MB3747;20:GZtB65AbfDPqMqJZVJq/1gwfNCDiVXx6Sd9j18FN7vt1koa4/xvkT7lGvv7v0VTR6DaTlYT3YursFrnacnwSP/XCmykBXlp+yjfYcLrqzVemaoT7MWZfGndxAJv4X9kOcZE92bS9YZ7KMIVlrriI119LMR3ATDrtx5ayEhfDLdOoxnTKZ2xJ8LBqoCiTBI32HzB5gYFrYbA7PxvCjQ9oI03CGqh3N6qMvueSDJCcrBCA4ttq+QnQ3xAS/JzVEvkSvxpWuHc6GuLDlaebi2MEeFUykhVWYBZAL5JFFIJrdpfHOAey+fXRxWfFz3wSFiHZ9OoN5hFG3awqHF7uCRZSnVQjBkrypSQIsiGykehwZKgGrRi3T9jApn7OnhOKfa1zd3huiHdnL4uC2l4mR0iqUpIXFonZqNgM9FjuQATOh6eB2/N75vNNF1ptE6VDYiY2q580MV3UQJefh0NCvi2oixkd7E9bCTLuDud+/vUGgCWk4HahfiuzZPiGON8KTvE3;4://2BlPMmOjNAfYlaruboC00GbdqhwkB1EvGEk8/o7pd0LDbJalggWq0sgTcYBMK4Wshh3isYiEwMCY8xWlZOrsqzOXCXlTjgf/9ZwVvUZ08MY5IDs6/qfb9AalxXd8MMHiq4YJs/sjQJ487xZAHXFzqpehvF8q3En1eDK12vIE9eNu3768bfK93Edq3+89Waz0c/5PZb7P/hIWjHnkYNwdZjOqh0RUPeWkc43EkvqkiY/qg8wZAINjeOwOPp37A+9w+dWg5RD4gdOCqScdnviQ==
X-Microsoft-Antispam-PRVS: <AM0PR0502MB374799567B8BD60B4FD9BC67D5110@AM0PR0502MB3747.eurprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231023)(944501075)(6055026)(6041268)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011);SRVR:AM0PR0502MB3747;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:AM0PR0502MB3747;
X-Forefront-PRVS: 0548586081
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(346002)(376002)(366004)(39860400002)(396003)(39380400002)(199004)(189003)(47776003)(7736002)(6506007)(386003)(25786009)(36756003)(53936002)(305945005)(106356001)(66066001)(59450400001)(51416003)(316002)(16526018)(16586007)(9686003)(110136005)(6512007)(52116002)(4326008)(105586002)(6486002)(478600001)(107886003)(6116002)(33896004)(3846002)(2906002)(68736007)(97736004)(48376002)(5660300001)(50466002)(81156014)(8676002)(81166006)(85782001)(6666003)(50226002)(86362001)(8936002)(85772001);DIR:OUT;SFP:1101;SCL:1;SRVR:AM0PR0502MB3747;H:dev-l-vrt-187.mtl.labs.mlnx;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;AM0PR0502MB3747;23:0ZZ9lG4mCKIc9QYHiIFVdXLdEaWVKzVjtBGrBGE?=
 =?us-ascii?Q?YiLTKwP2aPiHJ9GC1PFxHoccsFw/231WlfeRwt4M6aFbysphn3+WOIQn/ykM?=
 =?us-ascii?Q?dYPgXYp9AURBr+0pmIyN/V7LFsc9N4h4CQrFYcK2hL+Hz8jyUUh6Fgvdi7xA?=
 =?us-ascii?Q?Cd6qHvrk2CaVZOi6+uz3YoMxKeqJtwLsKNR8DNC4JpLPaiIYNaFSmJ8Ou9nR?=
 =?us-ascii?Q?vcLEeQOgLaFhjo02wJQRk0DE3+QFBTx9gLk+8f/s8TA7BZE5rR3lBwmPdlfs?=
 =?us-ascii?Q?hZBIv7nzLPW7EhLrCHVCaTujZHvotA7SO4m5bG9kDiqhrHVToFj7VUxsKufX?=
 =?us-ascii?Q?CcXAZrwX6WdkpJQbF0xAc8V22jtTLa1O7unePwaJ94zUwH5vL4VJtAV6XmgA?=
 =?us-ascii?Q?Xk0UvKXHeIztJ9U+M/6ygmVTGAi7O2r3nWzLQGCFnf+86EPI7rntNy1jXf1p?=
 =?us-ascii?Q?cZrkMQ1uG6kK87Caynjvm3UZ5gXM3iqEe16Yy4yJPHXNayqn3OQwWRNWSIHD?=
 =?us-ascii?Q?HJQ7MAHwHbaDnLnoiauOLKwgwDrLIhFFnkNoOw06CTVDby8B9TXBteBGoeLp?=
 =?us-ascii?Q?71Gyfg2N8Fq0o8n91zluIIdmPMug4ueyQnC3K+MfALnD8xfKrY0XUiXeMaJo?=
 =?us-ascii?Q?zQO6CwnimKerS2Y1KVX6EBxbmzAbnp+QSOgLvPlOn/r9USs3Oh1on4P93AZP?=
 =?us-ascii?Q?MdQWWppXzcseeXjGCrS0ofKBWdJYTsBs0/R5H35GncZFRYZCe2s4ClHuu9fO?=
 =?us-ascii?Q?HyHqEc1KDD/Rc2tsLQ5RQE2gIilYdmciPCJWHOwtGzcg9KdVA8uigo/pAoPi?=
 =?us-ascii?Q?nJVhuwTswd4dREBi7UaLldWNE0SxQeicUvKca2dphtG06KrBmytHhrIc9yEr?=
 =?us-ascii?Q?u2R0DuVojjqc25+/mUdYg6kMkNUWfeUcLpfPnhpMpkH55c86iyAnx0Hshk4K?=
 =?us-ascii?Q?NOGqCPs2pT1j/0nweAXJpdyNTIKt0U/vWi0xYdWjb7Tefe0ReqL3FklvKOKE?=
 =?us-ascii?Q?WMFGelWguurzBpo12dNP1r53qxxybMSJC7EhaxSibirJPI9e7jMcEmyftAbC?=
 =?us-ascii?Q?jA+YHHdDdFLukBnqQBOAsbFKifiAU2SoAu8R5udmab2DwZ2U971IuOzr6yOX?=
 =?us-ascii?Q?jPSLgUGsIpUrgNS+lnD56ivuIzDRJ23CmvLKwpNe2RwPwpHpiOXV9+g=3D?=
 =?us-ascii?Q?=3D?=
X-Microsoft-Exchange-Diagnostics: 1;AM0PR0502MB3747;6:+14yRlkh6hnJpAf9BaEv8miOI6dppXQ+fxpv9YBJ8oAo3v+DpmKQFZyqYTk/6ZtaRKbpym5jXnG9di2f0hYwTeyIwwnsb6pA1rl05OqdI72rKhZzDZQqBN7fTeTiseIlanN/LVME/60wPwnmYkrIqJbNWhGtshIvdia91WQcdCytgPDyUXttirDfVSBSR4s2KxnTRWM6fA0Nzra/xYVbj/Ywougcr0DZtcR60a1xuRbAWjB2uIR9BfanjlcI7oxOe4WtCnmBYtHFK64RrEBjNhlYAf6c+fhs0+hRuBseZrvwTdmiZD+nPGhBUs0C7mGwGBmAkgpcDzua3qluEy4SEA94B9cs1Vah/f0XLKy4Ato=;5:2UwWEvUUaZSgO5WLdXemTfeO7gTlSIhdP1gMYiAUPdJcSw6f1jGbbUP8SmfTR1cdRGgrKGGROgZFwWFz+VhbmMFn45R8gzBEVz5y5WDRYFZlkP0rFyFuopgPTjBnbzJ9KvWnPswNpp85nHHEjXOFQ/kJUyf/3I++lpNF5e+og3s=;24:fdXD1euSkFF0IUze82B3dP+Ogj3EBQg5ydWinvGM7YE08aiv2VVCbhdYrzs0MQotgu3AG8gfFfkGnm5aKSzwBbEsh/BOrY5m+vc/8XbC/j0=;7:AOh4V+fWOuK6mFR9D7S9/f0CtXVWXxKqpAyyg/r9HYtU61DChM3xGQqmHlBi6Wn45dJLwkNirPia/xljsHU8hButSoaymXudOI+goIwLnWQ7P68pJyU1SF7KFx8tn1uIFxKiK3mqI8q5GsBsl6xM3XP01m5ZePct8IU9RerORWONx+r8RA0I3gT0UNXFmYsYpENeVIGSsfFPJy8PwKLL6jEwW0bYLULVc2EIe2LVTcu/iXo9VNK6oke7FE1vSKY1
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: Mellanox.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2018 10:36:09.9559
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fbc10469-d2e1-4078-6b32-08d55815f7b6
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: a652971c-7d2e-4d9b-a6a4-d149256f461b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0502MB3747
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

From: Yossef Efraim <yossefe@mellanox.com>

This patch adds ESN support to IPsec device offload.
Adding new xfrm device operation to synchronize device ESN.

Signed-off-by: Yossef Efraim <yossefe@mellanox.com>
---
Changes from v1:
 - Added documentation
---
 Documentation/networking/xfrm_device.txt |  3 +++
 include/linux/netdevice.h                |  1 +
 include/net/xfrm.h                       | 12 ++++++++++++
 net/xfrm/xfrm_device.c                   |  4 ++--
 net/xfrm/xfrm_replay.c                   |  2 ++
 5 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Documentation/networking/xfrm_device.txt b/Documentation/networking/xfrm_device.txt
index 2d9d588c..50c34ca 100644
--- a/Documentation/networking/xfrm_device.txt
+++ b/Documentation/networking/xfrm_device.txt
@@ -41,6 +41,7 @@ struct xfrmdev_ops {
 	void	(*xdo_dev_state_free) (struct xfrm_state *x);
 	bool	(*xdo_dev_offload_ok) (struct sk_buff *skb,
 				       struct xfrm_state *x);
+	void    (*xdo_dev_state_advance_esn) (struct xfrm_state *x);
 };
 
 The NIC driver offering ipsec offload will need to implement these
@@ -117,6 +118,8 @@ the stack in xfrm_input().
 
 	hand the packet to napi_gro_receive() as usual
 
+In ESN mode, xdo_dev_state_advance_esn() is called from xfrm_replay_advance_esn().
+Driver will check packet seq number and update HW ESN state machine if needed.
 
 When the SA is removed by the user, the driver's xdo_dev_state_delete()
 is asked to disable the offload.  Later, xdo_dev_state_free() is called
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 352066e..3c81cd7 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -842,6 +842,7 @@ struct xfrmdev_ops {
 	void	(*xdo_dev_state_free) (struct xfrm_state *x);
 	bool	(*xdo_dev_offload_ok) (struct sk_buff *skb,
 				       struct xfrm_state *x);
+	void	(*xdo_dev_state_advance_esn) (struct xfrm_state *x);
 };
 #endif
 
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 079ea94..1ca2e6e 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1901,6 +1901,14 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
 		       struct xfrm_user_offload *xuo);
 bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x);
 
+static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
+{
+	struct xfrm_state_offload *xso = &x->xso;
+
+	if (xso->dev && xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn)
+		xso->dev->xfrmdev_ops->xdo_dev_state_advance_esn(x);
+}
+
 static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
 {
 	struct xfrm_state *x = dst->xfrm;
@@ -1971,6 +1979,10 @@ static inline bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x
 	return false;
 }
 
+static inline void xfrm_dev_state_advance_esn(struct xfrm_state *x)
+{
+}
+
 static inline bool xfrm_dst_offload_ok(struct dst_entry *dst)
 {
 	return false;
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 7598250..704a055 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -147,8 +147,8 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
 	if (!x->type_offload)
 		return -EINVAL;
 
-	/* We don't yet support UDP encapsulation, TFC padding and ESN. */
-	if (x->encap || x->tfcpad || (x->props.flags & XFRM_STATE_ESN))
+	/* We don't yet support UDP encapsulation and TFC padding. */
+	if (x->encap || x->tfcpad)
 		return -EINVAL;
 
 	dev = dev_get_by_index(net, xuo->ifindex);
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 0250181..1d38c6a 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -551,6 +551,8 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
 			bitnr = replay_esn->replay_window - (diff - pos);
 	}
 
+	xfrm_dev_state_advance_esn(x);
+
 	nr = bitnr >> 5;
 	bitnr = bitnr & 0x1F;
 	replay_esn->bmp[nr] |= (1U << bitnr);
-- 
2.8.1