From patchwork Thu Jan 18 05:33:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shannon Nelson X-Patchwork-Id: 862764 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="t4eUmml9"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zMXgJ25c5z9t2c for ; Thu, 18 Jan 2018 16:33:32 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754338AbeARFd3 (ORCPT ); Thu, 18 Jan 2018 00:33:29 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:57172 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753956AbeARFd2 (ORCPT ); Thu, 18 Jan 2018 00:33:28 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0I5VohF165664; Thu, 18 Jan 2018 05:33:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id; s=corp-2017-10-26; bh=2qQzyqk7Ag2cPwXB0MdmNdyYT+5kECgBYmD/zW5n+hc=; b=t4eUmml954ZH19CGFAja+ZztyDQxMk1zTE5WxRB3yKoNpPMEiT3GzGNwdDmoAygcDGmF D6a1Dc+whgaUou9z01g9WDYrBoL5CUN4Dyb+L+A7UtONzc/1aWPwN7aQIHnhgDHXt7X1 nIKd8MiTV4QFVsUjdzW/hIxe2JBMfVHjDPQFf2/GGbJnsEEEKGtDTvZOxcM0aMtFwLg+ h15tIwsUxZNiFAVnKOhwomsb4MdBry5cJPTcp3lKS/I+wSxCn5tVMOeSLnvT82iqIp0n WFggp6yODnhz7hv0EIP2zQFBGr2R0hJWe8Op0CpnPxHtRLfzQp1CWAhiH7AcPQX19+ih Yg== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2120.oracle.com with ESMTP id 2fjnbr8117-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 18 Jan 2018 05:33:22 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w0I5XLV4004959 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 18 Jan 2018 05:33:21 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w0I5XK2J022342; Thu, 18 Jan 2018 05:33:20 GMT Received: from slnelson-mint18.us.oracle.com (/10.39.237.134) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 17 Jan 2018 21:33:20 -0800 From: Shannon Nelson To: intel-wired-lan@lists.osuosl.org, jeffrey.t.kirsher@intel.com Cc: steffen.klassert@secunet.com, sowmini.varadhan@oracle.com, netdev@vger.kernel.org Subject: [PATCH] ixgbe: fix ipv6 support for ipsec offload Date: Wed, 17 Jan 2018 21:33:06 -0800 Message-Id: <1516253586-7261-1-git-send-email-shannon.nelson@oracle.com> X-Mailer: git-send-email 2.7.4 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8777 signatures=668653 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=877 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801180079 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Fix up the Rx path to watch for and decode ipv6 headers that might be carrying ipsec headers. To do so, we first change the search function to be able to take both ipv4 and ipv6 addresses from a pointer, and add an argument that tells which we are using. Then in the Rx handler we add a check for ipv4 vs ipv6 and then parse the headers accordingly. We can assume simple headers because this device won't decode packets with vlan or with ipv4/ipv6 extensions. We also change a flag used in the ...add_sa() function as it seems the XFRM stack doesn't actually ever set the XFRM_OFFLOAD_IPV6 flag bit. Signed-off-by: Shannon Nelson --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 39 ++++++++++++++++++-------- 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 587fd8f..93eacdd 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -379,12 +379,13 @@ static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable) * @daddr: inbound address to match * @proto: protocol to match * @spi: SPI to match + * @ip4: true if using an ipv4 address * * Returns a pointer to the matching SA state information **/ static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec, - __be32 daddr, u8 proto, - __be32 spi) + __be32 *daddr, u8 proto, + __be32 spi, bool ip4) { struct rx_sa *rsa; struct xfrm_state *ret = NULL; @@ -392,7 +393,9 @@ static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec, rcu_read_lock(); hash_for_each_possible_rcu(ipsec->rx_sa_list, rsa, hlist, spi) if (spi == rsa->xs->id.spi && - daddr == rsa->xs->id.daddr.a4 && + ((ip4 && *daddr == rsa->xs->id.daddr.a4) || + (!ip4 && !memcmp(daddr, &rsa->xs->id.daddr.a6, + sizeof(rsa->xs->id.daddr.a6)))) && proto == rsa->xs->id.proto) { ret = rsa->xs; xfrm_state_hold(ret); @@ -505,7 +508,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs) } /* get ip for rx sa table */ - if (xs->xso.flags & XFRM_OFFLOAD_IPV6) + if (xs->props.family == AF_INET6) memcpy(rsa.ipaddr, &xs->id.daddr.a6, 16); else memcpy(&rsa.ipaddr[3], &xs->id.daddr.a4, 4); @@ -570,7 +573,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs) rsa.mode |= IXGBE_RXMOD_PROTO_ESP; if (rsa.decrypt) rsa.mode |= IXGBE_RXMOD_DECRYPT; - if (rsa.xs->xso.flags & XFRM_OFFLOAD_IPV6) + if (rsa.xs->props.family == AF_INET6) rsa.mode |= IXGBE_RXMOD_IPV6; /* the preparations worked, so save the info */ @@ -812,18 +815,30 @@ void ixgbe_ipsec_rx(struct ixgbe_ring *rx_ring, struct ixgbe_ipsec *ipsec = adapter->ipsec; struct xfrm_offload *xo = NULL; struct xfrm_state *xs = NULL; - struct iphdr *iph; - u8 *c_hdr; + struct ipv6hdr *ip6 = NULL; + struct iphdr *ip4 = NULL; + void *daddr; __be32 spi; + u8 *c_hdr; u8 proto; - /* we can assume no vlan header in the way, b/c the + /* Find the ip and crypto headers in the data. + * We can assume no vlan header in the way, b/c the * hw won't recognize the IPsec packet and anyway the * currently vlan device doesn't support xfrm offload. */ - /* TODO: not supporting IPv6 yet */ - iph = (struct iphdr *)(skb->data + ETH_HLEN); - c_hdr = (u8 *)iph + iph->ihl * 4; + if (pkt_info & cpu_to_le16(IXGBE_RXDADV_PKTTYPE_IPV4)) { + ip4 = (struct iphdr *)(skb->data + ETH_HLEN); + daddr = &ip4->daddr; + c_hdr = (u8 *)ip4 + ip4->ihl * 4; + } else if (pkt_info & cpu_to_le16(IXGBE_RXDADV_PKTTYPE_IPV6)) { + ip6 = (struct ipv6hdr *)(skb->data + ETH_HLEN); + daddr = &ip6->daddr; + c_hdr = (u8 *)ip6 + sizeof(struct ipv6hdr); + } else { + return; + } + switch (pkt_info & ipsec_pkt_types) { case cpu_to_le16(IXGBE_RXDADV_PKTTYPE_IPSEC_AH): spi = ((struct ip_auth_hdr *)c_hdr)->spi; @@ -837,7 +852,7 @@ void ixgbe_ipsec_rx(struct ixgbe_ring *rx_ring, return; } - xs = ixgbe_ipsec_find_rx_state(ipsec, iph->daddr, proto, spi); + xs = ixgbe_ipsec_find_rx_state(ipsec, daddr, proto, spi, !!ip4); if (unlikely(!xs)) return;