首页 发现 帮助
登录
GfA
/
linux_kernel
5
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

xfrm: Prepare the GRO codepath for hardware offloading.

On IPsec hardware offloading, we already get a secpath with
valid state attached when the packet enters the GRO handlers.
So check for hardware offload and skip the state lookup in this
case.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Steffen Klassert 8 年之前
父节点
f1bd7d659e
当前提交
bcd1f8a45e
共有 3 个文件被更改,包括 71 次插入63 次删除
合并视图 显示文件统计
  1. 23 19
      net/ipv4/esp4_offload.c
  2. 23 19
      net/ipv6/esp6_offload.c
  3. 25 25
      net/xfrm/xfrm_input.c

+ 23 - 19
net/ipv4/esp4_offload.c
查看文件 

@@ -43,27 +43,31 @@ static struct sk_buff **esp4_gro_receive(struct sk_buff **head,
 
 	if ((err = xfrm_parse_spi(skb, IPPROTO_ESP, &spi, &seq)) != 0)
 
 	if ((err = xfrm_parse_spi(skb, IPPROTO_ESP, &spi, &seq)) != 0)
 
 		goto out;
 
 		goto out;
 
 
 
-	err = secpath_set(skb);
 
-	if (err)
 
-		goto out;
 
-
 
-	if (skb->sp->len == XFRM_MAX_DEPTH)
 
-		goto out;
 
-
 
-	x = xfrm_state_lookup(dev_net(skb->dev), skb->mark,
 
-			      (xfrm_address_t *)&ip_hdr(skb)->daddr,
 
-			      spi, IPPROTO_ESP, AF_INET);
 
-	if (!x)
 
-		goto out;
 
-
 
-	skb->sp->xvec[skb->sp->len++] = x;
 
-	skb->sp->olen++;
 
-
 
 	xo = xfrm_offload(skb);
 
 	xo = xfrm_offload(skb);
 
-	if (!xo) {
 
-		xfrm_state_put(x);
 
-		goto out;
 
+	if (!xo || !(xo->flags & CRYPTO_DONE)) {
 
+		err = secpath_set(skb);
 
+		if (err)
 
+			goto out;
 
+
 
+		if (skb->sp->len == XFRM_MAX_DEPTH)
 
+			goto out;
 
+
 
+		x = xfrm_state_lookup(dev_net(skb->dev), skb->mark,
 
+				      (xfrm_address_t *)&ip_hdr(skb)->daddr,
 
+				      spi, IPPROTO_ESP, AF_INET);
 
+		if (!x)
 
+			goto out;
 
+
 
+		skb->sp->xvec[skb->sp->len++] = x;
 
+		skb->sp->olen++;
 
+
 
+		xo = xfrm_offload(skb);
 
+		if (!xo) {
 
+			xfrm_state_put(x);
 
+			goto out;
 
+		}
 
 	}
 
 	}
 
+
 
 	xo->flags |= XFRM_GRO;
 
 	xo->flags |= XFRM_GRO;
 
 
 
 	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
 
 	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;

+ 23 - 19
net/ipv6/esp6_offload.c
查看文件 

@@ -45,27 +45,31 @@ static struct sk_buff **esp6_gro_receive(struct sk_buff **head,
 
 	if ((err = xfrm_parse_spi(skb, IPPROTO_ESP, &spi, &seq)) != 0)
 
 	if ((err = xfrm_parse_spi(skb, IPPROTO_ESP, &spi, &seq)) != 0)
 
 		goto out;
 
 		goto out;
 
 
 
-	err = secpath_set(skb);
 
-	if (err)
 
-		goto out;
 
-
 
-	if (skb->sp->len == XFRM_MAX_DEPTH)
 
-		goto out;
 
-
 
-	x = xfrm_state_lookup(dev_net(skb->dev), skb->mark,
 
-			      (xfrm_address_t *)&ipv6_hdr(skb)->daddr,
 
-			      spi, IPPROTO_ESP, AF_INET6);
 
-	if (!x)
 
-		goto out;
 
-
 
-	skb->sp->xvec[skb->sp->len++] = x;
 
-	skb->sp->olen++;
 
-
 
 	xo = xfrm_offload(skb);
 
 	xo = xfrm_offload(skb);
 
-	if (!xo) {
 
-		xfrm_state_put(x);
 
-		goto out;
 
+	if (!xo || !(xo->flags & CRYPTO_DONE)) {
 
+		err = secpath_set(skb);
 
+		if (err)
 
+			goto out;
 
+
 
+		if (skb->sp->len == XFRM_MAX_DEPTH)
 
+			goto out;
 
+
 
+		x = xfrm_state_lookup(dev_net(skb->dev), skb->mark,
 
+				      (xfrm_address_t *)&ipv6_hdr(skb)->daddr,
 
+				      spi, IPPROTO_ESP, AF_INET6);
 
+		if (!x)
 
+			goto out;
 
+
 
+		skb->sp->xvec[skb->sp->len++] = x;
 
+		skb->sp->olen++;
 
+
 
+		xo = xfrm_offload(skb);
 
+		if (!xo) {
 
+			xfrm_state_put(x);
 
+			goto out;
 
+		}
 
 	}
 
 	}
 
+
 
 	xo->flags |= XFRM_GRO;
 
 	xo->flags |= XFRM_GRO;
 
 
 
 	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL;
 
 	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL;

+ 25 - 25
net/xfrm/xfrm_input.c
查看文件 

@@ -223,38 +223,38 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
 			seq = XFRM_SKB_CB(skb)->seq.input.low;
 
 			seq = XFRM_SKB_CB(skb)->seq.input.low;
 
 			goto resume;
 
 			goto resume;
 
 		}
 
 		}
 
+
 
 		/* encap_type < -1 indicates a GRO call. */
 
 		/* encap_type < -1 indicates a GRO call. */
 
 		encap_type = 0;
 
 		encap_type = 0;
 
 		seq = XFRM_SPI_SKB_CB(skb)->seq;
 
 		seq = XFRM_SPI_SKB_CB(skb)->seq;
 
-		goto lock;
 
-	}
 
-
 
-	if (xo && (xo->flags & CRYPTO_DONE)) {
 
-		crypto_done = true;
 
-		x = xfrm_input_state(skb);
 
-		family = XFRM_SPI_SKB_CB(skb)->family;
 
 
 
-		if (!(xo->status & CRYPTO_SUCCESS)) {
 
-			if (xo->status &
 
-			    (CRYPTO_TRANSPORT_AH_AUTH_FAILED |
 
-			     CRYPTO_TRANSPORT_ESP_AUTH_FAILED |
 
-			     CRYPTO_TUNNEL_AH_AUTH_FAILED |
 
-			     CRYPTO_TUNNEL_ESP_AUTH_FAILED)) {
 
-
 
-				xfrm_audit_state_icvfail(x, skb,
 
-							 x->type->proto);
 
-				x->stats.integrity_failed++;
 
-				XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
 
+		if (xo && (xo->flags & CRYPTO_DONE)) {
 
+			crypto_done = true;
 
+			x = xfrm_input_state(skb);
 
+			family = XFRM_SPI_SKB_CB(skb)->family;
 
+
 
+			if (!(xo->status & CRYPTO_SUCCESS)) {
 
+				if (xo->status &
 
+				    (CRYPTO_TRANSPORT_AH_AUTH_FAILED |
 
+				     CRYPTO_TRANSPORT_ESP_AUTH_FAILED |
 
+				     CRYPTO_TUNNEL_AH_AUTH_FAILED |
 
+				     CRYPTO_TUNNEL_ESP_AUTH_FAILED)) {
 
+
 
+					xfrm_audit_state_icvfail(x, skb,
 
+								 x->type->proto);
 
+					x->stats.integrity_failed++;
 
+					XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
 
+					goto drop;
 
+				}
 
+
 
+				XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
 
 				goto drop;
 
 				goto drop;
 
 			}
 
 			}
 
 
 
-			XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
 
-			goto drop;
 
-		}
 
-
 
-		if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0) {
 
-			XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);
 
-			goto drop;
 
+			if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0) {
 
+				XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);
 
+				goto drop;
 
+			}
 
 		}
 
 		}
 
 
 
 		goto lock;
 
 		goto lock;