korg/iproute2
0
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/iproute2/iproute2.git synced 2024-11-15 05:55:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

xfrm: add an interface to offload policy

Browse Source 
Extend at "ip xfrm policy" to allow policy offload to specific device.
The syntax and the code follow already established pattern from the
state offload.

The only difference between them is that direction was already mandatory
argument in policy configuration commands, so don't need to add direction
handling logic like it was done for the state offload.

The syntax is as follows:
 $ ip xfrm policy .... offload packet dev <if-name>

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
This commit is contained in:
Leon Romanovsky 2022-12-12 09:54:06 +02:00 committed by David Ahern
parent a6e740ff40
commit 3422c62d58
5 changed files with 47 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ip/ipxfrm.c
View File

@ -688,8 +688,8 @@ done:
return 0; return 0;
} }
void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, FILE *fp,
FILE *fp, const char *prefix, bool nokeys) const char *prefix, bool nokeys, bool dir)
{ {
if (tb[XFRMA_MARK]) { if (tb[XFRMA_MARK]) {
struct rtattr *rta = tb[XFRMA_MARK]; struct rtattr *rta = tb[XFRMA_MARK];
@ -895,9 +895,12 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
xuo = (struct xfrm_user_offload *) xuo = (struct xfrm_user_offload *)
RTA_DATA(tb[XFRMA_OFFLOAD_DEV]); RTA_DATA(tb[XFRMA_OFFLOAD_DEV]);
fprintf(fp, "dev %s dir %s mode %s", fprintf(fp, "dev %s ",
ll_index_to_name(xuo->ifindex), ll_index_to_name(xuo->ifindex));
(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out", if (dir)
fprintf(fp, "dir %s ",
(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out");
fprintf(fp, "mode %s",
(xuo->flags & XFRM_OFFLOAD_PACKET) ? "packet" : "crypto"); (xuo->flags & XFRM_OFFLOAD_PACKET) ? "packet" : "crypto");
fprintf(fp, "%s", _SL_); fprintf(fp, "%s", _SL_);
} }
@ -990,7 +993,7 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
fprintf(fp, " (0x%s)", strxf_mask8(xsinfo->flags)); fprintf(fp, " (0x%s)", strxf_mask8(xsinfo->flags));
fprintf(fp, "%s", _SL_); fprintf(fp, "%s", _SL_);
xfrm_xfrma_print(tb, xsinfo->family, fp, buf, nokeys); xfrm_xfrma_print(tb, xsinfo->family, fp, buf, nokeys, true);
if (!xfrm_selector_iszero(&xsinfo->sel)) { if (!xfrm_selector_iszero(&xsinfo->sel)) {
char sbuf[STRBUF_SIZE]; char sbuf[STRBUF_SIZE];
@ -1096,7 +1099,7 @@ void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
if (show_stats > 0) if (show_stats > 0)
xfrm_lifetime_print(&xpinfo->lft, &xpinfo->curlft, fp, buf); xfrm_lifetime_print(&xpinfo->lft, &xpinfo->curlft, fp, buf);
xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf, false); xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf, false, false);
} }
int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family, int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,

4
ip/xfrm.h
View File

@ -124,8 +124,8 @@ const char *strxf_proto(__u8 proto);
const char *strxf_ptype(__u8 ptype); const char *strxf_ptype(__u8 ptype);
void xfrm_selector_print(struct xfrm_selector *sel, __u16 family, void xfrm_selector_print(struct xfrm_selector *sel, __u16 family,
FILE *fp, const char *prefix); FILE *fp, const char *prefix);
void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, FILE *fp,
FILE *fp, const char *prefix, bool nokeys); const char *prefix, bool nokeys, bool dir);
void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo, void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
struct rtattr *tb[], FILE *fp, const char *prefix, struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title, bool nokeys); const char *title, bool nokeys);

2
ip/xfrm_monitor.c
View File

@ -199,7 +199,7 @@ static int xfrm_report_print(struct nlmsghdr *n, void *arg)
parse_rtattr(tb, XFRMA_MAX, XFRMREP_RTA(xrep), len); parse_rtattr(tb, XFRMA_MAX, XFRMREP_RTA(xrep), len);
xfrm_xfrma_print(tb, family, fp, " ", nokeys); xfrm_xfrma_print(tb, family, fp, " ", nokeys, true);
if (oneline) if (oneline)
fprintf(fp, "\n"); fprintf(fp, "\n");

26
ip/xfrm_policy.c
View File

@ -57,6 +57,7 @@ static void usage(void)
" [ mark MARK [ mask MASK ] ] [ index INDEX ] [ ptype PTYPE ]\n" " [ mark MARK [ mask MASK ] ] [ index INDEX ] [ ptype PTYPE ]\n"
" [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ]\n" " [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ]\n"
" [ if_id IF_ID ] [ LIMIT-LIST ] [ TMPL-LIST ]\n" " [ if_id IF_ID ] [ LIMIT-LIST ] [ TMPL-LIST ]\n"
" [ offload packet dev DEV] } ]\n"
"Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n" "Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n"
" [ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n" " [ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n"
" [ if_id IF_ID ]\n" " [ if_id IF_ID ]\n"
@ -260,6 +261,7 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
char *ptypep = NULL; char *ptypep = NULL;
char *sctxp = NULL; char *sctxp = NULL;
struct xfrm_userpolicy_type upt = {}; struct xfrm_userpolicy_type upt = {};
struct xfrm_user_offload xuo = {};
char tmpls_buf[XFRM_TMPLS_BUF_SIZE] = {}; char tmpls_buf[XFRM_TMPLS_BUF_SIZE] = {};
int tmpls_len = 0; int tmpls_len = 0;
struct xfrm_mark mark = {0, 0}; struct xfrm_mark mark = {0, 0};
@ -268,6 +270,8 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
char str[CTX_BUF_SIZE]; char str[CTX_BUF_SIZE];
} ctx = {}; } ctx = {};
bool is_if_id_set = false; bool is_if_id_set = false;
unsigned int ifindex = 0;
bool is_offload = false;
__u32 if_id = 0; __u32 if_id = 0;
while (argc > 0) { while (argc > 0) {
@ -342,6 +346,21 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
if (get_u32(&if_id, *argv, 0)) if (get_u32(&if_id, *argv, 0))
invarg("IF_ID value is invalid", *argv); invarg("IF_ID value is invalid", *argv);
is_if_id_set = true; is_if_id_set = true;
} else if (strcmp(*argv, "offload") == 0) {
NEXT_ARG();
if (strcmp(*argv, "packet") == 0)
NEXT_ARG();
else
invarg("Invalid offload mode", *argv);
if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
ifindex = ll_name_to_index(*argv);
if (!ifindex)
invarg("Invalid device name", *argv);
} else
invarg("Missing dev keyword", *argv);
is_offload = true;
} else { } else {
if (selp) if (selp)
duparg("unknown", *argv); duparg("unknown", *argv);
@ -387,6 +406,13 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
if (is_if_id_set) if (is_if_id_set)
addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id); addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
if (is_offload) {
xuo.ifindex = ifindex;
xuo.flags |= XFRM_OFFLOAD_PACKET;
addattr_l(&req.n, sizeof(req.buf), XFRMA_OFFLOAD_DEV, &xuo,
sizeof(xuo));
}
if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
exit(1); exit(1);

8
man/man8/ip-xfrm.8
View File

@ -252,6 +252,10 @@ ip-xfrm \- transform configuration
.IR FLAG-LIST " ]" .IR FLAG-LIST " ]"
.RB "[ " if_id .RB "[ " if_id
.IR IF-ID " ]" .IR IF-ID " ]"
.RB "[ " offload
.RB packet
.RB dev
.IR DEV " ]"
.RI "[ " LIMIT-LIST " ] [ " TMPL-LIST " ]" .RI "[ " LIMIT-LIST " ] [ " TMPL-LIST " ]"
.ti -8 .ti -8
@ -593,6 +597,10 @@ of the packets emitted by the state
.I IF-ID .I IF-ID
xfrm interface identifier used to in both xfrm policies and states xfrm interface identifier used to in both xfrm policies and states
.TP
.I DEV
Network interface name used to offload policies and states
.sp .sp
.PP .PP
.TS .TS