Commit 4a132095 authored Aug 22, 2018 by Shannon Nelson Committed by Steffen Klassert Aug 29, 2018

xfrm: allow driver to quietly refuse offload



If the "offload" attribute is used to create an IPsec SA
and the .xdo_dev_state_add() fails, the SA creation fails.
However, if the "offload" attribute is used on a device that
doesn't offer it, the attribute is quietly ignored and the SA
is created without an offload.

Along the same line of that second case, it would be good to
have a way for the device to refuse to offload an SA without
failing the whole SA creation.  This patch adds that feature
by allowing the driver to return -EOPNOTSUPP as a signal that
the SA may be fine, it just can't be offloaded.

This allows the user a little more flexibility in requesting
offloads and not needing to know every detail at all times about
each specific NIC when trying to create SAs.

Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

parent 0c05f983

Documentation/networking/xfrm_device.txt

+4 −0

Original line number	Diff line number	Diff line
		@@ -68,6 +68,10 @@ and an indication of whether it is for Rx or Tx. The driver should
		- verify the algorithm is supported for offloads
		- store the SA information (key, salt, target-ip, protocol, etc)
		- enable the HW offload of the SA
		- return status value:
		0 success
		-EOPNETSUPP offload not supported, try SW IPsec
		other fail the request

		The driver can also set an offload_handle in the SA, an opaque void pointer
		that can be used to convey context into the fast-path offload requests.

net/xfrm/xfrm_device.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -192,8 +192,12 @@ int xfrm_dev_state_add(struct net net, struct xfrm_state x,

		err = dev->xfrmdev_ops->xdo_dev_state_add(x);
		if (err) {
		xso->num_exthdrs = 0;
		xso->flags = 0;
		xso->dev = NULL;
		dev_put(dev);

		if (err != -EOPNOTSUPP)
		return err;
		}

Admin message