kernel-netlink: Add support to set CPU ID on SA

author Tobias Brunner <tobias@strongswan.org>

Tue, 11 May 2021 14:07:39 +0000 (16:07 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Wed, 28 May 2025 14:35:26 +0000 (16:35 +0200)
author Tobias Brunner <tobias@strongswan.org>
Tue, 11 May 2021 14:07:39 +0000 (16:07 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Wed, 28 May 2025 14:35:26 +0000 (16:35 +0200)
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h

index be78a9904a1d86ab1dbdfc5de08cbaca0e623771..8b79acac9d46ad0c75197e700a817c39913f506f 100644 (file)
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -95,6 +95,8 @@ struct kernel_ipsec_add_sa_t {
         uint16_t ipcomp;
         /** CPI for IPComp */
         uint16_t cpi;
+       /** Optional CPU ID, must be CPU_ID_MAX if not used */
+       uint32_t cpu;
         /** TRUE to enable UDP encapsulation for NAT traversal */
         bool encap;
         /** HW offload mode */
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c

index dd205aa0adc1a82f83d6bcc04bcf23bd4563a419..74b33d8839dc973e10c63cc30ace88241f7344a0 100644 (file)
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1725,6 +1725,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                         .int_alg = AUTH_UNDEFINED,
                         .tfc = data->tfc,
                         .ipcomp = data->ipcomp,
+                       .cpu = data->cpu,
                         .initiator = data->initiator,
                         .inbound = data->inbound,
                         .update = data->update,
@@ -2084,6 +2085,15 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                 goto failed;
         }
  
+       if (data->cpu != CPU_ID_MAX)
+       {
+               if (!add_uint32(hdr, sizeof(request), XFRMA_SA_PCPU, data->cpu))
+               {
+                       goto failed;
+               }
+               DBG2(DBG_KNL, "  using CPU ID: %u", data->cpu);
+       }
+
         if (id->proto != IPPROTO_COMP)
         {
                 /* we don't need a replay window for outbound SAs, however, older
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c

index 2dfae0efb4615d355b955b7be21f6e8bd2719904..a2bc49d2cad9d64690e0b2a4222dcd67de40c966 100644 (file)
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1054,6 +1054,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
                 .ipcomp = this->ipcomp,
                 .cpi = cpi,
                 .encap = this->encap,
+               .cpu = CPU_ID_MAX,
                 .hw_offload = this->config->get_hw_offload(this->config),
                 .mark = this->config->get_set_mark(this->config, inbound),
                 .esn = esn,
author	Tobias Brunner <tobias@strongswan.org>
	Tue, 11 May 2021 14:07:39 +0000 (16:07 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Wed, 28 May 2025 14:35:26 +0000 (16:35 +0200)
src/libcharon/kernel/kernel_ipsec.h		patch \| blob \| blame \| history
src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c		patch \| blob \| blame \| history
src/libcharon/sa/child_sa.c		patch \| blob \| blame \| history