From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 11 May 2021 14:07:39 +0000 (+0200)
Subject: kernel-netlink: Add support to set CPU ID on SA
X-Git-Tag: 6.0.2dr1~5^2~26
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=53be94d06ccfb4e40f812a8046882a9e8b361eb4;p=thirdparty%2Fstrongswan.git

kernel-netlink: Add support to set CPU ID on SA
---

diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index be78a9904a..8b79acac9d 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -95,6 +95,8 @@ struct kernel_ipsec_add_sa_t {
 	uint16_t ipcomp;
 	/** CPI for IPComp */
 	uint16_t cpi;
+	/** Optional CPU ID, must be CPU_ID_MAX if not used */
+	uint32_t cpu;
 	/** TRUE to enable UDP encapsulation for NAT traversal */
 	bool encap;
 	/** HW offload mode */
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index dd205aa0ad..74b33d8839 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1725,6 +1725,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			.int_alg = AUTH_UNDEFINED,
 			.tfc = data->tfc,
 			.ipcomp = data->ipcomp,
+			.cpu = data->cpu,
 			.initiator = data->initiator,
 			.inbound = data->inbound,
 			.update = data->update,
@@ -2084,6 +2085,15 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		goto failed;
 	}
 
+	if (data->cpu != CPU_ID_MAX)
+	{
+		if (!add_uint32(hdr, sizeof(request), XFRMA_SA_PCPU, data->cpu))
+		{
+			goto failed;
+		}
+		DBG2(DBG_KNL, "  using CPU ID: %u", data->cpu);
+	}
+
 	if (id->proto != IPPROTO_COMP)
 	{
 		/* we don't need a replay window for outbound SAs, however, older
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 2dfae0efb4..a2bc49d2ca 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1054,6 +1054,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
 		.ipcomp = this->ipcomp,
 		.cpi = cpi,
 		.encap = this->encap,
+		.cpu = CPU_ID_MAX,
 		.hw_offload = this->config->get_hw_offload(this->config),
 		.mark = this->config->get_set_mark(this->config, inbound),
 		.esn = esn,