From: Hangbin Liu Date: Wed, 4 Sep 2024 00:34:56 +0000 (+0800) Subject: bonding: Add ESN support to IPSec HW offload X-Git-Tag: v6.12-rc1~232^2~99^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=96d30bf9410954526106ea78659ba18ab9ce9ab5;p=thirdparty%2Flinux.git bonding: Add ESN support to IPSec HW offload Currently, users can see that bonding supports IPSec HW offload via ethtool. However, this functionality does not work with NICs like Mellanox cards when ESN (Extended Sequence Numbers) is enabled, as ESN functions are not yet supported. This patch adds ESN support to the bonding IPSec device offload, ensuring proper functionality with NICs that support ESN. Reviewed-by: Nikolay Aleksandrov Acked-by: Jay Vosburgh Signed-off-by: Hangbin Liu Signed-off-by: Paolo Abeni --- diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 46f46fea9152e..a6628b1f33a7b 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -694,11 +694,36 @@ out: return ok; } +/** + * bond_advance_esn_state - ESN support for IPSec HW offload + * @xs: pointer to transformer state struct + **/ +static void bond_advance_esn_state(struct xfrm_state *xs) +{ + struct net_device *real_dev; + + rcu_read_lock(); + real_dev = bond_ipsec_dev(xs); + if (!real_dev) + goto out; + + if (!real_dev->xfrmdev_ops || + !real_dev->xfrmdev_ops->xdo_dev_state_advance_esn) { + pr_warn_ratelimited("%s: %s doesn't support xdo_dev_state_advance_esn\n", __func__, real_dev->name); + goto out; + } + + real_dev->xfrmdev_ops->xdo_dev_state_advance_esn(xs); +out: + rcu_read_unlock(); +} + static const struct xfrmdev_ops bond_xfrmdev_ops = { .xdo_dev_state_add = bond_ipsec_add_sa, .xdo_dev_state_delete = bond_ipsec_del_sa, .xdo_dev_state_free = bond_ipsec_free_sa, .xdo_dev_offload_ok = bond_ipsec_offload_ok, + .xdo_dev_state_advance_esn = bond_advance_esn_state, }; #endif /* CONFIG_XFRM_OFFLOAD */