From 96d30bf9410954526106ea78659ba18ab9ce9ab5 Mon Sep 17 00:00:00 2001 From: Hangbin Liu Date: Wed, 4 Sep 2024 08:34:56 +0800 Subject: [PATCH] bonding: Add ESN support to IPSec HW offload Currently, users can see that bonding supports IPSec HW offload via ethtool. However, this functionality does not work with NICs like Mellanox cards when ESN (Extended Sequence Numbers) is enabled, as ESN functions are not yet supported. This patch adds ESN support to the bonding IPSec device offload, ensuring proper functionality with NICs that support ESN. Reviewed-by: Nikolay Aleksandrov Acked-by: Jay Vosburgh Signed-off-by: Hangbin Liu Signed-off-by: Paolo Abeni --- drivers/net/bonding/bond_main.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 46f46fea9152..a6628b1f33a7 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -694,11 +694,36 @@ out: return ok; } +/** + * bond_advance_esn_state - ESN support for IPSec HW offload + * @xs: pointer to transformer state struct + **/ +static void bond_advance_esn_state(struct xfrm_state *xs) +{ + struct net_device *real_dev; + + rcu_read_lock(); + real_dev = bond_ipsec_dev(xs); + if (!real_dev) + goto out; + + if (!real_dev->xfrmdev_ops || + !real_dev->xfrmdev_ops->xdo_dev_state_advance_esn) { + pr_warn_ratelimited("%s: %s doesn't support xdo_dev_state_advance_esn\n", __func__, real_dev->name); + goto out; + } + + real_dev->xfrmdev_ops->xdo_dev_state_advance_esn(xs); +out: + rcu_read_unlock(); +} + static const struct xfrmdev_ops bond_xfrmdev_ops = { .xdo_dev_state_add = bond_ipsec_add_sa, .xdo_dev_state_delete = bond_ipsec_del_sa, .xdo_dev_state_free = bond_ipsec_free_sa, .xdo_dev_offload_ok = bond_ipsec_offload_ok, + .xdo_dev_state_advance_esn = bond_advance_esn_state, }; #endif /* CONFIG_XFRM_OFFLOAD */ -- 2.49.0