esp: Add a software GRO codepath

	unsigned int daddroff;

	unsigned int daddroff;

	unsigned int family;

	unsigned int family;

	__be32 seq;

};

};

#define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))

#define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))

	  If unsure, say Y.

	  If unsure, say Y.

config INET_ESP_OFFLOAD

	tristate "IP: ESP transformation offload"

	depends on INET_ESP

	select XFRM_OFFLOAD

	default n

	---help---

	  Support for ESP transformation offload. This makes sense

	  only if this system really does IPsec and want to do it

	  with high throughput. A typical desktop system does not

	  need it, even if it does IPsec.

	  If unsure, say N.

config INET_IPCOMP

config INET_IPCOMP

	tristate "IP: IPComp transformation"

	tristate "IP: IPComp transformation"

	select INET_XFRM_TUNNEL

	select INET_XFRM_TUNNEL

obj-$(CONFIG_SYN_COOKIES) += syncookies.o

obj-$(CONFIG_SYN_COOKIES) += syncookies.o

obj-$(CONFIG_INET_AH) += ah4.o

obj-$(CONFIG_INET_AH) += ah4.o

obj-$(CONFIG_INET_ESP) += esp4.o

obj-$(CONFIG_INET_ESP) += esp4.o

obj-$(CONFIG_INET_ESP_OFFLOAD) += esp4_offload.o

obj-$(CONFIG_INET_IPCOMP) += ipcomp.o

obj-$(CONFIG_INET_IPCOMP) += ipcomp.o

obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o

obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o

obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o

obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o

/*

 * IPV4 GSO/GRO offload support

 * Linux INET implementation

 *

 * Copyright (C) 2016 secunet Security Networks AG

 * Author: Steffen Klassert <steffen.klassert@secunet.com>

 *

 * This program is free software; you can redistribute it and/or modify it

 * under the terms and conditions of the GNU General Public License,

 * version 2, as published by the Free Software Foundation.

 *

 * ESP GRO support

 */

#include <linux/skbuff.h>

#include <linux/init.h>

#include <net/protocol.h>

#include <crypto/aead.h>

#include <crypto/authenc.h>

#include <linux/err.h>

#include <linux/module.h>

#include <net/ip.h>

#include <net/xfrm.h>

#include <net/esp.h>

#include <linux/scatterlist.h>

#include <linux/kernel.h>

#include <linux/slab.h>

#include <linux/spinlock.h>

#include <net/udp.h>

static struct sk_buff **esp4_gro_receive(struct sk_buff **head,

					 struct sk_buff *skb)

{

	int offset = skb_gro_offset(skb);

	struct xfrm_offload *xo;

	struct xfrm_state *x;

	__be32 seq;

	__be32 spi;

	int err;

	skb_pull(skb, offset);

	if ((err = xfrm_parse_spi(skb, IPPROTO_ESP, &spi, &seq)) != 0)

		goto out;

	err = secpath_set(skb);

	if (err)

		goto out;

	if (skb->sp->len == XFRM_MAX_DEPTH)

		goto out;

	x = xfrm_state_lookup(dev_net(skb->dev), skb->mark,

			      (xfrm_address_t *)&ip_hdr(skb)->daddr,

			      spi, IPPROTO_ESP, AF_INET);

	if (!x)

		goto out;

	skb->sp->xvec[skb->sp->len++] = x;

	skb->sp->olen++;

	xo = xfrm_offload(skb);

	if (!xo) {

		xfrm_state_put(x);

		goto out;

	}

	xo->flags |= XFRM_GRO;

	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;

	XFRM_SPI_SKB_CB(skb)->family = AF_INET;

	XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);

	XFRM_SPI_SKB_CB(skb)->seq = seq;

	/* We don't need to handle errors from xfrm_input, it does all

	 * the error handling and frees the resources on error. */

	xfrm_input(skb, IPPROTO_ESP, spi, -2);

	return ERR_PTR(-EINPROGRESS);

out:

	skb_push(skb, offset);

	NAPI_GRO_CB(skb)->same_flow = 0;

	NAPI_GRO_CB(skb)->flush = 1;

	return NULL;

}

static const struct net_offload esp4_offload = {

	.callbacks = {

		.gro_receive = esp4_gro_receive,

	},

};

static int __init esp4_offload_init(void)

{

	return inet_add_offload(&esp4_offload, IPPROTO_ESP);

}

static void __exit esp4_offload_exit(void)

{

	inet_del_offload(&esp4_offload, IPPROTO_ESP);

}

module_init(esp4_offload_init);

module_exit(esp4_offload_exit);

MODULE_LICENSE("GPL");

MODULE_AUTHOR("Steffen Klassert <steffen.klassert@secunet.com>");

int xfrm4_transport_finish(struct sk_buff *skb, int async)

int xfrm4_transport_finish(struct sk_buff *skb, int async)

{

{

	struct xfrm_offload *xo = xfrm_offload(skb);

	struct iphdr *iph = ip_hdr(skb);

	struct iphdr *iph = ip_hdr(skb);

	iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol;

	iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol;

	iph->tot_len = htons(skb->len);

	iph->tot_len = htons(skb->len);

	ip_send_check(iph);

	ip_send_check(iph);

	if (xo && (xo->flags & XFRM_GRO)) {

		skb_mac_header_rebuild(skb);

		return 0;

	}

	NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,

	NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,

		dev_net(skb->dev), NULL, skb, skb->dev, NULL,

		dev_net(skb->dev), NULL, skb, skb->dev, NULL,

		xfrm4_rcv_encap_finish);

		xfrm4_rcv_encap_finish);