Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Transformation Statistics

Transformation Statistics

-------------------------

-------------------------

xfrm_proc is a statistics shown factor dropped by transformation

for developer.

It is a counter designed from current transformation source code

and defined like linux private MIB.

Inbound statistics

The xfrm_proc code is a set of statistics showing numbers of packets

~~~~~~~~~~~~~~~~~~

dropped by the transformation code and why.  These counters are defined

as part of the linux private MIB.  These counters can be viewed in

/proc/net/xfrm_stat.

Inbound errors

~~~~~~~~~~~~~~

XfrmInError:

XfrmInError:

	All errors which is not matched others

	All errors which is not matched others

XfrmInBufferError:

XfrmInBufferError:

	Policy discards

	Policy discards

XfrmInPolError:

XfrmInPolError:

	Policy error

	Policy error

XfrmAcquireError:

	State hasn't been fully acquired before use

XfrmFwdHdrError:

	Forward routing of a packet is not allowed

Outbound errors

Outbound errors

~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~

	Policy is dead

	Policy is dead

XfrmOutPolError:

XfrmOutPolError:

	Policy error

	Policy error

XfrmOutStateInvalid:

	State is invalid, perhaps expired

	const struct ndisc_ops *ndisc_ops;

	const struct ndisc_ops *ndisc_ops;

#endif

#endif

#ifdef CONFIG_XFRM

#ifdef CONFIG_XFRM_OFFLOAD

	const struct xfrmdev_ops *xfrmdev_ops;

	const struct xfrmdev_ops *xfrmdev_ops;

#endif

#endif

	struct Qdisc		*output_queue;

	struct Qdisc		*output_queue;

	struct Qdisc		**output_queue_tailp;

	struct Qdisc		**output_queue_tailp;

	struct sk_buff		*completion_queue;

	struct sk_buff		*completion_queue;

#ifdef CONFIG_XFRM_OFFLOAD

	struct sk_buff_head	xfrm_backlog;

#endif

#ifdef CONFIG_RPS

#ifdef CONFIG_RPS

	/* input_queue_head should be written by cpu owning this struct,

	/* input_queue_head should be written by cpu owning this struct,

	 * and only read by other cpus. Worth using a cache line.

	 * and only read by other cpus. Worth using a cache line.

int dev_get_phys_port_name(struct net_device *dev,

int dev_get_phys_port_name(struct net_device *dev,

			   char *name, size_t len);

			   char *name, size_t len);

int dev_change_proto_down(struct net_device *dev, bool proto_down);

int dev_change_proto_down(struct net_device *dev, bool proto_down);

struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *dev);

struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *dev, bool *again);

struct sk_buff *dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev,

struct sk_buff *dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev,

				    struct netdev_queue *txq, int *ret);

				    struct netdev_queue *txq, int *ret);

#define	XFRM_GSO_SEGMENT	16

#define	XFRM_GSO_SEGMENT	16

#define	XFRM_GRO		32

#define	XFRM_GRO		32

#define	XFRM_ESP_NO_TRAILER	64

#define	XFRM_ESP_NO_TRAILER	64

#define	XFRM_DEV_RESUME		128

	__u32			status;

	__u32			status;

#define CRYPTO_SUCCESS				1

#define CRYPTO_SUCCESS				1

{

{

	return skb->sp->xvec[skb->sp->len - 1];

	return skb->sp->xvec[skb->sp->len - 1];

}

}

#endif

static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)

static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)

{

{

#ifdef CONFIG_XFRM

	struct sec_path *sp = skb->sp;

	struct sec_path *sp = skb->sp;

	if (!sp || !sp->olen || sp->len != sp->olen)

	if (!sp || !sp->olen || sp->len != sp->olen)

		return NULL;

		return NULL;

	return &sp->ovec[sp->olen - 1];

	return &sp->ovec[sp->olen - 1];

}

#else

	return NULL;

#endif

#endif

}

void __net_init xfrm_dev_init(void);

void __net_init xfrm_dev_init(void);

#ifdef CONFIG_XFRM_OFFLOAD

#ifdef CONFIG_XFRM_OFFLOAD

int validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features);

void xfrm_dev_resume(struct sk_buff *skb);

void xfrm_dev_backlog(struct softnet_data *sd);

struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again);

int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,

int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,

		       struct xfrm_user_offload *xuo);

		       struct xfrm_user_offload *xuo);

bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x);

bool xfrm_dev_offload_ok(struct sk_buff *skb, struct xfrm_state *x);

		return false;

		return false;

	xdst = (struct xfrm_dst *) dst;

	xdst = (struct xfrm_dst *) dst;

	if (!x->xso.offload_handle && !xdst->child->xfrm)

		return true;

	if (x->xso.offload_handle && (x->xso.dev == xfrm_dst_path(dst)->dev) &&

	if (x->xso.offload_handle && (x->xso.dev == xfrm_dst_path(dst)->dev) &&

	    !xdst->child->xfrm)

	    !xdst->child->xfrm)

		return true;

		return true;

	 struct net_device *dev = xso->dev;

	 struct net_device *dev = xso->dev;

	if (dev && dev->xfrmdev_ops) {

	if (dev && dev->xfrmdev_ops) {

		if (dev->xfrmdev_ops->xdo_dev_state_free)

			dev->xfrmdev_ops->xdo_dev_state_free(x);

			dev->xfrmdev_ops->xdo_dev_state_free(x);

		xso->dev = NULL;

		xso->dev = NULL;

		dev_put(dev);

		dev_put(dev);

	}

	}

}

}

#else

#else

static inline int validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features)

static inline void xfrm_dev_resume(struct sk_buff *skb)

{

{

	return 0;

}

static inline void xfrm_dev_backlog(struct softnet_data *sd)

{

}

static inline struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again)

{

	return skb;

}

}

static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, struct xfrm_user_offload *xuo)

static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, struct xfrm_user_offload *xuo)

}

}

EXPORT_SYMBOL(skb_csum_hwoffload_help);

EXPORT_SYMBOL(skb_csum_hwoffload_help);

static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device *dev)

static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device *dev, bool *again)

{

{

	netdev_features_t features;

	netdev_features_t features;

		    __skb_linearize(skb))

		    __skb_linearize(skb))

			goto out_kfree_skb;

			goto out_kfree_skb;

		if (validate_xmit_xfrm(skb, features))

			goto out_kfree_skb;

		/* If packet is not checksummed and device does not

		/* If packet is not checksummed and device does not

		 * support checksumming for this protocol, complete

		 * support checksumming for this protocol, complete

		 * checksumming here.

		 * checksumming here.

		}

		}

	}

	}

	skb = validate_xmit_xfrm(skb, features, again);

	return skb;

	return skb;

out_kfree_skb:

out_kfree_skb:

	return NULL;

	return NULL;

}

}

struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *dev)

struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *dev, bool *again)

{

{

	struct sk_buff *next, *head = NULL, *tail;

	struct sk_buff *next, *head = NULL, *tail;

		/* in case skb wont be segmented, point to itself */

		/* in case skb wont be segmented, point to itself */

		skb->prev = skb;

		skb->prev = skb;

		skb = validate_xmit_skb(skb, dev);

		skb = validate_xmit_skb(skb, dev, again);

		if (!skb)

		if (!skb)

			continue;

			continue;

	struct netdev_queue *txq;

	struct netdev_queue *txq;

	struct Qdisc *q;

	struct Qdisc *q;

	int rc = -ENOMEM;

	int rc = -ENOMEM;

	bool again = false;

	skb_reset_mac_header(skb);

	skb_reset_mac_header(skb);

				     XMIT_RECURSION_LIMIT))

				     XMIT_RECURSION_LIMIT))

				goto recursion_alert;

				goto recursion_alert;

			skb = validate_xmit_skb(skb, dev);

			skb = validate_xmit_skb(skb, dev, &again);

			if (!skb)

			if (!skb)

				goto out;

				goto out;

				spin_unlock(root_lock);

				spin_unlock(root_lock);

		}

		}

	}

	}

	xfrm_dev_backlog(sd);

}

}

#if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_ATM_LANE)

#if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_ATM_LANE)

		skb_queue_head_init(&sd->input_pkt_queue);

		skb_queue_head_init(&sd->input_pkt_queue);

		skb_queue_head_init(&sd->process_queue);

		skb_queue_head_init(&sd->process_queue);

#ifdef CONFIG_XFRM_OFFLOAD

		skb_queue_head_init(&sd->xfrm_backlog);

#endif

		INIT_LIST_HEAD(&sd->poll_list);

		INIT_LIST_HEAD(&sd->poll_list);

		sd->output_queue_tailp = &sd->output_queue;

		sd->output_queue_tailp = &sd->output_queue;

#ifdef CONFIG_RPS

#ifdef CONFIG_RPS

static void esp_output_done(struct crypto_async_request *base, int err)

static void esp_output_done(struct crypto_async_request *base, int err)

{

{

	struct sk_buff *skb = base->data;

	struct sk_buff *skb = base->data;

	struct xfrm_offload *xo = xfrm_offload(skb);

	void *tmp;

	void *tmp;

	struct dst_entry *dst = skb_dst(skb);

	struct xfrm_state *x;

	struct xfrm_state *x = dst->xfrm;

	if (xo && (xo->flags & XFRM_DEV_RESUME))

		x = skb->sp->xvec[skb->sp->len - 1];

	else

		x = skb_dst(skb)->xfrm;

	tmp = ESP_SKB_CB(skb)->tmp;

	tmp = ESP_SKB_CB(skb)->tmp;

	esp_ssg_unref(x, tmp);

	esp_ssg_unref(x, tmp);

	kfree(tmp);

	kfree(tmp);

	if (xo && (xo->flags & XFRM_DEV_RESUME)) {

		if (err) {

			XFRM_INC_STATS(xs_net(x), LINUX_MIB_XFRMOUTSTATEPROTOERROR);

			kfree_skb(skb);

			return;

		}

		skb_push(skb, skb->data - skb_mac_header(skb));

		secpath_reset(skb);

		xfrm_dev_resume(skb);

	} else {

		xfrm_output_resume(skb, err);

		xfrm_output_resume(skb, err);

	}

	}

}

/* Move ESP header back into place. */

/* Move ESP header back into place. */

static void esp_restore_header(struct sk_buff *skb, unsigned int offset)

static void esp_restore_header(struct sk_buff *skb, unsigned int offset)

	char aead_name[CRYPTO_MAX_ALG_NAME];

	char aead_name[CRYPTO_MAX_ALG_NAME];

	struct crypto_aead *aead;

	struct crypto_aead *aead;

	int err;

	int err;

	u32 mask = 0;

	err = -ENAMETOOLONG;

	err = -ENAMETOOLONG;

	if (snprintf(aead_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",

	if (snprintf(aead_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",

		     x->geniv, x->aead->alg_name) >= CRYPTO_MAX_ALG_NAME)

		     x->geniv, x->aead->alg_name) >= CRYPTO_MAX_ALG_NAME)

		goto error;

		goto error;

	if (x->xso.offload_handle)

	aead = crypto_alloc_aead(aead_name, 0, 0);

		mask |= CRYPTO_ALG_ASYNC;

	aead = crypto_alloc_aead(aead_name, 0, mask);

	err = PTR_ERR(aead);

	err = PTR_ERR(aead);

	if (IS_ERR(aead))

	if (IS_ERR(aead))

		goto error;

		goto error;

	char authenc_name[CRYPTO_MAX_ALG_NAME];

	char authenc_name[CRYPTO_MAX_ALG_NAME];

	unsigned int keylen;

	unsigned int keylen;

	int err;

	int err;

	u32 mask = 0;

	err = -EINVAL;

	err = -EINVAL;

	if (!x->ealg)

	if (!x->ealg)

			goto error;

			goto error;

	}

	}

	if (x->xso.offload_handle)

	aead = crypto_alloc_aead(authenc_name, 0, 0);

		mask |= CRYPTO_ALG_ASYNC;

	aead = crypto_alloc_aead(authenc_name, 0, mask);

	err = PTR_ERR(aead);

	err = PTR_ERR(aead);

	if (IS_ERR(aead))

	if (IS_ERR(aead))

		goto error;

		goto error;