[strongSwan-dev] [hw-offload-auto-mode 3/3] child-cfg: Make HW offload auto mode configurable
adin at mellanox.com
adin at mellanox.com
Mon Mar 5 17:26:03 CET 2018
From: Adi Nissim <adin at mellanox.com>
Until now the configuration avaliable to user for HW offload were:
hw_offload = no
hw_offload = yes
With this commit users will be able to configure auto mode using:
hw_offload = auto.
Signed-off-by: Adi Nissim <adin at mellanox.com>
Reviewed-by: Aviv Heller <avivh at mellanox.com>
---
src/libcharon/config/child_cfg.c | 14 +++++++++++++
src/libcharon/config/child_cfg.h | 16 ++++++++++-----
src/libcharon/kernel/kernel_ipsec.h | 6 ++++--
src/libcharon/plugins/vici/vici_config.c | 34 ++++++++++++++++++++++----------
src/libcharon/sa/child_sa.c | 2 +-
5 files changed, 54 insertions(+), 18 deletions(-)
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index ec2a124..db16092 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -142,6 +142,11 @@ struct private_child_cfg_t {
* anti-replay window size
*/
uint32_t replay_window;
+
+ /**
+ * HW offload mode
+ */
+ hw_offload_t hw_offload;
};
METHOD(child_cfg_t, get_name, char*,
@@ -461,6 +466,13 @@ METHOD(child_cfg_t, get_start_action, action_t,
return this->start_action;
}
+
+METHOD(child_cfg_t, get_hw_offload, hw_offload_t,
+ private_child_cfg_t *this)
+{
+ return this->hw_offload;
+}
+
METHOD(child_cfg_t, get_dpd_action, action_t,
private_child_cfg_t *this)
{
@@ -646,6 +658,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.equals = _equals,
.get_ref = _get_ref,
.destroy = _destroy,
+ .get_hw_offload = _get_hw_offload,
},
.name = strdup(name),
.options = data->options,
@@ -668,6 +681,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.other_ts = linked_list_create(),
.replay_window = lib->settings->get_int(lib->settings,
"%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
+ .hw_offload = data->hw_offload,
);
return &this->public;
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index e2834fa..49af06c 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -183,6 +183,13 @@ struct child_cfg_t {
action_t (*get_dpd_action) (child_cfg_t *this);
/**
+ * Get the HW offload mode to use for the CHILD_SA.
+ *
+ * @return hw offload mode
+ */
+ hw_offload_t (*get_hw_offload) (child_cfg_t *this);
+
+ /**
* Action to take if CHILD_SA gets closed.
*
* @return close action
@@ -305,14 +312,11 @@ enum child_cfg_option_t {
/** Install outbound FWD IPsec policies to bypass drop policies */
OPT_FWD_OUT_POLICIES = (1<<4),
- /** Enable hardware offload, if supported by the IPsec backend */
- OPT_HW_OFFLOAD = (1<<5),
-
/** Force 96-bit truncation for SHA-256 */
- OPT_SHA256_96 = (1<<6),
+ OPT_SHA256_96 = (1<<5),
/** Set mark on inbound SAs */
- OPT_MARK_IN_SA = (1<<7),
+ OPT_MARK_IN_SA = (1<<6),
};
/**
@@ -347,6 +351,8 @@ struct child_cfg_create_t {
action_t close_action;
/** updown script to execute on up/down event (cloned) */
char *updown;
+ /** HW offload mode : no/yes/auto */
+ hw_offload_t hw_offload;
};
/**
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index b753040..943185f 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -91,8 +91,10 @@ struct kernel_ipsec_add_sa_t {
uint16_t cpi;
/** TRUE to enable UDP encapsulation for NAT traversal */
bool encap;
- /** TRUE to enable hardware offloading if available */
- bool hw_offload;
+ /** no(without offload)/yes(activate offload)/
+ * auto(if offload is supported activate it)
+ */
+ hw_offload_t hw_offload;
/** TRUE to use Extended Sequence Numbers */
bool esn;
/** TRUE if initiator of the exchange creating the SA */
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index e0e2955..02fd291 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -533,7 +533,7 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
- DBG2(DBG_CFG, " hw_offload = %u", has_opt(OPT_HW_OFFLOAD));
+ DBG2(DBG_CFG, " hw_offload = %N", hw_offload_names, cfg->hw_offload);
DBG2(DBG_CFG, " sha256_96 = %u", has_opt(OPT_SHA256_96));
}
@@ -892,14 +892,6 @@ CALLBACK(parse_opt_ipcomp, bool,
return parse_option(out, OPT_IPCOMP, v);
}
-/**
- * Parse OPT_HW_OFFLOAD option
- */
-CALLBACK(parse_opt_hw_offl, bool,
- child_cfg_option_t *out, chunk_t v)
-{
- return parse_option(out, OPT_HW_OFFLOAD, v);
-}
/**
* Parse OPT_SHA256_96 option
@@ -944,6 +936,28 @@ CALLBACK(parse_action, bool,
}
/**
+ * Parse an hw_offload_t
+ */
+CALLBACK(parse_hw_offload, bool,
+ action_t *out, chunk_t v)
+{
+ enum_map_t map[] = {
+ { "no", HW_OFFLOAD_NO },
+ { "yes", HW_OFFLOAD_YES },
+ { "auto", HW_OFFLOAD_AUTO },
+ };
+ int d;
+
+ if (parse_map(map, countof(map), &d, v))
+ {
+ *out = d;
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
* Parse a uint32_t with the given base
*/
static bool parse_uint32_base(uint32_t *out, chunk_t v, int base)
@@ -1578,7 +1592,7 @@ CALLBACK(child_kv, bool,
{ "tfc_padding", parse_tfc, &child->cfg.tfc },
{ "priority", parse_uint32, &child->cfg.priority },
{ "interface", parse_string, &child->cfg.interface },
- { "hw_offload", parse_opt_hw_offl, &child->cfg.options },
+ { "hw_offload", parse_hw_offload, &child->cfg.hw_offload },
{ "sha256_96", parse_opt_sha256_96,&child->cfg.options },
};
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 91da4d3..af1c801 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -888,7 +888,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
.ipcomp = this->ipcomp,
.cpi = cpi,
.encap = this->encap,
- .hw_offload = this->config->has_option(this->config, OPT_HW_OFFLOAD),
+ .hw_offload = this->config->get_hw_offload(this->config),
.esn = esn,
.initiator = initiator,
.inbound = inbound,
--
1.8.3.1
More information about the Dev
mailing list