child-cfg: Make HW offload auto mode configurable
authorAdi Nissim <adin@mellanox.com>
Mon, 12 Mar 2018 14:34:21 +0000 (16:34 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 21 Mar 2018 09:32:02 +0000 (10:32 +0100)
Until now the configuration available to user for HW offload were:
hw_offload = no
hw_offload = yes

With this commit users will be able to configure auto mode using:
hw_offload = auto

Signed-off-by: Adi Nissim <adin@mellanox.com>
Reviewed-by: Aviv Heller <avivh@mellanox.com>
src/libcharon/config/child_cfg.c
src/libcharon/config/child_cfg.h
src/libcharon/kernel/kernel_ipsec.h
src/libcharon/plugins/vici/vici_config.c
src/libcharon/sa/child_sa.c

index 3d110e9..bc417f9 100644 (file)
@@ -142,6 +142,11 @@ struct private_child_cfg_t {
         * anti-replay window size
         */
        uint32_t replay_window;
+
+       /**
+        * HW offload mode
+        */
+       hw_offload_t hw_offload;
 };
 
 METHOD(child_cfg_t, get_name, char*,
@@ -467,6 +472,12 @@ METHOD(child_cfg_t, get_start_action, action_t,
        return this->start_action;
 }
 
+METHOD(child_cfg_t, get_hw_offload, hw_offload_t,
+       private_child_cfg_t *this)
+{
+       return this->hw_offload;
+}
+
 METHOD(child_cfg_t, get_dpd_action, action_t,
        private_child_cfg_t *this)
 {
@@ -652,6 +663,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
                        .equals = _equals,
                        .get_ref = _get_ref,
                        .destroy = _destroy,
+                       .get_hw_offload = _get_hw_offload,
                },
                .name = strdup(name),
                .options = data->options,
@@ -674,6 +686,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
                .other_ts = linked_list_create(),
                .replay_window = lib->settings->get_int(lib->settings,
                                                        "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
+               .hw_offload = data->hw_offload,
        );
 
        return &this->public;
index e2834fa..d566da3 100644 (file)
@@ -183,6 +183,13 @@ struct child_cfg_t {
        action_t (*get_dpd_action) (child_cfg_t *this);
 
        /**
+        * Get the HW offload mode to use for the CHILD_SA.
+        *
+        * @return                              hw offload mode
+        */
+       hw_offload_t (*get_hw_offload) (child_cfg_t *this);
+
+       /**
         * Action to take if CHILD_SA gets closed.
         *
         * @return                              close action
@@ -305,14 +312,11 @@ enum child_cfg_option_t {
        /** Install outbound FWD IPsec policies to bypass drop policies */
        OPT_FWD_OUT_POLICIES = (1<<4),
 
-       /** Enable hardware offload, if supported by the IPsec backend */
-       OPT_HW_OFFLOAD = (1<<5),
-
        /** Force 96-bit truncation for SHA-256 */
-       OPT_SHA256_96 = (1<<6),
+       OPT_SHA256_96 = (1<<5),
 
        /** Set mark on inbound SAs */
-       OPT_MARK_IN_SA = (1<<7),
+       OPT_MARK_IN_SA = (1<<6),
 };
 
 /**
@@ -347,6 +351,8 @@ struct child_cfg_create_t {
        action_t close_action;
        /** updown script to execute on up/down event (cloned) */
        char *updown;
+       /** HW offload mode */
+       hw_offload_t hw_offload;
 };
 
 /**
index b753040..94b9c28 100644 (file)
@@ -91,8 +91,8 @@ struct kernel_ipsec_add_sa_t {
        uint16_t cpi;
        /** TRUE to enable UDP encapsulation for NAT traversal */
        bool encap;
-       /** TRUE to enable hardware offloading if available */
-       bool hw_offload;
+       /** no (disabled), yes (enabled), auto (enabled if supported) */
+       hw_offload_t hw_offload;
        /** TRUE to use Extended Sequence Numbers */
        bool esn;
        /** TRUE if initiator of the exchange creating the SA */
index c95d8c8..5668b92 100644 (file)
@@ -533,7 +533,7 @@ static void log_child_data(child_data_t *data, char *name)
        DBG2(DBG_CFG, "   proposals = %#P", data->proposals);
        DBG2(DBG_CFG, "   local_ts = %#R", data->local_ts);
        DBG2(DBG_CFG, "   remote_ts = %#R", data->remote_ts);
-       DBG2(DBG_CFG, "   hw_offload = %u", has_opt(OPT_HW_OFFLOAD));
+       DBG2(DBG_CFG, "   hw_offload = %N", hw_offload_names, cfg->hw_offload);
        DBG2(DBG_CFG, "   sha256_96 = %u", has_opt(OPT_SHA256_96));
 }
 
@@ -892,14 +892,6 @@ CALLBACK(parse_opt_ipcomp, bool,
        return parse_option(out, OPT_IPCOMP, v);
 }
 
-/**
- * Parse OPT_HW_OFFLOAD option
- */
-CALLBACK(parse_opt_hw_offl, bool,
-       child_cfg_option_t *out, chunk_t v)
-{
-       return parse_option(out, OPT_HW_OFFLOAD, v);
-}
 
 /**
  * Parse OPT_SHA256_96 option
@@ -944,6 +936,27 @@ CALLBACK(parse_action, bool,
 }
 
 /**
+ * Parse an hw_offload_t
+ */
+CALLBACK(parse_hw_offload, bool,
+       action_t *out, chunk_t v)
+{
+       enum_map_t map[] = {
+               { "no",         HW_OFFLOAD_NO   },
+               { "yes",        HW_OFFLOAD_YES  },
+               { "auto",       HW_OFFLOAD_AUTO },
+       };
+       int d;
+
+       if (parse_map(map, countof(map), &d, v))
+       {
+               *out = d;
+               return TRUE;
+       }
+       return FALSE;
+}
+
+/**
  * Parse a uint32_t with the given base
  */
 static bool parse_uint32_base(uint32_t *out, chunk_t v, int base)
@@ -1578,7 +1591,7 @@ CALLBACK(child_kv, bool,
                { "tfc_padding",                parse_tfc,                      &child->cfg.tfc                                         },
                { "priority",                   parse_uint32,           &child->cfg.priority                            },
                { "interface",                  parse_string,           &child->cfg.interface                           },
-               { "hw_offload",                 parse_opt_hw_offl,      &child->cfg.options                                     },
+               { "hw_offload",                 parse_hw_offload,       &child->cfg.hw_offload                          },
                { "sha256_96",                  parse_opt_sha256_96,&child->cfg.options                                 },
        };
 
index cca97ea..5290356 100644 (file)
@@ -888,7 +888,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
                .ipcomp = this->ipcomp,
                .cpi = cpi,
                .encap = this->encap,
-               .hw_offload = this->config->has_option(this->config, OPT_HW_OFFLOAD),
+               .hw_offload = this->config->get_hw_offload(this->config),
                .esn = esn,
                .initiator = initiator,
                .inbound = inbound,