[][openwrt][mt7988][crypto][Refactor binding path for IPsec encryption]
[Description]
Change original binding flow for IPsec encryption.
To solve unsynchronized sequence number problem, bring the binding
point forward to xfrm framework.
1. Remove original binding flow in last post routing.
2. Export function to bind ipsec flows for crypto driver.
[Release-log]
N/A
Change-Id: I54b6dfcc19cb32f1cd4fb7921e902096a6df683c
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8135609
diff --git a/target/linux/mediatek/patches-5.4/999-4103-mtk-tunnel-crypto-offload-support.patch b/target/linux/mediatek/patches-5.4/999-4103-mtk-tunnel-crypto-offload-support.patch
index b2cc240..5cb8710 100644
--- a/target/linux/mediatek/patches-5.4/999-4103-mtk-tunnel-crypto-offload-support.patch
+++ b/target/linux/mediatek/patches-5.4/999-4103-mtk-tunnel-crypto-offload-support.patch
@@ -1,6 +1,6 @@
--- a/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h
+++ b/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h
-@@ -1091,6 +1091,8 @@ enum FoeIpAct {
+@@ -1139,6 +1139,8 @@ enum FoeIpAct {
#define NR_EIP197_QDMA_TPORT 3
#define NR_TDMA_TPORT 4
#define NR_TDMA_QDMA_TPORT 5
@@ -11,27 +11,27 @@
#define IS_WAN(dev) \
--- a/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
+++ b/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
-@@ -1099,7 +1099,8 @@ static unsigned int hnat_ipv4_get_nextho
+@@ -1100,7 +1100,8 @@ static unsigned int hnat_ipv4_get_nextho
* outer header, we must update its outer mac header pointer
* before filling outer mac or it may screw up inner mac
*/
-- if ((skb_hnat_tops(skb) && skb_hnat_is_encap(skb)) || skb_hnat_cdrt(skb)) {
+- if (skb_hnat_tops(skb) && skb_hnat_is_encap(skb)) {
+ if ((skb_hnat_tops(skb) && skb_hnat_is_encap(skb))
+ || (skb_hnat_cdrt(skb) && skb_hnat_is_encrypt(skb))) {
skb_push(skb, sizeof(struct ethhdr));
skb_reset_mac_header(skb);
}
-@@ -1107,7 +1108,8 @@ static unsigned int hnat_ipv4_get_nextho
+@@ -1108,7 +1109,8 @@ static unsigned int hnat_ipv4_get_nextho
memcpy(eth_hdr(skb)->h_dest, neigh->ha, ETH_ALEN);
memcpy(eth_hdr(skb)->h_source, out->dev_addr, ETH_ALEN);
-- if ((skb_hnat_tops(skb) && skb_hnat_is_encap(skb)) || skb_hnat_cdrt(skb))
+- if (skb_hnat_tops(skb) && skb_hnat_is_encap(skb))
+ if ((skb_hnat_tops(skb) && skb_hnat_is_encap(skb))
+ || (skb_hnat_cdrt(skb) && skb_hnat_is_encrypt(skb)))
skb_pull(skb, sizeof(struct ethhdr));
rcu_read_unlock_bh();
-@@ -1255,6 +1257,38 @@ static inline void hnat_get_filled_unbin
+@@ -1256,6 +1258,38 @@ static inline void hnat_get_filled_unbin
entry->bfib1.ps = 0;
}
@@ -70,7 +70,7 @@
static inline void hnat_qos_tnl(u32 id, const struct net_device *dev)
{
u32 cfg;
-@@ -1299,9 +1333,15 @@ static inline void hnat_fill_offload_eng
+@@ -1300,9 +1334,15 @@ static inline void hnat_fill_offload_eng
* we fill in hnat tport and tops_entry for tunnel encapsulation
* offloading
*/
@@ -88,7 +88,7 @@
entry->ipv4_hnapt.tport_id = NR_EIP197_QDMA_TPORT;
entry->ipv4_hnapt.cdrt_id = skb_hnat_cdrt(skb);
} else {
-@@ -1333,6 +1373,7 @@ static unsigned int skb_to_hnat_info(str
+@@ -1405,6 +1445,7 @@ static unsigned int skb_to_hnat_info(str
u32 port_id = 0;
u32 payload_len = 0;
int mape = 0;
@@ -96,12 +96,11 @@
ct = nf_ct_get(skb, &ctinfo);
-@@ -1349,10 +1390,12 @@ static unsigned int skb_to_hnat_info(str
+@@ -1421,9 +1462,12 @@ static unsigned int skb_to_hnat_info(str
if (whnat && is_hnat_pre_filled(foe))
return 0;
-- if ((skb_hnat_tops(skb) && !(hw_path->flags & FLOW_OFFLOAD_PATH_TNL))
-- || (skb_hnat_cdrt(skb) && skb_dst(skb) && !dst_xfrm(skb_dst(skb)))) {
+- if (skb_hnat_tops(skb) && !(hw_path->flags & FLOW_OFFLOAD_PATH_TNL)) {
+ ret = hnat_offload_engine_done(skb, hw_path);
+ if (ret == 1) {
hnat_get_filled_unbind_entry(skb, &entry);
@@ -111,26 +110,18 @@
}
entry.bfib1.pkt_type = foe->udib1.pkt_type; /* Get packte type state*/
-@@ -1751,7 +1794,8 @@ static unsigned int skb_to_hnat_info(str
+@@ -1869,7 +1913,9 @@ static unsigned int skb_to_hnat_info(str
+ /* Fill Layer2 Info.*/
entry = ppe_fill_L2_info(eth, entry, hw_path);
- if ((skb_hnat_tops(skb) && hw_path->flags & FLOW_OFFLOAD_PATH_TNL)
-- || (!skb_hnat_cdrt(skb) && skb_dst(skb) && dst_xfrm(skb_dst(skb))))
+- if (skb_hnat_tops(skb) && hw_path->flags & FLOW_OFFLOAD_PATH_TNL)
++ if ((skb_hnat_tops(skb) && hw_path->flags & FLOW_OFFLOAD_PATH_TNL)
+ || (!skb_hnat_cdrt(skb) && skb_hnat_is_encrypt(skb)
-+ && skb_dst(skb) && dst_xfrm(skb_dst(skb))))
++ && skb_dst(skb) && dst_xfrm(skb_dst(skb))))
goto hnat_entry_skip_bind;
hnat_entry_bind:
-@@ -1957,7 +2001,7 @@ hnat_entry_bind:
-
- #if defined(CONFIG_MEDIATEK_NETSYS_V3)
- hnat_fill_offload_engine_entry(skb, &entry, dev);
-- if (skb_hnat_cdrt(skb))
-+ if (skb_hnat_cdrt(skb) && skb_hnat_is_encrypt(skb))
- entry = ppe_fill_L2_info(eth, entry, hw_path);
- #endif
-
-@@ -2237,6 +2281,7 @@ int mtk_sw_nat_hook_rx(struct sk_buff *s
+@@ -2442,6 +2488,7 @@ int mtk_sw_nat_hook_rx(struct sk_buff *s
skb_hnat_alg(skb) = 0;
skb_hnat_set_tops(skb, 0);
skb_hnat_set_cdrt(skb, 0);
@@ -138,7 +129,7 @@
skb_hnat_magic_tag(skb) = HNAT_MAGIC_TAG;
if (skb_hnat_iface(skb) == FOE_MAGIC_WED0)
-@@ -3037,7 +3082,8 @@ mtk_hnat_ipv4_nf_local_out(void *priv, s
+@@ -3245,7 +3292,8 @@ mtk_hnat_ipv4_nf_local_out(void *priv, s
entry->udib1.pkt_type = IPV6_6RD;
hnat_set_head_frags(state, skb, 0, hnat_set_alg);
} else if (is_magic_tag_valid(skb)
@@ -150,7 +141,7 @@
hnat_set_head_frags(state, skb, 1, hnat_set_alg);
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
-@@ -2324,10 +2324,11 @@ static int mtk_poll_rx(struct napi_struc
+@@ -2344,10 +2344,11 @@ static int mtk_poll_rx(struct napi_struc
skb_hnat_alg(skb) = 0;
skb_hnat_filled(skb) = 0;
@@ -165,7 +156,7 @@
trace_printk("[%s] reason=0x%x(force to CPU) from WAN to Ext\n",
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.h
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.h
-@@ -640,6 +640,9 @@
+@@ -649,6 +649,9 @@
#define RX_DMA_GET_AGG_CNT_V2(_x) (((_x) >> 16) & 0xff)
#define RX_DMA_GET_TOPS_CRSN(_x) (((_x) >> 24) & 0xff)