In the tls_dev_event handler, ignore tlsdev_ops requirement for bond
interfaces, they do not exist as the interaction is done directly with
the lower device.
Also, make the validate function pass when it's called with the upper
bond interface.
Signed-off-by: Tariq Toukan <email address hidden>
Reviewed-by: Boris Pismenny <email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
(cherry picked from commit 4e5a73329051e5b24fb1d715a5417ef3f95b08a6)
Signed-off-by: Jeff Lane <email address hidden>
Following the description in previous patch (for TX):
As the bond interface is being bypassed by the TLS module, interacting
directly against the lower devs, there is no way for the bond interface
to disable its device offload capabilities, as long as the mode/policy
config allows it.
Hence, the feature flag is not directly controllable, but just reflects
the offload status based on the logic under bond_sk_check().
Here we just declare RX device offload support, and expose it via the
NETIF_F_HW_TLS_RX flag.
Signed-off-by: Tariq Toukan <email address hidden>
Reviewed-by: Boris Pismenny <email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
(cherry picked from commit dc5809f9e2b674a489723bd8d0131c97e565ca8d)
Signed-off-by: Jeff Lane <email address hidden>
Implement TLS TX device offload for bonding interfaces.
This allows kTLS sockets running on a bond to benefit from the
device offload on capable lower devices.
To allow a simple and fast maintenance of the TLS context in SW and
lower devices, we bind the TLS socket to a specific lower dev.
To achieve a behavior similar to SW kTLS, we support only balance-xor
and 802.3ad modes, with xmit_hash_policy=layer3+4. This is enforced
in bond_sk_check(), done in a previous patch.
For the above configuration, the SW implementation keeps picking the
same exact lower dev for all the socket's SKBs. The device offload
behaves similarly, making the decision once at the connection creation.
Per socket, the TLS module should work directly with the lowest netdev
in chain, to call the tls_dev_ops operations.
As the bond interface is being bypassed by the TLS module, interacting
directly against the lower devs, there is no way for the bond interface
to disable its device offload capabilities, as long as the mode/policy
config allows it.
Hence, the feature flag is not directly controllable, but just reflects
the current offload status based on the logic under bond_sk_check().
Signed-off-by: Tariq Toukan <email address hidden>
Reviewed-by: Boris Pismenny <email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
(cherry picked from commit 89df6a8104706f94800ed527ad73d07465ea4d12)
Signed-off-by: Jeff Lane <email address hidden>
In preparation for more cases that call netdev_update_features().
While here, move the features logic to the stage where struct bond
is already updated, and pass it as the only parameter to function
bond_set_xfrm_features().
Signed-off-by: Tariq Toukan <email address hidden>
Reviewed-by: Boris Pismenny <email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
(cherry picked from commit f45583de361db2160fbca4a99c20a0c44b34f36a)
Signed-off-by: Jeff Lane <email address hidden>
ndo_sk_get_lower_dev returns the lower netdev that corresponds to
a given socket.
Additionally, we implement a helper netdev_sk_get_lowest_dev() to get
the lowest one in chain.
Signed-off-by: Tariq Toukan <email address hidden>
Reviewed-by: Boris Pismenny <email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
(cherry picked from commit 719a402cf60311b1cdff3f6320abaecdcc5e46b7)
Signed-off-by: Jeff Lane <email address hidden>
