-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Christian Hopps <[email protected]>
- Loading branch information
Showing
20 changed files
with
4,505 additions
and
3,216 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| From: Christian Hopps <[email protected]> | ||
| Subject: [PATCH ipsec-next v2 0/17] Add IP-TFS mode to xfrm | ||
|
|
||
| Summary of Changes | ||
| ------------------ | ||
|
|
||
| This patchset adds a new xfrm mode implementing on-demand IP-TFS. IP-TFS | ||
| (AggFrag encapsulation) has been standardized in RFC9347. | ||
|
|
||
| Link: https://www.rfc-editor.org/rfc/rfc9347.txt | ||
|
|
||
| This feature supports demand driven (i.e., non-constant send rate) | ||
| IP-TFS to take advantage of the AGGFRAG ESP payload encapsulation. This | ||
| payload type supports aggregation and fragmentation of the inner IP | ||
| packet stream which in turn yields higher small-packet bandwidth as well | ||
| as reducing MTU/PMTU issues. Congestion control is unimplementated as | ||
| the send rate is demand driven rather than constant. | ||
|
|
||
| In order to allow loading this fucntionality as a module a set of | ||
| callbacks xfrm_mode_cbs has been added to xfrm as well. | ||
|
|
||
| Patchset Changes: | ||
| ----------------- | ||
|
|
||
| 23 files changed, 3252 insertions(+), 19 deletions(-) | ||
| Documentation/networking/xfrm_sysctl.rst | 30 + | ||
| include/net/netns/xfrm.h | 6 + | ||
| include/net/xfrm.h | 40 + | ||
| include/uapi/linux/in.h | 2 + | ||
| include/uapi/linux/ip.h | 16 + | ||
| include/uapi/linux/ipsec.h | 3 +- | ||
| include/uapi/linux/snmp.h | 3 + | ||
| include/uapi/linux/xfrm.h | 9 +- | ||
| net/ipv4/esp4.c | 3 +- | ||
| net/ipv6/esp6.c | 3 +- | ||
| net/netfilter/nft_xfrm.c | 3 +- | ||
| net/xfrm/Makefile | 1 + | ||
| net/xfrm/trace_iptfs.h | 218 +++ | ||
| net/xfrm/xfrm_compat.c | 10 +- | ||
| net/xfrm/xfrm_device.c | 4 +- | ||
| net/xfrm/xfrm_input.c | 14 +- | ||
| net/xfrm/xfrm_iptfs.c | 2741 ++++++++++++++++++++++++++++++ | ||
| net/xfrm/xfrm_output.c | 6 + | ||
| net/xfrm/xfrm_policy.c | 26 +- | ||
| net/xfrm/xfrm_proc.c | 3 + | ||
| net/xfrm/xfrm_state.c | 60 + | ||
| net/xfrm/xfrm_sysctl.c | 38 + | ||
| net/xfrm/xfrm_user.c | 32 + | ||
|
|
||
| Patchset Structure: | ||
| ------------------- | ||
|
|
||
| The first 8 commits are changes to the xfrm infrastructure to support | ||
| the callbacks as well as more generic IP-TFS additions that may be used | ||
| outside the actual IP-TFS implementation. | ||
|
|
||
| - iptfs: config: add CONFIG_XFRM_IPTFS | ||
| - iptfs: uapi: ip: add ip_tfs_*_hdr packet formats | ||
| - iptfs: uapi: IPPROTO_AGGFRAG AGGFRAG in ESP | ||
| - iptfs: sysctl: allow configuration of global default values | ||
| - iptfs: netlink: add config (netlink) options | ||
| - iptfs: xfrm: Add mode_cbs module functionality | ||
| - iptfs: xfrm: add generic iptfs defines and functionality | ||
|
|
||
| The last 9+1 commits constitute the IP-TFS implementation constructed in | ||
| layers to make review easier. The first 9 commits all apply to a single | ||
| file `net/xfrm/xfrm_iptfs.c`, the last commit adds a new tracepoint | ||
| header file along with the use of these new tracepoint calls. | ||
|
|
||
| - iptfs: impl: add new iptfs xfrm mode impl | ||
| - iptfs: impl: add user packet (tunnel ingress) handling | ||
| - iptfs: impl: share page fragments of inner packets | ||
| - iptfs: impl: add fragmenting of larger than MTU user packets | ||
| - iptfs: impl: add basic receive packet (tunnel egress) handling | ||
| - iptfs: impl: handle received fragmented inner packets | ||
| - iptfs: impl: add reusing received skb for the tunnel egress packet | ||
| - iptfs: impl: add skb-fragment sharing code | ||
| - iptfs: impl: handle reordering of received packets | ||
| - iptfs: impl: add tracepoint functionality | ||
|
|
||
| Patchset History: | ||
| ----------------- | ||
|
|
||
| RFCv1 (11/10/2023) | ||
|
|
||
| RFCv1 -> RFCv2 (11/12/2023) | ||
|
|
||
| Updates based on feedback from Simon Horman, Antony, | ||
| Michael Richardson, and kernel test robot. | ||
|
|
||
| RFCv2 -> v1 (2/19/2024) | ||
|
|
||
| Updates based on feedback from Sabrina Dubroca, kernel test robot | ||
|
|
||
| v1 -> v2 (5/19/2024) | ||
|
|
||
| Updates based on feedback from Sabrina Dubroca, Simon Horman, Antony. | ||
|
|
||
| o Add handling of new netlink SA direction attribute (Antony). | ||
| o Split single patch/commit of xfrm_iptfs.c (the actual IP-TFS impl) | ||
| into 9+1 distinct layered functionality commits for aiding review. | ||
| - xfrm: fix return check on clone() callback | ||
| - xfrm: add sa_len() callback in xfrm_mode_cbs for copy to user | ||
| - iptfs: remove unneeded skb free count variable | ||
| - iptfs: remove unused variable and "breadcrumb" for future code. | ||
| - iptfs: use do_div() to avoid "__udivd13 missing" link failure. | ||
| - iptfs: remove some BUG_ON() assertions questioned in review. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| From 53a3a402912b9373cf757d9d613bbc270a66881e Mon Sep 17 00:00:00 2001 | ||
| From 5624f2ed73dc421981acfdd4978962dcc9c47a14 Mon Sep 17 00:00:00 2001 | ||
| From: Christian Hopps <[email protected]> | ||
| Date: Sun, 12 Nov 2023 06:28:49 -0500 | ||
| Subject: [PATCH ipsec-next v2 1/8] iptfs: config: add CONFIG_XFRM_IPTFS | ||
| Subject: [PATCH ipsec-next v2 01/17] xfrm: config: add CONFIG_XFRM_IPTFS | ||
|
|
||
| Add new Kconfig option to enable IP-TFS (RFC9347) functionality. | ||
|
|
||
|
|
@@ -38,5 +38,5 @@ index d7b16f2c23e9..f0157702718f 100644 | |
| bool | ||
|
|
||
| -- | ||
| 2.43.2 | ||
| 2.45.1 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| From 4cdbf70870800953a9e42d3f936097cc87553e17 Mon Sep 17 00:00:00 2001 | ||
| From 648cd1fb4681e18c6e5c519218cd9535c21a14e6 Mon Sep 17 00:00:00 2001 | ||
| From: Christian Hopps <[email protected]> | ||
| Date: Wed, 20 Apr 2022 13:15:20 -0400 | ||
| Subject: [PATCH ipsec-next v2 2/8] iptfs: uapi: ip: add ip_tfs_*_hdr packet | ||
| Subject: [PATCH ipsec-next v2 02/17] include: uapi: add ip_tfs_*_hdr packet | ||
| formats | ||
|
|
||
| Add the on-wire basic and congestion-control IP-TFS packet headers. | ||
|
|
@@ -39,5 +39,5 @@ index 283dec7e3645..5bd7ce934d74 100644 | |
| enum | ||
| { | ||
| -- | ||
| 2.43.2 | ||
| 2.45.1 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,8 @@ | ||
| From e0b405306b76c78e9b3ef5e2a76a594a13b9d8f0 Mon Sep 17 00:00:00 2001 | ||
| From 362a550bcdb56935c48bcc9532468af191f0525f Mon Sep 17 00:00:00 2001 | ||
| From: Christian Hopps <[email protected]> | ||
| Date: Sat, 27 Aug 2022 02:26:52 +0000 | ||
| Subject: [PATCH ipsec-next v2 3/8] iptfs: uapi: IPPROTO_AGGFRAG AGGFRAG in ESP | ||
| Subject: [PATCH ipsec-next v2 03/17] include: uapi: add IPPROTO_AGGFRAG for | ||
| AGGFRAG in ESP | ||
|
|
||
| Add the RFC assigned IP protocol number for AGGFRAG. | ||
|
|
||
|
|
@@ -24,5 +25,5 @@ index e682ab628dfa..e6a1f3e4c58c 100644 | |
| #define IPPROTO_RAW IPPROTO_RAW | ||
| IPPROTO_MPTCP = 262, /* Multipath TCP connection */ | ||
| -- | ||
| 2.43.2 | ||
| 2.45.1 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| From f78a7f448129d65028fff3c9257a3d0477e8b2d8 Mon Sep 17 00:00:00 2001 | ||
| From 75b39d8517b8b16aa9225caa7548954b3a8d972d Mon Sep 17 00:00:00 2001 | ||
| From: Christian Hopps <[email protected]> | ||
| Date: Wed, 26 Jul 2023 14:20:52 +0000 | ||
| Subject: [PATCH ipsec-next v2 4/8] iptfs: sysctl: allow configuration of | ||
| Subject: [PATCH ipsec-next v2 04/17] xfrm: sysctl: allow configuration of | ||
| global default values | ||
|
|
||
| Add sysctls for the changing the IPTFS default SA values. | ||
|
|
@@ -132,5 +132,5 @@ index 7fdeafc838a7..dddb1025b7de 100644 | |
| /* Don't export sysctls to unprivileged users */ | ||
| if (net->user_ns != &init_user_ns) { | ||
| -- | ||
| 2.43.2 | ||
| 2.45.1 | ||
|
|
||
109 changes: 0 additions & 109 deletions
109
patches/v2/v2-0005-iptfs-netlink-add-config-netlink-options.patch
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.