-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Christian Hopps <[email protected]>
- Loading branch information
Showing
17 changed files
with
5,370 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
+XXX | ||
+XXX UPDATE SUBJECT and Patchset list | ||
+XXX | ||
|
||
Subject: [PATCH ipsec-next v7 00/16] Add IP-TFS mode to xfrm | ||
|
||
* Summary of Changes: | ||
|
||
This patchset adds a new xfrm mode implementing on-demand IP-TFS. IP-TFS | ||
(AggFrag encapsulation) has been standardized in RFC9347. | ||
|
||
Link: https://www.rfc-editor.org/rfc/rfc9347.txt | ||
|
||
This feature supports demand driven (i.e., non-constant send rate) | ||
IP-TFS to take advantage of the AGGFRAG ESP payload encapsulation. This | ||
payload type supports aggregation and fragmentation of the inner IP | ||
packet stream which in turn yields higher small-packet bandwidth as well | ||
as reducing MTU/PMTU issues. Congestion control is unimplementated as | ||
the send rate is demand driven rather than constant. | ||
|
||
In order to allow loading this fucntionality as a module a set of | ||
callbacks xfrm_mode_cbs has been added to xfrm as well. | ||
|
||
Patchset Changes: | ||
----------------- | ||
|
||
21 files changed, 3370 insertions(+), 19 deletions(-) | ||
include/net/xfrm.h | 44 + | ||
include/uapi/linux/in.h | 2 + | ||
include/uapi/linux/ip.h | 16 + | ||
include/uapi/linux/ipsec.h | 3 +- | ||
include/uapi/linux/snmp.h | 3 + | ||
include/uapi/linux/xfrm.h | 9 +- | ||
net/ipv4/esp4.c | 3 +- | ||
net/ipv6/esp6.c | 3 +- | ||
net/netfilter/nft_xfrm.c | 3 +- | ||
net/xfrm/Kconfig | 16 + | ||
net/xfrm/Makefile | 1 + | ||
net/xfrm/trace_iptfs.h | 218 ++++ | ||
net/xfrm/xfrm_compat.c | 10 +- | ||
net/xfrm/xfrm_device.c | 4 +- | ||
net/xfrm/xfrm_input.c | 18 +- | ||
net/xfrm/xfrm_iptfs.c | 2864 ++++++++++++++++++++++++++++++++++++++++++++ | ||
net/xfrm/xfrm_output.c | 6 + | ||
net/xfrm/xfrm_policy.c | 26 +- | ||
net/xfrm/xfrm_proc.c | 3 + | ||
net/xfrm/xfrm_state.c | 60 + | ||
net/xfrm/xfrm_user.c | 77 ++ | ||
|
||
Patchset Structure: | ||
------------------- | ||
|
||
The first 6 commits are changes to the xfrm infrastructure to support | ||
the callbacks as well as more generic IP-TFS additions that may be used | ||
outside the actual IP-TFS implementation. | ||
|
||
- xfrm: config: add CONFIG_XFRM_IPTFS | ||
- include: uapi: add ip_tfs_*_hdr packet formats | ||
- include: uapi: add IPPROTO_AGGFRAG for AGGFRAG in ESP | ||
- xfrm: netlink: add config (netlink) options | ||
- xfrm: add mode_cbs module functionality | ||
- xfrm: add generic iptfs defines and functionality | ||
|
||
The last 10 commits constitute the IP-TFS implementation constructed in | ||
layers to make review easier. The first 9 commits all apply to a single | ||
file `net/xfrm/xfrm_iptfs.c`, the last commit adds a new tracepoint | ||
header file along with the use of these new tracepoint calls. | ||
|
||
- xfrm: iptfs: add new iptfs xfrm mode impl | ||
- xfrm: iptfs: add user packet (tunnel ingress) handling | ||
- xfrm: iptfs: share page fragments of inner packets | ||
- xfrm: iptfs: add fragmenting of larger than MTU user packets | ||
- xfrm: iptfs: add basic receive packet (tunnel egress) handling | ||
- xfrm: iptfs: handle received fragmented inner packets | ||
- xfrm: iptfs: add reusing received skb for the tunnel egress packet | ||
- xfrm: iptfs: add skb-fragment sharing code | ||
- xfrm: iptfs: handle reordering of received packets | ||
- xfrm: iptfs: add tracepoint functionality | ||
|
||
Patchset History: | ||
----------------- | ||
|
||
RFCv1 (11/10/2023) | ||
|
||
RFCv1 -> RFCv2 (11/12/2023) | ||
|
||
Updates based on feedback from Simon Horman, Antony, | ||
Michael Richardson, and kernel test robot. | ||
|
||
RFCv2 -> v1 (2/19/2024) | ||
|
||
Updates based on feedback from Sabrina Dubroca, kernel test robot | ||
|
||
v1 -> v2 (5/19/2024) | ||
|
||
Updates based on feedback from Sabrina Dubroca, Simon Horman, Antony. | ||
|
||
o Add handling of new netlink SA direction attribute (Antony). | ||
o Split single patch/commit of xfrm_iptfs.c (the actual IP-TFS impl) | ||
into 9+1 distinct layered functionality commits for aiding review. | ||
- xfrm: fix return check on clone() callback | ||
- xfrm: add sa_len() callback in xfrm_mode_cbs for copy to user | ||
- iptfs: remove unneeded skb free count variable | ||
- iptfs: remove unused variable and "breadcrumb" for future code. | ||
- iptfs: use do_div() to avoid "__udivd13 missing" link failure. | ||
- iptfs: remove some BUG_ON() assertions questioned in review. | ||
|
||
v2->v3 | ||
- Git User Glitch | ||
|
||
v2->v4 (6/17/2024) | ||
|
||
- iptfs: copy only the netlink attributes to user based on the | ||
direction of the SA. | ||
|
||
- xfrm: stats: in the output path check for skb->dev == NULL prior to | ||
setting xfrm statistics on dev_net(skb->dev) as skb->dev may be NULL | ||
for locally generated packets. | ||
|
||
- xfrm: stats: fix an input use case where dev_net(skb->dev) is used | ||
to inc stats after skb is possibly NULL'd earlier. Switch to using | ||
existing saved `net` pointer. | ||
|
||
v4->v5 (7/14/2024) | ||
- uapi: add units to doc comments | ||
- iptfs: add MODULE_DESCRIPTION() | ||
- squash nl-direction-update commit | ||
|
||
v5->v6 (7/31/2024) | ||
* sysctl: removed IPTFS sysctl additions | ||
- xfrm: use array of pointers vs structs for mode callbacks | ||
- iptfs: eliminate a memleak during state alloc failure | ||
- iptfs: free send queue content on SA delete | ||
- add some kdoc and comments | ||
- cleanup a couple formatting choices per Steffen | ||
|
||
v6->v7 (8/1/2024) | ||
- Rebased on latest ipsec-next |
42 changes: 42 additions & 0 deletions
42
patches/v7/v7-0001-xfrm-config-add-CONFIG_XFRM_IPTFS.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
From 0822158912c8e8477b2282ecd6ef406cbf5dcb28 Mon Sep 17 00:00:00 2001 | ||
From: Christian Hopps <[email protected]> | ||
Date: Sun, 12 Nov 2023 06:28:49 -0500 | ||
Subject: [PATCH ipsec-next v7 01/16] xfrm: config: add CONFIG_XFRM_IPTFS | ||
|
||
Add new Kconfig option to enable IP-TFS (RFC9347) functionality. | ||
|
||
Signed-off-by: Christian Hopps <[email protected]> | ||
--- | ||
net/xfrm/Kconfig | 16 ++++++++++++++++ | ||
1 file changed, 16 insertions(+) | ||
|
||
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig | ||
index d7b16f2c23e9..f0157702718f 100644 | ||
--- a/net/xfrm/Kconfig | ||
+++ b/net/xfrm/Kconfig | ||
@@ -135,6 +135,22 @@ config NET_KEY_MIGRATE | ||
|
||
If unsure, say N. | ||
|
||
+config XFRM_IPTFS | ||
+ tristate "IPsec IP-TFS/AGGFRAG (RFC 9347) encapsulation support" | ||
+ depends on XFRM | ||
+ help | ||
+ Information on the IP-TFS/AGGFRAG encapsulation can be found | ||
+ in RFC 9347. This feature supports demand driven (i.e., | ||
+ non-constant send rate) IP-TFS to take advantage of the | ||
+ AGGFRAG ESP payload encapsulation. This payload type | ||
+ supports aggregation and fragmentation of the inner IP | ||
+ packet stream which in turn yields higher small-packet | ||
+ bandwidth as well as reducing MTU/PMTU issues. Congestion | ||
+ control is unimplementated as the send rate is demand driven | ||
+ rather than constant. | ||
+ | ||
+ If unsure, say N. | ||
+ | ||
config XFRM_ESPINTCP | ||
bool | ||
|
||
-- | ||
2.46.0 | ||
|
43 changes: 43 additions & 0 deletions
43
patches/v7/v7-0002-include-uapi-add-ip_tfs_-_hdr-packet-formats.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
From 8cba80905abbe7af6ca00618afcd13b3c13a91af Mon Sep 17 00:00:00 2001 | ||
From: Christian Hopps <[email protected]> | ||
Date: Wed, 20 Apr 2022 13:15:20 -0400 | ||
Subject: [PATCH ipsec-next v7 02/16] include: uapi: add ip_tfs_*_hdr packet | ||
formats | ||
|
||
Add the on-wire basic and congestion-control IP-TFS packet headers. | ||
|
||
Signed-off-by: Christian Hopps <[email protected]> | ||
--- | ||
include/uapi/linux/ip.h | 16 ++++++++++++++++ | ||
1 file changed, 16 insertions(+) | ||
|
||
diff --git a/include/uapi/linux/ip.h b/include/uapi/linux/ip.h | ||
index 283dec7e3645..5bd7ce934d74 100644 | ||
--- a/include/uapi/linux/ip.h | ||
+++ b/include/uapi/linux/ip.h | ||
@@ -137,6 +137,22 @@ struct ip_beet_phdr { | ||
__u8 reserved; | ||
}; | ||
|
||
+struct ip_iptfs_hdr { | ||
+ __u8 subtype; /* 0*: basic, 1: CC */ | ||
+ __u8 flags; | ||
+ __be16 block_offset; | ||
+}; | ||
+ | ||
+struct ip_iptfs_cc_hdr { | ||
+ __u8 subtype; /* 0: basic, 1*: CC */ | ||
+ __u8 flags; | ||
+ __be16 block_offset; | ||
+ __be32 loss_rate; | ||
+ __be64 rtt_adelay_xdelay; | ||
+ __be32 tval; | ||
+ __be32 techo; | ||
+}; | ||
+ | ||
/* index values for the variables in ipv4_devconf */ | ||
enum | ||
{ | ||
-- | ||
2.46.0 | ||
|
29 changes: 29 additions & 0 deletions
29
patches/v7/v7-0003-include-uapi-add-IPPROTO_AGGFRAG-for-AGGFRAG-in-E.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
From 93deaa06aefbdf1f581f9956c27e3e765671dea3 Mon Sep 17 00:00:00 2001 | ||
From: Christian Hopps <[email protected]> | ||
Date: Sat, 27 Aug 2022 02:26:52 +0000 | ||
Subject: [PATCH ipsec-next v7 03/16] include: uapi: add IPPROTO_AGGFRAG for | ||
AGGFRAG in ESP | ||
|
||
Add the RFC assigned IP protocol number for AGGFRAG. | ||
|
||
Signed-off-by: Christian Hopps <[email protected]> | ||
--- | ||
include/uapi/linux/in.h | 2 ++ | ||
1 file changed, 2 insertions(+) | ||
|
||
diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h | ||
index d358add1611c..268086e85d04 100644 | ||
--- a/include/uapi/linux/in.h | ||
+++ b/include/uapi/linux/in.h | ||
@@ -79,6 +79,8 @@ enum { | ||
#define IPPROTO_MPLS IPPROTO_MPLS | ||
IPPROTO_ETHERNET = 143, /* Ethernet-within-IPv6 Encapsulation */ | ||
#define IPPROTO_ETHERNET IPPROTO_ETHERNET | ||
+ IPPROTO_AGGFRAG = 144, /* AGGFRAG in ESP (RFC 9347) */ | ||
+#define IPPROTO_AGGFRAG IPPROTO_AGGFRAG | ||
IPPROTO_RAW = 255, /* Raw IP packets */ | ||
#define IPPROTO_RAW IPPROTO_RAW | ||
IPPROTO_SMC = 256, /* Shared Memory Communications */ | ||
-- | ||
2.46.0 | ||
|
Oops, something went wrong.