bonding: Add ESN support to IPSec HW offload

Currently, users can see that bonding supports IPSec HW offload via ethtool.
However, this functionality does not work with NICs like Mellanox cards when
ESN (Extended Sequence Numbers) is enabled, as ESN functions are not yet
supported. This patch adds ESN support to the bonding IPSec device offload,
ensuring proper functionality with NICs that support ESN.

Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Acked-by: Jay Vosburgh <jv@jvosburgh.net>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 46f46fea9152ec8231e3a2009f189f559207f5f9..a6628b1f33a7bc7e572b743499f23a8eea1bc5af 100644 (file)
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -694,11 +694,36 @@ out:
        return ok;
 }
 
+/**
+ * bond_advance_esn_state - ESN support for IPSec HW offload
+ * @xs: pointer to transformer state struct
+ **/
+static void bond_advance_esn_state(struct xfrm_state *xs)
+{
+       struct net_device *real_dev;
+
+       rcu_read_lock();
+       real_dev = bond_ipsec_dev(xs);
+       if (!real_dev)
+               goto out;
+
+       if (!real_dev->xfrmdev_ops ||
+           !real_dev->xfrmdev_ops->xdo_dev_state_advance_esn) {
+               pr_warn_ratelimited("%s: %s doesn't support xdo_dev_state_advance_esn\n", __func__, real_dev->name);
+               goto out;
+       }
+
+       real_dev->xfrmdev_ops->xdo_dev_state_advance_esn(xs);
+out:
+       rcu_read_unlock();
+}
+
 static const struct xfrmdev_ops bond_xfrmdev_ops = {
        .xdo_dev_state_add = bond_ipsec_add_sa,
        .xdo_dev_state_delete = bond_ipsec_del_sa,
        .xdo_dev_state_free = bond_ipsec_free_sa,
        .xdo_dev_offload_ok = bond_ipsec_offload_ok,
+       .xdo_dev_state_advance_esn = bond_advance_esn_state,
 };
 #endif /* CONFIG_XFRM_OFFLOAD */