esp4: Support RX checksum with crypto offload

ilantayari · klassert · commit ec9567a9e008 · 2017-08-02T11:00:15.000+02:00
Keep the device's reported ip_summed indication in case crypto
was offloaded by the device. Subtract the csum values of the
stripped parts (esp header+iv, esp trailer+auth_data) to keep
value correct.

Note: CHECKSUM_COMPLETE should be indicated only if skb-&gt;csum
has the post-decryption offload csum value.

Signed-off-by: Ariel Levkovich &lt;lariel@mellanox.com&gt;
Signed-off-by: Ilan Tayari &lt;ilant@mellanox.com&gt;
Signed-off-by: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
@@ -510,7 +510,8 @@ int esp_input_done2(struct sk_buff *skb, int err)
 	int elen = skb->len - hlen;
 	int ihl;
 	u8 nexthdr[2];
-	int padlen;
+	int padlen, trimlen;
+	__wsum csumdiff;
 
 	if (!xo || (xo && !(xo->flags & CRYPTO_DONE)))
 		kfree(ESP_SKB_CB(skb)->tmp);
@@ -568,8 +569,15 @@ int esp_input_done2(struct sk_buff *skb, int err)
 			skb->ip_summed = CHECKSUM_UNNECESSARY;
 	}
 
-	pskb_trim(skb, skb->len - alen - padlen - 2);
-	__skb_pull(skb, hlen);
+	trimlen = alen + padlen + 2;
+	if (skb->ip_summed == CHECKSUM_COMPLETE) {
+		csumdiff = skb_checksum(skb, skb->len - trimlen, trimlen, 0);
+		skb->csum = csum_block_sub(skb->csum, csumdiff,
+					   skb->len - trimlen);
+	}
+	pskb_trim(skb, skb->len - trimlen);
+
+	skb_pull_rcsum(skb, hlen);
 	if (x->props.mode == XFRM_MODE_TUNNEL)
 		skb_reset_transport_header(skb);
 	else
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c
@@ -182,11 +182,13 @@ static struct sk_buff *esp4_gso_segment(struct sk_buff *skb,
 static int esp_input_tail(struct xfrm_state *x, struct sk_buff *skb)
 {
 	struct crypto_aead *aead = x->data;
+	struct xfrm_offload *xo = xfrm_offload(skb);
 
 	if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead)))
 		return -EINVAL;
 
-	skb->ip_summed = CHECKSUM_NONE;
+	if (!(xo->flags & CRYPTO_DONE))
+		skb->ip_summed = CHECKSUM_NONE;
 
 	return esp_input_done2(skb, 0);
 }

Original file line number	Diff line number	Diff line change
`@@ -182,11 +182,13 @@ static struct sk_buff esp4_gso_segment(struct sk_buff skb,`
`182`	`182`	`static int esp_input_tail(struct xfrm_state x, struct sk_buff skb)`
`183`	`183`	`{`
`184`	`184`	`struct crypto_aead *aead = x->data;`
	`185`	`+ struct xfrm_offload *xo = xfrm_offload(skb);`
`185`	`186`
`186`	`187`	`if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead)))`
`187`	`188`	`return -EINVAL;`
`188`	`189`
`189`		`- skb->ip_summed = CHECKSUM_NONE;`
	`190`	`+ if (!(xo->flags & CRYPTO_DONE))`
	`191`	`+ skb->ip_summed = CHECKSUM_NONE;`
`190`	`192`
`191`	`193`	`return esp_input_done2(skb, 0);`
`192`	`194`	`}`