[Swan-dev] [PATCH libreswan v2 2/3] pluto, whack: Add nic-offload 'auto' mode

Antony Antony antony at phenome.org
Fri Aug 4 12:30:45 UTC 2017 

a couple minor comments. 1/3 is already applied by Paul.
Here are my comments about 2/3 and will send another one for 3/3

On Wed, Aug 02, 2017 at 06:22:27PM +0300, ilant at mellanox.com wrote:
> From: Ilan Tayari <ilant at mellanox.com>
> 
> Convert nic-offload configuration from boolean to 3-choice enum.
> The behavior is:
>   no   - Never attempt nic offload
>   yes  - Always attempt nic offload, and fail if it fails
>   auto - Auto-detect kernel and NIC capability. attempt nic-offload
>          only if supported, and fallback to non-offload if it fails.
> 
> Default is auto.
> 
> Signed-off-by: Ilan Tayari <ilant at mellanox.com>
> ---
>  include/pluto_constants.h    |  6 ++++++
>  include/whack.h              |  2 +-
>  lib/libipsecconf/confread.c  |  2 +-
>  lib/libipsecconf/keywords.c  |  8 +++++++-
>  programs/pluto/connections.c |  5 +++--
>  programs/pluto/connections.h |  2 +-
>  programs/whack/whack.c       | 13 ++++++++++---
>  7 files changed, 29 insertions(+), 9 deletions(-)
> 
> diff --git a/include/pluto_constants.h b/include/pluto_constants.h
> index f683e0570..a03ed8e5b 100644
> --- a/include/pluto_constants.h
> +++ b/include/pluto_constants.h
> @@ -723,6 +723,12 @@ enum encaps_options {
>  	encaps_yes = 3,
>  };
>  
> +enum nic_offload_options {
> +	nic_offload_no = 0,

the feed back I sent used nic_offload_no = 1
that is less confusing. Most vaules get zeroed so preferably start from 1.

> +	nic_offload_yes = 1,
> +	nic_offload_auto = 2,
> +};
> +
>  enum ynf_options {
>  	ynf_no   = 0,
>  	ynf_yes  = 1,
> diff --git a/include/whack.h b/include/whack.h
> index 9e8a15ae1..bde7909db 100644
> --- a/include/whack.h
> +++ b/include/whack.h
> @@ -155,7 +155,7 @@ struct whack_message {
>  	unsigned long sa_replay_window;
>  	deltatime_t r_timeout; /* in secs */
>  	unsigned long  r_interval; /* in msec */
> -	bool nic_offload;
> +	enum nic_offload_options nic_offload;
>  
>  	/* For IKEv1 RFC 3706 - Dead Peer Detection */
>  	deltatime_t dpd_delay;
> diff --git a/lib/libipsecconf/confread.c b/lib/libipsecconf/confread.c
> index da2c11f28..2544351a9 100644
> --- a/lib/libipsecconf/confread.c
> +++ b/lib/libipsecconf/confread.c
> @@ -150,7 +150,7 @@ void ipsecconf_default_values(struct starter_config *cfg)
>  		POLICY_IKE_FRAG_ALLOW |      /* ike_frag=yes */
>  		POLICY_ESN_NO;      /* esn=no */
>  
> -	cfg->conn_default.options[KBF_NIC_OFFLOAD] = FALSE;
> +	cfg->conn_default.options[KBF_NIC_OFFLOAD] = nic_offload_auto;
>  	cfg->conn_default.options[KBF_IKELIFETIME] = IKE_SA_LIFETIME_DEFAULT;
>  
>  	cfg->conn_default.options[KBF_REPLAY_WINDOW] = IPSEC_SA_DEFAULT_REPLAY_WINDOW;
> diff --git a/lib/libipsecconf/keywords.c b/lib/libipsecconf/keywords.c
> index a2f554f96..23ab2e036 100644
> --- a/lib/libipsecconf/keywords.c
> +++ b/lib/libipsecconf/keywords.c
> @@ -389,6 +389,12 @@ static const struct keyword_enum_value kw_ocsp_method_values[] = {
>  };
>  static const struct keyword_enum_values kw_ocsp_method_list = VALUES_INITIALIZER(kw_ocsp_method_values);
>  
> +static const struct keyword_enum_value kw_nic_offload_values[] = {
> +	{ "no",   nic_offload_no  },
> +	{ "yes",  nic_offload_yes },
> +	{ "auto",    nic_offload_auto },
> +};
> +static const struct keyword_enum_values kw_nic_offload_list = VALUES_INITIALIZER(kw_nic_offload_values);
>  
>  /* MASTER KEYWORD LIST
>   * Note: this table is terminated by an entry with keyname == NULL.
> @@ -610,7 +616,7 @@ const struct keyword_def ipsec_conf_keywords_v2[] = {
>    { "modecfgwins1",  kv_conn,  kt_obsolete,  KBF_WARNIGNORE,  NOT_ENUM },
>    { "modecfgwins2",  kv_conn,  kt_obsolete,  KBF_WARNIGNORE,  NOT_ENUM },
>  
> -  { "nic-offload",  kv_conn,  kt_bool,  KBF_NIC_OFFLOAD,  NOT_ENUM },
> +  { "nic-offload",  kv_conn,  kt_enum,  KBF_NIC_OFFLOAD,  &kw_nic_offload_list },
>    { "encapsulation",  kv_conn,  kt_enum,  KBF_ENCAPS,  &kw_encaps_list },
>    { "forceencaps",  kv_conn, kt_obsolete, KBF_WARNIGNORE, NOT_ENUM },
>  
> diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
> index 7d7b9fa17..7cc5d5f40 100644
> --- a/programs/pluto/connections.c
> +++ b/programs/pluto/connections.c
> @@ -4108,12 +4108,13 @@ void show_one_connection(const struct connection *c)
>  		strcpy(markstr, "unset");
>  
>  	whack_log(RC_COMMENT,
> -		  "\"%s\"%s:   nflog-group: %s; mark: %s; vti-iface:%s; vti-routing:%s; vti-shared:%s;%s",
> +		  "\"%s\"%s:   nflog-group: %s; mark: %s; vti-iface:%s; vti-routing:%s; vti-shared:%s; nic-offload:%s",
>  		  c->name, instance, nflogstr, markstr,
>  		  c->vti_iface == NULL ? "unset" : c->vti_iface,
>  		  c->vti_routing ? "yes" : "no",
>  		  c->vti_shared ? "yes" : "no",
> -		  c->nic_offload ? " nic-offload:yes;" : ""
> +		  (c->nic_offload == nic_offload_auto) ? "auto" :
> +		  (c->nic_offload == nic_offload_yes) ? "yes" : "no"
>  	);
>  
>  	{
> diff --git a/programs/pluto/connections.h b/programs/pluto/connections.h
> index d5fee13d9..7c10ce998 100644
> --- a/programs/pluto/connections.h
> +++ b/programs/pluto/connections.h
> @@ -242,7 +242,7 @@ struct connection {
>  	deltatime_t r_timeout; /* max time (in secs) for one packet exchange attempt */
>  	reqid_t sa_reqid;
>  	int encapsulation;
> -	bool nic_offload;
> +	enum nic_offload_options nic_offload;
>  
>  	/* RFC 3706 DPD */
>  	deltatime_t dpd_delay;		/* time between checks */
> diff --git a/programs/whack/whack.c b/programs/whack/whack.c
> index 9157fc6b5..86b845fae 100644
> --- a/programs/whack/whack.c
> +++ b/programs/whack/whack.c
> @@ -675,7 +675,7 @@ static const struct option long_opts[] = {
>  	{ "pfsgroup", required_argument, NULL, CD_PFSGROUP + OO },
>  	{ "esp", required_argument, NULL, CD_ESP + OO },
>  	{ "remote_peer_type", required_argument, NULL, CD_REMOTEPEERTYPE + OO },
> -	{ "nic-offload", no_argument, NULL, CD_NIC_OFFLOAD + OO},
> +	{ "nic-offload", required_argument, NULL, CD_NIC_OFFLOAD + OO},
>  
>  
>  	PS("ikev1-allow", IKEV1_ALLOW),
> @@ -945,7 +945,7 @@ int main(int argc, char **argv)
>  	msg.modecfg_domain = NULL;
>  	msg.modecfg_banner = NULL;
>  
> -	msg.nic_offload = FALSE;
> +	msg.nic_offload = nic_offload_auto;
>  	msg.sa_ike_life_seconds = deltatime(IKE_SA_LIFETIME_DEFAULT);
>  	msg.sa_ipsec_life_seconds = deltatime(IPSEC_SA_LIFETIME_DEFAULT);
>  	msg.sa_rekey_margin = deltatime(SA_REPLACEMENT_MARGIN_DEFAULT);
> @@ -1698,7 +1698,14 @@ int main(int argc, char **argv)
>  			continue;
>  
>  		case CD_NIC_OFFLOAD:  /* --nic-offload */
> -			msg.nic_offload = TRUE;
> +			if (streq(optarg, "no"))
> +				msg.nic_offload = nic_offload_no;
> +			else if (streq(optarg, "yes"))
> +				msg.nic_offload = nic_offload_yes;
> +			else if (streq(optarg, "auto"))
> +				msg.nic_offload = nic_offload_auto;
> +			else
> +				diag("--nic_offload options are 'no', 'yes' or 'auto'");

the last line diag should be "--nic-offload" ?

>  			continue;
>  
>  		case CD_NO_NAT_KEEPALIVE:	/* --no-nat_keepalive */
> -- 
> 2.11.0
>

More information about the Swan-dev mailing list