From 9b7a787d0da7db3127f6e04f8f8159632da50a36 Mon Sep 17 00:00:00 2001 From: Weilong Chen Date: Tue, 24 Dec 2013 09:43:46 +0800 Subject: [PATCH 01/15] xfrm: checkpatch errors with space This patch cleanup some space errors. Signed-off-by: Weilong Chen Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 10 +++++----- net/xfrm/xfrm_proc.c | 2 +- net/xfrm/xfrm_state.c | 10 +++++----- net/xfrm/xfrm_user.c | 4 ++-- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index a7487f34e813..8a2b9d8e1d58 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1286,7 +1286,7 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); xfrm_address_t tmp; - for (nx=0, i = 0; i < policy->xfrm_nr; i++) { + for (nx = 0, i = 0; i < policy->xfrm_nr; i++) { struct xfrm_state *x; xfrm_address_t *remote = daddr; xfrm_address_t *local = saddr; @@ -1326,7 +1326,7 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, return nx; fail: - for (nx--; nx>=0; nx--) + for (nx--; nx >= 0; nx--) xfrm_state_put(xfrm[nx]); return error; } @@ -1363,7 +1363,7 @@ xfrm_tmpl_resolve(struct xfrm_policy **pols, int npols, const struct flowi *fl, return cnx; fail: - for (cnx--; cnx>=0; cnx--) + for (cnx--; cnx >= 0; cnx--) xfrm_state_put(tpp[cnx]); return error; @@ -2332,7 +2332,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, if (skb->sp) { int i; - for (i=skb->sp->len-1; i>=0; i--) { + for (i = skb->sp->len-1; i >= 0; i--) { struct xfrm_state *x = skb->sp->xvec[i]; if (!xfrm_selector_match(&x->sel, &fl, family)) { XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH); @@ -2987,7 +2987,7 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp, audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str); - switch(sel->family) { + switch (sel->family) { case AF_INET: audit_log_format(audit_buf, " src=%pI4", &sel->saddr.a4); if (sel->prefixlen_s != 32) diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c index 80cd1e55b834..fc5abd0b456f 100644 --- a/net/xfrm/xfrm_proc.c +++ b/net/xfrm/xfrm_proc.c @@ -52,7 +52,7 @@ static int xfrm_statistics_seq_show(struct seq_file *seq, void *v) { struct net *net = seq->private; int i; - for (i=0; xfrm_mib_list[i].name; i++) + for (i = 0; xfrm_mib_list[i].name; i++) seq_printf(seq, "%-24s\t%lu\n", xfrm_mib_list[i].name, snmp_fold_field((void __percpu **) net->mib.xfrm_statistics, diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index a62c25ea3631..5fe79b42561d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -448,7 +448,7 @@ static enum hrtimer_restart xfrm_timer_handler(struct hrtimer * me) if (warn) km_state_expired(x, 0, 0); resched: - if (next != LONG_MAX){ + if (next != LONG_MAX) { tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL); } @@ -1348,7 +1348,7 @@ int xfrm_state_check_expire(struct xfrm_state *x) if (x->curlft.bytes >= x->lft.hard_byte_limit || x->curlft.packets >= x->lft.hard_packet_limit) { x->km.state = XFRM_STATE_EXPIRED; - tasklet_hrtimer_start(&x->mtimer, ktime_set(0,0), HRTIMER_MODE_REL); + tasklet_hrtimer_start(&x->mtimer, ktime_set(0, 0), HRTIMER_MODE_REL); return -EINVAL; } @@ -1542,7 +1542,7 @@ int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) x->id.spi = minspi; } else { u32 spi = 0; - for (h=0; hid.daddr, htonl(spi), x->id.proto, x->props.family); if (x0 == NULL) { @@ -2079,7 +2079,7 @@ static void xfrm_audit_helper_sainfo(struct xfrm_state *x, audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str); - switch(x->props.family) { + switch (x->props.family) { case AF_INET: audit_log_format(audit_buf, " src=%pI4 dst=%pI4", &x->props.saddr.a4, &x->id.daddr.a4); @@ -2109,7 +2109,7 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family, iph6 = ipv6_hdr(skb); audit_log_format(audit_buf, " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x", - &iph6->saddr,&iph6->daddr, + &iph6->saddr, &iph6->daddr, iph6->flow_lbl[0] & 0x0f, iph6->flow_lbl[1], iph6->flow_lbl[2]); diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 97681a390402..e50be4275c6c 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1731,11 +1731,11 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct return -EMSGSIZE; id = nlmsg_data(nlh); - memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); + memcpy(&id->sa_id.daddr, &x->id.daddr, sizeof(x->id.daddr)); id->sa_id.spi = x->id.spi; id->sa_id.family = x->props.family; id->sa_id.proto = x->id.proto; - memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); + memcpy(&id->saddr, &x->props.saddr, sizeof(x->props.saddr)); id->reqid = x->props.reqid; id->flags = c->data.aevent; From 3e94c2dcfd7ca297bd7e0a8d96be1e76dec711a3 Mon Sep 17 00:00:00 2001 From: Weilong Chen Date: Tue, 24 Dec 2013 09:43:47 +0800 Subject: [PATCH 02/15] xfrm: checkpatch errors with foo * bar This patch clean up some checkpatch errors like this: ERROR: "foo * bar" should be "foo *bar" ERROR: "(foo*)" should be "(foo *)" Signed-off-by: Weilong Chen Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_input.c | 6 +++--- net/xfrm/xfrm_policy.c | 12 ++++++------ net/xfrm/xfrm_state.c | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 88843996f935..6c7ac016ce3a 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -67,7 +67,7 @@ int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq) case IPPROTO_COMP: if (!pskb_may_pull(skb, sizeof(struct ip_comp_hdr))) return -EINVAL; - *spi = htonl(ntohs(*(__be16*)(skb_transport_header(skb) + 2))); + *spi = htonl(ntohs(*(__be16 *)(skb_transport_header(skb) + 2))); *seq = 0; return 0; default: @@ -77,8 +77,8 @@ int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq) if (!pskb_may_pull(skb, hlen)) return -EINVAL; - *spi = *(__be32*)(skb_transport_header(skb) + offset); - *seq = *(__be32*)(skb_transport_header(skb) + offset_seq); + *spi = *(__be32 *)(skb_transport_header(skb) + offset); + *seq = *(__be32 *)(skb_transport_header(skb) + offset_seq); return 0; } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 8a2b9d8e1d58..dc8bd1ba4b3e 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -171,7 +171,7 @@ static inline unsigned long make_jiffies(long secs) static void xfrm_policy_timer(unsigned long data) { - struct xfrm_policy *xp = (struct xfrm_policy*)data; + struct xfrm_policy *xp = (struct xfrm_policy *)data; unsigned long now = get_seconds(); long next = LONG_MAX; int warn = 0; @@ -1758,7 +1758,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, } xdst->num_pols = num_pols; - memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols); + memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols); xdst->policy_genid = atomic_read(&pols[0]->genid); return xdst; @@ -2027,7 +2027,7 @@ make_dummy_bundle: } xdst->num_pols = num_pols; xdst->num_xfrms = num_xfrms; - memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols); + memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols); dst_hold(&xdst->u.dst); return &xdst->flo; @@ -2136,7 +2136,7 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, num_pols = xdst->num_pols; num_xfrms = xdst->num_xfrms; - memcpy(pols, xdst->pols, sizeof(struct xfrm_policy*) * num_pols); + memcpy(pols, xdst->pols, sizeof(struct xfrm_policy *) * num_pols); route = xdst->route; } @@ -3064,8 +3064,8 @@ static bool xfrm_migrate_selector_match(const struct xfrm_selector *sel_cmp, return false; } -static struct xfrm_policy * xfrm_migrate_policy_find(const struct xfrm_selector *sel, - u8 dir, u8 type, struct net *net) +static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_selector *sel, + u8 dir, u8 type, struct net *net) { struct xfrm_policy *pol, *ret = NULL; struct hlist_head *chain; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 5fe79b42561d..9e6a4d6a9d8f 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -382,7 +382,7 @@ static inline unsigned long make_jiffies(long secs) return secs*HZ; } -static enum hrtimer_restart xfrm_timer_handler(struct hrtimer * me) +static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me) { struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer); struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer); @@ -1237,8 +1237,8 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n } EXPORT_SYMBOL(xfrm_migrate_state_find); -struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x, - struct xfrm_migrate *m) +struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, + struct xfrm_migrate *m) { struct xfrm_state *xc; int err; @@ -1630,7 +1630,7 @@ EXPORT_SYMBOL(xfrm_state_walk_done); static void xfrm_replay_timer_handler(unsigned long data) { - struct xfrm_state *x = (struct xfrm_state*)data; + struct xfrm_state *x = (struct xfrm_state *)data; spin_lock(&x->lock); From 02d0892f98a5f43c86a3ee9dc796e529557a9f80 Mon Sep 17 00:00:00 2001 From: Weilong Chen Date: Tue, 24 Dec 2013 09:43:48 +0800 Subject: [PATCH 03/15] xfrm: checkpatch erros with space prohibited Fix checkpatch error "space prohibited xxx". Signed-off-by: Weilong Chen Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 6 +++--- net/xfrm/xfrm_user.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index dc8bd1ba4b3e..fbc72b4570de 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1704,7 +1704,7 @@ static int xfrm_expand_policies(const struct flowi *fl, u16 family, xfrm_pols_put(pols, *num_pols); return PTR_ERR(pols[1]); } - (*num_pols) ++; + (*num_pols)++; (*num_xfrms) += pols[1]->xfrm_nr; } } @@ -2378,7 +2378,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, pol->curlft.use_time = get_seconds(); pols[0] = pol; - npols ++; + npols++; #ifdef CONFIG_XFRM_SUB_POLICY if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { pols[1] = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, @@ -2390,7 +2390,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, return 0; } pols[1]->curlft.use_time = get_seconds(); - npols ++; + npols++; } } #endif diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index e50be4275c6c..334856689b0d 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1824,7 +1824,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, struct net *net = sock_net(skb->sk); struct xfrm_state *x; struct km_event c; - int err = - EINVAL; + int err = -EINVAL; u32 mark = 0; struct xfrm_mark m; struct xfrm_aevent_id *p = nlmsg_data(nlh); From 42054569f9b0da4f9a6cc91709f1a80fa83cb453 Mon Sep 17 00:00:00 2001 From: Weilong Chen Date: Tue, 24 Dec 2013 09:43:49 +0800 Subject: [PATCH 04/15] xfrm: fix checkpatch error Fix that "else should follow close brace '}'". Signed-off-by: Weilong Chen Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index fbc72b4570de..b5c315e175a0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1316,9 +1316,9 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, error = (x->km.state == XFRM_STATE_ERROR ? -EINVAL : -EAGAIN); xfrm_state_put(x); - } - else if (error == -ESRCH) + } else if (error == -ESRCH) { error = -EAGAIN; + } if (!tmpl->optional) goto fail; From 2f3ea9a95c58fd0e4bed18a9c9dfe53739fee3b2 Mon Sep 17 00:00:00 2001 From: Weilong Chen Date: Tue, 24 Dec 2013 09:43:50 +0800 Subject: [PATCH 05/15] xfrm: checkpatch erros with inline keyword position Signed-off-by: Weilong Chen Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_policy.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index b5c315e175a0..fe8942bb8bbc 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1641,7 +1641,7 @@ free_dst: goto out; } -static int inline +static inline int xfrm_dst_alloc_copy(void **target, const void *src, int size) { if (!*target) { @@ -1653,7 +1653,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) return 0; } -static int inline +static inline int xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) { #ifdef CONFIG_XFRM_SUB_POLICY @@ -1665,7 +1665,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) #endif } -static int inline +static inline int xfrm_dst_update_origin(struct dst_entry *dst, const struct flowi *fl) { #ifdef CONFIG_XFRM_SUB_POLICY From 0af0a4136b456d3b337948c76a3d709a38d80d2c Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 3 Jan 2014 11:18:27 +0800 Subject: [PATCH 06/15] {pktgen, xfrm} Correct xfrm state lock usage when transforming xfrm_state lock protects its state, i.e., VALID/DEAD and statistics, not the transforming procedure, as both mode/type output functions are reentrant. Another issue is state lock can be used in BH context when state timer alarmed, after transformation in pktgen, update state statistics acquiring state lock should disabled BH context for a moment. Otherwise LOCKDEP critisize this: [ 62.354339] pktgen: Packet Generator for packet performance testing. Version: 2.74 [ 62.655444] [ 62.655448] ================================= [ 62.655451] [ INFO: inconsistent lock state ] [ 62.655455] 3.13.0-rc2+ #70 Not tainted [ 62.655457] --------------------------------- [ 62.655459] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. [ 62.655463] kpktgend_0/2764 [HC0[0]:SC0[0]:HE1:SE1] takes: [ 62.655466] (&(&x->lock)->rlock){+.?...}, at: [] pktgen_thread_worker+0x1796/0x1860 [pktgen] [ 62.655479] {IN-SOFTIRQ-W} state was registered at: [ 62.655484] [] __lock_acquire+0x62d/0x1d70 [ 62.655492] [] lock_acquire+0x97/0x130 [ 62.655498] [] _raw_spin_lock+0x36/0x70 [ 62.655505] [] xfrm_timer_handler+0x43/0x290 [ 62.655511] [] __tasklet_hrtimer_trampoline+0x17/0x40 [ 62.655519] [] tasklet_hi_action+0xd7/0xf0 [ 62.655523] [] __do_softirq+0xe6/0x2d0 [ 62.655526] [] irq_exit+0x96/0xc0 [ 62.655530] [] smp_apic_timer_interrupt+0x4a/0x60 [ 62.655537] [] apic_timer_interrupt+0x6f/0x80 [ 62.655541] [] arch_cpu_idle+0x26/0x30 [ 62.655547] [] cpu_startup_entry+0x88/0x2b0 [ 62.655552] [] rest_init+0xbc/0xd0 [ 62.655557] [] start_kernel+0x3c4/0x3d1 [ 62.655583] [] x86_64_start_reservations+0x2a/0x2c [ 62.655588] [] x86_64_start_kernel+0xf5/0xfc [ 62.655592] irq event stamp: 77 [ 62.655594] hardirqs last enabled at (77): [] vprintk_emit+0x1b2/0x520 [ 62.655597] hardirqs last disabled at (76): [] vprintk_emit+0x44/0x520 [ 62.655601] softirqs last enabled at (22): [] __do_softirq+0x177/0x2d0 [ 62.655605] softirqs last disabled at (15): [] irq_exit+0x96/0xc0 [ 62.655609] [ 62.655609] other info that might help us debug this: [ 62.655613] Possible unsafe locking scenario: [ 62.655613] [ 62.655616] CPU0 [ 62.655617] ---- [ 62.655618] lock(&(&x->lock)->rlock); [ 62.655622] [ 62.655623] lock(&(&x->lock)->rlock); [ 62.655626] [ 62.655626] *** DEADLOCK *** [ 62.655626] [ 62.655629] no locks held by kpktgend_0/2764. [ 62.655631] [ 62.655631] stack backtrace: [ 62.655636] CPU: 0 PID: 2764 Comm: kpktgend_0 Not tainted 3.13.0-rc2+ #70 [ 62.655638] Hardware name: innotek GmbH VirtualBox, BIOS VirtualBox 12/01/2006 [ 62.655642] ffffffff8216b7b0 ffff88001be43ab8 ffffffff8176af37 0000000000000007 [ 62.655652] ffff88001c8d4fc0 ffff88001be43b18 ffffffff81766d78 0000000000000000 [ 62.655663] ffff880000000001 ffff880000000001 ffffffff8101025f ffff88001be43b18 [ 62.655671] Call Trace: [ 62.655680] [] dump_stack+0x46/0x58 [ 62.655685] [] print_usage_bug+0x1f1/0x202 [ 62.655691] [] ? save_stack_trace+0x2f/0x50 [ 62.655696] [] mark_lock+0x28c/0x2f0 [ 62.655700] [] ? check_usage_forwards+0x150/0x150 [ 62.655704] [] __lock_acquire+0x68a/0x1d70 [ 62.655712] [] ? irq_work_queue+0x69/0xb0 [ 62.655717] [] ? vprintk_emit+0x1b2/0x520 [ 62.655722] [] ? trace_hardirqs_on_caller+0x105/0x1d0 [ 62.655730] [] ? pktgen_thread_worker+0x1796/0x1860 [pktgen] [ 62.655734] [] lock_acquire+0x97/0x130 [ 62.655741] [] ? pktgen_thread_worker+0x1796/0x1860 [pktgen] [ 62.655745] [] _raw_spin_lock+0x36/0x70 [ 62.655752] [] ? pktgen_thread_worker+0x1796/0x1860 [pktgen] [ 62.655758] [] pktgen_thread_worker+0x1796/0x1860 [pktgen] [ 62.655766] [] ? pktgen_thread_worker+0xb19/0x1860 [pktgen] [ 62.655771] [] ? trace_hardirqs_on+0xd/0x10 [ 62.655777] [] ? _raw_spin_unlock_irq+0x30/0x40 [ 62.655785] [] ? e1000_clean+0x9d0/0x9d0 [ 62.655791] [] ? __init_waitqueue_head+0x60/0x60 [ 62.655795] [] ? __init_waitqueue_head+0x60/0x60 [ 62.655800] [] ? mod_cur_headers+0x7f0/0x7f0 [pktgen] [ 62.655806] [] kthread+0xe4/0x100 [ 62.655813] [] ? flush_kthread_worker+0x170/0x170 [ 62.655819] [] ret_from_fork+0x7c/0xb0 [ 62.655824] [] ? flush_kthread_worker+0x170/0x170 Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- net/core/pktgen.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/core/pktgen.c b/net/core/pktgen.c index a797fff7f222..b0075865d29b 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -2487,8 +2487,6 @@ static int pktgen_output_ipsec(struct sk_buff *skb, struct pktgen_dev *pkt_dev) if (x->props.mode != XFRM_MODE_TRANSPORT) return 0; - spin_lock(&x->lock); - err = x->outer_mode->output(x, skb); if (err) goto error; @@ -2496,10 +2494,11 @@ static int pktgen_output_ipsec(struct sk_buff *skb, struct pktgen_dev *pkt_dev) if (err) goto error; + spin_lock_bh(&x->lock); x->curlft.bytes += skb->len; x->curlft.packets++; + spin_unlock_bh(&x->lock); error: - spin_unlock(&x->lock); return err; } From 6de9ace4aeef861bf093c5e9b55dc65d1558d1b3 Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 3 Jan 2014 11:18:28 +0800 Subject: [PATCH 07/15] {pktgen, xfrm} Add statistics counting when transforming so /proc/net/xfrm_stat could give user clue about what's wrong in this process. Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- net/core/pktgen.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/net/core/pktgen.c b/net/core/pktgen.c index b0075865d29b..156d57b616ac 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -2479,6 +2479,7 @@ static int pktgen_output_ipsec(struct sk_buff *skb, struct pktgen_dev *pkt_dev) { struct xfrm_state *x = pkt_dev->flows[pkt_dev->curfl].x; int err = 0; + struct net *net = dev_net(pkt_dev->odev); if (!x) return 0; @@ -2488,12 +2489,15 @@ static int pktgen_output_ipsec(struct sk_buff *skb, struct pktgen_dev *pkt_dev) return 0; err = x->outer_mode->output(x, skb); - if (err) + if (err) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEMODEERROR); goto error; + } err = x->type->output(x, skb); - if (err) + if (err) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEPROTOERROR); goto error; - + } spin_lock_bh(&x->lock); x->curlft.bytes += skb->len; x->curlft.packets++; From 4ae770bf58ce6315e0f4a1bd4b7e574bdfa59ca9 Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 3 Jan 2014 11:18:29 +0800 Subject: [PATCH 08/15] {pktgen, xfrm} Correct xfrm_state_lock usage in xfrm_stateonly_find Acquiring xfrm_state_lock in process context is expected to turn BH off, as this lock is also used in BH context, namely xfrm state timer handler. Otherwise it surprises LOCKDEP with below messages. [ 81.422781] pktgen: Packet Generator for packet performance testing. Version: 2.74 [ 81.725194] [ 81.725211] ========================================================= [ 81.725212] [ INFO: possible irq lock inversion dependency detected ] [ 81.725215] 3.13.0-rc2+ #92 Not tainted [ 81.725216] --------------------------------------------------------- [ 81.725218] kpktgend_0/2780 just changed the state of lock: [ 81.725220] (xfrm_state_lock){+.+...}, at: [] xfrm_stateonly_find+0x41/0x1f0 [ 81.725231] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 81.725232] (&(&x->lock)->rlock){+.-...} [ 81.725232] [ 81.725232] and interrupts could create inverse lock ordering between them. [ 81.725232] [ 81.725235] [ 81.725235] other info that might help us debug this: [ 81.725237] Possible interrupt unsafe locking scenario: [ 81.725237] [ 81.725238] CPU0 CPU1 [ 81.725240] ---- ---- [ 81.725241] lock(xfrm_state_lock); [ 81.725243] local_irq_disable(); [ 81.725244] lock(&(&x->lock)->rlock); [ 81.725246] lock(xfrm_state_lock); [ 81.725248] [ 81.725249] lock(&(&x->lock)->rlock); [ 81.725251] [ 81.725251] *** DEADLOCK *** [ 81.725251] [ 81.725254] no locks held by kpktgend_0/2780. [ 81.725255] [ 81.725255] the shortest dependencies between 2nd lock and 1st lock: [ 81.725269] -> (&(&x->lock)->rlock){+.-...} ops: 8 { [ 81.725274] HARDIRQ-ON-W at: [ 81.725276] [] __lock_acquire+0x65b/0x1d70 [ 81.725282] [] lock_acquire+0x97/0x130 [ 81.725284] [] _raw_spin_lock+0x36/0x70 [ 81.725289] [] xfrm_timer_handler+0x43/0x290 [ 81.725292] [] __tasklet_hrtimer_trampoline+0x17/0x40 [ 81.725300] [] tasklet_hi_action+0xd7/0xf0 [ 81.725303] [] __do_softirq+0xe6/0x2d0 [ 81.725305] [] irq_exit+0x96/0xc0 [ 81.725308] [] smp_apic_timer_interrupt+0x4a/0x60 [ 81.725313] [] apic_timer_interrupt+0x6f/0x80 [ 81.725316] [] arch_cpu_idle+0x26/0x30 [ 81.725329] [] cpu_startup_entry+0x88/0x2b0 [ 81.725333] [] start_secondary+0x190/0x1f0 [ 81.725338] IN-SOFTIRQ-W at: [ 81.725340] [] __lock_acquire+0x62d/0x1d70 [ 81.725342] [] lock_acquire+0x97/0x130 [ 81.725344] [] _raw_spin_lock+0x36/0x70 [ 81.725347] [] xfrm_timer_handler+0x43/0x290 [ 81.725349] [] __tasklet_hrtimer_trampoline+0x17/0x40 [ 81.725352] [] tasklet_hi_action+0xd7/0xf0 [ 81.725355] [] __do_softirq+0xe6/0x2d0 [ 81.725358] [] irq_exit+0x96/0xc0 [ 81.725360] [] smp_apic_timer_interrupt+0x4a/0x60 [ 81.725363] [] apic_timer_interrupt+0x6f/0x80 [ 81.725365] [] arch_cpu_idle+0x26/0x30 [ 81.725368] [] cpu_startup_entry+0x88/0x2b0 [ 81.725370] [] start_secondary+0x190/0x1f0 [ 81.725373] INITIAL USE at: [ 81.725375] [] __lock_acquire+0x32a/0x1d70 [ 81.725385] [] lock_acquire+0x97/0x130 [ 81.725388] [] _raw_spin_lock+0x36/0x70 [ 81.725390] [] xfrm_timer_handler+0x43/0x290 [ 81.725394] [] __tasklet_hrtimer_trampoline+0x17/0x40 [ 81.725398] [] tasklet_hi_action+0xd7/0xf0 [ 81.725401] [] __do_softirq+0xe6/0x2d0 [ 81.725404] [] irq_exit+0x96/0xc0 [ 81.725407] [] smp_apic_timer_interrupt+0x4a/0x60 [ 81.725409] [] apic_timer_interrupt+0x6f/0x80 [ 81.725412] [] arch_cpu_idle+0x26/0x30 [ 81.725415] [] cpu_startup_entry+0x88/0x2b0 [ 81.725417] [] start_secondary+0x190/0x1f0 [ 81.725420] } [ 81.725421] ... key at: [] __key.46349+0x0/0x8 [ 81.725445] ... acquired at: [ 81.725446] [] lock_acquire+0x97/0x130 [ 81.725449] [] _raw_spin_lock+0x36/0x70 [ 81.725452] [] __xfrm_state_delete+0x37/0x140 [ 81.725454] [] xfrm_state_delete+0x2c/0x50 [ 81.725456] [] xfrm_state_flush+0xc7/0x1b0 [ 81.725458] [] pfkey_flush+0x7c/0x100 [af_key] [ 81.725465] [] pfkey_process+0x1c7/0x1f0 [af_key] [ 81.725468] [] pfkey_sendmsg+0x159/0x260 [af_key] [ 81.725471] [] sock_sendmsg+0xaf/0xc0 [ 81.725476] [] SYSC_sendto+0xfc/0x130 [ 81.725479] [] SyS_sendto+0xe/0x10 [ 81.725482] [] system_call_fastpath+0x16/0x1b [ 81.725484] [ 81.725486] -> (xfrm_state_lock){+.+...} ops: 11 { [ 81.725490] HARDIRQ-ON-W at: [ 81.725493] [] __lock_acquire+0x65b/0x1d70 [ 81.725504] [] lock_acquire+0x97/0x130 [ 81.725507] [] _raw_spin_lock_bh+0x3b/0x70 [ 81.725510] [] xfrm_state_flush+0x2f/0x1b0 [ 81.725513] [] pfkey_flush+0x7c/0x100 [af_key] [ 81.725516] [] pfkey_process+0x1c7/0x1f0 [af_key] [ 81.725519] [] pfkey_sendmsg+0x159/0x260 [af_key] [ 81.725522] [] sock_sendmsg+0xaf/0xc0 [ 81.725525] [] SYSC_sendto+0xfc/0x130 [ 81.725527] [] SyS_sendto+0xe/0x10 [ 81.725530] [] system_call_fastpath+0x16/0x1b [ 81.725533] SOFTIRQ-ON-W at: [ 81.725534] [] __lock_acquire+0x68a/0x1d70 [ 81.725537] [] lock_acquire+0x97/0x130 [ 81.725539] [] _raw_spin_lock+0x36/0x70 [ 81.725541] [] xfrm_stateonly_find+0x41/0x1f0 [ 81.725544] [] mod_cur_headers+0x793/0x7f0 [pktgen] [ 81.725547] [] pktgen_thread_worker+0xd42/0x1880 [pktgen] [ 81.725550] [] kthread+0xe4/0x100 [ 81.725555] [] ret_from_fork+0x7c/0xb0 [ 81.725565] INITIAL USE at: [ 81.725567] [] __lock_acquire+0x32a/0x1d70 [ 81.725569] [] lock_acquire+0x97/0x130 [ 81.725572] [] _raw_spin_lock_bh+0x3b/0x70 [ 81.725574] [] xfrm_state_flush+0x2f/0x1b0 [ 81.725576] [] pfkey_flush+0x7c/0x100 [af_key] [ 81.725580] [] pfkey_process+0x1c7/0x1f0 [af_key] [ 81.725583] [] pfkey_sendmsg+0x159/0x260 [af_key] [ 81.725586] [] sock_sendmsg+0xaf/0xc0 [ 81.725589] [] SYSC_sendto+0xfc/0x130 [ 81.725594] [] SyS_sendto+0xe/0x10 [ 81.725597] [] system_call_fastpath+0x16/0x1b [ 81.725599] } [ 81.725600] ... key at: [] xfrm_state_lock+0x18/0x50 [ 81.725606] ... acquired at: [ 81.725607] [] check_usage_backwards+0x110/0x150 [ 81.725609] [] mark_lock+0x196/0x2f0 [ 81.725611] [] __lock_acquire+0x68a/0x1d70 [ 81.725614] [] lock_acquire+0x97/0x130 [ 81.725616] [] _raw_spin_lock+0x36/0x70 [ 81.725627] [] xfrm_stateonly_find+0x41/0x1f0 [ 81.725629] [] mod_cur_headers+0x793/0x7f0 [pktgen] [ 81.725632] [] pktgen_thread_worker+0xd42/0x1880 [pktgen] [ 81.725635] [] kthread+0xe4/0x100 [ 81.725637] [] ret_from_fork+0x7c/0xb0 [ 81.725640] [ 81.725641] [ 81.725641] stack backtrace: [ 81.725645] CPU: 0 PID: 2780 Comm: kpktgend_0 Not tainted 3.13.0-rc2+ #92 [ 81.725647] Hardware name: innotek GmbH VirtualBox, BIOS VirtualBox 12/01/2006 [ 81.725649] ffffffff82537b80 ffff880018199988 ffffffff8176af37 0000000000000007 [ 81.725652] ffff8800181999f0 ffff8800181999d8 ffffffff81099358 ffffffff82537b80 [ 81.725655] ffffffff81a32def ffff8800181999f4 0000000000000000 ffff880002cbeaa8 [ 81.725659] Call Trace: [ 81.725664] [] dump_stack+0x46/0x58 [ 81.725667] [] print_irq_inversion_bug.part.42+0x1e8/0x1f0 [ 81.725670] [] check_usage_backwards+0x110/0x150 [ 81.725672] [] mark_lock+0x196/0x2f0 [ 81.725675] [] ? check_usage_forwards+0x150/0x150 [ 81.725685] [] __lock_acquire+0x68a/0x1d70 [ 81.725691] [] ? sched_clock_local+0x25/0x90 [ 81.725694] [] ? sched_clock_cpu+0xa8/0x120 [ 81.725697] [] ? __lock_acquire+0x32a/0x1d70 [ 81.725699] [] ? xfrm_stateonly_find+0x41/0x1f0 [ 81.725702] [] lock_acquire+0x97/0x130 [ 81.725704] [] ? xfrm_stateonly_find+0x41/0x1f0 [ 81.725707] [] ? sched_clock_local+0x25/0x90 [ 81.725710] [] _raw_spin_lock+0x36/0x70 [ 81.725712] [] ? xfrm_stateonly_find+0x41/0x1f0 [ 81.725715] [] ? lock_release_holdtime.part.26+0x1c/0x1a0 [ 81.725717] [] xfrm_stateonly_find+0x41/0x1f0 [ 81.725721] [] mod_cur_headers+0x793/0x7f0 [pktgen] [ 81.725724] [] pktgen_thread_worker+0xd42/0x1880 [pktgen] [ 81.725727] [] ? pktgen_thread_worker+0xb11/0x1880 [pktgen] [ 81.725729] [] ? trace_hardirqs_on+0xd/0x10 [ 81.725733] [] ? _raw_spin_unlock_irq+0x30/0x40 [ 81.725745] [] ? e1000_clean+0x9d0/0x9d0 [ 81.725751] [] ? __init_waitqueue_head+0x60/0x60 [ 81.725753] [] ? __init_waitqueue_head+0x60/0x60 [ 81.725757] [] ? mod_cur_headers+0x7f0/0x7f0 [pktgen] [ 81.725759] [] kthread+0xe4/0x100 [ 81.725762] [] ? flush_kthread_worker+0x170/0x170 [ 81.725765] [] ret_from_fork+0x7c/0xb0 [ 81.725768] [] ? flush_kthread_worker+0x170/0x170 Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_state.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 9e6a4d6a9d8f..300744094ad8 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -890,7 +890,7 @@ xfrm_stateonly_find(struct net *net, u32 mark, unsigned int h; struct xfrm_state *rx = NULL, *x = NULL; - spin_lock(&net->xfrm.xfrm_state_lock); + spin_lock_bh(&net->xfrm.xfrm_state_lock); h = xfrm_dst_hash(net, daddr, saddr, reqid, family); hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { if (x->props.family == family && @@ -908,7 +908,7 @@ xfrm_stateonly_find(struct net *net, u32 mark, if (rx) xfrm_state_hold(rx); - spin_unlock(&net->xfrm.xfrm_state_lock); + spin_unlock_bh(&net->xfrm.xfrm_state_lock); return rx; From de4aee7d69f2957c808572f2d5b5fc808ebe212a Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 3 Jan 2014 11:18:30 +0800 Subject: [PATCH 09/15] {pktgen, xfrm} Using "pgset spi xxx" to spedifiy SA for a given flow User could set specific SPI value to arm pktgen flow with IPsec transformation, instead of looking up SA by sadr/daddr. The reaseon to do so is because current state lookup scheme is both slow and, most important of all, in fact pktgen doesn't need to match any SA state addresses information, all it needs is the SA transfromation shell to do the encapuslation. And this option also provide user an alternative to using pktgen test existing SA without creating new ones. Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- net/core/pktgen.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/core/pktgen.c b/net/core/pktgen.c index 156d57b616ac..8bc4ddd375a9 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -389,6 +389,7 @@ struct pktgen_dev { #ifdef CONFIG_XFRM __u8 ipsmode; /* IPSEC mode (config) */ __u8 ipsproto; /* IPSEC type (config) */ + __u32 spi; #endif char result[512]; }; @@ -1477,6 +1478,17 @@ static ssize_t pktgen_if_write(struct file *file, return count; } + if (!strcmp(name, "spi")) { + len = num_arg(&user_buffer[i], 10, &value); + if (len < 0) + return len; + + i += len; + pkt_dev->spi = value; + sprintf(pg_result, "OK: spi=%u", pkt_dev->spi); + return count; + } + if (!strcmp(name, "flowlen")) { len = num_arg(&user_buffer[i], 10, &value); if (len < 0) From cf93d47ed4489cc349678f397290b3ecba868a3b Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 3 Jan 2014 11:18:31 +0800 Subject: [PATCH 10/15] {pktgen, xfrm} Construct skb dst for tunnel mode transformation IPsec tunnel mode encapuslation needs to set outter ip header with right protocol/ttl/id value with regard to skb->dst->child. Looking up a rt in a standard way is absolutely wrong for every packet transmission. In a simple way, construct a dst by setting neccessary information to make tunnel mode encapuslation working. Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- net/core/pktgen.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/net/core/pktgen.c b/net/core/pktgen.c index 8bc4ddd375a9..628f7c572c6e 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -390,6 +390,8 @@ struct pktgen_dev { __u8 ipsmode; /* IPSEC mode (config) */ __u8 ipsproto; /* IPSEC type (config) */ __u32 spi; + struct dst_entry dst; + struct dst_ops dstops; #endif char result[512]; }; @@ -2487,6 +2489,11 @@ static void mod_cur_headers(struct pktgen_dev *pkt_dev) #ifdef CONFIG_XFRM +u32 pktgen_dst_metrics[RTAX_MAX + 1] = { + + [RTAX_HOPLIMIT] = 0x5, /* Set a static hoplimit */ +}; + static int pktgen_output_ipsec(struct sk_buff *skb, struct pktgen_dev *pkt_dev) { struct xfrm_state *x = pkt_dev->flows[pkt_dev->curfl].x; @@ -2497,10 +2504,18 @@ static int pktgen_output_ipsec(struct sk_buff *skb, struct pktgen_dev *pkt_dev) return 0; /* XXX: we dont support tunnel mode for now until * we resolve the dst issue */ - if (x->props.mode != XFRM_MODE_TRANSPORT) + if ((x->props.mode != XFRM_MODE_TRANSPORT) && (pkt_dev->spi == 0)) return 0; + /* But when user specify an valid SPI, transformation + * supports both transport/tunnel mode + ESP/AH type. + */ + if ((x->props.mode == XFRM_MODE_TUNNEL) && (pkt_dev->spi != 0)) + skb->_skb_refdst = (unsigned long)&pkt_dev->dst | SKB_DST_NOREF; + + rcu_read_lock_bh(); err = x->outer_mode->output(x, skb); + rcu_read_unlock_bh(); if (err) { XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEMODEERROR); goto error; @@ -3557,6 +3572,17 @@ static int pktgen_add_device(struct pktgen_thread *t, const char *ifname) #ifdef CONFIG_XFRM pkt_dev->ipsmode = XFRM_MODE_TRANSPORT; pkt_dev->ipsproto = IPPROTO_ESP; + + /* xfrm tunnel mode needs additional dst to extract outter + * ip header protocol/ttl/id field, here creat a phony one. + * instead of looking for a valid rt, which definitely hurting + * performance under such circumstance. + */ + pkt_dev->dstops.family = AF_INET; + pkt_dev->dst.dev = pkt_dev->odev; + dst_init_metrics(&pkt_dev->dst, pktgen_dst_metrics, false); + pkt_dev->dst.child = &pkt_dev->dst; + pkt_dev->dst.ops = &pkt_dev->dstops; #endif return add_dev_to_thread(t, pkt_dev); From c454997e68eb013510ba128283ad3b4aefeff630 Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 3 Jan 2014 11:18:32 +0800 Subject: [PATCH 11/15] {pktgen, xfrm} Introduce xfrm_state_lookup_byspi for pktgen Introduce xfrm_state_lookup_byspi to find user specified by custom from "pgset spi xxx". Using this scheme, any flow regardless its saddr/daddr could be transform by SA specified with configurable spi. Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- include/net/xfrm.h | 2 ++ net/core/pktgen.c | 22 +++++++++++++++------- net/xfrm/xfrm_state.c | 22 ++++++++++++++++++++++ 3 files changed, 39 insertions(+), 7 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index b7635ef4d436..cd7c46ff6f1f 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1421,6 +1421,8 @@ struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, xfrm_address_t *saddr, unsigned short family, u8 mode, u8 proto, u32 reqid); +struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, + unsigned short family); int xfrm_state_check_expire(struct xfrm_state *x); void xfrm_state_insert(struct xfrm_state *x); int xfrm_state_add(struct xfrm_state *x); diff --git a/net/core/pktgen.c b/net/core/pktgen.c index 628f7c572c6e..b553c36ea0ca 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -2247,13 +2247,21 @@ static void get_ipsec_sa(struct pktgen_dev *pkt_dev, int flow) struct xfrm_state *x = pkt_dev->flows[flow].x; struct pktgen_net *pn = net_generic(dev_net(pkt_dev->odev), pg_net_id); if (!x) { - /*slow path: we dont already have xfrm_state*/ - x = xfrm_stateonly_find(pn->net, DUMMY_MARK, - (xfrm_address_t *)&pkt_dev->cur_daddr, - (xfrm_address_t *)&pkt_dev->cur_saddr, - AF_INET, - pkt_dev->ipsmode, - pkt_dev->ipsproto, 0); + + if (pkt_dev->spi) { + /* We need as quick as possible to find the right SA + * Searching with minimum criteria to archieve this. + */ + x = xfrm_state_lookup_byspi(pn->net, htonl(pkt_dev->spi), AF_INET); + } else { + /* slow path: we dont already have xfrm_state */ + x = xfrm_stateonly_find(pn->net, DUMMY_MARK, + (xfrm_address_t *)&pkt_dev->cur_daddr, + (xfrm_address_t *)&pkt_dev->cur_saddr, + AF_INET, + pkt_dev->ipsmode, + pkt_dev->ipsproto, 0); + } if (x) { pkt_dev->flows[flow].x = x; set_pkt_overhead(pkt_dev); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 300744094ad8..62181486ead8 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -915,6 +915,28 @@ xfrm_stateonly_find(struct net *net, u32 mark, } EXPORT_SYMBOL(xfrm_stateonly_find); +struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, + unsigned short family) +{ + struct xfrm_state *x; + struct xfrm_state_walk *w; + + spin_lock_bh(&net->xfrm.xfrm_state_lock); + list_for_each_entry(w, &net->xfrm.state_all, all) { + x = container_of(w, struct xfrm_state, km); + if (x->props.family != family || + x->id.spi != spi) + continue; + + spin_unlock_bh(&net->xfrm.xfrm_state_lock); + xfrm_state_hold(x); + return x; + } + spin_unlock_bh(&net->xfrm.xfrm_state_lock); + return NULL; +} +EXPORT_SYMBOL(xfrm_state_lookup_byspi); + static void __xfrm_state_insert(struct xfrm_state *x) { struct net *net = xs_net(x); From 8101328b798471d41504b75135788c14dc8705ee Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 3 Jan 2014 11:18:33 +0800 Subject: [PATCH 12/15] {pktgen, xfrm} Show spi value properly when ipsec turned on If user run pktgen plus ipsec by using spi, show spi value properly when cat /proc/net/pktgen/ethX Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- net/core/pktgen.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/core/pktgen.c b/net/core/pktgen.c index b553c36ea0ca..45ba476a7e17 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -657,8 +657,11 @@ static int pktgen_if_show(struct seq_file *seq, void *v) } #ifdef CONFIG_XFRM - if (pkt_dev->flags & F_IPSEC_ON) + if (pkt_dev->flags & F_IPSEC_ON) { seq_printf(seq, "IPSEC "); + if (pkt_dev->spi) + seq_printf(seq, "spi:%u", pkt_dev->spi); + } #endif if (pkt_dev->flags & F_MACSRC_RND) From e5f79d111fd4827b44583dc4168957561166565a Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 3 Jan 2014 11:18:34 +0800 Subject: [PATCH 13/15] {pktgen, xfrm} Document IPsec usage in pktgen.txt Update pktgen.txt for reference when using IPsec. Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- Documentation/networking/pktgen.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Documentation/networking/pktgen.txt b/Documentation/networking/pktgen.txt index 75e4fd708ccb..5a61a240a652 100644 --- a/Documentation/networking/pktgen.txt +++ b/Documentation/networking/pktgen.txt @@ -108,7 +108,9 @@ Examples: MPLS_RND, VID_RND, SVID_RND QUEUE_MAP_RND # queue map random QUEUE_MAP_CPU # queue map mirrors smp_processor_id() + IPSEC # Make IPsec encapsulation for packet + pgset spi SPI_VALUE Set specific SA used to transform packet. pgset "udp_src_min 9" set UDP source port min, If < udp_src_max, then cycle through the port range. @@ -177,6 +179,18 @@ Note when adding devices to a specific CPU there good idea to also assign /proc/irq/XX/smp_affinity so the TX-interrupts gets bound to the same CPU. as this reduces cache bouncing when freeing skb's. +Enable IPsec +============ +Default IPsec transformation with ESP encapsulation plus Transport mode +could be enabled by simply setting: + +pgset "flag IPSEC" +pgset "flows 1" + +To avoid breaking existing testbed scripts for using AH type and tunnel mode, +user could use "pgset spi SPI_VALUE" to specify which formal of transformation +to employ. + Current commands and configuration options ========================================== @@ -225,6 +239,7 @@ flag UDPDST_RND MACSRC_RND MACDST_RND + IPSEC dst_min dst_max From 5537a0557c26b1005a8f6e59125bfe3f4e51226a Mon Sep 17 00:00:00 2001 From: Fengguang Wu Date: Mon, 6 Jan 2014 11:00:07 +0100 Subject: [PATCH 14/15] pktgen_dst_metrics[] can be static CC: Fan Du CC: Steffen Klassert Signed-off-by: Fengguang Wu Signed-off-by: Steffen Klassert --- net/core/pktgen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/pktgen.c b/net/core/pktgen.c index 45ba476a7e17..a37ec53c554c 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -2500,7 +2500,7 @@ static void mod_cur_headers(struct pktgen_dev *pkt_dev) #ifdef CONFIG_XFRM -u32 pktgen_dst_metrics[RTAX_MAX + 1] = { +static u32 pktgen_dst_metrics[RTAX_MAX + 1] = { [RTAX_HOPLIMIT] = 0x5, /* Set a static hoplimit */ }; From 6bae919003602729d6f5920315bf71ca78bd9e48 Mon Sep 17 00:00:00 2001 From: Fan Du Date: Fri, 10 Jan 2014 14:39:13 +0800 Subject: [PATCH 15/15] {xfrm,pktgen} Fix compiling error when CONFIG_XFRM is not set 0-DAY kernel build testing backend reported below error: All error/warnings: net/core/pktgen.c: In function 'pktgen_if_write': >> >> net/core/pktgen.c:1487:10: error: 'struct pktgen_dev' has no member named 'spi' >> >> net/core/pktgen.c:1488:43: error: 'struct pktgen_dev' has no member named 'spi' Fix this by encapuslating the code with CONFIG_XFRM. Cc: Fengguang Wu Signed-off-by: Fan Du Signed-off-by: Steffen Klassert --- net/core/pktgen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/core/pktgen.c b/net/core/pktgen.c index a37ec53c554c..fa3e128eb5e9 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -1482,7 +1482,7 @@ static ssize_t pktgen_if_write(struct file *file, sprintf(pg_result, "OK: flows=%u", pkt_dev->cflows); return count; } - +#ifdef CONFIG_XFRM if (!strcmp(name, "spi")) { len = num_arg(&user_buffer[i], 10, &value); if (len < 0) @@ -1493,7 +1493,7 @@ static ssize_t pktgen_if_write(struct file *file, sprintf(pg_result, "OK: spi=%u", pkt_dev->spi); return count; } - +#endif if (!strcmp(name, "flowlen")) { len = num_arg(&user_buffer[i], 10, &value); if (len < 0)