The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=e6e2c0a5ef5d0454b19d2f89357b431eaeb1dd76
commit e6e2c0a5ef5d0454b19d2f89357b431eaeb1dd76 Author: Konstantin Belousov <[email protected]> AuthorDate: 2024-03-06 15:53:10 +0000 Commit: Konstantin Belousov <[email protected]> CommitDate: 2024-07-12 04:27:59 +0000 ipsec_offload: switch TF2_IPSEC_TSO on/off as appropriate on output after the interface ipsec_accel method if_hwassist() is consulted. Sponsored by: NVIDIA networking --- sys/netipsec/ipsec_offload.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c index 7f63a5e0ccb6..48082830b88b 100644 --- a/sys/netipsec/ipsec_offload.c +++ b/sys/netipsec/ipsec_offload.c @@ -47,6 +47,7 @@ #include <netinet/ip6.h> #include <netinet6/ip6_var.h> #include <netinet/in_pcb.h> +#include <netinet/tcp_var.h> #include <netipsec/key.h> #include <netipsec/keydb.h> @@ -803,26 +804,31 @@ ipsec_accel_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp, { struct ifp_handle_sav *i; struct ip *ip; + struct tcpcb *tp; u_long ip_len, skip; + bool res; *hwassist = 0; + res = false; if (ifp == NULL) - return (false); + return (res); M_ASSERTPKTHDR(m); NET_EPOCH_ASSERT(); - if (sav == NULL) - return (ipsec_accel_output_tag(m, IPSEC_ACCEL_DRV_SPI_BYPASS)); + if (sav == NULL) { + res = ipsec_accel_output_tag(m, IPSEC_ACCEL_DRV_SPI_BYPASS); + goto out; + } i = ipsec_accel_is_accel_sav_ptr(sav, ifp); if (i == NULL) - return (false); + goto out; if ((m->m_pkthdr.csum_flags & CSUM_TSO) == 0) { ip_len = m->m_pkthdr.len; if (ip_len + i->hdr_ext_size > mtu) - return (false); + goto out; switch (af) { case AF_INET: ip = mtod(m, struct ip *); @@ -835,11 +841,11 @@ ipsec_accel_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp, __unreachable(); } if (!ipsec_accel_output_pad(m, sav, skip, mtu)) - return (false); + goto out; } if (!ipsec_accel_output_tag(m, i->drv_spi)) - return (false); + goto out; ipsec_accel_sa_recordxfer(sav, m); key_freesav(&sav); @@ -848,7 +854,18 @@ ipsec_accel_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp, *hwassist = ifp->if_ipsec_accel_m->if_hwassist(ifp, sav, i->drv_spi, i->ifdata); - return (true); + res = true; +out: + if (inp != NULL && inp->inp_pcbinfo == &V_tcbinfo) { + INP_WLOCK_ASSERT(inp); + tp = (struct tcpcb *)inp; + if (res && (*hwassist & (CSUM_TSO | CSUM_IP6_TSO)) != 0) { + tp->t_flags2 |= TF2_IPSEC_TSO; + } else { + tp->t_flags2 &= ~TF2_IPSEC_TSO; + } + } + return (res); } struct ipsec_accel_in_tag *
