mbox series

[v3,ipsec-next,0/4] Add support for RFC 9611 per cpu xfrm states.

Message ID 20241023105345.1376856-1-steffen.klassert@secunet.com (mailing list archive)
Headers show
Series Add support for RFC 9611 per cpu xfrm states. | expand

Message

Steffen Klassert Oct. 23, 2024, 10:53 a.m. UTC
This patchset implements the xfrm part of per cpu SAs as specified in
RFC 9611.

Patch 1 adds the cpu as a lookup key and config option to to generate
acquire messages for each cpu.

Patch 2 caches outbound states at the policy.

Patch 3 caches inbound states on a new percpu state cache.

Patch 4 restricts percpu SA attributes to specific netlink message types.

Please review and test.

---

Changes from v2:

- Rebase to ipsec-next

- Describe new xfrm_policy struct member state_cache_list

- Drop a missplaced semicolon

Changes from v1:

- Add compat layer attributes

- Fix a 'use always slowpath' condition

- Document get_cpu() usage

- Fix forgotten update of xfrm_expire_msgsize()

Thanks!

Comments

Antony Antony Oct. 23, 2024, 2:32 p.m. UTC | #1
Hi Steffen,

On Wed, Oct 23, 2024 at 12:53:41 +0200, Steffen Klassert wrote:
> This patchset implements the xfrm part of per cpu SAs as specified in
> RFC 9611.
> 
> Patch 1 adds the cpu as a lookup key and config option to to generate
> acquire messages for each cpu.
> 
> Patch 2 caches outbound states at the policy.
> 
> Patch 3 caches inbound states on a new percpu state cache.
> 
> Patch 4 restricts percpu SA attributes to specific netlink message types.
> 
> Please review and test.

Tested-by: Antony Antony <antony.antony@secunet.com>
 
Thanks,
-antony
Tobias Brunner Oct. 23, 2024, 3:49 p.m. UTC | #2
On 23.10.24 12:53, Steffen Klassert wrote:
> This patchset implements the xfrm part of per cpu SAs as specified in
> RFC 9611.
> 
> Patch 1 adds the cpu as a lookup key and config option to to generate
> acquire messages for each cpu.
> 
> Patch 2 caches outbound states at the policy.
> 
> Patch 3 caches inbound states on a new percpu state cache.
> 
> Patch 4 restricts percpu SA attributes to specific netlink message types.
> 
> Please review and test.

Tested-by: Tobias Brunner <tobias@strongswan.org>

Regards,
Tobias
Steffen Klassert Nov. 2, 2024, 11:47 a.m. UTC | #3
On Wed, Oct 23, 2024 at 12:53:41PM +0200, Steffen Klassert wrote:
> This patchset implements the xfrm part of per cpu SAs as specified in
> RFC 9611.
> 
> Patch 1 adds the cpu as a lookup key and config option to to generate
> acquire messages for each cpu.
> 
> Patch 2 caches outbound states at the policy.
> 
> Patch 3 caches inbound states on a new percpu state cache.
> 
> Patch 4 restricts percpu SA attributes to specific netlink message types.

This is now applied to ipsec-next, thanks to all reviewers and testers!