Commit 505c500c authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Jakub Kicinski
Browse files

ixgbe: fill IPsec state validation failure reason 



Rely on extack to return failure reason.

Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent c068ec5c

drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c

+10 −11
Original line number Diff line number Diff line
@@ -572,23 +572,22 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, 
	int i;



	if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {

		netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",

			   xs->id.proto);

		NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for ipsec offload");

		return -EINVAL;

	}



	if (xs->props.mode != XFRM_MODE_TRANSPORT) {

		netdev_err(dev, "Unsupported mode for ipsec offload\n");

		NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for ipsec offload");

		return -EINVAL;

	}



	if (ixgbe_ipsec_check_mgmt_ip(xs)) {

		netdev_err(dev, "IPsec IP addr clash with mgmt filters\n");

		NL_SET_ERR_MSG_MOD(extack, "IPsec IP addr clash with mgmt filters");

		return -EINVAL;

	}



	if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {

		netdev_err(dev, "Unsupported ipsec offload type\n");

		NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type");

		return -EINVAL;

	}
@@ -596,14 +595,14 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, 
		struct rx_sa rsa;



		if (xs->calg) {

			netdev_err(dev, "Compression offload not supported\n");

			NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");

			return -EINVAL;

		}



		/* find the first unused index */

		ret = ixgbe_ipsec_find_empty_idx(ipsec, true);

		if (ret < 0) {

			netdev_err(dev, "No space for SA in Rx table!\n");

			NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx table!");

			return ret;

		}

		sa_idx = (u16)ret;
@@ -618,7 +617,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, 
		/* get the key and salt */

		ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);

		if (ret) {

			netdev_err(dev, "Failed to get key data for Rx SA table\n");

			NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Rx SA table");

			return ret;

		}
@@ -678,7 +677,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, 


		} else {

			/* no match and no empty slot */

			netdev_err(dev, "No space for SA in Rx IP SA table\n");

			NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx IP SA table");

			memset(&rsa, 0, sizeof(rsa));

			return -ENOSPC;

		}
@@ -713,7 +712,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, 
		/* find the first unused index */

		ret = ixgbe_ipsec_find_empty_idx(ipsec, false);

		if (ret < 0) {

			netdev_err(dev, "No space for SA in Tx table\n");

			NL_SET_ERR_MSG_MOD(extack, "No space for SA in Tx table");

			return ret;

		}

		sa_idx = (u16)ret;
@@ -727,7 +726,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, 


		ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);

		if (ret) {

			netdev_err(dev, "Failed to get key data for Tx SA table\n");

			NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");

			memset(&tsa, 0, sizeof(tsa));

			return ret;

		}