git: c4a0ee9b97bf - main - ipsec_offload: add handler for interface down events

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Tue, 20 Aug 2024 12:43:47 UTC 
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=c4a0ee9b97bfc7407366567aaa2c09313b3e6bd2

commit c4a0ee9b97bfc7407366567aaa2c09313b3e6bd2
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2024-08-08 11:43:28 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2024-08-20 12:42:12 +0000

    ipsec_offload: add handler for interface down events
    
    Remove all offloaded SAs and SPs on ifdown.
    
    Sponsored by:   NVIDIA networking
---
 sys/netipsec/ipsec_offload.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c
index 984134539d8b..4d81803f4be7 100644
--- a/sys/netipsec/ipsec_offload.c
+++ b/sys/netipsec/ipsec_offload.c
@@ -30,6 +30,7 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/ck.h>
+#include <sys/eventhandler.h>
 #include <sys/kernel.h>
 #include <sys/mbuf.h>
 #include <sys/pctrie.h>
@@ -138,6 +139,8 @@ PCTRIE_DEFINE(DRVSPI_SA, ifp_handle_sav, drv_spi,
     drvspi_sa_trie_alloc, drvspi_sa_trie_free);
 static struct pctrie drv_spi_pctrie;
 
+static eventhandler_tag ipsec_accel_ifdetach_event_tag;
+
 static void ipsec_accel_sa_newkey_impl(struct secasvar *sav);
 static int ipsec_accel_handle_sav(struct secasvar *sav, struct ifnet *ifp,
     u_int drv_spi, void *priv, uint32_t flags, struct ifp_handle_sav **ires);
@@ -154,6 +157,7 @@ static struct mbuf *ipsec_accel_key_setaccelif_impl(struct secasvar *sav);
 static void ipsec_accel_on_ifdown_impl(struct ifnet *ifp);
 static void ipsec_accel_drv_sa_lifetime_update_impl(struct secasvar *sav,
     if_t ifp, u_int drv_spi, uint64_t octets, uint64_t allocs);
+static void ipsec_accel_ifdetach_event(void *arg, struct ifnet *ifp);
 
 static void
 ipsec_accel_init(void *arg)
@@ -174,6 +178,9 @@ ipsec_accel_init(void *arg)
 	ipsec_accel_drv_sa_lifetime_update_p =
 	    ipsec_accel_drv_sa_lifetime_update_impl;
 	pctrie_init(&drv_spi_pctrie);
+	ipsec_accel_ifdetach_event_tag = EVENTHANDLER_REGISTER(
+	    ifnet_departure_event, ipsec_accel_ifdetach_event, NULL,
+	    EVENTHANDLER_PRI_ANY);
 }
 SYSINIT(ipsec_accel_init, SI_SUB_VNET_DONE, SI_ORDER_ANY,
     ipsec_accel_init, NULL);
@@ -181,6 +188,8 @@ SYSINIT(ipsec_accel_init, SI_SUB_VNET_DONE, SI_ORDER_ANY,
 static void
 ipsec_accel_fini(void *arg)
 {
+	EVENTHANDLER_DEREGISTER(ifnet_departure_event,
+	    ipsec_accel_ifdetach_event_tag);
 	ipsec_accel_sa_newkey_p = NULL;
 	ipsec_accel_forget_sav_p = NULL;
 	ipsec_accel_spdadd_p = NULL;
@@ -799,6 +808,14 @@ ipsec_accel_on_ifdown_impl(struct ifnet *ifp)
 	ipsec_accel_on_ifdown_sav(ifp);
 }
 
+static void
+ipsec_accel_ifdetach_event(void *arg __unused, struct ifnet *ifp)
+{
+	if ((ifp->if_flags & IFF_RENAMING) != 0)
+		return;
+	ipsec_accel_on_ifdown_impl(ifp);
+}
+
 static bool
 ipsec_accel_output_pad(struct mbuf *m, struct secasvar *sav, int skip, int mtu)
 {