Commit 505c500c authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Jakub Kicinski

ixgbe: fill IPsec state validation failure reason

Rely on extack to return failure reason.
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent c068ec5c
...@@ -572,23 +572,22 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, ...@@ -572,23 +572,22 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
int i; int i;
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) { if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n", NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for ipsec offload");
xs->id.proto);
return -EINVAL; return -EINVAL;
} }
if (xs->props.mode != XFRM_MODE_TRANSPORT) { if (xs->props.mode != XFRM_MODE_TRANSPORT) {
netdev_err(dev, "Unsupported mode for ipsec offload\n"); NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for ipsec offload");
return -EINVAL; return -EINVAL;
} }
if (ixgbe_ipsec_check_mgmt_ip(xs)) { if (ixgbe_ipsec_check_mgmt_ip(xs)) {
netdev_err(dev, "IPsec IP addr clash with mgmt filters\n"); NL_SET_ERR_MSG_MOD(extack, "IPsec IP addr clash with mgmt filters");
return -EINVAL; return -EINVAL;
} }
if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) { if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
netdev_err(dev, "Unsupported ipsec offload type\n"); NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type");
return -EINVAL; return -EINVAL;
} }
...@@ -596,14 +595,14 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, ...@@ -596,14 +595,14 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
struct rx_sa rsa; struct rx_sa rsa;
if (xs->calg) { if (xs->calg) {
netdev_err(dev, "Compression offload not supported\n"); NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");
return -EINVAL; return -EINVAL;
} }
/* find the first unused index */ /* find the first unused index */
ret = ixgbe_ipsec_find_empty_idx(ipsec, true); ret = ixgbe_ipsec_find_empty_idx(ipsec, true);
if (ret < 0) { if (ret < 0) {
netdev_err(dev, "No space for SA in Rx table!\n"); NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx table!");
return ret; return ret;
} }
sa_idx = (u16)ret; sa_idx = (u16)ret;
...@@ -618,7 +617,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, ...@@ -618,7 +617,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
/* get the key and salt */ /* get the key and salt */
ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt); ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
if (ret) { if (ret) {
netdev_err(dev, "Failed to get key data for Rx SA table\n"); NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Rx SA table");
return ret; return ret;
} }
...@@ -678,7 +677,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, ...@@ -678,7 +677,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
} else { } else {
/* no match and no empty slot */ /* no match and no empty slot */
netdev_err(dev, "No space for SA in Rx IP SA table\n"); NL_SET_ERR_MSG_MOD(extack, "No space for SA in Rx IP SA table");
memset(&rsa, 0, sizeof(rsa)); memset(&rsa, 0, sizeof(rsa));
return -ENOSPC; return -ENOSPC;
} }
...@@ -713,7 +712,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, ...@@ -713,7 +712,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
/* find the first unused index */ /* find the first unused index */
ret = ixgbe_ipsec_find_empty_idx(ipsec, false); ret = ixgbe_ipsec_find_empty_idx(ipsec, false);
if (ret < 0) { if (ret < 0) {
netdev_err(dev, "No space for SA in Tx table\n"); NL_SET_ERR_MSG_MOD(extack, "No space for SA in Tx table");
return ret; return ret;
} }
sa_idx = (u16)ret; sa_idx = (u16)ret;
...@@ -727,7 +726,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, ...@@ -727,7 +726,7 @@ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt); ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
if (ret) { if (ret) {
netdev_err(dev, "Failed to get key data for Tx SA table\n"); NL_SET_ERR_MSG_MOD(extack, "Failed to get key data for Tx SA table");
memset(&tsa, 0, sizeof(tsa)); memset(&tsa, 0, sizeof(tsa));
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment