[linux-2.6-block.git] / drivers / net / ethernet / mellanox / mlx5 / core / en_accel / ipsec.h

/*
 * Copyright (c) 2017 Mellanox Technologies. All rights reserved.
 *
 * This software is available to you under a choice of one of two
 * licenses.  You may choose to be licensed under the terms of the GNU
 * General Public License (GPL) Version 2, available from the file
 * COPYING in the main directory of this source tree, or the
 * OpenIB.org BSD license below:
 *
 *     Redistribution and use in source and binary forms, with or
 *     without modification, are permitted provided that the following
 *     conditions are met:
 *
 *      - Redistributions of source code must retain the above
 *        copyright notice, this list of conditions and the following
 *        disclaimer.
 *
 *      - Redistributions in binary form must reproduce the above
 *        copyright notice, this list of conditions and the following
 *        disclaimer in the documentation and/or other materials
 *        provided with the distribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 *
 */

#ifndef __MLX5E_IPSEC_H__
#define __MLX5E_IPSEC_H__

#ifdef CONFIG_MLX5_EN_IPSEC

#include <linux/mlx5/device.h>
#include <net/xfrm.h>
#include <linux/idr.h>
#include "lib/aso.h"

#define MLX5E_IPSEC_SADB_RX_BITS 10
#define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L

struct aes_gcm_keymat {
	u64   seq_iv;

	u32   salt;
	u32   icv_len;

	u32   key_len;
	u32   aes_key[256 / 32];
};

struct mlx5_accel_esp_xfrm_attrs {
	u32   esn;
	u32   spi;
	u32   flags;
	struct aes_gcm_keymat aes_gcm;

	union {
		__be32 a4;
		__be32 a6[4];
	} saddr;

	union {
		__be32 a4;
		__be32 a6[4];
	} daddr;

	u8 dir : 2;
	u8 esn_overlap : 1;
	u8 esn_trigger : 1;
	u8 type : 2;
	u8 family;
	u32 replay_window;
};

enum mlx5_ipsec_cap {
	MLX5_IPSEC_CAP_CRYPTO		= 1 << 0,
	MLX5_IPSEC_CAP_ESN		= 1 << 1,
	MLX5_IPSEC_CAP_PACKET_OFFLOAD	= 1 << 2,
};

struct mlx5e_priv;

struct mlx5e_ipsec_sw_stats {
	atomic64_t ipsec_rx_drop_sp_alloc;
	atomic64_t ipsec_rx_drop_sadb_miss;
	atomic64_t ipsec_rx_drop_syndrome;
	atomic64_t ipsec_tx_drop_bundle;
	atomic64_t ipsec_tx_drop_no_state;
	atomic64_t ipsec_tx_drop_not_ip;
	atomic64_t ipsec_tx_drop_trailer;
};

struct mlx5e_ipsec_rx;
struct mlx5e_ipsec_tx;

struct mlx5e_ipsec_aso {
	u8 ctx[MLX5_ST_SZ_BYTES(ipsec_aso)];
	dma_addr_t dma_addr;
	struct mlx5_aso *aso;
};

struct mlx5e_ipsec {
	struct mlx5_core_dev *mdev;
	DECLARE_HASHTABLE(sadb_rx, MLX5E_IPSEC_SADB_RX_BITS);
	spinlock_t sadb_rx_lock; /* Protects sadb_rx */
	struct mlx5e_ipsec_sw_stats sw_stats;
	struct workqueue_struct *wq;
	struct mlx5e_flow_steering *fs;
	struct mlx5e_ipsec_rx *rx_ipv4;
	struct mlx5e_ipsec_rx *rx_ipv6;
	struct mlx5e_ipsec_tx *tx;
	struct mlx5e_ipsec_aso *aso;
};

struct mlx5e_ipsec_esn_state {
	u32 esn;
	u8 trigger: 1;
	u8 overlap: 1;
};

struct mlx5e_ipsec_rule {
	struct mlx5_flow_handle *rule;
	struct mlx5_modify_hdr *modify_hdr;
};

struct mlx5e_ipsec_modify_state_work {
	struct work_struct		work;
	struct mlx5_accel_esp_xfrm_attrs attrs;
};

struct mlx5e_ipsec_sa_entry {
	struct hlist_node hlist; /* Item in SADB_RX hashtable */
	struct mlx5e_ipsec_esn_state esn_state;
	unsigned int handle; /* Handle in SADB_RX */
	struct xfrm_state *x;
	struct mlx5e_ipsec *ipsec;
	struct mlx5_accel_esp_xfrm_attrs attrs;
	void (*set_iv_op)(struct sk_buff *skb, struct xfrm_state *x,
			  struct xfrm_offload *xo);
	u32 ipsec_obj_id;
	u32 enc_key_id;
	struct mlx5e_ipsec_rule ipsec_rule;
	struct mlx5e_ipsec_modify_state_work modify_work;
};

void mlx5e_ipsec_init(struct mlx5e_priv *priv);
void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv);
void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv);

struct xfrm_state *mlx5e_ipsec_sadb_rx_lookup(struct mlx5e_ipsec *dev,
					      unsigned int handle);

void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec);
int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec);
int mlx5e_accel_ipsec_fs_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry);
void mlx5e_accel_ipsec_fs_del_rule(struct mlx5e_ipsec_sa_entry *sa_entry);

int mlx5_ipsec_create_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry);
void mlx5_ipsec_free_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry);

u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev);

void mlx5_accel_esp_modify_xfrm(struct mlx5e_ipsec_sa_entry *sa_entry,
				const struct mlx5_accel_esp_xfrm_attrs *attrs);

int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec);
void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec);

static inline struct mlx5_core_dev *
mlx5e_ipsec_sa2dev(struct mlx5e_ipsec_sa_entry *sa_entry)
{
	return sa_entry->ipsec->mdev;
}
#else
static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv)
{
}

static inline void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv)
{
}

static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv)
{
}

static inline u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev)
{
	return 0;
}
#endif

#endif	/* __MLX5E_IPSEC_H__ */
Commit	Line	Data
547eede0 IT	1	/*
	2	* Copyright (c) 2017 Mellanox Technologies. All rights reserved.
	3	*
	4	* This software is available to you under a choice of one of two
	5	* licenses. You may choose to be licensed under the terms of the GNU
	6	* General Public License (GPL) Version 2, available from the file
	7	* COPYING in the main directory of this source tree, or the
	8	* OpenIB.org BSD license below:
	9	*
	10	* Redistribution and use in source and binary forms, with or
	11	* without modification, are permitted provided that the following
	12	* conditions are met:
	13	*
	14	* - Redistributions of source code must retain the above
	15	* copyright notice, this list of conditions and the following
	16	* disclaimer.
	17	*
	18	* - Redistributions in binary form must reproduce the above
	19	* copyright notice, this list of conditions and the following
	20	* disclaimer in the documentation and/or other materials
	21	* provided with the distribution.
	22	*
	23	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	24	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	25	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
	26	* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
	27	* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
	28	* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
	29	* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	30	* SOFTWARE.
	31	*
	32	*/
	33
	34	#ifndef __MLX5E_IPSEC_H__
	35	#define __MLX5E_IPSEC_H__
	36
	37	#ifdef CONFIG_MLX5_EN_IPSEC
	38
	39	#include <linux/mlx5/device.h>
	40	#include <net/xfrm.h>
	41	#include <linux/idr.h>
8518d05b	42	#include "lib/aso.h"
547eede0 IT	43
547eede0 IT	44	#define MLX5E_IPSEC_SADB_RX_BITS 10
cb010083 AY	45	#define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L
cb010083 AY	46
c6e3b421 LR	47	struct aes_gcm_keymat {
	48	u64 seq_iv;
	49
	50	u32 salt;
	51	u32 icv_len;
	52
	53	u32 key_len;
	54	u32 aes_key[256 / 32];
	55	};
	56
	57	struct mlx5_accel_esp_xfrm_attrs {
c6e3b421	58	u32 esn;
6cd2126a	59	u32 spi;
c6e3b421	60	u32 flags;
6cd2126a	61	struct aes_gcm_keymat aes_gcm;
c6e3b421 LR	62
	63	union {
	64	__be32 a4;
	65	__be32 a6[4];
	66	} saddr;
	67
	68	union {
	69	__be32 a4;
	70	__be32 a6[4];
	71	} daddr;
	72
e3840530 LR	73	u8 dir : 2;
	74	u8 esn_overlap : 1;
	75	u8 esn_trigger : 1;
8d15f364	76	u8 type : 2;
e3840530	77	u8 family;
cded6d80	78	u32 replay_window;
c6e3b421 LR	79	};
c6e3b421 LR	80
effbe267 LR	81	enum mlx5_ipsec_cap {
	82	MLX5_IPSEC_CAP_CRYPTO = 1 << 0,
	83	MLX5_IPSEC_CAP_ESN = 1 << 1,
59592cfd	84	MLX5_IPSEC_CAP_PACKET_OFFLOAD = 1 << 2,
c6e3b421 LR	85	};
c6e3b421 LR	86
547eede0 IT	87	struct mlx5e_priv;
547eede0 IT	88
899a59d3 IT	89	struct mlx5e_ipsec_sw_stats {
	90	atomic64_t ipsec_rx_drop_sp_alloc;
	91	atomic64_t ipsec_rx_drop_sadb_miss;
	92	atomic64_t ipsec_rx_drop_syndrome;
2ac9cfe7 IT	93	atomic64_t ipsec_tx_drop_bundle;
	94	atomic64_t ipsec_tx_drop_no_state;
	95	atomic64_t ipsec_tx_drop_not_ip;
	96	atomic64_t ipsec_tx_drop_trailer;
164f16f7 IT	97	};
164f16f7 IT	98
9e5286dc	99	struct mlx5e_ipsec_rx;
9b9d454d	100	struct mlx5e_ipsec_tx;
5e466345	101
8518d05b LR	102	struct mlx5e_ipsec_aso {
	103	u8 ctx[MLX5_ST_SZ_BYTES(ipsec_aso)];
	104	dma_addr_t dma_addr;
	105	struct mlx5_aso *aso;
8518d05b LR	106	};
8518d05b LR	107
547eede0	108	struct mlx5e_ipsec {
9af1968e	109	struct mlx5_core_dev *mdev;
547eede0	110	DECLARE_HASHTABLE(sadb_rx, MLX5E_IPSEC_SADB_RX_BITS);
501a9b23	111	spinlock_t sadb_rx_lock; /* Protects sadb_rx */
899a59d3	112	struct mlx5e_ipsec_sw_stats sw_stats;
cb010083	113	struct workqueue_struct *wq;
c7049ca6	114	struct mlx5e_flow_steering *fs;
9e5286dc LR	115	struct mlx5e_ipsec_rx *rx_ipv4;
	116	struct mlx5e_ipsec_rx *rx_ipv6;
	117	struct mlx5e_ipsec_tx *tx;
8518d05b	118	struct mlx5e_ipsec_aso *aso;
cb010083 AY	119	};
	120
	121	struct mlx5e_ipsec_esn_state {
	122	u32 esn;
	123	u8 trigger: 1;
	124	u8 overlap: 1;
	125	};
	126
5e466345 HN	127	struct mlx5e_ipsec_rule {
5e466345 HN	128	struct mlx5_flow_handle *rule;
384298c2	129	struct mlx5_modify_hdr *modify_hdr;
5e466345 HN	130	};
5e466345 HN	131
c674df97 LR	132	struct mlx5e_ipsec_modify_state_work {
	133	struct work_struct work;
	134	struct mlx5_accel_esp_xfrm_attrs attrs;
	135	};
	136
cb010083 AY	137	struct mlx5e_ipsec_sa_entry {
	138	struct hlist_node hlist; /* Item in SADB_RX hashtable */
	139	struct mlx5e_ipsec_esn_state esn_state;
	140	unsigned int handle; /* Handle in SADB_RX */
	141	struct xfrm_state *x;
	142	struct mlx5e_ipsec *ipsec;
b73e6728	143	struct mlx5_accel_esp_xfrm_attrs attrs;
cb010083 AY	144	void (set_iv_op)(struct sk_buff skb, struct xfrm_state *x,
cb010083 AY	145	struct xfrm_offload *xo);
5e466345	146	u32 ipsec_obj_id;
b73e6728	147	u32 enc_key_id;
5e466345	148	struct mlx5e_ipsec_rule ipsec_rule;
c674df97	149	struct mlx5e_ipsec_modify_state_work modify_work;
547eede0 IT	150	};
547eede0 IT	151
953d7715	152	void mlx5e_ipsec_init(struct mlx5e_priv *priv);
547eede0 IT	153	void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv);
	154	void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv);
	155
	156	struct xfrm_state mlx5e_ipsec_sadb_rx_lookup(struct mlx5e_ipsec dev,
	157	unsigned int handle);
	158
c6e3b421 LR	159	void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec);
c6e3b421 LR	160	int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec);
c7049ca6 LR	161	int mlx5e_accel_ipsec_fs_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry);
c7049ca6 LR	162	void mlx5e_accel_ipsec_fs_del_rule(struct mlx5e_ipsec_sa_entry *sa_entry);
c6e3b421	163
b73e6728 LR	164	int mlx5_ipsec_create_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry);
b73e6728 LR	165	void mlx5_ipsec_free_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry);
c6e3b421 LR	166
	167	u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev);
	168
b73e6728	169	void mlx5_accel_esp_modify_xfrm(struct mlx5e_ipsec_sa_entry *sa_entry,
c6e3b421	170	const struct mlx5_accel_esp_xfrm_attrs *attrs);
b73e6728	171
8518d05b LR	172	int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec);
	173	void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec);
	174
b73e6728 LR	175	static inline struct mlx5_core_dev *
	176	mlx5e_ipsec_sa2dev(struct mlx5e_ipsec_sa_entry *sa_entry)
	177	{
	178	return sa_entry->ipsec->mdev;
	179	}
547eede0	180	#else
953d7715	181	static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv)
547eede0	182	{
547eede0 IT	183	}
	184
	185	static inline void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv)
	186	{
	187	}
	188
	189	static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv)
	190	{
	191	}
	192
c6e3b421 LR	193	static inline u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev)
	194	{
	195	return 0;
	196	}
547eede0 IT	197	#endif
	198
	199	#endif /* __MLX5E_IPSEC_H__ */