Commit | Line | Data |
---|---|---|
547eede0 IT |
1 | /* |
2 | * Copyright (c) 2017 Mellanox Technologies. All rights reserved. | |
3 | * | |
4 | * This software is available to you under a choice of one of two | |
5 | * licenses. You may choose to be licensed under the terms of the GNU | |
6 | * General Public License (GPL) Version 2, available from the file | |
7 | * COPYING in the main directory of this source tree, or the | |
8 | * OpenIB.org BSD license below: | |
9 | * | |
10 | * Redistribution and use in source and binary forms, with or | |
11 | * without modification, are permitted provided that the following | |
12 | * conditions are met: | |
13 | * | |
14 | * - Redistributions of source code must retain the above | |
15 | * copyright notice, this list of conditions and the following | |
16 | * disclaimer. | |
17 | * | |
18 | * - Redistributions in binary form must reproduce the above | |
19 | * copyright notice, this list of conditions and the following | |
20 | * disclaimer in the documentation and/or other materials | |
21 | * provided with the distribution. | |
22 | * | |
23 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | |
24 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | |
25 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | |
26 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS | |
27 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN | |
28 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | |
29 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
30 | * SOFTWARE. | |
31 | * | |
32 | */ | |
33 | ||
34 | #ifndef __MLX5E_IPSEC_H__ | |
35 | #define __MLX5E_IPSEC_H__ | |
36 | ||
37 | #ifdef CONFIG_MLX5_EN_IPSEC | |
38 | ||
39 | #include <linux/mlx5/device.h> | |
40 | #include <net/xfrm.h> | |
41 | #include <linux/idr.h> | |
8518d05b | 42 | #include "lib/aso.h" |
547eede0 IT |
43 | |
44 | #define MLX5E_IPSEC_SADB_RX_BITS 10 | |
cb010083 AY |
45 | #define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L |
46 | ||
c6e3b421 LR |
47 | struct aes_gcm_keymat { |
48 | u64 seq_iv; | |
49 | ||
50 | u32 salt; | |
51 | u32 icv_len; | |
52 | ||
53 | u32 key_len; | |
54 | u32 aes_key[256 / 32]; | |
55 | }; | |
56 | ||
57 | struct mlx5_accel_esp_xfrm_attrs { | |
c6e3b421 | 58 | u32 esn; |
6cd2126a | 59 | u32 spi; |
c6e3b421 | 60 | u32 flags; |
6cd2126a | 61 | struct aes_gcm_keymat aes_gcm; |
c6e3b421 LR |
62 | |
63 | union { | |
64 | __be32 a4; | |
65 | __be32 a6[4]; | |
66 | } saddr; | |
67 | ||
68 | union { | |
69 | __be32 a4; | |
70 | __be32 a6[4]; | |
71 | } daddr; | |
72 | ||
e3840530 LR |
73 | u8 dir : 2; |
74 | u8 esn_overlap : 1; | |
75 | u8 esn_trigger : 1; | |
8d15f364 | 76 | u8 type : 2; |
e3840530 | 77 | u8 family; |
cded6d80 | 78 | u32 replay_window; |
c6e3b421 LR |
79 | }; |
80 | ||
effbe267 LR |
81 | enum mlx5_ipsec_cap { |
82 | MLX5_IPSEC_CAP_CRYPTO = 1 << 0, | |
83 | MLX5_IPSEC_CAP_ESN = 1 << 1, | |
59592cfd | 84 | MLX5_IPSEC_CAP_PACKET_OFFLOAD = 1 << 2, |
c6e3b421 LR |
85 | }; |
86 | ||
547eede0 IT |
87 | struct mlx5e_priv; |
88 | ||
899a59d3 IT |
89 | struct mlx5e_ipsec_sw_stats { |
90 | atomic64_t ipsec_rx_drop_sp_alloc; | |
91 | atomic64_t ipsec_rx_drop_sadb_miss; | |
92 | atomic64_t ipsec_rx_drop_syndrome; | |
2ac9cfe7 IT |
93 | atomic64_t ipsec_tx_drop_bundle; |
94 | atomic64_t ipsec_tx_drop_no_state; | |
95 | atomic64_t ipsec_tx_drop_not_ip; | |
96 | atomic64_t ipsec_tx_drop_trailer; | |
164f16f7 IT |
97 | }; |
98 | ||
9e5286dc | 99 | struct mlx5e_ipsec_rx; |
9b9d454d | 100 | struct mlx5e_ipsec_tx; |
5e466345 | 101 | |
8518d05b LR |
102 | struct mlx5e_ipsec_aso { |
103 | u8 ctx[MLX5_ST_SZ_BYTES(ipsec_aso)]; | |
104 | dma_addr_t dma_addr; | |
105 | struct mlx5_aso *aso; | |
8518d05b LR |
106 | }; |
107 | ||
547eede0 | 108 | struct mlx5e_ipsec { |
9af1968e | 109 | struct mlx5_core_dev *mdev; |
547eede0 | 110 | DECLARE_HASHTABLE(sadb_rx, MLX5E_IPSEC_SADB_RX_BITS); |
501a9b23 | 111 | spinlock_t sadb_rx_lock; /* Protects sadb_rx */ |
899a59d3 | 112 | struct mlx5e_ipsec_sw_stats sw_stats; |
cb010083 | 113 | struct workqueue_struct *wq; |
c7049ca6 | 114 | struct mlx5e_flow_steering *fs; |
9e5286dc LR |
115 | struct mlx5e_ipsec_rx *rx_ipv4; |
116 | struct mlx5e_ipsec_rx *rx_ipv6; | |
117 | struct mlx5e_ipsec_tx *tx; | |
8518d05b | 118 | struct mlx5e_ipsec_aso *aso; |
cb010083 AY |
119 | }; |
120 | ||
121 | struct mlx5e_ipsec_esn_state { | |
122 | u32 esn; | |
123 | u8 trigger: 1; | |
124 | u8 overlap: 1; | |
125 | }; | |
126 | ||
5e466345 HN |
127 | struct mlx5e_ipsec_rule { |
128 | struct mlx5_flow_handle *rule; | |
384298c2 | 129 | struct mlx5_modify_hdr *modify_hdr; |
5e466345 HN |
130 | }; |
131 | ||
c674df97 LR |
132 | struct mlx5e_ipsec_modify_state_work { |
133 | struct work_struct work; | |
134 | struct mlx5_accel_esp_xfrm_attrs attrs; | |
135 | }; | |
136 | ||
cb010083 AY |
137 | struct mlx5e_ipsec_sa_entry { |
138 | struct hlist_node hlist; /* Item in SADB_RX hashtable */ | |
139 | struct mlx5e_ipsec_esn_state esn_state; | |
140 | unsigned int handle; /* Handle in SADB_RX */ | |
141 | struct xfrm_state *x; | |
142 | struct mlx5e_ipsec *ipsec; | |
b73e6728 | 143 | struct mlx5_accel_esp_xfrm_attrs attrs; |
cb010083 AY |
144 | void (*set_iv_op)(struct sk_buff *skb, struct xfrm_state *x, |
145 | struct xfrm_offload *xo); | |
5e466345 | 146 | u32 ipsec_obj_id; |
b73e6728 | 147 | u32 enc_key_id; |
5e466345 | 148 | struct mlx5e_ipsec_rule ipsec_rule; |
c674df97 | 149 | struct mlx5e_ipsec_modify_state_work modify_work; |
547eede0 IT |
150 | }; |
151 | ||
953d7715 | 152 | void mlx5e_ipsec_init(struct mlx5e_priv *priv); |
547eede0 IT |
153 | void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv); |
154 | void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv); | |
155 | ||
156 | struct xfrm_state *mlx5e_ipsec_sadb_rx_lookup(struct mlx5e_ipsec *dev, | |
157 | unsigned int handle); | |
158 | ||
c6e3b421 LR |
159 | void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec); |
160 | int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec); | |
c7049ca6 LR |
161 | int mlx5e_accel_ipsec_fs_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry); |
162 | void mlx5e_accel_ipsec_fs_del_rule(struct mlx5e_ipsec_sa_entry *sa_entry); | |
c6e3b421 | 163 | |
b73e6728 LR |
164 | int mlx5_ipsec_create_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry); |
165 | void mlx5_ipsec_free_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry); | |
c6e3b421 LR |
166 | |
167 | u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev); | |
168 | ||
b73e6728 | 169 | void mlx5_accel_esp_modify_xfrm(struct mlx5e_ipsec_sa_entry *sa_entry, |
c6e3b421 | 170 | const struct mlx5_accel_esp_xfrm_attrs *attrs); |
b73e6728 | 171 | |
8518d05b LR |
172 | int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec); |
173 | void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec); | |
174 | ||
b73e6728 LR |
175 | static inline struct mlx5_core_dev * |
176 | mlx5e_ipsec_sa2dev(struct mlx5e_ipsec_sa_entry *sa_entry) | |
177 | { | |
178 | return sa_entry->ipsec->mdev; | |
179 | } | |
547eede0 | 180 | #else |
953d7715 | 181 | static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv) |
547eede0 | 182 | { |
547eede0 IT |
183 | } |
184 | ||
185 | static inline void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv) | |
186 | { | |
187 | } | |
188 | ||
189 | static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv) | |
190 | { | |
191 | } | |
192 | ||
c6e3b421 LR |
193 | static inline u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev) |
194 | { | |
195 | return 0; | |
196 | } | |
547eede0 IT |
197 | #endif |
198 | ||
199 | #endif /* __MLX5E_IPSEC_H__ */ |