Commit | Line | Data |
---|---|---|
547eede0 IT |
1 | /* |
2 | * Copyright (c) 2017 Mellanox Technologies. All rights reserved. | |
3 | * | |
4 | * This software is available to you under a choice of one of two | |
5 | * licenses. You may choose to be licensed under the terms of the GNU | |
6 | * General Public License (GPL) Version 2, available from the file | |
7 | * COPYING in the main directory of this source tree, or the | |
8 | * OpenIB.org BSD license below: | |
9 | * | |
10 | * Redistribution and use in source and binary forms, with or | |
11 | * without modification, are permitted provided that the following | |
12 | * conditions are met: | |
13 | * | |
14 | * - Redistributions of source code must retain the above | |
15 | * copyright notice, this list of conditions and the following | |
16 | * disclaimer. | |
17 | * | |
18 | * - Redistributions in binary form must reproduce the above | |
19 | * copyright notice, this list of conditions and the following | |
20 | * disclaimer in the documentation and/or other materials | |
21 | * provided with the distribution. | |
22 | * | |
23 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | |
24 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | |
25 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | |
26 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS | |
27 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN | |
28 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | |
29 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
30 | * SOFTWARE. | |
31 | * | |
32 | */ | |
33 | ||
34 | #ifndef __MLX5E_IPSEC_H__ | |
35 | #define __MLX5E_IPSEC_H__ | |
36 | ||
37 | #ifdef CONFIG_MLX5_EN_IPSEC | |
38 | ||
39 | #include <linux/mlx5/device.h> | |
40 | #include <net/xfrm.h> | |
41 | #include <linux/idr.h> | |
42 | ||
cb010083 AY |
43 | #include "accel/ipsec.h" |
44 | ||
547eede0 | 45 | #define MLX5E_IPSEC_SADB_RX_BITS 10 |
cb010083 AY |
46 | #define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L |
47 | ||
547eede0 IT |
48 | struct mlx5e_priv; |
49 | ||
899a59d3 IT |
50 | struct mlx5e_ipsec_sw_stats { |
51 | atomic64_t ipsec_rx_drop_sp_alloc; | |
52 | atomic64_t ipsec_rx_drop_sadb_miss; | |
53 | atomic64_t ipsec_rx_drop_syndrome; | |
2ac9cfe7 IT |
54 | atomic64_t ipsec_tx_drop_bundle; |
55 | atomic64_t ipsec_tx_drop_no_state; | |
56 | atomic64_t ipsec_tx_drop_not_ip; | |
57 | atomic64_t ipsec_tx_drop_trailer; | |
58 | atomic64_t ipsec_tx_drop_metadata; | |
899a59d3 IT |
59 | }; |
60 | ||
164f16f7 IT |
61 | struct mlx5e_ipsec_stats { |
62 | u64 ipsec_dec_in_packets; | |
63 | u64 ipsec_dec_out_packets; | |
64 | u64 ipsec_dec_bypass_packets; | |
65 | u64 ipsec_enc_in_packets; | |
66 | u64 ipsec_enc_out_packets; | |
67 | u64 ipsec_enc_bypass_packets; | |
68 | u64 ipsec_dec_drop_packets; | |
69 | u64 ipsec_dec_auth_fail_packets; | |
70 | u64 ipsec_enc_drop_packets; | |
71 | u64 ipsec_add_sa_success; | |
72 | u64 ipsec_add_sa_fail; | |
73 | u64 ipsec_del_sa_success; | |
74 | u64 ipsec_del_sa_fail; | |
75 | u64 ipsec_cmd_drop; | |
76 | }; | |
77 | ||
5e466345 HN |
78 | struct mlx5e_accel_fs_esp; |
79 | ||
547eede0 IT |
80 | struct mlx5e_ipsec { |
81 | struct mlx5e_priv *en_priv; | |
82 | DECLARE_HASHTABLE(sadb_rx, MLX5E_IPSEC_SADB_RX_BITS); | |
788a8210 | 83 | bool no_trailer; |
547eede0 IT |
84 | spinlock_t sadb_rx_lock; /* Protects sadb_rx and halloc */ |
85 | struct ida halloc; | |
899a59d3 | 86 | struct mlx5e_ipsec_sw_stats sw_stats; |
164f16f7 | 87 | struct mlx5e_ipsec_stats stats; |
cb010083 | 88 | struct workqueue_struct *wq; |
5e466345 | 89 | struct mlx5e_accel_fs_esp *rx_fs; |
cb010083 AY |
90 | }; |
91 | ||
92 | struct mlx5e_ipsec_esn_state { | |
93 | u32 esn; | |
94 | u8 trigger: 1; | |
95 | u8 overlap: 1; | |
96 | }; | |
97 | ||
5e466345 HN |
98 | struct mlx5e_ipsec_rule { |
99 | struct mlx5_flow_handle *rule; | |
100 | struct mlx5_modify_hdr *set_modify_hdr; | |
101 | }; | |
102 | ||
cb010083 AY |
103 | struct mlx5e_ipsec_sa_entry { |
104 | struct hlist_node hlist; /* Item in SADB_RX hashtable */ | |
105 | struct mlx5e_ipsec_esn_state esn_state; | |
106 | unsigned int handle; /* Handle in SADB_RX */ | |
107 | struct xfrm_state *x; | |
108 | struct mlx5e_ipsec *ipsec; | |
109 | struct mlx5_accel_esp_xfrm *xfrm; | |
110 | void *hw_context; | |
111 | void (*set_iv_op)(struct sk_buff *skb, struct xfrm_state *x, | |
112 | struct xfrm_offload *xo); | |
5e466345 HN |
113 | u32 ipsec_obj_id; |
114 | struct mlx5e_ipsec_rule ipsec_rule; | |
547eede0 IT |
115 | }; |
116 | ||
2ac9cfe7 | 117 | void mlx5e_ipsec_build_inverse_table(void); |
547eede0 IT |
118 | int mlx5e_ipsec_init(struct mlx5e_priv *priv); |
119 | void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv); | |
120 | void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv); | |
121 | ||
122 | struct xfrm_state *mlx5e_ipsec_sadb_rx_lookup(struct mlx5e_ipsec *dev, | |
123 | unsigned int handle); | |
124 | ||
125 | #else | |
126 | ||
2ac9cfe7 IT |
127 | static inline void mlx5e_ipsec_build_inverse_table(void) |
128 | { | |
129 | } | |
130 | ||
547eede0 IT |
131 | static inline int mlx5e_ipsec_init(struct mlx5e_priv *priv) |
132 | { | |
133 | return 0; | |
134 | } | |
135 | ||
136 | static inline void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv) | |
137 | { | |
138 | } | |
139 | ||
140 | static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv) | |
141 | { | |
142 | } | |
143 | ||
144 | #endif | |
145 | ||
146 | #endif /* __MLX5E_IPSEC_H__ */ |