// SPDX-License-Identifier: GPL-2.0 /* Copyright(c) 2017 Oracle and/or its affiliates. All rights reserved. */ #include "ixgbe.h" #include <net/xfrm.h> #include <crypto/aead.h> #include <linux/if_bridge.h> #define IXGBE_IPSEC_KEY_BITS … static const char aes_gcm_name[] = …; static void ixgbe_ipsec_del_sa(struct xfrm_state *xs); /** * ixgbe_ipsec_set_tx_sa - set the Tx SA registers * @hw: hw specific details * @idx: register index to write * @key: key byte array * @salt: salt bytes **/ static void ixgbe_ipsec_set_tx_sa(struct ixgbe_hw *hw, u16 idx, u32 key[], u32 salt) { … } /** * ixgbe_ipsec_set_rx_item - set an Rx table item * @hw: hw specific details * @idx: register index to write * @tbl: table selector * * Trigger the device to store into a particular Rx table the * data that has already been loaded into the input register **/ static void ixgbe_ipsec_set_rx_item(struct ixgbe_hw *hw, u16 idx, enum ixgbe_ipsec_tbl_sel tbl) { … } /** * ixgbe_ipsec_set_rx_sa - set up the register bits to save SA info * @hw: hw specific details * @idx: register index to write * @spi: security parameter index * @key: key byte array * @salt: salt bytes * @mode: rx decrypt control bits * @ip_idx: index into IP table for related IP address **/ static void ixgbe_ipsec_set_rx_sa(struct ixgbe_hw *hw, u16 idx, __be32 spi, u32 key[], u32 salt, u32 mode, u32 ip_idx) { … } /** * ixgbe_ipsec_set_rx_ip - set up the register bits to save SA IP addr info * @hw: hw specific details * @idx: register index to write * @addr: IP address byte array **/ static void ixgbe_ipsec_set_rx_ip(struct ixgbe_hw *hw, u16 idx, __be32 addr[]) { … } /** * ixgbe_ipsec_clear_hw_tables - because some tables don't get cleared on reset * @adapter: board private structure **/ static void ixgbe_ipsec_clear_hw_tables(struct ixgbe_adapter *adapter) { … } /** * ixgbe_ipsec_stop_data * @adapter: board private structure **/ static void ixgbe_ipsec_stop_data(struct ixgbe_adapter *adapter) { … } /** * ixgbe_ipsec_stop_engine * @adapter: board private structure **/ static void ixgbe_ipsec_stop_engine(struct ixgbe_adapter *adapter) { … } /** * ixgbe_ipsec_start_engine * @adapter: board private structure * * NOTE: this increases power consumption whether being used or not **/ static void ixgbe_ipsec_start_engine(struct ixgbe_adapter *adapter) { … } /** * ixgbe_ipsec_restore - restore the ipsec HW settings after a reset * @adapter: board private structure * * Reload the HW tables from the SW tables after they've been bashed * by a chip reset. * * Any VF entries are removed from the SW and HW tables since either * (a) the VF also gets reset on PF reset and will ask again for the * offloads, or (b) the VF has been removed by a change in the num_vfs. **/ void ixgbe_ipsec_restore(struct ixgbe_adapter *adapter) { … } /** * ixgbe_ipsec_find_empty_idx - find the first unused security parameter index * @ipsec: pointer to ipsec struct * @rxtable: true if we need to look in the Rx table * * Returns the first unused index in either the Rx or Tx SA table **/ static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable) { … } /** * ixgbe_ipsec_find_rx_state - find the state that matches * @ipsec: pointer to ipsec struct * @daddr: inbound address to match * @proto: protocol to match * @spi: SPI to match * @ip4: true if using an ipv4 address * * Returns a pointer to the matching SA state information **/ static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec, __be32 *daddr, u8 proto, __be32 spi, bool ip4) { … } /** * ixgbe_ipsec_parse_proto_keys - find the key and salt based on the protocol * @xs: pointer to xfrm_state struct * @mykey: pointer to key array to populate * @mysalt: pointer to salt value to populate * * This copies the protocol keys and salt to our own data tables. The * 82599 family only supports the one algorithm. **/ static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs, u32 *mykey, u32 *mysalt) { … } /** * ixgbe_ipsec_check_mgmt_ip - make sure there is no clash with mgmt IP filters * @xs: pointer to transformer state struct **/ static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs) { … } /** * ixgbe_ipsec_add_sa - program device with a security association * @xs: pointer to transformer state struct * @extack: extack point to fill failure reason **/ static int ixgbe_ipsec_add_sa(struct xfrm_state *xs, struct netlink_ext_ack *extack) { … } /** * ixgbe_ipsec_del_sa - clear out this specific SA * @xs: pointer to transformer state struct **/ static void ixgbe_ipsec_del_sa(struct xfrm_state *xs) { … } /** * ixgbe_ipsec_offload_ok - can this packet use the xfrm hw offload * @skb: current data packet * @xs: pointer to transformer state struct **/ static bool ixgbe_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs) { … } static const struct xfrmdev_ops ixgbe_xfrmdev_ops = …; /** * ixgbe_ipsec_vf_clear - clear the tables of data for a VF * @adapter: board private structure * @vf: VF id to be removed **/ void ixgbe_ipsec_vf_clear(struct ixgbe_adapter *adapter, u32 vf) { … } /** * ixgbe_ipsec_vf_add_sa - translate VF request to SA add * @adapter: board private structure * @msgbuf: The message buffer * @vf: the VF index * * Make up a new xs and algorithm info from the data sent by the VF. * We only need to sketch in just enough to set up the HW offload. * Put the resulting offload_handle into the return message to the VF. * * Returns 0 or error value **/ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) { … } /** * ixgbe_ipsec_vf_del_sa - translate VF request to SA delete * @adapter: board private structure * @msgbuf: The message buffer * @vf: the VF index * * Given the offload_handle sent by the VF, look for the related SA table * entry and use its xs field to call for a delete of the SA. * * Note: We silently ignore requests to delete entries that are already * set to unused because when a VF is set to "DOWN", the PF first * gets a reset and clears all the VF's entries; then the VF's * XFRM stack sends individual deletes for each entry, which the * reset already removed. In the future it might be good to try to * optimize this so not so many unnecessary delete messages are sent. * * Returns 0 or error value **/ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) { … } /** * ixgbe_ipsec_tx - setup Tx flags for ipsec offload * @tx_ring: outgoing context * @first: current data packet * @itd: ipsec Tx data for later use in building context descriptor **/ int ixgbe_ipsec_tx(struct ixgbe_ring *tx_ring, struct ixgbe_tx_buffer *first, struct ixgbe_ipsec_tx_data *itd) { … } /** * ixgbe_ipsec_rx - decode ipsec bits from Rx descriptor * @rx_ring: receiving ring * @rx_desc: receive data descriptor * @skb: current data packet * * Determine if there was an ipsec encapsulation noticed, and if so set up * the resulting status for later in the receive stack. **/ void ixgbe_ipsec_rx(struct ixgbe_ring *rx_ring, union ixgbe_adv_rx_desc *rx_desc, struct sk_buff *skb) { … } /** * ixgbe_init_ipsec_offload - initialize security registers for IPSec operation * @adapter: board private structure **/ void ixgbe_init_ipsec_offload(struct ixgbe_adapter *adapter) { … } /** * ixgbe_stop_ipsec_offload - tear down the ipsec offload * @adapter: board private structure **/ void ixgbe_stop_ipsec_offload(struct ixgbe_adapter *adapter) { … }
Codebase Browser
linux