| /openbmc/linux/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ |
| H A D | ipsec_fs.c | 8 #include "ipsec.h"
35 /* IPsec RX flow steering */
43 static struct mlx5e_ipsec_rx *ipsec_rx(struct mlx5e_ipsec *ipsec, u32 family, int type) in ipsec_rx() argument
45 if (ipsec->is_uplink_rep && type == XFRM_DEV_OFFLOAD_PACKET) in ipsec_rx()
46 return ipsec->rx_esw; in ipsec_rx()
49 return ipsec->rx_ipv4; in ipsec_rx()
51 return ipsec->rx_ipv6; in ipsec_rx()
54 static struct mlx5e_ipsec_tx *ipsec_tx(struct mlx5e_ipsec *ipsec, int type) in ipsec_tx() argument
56 if (ipsec->is_uplink_rep && type == XFRM_DEV_OFFLOAD_PACKET) in ipsec_tx()
57 return ipsec->tx_esw; in ipsec_tx()
[all …]
|
| H A D | ipsec.c | 42 #include "ipsec.h"
86 queue_delayed_work(sa_entry->ipsec->wq, &dwork->dwork, in mlx5e_ipsec_handle_tx_limit()
689 struct mlx5e_ipsec *ipsec; in mlx5e_xfrm_add_state() local
695 if (!priv->ipsec) in mlx5e_xfrm_add_state()
698 ipsec = priv->ipsec; in mlx5e_xfrm_add_state()
705 sa_entry->ipsec = ipsec; in mlx5e_xfrm_add_state()
760 err = xa_insert_bh(&ipsec->sadb, sa_entry->ipsec_obj_id, sa_entry, in mlx5e_xfrm_add_state()
768 queue_delayed_work(ipsec->wq, &sa_entry->dwork->dwork, in mlx5e_xfrm_add_state()
773 xa_lock_bh(&ipsec->sadb); in mlx5e_xfrm_add_state()
774 __xa_set_mark(&ipsec->sadb, sa_entry->ipsec_obj_id, in mlx5e_xfrm_add_state()
[all …]
|
| H A D | ipsec_stats.c | 38 #include "ipsec.h"
69 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_NUM_STATS()
81 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
95 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
98 mlx5e_accel_ipsec_fs_read_stats(priv, &priv->ipsec->hw_stats); in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
100 data[idx++] = MLX5E_READ_CTR_ATOMIC64(&priv->ipsec->hw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
108 return priv->ipsec ? NUM_IPSEC_SW_COUNTERS : 0; in MLX5E_DECLARE_STATS_GRP_OP_NUM_STATS()
117 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
128 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
130 data[idx++] = MLX5E_READ_CTR_ATOMIC64(&priv->ipsec->sw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
|
| H A D | ipsec_offload.c | 6 #include "ipsec.h"
83 /* We can accommodate up to 2^24 different IPsec objects in mlx5_ipsec_device_caps()
85 * to hold the IPsec Object unique handle. in mlx5_ipsec_device_caps()
119 * be used in other places as long as IPsec packet offload in mlx5e_ipsec_packet_setup()
224 mlx5_core_dbg(mdev, "Failed to create IPsec object (err = %d)\n", err); in mlx5_ipsec_create_sa_ctx()
264 mlx5_core_err(mdev, "Query IPsec object failed (Object id %d), err = %d\n", in mlx5_modify_ipsec_obj()
372 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5e_ipsec_handle_limits() local
373 struct mlx5e_ipsec_aso *aso = ipsec->aso; in mlx5e_ipsec_handle_limits()
459 aso = sa_entry->ipsec->aso; in mlx5e_ipsec_handle_event()
485 struct mlx5e_ipsec *ipsec = container_of(nb, struct mlx5e_ipsec, nb); in mlx5e_ipsec_event() local
[all …]
|
| H A D | ipsec_rxtx.c | 37 #include "ipsec.h"
273 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_bundle); in mlx5e_ipsec_handle_tx_skb()
279 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_no_state); in mlx5e_ipsec_handle_tx_skb()
286 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_not_ip); in mlx5e_ipsec_handle_tx_skb()
292 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_trailer); in mlx5e_ipsec_handle_tx_skb()
318 struct mlx5e_ipsec *ipsec = priv->ipsec; in mlx5e_ipsec_offload_handle_rx_skb() local
327 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_sp_alloc); in mlx5e_ipsec_offload_handle_rx_skb()
332 sa_entry = xa_load(&ipsec->sadb, sa_handle); in mlx5e_ipsec_offload_handle_rx_skb()
335 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_sadb_miss); in mlx5e_ipsec_offload_handle_rx_skb()
358 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_syndrome); in mlx5e_ipsec_offload_handle_rx_skb()
[all …]
|
| H A D | ipsec.h | 168 /* Protect ASO WQ access, as it is global to whole IPsec */
258 struct mlx5e_ipsec *ipsec; member
293 struct mlx5e_ipsec *ipsec; member
304 void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec);
305 int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec);
321 int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec);
322 void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec);
334 return sa_entry->ipsec->mdev; in mlx5e_ipsec_sa2dev()
340 return pol_entry->ipsec->mdev; in mlx5e_ipsec_pol2dev()
|
| H A D | en_accel.h | 120 struct mlx5e_accel_tx_ipsec_state ipsec; member
142 if (unlikely(!mlx5e_ipsec_handle_tx_skb(dev, skb, &state->ipsec))) in mlx5e_accel_tx_begin()
164 return mlx5e_ipsec_tx_ids_len(&state->ipsec); in mlx5e_accel_tx_ids_len()
204 state->ipsec.xo && state->ipsec.tailen) in mlx5e_accel_tx_finish()
205 mlx5e_ipsec_handle_tx_wqe(wqe, &state->ipsec, inlseg); in mlx5e_accel_tx_finish()
|
| /openbmc/linux/drivers/net/ethernet/intel/ixgbevf/ |
| H A D | ipsec.c | 94 * ixgbevf_ipsec_restore - restore the IPsec HW settings after a reset
103 struct ixgbevf_ipsec *ipsec = adapter->ipsec; in ixgbevf_ipsec_restore() local
112 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbevf_ipsec_restore()
113 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbevf_ipsec_restore()
134 * @ipsec: pointer to IPsec struct
140 int ixgbevf_ipsec_find_empty_idx(struct ixgbevf_ipsec *ipsec, bool rxtable) in ixgbevf_ipsec_find_empty_idx() argument
145 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
150 if (!ipsec->rx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
154 if (ipsec->num_tx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
159 if (!ipsec->tx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
[all …]
|
| /openbmc/linux/drivers/net/netdevsim/ |
| H A D | ipsec.c | 17 struct nsim_ipsec *ipsec = &ns->ipsec; in nsim_dbg_netdev_ops_read() local
26 bufsize = (ipsec->count * 4 * 60) + 60; in nsim_dbg_netdev_ops_read()
34 ipsec->count, ipsec->tx); in nsim_dbg_netdev_ops_read()
37 struct nsim_sa *sap = &ipsec->sa[i]; in nsim_dbg_netdev_ops_read()
72 static int nsim_ipsec_find_empty_idx(struct nsim_ipsec *ipsec) in nsim_ipsec_find_empty_idx() argument
76 if (ipsec->count == NSIM_IPSEC_MAX_SA_COUNT) in nsim_ipsec_find_empty_idx()
81 if (!ipsec->sa[i].used) in nsim_ipsec_find_empty_idx()
98 netdev_err(dev, "Unsupported IPsec algorithm\n"); in nsim_ipsec_parse_proto_keys()
103 netdev_err(dev, "IPsec offload requires %d bit authentication\n", in nsim_ipsec_parse_proto_keys()
113 netdev_err(dev, "Unsupported IPsec algorithm - please use %s\n", in nsim_ipsec_parse_proto_keys()
[all …]
|
| /openbmc/linux/drivers/net/ethernet/intel/ixgbe/ |
| H A D | ixgbe_ipsec.c | 248 /* final set for normal (no ipsec offload) processing */ in ixgbe_ipsec_stop_engine()
293 * ixgbe_ipsec_restore - restore the ipsec HW settings after a reset
305 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_restore() local
319 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbe_ipsec_restore()
320 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbe_ipsec_restore()
341 struct rx_ip_sa *ipsa = &ipsec->ip_tbl[i]; in ixgbe_ipsec_restore()
350 * @ipsec: pointer to ipsec struct
355 static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable) in ixgbe_ipsec_find_empty_idx() argument
360 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbe_ipsec_find_empty_idx()
365 if (!ipsec->rx_tbl[i].used) in ixgbe_ipsec_find_empty_idx()
[all …]
|
| /openbmc/linux/drivers/net/ethernet/mellanox/mlx5/core/esw/ |
| H A D | ipsec_fs.c | 6 #include "en_accel/ipsec.h"
24 void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_create_attr_set() argument
34 int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_status_pass_dest_get() argument
38 dest->ft = mlx5_chains_get_table(esw_chains(ipsec->mdev->priv.eswitch), 0, 1, 0); in mlx5_esw_ipsec_rx_status_pass_dest_get()
47 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5_esw_ipsec_rx_setup_modify_header() local
48 struct mlx5_core_dev *mdev = ipsec->mdev; in mlx5_esw_ipsec_rx_setup_modify_header()
53 err = xa_alloc_bh(&ipsec->rx_esw->ipsec_obj_id_map, &mapped_id, in mlx5_esw_ipsec_rx_setup_modify_header()
59 /* reuse tunnel bits for ipsec, in mlx5_esw_ipsec_rx_setup_modify_header()
84 xa_erase_bh(&ipsec->rx_esw->ipsec_obj_id_map, mapped_id); in mlx5_esw_ipsec_rx_setup_modify_header()
90 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5_esw_ipsec_rx_id_mapping_remove() local
[all …]
|
| H A D | ipsec_fs.h | 11 void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec,
13 int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec,
20 void mlx5_esw_ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec,
24 static inline void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_create_attr_set() argument
27 static inline int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_status_pass_dest_get() argument
47 static inline void mlx5_esw_ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_tx_create_attr_set() argument
|
| /openbmc/linux/net/xfrm/ |
| H A D | Kconfig | 27 like IPsec used by native Linux tools.
37 Transformation(XFRM) user configuration interface like IPsec
46 This provides a virtual interface to route IPsec traffic.
64 A feature to update locator(s) of a given IPsec security
66 instance, in a Mobile IPv6 environment with IPsec configuration
116 They are required if you are going to use IPsec tools ported
128 locator(s) of a given IPsec security association.
130 environment with IPsec configuration where mobile nodes
|
| /openbmc/linux/drivers/crypto/caam/ |
| H A D | pdb.h | 14 * PDB- IPSec ESP Header Modification Options
47 * PDB - IPSec ESP Encap/Decap Options
68 * General IPSec encap/decap PDB definitions
72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
120 * ipsec_encap_pdb - PDB for IPsec encapsulation
127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
128 * @seq_num: IPsec sequence number
[all …]
|
| /openbmc/openbmc/meta-openembedded/meta-networking/recipes-support/strongswan/ |
| H A D | strongswan_6.0.0.bb | 1 DESCRIPTION = "strongSwan is an OpenSource IPsec implementation for the \
3 SUMMARY = "strongSwan is an OpenSource IPsec implementation"
98 FILES:${PN} += "${libdir}/ipsec/lib*${SOLIBS}"
99 FILES:${PN}-dbg += "${bindir}/.debug ${sbindir}/.debug ${libdir}/ipsec/.debug ${libexecdir}/ipsec/.…
100 FILES:${PN}-dev += "${libdir}/ipsec/lib*${SOLIBSDEV} ${libdir}/ipsec/*.la ${libdir}/ipsec/include/c…
101 FILES:${PN}-staticdev += "${libdir}/ipsec/*.a"
103 CONFFILES:${PN} = "${sysconfdir}/*.conf ${sysconfdir}/ipsec.d/*.conf ${sysconfdir}/strongswan.d/*.c…
111 FILES:${PN}-imcvs = "${libdir}/ipsec/imcvs/*.so"
112 FILES:${PN}-imcvs-dbg += "${libdir}/ipsec/imcvs/.debug"
115 FILES:${PN}-nm = "${libexecdir}/ipsec/charon-nm ${datadir}/dbus-1/system.d/nm-strongswan-service.co…
[all …]
|
| /openbmc/linux/Documentation/networking/ |
| H A D | xfrm_device.rst | 5 XFRM device - offloading the IPsec computations
15 IPsec is a useful feature for securing network traffic, but the
18 Luckily, there are NICs that offer a hardware based IPsec offload which
24 * IPsec crypto offload:
27 * IPsec packet offload:
82 The NIC driver offering ipsec offload will need to implement callbacks
113 -EOPNETSUPP offload not supported, try SW IPsec,
124 When the network stack is preparing an IPsec packet for an SA that has
140 The stack has already inserted the appropriate IPsec headers in the
148 IPsec headers are still in the packet data; they are removed later up
|
| /openbmc/linux/drivers/net/ethernet/mellanox/mlx5/core/lib/ |
| H A D | ipsec_fs_roce.c | 69 mlx5_core_err(mdev, "Fail to add RX RoCE IPsec rule err=%d\n", in ipsec_fs_roce_rx_rule_setup()
80 mlx5_core_err(mdev, "Fail to add RX RoCE IPsec miss rule err=%d\n", in ipsec_fs_roce_rx_rule_setup()
113 mlx5_core_err(mdev, "Fail to add TX RoCE IPsec rule err=%d\n", in ipsec_fs_roce_tx_rule_setup()
164 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx ft err=%d\n", err); in mlx5_ipsec_fs_roce_tx_create()
176 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx group err=%d\n", err); in mlx5_ipsec_fs_roce_tx_create()
183 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx rules err=%d\n", err); in mlx5_ipsec_fs_roce_tx_create()
260 mlx5_core_err(mdev, "Fail to create RoCE IPsec rx ft at nic err=%d\n", err); in mlx5_ipsec_fs_roce_rx_create()
284 mlx5_core_err(mdev, "Fail to create RoCE IPsec rx group at nic err=%d\n", err); in mlx5_ipsec_fs_roce_rx_create()
296 mlx5_core_err(mdev, "Fail to create RoCE IPsec rx miss group at nic err=%d\n", err); in mlx5_ipsec_fs_roce_rx_create()
307 mlx5_core_err(mdev, "Fail to create RoCE IPsec rx ft at rdma err=%d\n", err); in mlx5_ipsec_fs_roce_rx_create()
[all …]
|
| /openbmc/linux/tools/testing/selftests/net/ |
| H A D | xfrm_policy.sh | 10 # ns3 and ns4 are connected via ipsec tunnel.
12 # ns1: ping 10.0.2.2: passes via ipsec tunnel.
13 # ns2: ping 10.0.1.2: passes via ipsec tunnel.
15 # ns1: ping 10.0.1.253: passes via ipsec tunnel (direct policy)
16 # ns2: ping 10.0.2.253: passes via ipsec tunnel (direct policy)
18 # ns1: ping 10.0.2.254: does NOT pass via ipsec tunnel (exception)
19 # ns2: ping 10.0.1.254: does NOT pass via ipsec tunnel (exception)
243 echo "PASS: ping to .254 bypassed ipsec tunnel ($logpostfix)"
246 # ping to .253 should use use ipsec due to direct policy exception.
249 echo "FAIL: expected ping to .253 to use ipsec tunnel ($logpostfix)"
[all …]
|
| /openbmc/openbmc/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/ |
| H A D | long-help | 5 IP/name of your IPSec gateway
6 conf-variable: IPSec gateway <ip/hostname>
10 conf-variable: IPSec ID <ASCII string>
14 conf-variable: IPSec secret <ASCII string>
18 conf-variable: IPSec obfuscated secret <hex string>
41 vendor of your IPSec gateway
166 conf-variable: IPSEC target network <target network/netmask>
|
| H A D | default.conf | 6 #IPSec gateway 10.1.2.3
7 #IPSec ID YOURPEERSID
8 #IPSec secret YOURPEERSSECRET
|
| /openbmc/linux/Documentation/devicetree/bindings/rng/ |
| H A D | brcm,bcm2835.yaml | 29 const: ipsec
35 const: ipsec
78 clock-names = "ipsec";
81 reset-names = "ipsec";
|
| /openbmc/linux/Documentation/networking/device_drivers/ethernet/mellanox/mlx5/ |
| H A D | switchdev.rst | 193 IPsec crypto capability setup
195 User who wants mlx5 PCI VFs to be able to perform IPsec crypto offloading need
196 to explicitly enable the VF ipsec_crypto capability. Enabling IPsec capability
198 IPsec capability enabled, any IPsec offloading is blocked on the PF.
203 IPsec packet capability setup
205 User who wants mlx5 PCI VFs to be able to perform IPsec packet offloading need
206 to explicitly enable the VF ipsec_packet capability. Enabling IPsec capability
208 IPsec capability enabled, any IPsec offloading is blocked on the PF.
|
| /openbmc/linux/drivers/net/ethernet/netronome/ |
| H A D | Kconfig | 58 bool "NFP IPsec crypto offload support"
63 Enable driver support IPsec crypto offload on NFP NIC.
64 Say Y, if you are planning to make use of IPsec crypto
65 offload. NOTE that IPsec crypto offload on NFP NIC
|
| /openbmc/linux/drivers/net/ethernet/chelsio/inline_crypto/ |
| H A D | Kconfig | 29 tristate "Chelsio IPSec XFRM Tx crypto offload"
34 Support Chelsio Inline IPsec with Chelsio crypto accelerator.
35 Enable inline IPsec support for Tx.
|
| /openbmc/linux/drivers/crypto/marvell/octeontx2/ |
| H A D | otx2_cptpf_ucode.h | 15 * On OcteonTX2 platform IPSec ucode can use both IE and SE engines therefore
37 OTX2_CPT_SE_UC_TYPE2 = 21,/* Fast Path IPSec + AirCrypto */
40 * Full Feature IPSec + AirCrypto + Kasumi
43 OTX2_CPT_IE_UC_TYPE2 = 31, /* Fast Path IPSec */
46 * Full Future IPSec
|