1 /* 2 * Copyright (c) 2017 Mellanox Technologies. All rights reserved. 3 * 4 * This software is available to you under a choice of one of two 5 * licenses. You may choose to be licensed under the terms of the GNU 6 * General Public License (GPL) Version 2, available from the file 7 * COPYING in the main directory of this source tree, or the 8 * OpenIB.org BSD license below: 9 * 10 * Redistribution and use in source and binary forms, with or 11 * without modification, are permitted provided that the following 12 * conditions are met: 13 * 14 * - Redistributions of source code must retain the above 15 * copyright notice, this list of conditions and the following 16 * disclaimer. 17 * 18 * - Redistributions in binary form must reproduce the above 19 * copyright notice, this list of conditions and the following 20 * disclaimer in the documentation and/or other materials 21 * provided with the distribution. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 * SOFTWARE. 31 * 32 */ 33 34 #ifndef __MLX5E_IPSEC_H__ 35 #define __MLX5E_IPSEC_H__ 36 37 #include <linux/mlx5/device.h> 38 #include <net/xfrm.h> 39 #include <linux/idr.h> 40 #include "lib/aso.h" 41 42 #define MLX5E_IPSEC_SADB_RX_BITS 10 43 #define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L 44 45 struct aes_gcm_keymat { 46 u64 seq_iv; 47 48 u32 salt; 49 u32 icv_len; 50 51 u32 key_len; 52 u32 aes_key[256 / 32]; 53 }; 54 55 struct upspec { 56 u16 dport; 57 u16 dport_mask; 58 u16 sport; 59 u16 sport_mask; 60 u8 proto; 61 }; 62 63 struct mlx5_accel_esp_xfrm_attrs { 64 u32 esn; 65 u32 spi; 66 u32 flags; 67 struct aes_gcm_keymat aes_gcm; 68 69 union { 70 __be32 a4; 71 __be32 a6[4]; 72 } saddr; 73 74 union { 75 __be32 a4; 76 __be32 a6[4]; 77 } daddr; 78 79 struct upspec upspec; 80 u8 dir : 2; 81 u8 esn_overlap : 1; 82 u8 esn_trigger : 1; 83 u8 type : 2; 84 u8 family; 85 u32 replay_window; 86 u32 authsize; 87 u32 reqid; 88 u64 hard_packet_limit; 89 u64 soft_packet_limit; 90 }; 91 92 enum mlx5_ipsec_cap { 93 MLX5_IPSEC_CAP_CRYPTO = 1 << 0, 94 MLX5_IPSEC_CAP_ESN = 1 << 1, 95 MLX5_IPSEC_CAP_PACKET_OFFLOAD = 1 << 2, 96 MLX5_IPSEC_CAP_ROCE = 1 << 3, 97 }; 98 99 struct mlx5e_priv; 100 101 struct mlx5e_ipsec_hw_stats { 102 u64 ipsec_rx_pkts; 103 u64 ipsec_rx_bytes; 104 u64 ipsec_rx_drop_pkts; 105 u64 ipsec_rx_drop_bytes; 106 u64 ipsec_tx_pkts; 107 u64 ipsec_tx_bytes; 108 u64 ipsec_tx_drop_pkts; 109 u64 ipsec_tx_drop_bytes; 110 }; 111 112 struct mlx5e_ipsec_sw_stats { 113 atomic64_t ipsec_rx_drop_sp_alloc; 114 atomic64_t ipsec_rx_drop_sadb_miss; 115 atomic64_t ipsec_rx_drop_syndrome; 116 atomic64_t ipsec_tx_drop_bundle; 117 atomic64_t ipsec_tx_drop_no_state; 118 atomic64_t ipsec_tx_drop_not_ip; 119 atomic64_t ipsec_tx_drop_trailer; 120 }; 121 122 struct mlx5e_ipsec_rx; 123 struct mlx5e_ipsec_tx; 124 125 struct mlx5e_ipsec_work { 126 struct work_struct work; 127 struct mlx5e_ipsec *ipsec; 128 u32 id; 129 }; 130 131 struct mlx5e_ipsec_aso { 132 u8 __aligned(64) ctx[MLX5_ST_SZ_BYTES(ipsec_aso)]; 133 dma_addr_t dma_addr; 134 struct mlx5_aso *aso; 135 /* Protect ASO WQ access, as it is global to whole IPsec */ 136 spinlock_t lock; 137 }; 138 139 struct mlx5e_ipsec { 140 struct mlx5_core_dev *mdev; 141 struct xarray sadb; 142 struct mlx5e_ipsec_sw_stats sw_stats; 143 struct mlx5e_ipsec_hw_stats hw_stats; 144 struct workqueue_struct *wq; 145 struct mlx5e_flow_steering *fs; 146 struct mlx5e_ipsec_rx *rx_ipv4; 147 struct mlx5e_ipsec_rx *rx_ipv6; 148 struct mlx5e_ipsec_tx *tx; 149 struct mlx5e_ipsec_aso *aso; 150 struct notifier_block nb; 151 struct mlx5_ipsec_fs *roce; 152 }; 153 154 struct mlx5e_ipsec_esn_state { 155 u32 esn; 156 u8 trigger: 1; 157 u8 overlap: 1; 158 }; 159 160 struct mlx5e_ipsec_rule { 161 struct mlx5_flow_handle *rule; 162 struct mlx5_modify_hdr *modify_hdr; 163 struct mlx5_pkt_reformat *pkt_reformat; 164 }; 165 166 struct mlx5e_ipsec_modify_state_work { 167 struct work_struct work; 168 struct mlx5_accel_esp_xfrm_attrs attrs; 169 }; 170 171 struct mlx5e_ipsec_sa_entry { 172 struct mlx5e_ipsec_esn_state esn_state; 173 struct xfrm_state *x; 174 struct mlx5e_ipsec *ipsec; 175 struct mlx5_accel_esp_xfrm_attrs attrs; 176 void (*set_iv_op)(struct sk_buff *skb, struct xfrm_state *x, 177 struct xfrm_offload *xo); 178 u32 ipsec_obj_id; 179 u32 enc_key_id; 180 struct mlx5e_ipsec_rule ipsec_rule; 181 struct mlx5e_ipsec_modify_state_work modify_work; 182 }; 183 184 struct mlx5_accel_pol_xfrm_attrs { 185 union { 186 __be32 a4; 187 __be32 a6[4]; 188 } saddr; 189 190 union { 191 __be32 a4; 192 __be32 a6[4]; 193 } daddr; 194 195 struct upspec upspec; 196 u8 family; 197 u8 action; 198 u8 type : 2; 199 u8 dir : 2; 200 u32 reqid; 201 }; 202 203 struct mlx5e_ipsec_pol_entry { 204 struct xfrm_policy *x; 205 struct mlx5e_ipsec *ipsec; 206 struct mlx5e_ipsec_rule ipsec_rule; 207 struct mlx5_accel_pol_xfrm_attrs attrs; 208 }; 209 210 #ifdef CONFIG_MLX5_EN_IPSEC 211 212 void mlx5e_ipsec_init(struct mlx5e_priv *priv); 213 void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv); 214 void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv); 215 216 void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec); 217 int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec); 218 int mlx5e_accel_ipsec_fs_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry); 219 void mlx5e_accel_ipsec_fs_del_rule(struct mlx5e_ipsec_sa_entry *sa_entry); 220 int mlx5e_accel_ipsec_fs_add_pol(struct mlx5e_ipsec_pol_entry *pol_entry); 221 void mlx5e_accel_ipsec_fs_del_pol(struct mlx5e_ipsec_pol_entry *pol_entry); 222 223 int mlx5_ipsec_create_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry); 224 void mlx5_ipsec_free_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry); 225 226 u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev); 227 228 void mlx5_accel_esp_modify_xfrm(struct mlx5e_ipsec_sa_entry *sa_entry, 229 const struct mlx5_accel_esp_xfrm_attrs *attrs); 230 231 int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec); 232 void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec); 233 234 int mlx5e_ipsec_aso_query(struct mlx5e_ipsec_sa_entry *sa_entry, 235 struct mlx5_wqe_aso_ctrl_seg *data); 236 void mlx5e_ipsec_aso_update_curlft(struct mlx5e_ipsec_sa_entry *sa_entry, 237 u64 *packets); 238 239 void mlx5e_accel_ipsec_fs_read_stats(struct mlx5e_priv *priv, 240 void *ipsec_stats); 241 242 void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, 243 struct mlx5_accel_esp_xfrm_attrs *attrs); 244 static inline struct mlx5_core_dev * 245 mlx5e_ipsec_sa2dev(struct mlx5e_ipsec_sa_entry *sa_entry) 246 { 247 return sa_entry->ipsec->mdev; 248 } 249 250 static inline struct mlx5_core_dev * 251 mlx5e_ipsec_pol2dev(struct mlx5e_ipsec_pol_entry *pol_entry) 252 { 253 return pol_entry->ipsec->mdev; 254 } 255 #else 256 static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv) 257 { 258 } 259 260 static inline void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv) 261 { 262 } 263 264 static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv) 265 { 266 } 267 268 static inline u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev) 269 { 270 return 0; 271 } 272 #endif 273 274 #endif /* __MLX5E_IPSEC_H__ */ 275