1 /* 2 * Copyright (c) 2017 Mellanox Technologies. All rights reserved. 3 * 4 * This software is available to you under a choice of one of two 5 * licenses. You may choose to be licensed under the terms of the GNU 6 * General Public License (GPL) Version 2, available from the file 7 * COPYING in the main directory of this source tree, or the 8 * OpenIB.org BSD license below: 9 * 10 * Redistribution and use in source and binary forms, with or 11 * without modification, are permitted provided that the following 12 * conditions are met: 13 * 14 * - Redistributions of source code must retain the above 15 * copyright notice, this list of conditions and the following 16 * disclaimer. 17 * 18 * - Redistributions in binary form must reproduce the above 19 * copyright notice, this list of conditions and the following 20 * disclaimer in the documentation and/or other materials 21 * provided with the distribution. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 * SOFTWARE. 31 * 32 */ 33 34 #ifndef __MLX5E_IPSEC_H__ 35 #define __MLX5E_IPSEC_H__ 36 37 #include <linux/mlx5/device.h> 38 #include <net/xfrm.h> 39 #include <linux/idr.h> 40 #include "lib/aso.h" 41 42 #define MLX5E_IPSEC_SADB_RX_BITS 10 43 #define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L 44 45 struct aes_gcm_keymat { 46 u64 seq_iv; 47 48 u32 salt; 49 u32 icv_len; 50 51 u32 key_len; 52 u32 aes_key[256 / 32]; 53 }; 54 55 struct mlx5_accel_esp_xfrm_attrs { 56 u32 esn; 57 u32 spi; 58 u32 flags; 59 struct aes_gcm_keymat aes_gcm; 60 61 union { 62 __be32 a4; 63 __be32 a6[4]; 64 } saddr; 65 66 union { 67 __be32 a4; 68 __be32 a6[4]; 69 } daddr; 70 71 u8 dir : 2; 72 u8 esn_overlap : 1; 73 u8 esn_trigger : 1; 74 u8 type : 2; 75 u8 family; 76 u32 replay_window; 77 u32 authsize; 78 u32 reqid; 79 u64 hard_packet_limit; 80 u64 soft_packet_limit; 81 }; 82 83 enum mlx5_ipsec_cap { 84 MLX5_IPSEC_CAP_CRYPTO = 1 << 0, 85 MLX5_IPSEC_CAP_ESN = 1 << 1, 86 MLX5_IPSEC_CAP_PACKET_OFFLOAD = 1 << 2, 87 }; 88 89 struct mlx5e_priv; 90 91 struct mlx5e_ipsec_hw_stats { 92 u64 ipsec_rx_pkts; 93 u64 ipsec_rx_bytes; 94 u64 ipsec_rx_drop_pkts; 95 u64 ipsec_rx_drop_bytes; 96 u64 ipsec_tx_pkts; 97 u64 ipsec_tx_bytes; 98 u64 ipsec_tx_drop_pkts; 99 u64 ipsec_tx_drop_bytes; 100 }; 101 102 struct mlx5e_ipsec_sw_stats { 103 atomic64_t ipsec_rx_drop_sp_alloc; 104 atomic64_t ipsec_rx_drop_sadb_miss; 105 atomic64_t ipsec_rx_drop_syndrome; 106 atomic64_t ipsec_tx_drop_bundle; 107 atomic64_t ipsec_tx_drop_no_state; 108 atomic64_t ipsec_tx_drop_not_ip; 109 atomic64_t ipsec_tx_drop_trailer; 110 }; 111 112 struct mlx5e_ipsec_rx; 113 struct mlx5e_ipsec_tx; 114 115 struct mlx5e_ipsec_work { 116 struct work_struct work; 117 struct mlx5e_ipsec *ipsec; 118 u32 id; 119 }; 120 121 struct mlx5e_ipsec_aso { 122 u8 ctx[MLX5_ST_SZ_BYTES(ipsec_aso)]; 123 dma_addr_t dma_addr; 124 struct mlx5_aso *aso; 125 /* Protect ASO WQ access, as it is global to whole IPsec */ 126 spinlock_t lock; 127 }; 128 129 struct mlx5e_ipsec { 130 struct mlx5_core_dev *mdev; 131 struct xarray sadb; 132 struct mlx5e_ipsec_sw_stats sw_stats; 133 struct mlx5e_ipsec_hw_stats hw_stats; 134 struct workqueue_struct *wq; 135 struct mlx5e_flow_steering *fs; 136 struct mlx5e_ipsec_rx *rx_ipv4; 137 struct mlx5e_ipsec_rx *rx_ipv6; 138 struct mlx5e_ipsec_tx *tx; 139 struct mlx5e_ipsec_aso *aso; 140 struct notifier_block nb; 141 }; 142 143 struct mlx5e_ipsec_esn_state { 144 u32 esn; 145 u8 trigger: 1; 146 u8 overlap: 1; 147 }; 148 149 struct mlx5e_ipsec_rule { 150 struct mlx5_flow_handle *rule; 151 struct mlx5_modify_hdr *modify_hdr; 152 struct mlx5_pkt_reformat *pkt_reformat; 153 }; 154 155 struct mlx5e_ipsec_modify_state_work { 156 struct work_struct work; 157 struct mlx5_accel_esp_xfrm_attrs attrs; 158 }; 159 160 struct mlx5e_ipsec_sa_entry { 161 struct mlx5e_ipsec_esn_state esn_state; 162 struct xfrm_state *x; 163 struct mlx5e_ipsec *ipsec; 164 struct mlx5_accel_esp_xfrm_attrs attrs; 165 void (*set_iv_op)(struct sk_buff *skb, struct xfrm_state *x, 166 struct xfrm_offload *xo); 167 u32 ipsec_obj_id; 168 u32 enc_key_id; 169 struct mlx5e_ipsec_rule ipsec_rule; 170 struct mlx5e_ipsec_modify_state_work modify_work; 171 }; 172 173 struct mlx5_accel_pol_xfrm_attrs { 174 union { 175 __be32 a4; 176 __be32 a6[4]; 177 } saddr; 178 179 union { 180 __be32 a4; 181 __be32 a6[4]; 182 } daddr; 183 184 u8 family; 185 u8 action; 186 u8 type : 2; 187 u8 dir : 2; 188 u32 reqid; 189 }; 190 191 struct mlx5e_ipsec_pol_entry { 192 struct xfrm_policy *x; 193 struct mlx5e_ipsec *ipsec; 194 struct mlx5e_ipsec_rule ipsec_rule; 195 struct mlx5_accel_pol_xfrm_attrs attrs; 196 }; 197 198 #ifdef CONFIG_MLX5_EN_IPSEC 199 200 void mlx5e_ipsec_init(struct mlx5e_priv *priv); 201 void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv); 202 void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv); 203 204 void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec); 205 int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec); 206 int mlx5e_accel_ipsec_fs_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry); 207 void mlx5e_accel_ipsec_fs_del_rule(struct mlx5e_ipsec_sa_entry *sa_entry); 208 int mlx5e_accel_ipsec_fs_add_pol(struct mlx5e_ipsec_pol_entry *pol_entry); 209 void mlx5e_accel_ipsec_fs_del_pol(struct mlx5e_ipsec_pol_entry *pol_entry); 210 211 int mlx5_ipsec_create_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry); 212 void mlx5_ipsec_free_sa_ctx(struct mlx5e_ipsec_sa_entry *sa_entry); 213 214 u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev); 215 216 void mlx5_accel_esp_modify_xfrm(struct mlx5e_ipsec_sa_entry *sa_entry, 217 const struct mlx5_accel_esp_xfrm_attrs *attrs); 218 219 int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec); 220 void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec); 221 222 int mlx5e_ipsec_aso_query(struct mlx5e_ipsec_sa_entry *sa_entry, 223 struct mlx5_wqe_aso_ctrl_seg *data); 224 void mlx5e_ipsec_aso_update_curlft(struct mlx5e_ipsec_sa_entry *sa_entry, 225 u64 *packets); 226 227 void mlx5e_accel_ipsec_fs_read_stats(struct mlx5e_priv *priv, 228 void *ipsec_stats); 229 230 void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry, 231 struct mlx5_accel_esp_xfrm_attrs *attrs); 232 static inline struct mlx5_core_dev * 233 mlx5e_ipsec_sa2dev(struct mlx5e_ipsec_sa_entry *sa_entry) 234 { 235 return sa_entry->ipsec->mdev; 236 } 237 238 static inline struct mlx5_core_dev * 239 mlx5e_ipsec_pol2dev(struct mlx5e_ipsec_pol_entry *pol_entry) 240 { 241 return pol_entry->ipsec->mdev; 242 } 243 #else 244 static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv) 245 { 246 } 247 248 static inline void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv) 249 { 250 } 251 252 static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv) 253 { 254 } 255 256 static inline u32 mlx5_ipsec_device_caps(struct mlx5_core_dev *mdev) 257 { 258 return 0; 259 } 260 #endif 261 262 #endif /* __MLX5E_IPSEC_H__ */ 263