1 /* 2 * Copyright (c) 2017 Mellanox Technologies. All rights reserved. 3 * 4 * This software is available to you under a choice of one of two 5 * licenses. You may choose to be licensed under the terms of the GNU 6 * General Public License (GPL) Version 2, available from the file 7 * COPYING in the main directory of this source tree, or the 8 * OpenIB.org BSD license below: 9 * 10 * Redistribution and use in source and binary forms, with or 11 * without modification, are permitted provided that the following 12 * conditions are met: 13 * 14 * - Redistributions of source code must retain the above 15 * copyright notice, this list of conditions and the following 16 * disclaimer. 17 * 18 * - Redistributions in binary form must reproduce the above 19 * copyright notice, this list of conditions and the following 20 * disclaimer in the documentation and/or other materials 21 * provided with the distribution. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 * SOFTWARE. 31 * 32 */ 33 34 #ifndef __MLX5E_IPSEC_H__ 35 #define __MLX5E_IPSEC_H__ 36 37 #ifdef CONFIG_MLX5_EN_IPSEC 38 39 #include <linux/mlx5/device.h> 40 #include <net/xfrm.h> 41 #include <linux/idr.h> 42 43 #include "accel/ipsec.h" 44 45 #define MLX5E_IPSEC_SADB_RX_BITS 10 46 #define MLX5E_IPSEC_ESN_SCOPE_MID 0x80000000L 47 48 struct mlx5e_priv; 49 50 struct mlx5e_ipsec_sw_stats { 51 atomic64_t ipsec_rx_drop_sp_alloc; 52 atomic64_t ipsec_rx_drop_sadb_miss; 53 atomic64_t ipsec_rx_drop_syndrome; 54 atomic64_t ipsec_tx_drop_bundle; 55 atomic64_t ipsec_tx_drop_no_state; 56 atomic64_t ipsec_tx_drop_not_ip; 57 atomic64_t ipsec_tx_drop_trailer; 58 atomic64_t ipsec_tx_drop_metadata; 59 }; 60 61 struct mlx5e_ipsec_stats { 62 u64 ipsec_dec_in_packets; 63 u64 ipsec_dec_out_packets; 64 u64 ipsec_dec_bypass_packets; 65 u64 ipsec_enc_in_packets; 66 u64 ipsec_enc_out_packets; 67 u64 ipsec_enc_bypass_packets; 68 u64 ipsec_dec_drop_packets; 69 u64 ipsec_dec_auth_fail_packets; 70 u64 ipsec_enc_drop_packets; 71 u64 ipsec_add_sa_success; 72 u64 ipsec_add_sa_fail; 73 u64 ipsec_del_sa_success; 74 u64 ipsec_del_sa_fail; 75 u64 ipsec_cmd_drop; 76 }; 77 78 struct mlx5e_ipsec { 79 struct mlx5e_priv *en_priv; 80 DECLARE_HASHTABLE(sadb_rx, MLX5E_IPSEC_SADB_RX_BITS); 81 bool no_trailer; 82 spinlock_t sadb_rx_lock; /* Protects sadb_rx and halloc */ 83 struct ida halloc; 84 struct mlx5e_ipsec_sw_stats sw_stats; 85 struct mlx5e_ipsec_stats stats; 86 struct workqueue_struct *wq; 87 }; 88 89 struct mlx5e_ipsec_esn_state { 90 u32 esn; 91 u8 trigger: 1; 92 u8 overlap: 1; 93 }; 94 95 struct mlx5e_ipsec_sa_entry { 96 struct hlist_node hlist; /* Item in SADB_RX hashtable */ 97 struct mlx5e_ipsec_esn_state esn_state; 98 unsigned int handle; /* Handle in SADB_RX */ 99 struct xfrm_state *x; 100 struct mlx5e_ipsec *ipsec; 101 struct mlx5_accel_esp_xfrm *xfrm; 102 void *hw_context; 103 void (*set_iv_op)(struct sk_buff *skb, struct xfrm_state *x, 104 struct xfrm_offload *xo); 105 }; 106 107 void mlx5e_ipsec_build_inverse_table(void); 108 int mlx5e_ipsec_init(struct mlx5e_priv *priv); 109 void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv); 110 void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv); 111 112 int mlx5e_ipsec_get_count(struct mlx5e_priv *priv); 113 int mlx5e_ipsec_get_strings(struct mlx5e_priv *priv, uint8_t *data); 114 void mlx5e_ipsec_update_stats(struct mlx5e_priv *priv); 115 int mlx5e_ipsec_get_stats(struct mlx5e_priv *priv, u64 *data); 116 117 struct xfrm_state *mlx5e_ipsec_sadb_rx_lookup(struct mlx5e_ipsec *dev, 118 unsigned int handle); 119 120 #else 121 122 static inline void mlx5e_ipsec_build_inverse_table(void) 123 { 124 } 125 126 static inline int mlx5e_ipsec_init(struct mlx5e_priv *priv) 127 { 128 return 0; 129 } 130 131 static inline void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv) 132 { 133 } 134 135 static inline void mlx5e_ipsec_build_netdev(struct mlx5e_priv *priv) 136 { 137 } 138 139 static inline int mlx5e_ipsec_get_count(struct mlx5e_priv *priv) 140 { 141 return 0; 142 } 143 144 static inline int mlx5e_ipsec_get_strings(struct mlx5e_priv *priv, 145 uint8_t *data) 146 { 147 return 0; 148 } 149 150 static inline void mlx5e_ipsec_update_stats(struct mlx5e_priv *priv) 151 { 152 } 153 154 static inline int mlx5e_ipsec_get_stats(struct mlx5e_priv *priv, u64 *data) 155 { 156 return 0; 157 } 158 159 #endif 160 161 #endif /* __MLX5E_IPSEC_H__ */ 162