Lines Matching full:ipsec
248 /* final set for normal (no ipsec offload) processing */ in ixgbe_ipsec_stop_engine()
293 * ixgbe_ipsec_restore - restore the ipsec HW settings after a reset
305 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_restore() local
319 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbe_ipsec_restore()
320 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbe_ipsec_restore()
341 struct rx_ip_sa *ipsa = &ipsec->ip_tbl[i]; in ixgbe_ipsec_restore()
350 * @ipsec: pointer to ipsec struct
355 static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable) in ixgbe_ipsec_find_empty_idx() argument
360 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbe_ipsec_find_empty_idx()
365 if (!ipsec->rx_tbl[i].used) in ixgbe_ipsec_find_empty_idx()
369 if (ipsec->num_tx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbe_ipsec_find_empty_idx()
374 if (!ipsec->tx_tbl[i].used) in ixgbe_ipsec_find_empty_idx()
384 * @ipsec: pointer to ipsec struct
392 static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec, in ixgbe_ipsec_find_rx_state() argument
400 hash_for_each_possible_rcu(ipsec->rx_sa_list, rsa, hlist, in ixgbe_ipsec_find_rx_state()
436 netdev_err(dev, "Unsupported IPsec algorithm\n"); in ixgbe_ipsec_parse_proto_keys()
441 netdev_err(dev, "IPsec offload requires %d bit authentication\n", in ixgbe_ipsec_parse_proto_keys()
451 netdev_err(dev, "Unsupported IPsec algorithm - please use %s\n", in ixgbe_ipsec_parse_proto_keys()
463 netdev_err(dev, "IPsec hw offload only supports keys up to 128 bits with a 32 bit salt\n"); in ixgbe_ipsec_parse_proto_keys()
466 netdev_info(dev, "IPsec hw offload parameters missing 32 bit salt value\n"); in ixgbe_ipsec_parse_proto_keys()
567 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_add_sa() local
575 NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for ipsec offload"); in ixgbe_ipsec_add_sa()
580 NL_SET_ERR_MSG_MOD(extack, "Unsupported mode for ipsec offload"); in ixgbe_ipsec_add_sa()
585 NL_SET_ERR_MSG_MOD(extack, "IPsec IP addr clash with mgmt filters"); in ixgbe_ipsec_add_sa()
590 NL_SET_ERR_MSG_MOD(extack, "Unsupported ipsec offload type"); in ixgbe_ipsec_add_sa()
603 ret = ixgbe_ipsec_find_empty_idx(ipsec, true); in ixgbe_ipsec_add_sa()
645 (checked < ipsec->num_rx_sa || first < 0); in ixgbe_ipsec_add_sa()
647 if (ipsec->ip_tbl[i].used) { in ixgbe_ipsec_add_sa()
648 if (!memcmp(ipsec->ip_tbl[i].ipaddr, in ixgbe_ipsec_add_sa()
659 if (ipsec->num_rx_sa == 0) in ixgbe_ipsec_add_sa()
665 ipsec->ip_tbl[match].ref_cnt++; in ixgbe_ipsec_add_sa()
671 memcpy(ipsec->ip_tbl[first].ipaddr, in ixgbe_ipsec_add_sa()
673 ipsec->ip_tbl[first].ref_cnt = 1; in ixgbe_ipsec_add_sa()
674 ipsec->ip_tbl[first].used = true; in ixgbe_ipsec_add_sa()
694 memcpy(&ipsec->rx_tbl[sa_idx], &rsa, sizeof(rsa)); in ixgbe_ipsec_add_sa()
700 ipsec->num_rx_sa++; in ixgbe_ipsec_add_sa()
703 hash_add_rcu(ipsec->rx_sa_list, &ipsec->rx_tbl[sa_idx].hlist, in ixgbe_ipsec_add_sa()
713 ret = ixgbe_ipsec_find_empty_idx(ipsec, false); in ixgbe_ipsec_add_sa()
735 memcpy(&ipsec->tx_tbl[sa_idx], &tsa, sizeof(tsa)); in ixgbe_ipsec_add_sa()
741 ipsec->num_tx_sa++; in ixgbe_ipsec_add_sa()
761 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_del_sa() local
771 rsa = &ipsec->rx_tbl[sa_idx]; in ixgbe_ipsec_del_sa()
786 if (ipsec->ip_tbl[ipi].ref_cnt > 0) { in ixgbe_ipsec_del_sa()
787 ipsec->ip_tbl[ipi].ref_cnt--; in ixgbe_ipsec_del_sa()
789 if (!ipsec->ip_tbl[ipi].ref_cnt) { in ixgbe_ipsec_del_sa()
790 memset(&ipsec->ip_tbl[ipi], 0, in ixgbe_ipsec_del_sa()
798 ipsec->num_rx_sa--; in ixgbe_ipsec_del_sa()
802 if (!ipsec->tx_tbl[sa_idx].used) { in ixgbe_ipsec_del_sa()
809 memset(&ipsec->tx_tbl[sa_idx], 0, sizeof(struct tx_sa)); in ixgbe_ipsec_del_sa()
810 ipsec->num_tx_sa--; in ixgbe_ipsec_del_sa()
814 if (ipsec->num_rx_sa == 0 && ipsec->num_tx_sa == 0) { in ixgbe_ipsec_del_sa()
853 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_vf_clear() local
856 if (!ipsec) in ixgbe_ipsec_vf_clear()
860 for (i = 0; i < IXGBE_IPSEC_MAX_SA_COUNT && ipsec->num_rx_sa; i++) { in ixgbe_ipsec_vf_clear()
861 if (!ipsec->rx_tbl[i].used) in ixgbe_ipsec_vf_clear()
863 if (ipsec->rx_tbl[i].mode & IXGBE_RXTXMOD_VF && in ixgbe_ipsec_vf_clear()
864 ipsec->rx_tbl[i].vf == vf) in ixgbe_ipsec_vf_clear()
865 ixgbe_ipsec_del_sa(ipsec->rx_tbl[i].xs); in ixgbe_ipsec_vf_clear()
869 for (i = 0; i < IXGBE_IPSEC_MAX_SA_COUNT && ipsec->num_tx_sa; i++) { in ixgbe_ipsec_vf_clear()
870 if (!ipsec->tx_tbl[i].used) in ixgbe_ipsec_vf_clear()
872 if (ipsec->tx_tbl[i].mode & IXGBE_RXTXMOD_VF && in ixgbe_ipsec_vf_clear()
873 ipsec->tx_tbl[i].vf == vf) in ixgbe_ipsec_vf_clear()
874 ixgbe_ipsec_del_sa(ipsec->tx_tbl[i].xs); in ixgbe_ipsec_vf_clear()
892 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_vf_add_sa() local
904 e_warn(drv, "VF %d attempted to add an IPsec SA\n", vf); in ixgbe_ipsec_vf_add_sa()
909 /* Tx IPsec offload doesn't seem to work on this in ixgbe_ipsec_vf_add_sa()
961 ipsec->rx_tbl[sa_idx].vf = vf; in ixgbe_ipsec_vf_add_sa()
962 ipsec->rx_tbl[sa_idx].mode |= IXGBE_RXTXMOD_VF; in ixgbe_ipsec_vf_add_sa()
965 ipsec->tx_tbl[sa_idx].vf = vf; in ixgbe_ipsec_vf_add_sa()
966 ipsec->tx_tbl[sa_idx].mode |= IXGBE_RXTXMOD_VF; in ixgbe_ipsec_vf_add_sa()
1002 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_vf_del_sa() local
1022 rsa = &ipsec->rx_tbl[sa_idx]; in ixgbe_ipsec_vf_del_sa()
1033 xs = ipsec->rx_tbl[sa_idx].xs; in ixgbe_ipsec_vf_del_sa()
1044 tsa = &ipsec->tx_tbl[sa_idx]; in ixgbe_ipsec_vf_del_sa()
1055 xs = ipsec->tx_tbl[sa_idx].xs; in ixgbe_ipsec_vf_del_sa()
1067 * ixgbe_ipsec_tx - setup Tx flags for ipsec offload
1070 * @itd: ipsec Tx data for later use in building context descriptor
1077 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_tx() local
1103 tsa = &ipsec->tx_tbl[itd->sa_idx]; in ixgbe_ipsec_tx()
1154 * ixgbe_ipsec_rx - decode ipsec bits from Rx descriptor
1159 * Determine if there was an ipsec encapsulation noticed, and if so set up
1170 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_rx() local
1183 * hw won't recognize the IPsec packet and anyway the in ixgbe_ipsec_rx()
1211 xs = ixgbe_ipsec_find_rx_state(ipsec, daddr, proto, spi, !!ip4); in ixgbe_ipsec_rx()
1229 * ixgbe_init_ipsec_offload - initialize security registers for IPSec operation
1235 struct ixgbe_ipsec *ipsec; in ixgbe_init_ipsec_offload() local
1243 * we should not be advertising support for IPsec. in ixgbe_init_ipsec_offload()
1252 ipsec = kzalloc(sizeof(*ipsec), GFP_KERNEL); in ixgbe_init_ipsec_offload()
1253 if (!ipsec) in ixgbe_init_ipsec_offload()
1255 hash_init(ipsec->rx_sa_list); in ixgbe_init_ipsec_offload()
1258 ipsec->rx_tbl = kzalloc(size, GFP_KERNEL); in ixgbe_init_ipsec_offload()
1259 if (!ipsec->rx_tbl) in ixgbe_init_ipsec_offload()
1263 ipsec->tx_tbl = kzalloc(size, GFP_KERNEL); in ixgbe_init_ipsec_offload()
1264 if (!ipsec->tx_tbl) in ixgbe_init_ipsec_offload()
1268 ipsec->ip_tbl = kzalloc(size, GFP_KERNEL); in ixgbe_init_ipsec_offload()
1269 if (!ipsec->ip_tbl) in ixgbe_init_ipsec_offload()
1272 ipsec->num_rx_sa = 0; in ixgbe_init_ipsec_offload()
1273 ipsec->num_tx_sa = 0; in ixgbe_init_ipsec_offload()
1275 adapter->ipsec = ipsec; in ixgbe_init_ipsec_offload()
1284 kfree(ipsec->ip_tbl); in ixgbe_init_ipsec_offload()
1285 kfree(ipsec->rx_tbl); in ixgbe_init_ipsec_offload()
1286 kfree(ipsec->tx_tbl); in ixgbe_init_ipsec_offload()
1287 kfree(ipsec); in ixgbe_init_ipsec_offload()
1293 * ixgbe_stop_ipsec_offload - tear down the ipsec offload
1298 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_stop_ipsec_offload() local
1300 adapter->ipsec = NULL; in ixgbe_stop_ipsec_offload()
1301 if (ipsec) { in ixgbe_stop_ipsec_offload()
1302 kfree(ipsec->ip_tbl); in ixgbe_stop_ipsec_offload()
1303 kfree(ipsec->rx_tbl); in ixgbe_stop_ipsec_offload()
1304 kfree(ipsec->tx_tbl); in ixgbe_stop_ipsec_offload()
1305 kfree(ipsec); in ixgbe_stop_ipsec_offload()