| /linux/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ |
| H A D | ipsec_fs.c | 8 #include "ipsec.h"
67 /* IPsec RX flow steering */
75 static struct mlx5e_ipsec_rx *ipsec_rx(struct mlx5e_ipsec *ipsec, u32 family, int type) in ipsec_rx() argument
77 if (ipsec->is_uplink_rep && type == XFRM_DEV_OFFLOAD_PACKET) in ipsec_rx()
78 return ipsec->rx_esw; in ipsec_rx()
81 return ipsec->rx_ipv4; in ipsec_rx()
83 return ipsec->rx_ipv6; in ipsec_rx()
86 static struct mlx5e_ipsec_tx *ipsec_tx(struct mlx5e_ipsec *ipsec, int type) in ipsec_tx() argument
88 if (ipsec->is_uplink_rep && type == XFRM_DEV_OFFLOAD_PACKET) in ipsec_tx()
89 return ipsec->tx_esw; in ipsec_tx()
[all …]
|
| H A D | ipsec.c | 43 #include "ipsec.h"
87 queue_delayed_work(sa_entry->ipsec->wq, &dwork->dwork, in mlx5e_ipsec_handle_sw_limits()
776 struct mlx5e_ipsec *ipsec; in mlx5e_xfrm_add_state() local
782 if (!priv->ipsec) in mlx5e_xfrm_add_state()
785 ipsec = priv->ipsec; in mlx5e_xfrm_add_state()
793 sa_entry->ipsec = ipsec; in mlx5e_xfrm_add_state()
854 err = xa_insert_bh(&ipsec->sadb, sa_entry->ipsec_obj_id, sa_entry, in mlx5e_xfrm_add_state()
862 queue_delayed_work(ipsec->wq, &sa_entry->dwork->dwork, in mlx5e_xfrm_add_state()
866 xa_lock_bh(&ipsec->sadb); in mlx5e_xfrm_add_state()
867 __xa_set_mark(&ipsec->sadb, sa_entry->ipsec_obj_id, in mlx5e_xfrm_add_state()
[all …]
|
| H A D | ipsec_offload.c | 6 #include "ipsec.h"
83 /* We can accommodate up to 2^24 different IPsec objects in mlx5_ipsec_device_caps()
85 * to hold the IPsec Object unique handle. in mlx5_ipsec_device_caps()
119 * be used in other places as long as IPsec packet offload in mlx5e_ipsec_packet_setup()
225 mlx5_core_dbg(mdev, "Failed to create IPsec object (err = %d)\n", err); in mlx5_ipsec_create_sa_ctx()
265 mlx5_core_err(mdev, "Query IPsec object failed (Object id %d), err = %d\n", in mlx5_modify_ipsec_obj()
373 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5e_ipsec_handle_limits() local
374 struct mlx5e_ipsec_aso *aso = ipsec->aso; in mlx5e_ipsec_handle_limits()
460 aso = sa_entry->ipsec->aso; in mlx5e_ipsec_handle_event()
486 struct mlx5e_ipsec *ipsec = container_of(nb, struct mlx5e_ipsec, nb); in mlx5e_ipsec_event() local
[all …]
|
| H A D | ipsec_stats.c | 38 #include "ipsec.h"
69 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_NUM_STATS()
81 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
92 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
95 mlx5e_accel_ipsec_fs_read_stats(priv, &priv->ipsec->hw_stats); in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
99 MLX5E_READ_CTR_ATOMIC64(&priv->ipsec->hw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
105 return priv->ipsec ? NUM_IPSEC_SW_COUNTERS : 0; in MLX5E_DECLARE_STATS_GRP_OP_NUM_STATS()
114 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
123 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
127 &priv->ipsec->sw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
|
| H A D | ipsec_rxtx.c | 37 #include "ipsec.h"
273 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_bundle); in mlx5e_ipsec_handle_tx_skb()
279 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_no_state); in mlx5e_ipsec_handle_tx_skb()
286 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_not_ip); in mlx5e_ipsec_handle_tx_skb()
292 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_trailer); in mlx5e_ipsec_handle_tx_skb()
312 struct mlx5e_ipsec *ipsec = priv->ipsec; in mlx5e_ipsec_offload_handle_rx_skb() local
321 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_sp_alloc); in mlx5e_ipsec_offload_handle_rx_skb()
326 sa_entry = xa_load(&ipsec->sadb, sa_handle); in mlx5e_ipsec_offload_handle_rx_skb()
329 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_sadb_miss); in mlx5e_ipsec_offload_handle_rx_skb()
349 struct mlx5e_ipsec *ipsec = priv->ipsec; in mlx5_esw_ipsec_rx_make_metadata() local
[all …]
|
| H A D | ipsec.h | 178 /* Protect ASO WQ access, as it is global to whole IPsec */
279 struct mlx5e_ipsec *ipsec; member
304 struct mlx5e_ipsec *ipsec; member
315 void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec);
316 int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec, struct mlx5_devcom_comp_dev **devcom);
332 int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec);
333 void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec);
350 return sa_entry->ipsec->mdev; in mlx5e_ipsec_sa2dev()
356 return pol_entry->ipsec->mdev; in mlx5e_ipsec_pol2dev()
|
| /linux/drivers/net/ethernet/intel/ixgbevf/ |
| H A D | ipsec.c | 94 * ixgbevf_ipsec_restore - restore the IPsec HW settings after a reset
103 struct ixgbevf_ipsec *ipsec = adapter->ipsec; in ixgbevf_ipsec_restore() local
112 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbevf_ipsec_restore()
113 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbevf_ipsec_restore()
134 * @ipsec: pointer to IPsec struct
140 int ixgbevf_ipsec_find_empty_idx(struct ixgbevf_ipsec *ipsec, bool rxtable) in ixgbevf_ipsec_find_empty_idx() argument
145 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
150 if (!ipsec->rx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
154 if (ipsec->num_tx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
159 if (!ipsec->tx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
[all …]
|
| H A D | defines.h | 140 #define IXGBE_RXDADV_STAT_SECP 0x00020000 /* IPsec/MACsec pkt found */
146 #define IXGBE_RXDADV_PKTTYPE_IPSEC_ESP 0x00001000 /* IPSec ESP */
147 #define IXGBE_RXDADV_PKTTYPE_IPSEC_AH 0x00002000 /* IPSec AH */
262 #define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000 /* IPSec Type ESP */
267 #define IXGBE_ADVTXD_POPTS_IPSEC 0x00000400 /* IPSec offload request */
|
| /linux/drivers/net/ethernet/mellanox/mlx5/core/esw/ |
| H A D | ipsec_fs.c | 6 #include "en_accel/ipsec.h"
24 void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_create_attr_set() argument
34 int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_status_pass_dest_get() argument
38 dest->ft = mlx5_chains_get_table(esw_chains(ipsec->mdev->priv.eswitch), 0, 1, 0); in mlx5_esw_ipsec_rx_status_pass_dest_get()
47 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5_esw_ipsec_rx_setup_modify_header() local
48 struct mlx5_core_dev *mdev = ipsec->mdev; in mlx5_esw_ipsec_rx_setup_modify_header()
53 err = xa_alloc_bh(&ipsec->ipsec_obj_id_map, &mapped_id, in mlx5_esw_ipsec_rx_setup_modify_header()
59 /* reuse tunnel bits for ipsec, in mlx5_esw_ipsec_rx_setup_modify_header()
84 xa_erase_bh(&ipsec->ipsec_obj_id_map, mapped_id); in mlx5_esw_ipsec_rx_setup_modify_header()
103 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5_esw_ipsec_rx_id_mapping_remove() local
[all …]
|
| H A D | ipsec_fs.h | 11 void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec,
13 int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec,
20 void mlx5_esw_ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec,
26 static inline void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_create_attr_set() argument
29 static inline int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_status_pass_dest_get() argument
49 static inline void mlx5_esw_ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_tx_create_attr_set() argument
|
| /linux/drivers/crypto/caam/ |
| H A D | pdb.h | 14 * PDB- IPSec ESP Header Modification Options
47 * PDB - IPSec ESP Encap/Decap Options
68 * General IPSec encap/decap PDB definitions
72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
120 * ipsec_encap_pdb - PDB for IPsec encapsulation
127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
128 * @seq_num: IPsec sequence number
[all …]
|
| /linux/tools/testing/selftests/net/ |
| H A D | xfrm_policy.sh | 10 # ns3 and ns4 are connected via ipsec tunnel.
12 # ns1: ping 10.0.2.2: passes via ipsec tunnel.
13 # ns2: ping 10.0.1.2: passes via ipsec tunnel.
15 # ns1: ping 10.0.1.253: passes via ipsec tunnel (direct policy)
16 # ns2: ping 10.0.2.253: passes via ipsec tunnel (direct policy)
18 # ns1: ping 10.0.2.254: does NOT pass via ipsec tunnel (exception)
19 # ns2: ping 10.0.1.254: does NOT pass via ipsec tunnel (exception)
242 echo "PASS: ping to .254 bypassed ipsec tunnel ($logpostfix)"
245 # ping to .253 should use use ipsec due to direct policy exception.
248 echo "FAIL: expected ping to .253 to use ipsec tunnel ($logpostfix)"
[all …]
|
| /linux/Documentation/networking/device_drivers/ethernet/mellanox/mlx5/ |
| H A D | switchdev.rst | 193 IPsec crypto capability setup
195 User who wants mlx5 PCI VFs to be able to perform IPsec crypto offloading need
196 to explicitly enable the VF ipsec_crypto capability. Enabling IPsec capability
198 IPsec capability enabled, any IPsec offloading is blocked on the PF.
203 IPsec packet capability setup
205 User who wants mlx5 PCI VFs to be able to perform IPsec packet offloading need
206 to explicitly enable the VF ipsec_packet capability. Enabling IPsec capability
208 IPsec capability enabled, any IPsec offloading is blocked on the PF.
|
| /linux/Documentation/devicetree/bindings/rng/ |
| H A D | brcm,bcm2835.yaml | 29 const: ipsec
35 const: ipsec
78 clock-names = "ipsec";
81 reset-names = "ipsec";
|
| /linux/drivers/net/ethernet/netronome/ |
| H A D | Kconfig | 58 bool "NFP IPsec crypto offload support"
63 Enable driver support IPsec crypto offload on NFP NIC.
64 Say Y, if you are planning to make use of IPsec crypto
65 offload. NOTE that IPsec crypto offload on NFP NIC
|
| /linux/drivers/net/ethernet/chelsio/inline_crypto/ |
| H A D | Kconfig | 29 tristate "Chelsio IPSec XFRM Tx crypto offload"
34 Support Chelsio Inline IPsec with Chelsio crypto accelerator.
35 Enable inline IPsec support for Tx.
|
| /linux/net/ipv6/ |
| H A D | Kconfig | 55 Support for IPsec AH (Authentication Header).
70 Support for IPsec ESP (Encapsulating Security Payload).
88 only if this system really does IPsec and want to do it
90 need it, even if it does IPsec.
112 typically needed for IPsec.
163 the notion of a secure tunnel for IPSEC and then use routing protocol
|
| /linux/Documentation/networking/devlink/ |
| H A D | devlink-port.rst | 131 Users may also set the IPsec crypto capability of the function using
134 Users may also set the IPsec packet capability of the function using
252 IPsec crypto capability setup
254 When user enables IPsec crypto capability for a VF, user application can offload
257 When IPsec crypto capability is disabled (default) for a VF, the XFRM state is
260 - Get IPsec crypto capability of the VF device::
267 - Set IPsec crypto capability of the VF device::
276 IPsec packet capability setup
278 When user enables IPsec packet capability for a VF, user application can offload
280 IPsec encapsulation.
[all …]
|
| /linux/Documentation/networking/ |
| H A D | ipsec.rst | 4 IPsec title
8 Here documents known IPsec corner cases which need to be keep in mind when
9 deploy various IPsec configuration in real world production environment.
|
| H A D | pktgen.rst | 178 IPSEC # IPsec encapsulation (needs CONFIG_XFRM)
280 Enable IPsec
282 Default IPsec transformation with ESP encapsulation plus transport mode
285 pgset "flag IPSEC"
368 IPSEC
373 spi (ipsec)
|
| /linux/drivers/net/ethernet/marvell/octeontx2/nic/ |
| H A D | cn10k_ipsec.h | 2 /* Marvell IPSEC offload driver
41 /* Default CPT engine group for ipsec offload */
55 /* IPSEC Instruction opcodes */
97 /* CN10K IPSEC Security Association (SA) */
106 /* SA IPSEC mode Transport/Tunnel */
|
| /linux/drivers/net/ethernet/netronome/nfp/ |
| H A D | Makefile | 83 nfp-$(CONFIG_NFP_NET_IPSEC) += crypto/ipsec.o nfd3/ipsec.o nfdk/ipsec.o
|
| /linux/security/ |
| H A D | Kconfig | 120 bool "XFRM (IPSec) Networking Security Hooks"
123 This enables the XFRM (IPSec) networking security hooks.
126 derived from IPSec policy. Non-IPSec communications are
129 IPSec.
|
| /linux/crypto/ |
| H A D | Kconfig | 213 These are 'Null' algorithms, used by IPsec, which do nothing.
242 Authenc: Combined mode wrapper for IPsec.
244 This is required for IPSec ESP (XFRM_ESP).
669 This block cipher mode is required for IPSec ESP (XFRM_ESP).
819 This is required for IPSec ESP (XFRM_ESP).
836 This is required for IPsec ESP (XFRM_ESP).
923 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
994 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
1111 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)
|
| /linux/security/selinux/ |
| H A D | xfrm.c | 12 * Granular IPSec Associations for use in MLS environments.
395 * already authorized by the IPSec process. If not, then
397 * gone thru the IPSec process.
420 * non-IPsec communication unless explicitly allowed by policy. */ in selinux_xfrm_sock_rcv_skb()
463 * non-IPsec communication unless explicitly allowed by policy. */ in selinux_xfrm_postroute_last()
|