Home
last modified time | relevance | path

Searched full:ipsec (Results 1 – 25 of 180) sorted by relevance

12345678

/linux/drivers/net/ethernet/mellanox/mlx5/core/en_accel/
H A Dipsec_fs.c8 #include "ipsec.h"
67 /* IPsec RX flow steering */
75 static struct mlx5e_ipsec_rx *ipsec_rx(struct mlx5e_ipsec *ipsec, u32 family, int type) in ipsec_rx() argument
77 if (ipsec->is_uplink_rep && type == XFRM_DEV_OFFLOAD_PACKET) in ipsec_rx()
78 return ipsec->rx_esw; in ipsec_rx()
81 return ipsec->rx_ipv4; in ipsec_rx()
83 return ipsec->rx_ipv6; in ipsec_rx()
86 static struct mlx5e_ipsec_tx *ipsec_tx(struct mlx5e_ipsec *ipsec, int type) in ipsec_tx() argument
88 if (ipsec->is_uplink_rep && type == XFRM_DEV_OFFLOAD_PACKET) in ipsec_tx()
89 return ipsec->tx_esw; in ipsec_tx()
[all …]
H A Dipsec.c43 #include "ipsec.h"
87 queue_delayed_work(sa_entry->ipsec->wq, &dwork->dwork, in mlx5e_ipsec_handle_sw_limits()
777 struct mlx5e_ipsec *ipsec; in mlx5e_xfrm_add_state() local
783 if (!priv->ipsec) in mlx5e_xfrm_add_state()
786 ipsec = priv->ipsec; in mlx5e_xfrm_add_state()
794 sa_entry->ipsec = ipsec; in mlx5e_xfrm_add_state()
856 err = xa_insert_bh(&ipsec->sadb, sa_entry->ipsec_obj_id, sa_entry, in mlx5e_xfrm_add_state()
864 queue_delayed_work(ipsec->wq, &sa_entry->dwork->dwork, in mlx5e_xfrm_add_state()
868 xa_lock_bh(&ipsec->sadb); in mlx5e_xfrm_add_state()
869 __xa_set_mark(&ipsec->sadb, sa_entry->ipsec_obj_id, in mlx5e_xfrm_add_state()
[all …]
H A Dipsec_stats.c38 #include "ipsec.h"
69 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_NUM_STATS()
81 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
92 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
95 mlx5e_accel_ipsec_fs_read_stats(priv, &priv->ipsec->hw_stats); in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
99 MLX5E_READ_CTR_ATOMIC64(&priv->ipsec->hw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
105 return priv->ipsec ? NUM_IPSEC_SW_COUNTERS : 0; in MLX5E_DECLARE_STATS_GRP_OP_NUM_STATS()
114 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
123 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
127 &priv->ipsec->sw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
H A Dipsec_offload.c6 #include "ipsec.h"
83 /* We can accommodate up to 2^24 different IPsec objects in mlx5_ipsec_device_caps()
85 * to hold the IPsec Object unique handle. in mlx5_ipsec_device_caps()
119 * be used in other places as long as IPsec packet offload in mlx5e_ipsec_packet_setup()
225 mlx5_core_dbg(mdev, "Failed to create IPsec object (err = %d)\n", err); in mlx5_ipsec_create_sa_ctx()
265 mlx5_core_err(mdev, "Query IPsec object failed (Object id %d), err = %d\n", in mlx5_modify_ipsec_obj()
478 struct mlx5e_ipsec *ipsec = container_of(nb, struct mlx5e_ipsec, nb); in mlx5e_ipsec_event() local
494 sa_entry = xa_load(&ipsec->sadb, be32_to_cpu(object->obj_id)); in mlx5e_ipsec_event()
505 queue_work(ipsec->wq, &work->work); in mlx5e_ipsec_event()
509 int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec) in mlx5e_ipsec_aso_init() argument
[all …]
H A Dipsec_rxtx.c37 #include "ipsec.h"
273 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_bundle); in mlx5e_ipsec_handle_tx_skb()
279 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_no_state); in mlx5e_ipsec_handle_tx_skb()
286 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_not_ip); in mlx5e_ipsec_handle_tx_skb()
292 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_trailer); in mlx5e_ipsec_handle_tx_skb()
312 struct mlx5e_ipsec *ipsec = priv->ipsec; in mlx5e_ipsec_offload_handle_rx_skb() local
321 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_sp_alloc); in mlx5e_ipsec_offload_handle_rx_skb()
326 sa_entry = xa_load(&ipsec->sadb, sa_handle); in mlx5e_ipsec_offload_handle_rx_skb()
329 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_sadb_miss); in mlx5e_ipsec_offload_handle_rx_skb()
349 struct mlx5e_ipsec *ipsec = priv->ipsec; in mlx5_esw_ipsec_rx_make_metadata() local
[all …]
H A Dipsec.h178 /* Protect ASO WQ access, as it is global to whole IPsec */
279 struct mlx5e_ipsec *ipsec; member
305 struct mlx5e_ipsec *ipsec; member
316 void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec);
317 int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec, struct mlx5_devcom_comp_dev **devcom);
333 int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec);
334 void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec);
351 return sa_entry->ipsec->mdev; in mlx5e_ipsec_sa2dev()
357 return pol_entry->ipsec->mdev; in mlx5e_ipsec_pol2dev()
/linux/drivers/net/ethernet/intel/ixgbevf/
H A Dipsec.c94 * ixgbevf_ipsec_restore - restore the IPsec HW settings after a reset
103 struct ixgbevf_ipsec *ipsec = adapter->ipsec; in ixgbevf_ipsec_restore() local
112 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbevf_ipsec_restore()
113 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbevf_ipsec_restore()
134 * @ipsec: pointer to IPsec struct
140 int ixgbevf_ipsec_find_empty_idx(struct ixgbevf_ipsec *ipsec, bool rxtable) in ixgbevf_ipsec_find_empty_idx() argument
145 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
150 if (!ipsec->rx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
154 if (ipsec->num_tx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
159 if (!ipsec->tx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
[all …]
H A Ddefines.h140 #define IXGBE_RXDADV_STAT_SECP 0x00020000 /* IPsec/MACsec pkt found */
146 #define IXGBE_RXDADV_PKTTYPE_IPSEC_ESP 0x00001000 /* IPSec ESP */
147 #define IXGBE_RXDADV_PKTTYPE_IPSEC_AH 0x00002000 /* IPSec AH */
262 #define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000 /* IPSec Type ESP */
267 #define IXGBE_ADVTXD_POPTS_IPSEC 0x00000400 /* IPSec offload request */
/linux/drivers/net/ethernet/intel/ixgbe/
H A Dixgbe_ipsec.c248 /* final set for normal (no ipsec offload) processing */ in ixgbe_ipsec_stop_engine()
293 * ixgbe_ipsec_restore - restore the ipsec HW settings after a reset
305 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_restore() local
319 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbe_ipsec_restore()
320 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbe_ipsec_restore()
341 struct rx_ip_sa *ipsa = &ipsec->ip_tbl[i]; in ixgbe_ipsec_restore()
350 * @ipsec: pointer to ipsec struct
355 static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable) in ixgbe_ipsec_find_empty_idx() argument
360 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbe_ipsec_find_empty_idx()
365 if (!ipsec->rx_tbl[i].used) in ixgbe_ipsec_find_empty_idx()
[all …]
/linux/drivers/net/ethernet/mellanox/mlx5/core/esw/
H A Dipsec_fs.c6 #include "en_accel/ipsec.h"
24 void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_create_attr_set() argument
34 int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_status_pass_dest_get() argument
38 dest->ft = mlx5_chains_get_table(esw_chains(ipsec->mdev->priv.eswitch), 0, 1, 0); in mlx5_esw_ipsec_rx_status_pass_dest_get()
47 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5_esw_ipsec_rx_setup_modify_header() local
48 struct mlx5_core_dev *mdev = ipsec->mdev; in mlx5_esw_ipsec_rx_setup_modify_header()
53 err = xa_alloc_bh(&ipsec->ipsec_obj_id_map, &mapped_id, in mlx5_esw_ipsec_rx_setup_modify_header()
59 /* reuse tunnel bits for ipsec, in mlx5_esw_ipsec_rx_setup_modify_header()
84 xa_erase_bh(&ipsec->ipsec_obj_id_map, mapped_id); in mlx5_esw_ipsec_rx_setup_modify_header()
103 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5_esw_ipsec_rx_id_mapping_remove() local
[all …]
H A Dipsec_fs.h11 void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec,
13 int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec,
20 void mlx5_esw_ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec,
26 static inline void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_create_attr_set() argument
29 static inline int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_status_pass_dest_get() argument
49 static inline void mlx5_esw_ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_tx_create_attr_set() argument
/linux/drivers/net/ethernet/mellanox/mlx5/core/lib/
H A Dipsec_fs_roce.c159 mlx5_core_err(mdev, "Fail to add RX RoCE IPsec rule err=%d\n", in ipsec_fs_roce_rx_rule_setup()
172 mlx5_core_err(mdev, "Fail to add RX RoCE IPsec miss rule err=%d\n", in ipsec_fs_roce_rx_rule_setup()
191 mlx5_core_err(mdev, "Fail to add RX RoCE IPsec rule for alias err=%d\n", in ipsec_fs_roce_rx_rule_setup()
225 mlx5_core_err(mdev, "Fail to add TX RoCE IPsec rule err=%d\n", in ipsec_fs_roce_tx_rule_setup()
260 mlx5_core_err(mdev, "Fail to add TX RoCE IPsec rule err=%d\n", in ipsec_fs_roce_tx_mpv_rule_setup()
278 #define MLX5_IPSEC_NIC_GOTO_ALIAS_FT_LEVEL 3 /* Since last used level in NIC ipsec is 2 */
313 mlx5_core_err(mdev, "Fail to create RoCE IPsec goto alias ft err=%d\n", err); in ipsec_fs_roce_tx_mpv_create_ft()
325 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx ft err=%d\n", err); in ipsec_fs_roce_tx_mpv_create_ft()
361 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx group err=%d\n", err); in ipsec_fs_roce_tx_mpv_create_group_rules()
368 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx rules err=%d\n", err); in ipsec_fs_roce_tx_mpv_create_group_rules()
[all …]
/linux/drivers/crypto/caam/
H A Dpdb.h14 * PDB- IPSec ESP Header Modification Options
47 * PDB - IPSec ESP Encap/Decap Options
68 * General IPSec encap/decap PDB definitions
72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
120 * ipsec_encap_pdb - PDB for IPsec encapsulation
127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
128 * @seq_num: IPsec sequence number
[all …]
/linux/tools/testing/selftests/net/
H A Dxfrm_policy.sh10 # ns3 and ns4 are connected via ipsec tunnel.
12 # ns1: ping 10.0.2.2: passes via ipsec tunnel.
13 # ns2: ping 10.0.1.2: passes via ipsec tunnel.
15 # ns1: ping 10.0.1.253: passes via ipsec tunnel (direct policy)
16 # ns2: ping 10.0.2.253: passes via ipsec tunnel (direct policy)
18 # ns1: ping 10.0.2.254: does NOT pass via ipsec tunnel (exception)
19 # ns2: ping 10.0.1.254: does NOT pass via ipsec tunnel (exception)
242 echo "PASS: ping to .254 bypassed ipsec tunnel ($logpostfix)"
245 # ping to .253 should use use ipsec due to direct policy exception.
248 echo "FAIL: expected ping to .253 to use ipsec tunnel ($logpostfix)"
[all …]
/linux/Documentation/networking/device_drivers/ethernet/mellanox/mlx5/
H A Dswitchdev.rst193 IPsec crypto capability setup
195 User who wants mlx5 PCI VFs to be able to perform IPsec crypto offloading need
196 to explicitly enable the VF ipsec_crypto capability. Enabling IPsec capability
198 IPsec capability enabled, any IPsec offloading is blocked on the PF.
203 IPsec packet capability setup
205 User who wants mlx5 PCI VFs to be able to perform IPsec packet offloading need
206 to explicitly enable the VF ipsec_packet capability. Enabling IPsec capability
208 IPsec capability enabled, any IPsec offloading is blocked on the PF.
/linux/Documentation/devicetree/bindings/rng/
H A Dbrcm,bcm2835.yaml29 const: ipsec
35 const: ipsec
78 clock-names = "ipsec";
81 reset-names = "ipsec";
/linux/drivers/net/ethernet/netronome/
H A DKconfig58 bool "NFP IPsec crypto offload support"
63 Enable driver support IPsec crypto offload on NFP NIC.
64 Say Y, if you are planning to make use of IPsec crypto
65 offload. NOTE that IPsec crypto offload on NFP NIC
/linux/Documentation/networking/devlink/
H A Ddevlink-port.rst131 Users may also set the IPsec crypto capability of the function using
134 Users may also set the IPsec packet capability of the function using
252 IPsec crypto capability setup
254 When user enables IPsec crypto capability for a VF, user application can offload
257 When IPsec crypto capability is disabled (default) for a VF, the XFRM state is
260 - Get IPsec crypto capability of the VF device::
267 - Set IPsec crypto capability of the VF device::
276 IPsec packet capability setup
278 When user enables IPsec packet capability for a VF, user application can offload
280 IPsec encapsulation.
[all …]
/linux/drivers/net/ethernet/chelsio/inline_crypto/
H A DKconfig29 tristate "Chelsio IPSec XFRM Tx crypto offload"
34 Support Chelsio Inline IPsec with Chelsio crypto accelerator.
35 Enable inline IPsec support for Tx.
/linux/drivers/net/ethernet/marvell/octeontx2/nic/
H A Dcn10k_ipsec.h2 /* Marvell IPSEC offload driver
41 /* Default CPT engine group for ipsec offload */
55 /* IPSEC Instruction opcodes */
97 /* CN10K IPSEC Security Association (SA) */
106 /* SA IPSEC mode Transport/Tunnel */
/linux/Documentation/networking/
H A Dipsec.rst4 IPsec title
8 Here documents known IPsec corner cases which need to be keep in mind when
9 deploy various IPsec configuration in real world production environment.
H A Dpktgen.rst178 IPSEC # IPsec encapsulation (needs CONFIG_XFRM)
280 Enable IPsec
282 Default IPsec transformation with ESP encapsulation plus transport mode
285 pgset "flag IPSEC"
368 IPSEC
373 spi (ipsec)
/linux/drivers/net/ethernet/netronome/nfp/
H A DMakefile83 nfp-$(CONFIG_NFP_NET_IPSEC) += crypto/ipsec.o nfd3/ipsec.o nfdk/ipsec.o
/linux/security/
H A DKconfig120 bool "XFRM (IPSec) Networking Security Hooks"
123 This enables the XFRM (IPSec) networking security hooks.
126 derived from IPSec policy. Non-IPSec communications are
129 IPSec.
/linux/crypto/
H A DKconfig213 These are 'Null' algorithms, used by IPsec, which do nothing.
242 Authenc: Combined mode wrapper for IPsec.
244 This is required for IPSec ESP (XFRM_ESP).
657 This block cipher mode is required for IPSec ESP (XFRM_ESP).
801 This is required for IPSec ESP (XFRM_ESP).
818 This is required for IPsec ESP (XFRM_ESP).
904 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
965 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
1076 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)

12345678