1 /*-
2 * Copyright (c) 2023 NVIDIA corporation & affiliates.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23 * SUCH DAMAGE.
24 *
25 */
26
27 #include "opt_ipsec.h"
28
29 #include <sys/mbuf.h>
30 #include <sys/socket.h>
31 #include <netinet/in.h>
32 #include <netipsec/keydb.h>
33 #include <netipsec/ipsec_offload.h>
34 #include <netipsec/xform.h>
35 #include <dev/mlx5/qp.h>
36 #include <dev/mlx5/mlx5_en/en.h>
37 #include <dev/mlx5/mlx5_accel/ipsec.h>
38
39 #define MLX5_IPSEC_METADATA_HANDLE(ipsec_metadata) (ipsec_metadata & 0xFFFFFF)
40
41 int
mlx5_accel_ipsec_rx_tag_add(if_t ifp,struct mlx5e_rq_mbuf * mr)42 mlx5_accel_ipsec_rx_tag_add(if_t ifp, struct mlx5e_rq_mbuf *mr)
43 {
44 struct mlx5e_priv *priv;
45 struct ipsec_accel_in_tag *mtag;
46
47 priv = if_getsoftc(ifp);
48 if (priv->ipsec == NULL)
49 return (0);
50 if (mr->ipsec_mtag != NULL)
51 return (0);
52
53 mtag = (struct ipsec_accel_in_tag *)m_tag_get(
54 PACKET_TAG_IPSEC_ACCEL_IN, sizeof(struct ipsec_accel_in_tag) -
55 __offsetof(struct ipsec_accel_in_tag, xh), M_NOWAIT);
56 if (mtag == NULL)
57 return (-ENOMEM);
58 mr->ipsec_mtag = mtag;
59 return (0);
60 }
61
62 void
mlx5e_accel_ipsec_handle_rx_cqe(if_t ifp,struct mbuf * mb,struct mlx5_cqe64 * cqe,struct mlx5e_rq_mbuf * mr)63 mlx5e_accel_ipsec_handle_rx_cqe(if_t ifp, struct mbuf *mb,
64 struct mlx5_cqe64 *cqe, struct mlx5e_rq_mbuf *mr)
65 {
66 struct ipsec_accel_in_tag *mtag;
67 u32 drv_spi;
68
69 drv_spi = MLX5_IPSEC_METADATA_HANDLE(be32_to_cpu(cqe->ft_metadata));
70 mtag = mr->ipsec_mtag;
71 WARN_ON(mtag == NULL);
72 if (mtag != NULL) {
73 mtag->drv_spi = drv_spi;
74 if (ipsec_accel_fill_xh(ifp, drv_spi, &mtag->xh)) {
75 m_tag_prepend(mb, &mtag->tag);
76 mr->ipsec_mtag = NULL;
77 }
78 }
79 }
80
81 void
mlx5e_accel_ipsec_handle_tx_wqe(struct mbuf * mb,struct mlx5e_tx_wqe * wqe,struct ipsec_accel_out_tag * tag)82 mlx5e_accel_ipsec_handle_tx_wqe(struct mbuf *mb, struct mlx5e_tx_wqe *wqe,
83 struct ipsec_accel_out_tag *tag)
84 {
85 wqe->eth.flow_table_metadata = cpu_to_be32(
86 mlx5e_accel_ipsec_get_metadata(tag->drv_spi));
87 }
88