Home
last modified time | relevance | path

Searched full:ipsec (Results 1 – 25 of 215) sorted by relevance

123456789

/linux/drivers/net/ethernet/intel/ixgbevf/
H A Dipsec.c94 * ixgbevf_ipsec_restore - restore the IPsec HW settings after a reset
103 struct ixgbevf_ipsec *ipsec = adapter->ipsec; in ixgbevf_ipsec_restore() local
112 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbevf_ipsec_restore()
113 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbevf_ipsec_restore()
134 * @ipsec: pointer to IPsec struct
140 int ixgbevf_ipsec_find_empty_idx(struct ixgbevf_ipsec *ipsec, bool rxtable) in ixgbevf_ipsec_find_empty_idx() argument
145 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
150 if (!ipsec->rx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
154 if (ipsec->num_tx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
159 if (!ipsec->tx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
[all …]
/linux/drivers/net/netdevsim/
H A Dipsec.c17 struct nsim_ipsec *ipsec = &ns->ipsec; in nsim_dbg_netdev_ops_read() local
26 bufsize = (ipsec->count * 4 * 60) + 60; in nsim_dbg_netdev_ops_read()
34 ipsec->count, ipsec->tx); in nsim_dbg_netdev_ops_read()
37 struct nsim_sa *sap = &ipsec->sa[i]; in nsim_dbg_netdev_ops_read()
68 static int nsim_ipsec_find_empty_idx(struct nsim_ipsec *ipsec) in nsim_ipsec_find_empty_idx() argument
72 if (ipsec->count == NSIM_IPSEC_MAX_SA_COUNT) in nsim_ipsec_find_empty_idx()
77 if (!ipsec->sa[i].used) in nsim_ipsec_find_empty_idx()
94 netdev_err(dev, "Unsupported IPsec algorithm\n"); in nsim_ipsec_parse_proto_keys()
99 netdev_err(dev, "IPsec offload requires %d bit authentication\n", in nsim_ipsec_parse_proto_keys()
109 netdev_err(dev, "Unsupported IPsec algorithm - please use %s\n", in nsim_ipsec_parse_proto_keys()
[all …]
/linux/drivers/net/ethernet/intel/ixgbe/
H A Dixgbe_ipsec.c248 /* final set for normal (no ipsec offload) processing */ in ixgbe_ipsec_stop_engine()
293 * ixgbe_ipsec_restore - restore the ipsec HW settings after a reset
305 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_restore() local
319 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbe_ipsec_restore()
320 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbe_ipsec_restore()
341 struct rx_ip_sa *ipsa = &ipsec->ip_tbl[i]; in ixgbe_ipsec_restore()
350 * @ipsec: pointer to ipsec struct
355 static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable) in ixgbe_ipsec_find_empty_idx() argument
360 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbe_ipsec_find_empty_idx()
365 if (!ipsec->rx_tbl[i].used) in ixgbe_ipsec_find_empty_idx()
[all …]
/linux/drivers/net/ethernet/mellanox/mlx5/core/esw/
H A Dipsec_fs.c6 #include "en_accel/ipsec.h"
24 void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_create_attr_set() argument
34 int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_status_pass_dest_get() argument
38 dest->ft = mlx5_chains_get_table(esw_chains(ipsec->mdev->priv.eswitch), 0, 1, 0); in mlx5_esw_ipsec_rx_status_pass_dest_get()
47 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5_esw_ipsec_rx_setup_modify_header() local
48 struct mlx5_core_dev *mdev = ipsec->mdev; in mlx5_esw_ipsec_rx_setup_modify_header()
53 err = xa_alloc_bh(&ipsec->ipsec_obj_id_map, &mapped_id, in mlx5_esw_ipsec_rx_setup_modify_header()
59 /* reuse tunnel bits for ipsec, in mlx5_esw_ipsec_rx_setup_modify_header()
84 xa_erase_bh(&ipsec->ipsec_obj_id_map, mapped_id); in mlx5_esw_ipsec_rx_setup_modify_header()
90 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5_esw_ipsec_rx_id_mapping_remove() local
[all …]
H A Dipsec_fs.h11 void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec,
13 int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec,
20 void mlx5_esw_ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec,
24 static inline void mlx5_esw_ipsec_rx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_create_attr_set() argument
27 static inline int mlx5_esw_ipsec_rx_status_pass_dest_get(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_rx_status_pass_dest_get() argument
47 static inline void mlx5_esw_ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec, in mlx5_esw_ipsec_tx_create_attr_set() argument
/linux/drivers/net/ethernet/mellanox/mlx5/core/en_accel/
H A Dipsec.c42 #include "ipsec.h"
86 queue_delayed_work(sa_entry->ipsec->wq, &dwork->dwork, in mlx5e_ipsec_handle_sw_limits()
694 struct mlx5e_ipsec *ipsec; in mlx5e_xfrm_add_state() local
700 if (!priv->ipsec) in mlx5e_xfrm_add_state()
703 ipsec = priv->ipsec; in mlx5e_xfrm_add_state()
710 sa_entry->ipsec = ipsec; in mlx5e_xfrm_add_state()
759 err = xa_insert_bh(&ipsec->sadb, sa_entry->ipsec_obj_id, sa_entry, in mlx5e_xfrm_add_state()
767 queue_delayed_work(ipsec->wq, &sa_entry->dwork->dwork, in mlx5e_xfrm_add_state()
772 xa_set_mark(&ipsec->sadb, sa_entry->ipsec_obj_id, in mlx5e_xfrm_add_state()
801 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5e_xfrm_del_state() local
[all …]
H A Dipsec_stats.c38 #include "ipsec.h"
68 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_NUM_STATS()
80 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
91 if (!priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
94 mlx5e_accel_ipsec_fs_read_stats(priv, &priv->ipsec->hw_stats); in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
98 MLX5E_READ_CTR_ATOMIC64(&priv->ipsec->hw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
104 return priv->ipsec ? NUM_IPSEC_SW_COUNTERS : 0; in MLX5E_DECLARE_STATS_GRP_OP_NUM_STATS()
113 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
122 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
126 &priv->ipsec->sw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
H A Dipsec_offload.c6 #include "ipsec.h"
84 /* We can accommodate up to 2^24 different IPsec objects in mlx5_ipsec_device_caps()
86 * to hold the IPsec Object unique handle. in mlx5_ipsec_device_caps()
119 * be used in other places as long as IPsec packet offload in mlx5e_ipsec_packet_setup()
221 mlx5_core_dbg(mdev, "Failed to create IPsec object (err = %d)\n", err); in mlx5_ipsec_create_sa_ctx()
261 mlx5_core_err(mdev, "Query IPsec object failed (Object id %d), err = %d\n", in mlx5_modify_ipsec_obj()
369 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5e_ipsec_handle_limits() local
370 struct mlx5e_ipsec_aso *aso = ipsec->aso; in mlx5e_ipsec_handle_limits()
456 aso = sa_entry->ipsec->aso; in mlx5e_ipsec_handle_event()
482 struct mlx5e_ipsec *ipsec = container_of(nb, struct mlx5e_ipsec, nb); in mlx5e_ipsec_event() local
[all …]
H A Dipsec_rxtx.c37 #include "ipsec.h"
273 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_bundle); in mlx5e_ipsec_handle_tx_skb()
279 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_no_state); in mlx5e_ipsec_handle_tx_skb()
286 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_not_ip); in mlx5e_ipsec_handle_tx_skb()
292 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_trailer); in mlx5e_ipsec_handle_tx_skb()
312 struct mlx5e_ipsec *ipsec = priv->ipsec; in mlx5e_ipsec_offload_handle_rx_skb() local
321 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_sp_alloc); in mlx5e_ipsec_offload_handle_rx_skb()
326 sa_entry = xa_load(&ipsec->sadb, sa_handle); in mlx5e_ipsec_offload_handle_rx_skb()
329 atomic64_inc(&ipsec->sw_stats.ipsec_rx_drop_sadb_miss); in mlx5e_ipsec_offload_handle_rx_skb()
345 struct mlx5e_ipsec *ipsec = priv->ipsec; in mlx5_esw_ipsec_rx_make_metadata() local
[all …]
H A Dipsec.h168 /* Protect ASO WQ access, as it is global to whole IPsec */
263 struct mlx5e_ipsec *ipsec; member
298 struct mlx5e_ipsec *ipsec; member
309 void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec);
310 int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec, struct mlx5_devcom_comp_dev **devcom);
326 int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec);
327 void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec);
343 return sa_entry->ipsec->mdev; in mlx5e_ipsec_sa2dev()
349 return pol_entry->ipsec->mdev; in mlx5e_ipsec_pol2dev()
H A Dipsec_rxtx.h42 /* Bit31: IPsec marker, Bit30: reserved, Bit29-24: IPsec syndrome, Bit23-0: IPsec obj id */
110 /* Disable CSUM and GSO for software IPsec */ in mlx5e_ipsec_feature_check()
/linux/net/xfrm/
H A DKconfig28 like IPsec used by native Linux tools.
38 Transformation(XFRM) user configuration interface like IPsec
47 This provides a virtual interface to route IPsec traffic.
65 A feature to update locator(s) of a given IPsec security
67 instance, in a Mobile IPv6 environment with IPsec configuration
117 They are required if you are going to use IPsec tools ported
129 locator(s) of a given IPsec security association.
131 environment with IPsec configuration where mobile nodes
/linux/drivers/net/ethernet/mellanox/mlx5/core/lib/
H A Dipsec_fs_roce.c159 mlx5_core_err(mdev, "Fail to add RX RoCE IPsec rule err=%d\n", in ipsec_fs_roce_rx_rule_setup()
170 mlx5_core_err(mdev, "Fail to add RX RoCE IPsec miss rule err=%d\n", in ipsec_fs_roce_rx_rule_setup()
187 mlx5_core_err(mdev, "Fail to add RX RoCE IPsec rule for alias err=%d\n", in ipsec_fs_roce_rx_rule_setup()
221 mlx5_core_err(mdev, "Fail to add TX RoCE IPsec rule err=%d\n", in ipsec_fs_roce_tx_rule_setup()
256 mlx5_core_err(mdev, "Fail to add TX RoCE IPsec rule err=%d\n", in ipsec_fs_roce_tx_mpv_rule_setup()
274 #define MLX5_IPSEC_NIC_GOTO_ALIAS_FT_LEVEL 3 /* Since last used level in NIC ipsec is 2 */
309 mlx5_core_err(mdev, "Fail to create RoCE IPsec goto alias ft err=%d\n", err); in ipsec_fs_roce_tx_mpv_create_ft()
321 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx ft err=%d\n", err); in ipsec_fs_roce_tx_mpv_create_ft()
357 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx group err=%d\n", err); in ipsec_fs_roce_tx_mpv_create_group_rules()
364 mlx5_core_err(mdev, "Fail to create RoCE IPsec tx rules err=%d\n", err); in ipsec_fs_roce_tx_mpv_create_group_rules()
[all …]
/linux/drivers/crypto/caam/
H A Dpdb.h14 * PDB- IPSec ESP Header Modification Options
47 * PDB - IPSec ESP Encap/Decap Options
68 * General IPSec encap/decap PDB definitions
72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
120 * ipsec_encap_pdb - PDB for IPsec encapsulation
127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
128 * @seq_num: IPsec sequence number
[all …]
/linux/Documentation/networking/
H A Dxfrm_device.rst5 XFRM device - offloading the IPsec computations
15 IPsec is a useful feature for securing network traffic, but the
18 Luckily, there are NICs that offer a hardware based IPsec offload which
24 * IPsec crypto offload:
27 * IPsec packet offload:
82 The NIC driver offering ipsec offload will need to implement callbacks
113 -EOPNETSUPP offload not supported, try SW IPsec,
124 When the network stack is preparing an IPsec packet for an SA that has
140 The stack has already inserted the appropriate IPsec headers in the
148 IPsec headers are still in the packet data; they are removed later up
H A Dipsec.rst4 IPsec title
8 Here documents known IPsec corner cases which need to be keep in mind when
9 deploy various IPsec configuration in real world production environment.
/linux/tools/testing/selftests/net/
H A Dxfrm_policy.sh10 # ns3 and ns4 are connected via ipsec tunnel.
12 # ns1: ping 10.0.2.2: passes via ipsec tunnel.
13 # ns2: ping 10.0.1.2: passes via ipsec tunnel.
15 # ns1: ping 10.0.1.253: passes via ipsec tunnel (direct policy)
16 # ns2: ping 10.0.2.253: passes via ipsec tunnel (direct policy)
18 # ns1: ping 10.0.2.254: does NOT pass via ipsec tunnel (exception)
19 # ns2: ping 10.0.1.254: does NOT pass via ipsec tunnel (exception)
242 echo "PASS: ping to .254 bypassed ipsec tunnel ($logpostfix)"
245 # ping to .253 should use use ipsec due to direct policy exception.
248 echo "FAIL: expected ping to .253 to use ipsec tunnel ($logpostfix)"
[all …]
/linux/Documentation/devicetree/bindings/rng/
H A Dbrcm,bcm2835.yaml29 const: ipsec
35 const: ipsec
78 clock-names = "ipsec";
81 reset-names = "ipsec";
/linux/Documentation/networking/device_drivers/ethernet/mellanox/mlx5/
H A Dswitchdev.rst193 IPsec crypto capability setup
195 User who wants mlx5 PCI VFs to be able to perform IPsec crypto offloading need
196 to explicitly enable the VF ipsec_crypto capability. Enabling IPsec capability
198 IPsec capability enabled, any IPsec offloading is blocked on the PF.
203 IPsec packet capability setup
205 User who wants mlx5 PCI VFs to be able to perform IPsec packet offloading need
206 to explicitly enable the VF ipsec_packet capability. Enabling IPsec capability
208 IPsec capability enabled, any IPsec offloading is blocked on the PF.
/linux/drivers/net/ethernet/netronome/
H A DKconfig58 bool "NFP IPsec crypto offload support"
63 Enable driver support IPsec crypto offload on NFP NIC.
64 Say Y, if you are planning to make use of IPsec crypto
65 offload. NOTE that IPsec crypto offload on NFP NIC
/linux/drivers/crypto/marvell/octeontx2/
H A Dotx2_cptpf_ucode.h15 * On OcteonTX2 platform IPSec ucode can use both IE and SE engines therefore
37 OTX2_CPT_SE_UC_TYPE2 = 21,/* Fast Path IPSec + AirCrypto */
40 * Full Feature IPSec + AirCrypto + Kasumi
43 OTX2_CPT_IE_UC_TYPE2 = 31, /* Fast Path IPSec */
46 * Full Future IPSec
/linux/Documentation/networking/devlink/
H A Ddevlink-port.rst131 Users may also set the IPsec crypto capability of the function using
134 Users may also set the IPsec packet capability of the function using
252 IPsec crypto capability setup
254 When user enables IPsec crypto capability for a VF, user application can offload
257 When IPsec crypto capability is disabled (default) for a VF, the XFRM state is
260 - Get IPsec crypto capability of the VF device::
267 - Set IPsec crypto capability of the VF device::
276 IPsec packet capability setup
278 When user enables IPsec packet capability for a VF, user application can offload
280 IPsec encapsulation.
[all …]
/linux/drivers/net/ethernet/chelsio/inline_crypto/
H A DKconfig29 tristate "Chelsio IPSec XFRM Tx crypto offload"
34 Support Chelsio Inline IPsec with Chelsio crypto accelerator.
35 Enable inline IPsec support for Tx.
/linux/net/ipv6/
H A DKconfig55 Support for IPsec AH (Authentication Header).
70 Support for IPsec ESP (Encapsulating Security Payload).
88 only if this system really does IPsec and want to do it
90 need it, even if it does IPsec.
112 typically needed for IPsec.
163 the notion of a secure tunnel for IPSEC and then use routing protocol
/linux/drivers/net/ethernet/netronome/nfp/
H A DMakefile83 nfp-$(CONFIG_NFP_NET_IPSEC) += crypto/ipsec.o nfd3/ipsec.o nfdk/ipsec.o

123456789