1 /*- 2 * Copyright (c) 2023 NVIDIA corporation & affiliates. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 * 25 */ 26 27 #include "opt_ipsec.h" 28 29 #include <sys/mbuf.h> 30 #include <sys/socket.h> 31 #include <netinet/in.h> 32 #include <netipsec/keydb.h> 33 #include <netipsec/ipsec_offload.h> 34 #include <netipsec/xform.h> 35 #include <dev/mlx5/qp.h> 36 #include <dev/mlx5/mlx5_en/en.h> 37 #include <dev/mlx5/mlx5_accel/ipsec.h> 38 39 #define MLX5_IPSEC_METADATA_HANDLE(ipsec_metadata) (ipsec_metadata & 0xFFFFFF) 40 41 int 42 mlx5_accel_ipsec_rx_tag_add(if_t ifp, struct mlx5e_rq_mbuf *mr) 43 { 44 struct mlx5e_priv *priv; 45 struct ipsec_accel_in_tag *mtag; 46 47 priv = if_getsoftc(ifp); 48 if (priv->ipsec == NULL) 49 return (0); 50 if (mr->ipsec_mtag != NULL) 51 return (0); 52 53 mtag = (struct ipsec_accel_in_tag *)m_tag_get( 54 PACKET_TAG_IPSEC_ACCEL_IN, sizeof(struct ipsec_accel_in_tag) - 55 __offsetof(struct ipsec_accel_in_tag, xh), M_NOWAIT); 56 if (mtag == NULL) 57 return (-ENOMEM); 58 mr->ipsec_mtag = mtag; 59 return (0); 60 } 61 62 void 63 mlx5e_accel_ipsec_handle_rx_cqe(if_t ifp, struct mbuf *mb, 64 struct mlx5_cqe64 *cqe, struct mlx5e_rq_mbuf *mr) 65 { 66 struct ipsec_accel_in_tag *mtag; 67 u32 drv_spi; 68 69 drv_spi = MLX5_IPSEC_METADATA_HANDLE(be32_to_cpu(cqe->ft_metadata)); 70 mtag = mr->ipsec_mtag; 71 WARN_ON(mtag == NULL); 72 if (mtag != NULL) { 73 mtag->drv_spi = drv_spi; 74 if (ipsec_accel_fill_xh(ifp, drv_spi, &mtag->xh)) { 75 m_tag_prepend(mb, &mtag->tag); 76 mr->ipsec_mtag = NULL; 77 } 78 } 79 } 80 81 void 82 mlx5e_accel_ipsec_handle_tx_wqe(struct mbuf *mb, struct mlx5e_tx_wqe *wqe, 83 struct ipsec_accel_out_tag *tag) 84 { 85 wqe->eth.flow_table_metadata = cpu_to_be32( 86 mlx5e_accel_ipsec_get_metadata(tag->drv_spi)); 87 } 88