diff options
author | Aviad Yehezkel | 2018-01-16 15:12:22 +0100 |
---|---|---|
committer | Saeed Mahameed | 2018-03-08 00:53:18 +0100 |
commit | 65802f480008066636a43173b12388bb3fb7bd3a (patch) | |
tree | 9191cd0530bc0d8d848719ce1bcc25007a37e1b4 /drivers/net/ethernet/mellanox/mlx5/core/en_accel | |
parent | net/mlx5e: IPSec, Add support for ESP trailer removal by hardware (diff) | |
download | kernel-qcow2-linux-65802f480008066636a43173b12388bb3fb7bd3a.tar.gz kernel-qcow2-linux-65802f480008066636a43173b12388bb3fb7bd3a.tar.xz kernel-qcow2-linux-65802f480008066636a43173b12388bb3fb7bd3a.zip |
net/mlx5: IPSec, Add command V2 support
This patch adds V2 command support.
New fpga devices support extended features (udp encap, esn etc...), this
features require new hardware sadb format therefore we have a new version
of commands to manipulate it.
Signed-off-by: Yossef Efraim <yossefe@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Diffstat (limited to 'drivers/net/ethernet/mellanox/mlx5/core/en_accel')
-rw-r--r-- | drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 60 |
1 files changed, 28 insertions, 32 deletions
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c index 460a613059fe..a8c3fe7cff0f 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c @@ -133,50 +133,46 @@ static void mlx5e_ipsec_build_hw_sa(u32 op, struct mlx5e_ipsec_sa_entry *sa_entr memset(hw_sa, 0, sizeof(*hw_sa)); - if (op == MLX5_IPSEC_CMD_ADD_SA) { - crypto_data_len = (x->aead->alg_key_len + 7) / 8; - key_len = crypto_data_len - 4; /* 4 bytes salt at end */ - aead = x->data; - geniv_ctx = crypto_aead_ctx(aead); - ivsize = crypto_aead_ivsize(aead); - - memcpy(&hw_sa->key_enc, x->aead->alg_key, key_len); - /* Duplicate 128 bit key twice according to HW layout */ - if (key_len == 16) - memcpy(&hw_sa->key_enc[16], x->aead->alg_key, key_len); - memcpy(&hw_sa->gcm.salt_iv, geniv_ctx->salt, ivsize); - hw_sa->gcm.salt = *((__be32 *)(x->aead->alg_key + key_len)); - } - - hw_sa->cmd = htonl(op); - hw_sa->flags |= MLX5_IPSEC_SADB_SA_VALID | MLX5_IPSEC_SADB_SPI_EN; + crypto_data_len = (x->aead->alg_key_len + 7) / 8; + key_len = crypto_data_len - 4; /* 4 bytes salt at end */ + aead = x->data; + geniv_ctx = crypto_aead_ctx(aead); + ivsize = crypto_aead_ivsize(aead); + + memcpy(&hw_sa->ipsec_sa_v1.key_enc, x->aead->alg_key, key_len); + /* Duplicate 128 bit key twice according to HW layout */ + if (key_len == 16) + memcpy(&hw_sa->ipsec_sa_v1.key_enc[16], x->aead->alg_key, key_len); + memcpy(&hw_sa->ipsec_sa_v1.gcm.salt_iv, geniv_ctx->salt, ivsize); + hw_sa->ipsec_sa_v1.gcm.salt = *((__be32 *)(x->aead->alg_key + key_len)); + + hw_sa->ipsec_sa_v1.cmd = htonl(op); + hw_sa->ipsec_sa_v1.flags |= MLX5_IPSEC_SADB_SA_VALID | MLX5_IPSEC_SADB_SPI_EN; if (x->props.family == AF_INET) { - hw_sa->sip[3] = x->props.saddr.a4; - hw_sa->dip[3] = x->id.daddr.a4; - hw_sa->sip_masklen = 32; - hw_sa->dip_masklen = 32; + hw_sa->ipsec_sa_v1.sip[3] = x->props.saddr.a4; + hw_sa->ipsec_sa_v1.dip[3] = x->id.daddr.a4; } else { - memcpy(hw_sa->sip, x->props.saddr.a6, sizeof(hw_sa->sip)); - memcpy(hw_sa->dip, x->id.daddr.a6, sizeof(hw_sa->dip)); - hw_sa->sip_masklen = 128; - hw_sa->dip_masklen = 128; - hw_sa->flags |= MLX5_IPSEC_SADB_IPV6; + memcpy(hw_sa->ipsec_sa_v1.sip, x->props.saddr.a6, + sizeof(hw_sa->ipsec_sa_v1.sip)); + memcpy(hw_sa->ipsec_sa_v1.dip, x->id.daddr.a6, + sizeof(hw_sa->ipsec_sa_v1.dip)); + hw_sa->ipsec_sa_v1.flags |= MLX5_IPSEC_SADB_IPV6; } - hw_sa->spi = x->id.spi; - hw_sa->sw_sa_handle = htonl(sa_entry->handle); + hw_sa->ipsec_sa_v1.spi = x->id.spi; + hw_sa->ipsec_sa_v1.sw_sa_handle = htonl(sa_entry->handle); switch (x->id.proto) { case IPPROTO_ESP: - hw_sa->flags |= MLX5_IPSEC_SADB_IP_ESP; + hw_sa->ipsec_sa_v1.flags |= MLX5_IPSEC_SADB_IP_ESP; break; case IPPROTO_AH: - hw_sa->flags |= MLX5_IPSEC_SADB_IP_AH; + hw_sa->ipsec_sa_v1.flags |= MLX5_IPSEC_SADB_IP_AH; break; default: break; } - hw_sa->enc_mode = mlx5e_ipsec_enc_mode(x); + hw_sa->ipsec_sa_v1.enc_mode = mlx5e_ipsec_enc_mode(x); if (!(x->xso.flags & XFRM_OFFLOAD_INBOUND)) - hw_sa->flags |= MLX5_IPSEC_SADB_DIR_SX; + hw_sa->ipsec_sa_v1.flags |= MLX5_IPSEC_SADB_DIR_SX; } static inline int mlx5e_xfrm_validate_state(struct xfrm_state *x) |