Lines Matching full:ipsec
248 /* final set for normal (no ipsec offload) processing */ in ixgbe_ipsec_stop_engine()
293 * ixgbe_ipsec_restore - restore the ipsec HW settings after a reset
305 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_restore() local
319 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbe_ipsec_restore()
320 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbe_ipsec_restore()
341 struct rx_ip_sa *ipsa = &ipsec->ip_tbl[i]; in ixgbe_ipsec_restore()
350 * @ipsec: pointer to ipsec struct
355 static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable) in ixgbe_ipsec_find_empty_idx() argument
360 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbe_ipsec_find_empty_idx()
365 if (!ipsec->rx_tbl[i].used) in ixgbe_ipsec_find_empty_idx()
369 if (ipsec->num_tx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbe_ipsec_find_empty_idx()
374 if (!ipsec->tx_tbl[i].used) in ixgbe_ipsec_find_empty_idx()
384 * @ipsec: pointer to ipsec struct
392 static struct xfrm_state *ixgbe_ipsec_find_rx_state(struct ixgbe_ipsec *ipsec, in ixgbe_ipsec_find_rx_state() argument
400 hash_for_each_possible_rcu(ipsec->rx_sa_list, rsa, hlist, in ixgbe_ipsec_find_rx_state()
436 netdev_err(dev, "Unsupported IPsec algorithm\n"); in ixgbe_ipsec_parse_proto_keys()
441 netdev_err(dev, "IPsec offload requires %d bit authentication\n", in ixgbe_ipsec_parse_proto_keys()
451 netdev_err(dev, "Unsupported IPsec algorithm - please use %s\n", in ixgbe_ipsec_parse_proto_keys()
463 netdev_err(dev, "IPsec hw offload only supports keys up to 128 bits with a 32 bit salt\n"); in ixgbe_ipsec_parse_proto_keys()
466 netdev_info(dev, "IPsec hw offload parameters missing 32 bit salt value\n"); in ixgbe_ipsec_parse_proto_keys()
565 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_add_sa() local
573 netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n", in ixgbe_ipsec_add_sa()
579 netdev_err(dev, "IPsec IP addr clash with mgmt filters\n"); in ixgbe_ipsec_add_sa()
592 ret = ixgbe_ipsec_find_empty_idx(ipsec, true); in ixgbe_ipsec_add_sa()
634 (checked < ipsec->num_rx_sa || first < 0); in ixgbe_ipsec_add_sa()
636 if (ipsec->ip_tbl[i].used) { in ixgbe_ipsec_add_sa()
637 if (!memcmp(ipsec->ip_tbl[i].ipaddr, in ixgbe_ipsec_add_sa()
648 if (ipsec->num_rx_sa == 0) in ixgbe_ipsec_add_sa()
654 ipsec->ip_tbl[match].ref_cnt++; in ixgbe_ipsec_add_sa()
660 memcpy(ipsec->ip_tbl[first].ipaddr, in ixgbe_ipsec_add_sa()
662 ipsec->ip_tbl[first].ref_cnt = 1; in ixgbe_ipsec_add_sa()
663 ipsec->ip_tbl[first].used = true; in ixgbe_ipsec_add_sa()
683 memcpy(&ipsec->rx_tbl[sa_idx], &rsa, sizeof(rsa)); in ixgbe_ipsec_add_sa()
689 ipsec->num_rx_sa++; in ixgbe_ipsec_add_sa()
692 hash_add_rcu(ipsec->rx_sa_list, &ipsec->rx_tbl[sa_idx].hlist, in ixgbe_ipsec_add_sa()
702 ret = ixgbe_ipsec_find_empty_idx(ipsec, false); in ixgbe_ipsec_add_sa()
724 memcpy(&ipsec->tx_tbl[sa_idx], &tsa, sizeof(tsa)); in ixgbe_ipsec_add_sa()
730 ipsec->num_tx_sa++; in ixgbe_ipsec_add_sa()
750 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_del_sa() local
760 rsa = &ipsec->rx_tbl[sa_idx]; in ixgbe_ipsec_del_sa()
775 if (ipsec->ip_tbl[ipi].ref_cnt > 0) { in ixgbe_ipsec_del_sa()
776 ipsec->ip_tbl[ipi].ref_cnt--; in ixgbe_ipsec_del_sa()
778 if (!ipsec->ip_tbl[ipi].ref_cnt) { in ixgbe_ipsec_del_sa()
779 memset(&ipsec->ip_tbl[ipi], 0, in ixgbe_ipsec_del_sa()
787 ipsec->num_rx_sa--; in ixgbe_ipsec_del_sa()
791 if (!ipsec->tx_tbl[sa_idx].used) { in ixgbe_ipsec_del_sa()
798 memset(&ipsec->tx_tbl[sa_idx], 0, sizeof(struct tx_sa)); in ixgbe_ipsec_del_sa()
799 ipsec->num_tx_sa--; in ixgbe_ipsec_del_sa()
803 if (ipsec->num_rx_sa == 0 && ipsec->num_tx_sa == 0) { in ixgbe_ipsec_del_sa()
842 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_vf_clear() local
845 if (!ipsec) in ixgbe_ipsec_vf_clear()
849 for (i = 0; i < IXGBE_IPSEC_MAX_SA_COUNT && ipsec->num_rx_sa; i++) { in ixgbe_ipsec_vf_clear()
850 if (!ipsec->rx_tbl[i].used) in ixgbe_ipsec_vf_clear()
852 if (ipsec->rx_tbl[i].mode & IXGBE_RXTXMOD_VF && in ixgbe_ipsec_vf_clear()
853 ipsec->rx_tbl[i].vf == vf) in ixgbe_ipsec_vf_clear()
854 ixgbe_ipsec_del_sa(ipsec->rx_tbl[i].xs); in ixgbe_ipsec_vf_clear()
858 for (i = 0; i < IXGBE_IPSEC_MAX_SA_COUNT && ipsec->num_tx_sa; i++) { in ixgbe_ipsec_vf_clear()
859 if (!ipsec->tx_tbl[i].used) in ixgbe_ipsec_vf_clear()
861 if (ipsec->tx_tbl[i].mode & IXGBE_RXTXMOD_VF && in ixgbe_ipsec_vf_clear()
862 ipsec->tx_tbl[i].vf == vf) in ixgbe_ipsec_vf_clear()
863 ixgbe_ipsec_del_sa(ipsec->tx_tbl[i].xs); in ixgbe_ipsec_vf_clear()
881 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_vf_add_sa() local
893 e_warn(drv, "VF %d attempted to add an IPsec SA\n", vf); in ixgbe_ipsec_vf_add_sa()
898 /* Tx IPsec offload doesn't seem to work on this in ixgbe_ipsec_vf_add_sa()
950 ipsec->rx_tbl[sa_idx].vf = vf; in ixgbe_ipsec_vf_add_sa()
951 ipsec->rx_tbl[sa_idx].mode |= IXGBE_RXTXMOD_VF; in ixgbe_ipsec_vf_add_sa()
954 ipsec->tx_tbl[sa_idx].vf = vf; in ixgbe_ipsec_vf_add_sa()
955 ipsec->tx_tbl[sa_idx].mode |= IXGBE_RXTXMOD_VF; in ixgbe_ipsec_vf_add_sa()
991 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_vf_del_sa() local
1011 rsa = &ipsec->rx_tbl[sa_idx]; in ixgbe_ipsec_vf_del_sa()
1022 xs = ipsec->rx_tbl[sa_idx].xs; in ixgbe_ipsec_vf_del_sa()
1033 tsa = &ipsec->tx_tbl[sa_idx]; in ixgbe_ipsec_vf_del_sa()
1044 xs = ipsec->tx_tbl[sa_idx].xs; in ixgbe_ipsec_vf_del_sa()
1056 * ixgbe_ipsec_tx - setup Tx flags for ipsec offload
1059 * @itd: ipsec Tx data for later use in building context descriptor
1066 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_tx() local
1092 tsa = &ipsec->tx_tbl[itd->sa_idx]; in ixgbe_ipsec_tx()
1143 * ixgbe_ipsec_rx - decode ipsec bits from Rx descriptor
1148 * Determine if there was an ipsec encapsulation noticed, and if so set up
1159 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_rx() local
1172 * hw won't recognize the IPsec packet and anyway the in ixgbe_ipsec_rx()
1200 xs = ixgbe_ipsec_find_rx_state(ipsec, daddr, proto, spi, !!ip4); in ixgbe_ipsec_rx()
1218 * ixgbe_init_ipsec_offload - initialize security registers for IPSec operation
1224 struct ixgbe_ipsec *ipsec; in ixgbe_init_ipsec_offload() local
1232 * we should not be advertising support for IPsec. in ixgbe_init_ipsec_offload()
1241 ipsec = kzalloc(sizeof(*ipsec), GFP_KERNEL); in ixgbe_init_ipsec_offload()
1242 if (!ipsec) in ixgbe_init_ipsec_offload()
1244 hash_init(ipsec->rx_sa_list); in ixgbe_init_ipsec_offload()
1247 ipsec->rx_tbl = kzalloc(size, GFP_KERNEL); in ixgbe_init_ipsec_offload()
1248 if (!ipsec->rx_tbl) in ixgbe_init_ipsec_offload()
1252 ipsec->tx_tbl = kzalloc(size, GFP_KERNEL); in ixgbe_init_ipsec_offload()
1253 if (!ipsec->tx_tbl) in ixgbe_init_ipsec_offload()
1257 ipsec->ip_tbl = kzalloc(size, GFP_KERNEL); in ixgbe_init_ipsec_offload()
1258 if (!ipsec->ip_tbl) in ixgbe_init_ipsec_offload()
1261 ipsec->num_rx_sa = 0; in ixgbe_init_ipsec_offload()
1262 ipsec->num_tx_sa = 0; in ixgbe_init_ipsec_offload()
1264 adapter->ipsec = ipsec; in ixgbe_init_ipsec_offload()
1273 kfree(ipsec->ip_tbl); in ixgbe_init_ipsec_offload()
1274 kfree(ipsec->rx_tbl); in ixgbe_init_ipsec_offload()
1275 kfree(ipsec->tx_tbl); in ixgbe_init_ipsec_offload()
1276 kfree(ipsec); in ixgbe_init_ipsec_offload()
1282 * ixgbe_stop_ipsec_offload - tear down the ipsec offload
1287 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_stop_ipsec_offload() local
1289 adapter->ipsec = NULL; in ixgbe_stop_ipsec_offload()
1290 if (ipsec) { in ixgbe_stop_ipsec_offload()
1291 kfree(ipsec->ip_tbl); in ixgbe_stop_ipsec_offload()
1292 kfree(ipsec->rx_tbl); in ixgbe_stop_ipsec_offload()
1293 kfree(ipsec->tx_tbl); in ixgbe_stop_ipsec_offload()
1294 kfree(ipsec); in ixgbe_stop_ipsec_offload()