| /Linux-v5.10/drivers/net/ethernet/intel/ixgbevf/ |
| D | ipsec.c | 94 * ixgbevf_ipsec_restore - restore the IPsec HW settings after a reset
103 struct ixgbevf_ipsec *ipsec = adapter->ipsec; in ixgbevf_ipsec_restore() local
112 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbevf_ipsec_restore()
113 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbevf_ipsec_restore()
134 * @ipsec: pointer to IPsec struct
140 int ixgbevf_ipsec_find_empty_idx(struct ixgbevf_ipsec *ipsec, bool rxtable) in ixgbevf_ipsec_find_empty_idx() argument
145 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
150 if (!ipsec->rx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
154 if (ipsec->num_tx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbevf_ipsec_find_empty_idx()
159 if (!ipsec->tx_tbl[i].used) in ixgbevf_ipsec_find_empty_idx()
[all …]
|
| D | defines.h | 136 #define IXGBE_RXDADV_STAT_SECP 0x00020000 /* IPsec/MACsec pkt found */
142 #define IXGBE_RXDADV_PKTTYPE_IPSEC_ESP 0x00001000 /* IPSec ESP */
143 #define IXGBE_RXDADV_PKTTYPE_IPSEC_AH 0x00002000 /* IPSec AH */
258 #define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000 /* IPSec Type ESP */
263 #define IXGBE_ADVTXD_POPTS_IPSEC 0x00000400 /* IPSec offload request */
|
| /Linux-v5.10/drivers/net/netdevsim/ |
| D | ipsec.c | 17 struct nsim_ipsec *ipsec = &ns->ipsec; in nsim_dbg_netdev_ops_read() local
26 bufsize = (ipsec->count * 4 * 60) + 60; in nsim_dbg_netdev_ops_read()
34 ipsec->count, ipsec->tx); in nsim_dbg_netdev_ops_read()
37 struct nsim_sa *sap = &ipsec->sa[i]; in nsim_dbg_netdev_ops_read()
68 static int nsim_ipsec_find_empty_idx(struct nsim_ipsec *ipsec) in nsim_ipsec_find_empty_idx() argument
72 if (ipsec->count == NSIM_IPSEC_MAX_SA_COUNT) in nsim_ipsec_find_empty_idx()
77 if (!ipsec->sa[i].used) in nsim_ipsec_find_empty_idx()
94 netdev_err(dev, "Unsupported IPsec algorithm\n"); in nsim_ipsec_parse_proto_keys()
99 netdev_err(dev, "IPsec offload requires %d bit authentication\n", in nsim_ipsec_parse_proto_keys()
109 netdev_err(dev, "Unsupported IPsec algorithm - please use %s\n", in nsim_ipsec_parse_proto_keys()
[all …]
|
| /Linux-v5.10/drivers/net/ethernet/intel/ixgbe/ |
| D | ixgbe_ipsec.c | 248 /* final set for normal (no ipsec offload) processing */ in ixgbe_ipsec_stop_engine()
293 * ixgbe_ipsec_restore - restore the ipsec HW settings after a reset
305 struct ixgbe_ipsec *ipsec = adapter->ipsec; in ixgbe_ipsec_restore() local
319 struct rx_sa *r = &ipsec->rx_tbl[i]; in ixgbe_ipsec_restore()
320 struct tx_sa *t = &ipsec->tx_tbl[i]; in ixgbe_ipsec_restore()
341 struct rx_ip_sa *ipsa = &ipsec->ip_tbl[i]; in ixgbe_ipsec_restore()
350 * @ipsec: pointer to ipsec struct
355 static int ixgbe_ipsec_find_empty_idx(struct ixgbe_ipsec *ipsec, bool rxtable) in ixgbe_ipsec_find_empty_idx() argument
360 if (ipsec->num_rx_sa == IXGBE_IPSEC_MAX_SA_COUNT) in ixgbe_ipsec_find_empty_idx()
365 if (!ipsec->rx_tbl[i].used) in ixgbe_ipsec_find_empty_idx()
[all …]
|
| /Linux-v5.10/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ |
| D | ipsec.c | 41 #include "en_accel/ipsec.h"
60 struct xfrm_state *mlx5e_ipsec_sadb_rx_lookup(struct mlx5e_ipsec *ipsec, in mlx5e_ipsec_sadb_rx_lookup() argument
67 hash_for_each_possible_rcu(ipsec->sadb_rx, sa_entry, hlist, handle) in mlx5e_ipsec_sadb_rx_lookup()
81 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5e_ipsec_sadb_rx_add() local
86 hash_for_each_possible_rcu(ipsec->sadb_rx, _sa_entry, hlist, handle) in mlx5e_ipsec_sadb_rx_add()
93 spin_lock_irqsave(&ipsec->sadb_rx_lock, flags); in mlx5e_ipsec_sadb_rx_add()
95 hash_add_rcu(ipsec->sadb_rx, &sa_entry->hlist, sa_entry->handle); in mlx5e_ipsec_sadb_rx_add()
96 spin_unlock_irqrestore(&ipsec->sadb_rx_lock, flags); in mlx5e_ipsec_sadb_rx_add()
103 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in mlx5e_ipsec_sadb_rx_del() local
106 spin_lock_irqsave(&ipsec->sadb_rx_lock, flags); in mlx5e_ipsec_sadb_rx_del()
[all …]
|
| D | ipsec_fs.c | 39 struct mutex mutex; /* Protect IPsec TX steering */
43 /* IPsec RX flow steering */
81 "fail to alloc ipsec copy modify_header_id err=%d\n", err); in rx_err_add_rule()
93 netdev_err(priv->netdev, "fail to add ipsec rx err copy rule err=%d\n", err); in rx_err_add_rule()
147 netdev_err(priv->netdev, "fail to create ipsec rx inline ft err=%d\n", err); in rx_err_create_ft()
211 netdev_err(priv->netdev, "fail to create ipsec rx ft err=%d\n", err); in rx_fs_create()
222 netdev_err(priv->netdev, "fail to create ipsec rx miss_group err=%d\n", err); in rx_fs_create()
231 netdev_err(priv->netdev, "fail to create ipsec rx miss_rule err=%d\n", err); in rx_fs_create()
247 accel_esp = priv->ipsec->rx_fs; in rx_destroy()
265 accel_esp = priv->ipsec->rx_fs; in rx_create()
[all …]
|
| D | ipsec_stats.c | 38 #include "accel/ipsec.h"
40 #include "en_accel/ipsec.h"
41 #include "fpga/ipsec.h"
88 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
99 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
101 data[idx++] = MLX5E_READ_CTR_ATOMIC64(&priv->ipsec->sw_stats, in MLX5E_DECLARE_STATS_GRP_OP_FILL_STATS()
115 if (priv->ipsec) in MLX5E_DECLARE_STATS_GRP_OP_UPDATE_STATS()
116 ret = mlx5_accel_ipsec_counters_read(priv->mdev, (u64 *)&priv->ipsec->stats, in MLX5E_DECLARE_STATS_GRP_OP_UPDATE_STATS()
119 memset(&priv->ipsec->stats, 0, sizeof(priv->ipsec->stats)); in MLX5E_DECLARE_STATS_GRP_OP_UPDATE_STATS()
126 if (priv->ipsec && mlx5_fpga_ipsec_device_caps(priv->mdev)) in MLX5E_DECLARE_STATS_GRP_OP_FILL_STRS()
[all …]
|
| D | ipsec_rxtx.c | 39 #include "en_accel/ipsec.h"
327 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_bundle); in mlx5e_ipsec_handle_tx_skb()
333 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_no_state); in mlx5e_ipsec_handle_tx_skb()
340 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_not_ip); in mlx5e_ipsec_handle_tx_skb()
346 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_trailer); in mlx5e_ipsec_handle_tx_skb()
353 atomic64_inc(&priv->ipsec->sw_stats.ipsec_tx_drop_metadata); in mlx5e_ipsec_handle_tx_skb()
384 atomic64_inc(&priv->ipsec->sw_stats.ipsec_rx_drop_sp_alloc); in mlx5e_ipsec_build_sp()
389 xs = mlx5e_ipsec_sadb_rx_lookup(priv->ipsec, sa_handle); in mlx5e_ipsec_build_sp()
391 atomic64_inc(&priv->ipsec->sw_stats.ipsec_rx_drop_sadb_miss); in mlx5e_ipsec_build_sp()
404 if (likely(priv->ipsec->no_trailer)) { in mlx5e_ipsec_build_sp()
[all …]
|
| D | en_accel.h | 111 struct mlx5e_accel_tx_ipsec_state ipsec; member
133 if (unlikely(!mlx5e_ipsec_handle_tx_skb(dev, skb, &state->ipsec))) in mlx5e_accel_tx_begin()
144 return mlx5e_ipsec_is_tx_flow(&state->ipsec); in mlx5e_accel_tx_is_ipsec_flow()
155 return mlx5e_ipsec_tx_ids_len(&state->ipsec); in mlx5e_accel_tx_ids_len()
192 state->ipsec.xo && state->ipsec.tailen) in mlx5e_accel_tx_finish()
193 mlx5e_ipsec_handle_tx_wqe(wqe, &state->ipsec, inlseg); in mlx5e_accel_tx_finish()
|
| D | ipsec_rxtx.h | 42 /* Bit31: IPsec marker, Bit30-24: IPsec syndrome, Bit23-0: IPsec obj id */
|
| /Linux-v5.10/drivers/net/ethernet/mellanox/mlx5/core/fpga/ |
| D | ipsec.c | 42 #include "fpga/ipsec.h"
153 mlx5_fpga_warn(fdev, "IPSec command send failed with status %u\n", in mlx5_fpga_ipsec_send_complete()
185 mlx5_fpga_warn(fdev, "Short receive from FPGA IPSec: %u < %zu bytes\n", in mlx5_fpga_ipsec_recv()
193 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_recv()
194 context = list_first_entry_or_null(&fdev->ipsec->pending_cmds, in mlx5_fpga_ipsec_recv()
199 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_recv()
202 mlx5_fpga_warn(fdev, "Received IPSec offload response without pending command request\n"); in mlx5_fpga_ipsec_recv()
213 mlx5_fpga_warn(fdev, "IPSec command failed with syndrome %08x\n", in mlx5_fpga_ipsec_recv()
227 if (!fdev || !fdev->ipsec) in mlx5_fpga_ipsec_cmd_exec()
245 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_cmd_exec()
[all …]
|
| /Linux-v5.10/net/xfrm/ |
| D | Kconfig | 27 like IPsec used by native Linux tools.
37 Transformation(XFRM) user configuration interface like IPsec
46 This provides a virtual interface to route IPsec traffic.
64 A feature to update locator(s) of a given IPsec security
66 instance, in a Mobile IPv6 environment with IPsec configuration
116 They are required if you are going to use IPsec tools ported
128 locator(s) of a given IPsec security association.
130 environment with IPsec configuration where mobile nodes
|
| /Linux-v5.10/drivers/crypto/caam/ |
| D | pdb.h | 14 * PDB- IPSec ESP Header Modification Options
47 * PDB - IPSec ESP Encap/Decap Options
68 * General IPSec encap/decap PDB definitions
72 * ipsec_encap_cbc - PDB part for IPsec CBC encapsulation
80 * ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
92 * ipsec_encap_ccm - PDB part for IPsec CCM encapsulation
108 * ipsec_encap_gcm - PDB part for IPsec GCM encapsulation
120 * ipsec_encap_pdb - PDB for IPsec encapsulation
127 * @seq_num_ext_hi: (optional) IPsec Extended Sequence Number (ESN)
128 * @seq_num: IPsec sequence number
[all …]
|
| /Linux-v5.10/Documentation/devicetree/bindings/crypto/ |
| D | picochip-spacc.txt | 4 IPSEC and femtocell layer 2 ciphering.
7 - compatible : "picochip,spacc-ipsec" for the IPSEC offload engine
16 compatible = "picochip,spacc-ipsec";
|
| /Linux-v5.10/Documentation/networking/ |
| D | xfrm_device.rst | 4 XFRM device - offloading the IPsec computations
13 IPsec is a useful feature for securing network traffic, but the
16 Luckily, there are NICs that offer a hardware based IPsec offload which
51 The NIC driver offering ipsec offload will need to implement these
82 -EOPNETSUPP offload not supported, try SW IPsec
92 When the network stack is preparing an IPsec packet for an SA that has
107 The stack has already inserted the appropriate IPsec headers in the
115 IPsec headers are still in the packet data; they are removed later up
|
| D | ipsec.rst | 4 IPsec chapter
8 Here documents known IPsec corner cases which need to be keep in mind when
9 deploy various IPsec configuration in real world production environment.
|
| D | pktgen.rst | 178 IPSEC # IPsec encapsulation (needs CONFIG_XFRM)
281 Enable IPsec
283 Default IPsec transformation with ESP encapsulation plus transport mode
286 pgset "flag IPSEC"
359 IPSEC
363 spi (ipsec)
|
| /Linux-v5.10/tools/testing/selftests/net/ |
| D | xfrm_policy.sh | 10 # ns3 and ns4 are connected via ipsec tunnel.
12 # ns1: ping 10.0.2.2: passes via ipsec tunnel.
13 # ns2: ping 10.0.1.2: passes via ipsec tunnel.
15 # ns1: ping 10.0.1.253: passes via ipsec tunnel (direct policy)
16 # ns2: ping 10.0.2.253: passes via ipsec tunnel (direct policy)
18 # ns1: ping 10.0.2.254: does NOT pass via ipsec tunnel (exception)
19 # ns2: ping 10.0.1.254: does NOT pass via ipsec tunnel (exception)
243 echo "PASS: ping to .254 bypassed ipsec tunnel ($logpostfix)"
246 # ping to .253 should use use ipsec due to direct policy exception.
249 echo "FAIL: expected ping to .253 to use ipsec tunnel ($logpostfix)"
[all …]
|
| /Linux-v5.10/drivers/net/ethernet/mellanox/mlx5/core/ |
| D | Kconfig | 126 bool "Mellanox Technologies IPsec Innova support"
131 Build IPsec support for the Innova family of network cards by Mellanox
138 bool "Mellanox Technologies IPsec Connect-X support"
145 Build IPsec support for the Connect-X family of network cards by Mellanox
148 IPsec support for the Connect-X family.
151 bool "IPSec XFRM cryptography-offload accelaration"
158 Build support for IPsec cryptography-offload accelaration in the NIC.
|
| D | Makefile | 69 mlx5_core-$(CONFIG_MLX5_FPGA_IPSEC) += fpga/ipsec.o
71 mlx5_core-$(CONFIG_MLX5_ACCEL) += lib/crypto.o accel/tls.o accel/ipsec.o
75 mlx5_core-$(CONFIG_MLX5_EN_IPSEC) += en_accel/ipsec.o en_accel/ipsec_rxtx.o \
|
| /Linux-v5.10/drivers/net/ethernet/chelsio/inline_crypto/ |
| D | Kconfig | 29 tristate "Chelsio IPSec XFRM Tx crypto offload"
34 Support Chelsio Inline IPsec with Chelsio crypto accelerator.
35 Enable inline IPsec support for Tx.
|
| /Linux-v5.10/net/ipv6/ |
| D | Kconfig | 54 Support for IPsec AH (Authentication Header).
69 Support for IPsec ESP (Encapsulating Security Payload).
87 only if this system really does IPsec and want to do it
89 need it, even if it does IPsec.
111 typically needed for IPsec.
162 the notion of a secure tunnel for IPSEC and then use routing protocol
|
| /Linux-v5.10/drivers/net/ethernet/mellanox/mlx5/core/accel/ |
| D | ipsec.c | 36 #include "accel/ipsec.h"
38 #include "fpga/ipsec.h"
51 mlx5_core_dbg(mdev, "IPsec ops is not supported\n"); in mlx5_accel_ipsec_init()
57 mlx5_core_warn_once(mdev, "Failed to start IPsec device, err = %d\n", err); in mlx5_accel_ipsec_init()
|
| /Linux-v5.10/security/ |
| D | Kconfig | 78 bool "XFRM (IPSec) Networking Security Hooks"
81 This enables the XFRM (IPSec) networking security hooks.
84 derived from IPSec policy. Non-IPSec communications are
87 IPSec.
|
| /Linux-v5.10/Documentation/devicetree/bindings/rng/ |
| D | brcm,bcm2835.yaml | 29 const: ipsec
60 clock-names = "ipsec";
|
