net/mlx5e: IPsec: Add Connect-X IPsec ESN update offload support
Synchronize offloading device ESN with xfrm received SN by updating an existing IPsec HW context with the new SN. Signed-off-by: Raed Salem <raeds@mellanox.com> Reviewed-by: Boris Pismenny <borisp@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
This commit is contained in:
parent
b2ac7541e3
commit
7ed92f97a1
@ -279,6 +279,93 @@ static int mlx5_ipsec_offload_init(struct mlx5_core_dev *mdev)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int mlx5_modify_ipsec_obj(struct mlx5_core_dev *mdev,
|
||||
struct mlx5_ipsec_obj_attrs *attrs,
|
||||
u32 ipsec_id)
|
||||
{
|
||||
u32 in[MLX5_ST_SZ_DW(modify_ipsec_obj_in)] = {};
|
||||
u32 out[MLX5_ST_SZ_DW(query_ipsec_obj_out)];
|
||||
u64 modify_field_select = 0;
|
||||
u64 general_obj_types;
|
||||
void *obj;
|
||||
int err;
|
||||
|
||||
if (!(attrs->accel_flags & MLX5_ACCEL_ESP_FLAGS_ESN_TRIGGERED))
|
||||
return 0;
|
||||
|
||||
general_obj_types = MLX5_CAP_GEN_64(mdev, general_obj_types);
|
||||
if (!(general_obj_types & MLX5_HCA_CAP_GENERAL_OBJECT_TYPES_IPSEC))
|
||||
return -EINVAL;
|
||||
|
||||
/* general object fields set */
|
||||
MLX5_SET(general_obj_in_cmd_hdr, in, opcode, MLX5_CMD_OP_QUERY_GENERAL_OBJECT);
|
||||
MLX5_SET(general_obj_in_cmd_hdr, in, obj_type, MLX5_GENERAL_OBJECT_TYPES_IPSEC);
|
||||
MLX5_SET(general_obj_in_cmd_hdr, in, obj_id, ipsec_id);
|
||||
err = mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
|
||||
if (err) {
|
||||
mlx5_core_err(mdev, "Query IPsec object failed (Object id %d), err = %d\n",
|
||||
ipsec_id, err);
|
||||
return err;
|
||||
}
|
||||
|
||||
obj = MLX5_ADDR_OF(query_ipsec_obj_out, out, ipsec_object);
|
||||
modify_field_select = MLX5_GET64(ipsec_obj, obj, modify_field_select);
|
||||
|
||||
/* esn */
|
||||
if (!(modify_field_select & MLX5_MODIFY_IPSEC_BITMASK_ESN_OVERLAP) ||
|
||||
!(modify_field_select & MLX5_MODIFY_IPSEC_BITMASK_ESN_MSB))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
obj = MLX5_ADDR_OF(modify_ipsec_obj_in, in, ipsec_object);
|
||||
MLX5_SET(ipsec_obj, obj, esn_msb, attrs->esn_msb);
|
||||
if (attrs->accel_flags & MLX5_ACCEL_ESP_FLAGS_ESN_STATE_OVERLAP)
|
||||
MLX5_SET(ipsec_obj, obj, esn_overlap, 1);
|
||||
|
||||
/* general object fields set */
|
||||
MLX5_SET(general_obj_in_cmd_hdr, in, opcode, MLX5_CMD_OP_MODIFY_GENERAL_OBJECT);
|
||||
|
||||
return mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
|
||||
}
|
||||
|
||||
static int mlx5_ipsec_offload_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
|
||||
const struct mlx5_accel_esp_xfrm_attrs *attrs)
|
||||
{
|
||||
struct mlx5_ipsec_obj_attrs ipsec_attrs = {};
|
||||
struct mlx5_core_dev *mdev = xfrm->mdev;
|
||||
struct mlx5_ipsec_esp_xfrm *mxfrm;
|
||||
|
||||
int err = 0;
|
||||
|
||||
if (!memcmp(&xfrm->attrs, attrs, sizeof(xfrm->attrs)))
|
||||
return 0;
|
||||
|
||||
if (mlx5_ipsec_offload_esp_validate_xfrm_attrs(mdev, attrs))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
mxfrm = container_of(xfrm, struct mlx5_ipsec_esp_xfrm, accel_xfrm);
|
||||
|
||||
mutex_lock(&mxfrm->lock);
|
||||
|
||||
if (!mxfrm->sa_ctx)
|
||||
/* Not bound xfrm, change only sw attrs */
|
||||
goto change_sw_xfrm_attrs;
|
||||
|
||||
/* need to add find and replace in ipsec_rhash_sa the sa_ctx */
|
||||
/* modify device with new hw_sa */
|
||||
ipsec_attrs.accel_flags = attrs->flags;
|
||||
ipsec_attrs.esn_msb = attrs->esn;
|
||||
err = mlx5_modify_ipsec_obj(mdev,
|
||||
&ipsec_attrs,
|
||||
mxfrm->sa_ctx->ipsec_obj_id);
|
||||
|
||||
change_sw_xfrm_attrs:
|
||||
if (!err)
|
||||
memcpy(&xfrm->attrs, attrs, sizeof(xfrm->attrs));
|
||||
|
||||
mutex_unlock(&mxfrm->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
static const struct mlx5_accel_ipsec_ops ipsec_offload_ops = {
|
||||
.device_caps = mlx5_ipsec_offload_device_caps,
|
||||
.create_hw_context = mlx5_ipsec_offload_create_sa_ctx,
|
||||
@ -286,6 +373,7 @@ static const struct mlx5_accel_ipsec_ops ipsec_offload_ops = {
|
||||
.init = mlx5_ipsec_offload_init,
|
||||
.esp_create_xfrm = mlx5_ipsec_offload_esp_create_xfrm,
|
||||
.esp_destroy_xfrm = mlx5_ipsec_offload_esp_destroy_xfrm,
|
||||
.esp_modify_xfrm = mlx5_ipsec_offload_esp_modify_xfrm,
|
||||
};
|
||||
|
||||
const struct mlx5_accel_ipsec_ops *mlx5_ipsec_offload_ops(struct mlx5_core_dev *mdev)
|
||||
|
Loading…
x
Reference in New Issue
Block a user