From: David Dillow <dave@thedillows.org>
To: netdev@oss.sgi.com
Cc: dave@thedillows.org
Subject: [RFC BK 19/22] xfrm offload v2: typhoon: add loading of xfrm_states to hardware
Date: Mon, 10 Jan 2005 10:37:02 -0500 [thread overview]
Message-ID: <20040110014300.28@ori.thedillows.org> (raw)
In-Reply-To: 20040110014300.27@ori.thedillows.org
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2005/01/10 01:00:58-05:00 dave@thedillows.org
# Teach the Typhoon driver how to add and remove xfrm_states to
# the 3XP for later packet processing.
#
# When the first xfrm_state is added, we turn on IPSEC offloads
# for the 3XP, and we turn it off when the last one is removed.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
# drivers/net/typhoon.c
# 2005/01/10 01:00:40-05:00 dave@thedillows.org +167 -0
# Teach the Typhoon driver how to add and remove xfrm_states to
# the 3XP for later packet processing.
#
# When the first xfrm_state is added, we turn on IPSEC offloads
# for the 3XP, and we turn it off when the last one is removed.
#
# Signed-off-by: David Dillow <dave@thedillows.org>
#
diff -Nru a/drivers/net/typhoon.c b/drivers/net/typhoon.c
--- a/drivers/net/typhoon.c 2005-01-10 01:16:56 -05:00
+++ b/drivers/net/typhoon.c 2005-01-10 01:16:56 -05:00
@@ -2419,6 +2419,173 @@
#undef REQUIRED
#undef UNSUPPORTED
+static struct xfrm_offload *
+typhoon_offload_ipsec(struct typhoon *tp, struct xfrm_state *x)
+{
+ struct cmd_desc xp_cmd[5];
+ struct resp_desc xp_resp;
+ struct sa_descriptor *sa = (struct sa_descriptor *)xp_cmd;
+ struct xfrm_offload *xol;
+ struct typhoon_xfrm_offload *txo;
+ u16 *dir_sa_avail = &tp->rx_sa_avail;
+ u16 cookie;
+ int keylen, err;
+
+ if(!typhoon_validate_xfrm(tp, x))
+ goto error;
+
+ memset(xp_cmd, 0, 5 * sizeof(xp_cmd[0]));
+ INIT_COMMAND_WITH_RESPONSE(xp_cmd, TYPHOON_CMD_CREATE_SA);
+ sa->numDesc = 4;
+
+ sa->mode = TYPHOON_SA_MODE_AH;
+ if(x->type->proto == IPPROTO_ESP)
+ sa->mode = TYPHOON_SA_MODE_ESP;
+
+ if(x->dir == XFRM_STATE_DIR_OUT) {
+ sa->direction = TYPHOON_SA_DIR_TX;
+ dir_sa_avail = &tp->tx_sa_avail;
+ }
+
+ spin_lock_bh(&tp->offload_lock);
+ if(!*dir_sa_avail) {
+ spin_unlock_bh(&tp->offload_lock);
+ goto error;
+ }
+ *dir_sa_avail--;
+ if(!tp->sa_count++) {
+ tp->offload |= TYPHOON_OFFLOAD_IPSEC;
+ err = typhoon_set_offload(tp);
+ if(err < 0) {
+ spin_unlock_bh(&tp->offload_lock);
+ printk(KERN_ERR "%s: unable to enable IPSEC "
+ "offload (%d)\n", tp->name, -err);
+ goto error_counted;
+ }
+ }
+ spin_unlock_bh(&tp->offload_lock);
+
+ if(x->props.aalgo != SADB_X_AALG_NULL && x->aalg) {
+ keylen = (x->aalg->alg_key_len + 7) / 8;
+
+ sa->hashFlags = TYPHOON_SA_HASH_SHA1;
+ if(x->props.aalgo == SADB_AALG_MD5HMAC)
+ sa->hashFlags = TYPHOON_SA_HASH_MD5;
+ sa->hashFlags |= TYPHOON_SA_HASH_ENABLE;
+
+ memcpy(sa->integKey, x->aalg->alg_key, keylen);
+ }
+
+ if(x->props.ealgo != SADB_EALG_NULL && x->ealg) {
+ keylen = (x->ealg->alg_key_len + 7) / 8;
+
+ sa->encryptionFlags = TYPHOON_SA_ENCRYPT_ENABLE |
+ TYPHOON_SA_ENCRYPT_CBC;
+ if(x->props.ealgo == SADB_EALG_DESCBC)
+ sa->encryptionFlags |= TYPHOON_SA_ENCRYPT_DES;
+ else if(x->ealg->alg_key_len == 192)
+ sa->encryptionFlags |= TYPHOON_SA_ENCRYPT_3DES_3KEY;
+ else {
+ sa->encryptionFlags |= TYPHOON_SA_ENCRYPT_3DES_2KEY;
+ memcpy(&sa->confKey[16], x->ealg->alg_key, 8);
+ }
+
+ memcpy(sa->confKey, x->ealg->alg_key, keylen);
+ }
+
+ /* The 3XP expects the SPI to be in host order, litte endian.
+ * It expects the address to be in network order.
+ */
+ sa->SPI = cpu_to_le32(ntohl(x->id.spi));
+ sa->destAddr = x->id.daddr.a4;
+ sa->destMask = (u32) ~0UL;
+
+ err = typhoon_issue_command(tp, 5, xp_cmd, 1, &xp_resp);
+ cookie = le16_to_cpu(xp_resp.parm1);
+ if(err < 0 || !cookie || cookie == 0xffff)
+ goto error_counted;
+
+ xol = xfrm_offload_alloc(sizeof(*txo), tp->dev, GFP_KERNEL);
+ if(!xol)
+ goto error_cookie;
+
+ txo = xfrm_offload_priv(xol);
+ txo->sa_cookie = cookie;
+ txo->tunnel = !!x->props.mode;
+ txo->ah = (x->id.proto == IPPROTO_AH);
+ txo->inbound = (x->dir == XFRM_STATE_DIR_IN);
+
+ xfrm_state_offload_add(x, xol);
+
+ return xol;
+
+error_cookie:
+ INIT_COMMAND_NO_RESPONSE(xp_cmd, TYPHOON_CMD_DELETE_SA);
+ xp_cmd[0].parm1 = xp_resp.parm1;
+ typhoon_issue_command(tp, 1, xp_cmd, 0, NULL);
+
+error_counted:
+ spin_lock_bh(&tp->offload_lock);
+ *dir_sa_avail++;
+ tp->sa_count--;
+ if(!tp->sa_count) {
+ tp->offload &= ~TYPHOON_OFFLOAD_IPSEC;
+ err = typhoon_set_offload(tp);
+ if(err < 0)
+ printk(KERN_ERR "%s: unable to disable IPSEC "
+ "offload (%d)\n", tp->name, -err);
+ }
+ spin_unlock_bh(&tp->offload_lock);
+
+error:
+ return NULL;
+}
+
+static void
+typhoon_xfrm_state_add(struct net_device *dev, struct xfrm_state *x)
+{
+ struct typhoon *tp = netdev_priv(dev);
+
+ smp_rmb();
+ if(tp->card_state == Running)
+ typhoon_offload_ipsec(tp, x);
+}
+
+static void
+typhoon_xfrm_state_del(struct net_device *dev, struct xfrm_offload *xol)
+{
+ struct typhoon *tp = netdev_priv(dev);
+ struct typhoon_xfrm_offload *txo = xfrm_offload_priv(xol);
+ struct cmd_desc xp_cmd;
+ int err;
+
+ smp_rmb();
+ if(tp->card_state != Running)
+ return;
+
+ INIT_COMMAND_NO_RESPONSE(&xp_cmd, TYPHOON_CMD_DELETE_SA);
+ xp_cmd.parm1 = cpu_to_le16(txo->sa_cookie);
+ if(typhoon_issue_command(tp, 1, &xp_cmd, 0, NULL) < 0) {
+ printk(KERN_ERR "%s: unable to remove offloaded SA 0x%04x\n",
+ tp->name, txo->sa_cookie);
+ }
+
+ spin_lock_bh(&tp->offload_lock);
+ if(txo->inbound)
+ tp->rx_sa_avail++;
+ else
+ tp->tx_sa_avail++;
+ tp->sa_count--;
+ if(!tp->sa_count) {
+ tp->offload &= ~TYPHOON_OFFLOAD_IPSEC;
+ err = typhoon_set_offload(tp);
+ if(err < 0)
+ printk(KERN_ERR "%s: unable to disable IPSEC "
+ "offload (%d)\n", tp->name, -err);
+ }
+ spin_unlock_bh(&tp->offload_lock);
+}
+
static void
typhoon_tx_timeout(struct net_device *dev)
{
next prev parent reply other threads:[~2005-01-10 15:37 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-10 15:36 [RFC BK 0/22] xfrm offload v2: Add hardware assist for IPSEC crypto David Dillow
2005-01-10 15:36 ` [RFC BK 1/22] xfrm offload v2: Add direction information to xfrm_state David Dillow
2005-01-10 15:36 ` [RFC BK 2/22] xfrm offload v2: Add xfrm offload management calls to struct netdevice David Dillow
2005-01-10 15:36 ` [RFC BK 3/22] xfrm offload v2: Add offload management routines David Dillow
2005-01-10 15:36 ` [RFC BK 4/22] xfrm offload v2: Try to offload inbound xfrm_states David Dillow
2005-01-10 15:37 ` [RFC BK 5/22] xfrm offload v2: Attempt to offload bundled xfrm_states for outbound xfrms David Dillow
2005-01-10 15:37 ` [RFC BK 6/22] xfrm offload v2: add a parameter to xfrm_prune_bundles() David Dillow
2005-01-10 15:37 ` [RFC BK 7/22] xfrm offload v2: Allow device drivers to force recalculation of offloads David Dillow
2005-01-10 15:37 ` [RFC BK 8/22] xfrm offload v2: Add routines to manage applied offloads per skb David Dillow
2005-01-10 15:37 ` [RFC BK 9/22] xfrm offload v2: Split AH header initialization from zeroing of mutable fields David Dillow
2005-01-10 15:37 ` [RFC BK 10/22] xfrm offload v2: Add offloading of outbound AH & ESP packets David Dillow
2005-01-10 15:37 ` [RFC BK 11/22] xfrm offload v2: Add offloading of inbound " David Dillow
2005-01-10 15:37 ` [RFC BK 12/22] xfrm offload v2: Add ethtool support for crypto offload control David Dillow
2005-01-10 15:37 ` [RFC BK 13/22] xfrm offload v2: typhoon: Make the ipsec descriptor match actual usage David Dillow
2005-01-10 15:37 ` [RFC BK 14/22] xfrm offload v2: typhoon: add inbound offload result processing David Dillow
2005-01-10 15:37 ` [RFC BK 15/22] xfrm offload v2: typhoon: add outbound offload processing David Dillow
2005-01-10 15:37 ` [RFC BK 16/22] xfrm offload v2: typhoon: collect crypto offload capabilities David Dillow
2005-01-10 15:37 ` [RFC BK 17/22] xfrm offload v2: typhoon: split out setting of offloaded tasks David Dillow
2005-01-10 15:37 ` [RFC BK 18/22] xfrm offload v2: typhoon: add validation of offloaded xfrm_states David Dillow
2005-01-10 15:37 ` David Dillow [this message]
2005-01-10 15:37 ` [RFC BK 20/22] xfrm offload v2: typhoon: add management of outbound bundles David Dillow
2005-01-10 15:37 ` [RFC BK 21/22] xfrm offload v2: typhoon: add callbacks to support crypto offload David Dillow
2005-01-10 15:37 ` [RFC BK 22/22] xfrm offload v2: Add some documentation for the IPSEC " David Dillow
2005-01-17 19:00 ` [RFC BK 0/22] xfrm offload v2: Add hardware assist for IPSEC crypto James Morris
2005-01-20 17:22 ` Dave Dillow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040110014300.28@ori.thedillows.org \
--to=dave@thedillows.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).