Merge "[qca-nss-drv] Always use cached n2h/h2n rings"
diff --git a/exports/arch/nss_ipq807x.h b/exports/arch/nss_ipq807x.h
index 05122bc..1f80f98 100644
--- a/exports/arch/nss_ipq807x.h
+++ b/exports/arch/nss_ipq807x.h
@@ -1,6 +1,6 @@
/*
**************************************************************************
- * Copyright (c) 2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -28,6 +28,7 @@
#define NSS_MAX_NUM_PRI 4 /**< Maximum number of priority queues in NSS for the IPQ807x chipsets. */
#define NSS_HOST_CORES 4 /**< Number of host cores for the IPQ807x chipsets. */
+#define NSS_PPE_SUPPORTED /**< PPE supported flag for the IPQ807x chipsets. */
/**
* @}
diff --git a/exports/arch/nss_ipq807x_64.h b/exports/arch/nss_ipq807x_64.h
index ca6d07f..ae32665 100644
--- a/exports/arch/nss_ipq807x_64.h
+++ b/exports/arch/nss_ipq807x_64.h
@@ -1,6 +1,6 @@
/*
**************************************************************************
- * Copyright (c) 2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -28,6 +28,7 @@
#define NSS_MAX_NUM_PRI 4 /**< Maximum number of priority queues in NSS for the IPQ807x 64-bit chipsets. */
#define NSS_HOST_CORES 4 /**< Number of host cores for the IPQ807x 64-bit chipsets. */
+#define NSS_PPE_SUPPORTED /**< PPE supported flag for the IPQ807x 64-bit chipsets. */
/**
* @}
diff --git a/exports/nss_crypto_cmn.h b/exports/nss_crypto_cmn.h
index d8741c5..95e21e7 100644
--- a/exports/nss_crypto_cmn.h
+++ b/exports/nss_crypto_cmn.h
@@ -1,6 +1,6 @@
/*
**************************************************************************
- * Copyright (c) 2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -31,13 +31,16 @@
*/
#define NSS_CRYPTO_CMN_CTX_SPARE 4 /**< Context spare words size. */
#define NSS_CRYPTO_CMN_VER_WORDS 4 /**< Firmware version words size.*/
+#define NSS_CRYPTO_CIPHER_KEYLEN_MAX 32 /**< Maximum cipher keysize. */
+#define NSS_CRYPTO_AUTH_KEYLEN_MAX 64 /**< Maximum authorization keysize. */
+#define NSS_CRYPTO_NONCE_SIZE_MAX 4 /**< Maximum authorization keysize. */
/**
* nss_crypto_cmn_algo
* List of crypto algorithms supported.
*/
enum nss_crypto_cmn_algo {
- NSS_CRYPTO_CMN_ALGO_NULL, /**< NULL tranform */
+ NSS_CRYPTO_CMN_ALGO_NULL, /**< NULL transform. */
NSS_CRYPTO_CMN_ALGO_3DES_CBC, /**< Asynchronous block cipher. */
NSS_CRYPTO_CMN_ALGO_AES128_CBC, /**< Asynchronous block cipher. */
NSS_CRYPTO_CMN_ALGO_AES192_CBC, /**< Asynchronous block cipher. */
@@ -48,6 +51,9 @@
NSS_CRYPTO_CMN_ALGO_AES128_ECB, /**< Asynchronous block cipher. */
NSS_CRYPTO_CMN_ALGO_AES192_ECB, /**< Asynchronous block cipher. */
NSS_CRYPTO_CMN_ALGO_AES256_ECB, /**< Asynchronous block cipher. */
+ NSS_CRYPTO_CMN_ALGO_AES128_GCM, /**< Asynchronous block cipher. */
+ NSS_CRYPTO_CMN_ALGO_AES192_GCM, /**< Asynchronous block cipher. */
+ NSS_CRYPTO_CMN_ALGO_AES256_GCM, /**< Asynchronous block cipher. */
NSS_CRYPTO_CMN_ALGO_MD5_HASH, /**< Asynchronous digest. */
NSS_CRYPTO_CMN_ALGO_SHA160_HASH, /**< Asynchronous digest. */
NSS_CRYPTO_CMN_ALGO_SHA224_HASH, /**< Asynchronous digest. */
@@ -220,13 +226,13 @@
* Context message for setting up a crypto context in firmware.
*/
struct nss_crypto_cmn_ctx {
- uint32_t words; /**< Number of valid context words. */
- uint32_t addr; /**< Address to configuration. */
uint32_t spare[NSS_CRYPTO_CMN_CTX_SPARE]; /**< Context spare words. */
-
uint16_t index; /**< Crypto index. */
uint16_t sec_offset; /**< Secure offset for copying keys. */
+ uint8_t cipher_key[NSS_CRYPTO_CIPHER_KEYLEN_MAX]; /**< Array containing cipher keys. */
+ uint8_t auth_key[NSS_CRYPTO_AUTH_KEYLEN_MAX]; /**< Array containing authorization keys. */
+ uint8_t nonce[NSS_CRYPTO_NONCE_SIZE_MAX]; /**< Nonce value. */
enum nss_crypto_cmn_algo algo; /**< Crypto algorithm. */
enum nss_crypto_cmn_ctx_flags flags; /**< Context specific flags. */
};
diff --git a/exports/nss_ipsec.h b/exports/nss_ipsec.h
index a5adfd7..ed62142 100644
--- a/exports/nss_ipsec.h
+++ b/exports/nss_ipsec.h
@@ -1,6 +1,6 @@
/*
**************************************************************************
- * Copyright (c) 2014-2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2014-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -61,6 +61,7 @@
NSS_IPSEC_MSG_TYPE_SYNC_SA_STATS = 4,
NSS_IPSEC_MSG_TYPE_SYNC_FLOW_STATS = 5,
NSS_IPSEC_MSG_TYPE_SYNC_NODE_STATS = 6,
+ NSS_IPSEC_MSG_TYPE_CONFIGURE_NODE = 7,
NSS_IPSEC_MSG_TYPE_MAX
};
@@ -189,6 +190,15 @@
};
/**
+ * nss_ipsec_configure_node
+ * Push message for setting IPsec inline mode and initializing DMA rings.
+ */
+struct nss_ipsec_configure_node {
+ bool dma_redirect; /**< Program redirect DMA ring. */
+ bool dma_lookaside; /**< Program lookaside DMA ring. */
+};
+
+/**
* nss_ipsec_sa_stats
* Packet statistics per security association.
*/
@@ -230,6 +240,8 @@
uint32_t linearized; /**< Packet is linear. */
uint32_t exceptioned; /**< Packets exception from the NSS. */
uint32_t fail_enqueue; /**< Packets failed to enqueue. */
+ uint32_t redir_rx; /**< Packets received in redirect ring. */
+ uint32_t fail_redir; /**< Packets dropped in redirect ring. */
};
/**
@@ -260,6 +272,8 @@
union {
struct nss_ipsec_rule rule;
/**< IPsec rule message. */
+ struct nss_ipsec_configure_node node;
+ /**< IPsec node message. */
union nss_ipsec_stats stats;
/**< Retrieve statistics for the tunnel. */
} msg; /**< Message payload. */
@@ -307,6 +321,30 @@
extern nss_tx_status_t nss_ipsec_tx_msg(struct nss_ctx_instance *nss_ctx, struct nss_ipsec_msg *msg);
/**
+ * nss_ipsec_tx_msg_sync
+ * Sends IPsec messages synchronously.
+ *
+ * @datatypes
+ * nss_ctx_instance \n
+ * nss_ipsec_msg_type \n
+ * nss_ipsec_msg \n
+ * nss_ipsec_error_type
+ *
+ * @param[in] nss_ctx Pointer to the NSS context.
+ * @param[in] if_num Configuration interface number.
+ * @param[in] type Type of the message.
+ * @param[in] len Size of the payload.
+ * @param[in] nim Pointer to the message data.
+ * @param[in,out] resp Response for the configuration.
+ *
+ * @return
+ * Status of the Tx operation.
+ */
+extern nss_tx_status_t nss_ipsec_tx_msg_sync(struct nss_ctx_instance *nss_ctx, uint32_t if_num,
+ enum nss_ipsec_msg_type type, uint16_t len,
+ struct nss_ipsec_msg *nim, enum nss_ipsec_error_type *resp);
+
+/**
* nss_ipsec_tx_buf
* Sends a plain text packet to NSS for IPsec encapsulation or decapsulation.
*
@@ -455,6 +493,25 @@
extern int32_t nss_ipsec_get_data_interface(void);
/**
+ * nss_ipsec_ppe_port_config
+ * Configure Packet Processing Engine IPsec port.
+ *
+ * @datatypes
+ * nss_ctx_instance \n
+ * net_device
+ *
+ * @param[in] ctx Pointer to the context of the HLOS driver.
+ * @param[in] netdev Pointer to the associated network device.
+ * @param[in] if_num Data interface number.
+ * @param[in] vsi_num Virtual switch instance number.
+ *
+ * @return
+ * True if successful, else false.
+ */
+extern bool nss_ipsec_ppe_port_config(struct nss_ctx_instance *ctx, struct net_device *netdev,
+ uint32_t if_num, uint32_t vsi_num);
+
+/**
* @}
*/
diff --git a/exports/nss_ppe.h b/exports/nss_ppe.h
index f3ac045..8bb6274 100644
--- a/exports/nss_ppe.h
+++ b/exports/nss_ppe.h
@@ -1,6 +1,6 @@
/*
**************************************************************************
- * Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2016-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -31,15 +31,24 @@
* NSS PORT defines
*/
#define NSS_PPE_NUM_PHY_PORTS_MAX 8
- /**< Maximum number of PPE phsyical ports. */
+ /**< Maximum number of PPE physical ports. */
+#define NSS_PPE_PORT_IPSEC 7
+ /**< Port number of PPE inline IPsec port. */
/**
- * nss_ppe_metadata_types
+ * nss_ppe_message_types
* Message types for Packet Processing Engine (PPE) requests and responses.
+ *
+ * Note: PPE messages are added as short term approach, expect all
+ * messages below to be deprecated for more integrated approach.
*/
-enum nss_ppe_metadata_types {
+enum nss_ppe_message_types {
NSS_PPE_MSG_SYNC_STATS,
NSS_PPE_MSG_L2_EXCEPTION,
+ NSS_PPE_MSG_IPSEC_PORT_CONFIG,
+ NSS_PPE_MSG_IPSEC_PORT_MTU_CHANGE,
+ NSS_PPE_MSG_IPSEC_ADD_INTF,
+ NSS_PPE_MSG_IPSEC_DEL_INTF,
NSS_PPE_MSG_MAX,
};
@@ -50,6 +59,13 @@
enum nss_ppe_msg_error_type {
PPE_MSG_ERROR_OK,
PPE_MSG_ERROR_UNKNOWN_TYPE,
+ PPE_MSG_ERROR_PORT_CREATION_FAIL,
+ PPE_MSG_ERROR_INVALID_PORT_VSI,
+ PPE_MSG_ERROR_INVALID_L3_IF,
+ PPE_MSG_ERROR_IPSEC_PORT_CONFIG,
+ PPE_MSG_ERROR_IPSEC_INTF_TABLE_FULL,
+ PPE_MSG_ERROR_IPSEC_INTF_ATTACHED,
+ PPE_MSG_ERROR_IPSEC_INTF_UNATTACHED
};
/**
@@ -104,12 +120,12 @@
uint32_t nss_ppe_fail_ppe_unresponsive;
/**< Request failed because the PPE is not responding. */
uint32_t nss_ppe_ce_opaque_invalid;
- /**< Request failed because of invalid opaque in connection entry */
+ /**< Request failed because of invalid opaque in connection entry. */
uint32_t nss_ppe_fail_fqg_full;
/**< Request failed because the flow QoS group is full. */
};
-/*
+/**
* nss_ppe_l2_exception_msg
* Message structure for L2 exception.
*/
@@ -118,6 +134,41 @@
};
/**
+ * nss_ppe_ipsec_port_config_msg
+ * Message structure for inline IPsec port configuration.
+ */
+struct nss_ppe_ipsec_port_config_msg {
+ uint32_t nss_ifnum; /**< NSS interface number corresponding to inline IPsec port. */
+ uint16_t mtu; /**< MTU value for inline IPsec port. */
+ uint8_t vsi_num; /**< Default port VSI for inline IPsec port. */
+};
+
+/**
+ * nss_ppe_ipsec_port_mtu_msg
+ * Message structure for inline IPsec port MTU change.
+ */
+struct nss_ppe_ipsec_port_mtu_msg {
+ uint32_t nss_ifnum; /**< NSS interface number corresponding to inline IPsec port. */
+ uint16_t mtu; /**< MTU value for inline IPsec port. */
+};
+
+/**
+ * nss_ppe_ipsec_add_intf_msg
+ * Message structure for adding dynamic IPsec/DTLS interface to inline IPsec port.
+ */
+struct nss_ppe_ipsec_add_intf_msg {
+ uint32_t nss_ifnum; /**< Dynamic IPsec/DTLS interface number. */
+};
+
+/**
+ * nss_ppe_ipsec_del_intf_msg
+ * Message structure for deleting dynamic IPsec/DTLS interface to inline IPsec port.
+ */
+struct nss_ppe_ipsec_del_intf_msg {
+ uint32_t nss_ifnum; /**< Dynamic IPsec/DTLS interface number. */
+};
+
+/**
* nss_ppe_msg
* Data for sending and receiving PPE host-to-NSS messages.
*/
@@ -132,6 +183,14 @@
/**< Synchronization statistics. */
struct nss_ppe_l2_exception_msg l2_exception;
/**< L2 exception message. */
+ struct nss_ppe_ipsec_port_config_msg ipsec_config;
+ /**< PPE inline IPsec port configuration message. */
+ struct nss_ppe_ipsec_port_mtu_msg ipsec_mtu;
+ /**< Inline IPsec port MTU change message. */
+ struct nss_ppe_ipsec_add_intf_msg ipsec_addif;
+ /**< Inline IPsec NSS interface attach message. */
+ struct nss_ppe_ipsec_del_intf_msg ipsec_delif;
+ /**< Inline IPsec NSS interface detach message. */
} msg; /**< Message payload. */
};
@@ -228,6 +287,53 @@
nss_tx_status_t nss_ppe_tx_l2_exception_msg(uint32_t if_num, bool exception_enable);
/**
+ * nss_ppe_tx_ipsec_config_msg
+ * Sends the PPE a message to configure inline IPsec port.
+ *
+ * @param[in] if_num Static IPsec interface number.
+ * @param[in] vsi_num Default VSI number associated with inline IPsec port.
+ * @param[in] mtu Default MTU of static inline IPsec port.
+ *
+ * @return
+ * Status of the Tx operation.
+ */
+nss_tx_status_t nss_ppe_tx_ipsec_config_msg(uint32_t nss_ifnum, uint32_t vsi_num, uint16_t mtu);
+
+/**
+ * nss_ppe_tx_ipsec_mtu_msg
+ * Sends the PPE a message to configure MTU value on IPsec port.
+ *
+ * @param[in] nss_ifnum Static IPsec interface number.
+ * @param[in] mtu MTU of static IPsec interface.
+ *
+ * @return
+ * Status of the Tx operation.
+ */
+nss_tx_status_t nss_ppe_tx_ipsec_mtu_msg(uint32_t nss_ifnum, uint16_t mtu);
+
+/**
+ * nss_ppe_tx_ipsec_add_intf_msg
+ * Sends the PPE a message to attach a dynamic interface number to IPsec port.
+ *
+ * @param[in] if_num Dynamic IPsec/DTLS interface number.
+ *
+ * @return
+ * Status of the Tx operation.
+ */
+nss_tx_status_t nss_ppe_tx_ipsec_add_intf_msg(uint32_t nss_ifnum);
+
+/**
+ * nss_ppe_tx_ipsec_del_intf_msg
+ * Sends the PPE a message to detach a dynamic interface number to IPsec port.
+ *
+ * @param[in] if_num Dynamic IPsec/DTLS interface number.
+ *
+ * @return
+ * Status of the Tx operation.
+ */
+nss_tx_status_t nss_ppe_tx_ipsec_del_intf_msg(uint32_t nss_ifnum);
+
+/**
* nss_ppe_stats_conn_get
* Gets PPE connection statistics.
*
diff --git a/exports/nss_shaper.h b/exports/nss_shaper.h
index 752f83c..e543069 100644
--- a/exports/nss_shaper.h
+++ b/exports/nss_shaper.h
@@ -65,6 +65,7 @@
NSS_SHAPER_CONFIG_TYPE_SHAPER_NODE_CHANGE_PARAM,
NSS_SHAPER_CONFIG_TYPE_HYBRID_MODE_ENABLE,
NSS_SHAPER_CONFIG_TYPE_HYBRID_MODE_DISABLE,
+ NSS_SHAPER_CONFIG_TYPE_SHAPER_NODE_MEM_REQ,
};
typedef enum nss_shaper_config_types nss_shaper_config_type_t;
@@ -107,6 +108,10 @@
NSS_SHAPER_RESPONSE_TYPE_PPE_SN_INVALID_LIMIT,
NSS_SHAPER_RESPONSE_TYPE_PPE_SN_UCAST_QUEUE_CHANGED,
NSS_SHAPER_RESPONSE_TYPE_PPE_SN_MCAST_QUEUE_CHANGED,
+ NSS_SHAPER_RESPONSE_TYPE_CODEL_FQ_MEM_INSUFFICIENT,
+ NSS_SHAPER_RESPONSE_TYPE_CODEL_FQ_COUNT_CHANGE_NOT_ALLOWED,
+ NSS_SHAPER_RESPONSE_TYPE_CODEL_FQ_COUNT_INVALID,
+ NSS_SHAPER_RESPONSE_TYPE_CODEL_MODE_CHANGE_NOT_ALLOWED,
};
typedef enum nss_shaper_response_types nss_shaper_response_type_t;
@@ -186,10 +191,22 @@
* Message information for configuring a CoDel shaper node.
*/
struct nss_shaper_config_codel_param {
- int32_t qlen_max;
- /**< Maximum number of packets that can be enqueued. */
+ int32_t qlen_max; /**< Maximum number of packets that can be enqueued. */
struct nss_shaper_config_codel_alg_param cap;
- /**< Configuration for the CoDel algorithm. */
+ /**< Configuration for the CoDel algorithm. */
+ uint32_t flows; /**< Number of flow hash buckets. */
+ uint32_t flows_mem; /**< Host allocated memory for flow queues. */
+ uint32_t flows_mem_sz; /**< Memory size allocated for flow queues. */
+ uint32_t quantum; /**< Quantum (in bytes) to round-robin the flow buckets. */
+ uint32_t ecn; /**< 0 - ECN disabled, 1 - ECN enabled. */
+};
+
+/**
+ * nss_shaper_config_codel_mem_req
+ * Message to get CoDel memory requirement per flow queue (needed for fq_codel).
+ */
+struct nss_shaper_config_codel_mem_req {
+ uint32_t mem_req; /**< Memory needed per flow queue (in bytes). */
};
/**
@@ -445,7 +462,7 @@
*/
enum nss_shaper_config_ppe_sn_type {
/*
- * Scheduler types
+ * Scheduler types.
*/
NSS_SHAPER_CONFIG_PPE_SN_TYPE_HTB,
NSS_SHAPER_CONFIG_PPE_SN_TYPE_HTB_GROUP,
@@ -456,7 +473,7 @@
NSS_SHAPER_CONFIG_PPE_SN_SCH_MAX = 0xFF,
/*
- * Queue types
+ * Queue types.
*/
NSS_SHAPER_CONFIG_PPE_SN_TYPE_FIFO,
NSS_SHAPER_CONFIG_PPE_SN_TYPE_RED,
@@ -498,6 +515,9 @@
struct nss_shaper_config_codel_param codel_param;
/**< Configure a CoDel shaper node. */
+ struct nss_shaper_config_codel_mem_req codel_mem_req;
+ /**< Get CoDel memory requirement. */
+
struct nss_shaper_config_tbl_attach tbl_attach;
/**< Attach a shaper node to a TBL shaper node. */
struct nss_shaper_config_tbl_param tbl_param;
diff --git a/exports/nss_wifili_if.h b/exports/nss_wifili_if.h
index 2f5ad8c..366ac29 100644
--- a/exports/nss_wifili_if.h
+++ b/exports/nss_wifili_if.h
@@ -270,8 +270,12 @@
* Wi-Fi radio commands for wifili.
*/
enum nss_wifili_radio_cmd {
- NSS_WIFILI_RADIO_TX_CAPTURE_CMD, /**< Enable Tx capture. */
- NSS_WIFILI_RADIO_MAX_CMD
+ NSS_WIFILI_RADIO_TX_CAPTURE_CMD, /**< Enable Tx capture. */
+ NSS_WIFILI_SET_PRIMARY_RADIO, /**< Set current radio as primary. */
+ NSS_WIFILI_SET_ALWAYS_PRIMARY, /**< Set always primary flag. */
+ NSS_WIFILI_SET_FORCE_CLIENT_MCAST_TRAFFIC, /**< Flag to force multicast traffic for a radio. */
+ NSS_WIFILI_SET_DROP_SECONDARY_MCAST, /**< Flag to drop multicast traffic on secondary radio. */
+ NSS_WIFILI_RADIO_MAX_CMD /**< Maximum radio command index. */
};
/**
@@ -331,6 +335,10 @@
/**< Number of memory address. */
uint32_t ext_desc_page_num;
/**< Extended descriptor page number. */
+ uint32_t num_tx_desc_2;
+ /**< Count of the software descriptors for second radio. */
+ uint32_t num_tx_desc_ext_2;
+ /**< Count of software extended descriptors for second radio. */
};
/**
@@ -399,6 +407,8 @@
/**< Hardware address search table index. */
uint8_t is_nawds;
/**< NAWDS enabled for peer. */
+ uint8_t reserved[3];
+ /**< Padding for alignment. */
uint32_t nss_peer_mem;
/**< Holds peer memory adderss for NSS. */
};
@@ -671,7 +681,8 @@
* Tx peer statistics.
*/
struct nss_wifili_tx_ctrl_stats {
- uint32_t ofdma; /**< Total number of OFDMA packets. */
+ uint32_t ofdma; /**< Number of Orthogonal frequency-division multiple
+ access packets. */
uint32_t non_amsdu_cnt; /**< Number of MSDUs with no MSDU level aggregation. */
uint32_t amsdu_cnt; /**< Number of MSDUs part of AMSDU. */
uint32_t tx_mcast_cnt; /**< Total number of multicast packets sent. */
diff --git a/nss_ipsec.c b/nss_ipsec.c
index 246f122..e67b959 100644
--- a/nss_ipsec.c
+++ b/nss_ipsec.c
@@ -1,6 +1,6 @@
/*
**************************************************************************
- * Copyright (c) 2013-2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -45,6 +45,25 @@
#endif
/*
+ * Amount time the synchronous message should wait for response from
+ * NSS before the timeout happens. After the timeout the message
+ * response even if it arrives has to be discarded. Typically, the
+ * time needs to be selected based on the worst case time in case of
+ * peak throughput between host & NSS.
+ */
+#define NSS_IPSEC_TX_TIMEO_TICKS msecs_to_jiffies(3000) /* 3 Seconds */
+
+/*
+ * Private data structure to hold state for
+ * the ipsec specific NSS interaction
+ */
+struct nss_ipsec_pvt {
+ struct semaphore sem; /* used for synchronizing 'tx_msg_sync' */
+ struct completion complete; /* completion callback */
+ atomic_t resp; /* Response error type */
+} nss_ipsec;
+
+/*
* nss_ipsec_get_msg_ctx()
* return ipsec message context assoicated with the callback
*
@@ -147,6 +166,31 @@
*/
/*
+ * nss_ipsec_callback()
+ * Callback to handle the completion of NSS->HLOS messages.
+ */
+static void nss_ipsec_callback(void *app_data, struct nss_ipsec_msg *nim)
+{
+ struct nss_cmn_msg *ncm = &nim->cm;
+
+ /*
+ * This callback is for synchronous operation. The caller sends its
+ * response pointer which needs to be loaded with the response
+ * data arriving from the NSS
+ */
+ atomic_t *resp = (atomic_t *)app_data;
+
+ if (ncm->response == NSS_CMN_RESPONSE_ACK) {
+ atomic_set(resp, NSS_IPSEC_ERROR_TYPE_NONE);
+ complete(&nss_ipsec.complete);
+ return;
+ }
+
+ atomic_set(resp, ncm->error);
+ complete(&nss_ipsec.complete);
+}
+
+/*
* nss_ipsec_tx_msg
* Send ipsec rule to NSS.
*/
@@ -210,6 +254,96 @@
EXPORT_SYMBOL(nss_ipsec_tx_msg);
/*
+ * nss_ipsec_tx_msg_sync()
+ * Transmit a ipsec message to NSS firmware synchronously.
+ */
+nss_tx_status_t nss_ipsec_tx_msg_sync(struct nss_ctx_instance *nss_ctx, uint32_t if_num,
+ enum nss_ipsec_msg_type type, uint16_t len,
+ struct nss_ipsec_msg *nim, enum nss_ipsec_error_type *resp)
+{
+ struct nss_ipsec_msg nim_local = { {0} };
+ nss_tx_status_t status;
+ int ret;
+
+ /*
+ * Length of the message should be the based on type
+ */
+ if (len > sizeof(nim_local.msg)) {
+ nss_warning("%p: (%u)Bad message length(%u) for type (%d)", nss_ctx, if_num, len, type);
+ return NSS_TX_FAILURE_TOO_LARGE;
+ }
+
+ /*
+ * Response buffer is a required for copying the response for message
+ */
+ if (!resp) {
+ nss_warning("%p: (%u)Response buffer is empty, type(%d)", nss_ctx, if_num, type);
+ return NSS_TX_FAILURE_BAD_PARAM;
+ }
+
+ /*
+ * TODO: this can be removed in future as we need to ensure that the response
+ * memory is only updated when the current outstanding request is waiting.
+ * This can be solved by introducing sequence no. in messages and only completing
+ * the message if the sequence no. matches. For now this is solved by passing
+ * a known memory nss_ipsec.resp
+ */
+ down(&nss_ipsec.sem);
+
+ /*
+ * Initializing it to a fail error type
+ */
+ atomic_set(&nss_ipsec.resp, NSS_IPSEC_ERROR_TYPE_UNHANDLED_MSG);
+
+ /*
+ * We need to copy the message content into the actual message
+ * to be sent to NSS
+ *
+ * Note: Here pass the nss_ipsec.resp as the pointer. Since, the caller
+ * provided pointer is not allocated by us and may go away when this function
+ * returns with failure. The callback is not aware of this and may try to
+ * access the pointer incorrectly potentially resulting in a crash.
+ */
+ nss_ipsec_msg_init(&nim_local, if_num, type, len, nss_ipsec_callback, &nss_ipsec.resp);
+ memcpy(&nim_local.msg, &nim->msg, len);
+
+ status = nss_ipsec_tx_msg(nss_ctx, &nim_local);
+ if (status != NSS_TX_SUCCESS) {
+ nss_warning("%p: ipsec_tx_msg failed", nss_ctx);
+ goto done;
+ }
+
+ ret = wait_for_completion_timeout(&nss_ipsec.complete, NSS_IPSEC_TX_TIMEO_TICKS);
+ if (!ret) {
+ nss_warning("%p: IPsec msg tx failed due to timeout", nss_ctx);
+ status = NSS_TX_FAILURE_NOT_ENABLED;
+ goto done;
+ }
+
+ /*
+ * Read memory barrier
+ */
+ smp_rmb();
+
+ /*
+ * Copy the response received
+ */
+ *resp = atomic_read(&nss_ipsec.resp);
+
+ /*
+ * Only in case of non-error response we will
+ * indicate success
+ */
+ if (*resp != NSS_IPSEC_ERROR_TYPE_NONE)
+ status = NSS_TX_FAILURE;
+
+done:
+ up(&nss_ipsec.sem);
+ return status;
+}
+EXPORT_SYMBOL(nss_ipsec_tx_msg_sync);
+
+/*
* nss_ipsec_tx_buf
* Send data packet for ipsec processing
*/
@@ -397,7 +531,7 @@
/*
* nss_ipsec_get_context()
- * get NSS context instance for IPsec handle
+ * Get NSS context instance for IPsec handle
*/
struct nss_ctx_instance *nss_ipsec_get_context(void)
{
@@ -406,6 +540,28 @@
EXPORT_SYMBOL(nss_ipsec_get_context);
/*
+ * nss_ipsec_ppe_port_config()
+ * Configure PPE port for IPsec inline
+ */
+bool nss_ipsec_ppe_port_config(struct nss_ctx_instance *nss_ctx, struct net_device *dev,
+ uint32_t if_num, uint32_t vsi_num)
+{
+#ifdef NSS_PPE_SUPPORTED
+ if_num = NSS_INTERFACE_NUM_APPEND_COREID(nss_ctx, if_num);
+
+ if (nss_ppe_tx_ipsec_config_msg(if_num, vsi_num, dev->mtu) != NSS_TX_SUCCESS) {
+ nss_warning("%p: Failed to configure PPE IPsec port", nss_ctx);
+ return false;
+ }
+
+ return true;
+#else
+ return false;
+#endif
+}
+EXPORT_SYMBOL(nss_ipsec_ppe_port_config);
+
+/*
* nss_ipsec_register_handler()
*/
void nss_ipsec_register_handler()
@@ -415,6 +571,10 @@
BUILD_BUG_ON(NSS_IPSEC_ENCAP_INTERFACE_NUM < 0);
BUILD_BUG_ON(NSS_IPSEC_DECAP_INTERFACE_NUM < 0);
+ sema_init(&nss_ipsec.sem, 1);
+ init_completion(&nss_ipsec.complete);
+ atomic_set(&nss_ipsec.resp, NSS_IPSEC_ERROR_TYPE_NONE);
+
nss_ctx->nss_top->ipsec_encap_callback = NULL;
nss_ctx->nss_top->ipsec_decap_callback = NULL;
diff --git a/nss_ppe.c b/nss_ppe.c
index a914880..90f0c5d 100644
--- a/nss_ppe.c
+++ b/nss_ppe.c
@@ -1,6 +1,6 @@
/*
**************************************************************************
- * Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2016-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -196,6 +196,106 @@
EXPORT_SYMBOL(nss_ppe_tx_l2_exception_msg);
/*
+ * nss_ppe_tx_ipsec_config_msg
+ * API to send inline IPsec port configure message to NSS FW
+ */
+nss_tx_status_t nss_ppe_tx_ipsec_config_msg(uint32_t nss_ifnum, uint32_t vsi_num, uint16_t mtu)
+{
+ struct nss_ctx_instance *nss_ctx = nss_ppe_get_context();
+ struct nss_ppe_msg npm = {0};
+
+ if (!nss_ctx) {
+ nss_warning("Can't get nss context\n");
+ return NSS_TX_FAILURE;
+ }
+
+ if (vsi_num >= NSS_PPE_VSI_NUM_MAX) {
+ nss_warning("Invalid vsi number:%u\n", vsi_num);
+ return NSS_TX_FAILURE;
+ }
+
+ nss_ppe_msg_init(&npm, NSS_PPE_INTERFACE, NSS_PPE_MSG_IPSEC_PORT_CONFIG,
+ sizeof(struct nss_ppe_ipsec_port_config_msg), NULL, NULL);
+
+ npm.msg.ipsec_config.nss_ifnum = nss_ifnum;
+ npm.msg.ipsec_config.vsi_num = vsi_num;
+ npm.msg.ipsec_config.mtu = mtu;
+
+ return nss_ppe_tx_msg_sync(nss_ctx, &npm);
+}
+EXPORT_SYMBOL(nss_ppe_tx_ipsec_config_msg);
+
+/*
+ * nss_ppe_tx_ipsec_mtu_msg
+ * API to send IPsec port MTU change message to NSS FW
+ */
+nss_tx_status_t nss_ppe_tx_ipsec_mtu_msg(uint32_t nss_ifnum, uint16_t mtu)
+{
+ struct nss_ctx_instance *nss_ctx = nss_ppe_get_context();
+ struct nss_ppe_msg npm = {0};
+
+ if (!nss_ctx) {
+ nss_warning("Can't get nss context\n");
+ return NSS_TX_FAILURE;
+ }
+
+ nss_ppe_msg_init(&npm, NSS_PPE_INTERFACE, NSS_PPE_MSG_IPSEC_PORT_MTU_CHANGE,
+ sizeof(struct nss_ppe_ipsec_port_mtu_msg), NULL, NULL);
+
+ npm.msg.ipsec_mtu.nss_ifnum = nss_ifnum;
+ npm.msg.ipsec_mtu.mtu = mtu;
+
+ return nss_ppe_tx_msg_sync(nss_ctx, &npm);
+}
+EXPORT_SYMBOL(nss_ppe_tx_ipsec_mtu_msg);
+
+/*
+ * nss_ppe_tx_ipsec_add_intf_msg
+ * API to attach NSS interface to IPsec port
+ */
+nss_tx_status_t nss_ppe_tx_ipsec_add_intf_msg(uint32_t nss_ifnum)
+{
+ struct nss_ctx_instance *nss_ctx = nss_ppe_get_context();
+ struct nss_ppe_msg npm = {0};
+
+ if (!nss_ctx) {
+ nss_warning("Can't get nss context\n");
+ return NSS_TX_FAILURE;
+ }
+
+ nss_ppe_msg_init(&npm, NSS_PPE_INTERFACE, NSS_PPE_MSG_IPSEC_ADD_INTF,
+ sizeof(struct nss_ppe_ipsec_add_intf_msg), NULL, NULL);
+
+ npm.msg.ipsec_addif.nss_ifnum = nss_ifnum;
+
+ return nss_ppe_tx_msg_sync(nss_ctx, &npm);
+}
+EXPORT_SYMBOL(nss_ppe_tx_ipsec_add_intf_msg);
+
+/*
+ * nss_ppe_tx_ipsec_del_intf_msg
+ * API to detach NSS interface to IPsec port
+ */
+nss_tx_status_t nss_ppe_tx_ipsec_del_intf_msg(uint32_t nss_ifnum)
+{
+ struct nss_ctx_instance *nss_ctx = nss_ppe_get_context();
+ struct nss_ppe_msg npm = {0};
+
+ if (!nss_ctx) {
+ nss_warning("Can't get nss context\n");
+ return NSS_TX_FAILURE;
+ }
+
+ nss_ppe_msg_init(&npm, NSS_PPE_INTERFACE, NSS_PPE_MSG_IPSEC_DEL_INTF,
+ sizeof(struct nss_ppe_ipsec_del_intf_msg), NULL, NULL);
+
+ npm.msg.ipsec_delif.nss_ifnum = nss_ifnum;
+
+ return nss_ppe_tx_msg_sync(nss_ctx, &npm);
+}
+EXPORT_SYMBOL(nss_ppe_tx_ipsec_del_intf_msg);
+
+/*
* nss_ppe_handler()
* Handle NSS -> HLOS messages for ppe
*/
diff --git a/nss_ppe.h b/nss_ppe.h
index bc5e53f..797793a 100644
--- a/nss_ppe.h
+++ b/nss_ppe.h
@@ -1,6 +1,6 @@
/*
**************************************************************************
- * Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2016-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -71,6 +71,11 @@
#define NSS_PPE_TX_TIMEOUT 1000 /* 1 Second */
/*
+ * Maximum number of VSI
+ */
+#define NSS_PPE_VSI_NUM_MAX 32
+
+/*
* ppe nss debug stats lock
*/
extern spinlock_t nss_ppe_stats_lock;