Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 1 | /* |
| 2 | ************************************************************************** |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 3 | * Copyright (c) 2013-2018, The Linux Foundation. All rights reserved. |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 4 | * Permission to use, copy, modify, and/or distribute this software for |
| 5 | * any purpose with or without fee is hereby granted, provided that the |
| 6 | * above copyright notice and this permission notice appear in all copies. |
| 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 10 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| 12 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT |
| 13 | * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 14 | ************************************************************************** |
| 15 | */ |
| 16 | |
| 17 | /* |
| 18 | * nss_ipsec.c |
| 19 | * NSS IPsec APIs |
| 20 | */ |
| 21 | |
| 22 | #include "nss_tx_rx_common.h" |
Murat Sezgin | ea1a435 | 2014-04-15 19:09:51 -0700 | [diff] [blame] | 23 | #include "nss_ipsec.h" |
Amit Gupta | cbab9f4 | 2018-04-13 16:11:25 +0530 | [diff] [blame] | 24 | #include "nss_ppe.h" |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 25 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 26 | #if defined(NSS_HAL_IPQ806X_SUPPORT) |
| 27 | #define NSS_IPSEC_ENCAP_INTERFACE_NUM NSS_IPSEC_ENCAP_IF_NUMBER |
| 28 | #define NSS_IPSEC_DECAP_INTERFACE_NUM NSS_IPSEC_DECAP_IF_NUMBER |
| 29 | #define NSS_IPSEC_DATA_INTERFACE_NUM NSS_C2C_TX_INTERFACE |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 30 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 31 | #elif defined(NSS_HAL_FSM9010_SUPPORT) |
| 32 | #define NSS_IPSEC_ENCAP_INTERFACE_NUM NSS_IPSEC_ENCAP_IF_NUMBER |
| 33 | #define NSS_IPSEC_DECAP_INTERFACE_NUM NSS_IPSEC_DECAP_IF_NUMBER |
| 34 | #define NSS_IPSEC_DATA_INTERFACE_NUM NSS_IPSEC_RULE_INTERFACE |
| 35 | |
| 36 | #elif defined(NSS_HAL_IPQ807x_SUPPORT) |
| 37 | #define NSS_IPSEC_ENCAP_INTERFACE_NUM NSS_IPSEC_RULE_INTERFACE |
| 38 | #define NSS_IPSEC_DECAP_INTERFACE_NUM NSS_IPSEC_RULE_INTERFACE |
| 39 | #define NSS_IPSEC_DATA_INTERFACE_NUM NSS_IPSEC_RULE_INTERFACE |
| 40 | |
| 41 | #else |
| 42 | #define NSS_IPSEC_ENCAP_INTERFACE_NUM -1 |
| 43 | #define NSS_IPSEC_DECAP_INTERFACE_NUM -1 |
| 44 | #define NSS_IPSEC_DATA_INTERFACE_NUM -1 |
| 45 | |
| 46 | #endif |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 47 | |
| 48 | /* |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 49 | * Amount time the synchronous message should wait for response from |
| 50 | * NSS before the timeout happens. After the timeout the message |
| 51 | * response even if it arrives has to be discarded. Typically, the |
| 52 | * time needs to be selected based on the worst case time in case of |
| 53 | * peak throughput between host & NSS. |
| 54 | */ |
| 55 | #define NSS_IPSEC_TX_TIMEO_TICKS msecs_to_jiffies(3000) /* 3 Seconds */ |
| 56 | |
| 57 | /* |
| 58 | * Private data structure to hold state for |
| 59 | * the ipsec specific NSS interaction |
| 60 | */ |
| 61 | struct nss_ipsec_pvt { |
| 62 | struct semaphore sem; /* used for synchronizing 'tx_msg_sync' */ |
| 63 | struct completion complete; /* completion callback */ |
| 64 | atomic_t resp; /* Response error type */ |
| 65 | } nss_ipsec; |
| 66 | |
| 67 | /* |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 68 | * nss_ipsec_get_msg_ctx() |
| 69 | * return ipsec message context assoicated with the callback |
| 70 | * |
| 71 | * Note: certain SOC the decap interface specially programmed |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 72 | */ |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 73 | static inline nss_ptr_t nss_ipsec_get_msg_ctx(struct nss_ctx_instance *nss_ctx, uint32_t interface_num) |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 74 | { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 75 | struct nss_top_instance *nss_top = nss_ctx->nss_top; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 76 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 77 | /* |
| 78 | * the encap is primary interface |
| 79 | */ |
Sourav Poddar | eb8cb65 | 2017-05-18 12:02:18 +0530 | [diff] [blame] | 80 | if (interface_num == NSS_IPSEC_ENCAP_INTERFACE_NUM) |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 81 | return (nss_ptr_t)nss_top->ipsec_encap_ctx; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 82 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 83 | return (nss_ptr_t)nss_top->ipsec_decap_ctx; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 84 | } |
| 85 | |
| 86 | /* |
| 87 | * nss_ipsec_get_msg_callback() |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 88 | * this gets the message callback handler |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 89 | */ |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 90 | static inline nss_ptr_t nss_ipsec_get_msg_callback(struct nss_ctx_instance *nss_ctx, uint32_t interface_num) |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 91 | { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 92 | struct nss_top_instance *nss_top = nss_ctx->nss_top; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 93 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 94 | /* |
| 95 | * the encap is primary interface |
| 96 | */ |
Sourav Poddar | eb8cb65 | 2017-05-18 12:02:18 +0530 | [diff] [blame] | 97 | if (interface_num == NSS_IPSEC_ENCAP_INTERFACE_NUM) |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 98 | return (nss_ptr_t)nss_top->ipsec_encap_callback; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 99 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 100 | return (nss_ptr_t)nss_top->ipsec_decap_callback; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 101 | } |
| 102 | |
| 103 | /* |
| 104 | ********************************** |
| 105 | Rx APIs |
| 106 | ********************************** |
| 107 | */ |
| 108 | |
| 109 | /* |
| 110 | * nss_ipsec_msg_handler() |
| 111 | * this handles all the IPsec events and responses |
| 112 | */ |
| 113 | static void nss_ipsec_msg_handler(struct nss_ctx_instance *nss_ctx, struct nss_cmn_msg *ncm, void *app_data __attribute((unused))) |
| 114 | { |
| 115 | struct nss_ipsec_msg *nim = (struct nss_ipsec_msg *)ncm; |
| 116 | nss_ipsec_msg_callback_t cb = NULL; |
| 117 | uint32_t if_num = ncm->interface; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 118 | |
| 119 | /* |
| 120 | * Sanity check the message type |
| 121 | */ |
| 122 | if (ncm->type > NSS_IPSEC_MSG_TYPE_MAX) { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 123 | nss_warning("%p: rx message type out of range: %d", nss_ctx, ncm->type); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 124 | return; |
| 125 | } |
| 126 | |
Suruchi Agarwal | ef8a870 | 2016-01-08 12:40:08 -0800 | [diff] [blame] | 127 | if (nss_cmn_get_msg_len(ncm) > sizeof(struct nss_ipsec_msg)) { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 128 | nss_warning("%p: rx message length is invalid: %d", nss_ctx, nss_cmn_get_msg_len(ncm)); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 129 | return; |
| 130 | } |
| 131 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 132 | BUG_ON((if_num != NSS_IPSEC_ENCAP_INTERFACE_NUM) && (if_num != NSS_IPSEC_DECAP_INTERFACE_NUM)); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 133 | |
| 134 | if (ncm->response == NSS_CMN_RESPONSE_LAST) { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 135 | nss_warning("%p: rx message response for if %d, type %d, is invalid: %d", nss_ctx, ncm->interface, |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 136 | ncm->type, ncm->response); |
| 137 | return; |
| 138 | } |
| 139 | |
| 140 | /* |
| 141 | * Is this a notification? if, yes then fill up the callback and app_data from |
| 142 | * locally stored state |
| 143 | */ |
Suruchi Agarwal | e4ad24a | 2018-06-11 12:03:46 +0530 | [diff] [blame] | 144 | if (ncm->response == NSS_CMN_RESPONSE_NOTIFY) { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 145 | ncm->cb = nss_ipsec_get_msg_callback(nss_ctx, if_num); |
| 146 | ncm->app_data = nss_ipsec_get_msg_ctx(nss_ctx, if_num); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 147 | } |
| 148 | |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 149 | nss_core_log_msg_failures(nss_ctx, ncm); |
| 150 | |
| 151 | /* |
| 152 | * load, test & call |
| 153 | */ |
| 154 | cb = (nss_ipsec_msg_callback_t)ncm->cb; |
| 155 | if (unlikely(!cb)) { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 156 | nss_trace("%p: rx handler has been unregistered for i/f: %d", nss_ctx, ncm->interface); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 157 | return; |
| 158 | } |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 159 | |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 160 | cb((void *)ncm->app_data, nim); |
| 161 | } |
| 162 | |
| 163 | /* |
| 164 | ********************************** |
| 165 | Tx APIs |
| 166 | ********************************** |
| 167 | */ |
| 168 | |
| 169 | /* |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 170 | * nss_ipsec_callback() |
| 171 | * Callback to handle the completion of NSS->HLOS messages. |
| 172 | */ |
| 173 | static void nss_ipsec_callback(void *app_data, struct nss_ipsec_msg *nim) |
| 174 | { |
| 175 | struct nss_cmn_msg *ncm = &nim->cm; |
| 176 | |
| 177 | /* |
| 178 | * This callback is for synchronous operation. The caller sends its |
| 179 | * response pointer which needs to be loaded with the response |
| 180 | * data arriving from the NSS |
| 181 | */ |
| 182 | atomic_t *resp = (atomic_t *)app_data; |
| 183 | |
| 184 | if (ncm->response == NSS_CMN_RESPONSE_ACK) { |
| 185 | atomic_set(resp, NSS_IPSEC_ERROR_TYPE_NONE); |
| 186 | complete(&nss_ipsec.complete); |
| 187 | return; |
| 188 | } |
| 189 | |
| 190 | atomic_set(resp, ncm->error); |
| 191 | complete(&nss_ipsec.complete); |
| 192 | } |
| 193 | |
| 194 | /* |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 195 | * nss_ipsec_tx_msg |
| 196 | * Send ipsec rule to NSS. |
| 197 | */ |
| 198 | nss_tx_status_t nss_ipsec_tx_msg(struct nss_ctx_instance *nss_ctx, struct nss_ipsec_msg *msg) |
| 199 | { |
| 200 | struct nss_cmn_msg *ncm = &msg->cm; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 201 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 202 | nss_info("%p: message %d for if %d\n", nss_ctx, ncm->type, ncm->interface); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 203 | |
Tanmay V Jagdale | f6b2bce | 2017-03-03 14:31:07 +0530 | [diff] [blame] | 204 | BUILD_BUG_ON(NSS_NBUF_PAYLOAD_SIZE < sizeof(struct nss_ipsec_msg)); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 205 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 206 | if ((ncm->interface != NSS_IPSEC_ENCAP_INTERFACE_NUM) && (ncm->interface != NSS_IPSEC_DECAP_INTERFACE_NUM)) { |
| 207 | nss_warning("%p: tx message request for another interface: %d", nss_ctx, ncm->interface); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 208 | return NSS_TX_FAILURE; |
| 209 | } |
| 210 | |
| 211 | if (ncm->type > NSS_IPSEC_MSG_TYPE_MAX) { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 212 | nss_warning("%p: tx message type out of range: %d", nss_ctx, ncm->type); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 213 | return NSS_TX_FAILURE; |
| 214 | } |
| 215 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 216 | nss_info("msg params version:%d, interface:%d, type:%d, cb:%p, app_data:%p, len:%d\n", |
Stephen Wang | aed4633 | 2016-12-12 17:29:03 -0800 | [diff] [blame] | 217 | ncm->version, ncm->interface, ncm->type, (void *)ncm->cb, (void *)ncm->app_data, ncm->len); |
Samarjeet Banerjee | 7bce8c5 | 2014-05-02 15:32:13 +0530 | [diff] [blame] | 218 | |
Stephen Wang | 3e2dbd1 | 2018-03-14 17:28:17 -0700 | [diff] [blame] | 219 | return nss_core_send_cmd(nss_ctx, msg, sizeof(*msg), NSS_NBUF_PAYLOAD_SIZE); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 220 | } |
Samarjeet Banerjee | 7733231 | 2014-08-07 14:48:22 +0530 | [diff] [blame] | 221 | EXPORT_SYMBOL(nss_ipsec_tx_msg); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 222 | |
| 223 | /* |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 224 | * nss_ipsec_tx_msg_sync() |
| 225 | * Transmit a ipsec message to NSS firmware synchronously. |
| 226 | */ |
| 227 | nss_tx_status_t nss_ipsec_tx_msg_sync(struct nss_ctx_instance *nss_ctx, uint32_t if_num, |
| 228 | enum nss_ipsec_msg_type type, uint16_t len, |
| 229 | struct nss_ipsec_msg *nim, enum nss_ipsec_error_type *resp) |
| 230 | { |
| 231 | struct nss_ipsec_msg nim_local = { {0} }; |
| 232 | nss_tx_status_t status; |
| 233 | int ret; |
| 234 | |
| 235 | /* |
| 236 | * Length of the message should be the based on type |
| 237 | */ |
| 238 | if (len > sizeof(nim_local.msg)) { |
| 239 | nss_warning("%p: (%u)Bad message length(%u) for type (%d)", nss_ctx, if_num, len, type); |
| 240 | return NSS_TX_FAILURE_TOO_LARGE; |
| 241 | } |
| 242 | |
| 243 | /* |
| 244 | * Response buffer is a required for copying the response for message |
| 245 | */ |
| 246 | if (!resp) { |
| 247 | nss_warning("%p: (%u)Response buffer is empty, type(%d)", nss_ctx, if_num, type); |
| 248 | return NSS_TX_FAILURE_BAD_PARAM; |
| 249 | } |
| 250 | |
| 251 | /* |
| 252 | * TODO: this can be removed in future as we need to ensure that the response |
| 253 | * memory is only updated when the current outstanding request is waiting. |
| 254 | * This can be solved by introducing sequence no. in messages and only completing |
| 255 | * the message if the sequence no. matches. For now this is solved by passing |
| 256 | * a known memory nss_ipsec.resp |
| 257 | */ |
| 258 | down(&nss_ipsec.sem); |
| 259 | |
| 260 | /* |
| 261 | * Initializing it to a fail error type |
| 262 | */ |
| 263 | atomic_set(&nss_ipsec.resp, NSS_IPSEC_ERROR_TYPE_UNHANDLED_MSG); |
| 264 | |
| 265 | /* |
| 266 | * We need to copy the message content into the actual message |
| 267 | * to be sent to NSS |
| 268 | * |
| 269 | * Note: Here pass the nss_ipsec.resp as the pointer. Since, the caller |
| 270 | * provided pointer is not allocated by us and may go away when this function |
| 271 | * returns with failure. The callback is not aware of this and may try to |
| 272 | * access the pointer incorrectly potentially resulting in a crash. |
| 273 | */ |
| 274 | nss_ipsec_msg_init(&nim_local, if_num, type, len, nss_ipsec_callback, &nss_ipsec.resp); |
| 275 | memcpy(&nim_local.msg, &nim->msg, len); |
| 276 | |
| 277 | status = nss_ipsec_tx_msg(nss_ctx, &nim_local); |
| 278 | if (status != NSS_TX_SUCCESS) { |
| 279 | nss_warning("%p: ipsec_tx_msg failed", nss_ctx); |
| 280 | goto done; |
| 281 | } |
| 282 | |
| 283 | ret = wait_for_completion_timeout(&nss_ipsec.complete, NSS_IPSEC_TX_TIMEO_TICKS); |
| 284 | if (!ret) { |
| 285 | nss_warning("%p: IPsec msg tx failed due to timeout", nss_ctx); |
| 286 | status = NSS_TX_FAILURE_NOT_ENABLED; |
| 287 | goto done; |
| 288 | } |
| 289 | |
| 290 | /* |
| 291 | * Read memory barrier |
| 292 | */ |
| 293 | smp_rmb(); |
| 294 | |
| 295 | /* |
| 296 | * Copy the response received |
| 297 | */ |
| 298 | *resp = atomic_read(&nss_ipsec.resp); |
| 299 | |
| 300 | /* |
| 301 | * Only in case of non-error response we will |
| 302 | * indicate success |
| 303 | */ |
| 304 | if (*resp != NSS_IPSEC_ERROR_TYPE_NONE) |
| 305 | status = NSS_TX_FAILURE; |
| 306 | |
| 307 | done: |
| 308 | up(&nss_ipsec.sem); |
| 309 | return status; |
| 310 | } |
| 311 | EXPORT_SYMBOL(nss_ipsec_tx_msg_sync); |
| 312 | |
| 313 | /* |
Radha krishna Simha Jiguru | d36b1e2 | 2014-09-12 15:14:52 +0530 | [diff] [blame] | 314 | * nss_ipsec_tx_buf |
| 315 | * Send data packet for ipsec processing |
| 316 | */ |
Stephen Wang | 83e4875 | 2015-03-03 18:41:40 -0800 | [diff] [blame] | 317 | nss_tx_status_t nss_ipsec_tx_buf(struct sk_buff *skb, uint32_t if_num) |
Radha krishna Simha Jiguru | d36b1e2 | 2014-09-12 15:14:52 +0530 | [diff] [blame] | 318 | { |
Radha krishna Simha Jiguru | d36b1e2 | 2014-09-12 15:14:52 +0530 | [diff] [blame] | 319 | struct nss_ctx_instance *nss_ctx = &nss_top_main.nss[nss_top_main.ipsec_handler_id]; |
Radha krishna Simha Jiguru | d36b1e2 | 2014-09-12 15:14:52 +0530 | [diff] [blame] | 320 | |
Stephen Wang | 83e4875 | 2015-03-03 18:41:40 -0800 | [diff] [blame] | 321 | nss_trace("%p: IPsec If Tx packet, id:%d, data=%p", nss_ctx, if_num, skb->data); |
Radha krishna Simha Jiguru | d36b1e2 | 2014-09-12 15:14:52 +0530 | [diff] [blame] | 322 | |
Stephen Wang | 3e2dbd1 | 2018-03-14 17:28:17 -0700 | [diff] [blame] | 323 | return nss_core_send_packet(nss_ctx, skb, if_num, 0); |
Radha krishna Simha Jiguru | d36b1e2 | 2014-09-12 15:14:52 +0530 | [diff] [blame] | 324 | } |
| 325 | EXPORT_SYMBOL(nss_ipsec_tx_buf); |
| 326 | |
| 327 | /* |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 328 | ********************************** |
| 329 | Register APIs |
| 330 | ********************************** |
| 331 | */ |
| 332 | |
| 333 | /* |
Ankit Dhanuka | a0e4cae | 2014-05-26 16:33:10 +0530 | [diff] [blame] | 334 | * nss_ipsec_notify_register() |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 335 | * register message notifier for the given interface (if_num) |
| 336 | */ |
| 337 | struct nss_ctx_instance *nss_ipsec_notify_register(uint32_t if_num, nss_ipsec_msg_callback_t cb, void *app_data) |
| 338 | { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 339 | struct nss_top_instance *nss_top = &nss_top_main; |
| 340 | uint8_t core_id = nss_top->ipsec_handler_id; |
| 341 | struct nss_ctx_instance *nss_ctx = &nss_top->nss[core_id]; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 342 | |
| 343 | if (if_num >= NSS_MAX_NET_INTERFACES) { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 344 | nss_warning("%p: notfiy register received for invalid interface %d", nss_ctx, if_num); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 345 | return NULL; |
| 346 | } |
| 347 | |
Samarjeet Banerjee | 940e91b | 2016-03-29 19:23:17 +0530 | [diff] [blame] | 348 | /* |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 349 | * the encap is primary interface |
Samarjeet Banerjee | 940e91b | 2016-03-29 19:23:17 +0530 | [diff] [blame] | 350 | */ |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 351 | if (if_num == NSS_IPSEC_ENCAP_INTERFACE_NUM) { |
| 352 | nss_top->ipsec_encap_callback = cb; |
| 353 | nss_top->ipsec_encap_ctx = app_data; |
Samarjeet Banerjee | 940e91b | 2016-03-29 19:23:17 +0530 | [diff] [blame] | 354 | return nss_ctx; |
| 355 | } |
| 356 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 357 | nss_top->ipsec_decap_callback = cb; |
| 358 | nss_top->ipsec_decap_ctx = app_data; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 359 | return nss_ctx; |
| 360 | } |
Samarjeet Banerjee | 7733231 | 2014-08-07 14:48:22 +0530 | [diff] [blame] | 361 | EXPORT_SYMBOL(nss_ipsec_notify_register); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 362 | |
| 363 | /* |
Ankit Dhanuka | a0e4cae | 2014-05-26 16:33:10 +0530 | [diff] [blame] | 364 | * nss_ipsec_notify_unregister() |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 365 | * unregister the IPsec notifier for the given interface number (if_num) |
| 366 | */ |
| 367 | void nss_ipsec_notify_unregister(struct nss_ctx_instance *nss_ctx, uint32_t if_num) |
| 368 | { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 369 | struct nss_top_instance *nss_top = nss_ctx->nss_top; |
| 370 | |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 371 | if (if_num >= NSS_MAX_NET_INTERFACES) { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 372 | nss_warning("%p: notify unregister received for invalid interface %d", nss_ctx, if_num); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 373 | return; |
| 374 | } |
| 375 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 376 | /* |
| 377 | * the encap is primary interface |
| 378 | */ |
| 379 | if (if_num == NSS_IPSEC_ENCAP_INTERFACE_NUM) { |
| 380 | nss_top->ipsec_encap_callback = NULL; |
| 381 | nss_top->ipsec_encap_ctx = NULL; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 382 | return; |
| 383 | } |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 384 | |
| 385 | nss_top->ipsec_decap_callback = NULL; |
| 386 | nss_top->ipsec_decap_ctx = NULL; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 387 | } |
Samarjeet Banerjee | 7733231 | 2014-08-07 14:48:22 +0530 | [diff] [blame] | 388 | EXPORT_SYMBOL(nss_ipsec_notify_unregister); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 389 | |
| 390 | /* |
Ankit Dhanuka | a0e4cae | 2014-05-26 16:33:10 +0530 | [diff] [blame] | 391 | * nss_ipsec_data_register() |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 392 | * register a data callback routine |
| 393 | */ |
Sundarajan Srinivasan | 7037484 | 2014-11-19 15:22:52 -0800 | [diff] [blame] | 394 | struct nss_ctx_instance *nss_ipsec_data_register(uint32_t if_num, nss_ipsec_buf_callback_t cb, struct net_device *netdev, uint32_t features) |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 395 | { |
Arunkumar T | 657c406 | 2016-09-21 18:06:48 +0530 | [diff] [blame] | 396 | struct nss_ctx_instance *nss_ctx, *nss_ctx0; |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 397 | |
| 398 | nss_ctx = &nss_top_main.nss[nss_top_main.ipsec_handler_id]; |
| 399 | |
| 400 | if ((if_num >= NSS_MAX_NET_INTERFACES) && (if_num < NSS_MAX_PHYSICAL_INTERFACES)){ |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 401 | nss_warning("%p: data register received for invalid interface %d", nss_ctx, if_num); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 402 | return NULL; |
| 403 | } |
| 404 | |
Samarjeet Banerjee | 940e91b | 2016-03-29 19:23:17 +0530 | [diff] [blame] | 405 | /* |
| 406 | * avoid multiple registeration for multiple tunnels |
| 407 | */ |
Stephen Wang | 84e0e99 | 2016-09-07 12:31:40 -0700 | [diff] [blame] | 408 | if (nss_ctx->subsys_dp_register[if_num].cb) { |
Samarjeet Banerjee | 940e91b | 2016-03-29 19:23:17 +0530 | [diff] [blame] | 409 | return nss_ctx; |
| 410 | } |
| 411 | |
Jackson Bockus | 7ca70ec | 2017-07-17 13:47:29 -0700 | [diff] [blame] | 412 | nss_core_register_subsys_dp(nss_ctx, if_num, cb, NULL, NULL, netdev, features); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 413 | |
Arunkumar T | 657c406 | 2016-09-21 18:06:48 +0530 | [diff] [blame] | 414 | if (nss_top_main.ipsec_handler_id == 1) { |
| 415 | nss_ctx0 = &nss_top_main.nss[0]; |
| 416 | |
Jackson Bockus | 7ca70ec | 2017-07-17 13:47:29 -0700 | [diff] [blame] | 417 | nss_core_register_subsys_dp(nss_ctx0, if_num, cb, NULL, NULL, netdev, features); |
Arunkumar T | 657c406 | 2016-09-21 18:06:48 +0530 | [diff] [blame] | 418 | } |
| 419 | |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 420 | return nss_ctx; |
| 421 | } |
Samarjeet Banerjee | 7733231 | 2014-08-07 14:48:22 +0530 | [diff] [blame] | 422 | EXPORT_SYMBOL(nss_ipsec_data_register); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 423 | |
| 424 | /* |
Ankit Dhanuka | a0e4cae | 2014-05-26 16:33:10 +0530 | [diff] [blame] | 425 | * nss_ipsec_data_unregister() |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 426 | * unregister a data callback routine |
| 427 | */ |
| 428 | void nss_ipsec_data_unregister(struct nss_ctx_instance *nss_ctx, uint32_t if_num) |
| 429 | { |
Arunkumar T | 657c406 | 2016-09-21 18:06:48 +0530 | [diff] [blame] | 430 | struct nss_ctx_instance *nss_ctx0; |
| 431 | |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 432 | if ((if_num >= NSS_MAX_NET_INTERFACES) && (if_num < NSS_MAX_PHYSICAL_INTERFACES)){ |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 433 | nss_warning("%p: data unregister received for invalid interface %d", nss_ctx, if_num); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 434 | return; |
| 435 | } |
| 436 | |
Arunkumar T | 657c406 | 2016-09-21 18:06:48 +0530 | [diff] [blame] | 437 | if (nss_top_main.ipsec_handler_id == 1) { |
| 438 | nss_ctx0 = &nss_top_main.nss[0]; |
| 439 | |
Jackson Bockus | 7ca70ec | 2017-07-17 13:47:29 -0700 | [diff] [blame] | 440 | nss_core_unregister_subsys_dp(nss_ctx0, if_num); |
Arunkumar T | 657c406 | 2016-09-21 18:06:48 +0530 | [diff] [blame] | 441 | } |
| 442 | |
Jackson Bockus | 7ca70ec | 2017-07-17 13:47:29 -0700 | [diff] [blame] | 443 | nss_core_unregister_subsys_dp(nss_ctx, if_num); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 444 | } |
Samarjeet Banerjee | 7733231 | 2014-08-07 14:48:22 +0530 | [diff] [blame] | 445 | EXPORT_SYMBOL(nss_ipsec_data_unregister); |
| 446 | |
| 447 | /* |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 448 | * nss_ipsec_get_encap_interface() |
| 449 | * Get the NSS interface number for encap message |
Radha krishna Simha Jiguru | db7ad24 | 2014-11-19 16:02:23 +0530 | [diff] [blame] | 450 | */ |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 451 | int32_t nss_ipsec_get_encap_interface(void) |
Radha krishna Simha Jiguru | db7ad24 | 2014-11-19 16:02:23 +0530 | [diff] [blame] | 452 | { |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 453 | return NSS_IPSEC_ENCAP_INTERFACE_NUM; |
Radha krishna Simha Jiguru | db7ad24 | 2014-11-19 16:02:23 +0530 | [diff] [blame] | 454 | } |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 455 | EXPORT_SYMBOL(nss_ipsec_get_encap_interface); |
| 456 | |
| 457 | /* |
| 458 | * nss_ipsec_get_decap_interface() |
| 459 | * Get the NSS interface number for decap message |
| 460 | */ |
| 461 | int32_t nss_ipsec_get_decap_interface(void) |
| 462 | { |
| 463 | return NSS_IPSEC_DECAP_INTERFACE_NUM; |
| 464 | } |
| 465 | EXPORT_SYMBOL(nss_ipsec_get_decap_interface); |
| 466 | |
| 467 | /* |
| 468 | * nss_ipsec_get_data_interface() |
| 469 | * Get the NSS interface number used for data path |
| 470 | */ |
| 471 | int32_t nss_ipsec_get_data_interface(void) |
| 472 | { |
| 473 | return NSS_IPSEC_DATA_INTERFACE_NUM; |
| 474 | } |
| 475 | EXPORT_SYMBOL(nss_ipsec_get_data_interface); |
Radha krishna Simha Jiguru | db7ad24 | 2014-11-19 16:02:23 +0530 | [diff] [blame] | 476 | |
| 477 | /* |
Thomas Wu | 91f4bdf | 2017-06-09 12:03:02 -0700 | [diff] [blame] | 478 | * nss_ipsec_get_context() |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 479 | * Get NSS context instance for IPsec handle |
Samarjeet Banerjee | 7733231 | 2014-08-07 14:48:22 +0530 | [diff] [blame] | 480 | */ |
| 481 | struct nss_ctx_instance *nss_ipsec_get_context(void) |
| 482 | { |
| 483 | return &nss_top_main.nss[nss_top_main.ipsec_handler_id]; |
| 484 | } |
| 485 | EXPORT_SYMBOL(nss_ipsec_get_context); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 486 | |
| 487 | /* |
Sourav Poddar | bfca943 | 2018-07-26 18:55:06 +0530 | [diff] [blame] | 488 | * nss_ipsec_get_ifnum() |
| 489 | * Return IPsec interface number with coreid. |
| 490 | */ |
| 491 | int32_t nss_ipsec_get_ifnum(int32_t if_num) |
| 492 | { |
| 493 | struct nss_ctx_instance *nss_ctx = nss_ipsec_get_context(); |
| 494 | |
| 495 | NSS_VERIFY_CTX_MAGIC(nss_ctx); |
| 496 | return NSS_INTERFACE_NUM_APPEND_COREID(nss_ctx, if_num); |
| 497 | } |
| 498 | EXPORT_SYMBOL(nss_ipsec_get_ifnum); |
| 499 | |
| 500 | /* |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 501 | * nss_ipsec_ppe_port_config() |
| 502 | * Configure PPE port for IPsec inline |
| 503 | */ |
Vijay Vigneshan | 2475f41 | 2018-05-14 19:49:44 +0530 | [diff] [blame] | 504 | bool nss_ipsec_ppe_port_config(struct nss_ctx_instance *nss_ctx, struct net_device *netdev, |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 505 | uint32_t if_num, uint32_t vsi_num) |
| 506 | { |
| 507 | #ifdef NSS_PPE_SUPPORTED |
| 508 | if_num = NSS_INTERFACE_NUM_APPEND_COREID(nss_ctx, if_num); |
| 509 | |
Vijay Vigneshan | 2475f41 | 2018-05-14 19:49:44 +0530 | [diff] [blame] | 510 | if (nss_ppe_tx_ipsec_config_msg(if_num, vsi_num, netdev->mtu, netdev->mtu) != NSS_TX_SUCCESS) { |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 511 | nss_warning("%p: Failed to configure PPE IPsec port", nss_ctx); |
| 512 | return false; |
| 513 | } |
| 514 | |
| 515 | return true; |
| 516 | #else |
| 517 | return false; |
| 518 | #endif |
| 519 | } |
| 520 | EXPORT_SYMBOL(nss_ipsec_ppe_port_config); |
| 521 | |
| 522 | /* |
Vijay Vigneshan | 2475f41 | 2018-05-14 19:49:44 +0530 | [diff] [blame] | 523 | * nss_ipsec_ppe_mtu_update() |
| 524 | * Update PPE MTU for IPsec inline |
| 525 | */ |
| 526 | bool nss_ipsec_ppe_mtu_update(struct nss_ctx_instance *nss_ctx, uint32_t if_num, uint16_t mtu, uint16_t mru) |
| 527 | { |
| 528 | #ifdef NSS_PPE_SUPPORTED |
| 529 | if_num = NSS_INTERFACE_NUM_APPEND_COREID(nss_ctx, if_num); |
| 530 | |
| 531 | if (nss_ppe_tx_ipsec_mtu_msg(if_num, mtu, mru) != NSS_TX_SUCCESS) { |
| 532 | nss_warning("%p: Failed to update PPE MTU for IPsec port", nss_ctx); |
| 533 | return false; |
| 534 | } |
| 535 | |
| 536 | return true; |
| 537 | #else |
| 538 | return false; |
| 539 | #endif |
| 540 | } |
| 541 | EXPORT_SYMBOL(nss_ipsec_ppe_mtu_update); |
| 542 | |
| 543 | /* |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 544 | * nss_ipsec_register_handler() |
| 545 | */ |
| 546 | void nss_ipsec_register_handler() |
| 547 | { |
| 548 | struct nss_ctx_instance *nss_ctx = &nss_top_main.nss[nss_top_main.ipsec_handler_id]; |
| 549 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 550 | BUILD_BUG_ON(NSS_IPSEC_ENCAP_INTERFACE_NUM < 0); |
| 551 | BUILD_BUG_ON(NSS_IPSEC_DECAP_INTERFACE_NUM < 0); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 552 | |
Vijay Vigneshan | b809f42 | 2018-04-04 15:04:35 +0530 | [diff] [blame] | 553 | sema_init(&nss_ipsec.sem, 1); |
| 554 | init_completion(&nss_ipsec.complete); |
| 555 | atomic_set(&nss_ipsec.resp, NSS_IPSEC_ERROR_TYPE_NONE); |
| 556 | |
Sourav Poddar | bf8b50c | 2017-02-15 12:44:44 +0530 | [diff] [blame] | 557 | nss_ctx->nss_top->ipsec_encap_callback = NULL; |
| 558 | nss_ctx->nss_top->ipsec_decap_callback = NULL; |
| 559 | |
| 560 | nss_ctx->nss_top->ipsec_encap_ctx = NULL; |
| 561 | nss_ctx->nss_top->ipsec_decap_ctx = NULL; |
| 562 | |
Thomas Wu | 91f4bdf | 2017-06-09 12:03:02 -0700 | [diff] [blame] | 563 | nss_core_register_handler(nss_ctx, NSS_IPSEC_ENCAP_INTERFACE_NUM, nss_ipsec_msg_handler, NULL); |
| 564 | nss_core_register_handler(nss_ctx, NSS_IPSEC_DECAP_INTERFACE_NUM, nss_ipsec_msg_handler, NULL); |
Samarjeet Banerjee | d99d9d0 | 2014-04-08 18:51:00 +0530 | [diff] [blame] | 565 | } |
| 566 | |
Sundarajan Srinivasan | 02e6c2b | 2014-10-06 11:51:12 -0700 | [diff] [blame] | 567 | /* |
| 568 | * nss_ipsec_msg_init() |
| 569 | * Initialize ipsec message. |
| 570 | */ |
| 571 | void nss_ipsec_msg_init(struct nss_ipsec_msg *nim, uint16_t if_num, uint32_t type, uint32_t len, |
Sundarajan Srinivasan | 30a53d4 | 2015-01-30 10:52:08 -0800 | [diff] [blame] | 572 | nss_ipsec_msg_callback_t cb, void *app_data) |
Sundarajan Srinivasan | 02e6c2b | 2014-10-06 11:51:12 -0700 | [diff] [blame] | 573 | { |
| 574 | nss_cmn_msg_init(&nim->cm, if_num, type, len, (void *)cb, app_data); |
| 575 | } |
| 576 | EXPORT_SYMBOL(nss_ipsec_msg_init); |