Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/drivers/net/netdevsim/ipsec.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /* Copyright(c) 2018 Oracle and/or its affiliates. All rights reserved. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4) #include <crypto/aead.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5) #include <linux/debugfs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6) #include <net/xfrm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) #include "netdevsim.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #define NSIM_IPSEC_AUTH_BITS	128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) static ssize_t nsim_dbg_netdev_ops_read(struct file *filp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) 					char __user *buffer,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) 					size_t count, loff_t *ppos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) 	struct netdevsim *ns = filp->private_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 	struct nsim_ipsec *ipsec = &ns->ipsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 	size_t bufsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 	char *buf, *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 	int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 	int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 	/* the buffer needed is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 	 * (num SAs * 3 lines each * ~60 bytes per line) + one more line
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 	bufsize = (ipsec->count * 4 * 60) + 60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 	buf = kzalloc(bufsize, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 	if (!buf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	p = buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 	p += scnprintf(p, bufsize - (p - buf),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 		       "SA count=%u tx=%u\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 		       ipsec->count, ipsec->tx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	for (i = 0; i < NSIM_IPSEC_MAX_SA_COUNT; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 		struct nsim_sa *sap = &ipsec->sa[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 		if (!sap->used)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 			continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 		p += scnprintf(p, bufsize - (p - buf),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 			       "sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 			       i, (sap->rx ? 'r' : 't'), sap->ipaddr[0],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 			       sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 		p += scnprintf(p, bufsize - (p - buf),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 			       "sa[%i]    spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 			       i, be32_to_cpu(sap->xs->id.spi),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 			       sap->xs->id.proto, sap->salt, sap->crypt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 		p += scnprintf(p, bufsize - (p - buf),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 			       "sa[%i]    key=0x%08x %08x %08x %08x\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 			       i, sap->key[0], sap->key[1],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 			       sap->key[2], sap->key[3]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	len = simple_read_from_buffer(buffer, count, ppos, buf, p - buf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	kfree(buf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	return len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) static const struct file_operations ipsec_dbg_fops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	.owner = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	.open = simple_open,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	.read = nsim_dbg_netdev_ops_read,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) static int nsim_ipsec_find_empty_idx(struct nsim_ipsec *ipsec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 	u32 i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	if (ipsec->count == NSIM_IPSEC_MAX_SA_COUNT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 		return -ENOSPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	/* search sa table */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	for (i = 0; i < NSIM_IPSEC_MAX_SA_COUNT; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 		if (!ipsec->sa[i].used)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 			return i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	return -ENOSPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) static int nsim_ipsec_parse_proto_keys(struct xfrm_state *xs,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 				       u32 *mykey, u32 *mysalt)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	const char aes_gcm_name[] = "rfc4106(gcm(aes))";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	struct net_device *dev = xs->xso.real_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	unsigned char *key_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	char *alg_name = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 	int key_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 	if (!xs->aead) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 		netdev_err(dev, "Unsupported IPsec algorithm\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	if (xs->aead->alg_icv_len != NSIM_IPSEC_AUTH_BITS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		netdev_err(dev, "IPsec offload requires %d bit authentication\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 			   NSIM_IPSEC_AUTH_BITS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	key_data = &xs->aead->alg_key[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	key_len = xs->aead->alg_key_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	alg_name = xs->aead->alg_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	if (strcmp(alg_name, aes_gcm_name)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 		netdev_err(dev, "Unsupported IPsec algorithm - please use %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 			   aes_gcm_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	/* 160 accounts for 16 byte key and 4 byte salt */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	if (key_len > NSIM_IPSEC_AUTH_BITS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 		*mysalt = ((u32 *)key_data)[4];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	} else if (key_len == NSIM_IPSEC_AUTH_BITS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 		*mysalt = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 		netdev_err(dev, "IPsec hw offload only supports 128 bit keys with optional 32 bit salt\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 	memcpy(mykey, key_data, 16);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) static int nsim_ipsec_add_sa(struct xfrm_state *xs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	struct nsim_ipsec *ipsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 	struct net_device *dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	struct netdevsim *ns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	struct nsim_sa sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 	u16 sa_idx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	dev = xs->xso.real_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 	ns = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 	ipsec = &ns->ipsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 	if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 		netdev_err(dev, "Unsupported protocol 0x%04x for ipsec offload\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 			   xs->id.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 	if (xs->calg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 		netdev_err(dev, "Compression offload not supported\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	/* find the first unused index */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	ret = nsim_ipsec_find_empty_idx(ipsec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 	if (ret < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 		netdev_err(dev, "No space for SA in Rx table!\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 	sa_idx = (u16)ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	memset(&sa, 0, sizeof(sa));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	sa.used = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	sa.xs = xs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	if (sa.xs->id.proto & IPPROTO_ESP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 		sa.crypt = xs->ealg || xs->aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	/* get the key and salt */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	ret = nsim_ipsec_parse_proto_keys(xs, sa.key, &sa.salt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	if (ret) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 		netdev_err(dev, "Failed to get key data for SA table\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 	if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 		sa.rx = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 		if (xs->props.family == AF_INET6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 			memcpy(sa.ipaddr, &xs->id.daddr.a6, 16);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 			memcpy(&sa.ipaddr[3], &xs->id.daddr.a4, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 	/* the preparations worked, so save the info */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	memcpy(&ipsec->sa[sa_idx], &sa, sizeof(sa));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	/* the XFRM stack doesn't like offload_handle == 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	 * so add a bitflag in case our array index is 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 	xs->xso.offload_handle = sa_idx | NSIM_IPSEC_VALID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	ipsec->count++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) static void nsim_ipsec_del_sa(struct xfrm_state *xs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	struct netdevsim *ns = netdev_priv(xs->xso.real_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 	struct nsim_ipsec *ipsec = &ns->ipsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 	u16 sa_idx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	sa_idx = xs->xso.offload_handle & ~NSIM_IPSEC_VALID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 	if (!ipsec->sa[sa_idx].used) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 		netdev_err(ns->netdev, "Invalid SA for delete sa_idx=%d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 			   sa_idx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	memset(&ipsec->sa[sa_idx], 0, sizeof(struct nsim_sa));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	ipsec->count--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) static bool nsim_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 	struct netdevsim *ns = netdev_priv(xs->xso.real_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 	struct nsim_ipsec *ipsec = &ns->ipsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 	ipsec->ok++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 	return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) static const struct xfrmdev_ops nsim_xfrmdev_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	.xdo_dev_state_add	= nsim_ipsec_add_sa,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 	.xdo_dev_state_delete	= nsim_ipsec_del_sa,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	.xdo_dev_offload_ok	= nsim_ipsec_offload_ok,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) bool nsim_ipsec_tx(struct netdevsim *ns, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 	struct sec_path *sp = skb_sec_path(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	struct nsim_ipsec *ipsec = &ns->ipsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 	struct xfrm_state *xs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	struct nsim_sa *tsa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	u32 sa_idx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	/* do we even need to check this packet? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	if (!sp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 		return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 	if (unlikely(!sp->len)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 		netdev_err(ns->netdev, "no xfrm state len = %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 			   sp->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 	xs = xfrm_input_state(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	if (unlikely(!xs)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 		netdev_err(ns->netdev, "no xfrm_input_state() xs = %p\n", xs);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 	sa_idx = xs->xso.offload_handle & ~NSIM_IPSEC_VALID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	if (unlikely(sa_idx >= NSIM_IPSEC_MAX_SA_COUNT)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 		netdev_err(ns->netdev, "bad sa_idx=%d max=%d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 			   sa_idx, NSIM_IPSEC_MAX_SA_COUNT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 	tsa = &ipsec->sa[sa_idx];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 	if (unlikely(!tsa->used)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 		netdev_err(ns->netdev, "unused sa_idx=%d\n", sa_idx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 	if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 		netdev_err(ns->netdev, "unexpected proto=%d\n", xs->id.proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 	ipsec->tx++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 	return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) void nsim_ipsec_init(struct netdevsim *ns)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 	ns->netdev->xfrmdev_ops = &nsim_xfrmdev_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) #define NSIM_ESP_FEATURES	(NETIF_F_HW_ESP | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 				 NETIF_F_HW_ESP_TX_CSUM | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 				 NETIF_F_GSO_ESP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 	ns->netdev->features |= NSIM_ESP_FEATURES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 	ns->netdev->hw_enc_features |= NSIM_ESP_FEATURES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 	ns->ipsec.pfile = debugfs_create_file("ipsec", 0400,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 					      ns->nsim_dev_port->ddir, ns,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 					      &ipsec_dbg_fops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) void nsim_ipsec_teardown(struct netdevsim *ns)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 	struct nsim_ipsec *ipsec = &ns->ipsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 	if (ipsec->count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) 		netdev_err(ns->netdev, "tearing down IPsec offload with %d SAs left\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 			   ipsec->count);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 	debugfs_remove_recursive(ipsec->pfile);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.