Google Git
Sign in
nest-open-source / manifest_repos / sdk / 298baf23afcd1beb26cd47146293d6ea996a71fc / . / qca-nss-clients / ipsecmgr / v2.0 / plugins / xfrm / nss_ipsec_xfrm.h
blob: 96ed6ae10a3019233ca1caf86974a6fb84b4b61e [file] [log] [blame]
/* Copyright (c) 2021, The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef __NSS_IPSEC_XFRM_H
#define __NSS_IPSEC_XFRM_H
#define NSS_IPSEC_XFRM_TUN_DB_MAX 128
#define NSS_IPSEC_XFRM_FLOW_DB_MAX 1024
#define NSS_IPSEC_XFRM_TUNNEL_FREE_TIMEOUT_MSECS 10000
#define NSS_IPSEC_XFRM_TUNNEL_FREE_TIMEOUT msecs_to_jiffies(NSS_IPSEC_XFRM_TUNNEL_FREE_TIMEOUT_MSECS)
#define NSS_IPSEC_XFRM_DEBUG_LVL_ERROR 1
#define NSS_IPSEC_XFRM_DEBUG_LVL_WARN 2
#define NSS_IPSEC_XFRM_DEBUG_LVL_INFO 3
#define NSS_IPSEC_XFRM_DEBUG_LVL_TRACE 4
#define nss_ipsec_xfrm_info_always(s, ...) pr_info("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__)
#if defined(CONFIG_DYNAMIC_DEBUG)
/*
* Compile messages for dynamic enable/disable
*/
#define nss_ipsec_xfrm_err(s, ...) do { \
if (net_ratelimit()) { \
pr_alert("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__); \
} \
} while (0)
#define nss_ipsec_xfrm_warn(s, ...) do { \
if (net_ratelimit()) { \
pr_warn("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__); \
} \
} while (0)
#define nss_ipsec_xfrm_info(s, ...) pr_debug("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__)
#define nss_ipsec_xfrm_trace(s, ...) pr_debug("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__)
#else
/*
* Statically compile messages at different levels
*/
#define nss_ipsec_xfrm_err(s, ...) { \
if (NSS_IPSEC_XFRM_DEBUG_LEVEL > NSS_IPSEC_XFRM_DEBUG_LVL_ERROR) { \
pr_alert("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__); \
} \
}
#define nss_ipsec_xfrm_warn(s, ...) { \
if (NSS_IPSEC_XFRM_DEBUG_LEVEL > NSS_IPSEC_XFRM_DEBUG_LVL_WARN) { \
pr_warn("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__); \
} \
}
#define nss_ipsec_xfrm_info(s, ...) { \
if (NSS_IPSEC_XFRM_DEBUG_LEVEL > NSS_IPSEC_XFRM_DEBUG_LVL_INFO) { \
pr_notice("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__); \
} \
}
#define nss_ipsec_xfrm_trace(s, ...) { \
if (NSS_IPSEC_XFRM_DEBUG_LEVEL > NSS_IPSEC_XFRM_DEBUG_LVL_TRACE) { \
pr_info("%s[%d]:" s, __func__, __LINE__, ##__VA_ARGS__); \
} \
}
#endif /* !CONFIG_DYNAMIC_DEBUG */
#define NSS_IPSEC_XFRM_PRINT_PAGES 2
#define NSS_IPSEC_XFRM_PRINT_BYTES(bytes) ((((bytes) * BITS_PER_BYTE) / 4) + 4)
#define NSS_IPSEC_XFRM_PRINT_DWORD NSS_IPSEC_XFRM_PRINT_BYTES(8)
#define NSS_IPSEC_XFRM_PRINT_WORD NSS_IPSEC_XFRM_PRINT_BYTES(4)
#define NSS_IPSEC_XFRM_PRINT_SHORT NSS_IPSEC_XFRM_PRINT_BYTES(2)
#define NSS_IPSEC_XFRM_PRINT_BYTE NSS_IPSEC_XFRM_PRINT_BYTES(1)
#define NSS_IPSEC_XFRM_PRINT_IPADDR (NSS_IPSEC_XFRM_PRINT_WORD * 4)
#define NSS_IPSEC_XFRM_PRINT_EXTRA 64 /* Bytes */
/*
* Statistics dump information
*/
struct nss_ipsec_xfrm_print {
char *str; /* Name of variable. */
ssize_t var_size; /* Size of variable in bytes. */
};
struct nss_ipsec_xfrm_fallback {
struct xfrm_state_afinfo *v4;
struct xfrm_state_afinfo *v6;
};
/*
* nss_ipsec_xfrm_drv_stats
* NSS IPSec DRV stats.
*/
struct nss_ipsec_xfrm_drv_stats {
atomic64_t encap_nss; /* Number of Packets sent(queued) to NSS for encap */
atomic64_t encap_drop; /* Number of Packets dropped that were trapped for encap */
atomic64_t decap_nss; /* Number of Packets queued to NSS for decap */
atomic64_t decap_drop; /* Number of Packets dropped that were trapped for decap */
atomic64_t inner_except; /* Number of inner exceptions that were indicated to stack*/
atomic64_t inner_drop; /* Number of inner exceptions that were dropped*/
atomic64_t outer_except; /* Number of outer exceptions that were sent out*/
atomic64_t outer_drop; /* Number of outer exceptions that were dropped */
atomic64_t tun_alloced; /* Number of tun objects created */
atomic64_t tun_dealloced; /* Number of tun objects created */
atomic64_t tun_freed; /* Number of tun objects released(freed) */
atomic64_t sa_alloced; /* Number of sa objects created */
atomic64_t sa_dealloced; /* Number of sa objects created */
atomic64_t sa_freed; /* Number of sa objects released(freed) */
atomic64_t flow_alloced; /* Number of flow objects created */
atomic64_t flow_dealloced; /* Number of flow objects created */
atomic64_t flow_freed; /* Number of flow objects deleted */
};
/*
* IPSec xfrm plugin instance
*/
struct nss_ipsec_xfrm_drv {
struct list_head tun_db[NSS_IPSEC_XFRM_TUN_DB_MAX]; /* Tunnel Hash Database */
struct list_head flow_db[NSS_IPSEC_XFRM_FLOW_DB_MAX]; /* Flow Hash Database */
struct nss_ipsec_xfrm_drv_stats stats; /* Statistics */
struct nss_ipsec_xfrm_fallback xsa; /* Pointers to original xfrm_state_afinfo instances */
struct completion complete; /* Completion for num of active tunnels to go zero. */
struct dentry *dentry; /* Debugfs root directory. */
size_t stats_len; /* Size of stats */
rwlock_t lock; /* Lock for DB operations */
atomic_t num_tunnels; /* Number of active tunnels */
uint32_t hash_nonce; /* One time random number */
};
/*
* nss_ipsec_xfrm_get_hash()
* Computes hash code for a given key
*/
static inline uint32_t nss_ipsec_xfrm_get_hash(uint32_t *key, uint32_t key_len, uint32_t seed)
{
return jhash2(key, key_len / sizeof(uint32_t), seed);
}
void nss_ipsec_xfrm_update_stats(struct nss_ipsec_xfrm_drv *drv, struct nss_ipsecmgr_sa_stats *stats);
#endif /* !__NSS_IPSEC_XFRM_H */