| /* |
| ************************************************************************** |
| * Copyright (c) 2018-2021, The Linux Foundation. All rights reserved. |
| * Permission to use, copy, modify, and/or distribute this software for |
| * any purpose with or without fee is hereby granted, provided that the |
| * above copyright notice and this permission notice appear in all copies. |
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT |
| * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| ************************************************************************** |
| */ |
| |
| /** |
| * @file nss_ipsec_cmn.h |
| * NSS IPsec interface definitions. |
| */ |
| |
| #ifndef __NSS_IPSEC_CMN_H_ |
| #define __NSS_IPSEC_CMN_H_ |
| |
| /** |
| * @addtogroup nss_ipsec_subsystem |
| * @{ |
| */ |
| |
| #define NSS_IPSEC_CMN_ARPHRD_IPSEC 31 /**< ARP (iana.org) hardware type for an IPsec tunnel. */ |
| |
| /** |
| * Flags for SA configuration. |
| */ |
| #define NSS_IPSEC_CMN_FLAG_IPV6 (0x1 << 0) /**< IPv6 header. */ |
| #define NSS_IPSEC_CMN_FLAG_IPV4_NATT (0x1 << 1) /**< IPv4 NAT traversal. */ |
| #define NSS_IPSEC_CMN_FLAG_IPV4_UDP (0x1 << 2) /**< IPv4 UDP traversal. */ |
| #define NSS_IPSEC_CMN_FLAG_ESP_ESN (0x1 << 3) /**< Enable ESP extended sequence number. */ |
| #define NSS_IPSEC_CMN_FLAG_ESP_SKIP (0x1 << 4) /**< Skip ESP sequence number and ICV. */ |
| #define NSS_IPSEC_CMN_FLAG_ESP_REPLAY (0x1 << 5) /**< Check ESP replay counter. */ |
| #define NSS_IPSEC_CMN_FLAG_CIPHER_NULL (0x1 << 6) /**< NULL cipher mode. */ |
| #define NSS_IPSEC_CMN_FLAG_CIPHER_GCM (0x1 << 7) /**< Galios counter mode. */ |
| #define NSS_IPSEC_CMN_FLAG_COPY_DSCP (0x1 << 8) /**< Copy DSCP from inner to outer header. */ |
| #define NSS_IPSEC_CMN_FLAG_COPY_DF (0x1 << 9) /**< Copy DF from inner node to outer node. */ |
| #define NSS_IPSEC_CMN_FLAG_MODE_TRANS (0x1 << 10) /**< Encapsulate or decapsulate in transport mode (default is tunnel mode). */ |
| |
| #define NSS_IPSEC_CMN_FLAG_HDR_MASK \ |
| (NSS_IPSEC_CMN_FLAG_IPV6 | NSS_IPSEC_CMN_FLAG_IPV4_NATT | NSS_IPSEC_CMN_FLAG_IPV4_UDP) |
| /**< Flag header mask. */ |
| |
| #define NSS_IPSEC_CMN_FEATURE_INLINE_ACCEL 0x1 /**< Interface enabled for inline exception. */ |
| |
| #define NSS_IPSEC_CMN_MDATA_VERSION 0x01 /**< Metadata version. */ |
| #define NSS_IPSEC_CMN_MDATA_MAGIC 0x8893 /**< Metadata magic. */ |
| #define NSS_IPSEC_CMN_MDATA_ORIGIN_HOST 0x01 /**< Metadata originates at the host. */ |
| #define NSS_IPSEC_CMN_MDATA_ALIGN_SZ sizeof(uint32_t) /**< Metadata alignment size. */ |
| /** |
| * nss_ipsec_cmn_msg_type |
| * IPsec message types. |
| */ |
| enum nss_ipsec_cmn_msg_type { |
| NSS_IPSEC_CMN_MSG_TYPE_NONE = 0, /**< Nothing to do. */ |
| NSS_IPSEC_CMN_MSG_TYPE_NODE_CONFIG = 1, /**< Configure IPsec node. */ |
| NSS_IPSEC_CMN_MSG_TYPE_CTX_CONFIG = 2, /**< Configure IPsec dynamic node. */ |
| NSS_IPSEC_CMN_MSG_TYPE_CTX_SYNC = 3, /**< Synchronize context statistics to host. */ |
| NSS_IPSEC_CMN_MSG_TYPE_SA_CREATE = 4, /**< Create SA. */ |
| NSS_IPSEC_CMN_MSG_TYPE_SA_DESTROY = 5, /**< Destroy SA. */ |
| NSS_IPSEC_CMN_MSG_TYPE_SA_SYNC = 6, /**< Synchronize SA statistics to host. */ |
| NSS_IPSEC_CMN_MSG_TYPE_FLOW_CREATE = 7, /**< Create flow. */ |
| NSS_IPSEC_CMN_MSG_TYPE_FLOW_DESTROY = 8, /**< Delete flow. */ |
| NSS_IPSEC_CMN_MSG_TYPE_MAX |
| }; |
| |
| /** |
| * nss_ipsec_cmn_msg_error |
| * IPsec message error types. |
| */ |
| enum nss_ipsec_cmn_msg_error { |
| NSS_IPSEC_CMN_MSG_ERROR_NONE = 0, /**< No error. */ |
| NSS_IPSEC_CMN_MSG_ERROR_CTX_INVAL = 1, /**< Invalid context. */ |
| NSS_IPSEC_CMN_MSG_ERROR_SA_ALLOC = 2, /**< Failed to allocate SA. */ |
| NSS_IPSEC_CMN_MSG_ERROR_SA_INVAL = 3, /**< Invalid SA. */ |
| NSS_IPSEC_CMN_MSG_ERROR_SA_DUP = 4, /**< SA exists. */ |
| NSS_IPSEC_CMN_MSG_ERROR_SA_INUSE = 5, /**< SA is in use. */ |
| NSS_IPSEC_CMN_MSG_ERROR_FLOW_ALLOC = 6, /**< Failed to allocate flow. */ |
| NSS_IPSEC_CMN_MSG_ERROR_FLOW_INVAL = 7, /**< Flow not found. */ |
| NSS_IPSEC_CMN_MSG_ERROR_FLOW_DUP = 8, /**< Duplicate flow. */ |
| NSS_IPSEC_CMN_MSG_ERROR_FLOW_SA = 9, /**< Failed to find SA for the flow. */ |
| NSS_IPSEC_CMN_MSG_ERROR_NODE_REG_DYNIF = 10, |
| /**< Error registering dynamic interface. */ |
| NSS_IPSEC_CMN_MSG_ERROR_UNHANDLED_MSG= 11, /**< Unhandled message type. */ |
| NSS_IPSEC_CMN_MSG_ERROR_MAX /**< Maximum error message. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_ctx_type |
| * IPsec context type. |
| */ |
| enum nss_ipsec_cmn_ctx_type { |
| NSS_IPSEC_CMN_CTX_TYPE_NONE = 0, /**< Invalid direction. */ |
| NSS_IPSEC_CMN_CTX_TYPE_INNER, /**< Encapsulation. */ |
| NSS_IPSEC_CMN_CTX_TYPE_MDATA_INNER, /**< Metadata for encapsulation. */ |
| NSS_IPSEC_CMN_CTX_TYPE_OUTER, /**< Decapsulation. */ |
| NSS_IPSEC_CMN_CTX_TYPE_MDATA_OUTER, /**< Metadata for decapsulation. */ |
| NSS_IPSEC_CMN_CTX_TYPE_REDIR, /**< Redirect. */ |
| NSS_IPSEC_CMN_CTX_TYPE_MAX |
| }; |
| |
| /** |
| * nss_ipsec_cmn_stats_types |
| * IPsec common statistics types. |
| */ |
| enum nss_ipsec_cmn_stats_types { |
| NSS_IPSEC_CMN_STATS_FAIL_HEADROOM = NSS_STATS_NODE_MAX, |
| /**< Failure in headroom check. */ |
| NSS_IPSEC_CMN_STATS_FAIL_TAILROOM, /**< Failure in tailroom check. */ |
| NSS_IPSEC_CMN_STATS_FAIL_REPLAY, /**< Failure in anti-replay check. */ |
| NSS_IPSEC_CMN_STATS_FAIL_REPLAY_DUP, /**< Failure in anti-replay; duplicate records. */ |
| NSS_IPSEC_CMN_STATS_FAIL_REPLAY_WIN, /**< Failure in anti-replay; packet outside the window. */ |
| NSS_IPSEC_CMN_STATS_FAIL_PBUF_CRYPTO, /**< Failure in crypto pbuf allocation. */ |
| NSS_IPSEC_CMN_STATS_FAIL_QUEUE, /**< Failure due to queue full in IPsec. */ |
| NSS_IPSEC_CMN_STATS_FAIL_QUEUE_CRYPTO, /**< Failure due to queue full in crypto. */ |
| NSS_IPSEC_CMN_STATS_FAIL_QUEUE_NEXTHOP, /**< Failure due to queue full in next hop. */ |
| NSS_IPSEC_CMN_STATS_FAIL_PBUF_ALLOC, /**< Failure in pbuf allocation. */ |
| NSS_IPSEC_CMN_STATS_FAIL_PBUF_LINEAR, /**< Failure in pbuf linearization. */ |
| NSS_IPSEC_CMN_STATS_FAIL_PBUF_STATS, /**< Failure in pbuf allocation for statistics. */ |
| NSS_IPSEC_CMN_STATS_FAIL_PBUF_ALIGN, /**< Failure in pbuf access due to non-word alignmnt */ |
| NSS_IPSEC_CMN_STATS_FAIL_CIPHER, /**< Failure in decrypting the data. */ |
| NSS_IPSEC_CMN_STATS_FAIL_AUTH, /**< Failure in authenticating the data. */ |
| NSS_IPSEC_CMN_STATS_FAIL_SEQ_OVF, /**< Failure due to sequence number rollover. */ |
| NSS_IPSEC_CMN_STATS_FAIL_BLK_LEN, /**< Failure in decapsulation due to bad cipher block length. */ |
| NSS_IPSEC_CMN_STATS_FAIL_HASH_LEN, /**< Failure in decapsulation due to bad hash block length. */ |
| NSS_IPSEC_CMN_STATS_FAIL_TRANSFORM, /**< Failure in transformation; general error. */ |
| NSS_IPSEC_CMN_STATS_FAIL_CRYPTO, /**< Failure in crypto transformation. */ |
| NSS_IPSEC_CMN_STATS_FAIL_CLE, /**< Failure in classification; general failure. */ |
| NSS_IPSEC_CMN_STATS_IS_STOPPED, /**< Indicates if SA is stopped; for example: sequence overflow. */ |
| NSS_IPSEC_CMN_STATS_MAX, /**< Maximum statistics type. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_flow_tuple |
| * IPsec tuple for creating flow entries. |
| * |
| * Note: This is a common selector which is used for preparing |
| * a lookup tuple for incoming packets. The tuple is used |
| * for computing the hash index in the flow table. There are multiple |
| * fields in the tuple and the recipient node decides which fields |
| * it must use from the tuple to calculate the hash index. The host |
| * has no view of the hash index and hence must compute its own index |
| * based on the tuple. |
| */ |
| struct nss_ipsec_cmn_flow_tuple { |
| uint32_t dest_ip[4]; /**< Destination IP. */ |
| uint32_t src_ip[4]; /**< Source IP. */ |
| uint32_t spi_index; /**< ESP SPI index. */ |
| |
| uint16_t dst_port; /**< Destination L4 port. */ |
| uint16_t src_port; /**< Source L4 port. */ |
| |
| uint8_t user_pattern; /**< User defined field. */ |
| uint8_t protocol; /**< IP protocol types. */ |
| uint8_t ip_ver; /**< IP version. */ |
| }; |
| |
| /** |
| *nss_ipsec_cmn_sa_tuple |
| * IPsec outer header configuration. |
| */ |
| struct nss_ipsec_cmn_sa_tuple { |
| uint32_t dest_ip[4]; /**< Destination IP. */ |
| uint32_t src_ip[4]; /**< Source IP. */ |
| uint32_t spi_index; /**< ESP SPI index. */ |
| |
| uint16_t dest_port; /* Destination L4 port. */ |
| uint16_t src_port; /* Source L4 port. */ |
| |
| uint16_t crypto_index; /**< Crypto index for the SA. */ |
| uint8_t protocol; /**< Outer protocol. */ |
| uint8_t ip_ver; /**< IP version. */ |
| |
| uint8_t hop_limit; /**< Time-to-Live or next hop limit. */ |
| uint8_t res[3]; /**< Reserved. */ |
| }; |
| |
| /** |
| *nss_ipsec_cmn_sa_data |
| * IPsec SA data used for transformation. |
| */ |
| struct nss_ipsec_cmn_sa_data { |
| uint32_t seq_start; /**< Starting sequence number. */ |
| uint32_t flags; /**< Configuration flags. */ |
| |
| uint16_t window_size; /**< ESP sequence number window. */ |
| uint8_t dscp; /**< Default DSCP value of the SA. */ |
| uint8_t df; /**< Default do not fragment value of the SA. */ |
| |
| uint8_t blk_len; /**< Cipher block length. */ |
| uint8_t iv_len; /**< IV length. */ |
| uint8_t icv_len; /**< ESP trailers ICV length to apply. */ |
| uint8_t res1; /**< Reserved. */ |
| |
| uint32_t res2[4]; /**< Reserved for future use. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_flow |
| * IPsec flow configuration message. |
| */ |
| struct nss_ipsec_cmn_flow { |
| struct nss_ipsec_cmn_flow_tuple flow_tuple; /**< Flow tuple. */ |
| struct nss_ipsec_cmn_sa_tuple sa_tuple; /**< SA tuple. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_sa |
| * IPsec SA configuration message. |
| */ |
| struct nss_ipsec_cmn_sa { |
| struct nss_ipsec_cmn_sa_tuple sa_tuple; /**< SA tuple. */ |
| struct nss_ipsec_cmn_sa_data sa_data; /**< SA data. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_ctx |
| * IPsec context configuration. |
| */ |
| struct nss_ipsec_cmn_ctx { |
| enum nss_ipsec_cmn_ctx_type type; /**< Node type. */ |
| uint32_t except_ifnum; /**< Exception interface for egress. */ |
| uint32_t sibling_ifnum; /**< Sibling interface. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_node |
| * IPsec node configuration. |
| */ |
| struct nss_ipsec_cmn_node { |
| bool dma_redirect; /**< Enable redirect DMA ring. */ |
| bool dma_lookaside; /**< Enable lookaside DMA ring. */ |
| uint16_t max_sa; /**< Maximum number of SA(s) supported. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_sa_replay |
| * IPsec replay statistics |
| */ |
| struct nss_ipsec_cmn_sa_replay { |
| uint64_t seq_start; /**< Start of replay window. */ |
| uint64_t seq_cur; /**< Current sequence number. */ |
| uint16_t window_size; /**< Window size. */ |
| uint8_t res[6]; /**< Reserved for future use. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_sa_stats |
| * IPsec SA statistics. |
| */ |
| struct nss_ipsec_cmn_sa_stats { |
| struct nss_cmn_node_stats cmn_stats; /**< Packet statistics. */ |
| uint32_t fail_headroom; /**< Failed headroom check. */ |
| uint32_t fail_tailroom; /**< Failed tailroom check. */ |
| uint32_t fail_replay; /**< Failure in anti-replay check. */ |
| uint32_t fail_replay_dup; /**< Failure in anti-replay; duplicate records. */ |
| uint32_t fail_replay_win; /**< Failure in anti-replay; packet outside the window. */ |
| uint32_t fail_pbuf_crypto; /**< Failed to allocate crypto pbuf. */ |
| uint32_t fail_queue; /**< Failure due to queue full in IPsec. */ |
| uint32_t fail_queue_crypto; /**< Failure due to queue full in crypto. */ |
| uint32_t fail_queue_nexthop; /**< Failure due to queue full in next hop. */ |
| uint32_t fail_pbuf_alloc; /**< Failure in pbuf allocation. */ |
| uint32_t fail_pbuf_linear; /**< Failure in pbuf linearization. */ |
| uint32_t fail_pbuf_stats; /**< Failure in pbuf allocation for statistics. */ |
| uint32_t fail_pbuf_align; /**< Failure in pbuf access due to non-word alignment. */ |
| uint32_t fail_cipher; /**< Failure in decrypting the data. */ |
| uint32_t fail_auth; /**< Failure in authenticating the data. */ |
| uint32_t fail_seq_ovf; /**< Failure due to sequence number rollover. */ |
| uint32_t fail_blk_len; /**< Failure in decapsulation due to bad cipher block length. */ |
| uint32_t fail_hash_len; /**< Failure in decapsulation due to bad hash block length. */ |
| uint32_t fail_transform; /**< Failure in transformation; general error. */ |
| uint32_t fail_crypto; /**< Failure in crypto transformation. */ |
| uint32_t fail_cle; /**< Failure in classification; general failure. */ |
| uint32_t is_stopped; /**< Indicates if SA is stopped; for example, sequence overflow. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_sa_sync |
| * IPsec SA sync message. |
| */ |
| struct nss_ipsec_cmn_sa_sync { |
| struct nss_ipsec_cmn_sa_replay replay; /**< Replay statistics. */ |
| struct nss_ipsec_cmn_sa_tuple sa_tuple; /**< SA tuple. */ |
| struct nss_ipsec_cmn_sa_stats stats; /**< Packet and failure statistics. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_ctx_stats |
| * IPsec context statistics. |
| */ |
| struct nss_ipsec_cmn_ctx_stats { |
| struct nss_cmn_node_stats cmn_stats; |
| /**< Packet statistics. */ |
| uint32_t exceptioned; /**< Exceptioned to host. */ |
| uint32_t linearized; /**< Linearized packets. */ |
| uint32_t redirected; /**< Redirected from inline. */ |
| uint32_t dropped; /**< Total dropped packets. */ |
| uint32_t fail_sa; /**< Failed to find SA. */ |
| uint32_t fail_flow; /**< Failed to find flow. */ |
| uint32_t fail_stats; /**< Failed to send statistics. */ |
| uint32_t fail_exception; /**< Failed to exception. */ |
| uint32_t fail_transform; /**< Failed to produce output. */ |
| uint32_t fail_linearized; /**< Failed to linearize. */ |
| uint32_t fail_mdata_ver; /**< Invalid metadata version. */ |
| uint32_t fail_ctx_active; /**< Failed to queue as context is not active. */ |
| uint32_t fail_pbuf_crypto; /**< Failed to allocate pbuf for crypto operation. */ |
| uint32_t fail_queue_crypto; /**< Failed to queue pbuf to crypto pnode. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_ctx_sync |
| * IPsec context synchronous message. |
| */ |
| struct nss_ipsec_cmn_ctx_sync { |
| enum nss_ipsec_cmn_ctx_type type; /**< IPsec context type. */ |
| struct nss_ipsec_cmn_ctx_stats stats; /**< Context statistics. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_mdata_cmn |
| * IPsec common metadata information. |
| */ |
| struct nss_ipsec_cmn_mdata_cmn { |
| uint8_t version; /**< Metadata version. */ |
| uint8_t origin; /**< Metadata origin (host or NSS). */ |
| uint16_t len; /**< Metadata length including extra bytes. */ |
| uint8_t res[2]; /**< Reserved for future. */ |
| uint16_t magic; /**< Metadata magic. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_mdata_encap |
| * IPsec encapsulation metadata information. |
| */ |
| struct nss_ipsec_cmn_mdata_encap { |
| struct nss_ipsec_cmn_sa_tuple sa; /**< SA tuple. */ |
| uint32_t seq_num; /**< Sequence number for encapsulation (zero disables it). */ |
| uint16_t data_len; /**< Length of data to encapsulate. */ |
| uint16_t flags; /**< Encapsulation metadata flags. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_mdata_decap |
| * IPsec decapsulation metadata information. |
| */ |
| struct nss_ipsec_cmn_mdata_decap { |
| struct nss_ipsec_cmn_sa_tuple sa; /**< SA tuple. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_mdata |
| * IPsec metadata for host originated packets. |
| */ |
| struct nss_ipsec_cmn_mdata { |
| struct nss_ipsec_cmn_mdata_cmn cm; /**< Common metadata. */ |
| |
| union { |
| struct nss_ipsec_cmn_mdata_encap encap; /**< Encapsulation metadata. */ |
| struct nss_ipsec_cmn_mdata_decap decap; /**< Decapsulation metadata. */ |
| } data; /**< Metadata payload. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_stats_notification |
| * IPsec common transmission statistics structure. |
| */ |
| struct nss_ipsec_cmn_stats_notification { |
| uint64_t stats_ctx[NSS_IPSEC_CMN_STATS_MAX]; /**< Context transmission statistics. */ |
| uint32_t core_id; /**< Core ID. */ |
| uint32_t if_num; /**< Interface number. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_msg |
| * Message structure for NSS IPsec messages. |
| */ |
| struct nss_ipsec_cmn_msg { |
| struct nss_cmn_msg cm; /**< Common message header. */ |
| |
| /** |
| * Payload of IPsec interface message. |
| */ |
| union { |
| struct nss_ipsec_cmn_node node; /**< Node configuration message. */ |
| struct nss_ipsec_cmn_ctx ctx; /**< Context configuration message. */ |
| struct nss_ipsec_cmn_sa sa; /**< SA configuration message. */ |
| struct nss_ipsec_cmn_flow flow; /**< Flow configuration message. */ |
| struct nss_ipsec_cmn_sa_sync sa_sync; /**< SA statistics message. */ |
| struct nss_ipsec_cmn_ctx_sync ctx_sync; /**< Context statistics message. */ |
| } msg; /**< Message payload. */ |
| }; |
| |
| /** |
| * nss_ipsec_cmn_mdata_init |
| * Initialize the metadata common fields. |
| * |
| * @datatypes |
| * nss_ipsec_cmn_mdata |
| * |
| * @param[in] mdata Metadata pointer. |
| * @param[in] len Metadata length including extra bytes. |
| * |
| * @return |
| * Pointer to metadata payload. |
| */ |
| static inline void *nss_ipsec_cmn_mdata_init(struct nss_ipsec_cmn_mdata *mdata, uint16_t len) |
| { |
| mdata->cm.len = len; |
| mdata->cm.magic = NSS_IPSEC_CMN_MDATA_MAGIC; |
| mdata->cm.version = NSS_IPSEC_CMN_MDATA_VERSION; |
| mdata->cm.origin = NSS_IPSEC_CMN_MDATA_ORIGIN_HOST; |
| |
| return &mdata->data; |
| } |
| |
| /** |
| * Callback function for receiving message notifications. |
| * |
| * @datatypes |
| * nss_ipsec_cmn_msg |
| * |
| * @param[in] app_data Pointer to the application context of the message. |
| * @param[in] msg Pointer to the message data. |
| */ |
| typedef void (*nss_ipsec_cmn_msg_callback_t)(void *app_data, struct nss_cmn_msg *msg); |
| |
| /** |
| * Callback function for receiving data. |
| * |
| * @datatypes |
| * net_device \n |
| * sk_buff \n |
| * napi_struct |
| * |
| * @param[in] netdev Pointer to the associated network device. |
| * @param[in] skb Pointer to the message data. |
| * @param[in] napi Pointer to the NAPI structure. |
| */ |
| typedef void (*nss_ipsec_cmn_data_callback_t)(struct net_device *netdev, struct sk_buff *skb, struct napi_struct *napi); |
| |
| /** |
| * nss_ipsec_cmn_get_context |
| * Gets the NSS context for the IPsec handle. |
| * |
| * @return |
| * Pointer to the NSS core context. |
| */ |
| extern struct nss_ctx_instance *nss_ipsec_cmn_get_context(void); |
| |
| /** |
| * nss_ipsec_cmn_get_ifnum_with_coreid |
| * Gets the IPsec interface number with a core ID. |
| * |
| * @param[in] ifnum NSS interface number. |
| * |
| * @return |
| * Interface number with the core ID. |
| */ |
| extern uint32_t nss_ipsec_cmn_get_ifnum_with_coreid(int32_t ifnum); |
| |
| /** |
| * nss_ipsec_cmn_unregister_if |
| * Deregisters an IPSEC tunnel interface from the NSS. |
| * |
| * @param[in] if_num NSS interface number. |
| * |
| * @return |
| * None. |
| * |
| * @dependencies |
| * The tunnel interface must have been previously registered. |
| * |
| * @return |
| * True if successful, else false. |
| */ |
| extern bool nss_ipsec_cmn_unregister_if(uint32_t if_num); |
| |
| /** |
| * nss_ipsec_cmn_register_if |
| * Registers the IPsec interface with the NSS for sending and |
| * receiving messages. |
| * |
| * @datatypes |
| * nss_ipsec_cmn_data_callback_t \n |
| * nss_ipsec_cmn_msg_callback_t \n |
| * nss_dynamic_interface_type \n |
| * net_device |
| * |
| * @param[in] if_num NSS interface number. |
| * @param[in] netdev Pointer to the associated network device. |
| * @param[in] cb_data Callback for the data. |
| * @param[in] cb_msg Callback for the message. |
| * @param[in] features Socket buffer types supported by this interface. |
| * @param[in] type Dynamic interface type. |
| * @param[in] app_data Application context. |
| * |
| * @return |
| * Pointer to the NSS core context. |
| */ |
| extern struct nss_ctx_instance *nss_ipsec_cmn_register_if(uint32_t if_num, struct net_device *netdev, |
| nss_ipsec_cmn_data_callback_t cb_data, |
| nss_ipsec_cmn_msg_callback_t cb_msg, |
| uint32_t features, enum nss_dynamic_interface_type type, void *app_data); |
| |
| /** |
| * nss_ipsec_cmn_notify_unregister |
| * Deregisters the message notifier from the HLOS driver. |
| * |
| * @datatypes |
| * nss_ctx_instance |
| * |
| * @param[in,out] ctx Pointer to the context of the HLOS driver. |
| * @param[in] if_num NSS interface number. |
| * |
| * @return |
| * None. |
| * |
| * @dependencies |
| * The message notifier must have been previously registered. |
| */ |
| extern void nss_ipsec_cmn_notify_unregister(struct nss_ctx_instance *ctx, uint32_t if_num); |
| |
| /** |
| * nss_ipsec_cmn_notify_register |
| * Registers an event callback to handle notifications from the IPsec firmware package. |
| * |
| * @datatypes |
| * nss_ipsec_cmn_msg_callback_t \n |
| * |
| * @param[in] ifnum NSS interface number. |
| * @param[in] cb Callback for IPsec message. |
| * @param[in] app_data Pointer to the application context. |
| * |
| * @return |
| * Pointer to the NSS core context. |
| */ |
| extern struct nss_ctx_instance *nss_ipsec_cmn_notify_register(uint32_t ifnum, nss_ipsec_cmn_msg_callback_t cb, void *app_data); |
| |
| /** |
| * nss_ipsec_cmn_msg_init |
| * Initializes an IPsec message. |
| * |
| * @datatypes |
| * nss_ipsec_cmn_msg \n |
| * nss_ipsec_cmn_msg_type \n |
| * nss_ipsec_cmn_msg_callback_t |
| * |
| * @param[in,out] nim Pointer to the NSS interface message. |
| * @param[in] if_num NSS interface number. |
| * @param[in] type Type of message. |
| * @param[in] len Size of the payload. |
| * @param[in] cb Callback function for the message. |
| * @param[in] app_data Pointer to the application context of the message. |
| * |
| * @return |
| * None. |
| */ |
| extern void nss_ipsec_cmn_msg_init(struct nss_ipsec_cmn_msg *nim, uint16_t if_num, enum nss_ipsec_cmn_msg_type type, |
| uint16_t len, nss_ipsec_cmn_msg_callback_t cb, void *app_data); |
| |
| /** |
| * nss_ipsec_cmn_tx_msg |
| * Sends an asynchronous IPsec message to the NSS. |
| * |
| * @datatypes |
| * nss_ctx_instance \n |
| * nss_ipsec_cmn_msg |
| * |
| * @param[in] nss_ctx Pointer to the NSS HLOS driver context. |
| * @param[in] msg Pointer to the message data. |
| * |
| * @return |
| * Status of the Tx operation. |
| */ |
| extern nss_tx_status_t nss_ipsec_cmn_tx_msg(struct nss_ctx_instance *nss_ctx, struct nss_ipsec_cmn_msg *msg); |
| |
| /** |
| * nss_ipsec_cmn_tx_msg_sync |
| * Sends a synchronous IPsec message to the NSS. |
| * |
| * @datatypes |
| * nss_ctx_instance \n |
| * nss_ipsec_cmn_msg_type \n |
| * nss_ipsec_cmn_msg |
| * |
| * @param[in] nss_ctx Pointer to the NSS HLOS driver context. |
| * @param[in] if_num NSS interface number. |
| * @param[in] type Type of message. |
| * @param[in] len Size of the payload. |
| * @param[in] nicm Pointer to the NSS IPsec message. |
| * |
| * @return |
| * Status of the Tx operation. |
| */ |
| extern nss_tx_status_t nss_ipsec_cmn_tx_msg_sync(struct nss_ctx_instance *nss_ctx, uint32_t if_num, |
| enum nss_ipsec_cmn_msg_type type, uint16_t len, |
| struct nss_ipsec_cmn_msg *nicm); |
| |
| /** |
| * nss_ipsec_cmn_tx_buf |
| * Sends a buffer to NSS for IPsec encapsulation or de-capsulation. |
| * |
| * @datatypes |
| * sk_buff \n |
| * nss_ctx_instance |
| * |
| * @param[in] nss_ctx Pointer to the NSS HLOS driver context. |
| * @param[in] skb Pointer to the message data. |
| * @param[in] if_num Pointer to the NSS interface number. |
| * |
| * @return |
| * Status of the Tx operation. |
| */ |
| extern nss_tx_status_t nss_ipsec_cmn_tx_buf(struct nss_ctx_instance *nss_ctx, struct sk_buff *skb, uint32_t if_num); |
| |
| /** |
| * nss_ipsec_cmn_ppe_port_config |
| * Configure Packet Processing Engine IPsec port. |
| * |
| * @datatypes |
| * nss_ctx_instance \n |
| * net_device |
| * |
| * @param[in] ctx Pointer to the context of the HLOS driver. |
| * @param[in] netdev Pointer to the associated network device. |
| * @param[in] if_num Data interface number. |
| * @param[in] vsi_num Virtual switch instance number. |
| * |
| * @return |
| * True if successful, else false. |
| */ |
| extern bool nss_ipsec_cmn_ppe_port_config(struct nss_ctx_instance *ctx, struct net_device *netdev, |
| uint32_t if_num, uint32_t vsi_num); |
| |
| /** |
| * nss_ipsec_cmn_ppe_mtu_update() |
| * Configure Packet Processing Engine MTU for IPsec inline. |
| * |
| * @datatypes |
| * nss_ctx_instance |
| * |
| * @param[in] ctx Pointer to the context of the HLOS driver. |
| * @param[in] if_num Data interface number. |
| * @param[in] mtu Maximum transmission unit of interface number. |
| * @param[in] mru Maximum receive unit of interface number. |
| * |
| * @return |
| * True if successful, else false. |
| */ |
| bool nss_ipsec_cmn_ppe_mtu_update(struct nss_ctx_instance *ctx, uint32_t if_num, uint16_t mtu, uint16_t mru); |
| |
| /** |
| * nss_ipsec_cmn_stats_unregister_notifier |
| * Deregisters a statistics notifier. |
| * |
| * @datatypes |
| * notifier_block |
| * |
| * @param[in] nb Notifier block. |
| * |
| * @return |
| * 0 on success or non-zero on failure. |
| */ |
| extern int nss_ipsec_cmn_stats_unregister_notifier(struct notifier_block *nb); |
| |
| /** |
| * nss_ipsec_cmn_stats_register_notifier |
| * Registers a statistics notifier. |
| * |
| * @datatypes |
| * notifier_block |
| * |
| * @param[in] nb Notifier block. |
| * |
| * @return |
| * 0 on success or non-zero on failure. |
| */ |
| extern int nss_ipsec_cmn_stats_register_notifier(struct notifier_block *nb); |
| |
| /** |
| * @} |
| */ |
| |
| #endif /* !__NSS_IPSEC_CMN_H */ |