From nobody Fri Jul 12 11:25:05 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WL8QT3xZTz5QBkB;
Fri, 12 Jul 2024 11:25:05 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4WL8QT23S9z4j7y;
Fri, 12 Jul 2024 11:25:05 +0000 (UTC)
(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
t=1720783505;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=qA0GejZFLzAqUveOw/QcGas+DUXNB5j2OqnU+/IYbkw=;
b=Uo1N2Ih9cDs6b0+g3hlNSdhyImYqO75DdsuUmw+SgcHpmCgFbN/X+asZpHO2/kaRkbw9DI
KtfOb/gPBJR4vHZlFZJqoj/0h2NwJSdS/7ZDNcgq8vpuCj3eb6PsYl80vyAiexKItxUYfG
giPnjR7W9QG1E0iFc1yylMljA/3Zd8E+IZVA5Nolf43snjJdMnK1OJNATcIQia7pNygUjp
qKaZJ+dxG2Xl4H58mH1fV86RyM2mA13Wev6G+lXFgi9dsmuQhiKnMqhuHb1Wr/RHKS5Rof
/IzQU+awdguPONemwEePBLHQpBIKdxnm6MN7Y5dZlPJwvm7UrgoVNsmLC2hDYw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1720783505; a=rsa-sha256; cv=none;
b=Ihaxl/tinwcItud2boiTNT1sb1i14izrW7fZZoH0GVbcZziQnKQNGvowo4eAmTWUlnBUQG
/PogbEJy0HdUHtofPB1vP67JVFtnbMqrIud6tYVvw3HIH10CjIk3BY+clfNAwqxSTcwxQk
Io8AhpGpUnRsvEN7quRKIW5w0T/wJpu5iE1rxlCctU2eWZHgyQ92mXzxiaZ1KXzBg81/dZ
N8UmSYOJWKv4Qr5ef1O36p6zzEw1Tu3WOGU4kV169v2CGfjck3RXxoXup2J2yJDLfrO95b
Y3C+skk76444+w9xjl49jx4EBnsNLRFMBufXr6RFvAI+NrqaznW1xZdty1Y49w==
ARC-Authentication-Results: i=1;
mx1.freebsd.org;
none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
s=dkim; t=1720783505;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=qA0GejZFLzAqUveOw/QcGas+DUXNB5j2OqnU+/IYbkw=;
b=mEf++Th65Wos18ILa1nQW5JKfzacJL9sMXmPcDUJAQsnXAB6pK0mxkrlDP0Akn0ouH/orp
gUAVVehVYpxZ8memz3pqKRsR4EqnJ/hEwlNPadvnQ8Pn0FDNXJ/XH52sa/waMqj93aZJrk
MQMMAPysyHqzOo6GV/mFdgBxtmNwr6CBdwNienKbK6QWq4iq3gDlQGvdYVJEY04nNjJTXb
D1GHnEtdr5Dih7gL54KRZcqBOGPDwzNObZadW6wVBef+G808ZhKG7Q1RkpDq7yFnVi+WjA
GzM7c0jWze4//CnaU4Xpkv9aF7A7eJg4sI2EP8SAmDdlCjg4HVycuOisG6JuHQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WL8QT1gThzhgh;
Fri, 12 Jul 2024 11:25:05 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46CBP5mV092987;
Fri, 12 Jul 2024 11:25:05 GMT
(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46CBP56s092984;
Fri, 12 Jul 2024 11:25:05 GMT
(envelope-from git)
Date: Fri, 12 Jul 2024 11:25:05 GMT
Message-Id: <202407121125.46CBP56s092984@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
dev-commits-src-main@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: 2131654bde1f - main - sys/net: Add IPSEC_OFFLOAD
interface cap and methods structure
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 2131654bde1f91b04c959b388cffbf825a433d27
Auto-Submitted: auto-generated
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=2131654bde1f91b04c959b388cffbf825a433d27
commit 2131654bde1f91b04c959b388cffbf825a433d27
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2024-02-07 01:51:21 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2024-07-12 03:29:32 +0000
sys/net: Add IPSEC_OFFLOAD interface cap and methods structure
Reviewed by: glebius
Sponsored by: NVIDIA networking
Differential revision: https://reviews.freebsd.org/D44314
---
sys/net/if.c | 7 +++++++
sys/net/if.h | 4 +++-
sys/net/if_private.h | 2 ++
sys/net/if_strings.h | 3 +++
sys/net/if_var.h | 30 ++++++++++++++++++++++++++++++
5 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/sys/net/if.c b/sys/net/if.c
index ee8fe533f338..604a93aa7cba 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -2392,6 +2392,7 @@ const struct ifcap_nv_bit_name ifcap_nv_bit_names[] = {
const struct ifcap_nv_bit_name ifcap2_nv_bit_names[] = {
CAP2NV(RXTLS4),
CAP2NV(RXTLS6),
+ CAP2NV(IPSEC_OFFLOAD),
{0, NULL}
};
#undef CAPNV
@@ -5149,6 +5150,12 @@ if_getl2com(if_t ifp)
return (ifp->if_l2com);
}
+void
+if_setipsec_accel_methods(if_t ifp, const struct if_ipsec_accel_methods *m)
+{
+ ifp->if_ipsec_accel_m = m;
+}
+
#ifdef DDB
static void
if_show_ifnet(struct ifnet *ifp)
diff --git a/sys/net/if.h b/sys/net/if.h
index cbd69b4912ed..5c4b0637b25a 100644
--- a/sys/net/if.h
+++ b/sys/net/if.h
@@ -255,7 +255,8 @@ struct if_data {
#define IFCAP_B_TXTLS_RTLMT 31 /* can do TLS with rate limiting */
#define IFCAP_B_RXTLS4 32 /* can to TLS receive for TCP */
#define IFCAP_B_RXTLS6 33 /* can to TLS receive for TCP6 */
-#define __IFCAP_B_SIZE 34
+#define IFCAP_B_IPSEC_OFFLOAD 34 /* inline IPSEC offload */
+#define __IFCAP_B_SIZE 35
#define IFCAP_B_MAX (__IFCAP_B_MAX - 1)
#define IFCAP_B_SIZE (__IFCAP_B_SIZE)
@@ -298,6 +299,7 @@ struct if_data {
/* IFCAP2_* are integers, not bits. */
#define IFCAP2_RXTLS4 (IFCAP_B_RXTLS4 - 32)
#define IFCAP2_RXTLS6 (IFCAP_B_RXTLS6 - 32)
+#define IFCAP2_IPSEC_OFFLOAD (IFCAP_B_IPSEC_OFFLOAD - 32)
#define IFCAP2_BIT(x) (1UL << (x))
diff --git a/sys/net/if_private.h b/sys/net/if_private.h
index 1aaf9d217f0d..3da529e6b22e 100644
--- a/sys/net/if_private.h
+++ b/sys/net/if_private.h
@@ -138,6 +138,8 @@ struct ifnet {
int (*if_requestencap) /* make link header from request */
(struct ifnet *, struct if_encap_req *);
+ const struct if_ipsec_accel_methods *if_ipsec_accel_m;
+
/* Statistics. */
counter_u64_t if_counters[IFCOUNTERS];
diff --git a/sys/net/if_strings.h b/sys/net/if_strings.h
index bea15cfa9de5..a127fa273a8b 100644
--- a/sys/net/if_strings.h
+++ b/sys/net/if_strings.h
@@ -60,9 +60,11 @@
#define IFCAP_TXTLS_RTLMT_NAME "TXTLS_RTLMT"
#define IFCAP_RXTLS4_NAME "RXTLS4"
#define IFCAP_RXTLS6_NAME "RXTLS6"
+#define IFCAP_IPSEC_OFFLOAD_NAME "IPSEC"
#define IFCAP2_RXTLS4_NAME IFCAP_RXTLS4_NAME
#define IFCAP2_RXTLS6_NAME IFCAP_RXTLS6_NAME
+#define IFCAP2_IPSEC_OFFLOAD_NAME IFCAP_IPSEC_OFFLOAD_NAME
static const char *ifcap_bit_names[] = {
IFCAP_RXCSUM_NAME,
@@ -99,6 +101,7 @@ static const char *ifcap_bit_names[] = {
IFCAP_TXTLS_RTLMT_NAME,
IFCAP_RXTLS4_NAME,
IFCAP_RXTLS6_NAME,
+ IFCAP_IPSEC_OFFLOAD_NAME,
};
#ifdef IFCAP_B_SIZE
diff --git a/sys/net/if_var.h b/sys/net/if_var.h
index 1b9e158a1b29..3e094dcb3cd5 100644
--- a/sys/net/if_var.h
+++ b/sys/net/if_var.h
@@ -131,6 +131,23 @@ typedef void (*if_qflush_fn_t)(if_t);
typedef int (*if_transmit_fn_t)(if_t, struct mbuf *);
typedef uint64_t (*if_get_counter_t)(if_t, ift_counter);
typedef void (*if_reassign_fn_t)(if_t, struct vnet *, char *);
+typedef int (*if_spdadd_fn_t)(if_t, void *sp, void *inp, void **priv);
+typedef int (*if_spddel_fn_t)(if_t, void *sp, void *priv);
+typedef int (*if_sa_newkey_fn_t)(if_t ifp, void *sav, u_int drv_spi,
+ void **privp);
+typedef int (*if_sa_deinstall_fn_t)(if_t ifp, u_int drv_spi, void *priv);
+struct seclifetime;
+#define IF_SA_CNT_UPD 0x80000000
+enum IF_SA_CNT_WHICH {
+ IF_SA_CNT_IFP_HW_VAL = 1,
+ IF_SA_CNT_TOTAL_SW_VAL,
+ IF_SA_CNT_TOTAL_HW_VAL,
+ IF_SA_CNT_IFP_HW_UPD = IF_SA_CNT_IFP_HW_VAL | IF_SA_CNT_UPD,
+ IF_SA_CNT_TOTAL_SW_UPD = IF_SA_CNT_TOTAL_SW_VAL | IF_SA_CNT_UPD,
+ IF_SA_CNT_TOTAL_HW_UPD = IF_SA_CNT_TOTAL_HW_VAL | IF_SA_CNT_UPD,
+};
+typedef int (*if_sa_cnt_fn_t)(if_t ifp, void *sa,
+ uint32_t drv_spi, void *priv, struct seclifetime *lt);
struct ifnet_hw_tsomax {
u_int tsomaxbytes; /* TSO total burst length limit in bytes */
@@ -700,6 +717,19 @@ void if_setdebugnet_methods(if_t, struct debugnet_methods *);
void if_setreassignfn(if_t ifp, if_reassign_fn_t);
void if_setratelimitqueryfn(if_t ifp, if_ratelimit_query_t);
+/*
+ * NB: The interface is not yet stable, drivers implementing IPSEC
+ * offload need to be prepared to adapt to changes.
+ */
+struct if_ipsec_accel_methods {
+ if_spdadd_fn_t if_spdadd;
+ if_spddel_fn_t if_spddel;
+ if_sa_newkey_fn_t if_sa_newkey;
+ if_sa_deinstall_fn_t if_sa_deinstall;
+ if_sa_cnt_fn_t if_sa_cnt;
+};
+void if_setipsec_accel_methods(if_t ifp, const struct if_ipsec_accel_methods *);
+
/* TSO */
void if_hw_tsomax_common(if_t ifp, struct ifnet_hw_tsomax *);
int if_hw_tsomax_update(if_t ifp, struct ifnet_hw_tsomax *);