From nobody Fri Jul 12 11:25:05 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WL8QT3xZTz5QBkB; Fri, 12 Jul 2024 11:25:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WL8QT23S9z4j7y; Fri, 12 Jul 2024 11:25:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720783505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qA0GejZFLzAqUveOw/QcGas+DUXNB5j2OqnU+/IYbkw=; b=Uo1N2Ih9cDs6b0+g3hlNSdhyImYqO75DdsuUmw+SgcHpmCgFbN/X+asZpHO2/kaRkbw9DI KtfOb/gPBJR4vHZlFZJqoj/0h2NwJSdS/7ZDNcgq8vpuCj3eb6PsYl80vyAiexKItxUYfG giPnjR7W9QG1E0iFc1yylMljA/3Zd8E+IZVA5Nolf43snjJdMnK1OJNATcIQia7pNygUjp qKaZJ+dxG2Xl4H58mH1fV86RyM2mA13Wev6G+lXFgi9dsmuQhiKnMqhuHb1Wr/RHKS5Rof /IzQU+awdguPONemwEePBLHQpBIKdxnm6MN7Y5dZlPJwvm7UrgoVNsmLC2hDYw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1720783505; a=rsa-sha256; cv=none; b=Ihaxl/tinwcItud2boiTNT1sb1i14izrW7fZZoH0GVbcZziQnKQNGvowo4eAmTWUlnBUQG /PogbEJy0HdUHtofPB1vP67JVFtnbMqrIud6tYVvw3HIH10CjIk3BY+clfNAwqxSTcwxQk Io8AhpGpUnRsvEN7quRKIW5w0T/wJpu5iE1rxlCctU2eWZHgyQ92mXzxiaZ1KXzBg81/dZ N8UmSYOJWKv4Qr5ef1O36p6zzEw1Tu3WOGU4kV169v2CGfjck3RXxoXup2J2yJDLfrO95b Y3C+skk76444+w9xjl49jx4EBnsNLRFMBufXr6RFvAI+NrqaznW1xZdty1Y49w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720783505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qA0GejZFLzAqUveOw/QcGas+DUXNB5j2OqnU+/IYbkw=; b=mEf++Th65Wos18ILa1nQW5JKfzacJL9sMXmPcDUJAQsnXAB6pK0mxkrlDP0Akn0ouH/orp gUAVVehVYpxZ8memz3pqKRsR4EqnJ/hEwlNPadvnQ8Pn0FDNXJ/XH52sa/waMqj93aZJrk MQMMAPysyHqzOo6GV/mFdgBxtmNwr6CBdwNienKbK6QWq4iq3gDlQGvdYVJEY04nNjJTXb D1GHnEtdr5Dih7gL54KRZcqBOGPDwzNObZadW6wVBef+G808ZhKG7Q1RkpDq7yFnVi+WjA GzM7c0jWze4//CnaU4Xpkv9aF7A7eJg4sI2EP8SAmDdlCjg4HVycuOisG6JuHQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WL8QT1gThzhgh; Fri, 12 Jul 2024 11:25:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46CBP5mV092987; Fri, 12 Jul 2024 11:25:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46CBP56s092984; Fri, 12 Jul 2024 11:25:05 GMT (envelope-from git) Date: Fri, 12 Jul 2024 11:25:05 GMT Message-Id: <202407121125.46CBP56s092984@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 2131654bde1f - main - sys/net: Add IPSEC_OFFLOAD interface cap and methods structure List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2131654bde1f91b04c959b388cffbf825a433d27 Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=2131654bde1f91b04c959b388cffbf825a433d27 commit 2131654bde1f91b04c959b388cffbf825a433d27 Author: Konstantin Belousov AuthorDate: 2024-02-07 01:51:21 +0000 Commit: Konstantin Belousov CommitDate: 2024-07-12 03:29:32 +0000 sys/net: Add IPSEC_OFFLOAD interface cap and methods structure Reviewed by: glebius Sponsored by: NVIDIA networking Differential revision: https://reviews.freebsd.org/D44314 --- sys/net/if.c | 7 +++++++ sys/net/if.h | 4 +++- sys/net/if_private.h | 2 ++ sys/net/if_strings.h | 3 +++ sys/net/if_var.h | 30 ++++++++++++++++++++++++++++++ 5 files changed, 45 insertions(+), 1 deletion(-) diff --git a/sys/net/if.c b/sys/net/if.c index ee8fe533f338..604a93aa7cba 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -2392,6 +2392,7 @@ const struct ifcap_nv_bit_name ifcap_nv_bit_names[] = { const struct ifcap_nv_bit_name ifcap2_nv_bit_names[] = { CAP2NV(RXTLS4), CAP2NV(RXTLS6), + CAP2NV(IPSEC_OFFLOAD), {0, NULL} }; #undef CAPNV @@ -5149,6 +5150,12 @@ if_getl2com(if_t ifp) return (ifp->if_l2com); } +void +if_setipsec_accel_methods(if_t ifp, const struct if_ipsec_accel_methods *m) +{ + ifp->if_ipsec_accel_m = m; +} + #ifdef DDB static void if_show_ifnet(struct ifnet *ifp) diff --git a/sys/net/if.h b/sys/net/if.h index cbd69b4912ed..5c4b0637b25a 100644 --- a/sys/net/if.h +++ b/sys/net/if.h @@ -255,7 +255,8 @@ struct if_data { #define IFCAP_B_TXTLS_RTLMT 31 /* can do TLS with rate limiting */ #define IFCAP_B_RXTLS4 32 /* can to TLS receive for TCP */ #define IFCAP_B_RXTLS6 33 /* can to TLS receive for TCP6 */ -#define __IFCAP_B_SIZE 34 +#define IFCAP_B_IPSEC_OFFLOAD 34 /* inline IPSEC offload */ +#define __IFCAP_B_SIZE 35 #define IFCAP_B_MAX (__IFCAP_B_MAX - 1) #define IFCAP_B_SIZE (__IFCAP_B_SIZE) @@ -298,6 +299,7 @@ struct if_data { /* IFCAP2_* are integers, not bits. */ #define IFCAP2_RXTLS4 (IFCAP_B_RXTLS4 - 32) #define IFCAP2_RXTLS6 (IFCAP_B_RXTLS6 - 32) +#define IFCAP2_IPSEC_OFFLOAD (IFCAP_B_IPSEC_OFFLOAD - 32) #define IFCAP2_BIT(x) (1UL << (x)) diff --git a/sys/net/if_private.h b/sys/net/if_private.h index 1aaf9d217f0d..3da529e6b22e 100644 --- a/sys/net/if_private.h +++ b/sys/net/if_private.h @@ -138,6 +138,8 @@ struct ifnet { int (*if_requestencap) /* make link header from request */ (struct ifnet *, struct if_encap_req *); + const struct if_ipsec_accel_methods *if_ipsec_accel_m; + /* Statistics. */ counter_u64_t if_counters[IFCOUNTERS]; diff --git a/sys/net/if_strings.h b/sys/net/if_strings.h index bea15cfa9de5..a127fa273a8b 100644 --- a/sys/net/if_strings.h +++ b/sys/net/if_strings.h @@ -60,9 +60,11 @@ #define IFCAP_TXTLS_RTLMT_NAME "TXTLS_RTLMT" #define IFCAP_RXTLS4_NAME "RXTLS4" #define IFCAP_RXTLS6_NAME "RXTLS6" +#define IFCAP_IPSEC_OFFLOAD_NAME "IPSEC" #define IFCAP2_RXTLS4_NAME IFCAP_RXTLS4_NAME #define IFCAP2_RXTLS6_NAME IFCAP_RXTLS6_NAME +#define IFCAP2_IPSEC_OFFLOAD_NAME IFCAP_IPSEC_OFFLOAD_NAME static const char *ifcap_bit_names[] = { IFCAP_RXCSUM_NAME, @@ -99,6 +101,7 @@ static const char *ifcap_bit_names[] = { IFCAP_TXTLS_RTLMT_NAME, IFCAP_RXTLS4_NAME, IFCAP_RXTLS6_NAME, + IFCAP_IPSEC_OFFLOAD_NAME, }; #ifdef IFCAP_B_SIZE diff --git a/sys/net/if_var.h b/sys/net/if_var.h index 1b9e158a1b29..3e094dcb3cd5 100644 --- a/sys/net/if_var.h +++ b/sys/net/if_var.h @@ -131,6 +131,23 @@ typedef void (*if_qflush_fn_t)(if_t); typedef int (*if_transmit_fn_t)(if_t, struct mbuf *); typedef uint64_t (*if_get_counter_t)(if_t, ift_counter); typedef void (*if_reassign_fn_t)(if_t, struct vnet *, char *); +typedef int (*if_spdadd_fn_t)(if_t, void *sp, void *inp, void **priv); +typedef int (*if_spddel_fn_t)(if_t, void *sp, void *priv); +typedef int (*if_sa_newkey_fn_t)(if_t ifp, void *sav, u_int drv_spi, + void **privp); +typedef int (*if_sa_deinstall_fn_t)(if_t ifp, u_int drv_spi, void *priv); +struct seclifetime; +#define IF_SA_CNT_UPD 0x80000000 +enum IF_SA_CNT_WHICH { + IF_SA_CNT_IFP_HW_VAL = 1, + IF_SA_CNT_TOTAL_SW_VAL, + IF_SA_CNT_TOTAL_HW_VAL, + IF_SA_CNT_IFP_HW_UPD = IF_SA_CNT_IFP_HW_VAL | IF_SA_CNT_UPD, + IF_SA_CNT_TOTAL_SW_UPD = IF_SA_CNT_TOTAL_SW_VAL | IF_SA_CNT_UPD, + IF_SA_CNT_TOTAL_HW_UPD = IF_SA_CNT_TOTAL_HW_VAL | IF_SA_CNT_UPD, +}; +typedef int (*if_sa_cnt_fn_t)(if_t ifp, void *sa, + uint32_t drv_spi, void *priv, struct seclifetime *lt); struct ifnet_hw_tsomax { u_int tsomaxbytes; /* TSO total burst length limit in bytes */ @@ -700,6 +717,19 @@ void if_setdebugnet_methods(if_t, struct debugnet_methods *); void if_setreassignfn(if_t ifp, if_reassign_fn_t); void if_setratelimitqueryfn(if_t ifp, if_ratelimit_query_t); +/* + * NB: The interface is not yet stable, drivers implementing IPSEC + * offload need to be prepared to adapt to changes. + */ +struct if_ipsec_accel_methods { + if_spdadd_fn_t if_spdadd; + if_spddel_fn_t if_spddel; + if_sa_newkey_fn_t if_sa_newkey; + if_sa_deinstall_fn_t if_sa_deinstall; + if_sa_cnt_fn_t if_sa_cnt; +}; +void if_setipsec_accel_methods(if_t ifp, const struct if_ipsec_accel_methods *); + /* TSO */ void if_hw_tsomax_common(if_t ifp, struct ifnet_hw_tsomax *); int if_hw_tsomax_update(if_t ifp, struct ifnet_hw_tsomax *);