diff options
author | Raed Salem <raeds@mellanox.com> | 2020-01-29 18:15:15 +0200 |
---|---|---|
committer | Saeed Mahameed <saeedm@mellanox.com> | 2020-07-16 16:36:44 -0700 |
commit | 2d64663cd55972d3915a9efb8d7087e1aeeda17e (patch) | |
tree | 870c87c3c0f71ec2a157acf0019c020178ddee77 /drivers/net/ethernet/mellanox/mlx5/core/fw.c | |
parent | 9a6ad1ad71fbc5a52617e016a3608d71b91f62e8 (diff) |
net/mlx5: IPsec: Add HW crypto offload support
This patch adds support for Connect-X IPsec crypto offload
by implementing the IPsec acceleration layer needed routines,
which delegates IPsec offloads to Connect-X routines.
In Connect-X IPsec, a Security Association (SA) is added or deleted
via allocating a HW context of an encryption/decryption key and
a HW context of a matching SA (IPsec object).
The Security Policy (SP) is added or deleted by creating matching Tx/Rx
steering rules whith an action of encryption/decryption respectively,
executed using the previously allocated SA HW context.
When new xfrm state (SA) is added:
- Use a separate crypto key HW context.
- Create a separate IPsec context in HW to inlcude the SA properties:
- aes-gcm salt.
- ICV properties (ICV length, implicit IV).
- on supported devices also update ESN.
- associate the allocated crypto key with this IPsec context.
Introduce a new compilation flag MLX5_IPSEC for it.
Downstream patches will implement the Rx,Tx steering
and will add the update esn.
Signed-off-by: Raed Salem <raeds@mellanox.com>
Signed-off-by: Huy Nguyen <huyn@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Diffstat (limited to 'drivers/net/ethernet/mellanox/mlx5/core/fw.c')
-rw-r--r-- | drivers/net/ethernet/mellanox/mlx5/core/fw.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fw.c b/drivers/net/ethernet/mellanox/mlx5/core/fw.c index c3095863372c..02558ac2ace6 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/fw.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/fw.c @@ -250,6 +250,12 @@ int mlx5_query_hca_caps(struct mlx5_core_dev *dev) return err; } + if (MLX5_CAP_GEN(dev, ipsec_offload)) { + err = mlx5_core_get_caps(dev, MLX5_CAP_IPSEC); + if (err) + return err; + } + return 0; } |