[next-queue,04/10] ixgbe: add ipsec data structures

Message ID	1512452116-14795-5-git-send-email-shannon.nelson@oracle.com
State	Awaiting Upstream, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Shannon Nelson <shannon.nelson@oracle.com> To: intel-wired-lan@lists.osuosl.org, jeffrey.t.kirsher@intel.com Cc: steffen.klassert@secunet.com, sowmini.varadhan@oracle.com, netdev@vger.kernel.org Subject: [next-queue 04/10] ixgbe: add ipsec data structures Date: Mon, 4 Dec 2017 21:35:10 -0800 Message-Id: <1512452116-14795-5-git-send-email-shannon.nelson@oracle.com> In-Reply-To: <1512452116-14795-1-git-send-email-shannon.nelson@oracle.com> References: <1512452116-14795-1-git-send-email-shannon.nelson@oracle.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	ixgbe: Add ipsec offload \| expand [next-queue,00/10] ixgbe: Add ipsec offload [next-queue,01/10] ixgbe: clean up ipsec defines [next-queue,02/10] ixgbe: add ipsec register access routines [next-queue,03/10] ixgbe: add ipsec engine start and stop routines [next-queue,04/10] ixgbe: add ipsec data structures [next-queue,05/10] ixgbe: implement ipsec add and remove of offloaded SA [next-queue,06/10] ixgbe: restore offloaded SAs after a reset [next-queue,07/10] ixgbe: process the Rx ipsec offload [next-queue,08/10] ixgbe: process the Tx ipsec offload [next-queue,09/10] ixgbe: ipsec offload stats [next-queue,10/10] ixgbe: register ipsec offload with the xfrm subsystem

Message ID

1512452116-14795-5-git-send-email-shannon.nelson@oracle.com

State

Awaiting Upstream, archived

Delegated to:

David Miller

Headers

From: Shannon Nelson <shannon.nelson@oracle.com>
To: intel-wired-lan@lists.osuosl.org, jeffrey.t.kirsher@intel.com
Cc: steffen.klassert@secunet.com, sowmini.varadhan@oracle.com,
	netdev@vger.kernel.org
Subject: [next-queue 04/10] ixgbe: add ipsec data structures
Date: Mon,  4 Dec 2017 21:35:10 -0800
Message-Id: <1512452116-14795-5-git-send-email-shannon.nelson@oracle.com>
In-Reply-To: <1512452116-14795-1-git-send-email-shannon.nelson@oracle.com>
References: <1512452116-14795-1-git-send-email-shannon.nelson@oracle.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

ixgbe: Add ipsec offload | expand

Commit Message

Shannon Nelson Dec. 5, 2017, 5:35 a.m. UTC

Set up the data structures to be used by the ipsec offload.

Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
---
 drivers/net/ethernet/intel/ixgbe/ixgbe.h       |  5 ++++
 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h | 40 ++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

Comments

Alexander H Duyck Dec. 5, 2017, 5:03 p.m. UTC | #1

On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson
<shannon.nelson@oracle.com> wrote:
> Set up the data structures to be used by the ipsec offload.
>
> Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
> ---
>  drivers/net/ethernet/intel/ixgbe/ixgbe.h       |  5 ++++
>  drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h | 40 ++++++++++++++++++++++++++
>  2 files changed, 45 insertions(+)
>
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> index 1e11462..9487750 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> @@ -622,6 +622,7 @@ struct ixgbe_adapter {
>  #define IXGBE_FLAG2_EEE_CAPABLE                        BIT(14)
>  #define IXGBE_FLAG2_EEE_ENABLED                        BIT(15)
>  #define IXGBE_FLAG2_RX_LEGACY                  BIT(16)
> +#define IXGBE_FLAG2_IPSEC_ENABLED              BIT(17)
>
>         /* Tx fast path data */
>         int num_tx_queues;
> @@ -772,6 +773,10 @@ struct ixgbe_adapter {
>
>  #define IXGBE_RSS_KEY_SIZE     40  /* size of RSS Hash Key in bytes */
>         u32 *rss_key;
> +
> +#ifdef CONFIG_XFRM
> +       struct ixgbe_ipsec *ipsec;
> +#endif /* CONFIG_XFRM */
>  };
>
>  static inline u8 ixgbe_max_rss_indices(struct ixgbe_adapter *adapter)
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
> index 017b13f..cb9a4be 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
> @@ -47,4 +47,44 @@
>  #define IXGBE_RXMOD_DECRYPT            0x00000008
>  #define IXGBE_RXMOD_IPV6               0x00000010
>
> +struct rx_sa {
> +       struct hlist_node hlist;
> +       struct xfrm_state *xs;
> +       u32 ipaddr[4];

ipaddr should be stored as a __be32, not a u32.

> +       u32 key[4];
> +       u32 salt;
> +       u32 mode;
> +       u8  iptbl_ind;
> +       bool used;
> +       bool decrypt;
> +};
> +
> +struct rx_ip_sa {
> +       u32 ipaddr[4];

Same thing here.

> +       u32 ref_cnt;
> +       bool used;
> +};
> +
> +struct tx_sa {
> +       struct xfrm_state *xs;
> +       u32 key[4];
> +       u32 salt;
> +       bool encrypt;
> +       bool used;
> +};
> +
> +struct ixgbe_ipsec_tx_data {
> +       u32 flags;
> +       u16 trailer_len;
> +       u16 sa_idx;
> +};
> +
> +struct ixgbe_ipsec {
> +       u16 num_rx_sa;
> +       u16 num_tx_sa;
> +       struct rx_ip_sa *ip_tbl;
> +       struct rx_sa *rx_tbl;
> +       struct tx_sa *tx_tbl;
> +       DECLARE_HASHTABLE(rx_sa_list, 8);

The hash table seems a bit on the small side. You might look at
increasing this to something like 32 in order to try and cut down on
the load in each bucket since the upper limit is 1K or so isn't it?

> +};
>  #endif /* _IXGBE_IPSEC_H_ */
> --
> 2.7.4
>
> _______________________________________________
> Intel-wired-lan mailing list
> Intel-wired-lan@osuosl.org
> https://lists.osuosl.org/mailman/listinfo/intel-wired-lan

Shannon Nelson Dec. 7, 2017, 5:43 a.m. UTC | #2

On 12/5/2017 9:03 AM, Alexander Duyck wrote:
> On Mon, Dec 4, 2017 at 9:35 PM, Shannon Nelson
> <shannon.nelson@oracle.com> wrote:
>> Set up the data structures to be used by the ipsec offload.
>>
>> Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
>> ---
>>   drivers/net/ethernet/intel/ixgbe/ixgbe.h       |  5 ++++
>>   drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h | 40 ++++++++++++++++++++++++++
>>   2 files changed, 45 insertions(+)
>>
>> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
>> index 1e11462..9487750 100644
>> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
>> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
>> @@ -622,6 +622,7 @@ struct ixgbe_adapter {
>>   #define IXGBE_FLAG2_EEE_CAPABLE                        BIT(14)
>>   #define IXGBE_FLAG2_EEE_ENABLED                        BIT(15)
>>   #define IXGBE_FLAG2_RX_LEGACY                  BIT(16)
>> +#define IXGBE_FLAG2_IPSEC_ENABLED              BIT(17)
>>
>>          /* Tx fast path data */
>>          int num_tx_queues;
>> @@ -772,6 +773,10 @@ struct ixgbe_adapter {
>>
>>   #define IXGBE_RSS_KEY_SIZE     40  /* size of RSS Hash Key in bytes */
>>          u32 *rss_key;
>> +
>> +#ifdef CONFIG_XFRM
>> +       struct ixgbe_ipsec *ipsec;
>> +#endif /* CONFIG_XFRM */
>>   };
>>
>>   static inline u8 ixgbe_max_rss_indices(struct ixgbe_adapter *adapter)
>> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
>> index 017b13f..cb9a4be 100644
>> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
>> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
>> @@ -47,4 +47,44 @@
>>   #define IXGBE_RXMOD_DECRYPT            0x00000008
>>   #define IXGBE_RXMOD_IPV6               0x00000010
>>
>> +struct rx_sa {
>> +       struct hlist_node hlist;
>> +       struct xfrm_state *xs;
>> +       u32 ipaddr[4];
> 
> ipaddr should be stored as a __be32, not a u32.

Yep

> 
>> +       u32 key[4];
>> +       u32 salt;
>> +       u32 mode;
>> +       u8  iptbl_ind;
>> +       bool used;
>> +       bool decrypt;
>> +};
>> +
>> +struct rx_ip_sa {
>> +       u32 ipaddr[4];
> 
> Same thing here.

Yep

> 
>> +       u32 ref_cnt;
>> +       bool used;
>> +};
>> +
>> +struct tx_sa {
>> +       struct xfrm_state *xs;
>> +       u32 key[4];
>> +       u32 salt;
>> +       bool encrypt;
>> +       bool used;
>> +};
>> +
>> +struct ixgbe_ipsec_tx_data {
>> +       u32 flags;
>> +       u16 trailer_len;
>> +       u16 sa_idx;
>> +};
>> +
>> +struct ixgbe_ipsec {
>> +       u16 num_rx_sa;
>> +       u16 num_tx_sa;
>> +       struct rx_ip_sa *ip_tbl;
>> +       struct rx_sa *rx_tbl;
>> +       struct tx_sa *tx_tbl;
>> +       DECLARE_HASHTABLE(rx_sa_list, 8);
> 
> The hash table seems a bit on the small side. You might look at
> increasing this to something like 32 in order to try and cut down on
> the load in each bucket since the upper limit is 1K or so isn't it?

I probably can - didn't want to use too much memory real estate if not 
really needed.  I did a little perf timing with a mostly full table and 
didn't see much degradation.  Maybe boost it to 16?

sln

> 
>> +};
>>   #endif /* _IXGBE_IPSEC_H_ */
>> --
>> 2.7.4
>>
>> _______________________________________________
>> Intel-wired-lan mailing list
>> Intel-wired-lan@osuosl.org
>> https://lists.osuosl.org/mailman/listinfo/intel-wired-lan

diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 1e11462..9487750 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -622,6 +622,7 @@  struct ixgbe_adapter {
 #define IXGBE_FLAG2_EEE_CAPABLE			BIT(14)
 #define IXGBE_FLAG2_EEE_ENABLED			BIT(15)
 #define IXGBE_FLAG2_RX_LEGACY			BIT(16)
+#define IXGBE_FLAG2_IPSEC_ENABLED		BIT(17)
 
 	/* Tx fast path data */
 	int num_tx_queues;
@@ -772,6 +773,10 @@  struct ixgbe_adapter {
 
 #define IXGBE_RSS_KEY_SIZE     40  /* size of RSS Hash Key in bytes */
 	u32 *rss_key;
+
+#ifdef CONFIG_XFRM
+	struct ixgbe_ipsec *ipsec;
+#endif /* CONFIG_XFRM */
 };
 
 static inline u8 ixgbe_max_rss_indices(struct ixgbe_adapter *adapter)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
index 017b13f..cb9a4be 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.h
@@ -47,4 +47,44 @@ 
 #define IXGBE_RXMOD_DECRYPT		0x00000008
 #define IXGBE_RXMOD_IPV6		0x00000010
 
+struct rx_sa {
+	struct hlist_node hlist;
+	struct xfrm_state *xs;
+	u32 ipaddr[4];
+	u32 key[4];
+	u32 salt;
+	u32 mode;
+	u8  iptbl_ind;
+	bool used;
+	bool decrypt;
+};
+
+struct rx_ip_sa {
+	u32 ipaddr[4];
+	u32 ref_cnt;
+	bool used;
+};
+
+struct tx_sa {
+	struct xfrm_state *xs;
+	u32 key[4];
+	u32 salt;
+	bool encrypt;
+	bool used;
+};
+
+struct ixgbe_ipsec_tx_data {
+	u32 flags;
+	u16 trailer_len;
+	u16 sa_idx;
+};
+
+struct ixgbe_ipsec {
+	u16 num_rx_sa;
+	u16 num_tx_sa;
+	struct rx_ip_sa *ip_tbl;
+	struct rx_sa *rx_tbl;
+	struct tx_sa *tx_tbl;
+	DECLARE_HASHTABLE(rx_sa_list, 8);
+};
 #endif /* _IXGBE_IPSEC_H_ */

[next-queue,04/10] ixgbe: add ipsec data structures

Commit Message

Comments

Patch