Commit 56ab0b38 authored by Matan Barak's avatar Matan Barak Committed by Jason Gunthorpe

IB/uverbs: Introduce ESP steering match filter

Adding a new ESP steering match filter that could match against
spi and seq used in IPSec protocol.
Reviewed-by: default avatarYishai Hadas <yishaih@mellanox.com>
Signed-off-by: default avatarMatan Barak <matanb@mellanox.com>
Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
parent 7d12f8d5
...@@ -257,6 +257,7 @@ struct ib_uverbs_flow_spec { ...@@ -257,6 +257,7 @@ struct ib_uverbs_flow_spec {
}; };
struct ib_uverbs_flow_spec_eth eth; struct ib_uverbs_flow_spec_eth eth;
struct ib_uverbs_flow_spec_ipv4 ipv4; struct ib_uverbs_flow_spec_ipv4 ipv4;
struct ib_uverbs_flow_spec_esp esp;
struct ib_uverbs_flow_spec_tcp_udp tcp_udp; struct ib_uverbs_flow_spec_tcp_udp tcp_udp;
struct ib_uverbs_flow_spec_ipv6 ipv6; struct ib_uverbs_flow_spec_ipv6 ipv6;
struct ib_uverbs_flow_spec_action_tag flow_tag; struct ib_uverbs_flow_spec_action_tag flow_tag;
......
...@@ -2931,6 +2931,17 @@ int ib_uverbs_kern_spec_to_ib_spec_filter(enum ib_flow_spec_type type, ...@@ -2931,6 +2931,17 @@ int ib_uverbs_kern_spec_to_ib_spec_filter(enum ib_flow_spec_type type,
(ntohl(ib_spec->tunnel.val.tunnel_id)) >= BIT(24)) (ntohl(ib_spec->tunnel.val.tunnel_id)) >= BIT(24))
return -EINVAL; return -EINVAL;
break; break;
case IB_FLOW_SPEC_ESP:
ib_filter_sz = offsetof(struct ib_flow_esp_filter, real_sz);
actual_filter_sz = spec_filter_size(kern_spec_mask,
kern_filter_sz,
ib_filter_sz);
if (actual_filter_sz <= 0)
return -EINVAL;
ib_spec->esp.size = sizeof(struct ib_flow_spec_esp);
memcpy(&ib_spec->esp.val, kern_spec_val, actual_filter_sz);
memcpy(&ib_spec->esp.mask, kern_spec_mask, actual_filter_sz);
break;
default: default:
return -EINVAL; return -EINVAL;
} }
......
...@@ -1828,6 +1828,7 @@ enum ib_flow_spec_type { ...@@ -1828,6 +1828,7 @@ enum ib_flow_spec_type {
/* L3 header*/ /* L3 header*/
IB_FLOW_SPEC_IPV4 = 0x30, IB_FLOW_SPEC_IPV4 = 0x30,
IB_FLOW_SPEC_IPV6 = 0x31, IB_FLOW_SPEC_IPV6 = 0x31,
IB_FLOW_SPEC_ESP = 0x34,
/* L4 headers*/ /* L4 headers*/
IB_FLOW_SPEC_TCP = 0x40, IB_FLOW_SPEC_TCP = 0x40,
IB_FLOW_SPEC_UDP = 0x41, IB_FLOW_SPEC_UDP = 0x41,
...@@ -1960,6 +1961,20 @@ struct ib_flow_spec_tunnel { ...@@ -1960,6 +1961,20 @@ struct ib_flow_spec_tunnel {
struct ib_flow_tunnel_filter mask; struct ib_flow_tunnel_filter mask;
}; };
struct ib_flow_esp_filter {
__be32 spi;
__be32 seq;
/* Must be last */
u8 real_sz[0];
};
struct ib_flow_spec_esp {
u32 type;
u16 size;
struct ib_flow_esp_filter val;
struct ib_flow_esp_filter mask;
};
struct ib_flow_spec_action_tag { struct ib_flow_spec_action_tag {
enum ib_flow_spec_type type; enum ib_flow_spec_type type;
u16 size; u16 size;
...@@ -1988,6 +2003,7 @@ union ib_flow_spec { ...@@ -1988,6 +2003,7 @@ union ib_flow_spec {
struct ib_flow_spec_tcp_udp tcp_udp; struct ib_flow_spec_tcp_udp tcp_udp;
struct ib_flow_spec_ipv6 ipv6; struct ib_flow_spec_ipv6 ipv6;
struct ib_flow_spec_tunnel tunnel; struct ib_flow_spec_tunnel tunnel;
struct ib_flow_spec_esp esp;
struct ib_flow_spec_action_tag flow_tag; struct ib_flow_spec_action_tag flow_tag;
struct ib_flow_spec_action_drop drop; struct ib_flow_spec_action_drop drop;
struct ib_flow_spec_action_handle action; struct ib_flow_spec_action_handle action;
......
...@@ -1014,6 +1014,24 @@ struct ib_uverbs_flow_spec_tunnel { ...@@ -1014,6 +1014,24 @@ struct ib_uverbs_flow_spec_tunnel {
struct ib_uverbs_flow_tunnel_filter mask; struct ib_uverbs_flow_tunnel_filter mask;
}; };
struct ib_uverbs_flow_spec_esp_filter {
__u32 spi;
__u32 seq;
};
struct ib_uverbs_flow_spec_esp {
union {
struct ib_uverbs_flow_spec_hdr hdr;
struct {
__u32 type;
__u16 size;
__u16 reserved;
};
};
struct ib_uverbs_flow_spec_esp_filter val;
struct ib_uverbs_flow_spec_esp_filter mask;
};
struct ib_uverbs_flow_attr { struct ib_uverbs_flow_attr {
__u32 type; __u32 type;
__u16 size; __u16 size;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment