PATH:
usr
/
src
/
kernels
/
5.14.0-611.54.3.el9_7.x86_64
/
include
/
net
/* SPDX-License-Identifier: GPL-2.0+ */ /* * MACsec netdev header, used for h/w accelerated implementations. * * Copyright (c) 2015 Sabrina Dubroca <sd@queasysnail.net> */ #ifndef _NET_MACSEC_H_ #define _NET_MACSEC_H_ #include <linux/u64_stats_sync.h> #include <linux/if_vlan.h> #include <uapi/linux/if_link.h> #include <uapi/linux/if_macsec.h> #include <linux/rh_kabi.h> #define MACSEC_DEFAULT_PN_LEN 4 #define MACSEC_XPN_PN_LEN 8 #define MACSEC_NUM_AN 4 /* 2 bits for the association number */ #define MACSEC_SCI_LEN 8 #define MACSEC_PORT_ES (htons(0x0001)) #define MACSEC_TCI_VERSION 0x80 #define MACSEC_TCI_ES 0x40 /* end station */ #define MACSEC_TCI_SC 0x20 /* SCI present */ #define MACSEC_TCI_SCB 0x10 /* epon */ #define MACSEC_TCI_E 0x08 /* encryption */ #define MACSEC_TCI_C 0x04 /* changed text */ #define MACSEC_AN_MASK 0x03 /* association number */ #define MACSEC_TCI_CONFID (MACSEC_TCI_E | MACSEC_TCI_C) #define MACSEC_DEFAULT_ICV_LEN 16 typedef u64 __bitwise sci_t; typedef u32 __bitwise ssci_t; struct metadata_dst; typedef union salt { struct { u32 ssci; u64 pn; } __packed; u8 bytes[MACSEC_SALT_LEN]; } __packed salt_t; typedef union pn { struct { #if defined(__LITTLE_ENDIAN_BITFIELD) u32 lower; u32 upper; #elif defined(__BIG_ENDIAN_BITFIELD) u32 upper; u32 lower; #else #error "Please fix <asm/byteorder.h>" #endif }; u64 full64; } pn_t; /** * struct macsec_key - SA key * @id: user-provided key identifier * @tfm: crypto struct, key storage * @salt: salt used to generate IV in XPN cipher suites */ struct macsec_key { u8 id[MACSEC_KEYID_LEN]; struct crypto_aead *tfm; salt_t salt; }; struct macsec_rx_sc_stats { __u64 InOctetsValidated; __u64 InOctetsDecrypted; __u64 InPktsUnchecked; __u64 InPktsDelayed; __u64 InPktsOK; __u64 InPktsInvalid; __u64 InPktsLate; __u64 InPktsNotValid; __u64 InPktsNotUsingSA; __u64 InPktsUnusedSA; }; struct macsec_rx_sa_stats { __u32 InPktsOK; __u32 InPktsInvalid; __u32 InPktsNotValid; __u32 InPktsNotUsingSA; __u32 InPktsUnusedSA; }; struct macsec_tx_sa_stats { __u32 OutPktsProtected; __u32 OutPktsEncrypted; }; struct macsec_tx_sc_stats { __u64 OutPktsProtected; __u64 OutPktsEncrypted; __u64 OutOctetsProtected; __u64 OutOctetsEncrypted; }; struct macsec_dev_stats { __u64 OutPktsUntagged; __u64 InPktsUntagged; __u64 OutPktsTooLong; __u64 InPktsNoTag; __u64 InPktsBadTag; __u64 InPktsUnknownSCI; __u64 InPktsNoSCI; __u64 InPktsOverrun; }; /** * struct macsec_rx_sa - receive secure association * @active: * @next_pn: packet number expected for the next packet * @lock: protects next_pn manipulations * @key: key structure * @ssci: short secure channel identifier * @stats: per-SA stats */ struct macsec_rx_sa { struct macsec_key key; ssci_t ssci; spinlock_t lock; union { pn_t next_pn_halves; u64 next_pn; }; refcount_t refcnt; bool active; struct macsec_rx_sa_stats __percpu *stats; struct macsec_rx_sc *sc; struct rcu_head rcu; }; struct pcpu_rx_sc_stats { struct macsec_rx_sc_stats stats; struct u64_stats_sync syncp; }; struct pcpu_tx_sc_stats { struct macsec_tx_sc_stats stats; struct u64_stats_sync syncp; }; /** * struct macsec_rx_sc - receive secure channel * @sci: secure channel identifier for this SC * @active: channel is active * @sa: array of secure associations * @stats: per-SC stats */ struct macsec_rx_sc { struct macsec_rx_sc __rcu *next; sci_t sci; bool active; struct macsec_rx_sa __rcu *sa[MACSEC_NUM_AN]; struct pcpu_rx_sc_stats __percpu *stats; refcount_t refcnt; struct rcu_head rcu_head; }; /** * struct macsec_tx_sa - transmit secure association * @active: * @next_pn: packet number to use for the next packet * @lock: protects next_pn manipulations * @key: key structure * @ssci: short secure channel identifier * @stats: per-SA stats */ struct macsec_tx_sa { struct macsec_key key; ssci_t ssci; spinlock_t lock; union { pn_t next_pn_halves; u64 next_pn; }; refcount_t refcnt; bool active; struct macsec_tx_sa_stats __percpu *stats; struct rcu_head rcu; }; /** * struct macsec_tx_sc - transmit secure channel * @active: * @encoding_sa: association number of the SA currently in use * @encrypt: encrypt packets on transmit, or authenticate only * @send_sci: always include the SCI in the SecTAG * @end_station: * @scb: single copy broadcast flag * @sa: array of secure associations * @stats: stats for this TXSC * @md_dst: MACsec offload metadata dst */ struct macsec_tx_sc { bool active; u8 encoding_sa; bool encrypt; bool send_sci; bool end_station; bool scb; struct macsec_tx_sa __rcu *sa[MACSEC_NUM_AN]; struct pcpu_tx_sc_stats __percpu *stats; struct metadata_dst *md_dst; }; /** * struct macsec_secy - MACsec Security Entity * @netdev: netdevice for this SecY * @n_rx_sc: number of receive secure channels configured on this SecY * @sci: secure channel identifier used for tx * @key_len: length of keys used by the cipher suite * @icv_len: length of ICV used by the cipher suite * @validate_frames: validation mode * @xpn: enable XPN for this SecY * @operational: MAC_Operational flag * @protect_frames: enable protection for this SecY * @replay_protect: enable packet number checks on receive * @replay_window: size of the replay window * @tx_sc: transmit secure channel * @rx_sc: linked list of receive secure channels */ struct macsec_secy { struct net_device *netdev; unsigned int n_rx_sc; sci_t sci; u16 key_len; u16 icv_len; enum macsec_validation_type validate_frames; bool xpn; bool operational; bool protect_frames; bool replay_protect; u32 replay_window; struct macsec_tx_sc tx_sc; struct macsec_rx_sc __rcu *rx_sc; }; /** * struct macsec_context - MACsec context for hardware offloading * @netdev: a valid pointer to a struct net_device if @offload == * MACSEC_OFFLOAD_MAC * @phydev: a valid pointer to a struct phy_device if @offload == * MACSEC_OFFLOAD_PHY * @offload: MACsec offload status * @secy: pointer to a MACsec SecY * @rx_sc: pointer to a RX SC * @update_pn: when updating the SA, update the next PN * @assoc_num: association number of the target SA * @key: key of the target SA * @rx_sa: pointer to an RX SA if a RX SA is added/updated/removed * @tx_sa: pointer to an TX SA if a TX SA is added/updated/removed * @tx_sc_stats: pointer to TX SC stats structure * @tx_sa_stats: pointer to TX SA stats structure * @rx_sc_stats: pointer to RX SC stats structure * @rx_sa_stats: pointer to RX SA stats structure * @dev_stats: pointer to dev stats structure */ struct macsec_context { union { struct net_device *netdev; struct phy_device *phydev; }; enum macsec_offload offload; struct macsec_secy *secy; struct macsec_rx_sc *rx_sc; struct { bool update_pn; unsigned char assoc_num; u8 key[MACSEC_MAX_KEY_LEN]; union { struct macsec_rx_sa *rx_sa; struct macsec_tx_sa *tx_sa; }; } sa; union { struct macsec_tx_sc_stats *tx_sc_stats; struct macsec_tx_sa_stats *tx_sa_stats; struct macsec_rx_sc_stats *rx_sc_stats; struct macsec_rx_sa_stats *rx_sa_stats; struct macsec_dev_stats *dev_stats; } stats; }; /** * struct macsec_ops - MACsec offloading operations * @mdo_dev_open: called when the MACsec interface transitions to the up state * @mdo_dev_stop: called when the MACsec interface transitions to the down * state * @mdo_add_secy: called when a new SecY is added * @mdo_upd_secy: called when the SecY flags are changed or the MAC address of * the MACsec interface is changed * @mdo_del_secy: called when the hw offload is disabled or the MACsec * interface is removed * @mdo_add_rxsc: called when a new RX SC is added * @mdo_upd_rxsc: called when a certain RX SC is updated * @mdo_del_rxsc: called when a certain RX SC is removed * @mdo_add_rxsa: called when a new RX SA is added * @mdo_upd_rxsa: called when a certain RX SA is updated * @mdo_del_rxsa: called when a certain RX SA is removed * @mdo_add_txsa: called when a new TX SA is added * @mdo_upd_txsa: called when a certain TX SA is updated * @mdo_del_txsa: called when a certain TX SA is removed * @mdo_get_dev_stats: called when dev stats are read * @mdo_get_tx_sc_stats: called when TX SC stats are read * @mdo_get_tx_sa_stats: called when TX SA stats are read * @mdo_get_rx_sc_stats: called when RX SC stats are read * @mdo_get_rx_sa_stats: called when RX SA stats are read * @rx_uses_md_dst: whether MACsec device offload supports sk_buff md_dst */ struct macsec_ops { /* Device wide */ int (*mdo_dev_open)(struct macsec_context *ctx); int (*mdo_dev_stop)(struct macsec_context *ctx); /* SecY */ int (*mdo_add_secy)(struct macsec_context *ctx); int (*mdo_upd_secy)(struct macsec_context *ctx); int (*mdo_del_secy)(struct macsec_context *ctx); /* Security channels */ int (*mdo_add_rxsc)(struct macsec_context *ctx); int (*mdo_upd_rxsc)(struct macsec_context *ctx); int (*mdo_del_rxsc)(struct macsec_context *ctx); /* Security associations */ int (*mdo_add_rxsa)(struct macsec_context *ctx); int (*mdo_upd_rxsa)(struct macsec_context *ctx); int (*mdo_del_rxsa)(struct macsec_context *ctx); int (*mdo_add_txsa)(struct macsec_context *ctx); int (*mdo_upd_txsa)(struct macsec_context *ctx); int (*mdo_del_txsa)(struct macsec_context *ctx); /* Statistics */ int (*mdo_get_dev_stats)(struct macsec_context *ctx); int (*mdo_get_tx_sc_stats)(struct macsec_context *ctx); int (*mdo_get_tx_sa_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sc_stats)(struct macsec_context *ctx); int (*mdo_get_rx_sa_stats)(struct macsec_context *ctx); bool rx_uses_md_dst; RH_KABI_RESERVE(1) RH_KABI_RESERVE(2) RH_KABI_RESERVE(3) RH_KABI_RESERVE(4) }; void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa); static inline bool macsec_send_sci(const struct macsec_secy *secy) { const struct macsec_tx_sc *tx_sc = &secy->tx_sc; return tx_sc->send_sci || (secy->n_rx_sc > 1 && !tx_sc->end_station && !tx_sc->scb); } struct net_device *macsec_get_real_dev(const struct net_device *dev); bool macsec_netdev_is_offloaded(struct net_device *dev); static inline void *macsec_netdev_priv(const struct net_device *dev) { #if IS_ENABLED(CONFIG_VLAN_8021Q) if (is_vlan_dev(dev)) return netdev_priv(vlan_dev_priv(dev)->real_dev); #endif return netdev_priv(dev); } static inline u64 sci_to_cpu(sci_t sci) { return be64_to_cpu((__force __be64)sci); } #endif /* _NET_MACSEC_H_ */
[+]
..
[-] ipcomp.h
[edit]
[-] mac80211.h
[edit]
[-] switchdev.h
[edit]
[-] psample.h
[edit]
[-] xdp_sock.h
[edit]
[-] xdp.h
[edit]
[-] llc_c_ac.h
[edit]
[-] af_ieee802154.h
[edit]
[-] hwbm.h
[edit]
[-] netrom.h
[edit]
[-] af_rxrpc.h
[edit]
[-] xsk_buff_pool.h
[edit]
[-] bonding.h
[edit]
[+]
page_pool
[-] nl802154.h
[edit]
[-] fq_impl.h
[edit]
[-] dropreason-core.h
[edit]
[-] rsi_91x.h
[edit]
[+]
netfilter
[-] codel_impl.h
[edit]
[-] calipso.h
[edit]
[-] llc_sap.h
[edit]
[+]
caif
[-] xdp_priv.h
[edit]
[-] af_unix.h
[edit]
[-] rtnetlink.h
[edit]
[-] inet_common.h
[edit]
[-] if_inet6.h
[edit]
[-] ah.h
[edit]
[-] netevent.h
[edit]
[-] pkt_sched.h
[edit]
[-] route.h
[edit]
[-] ieee80211_radiotap.h
[edit]
[-] bond_options.h
[edit]
[-] l3mdev.h
[edit]
[-] devlink.h
[edit]
[-] fib_notifier.h
[edit]
[-] seg6.h
[edit]
[-] codel.h
[edit]
[-] act_api.h
[edit]
[-] inet6_hashtables.h
[edit]
[-] rstreason.h
[edit]
[-] ipconfig.h
[edit]
[-] pkt_cls.h
[edit]
[-] rawv6.h
[edit]
[-] ip.h
[edit]
[-] udplite.h
[edit]
[-] fq.h
[edit]
[-] dsa.h
[edit]
[-] gro.h
[edit]
[-] llc_c_ev.h
[edit]
[+]
netns
[-] timewait_sock.h
[edit]
[-] espintcp.h
[edit]
[-] llc_s_st.h
[edit]
[-] dst_metadata.h
[edit]
[-] wext.h
[edit]
[-] sock_reuseport.h
[edit]
[-] net_debug.h
[edit]
[+]
9p
[-] rtnh.h
[edit]
[-] tcp_states.h
[edit]
[-] inetpeer.h
[edit]
[-] flow_offload.h
[edit]
[-] x25.h
[edit]
[-] ieee802154_netdev.h
[edit]
[-] psnap.h
[edit]
[-] secure_seq.h
[edit]
[-] netlink.h
[edit]
[-] ipx.h
[edit]
[-] Space.h
[edit]
[-] eee.h
[edit]
[-] dn_dev.h
[edit]
[-] nsh.h
[edit]
[-] dsfield.h
[edit]
[-] mpls_iptunnel.h
[edit]
[-] datalink.h
[edit]
[-] llc_c_st.h
[edit]
[+]
nfc
[-] dst_cache.h
[edit]
[-] dn_route.h
[edit]
[-] mpls.h
[edit]
[-] xfrm.h
[edit]
[-] rose.h
[edit]
[-] vxlan.h
[edit]
[+]
bluetooth
[-] kcm.h
[edit]
[-] geneve.h
[edit]
[-] tun_proto.h
[edit]
[-] ipv6_frag.h
[edit]
[+]
mana
[-] fib_rules.h
[edit]
[-] udp_tunnel.h
[edit]
[-] rps.h
[edit]
[-] x25device.h
[edit]
[-] gue.h
[edit]
[-] busy_poll.h
[edit]
[-] tc_wrapper.h
[edit]
[-] ip6_route.h
[edit]
[-] icmp.h
[edit]
[-] bond_3ad.h
[edit]
[-] tls_prot.h
[edit]
[-] sock.h
[edit]
[-] ax88796.h
[edit]
[-] mrp.h
[edit]
[-] ip6_fib.h
[edit]
[-] red.h
[edit]
[-] ila.h
[edit]
[-] ip6_tunnel.h
[edit]
[-] pie.h
[edit]
[-] dropreason.h
[edit]
[-] ethoc.h
[edit]
[+]
tc_act
[-] bpf_sk_storage.h
[edit]
[-] dcbevent.h
[edit]
[-] regulatory.h
[edit]
[-] tls_toe.h
[edit]
[-] lapb.h
[edit]
[-] codel_qdisc.h
[edit]
[-] dn_fib.h
[edit]
[-] gtp.h
[edit]
[-] strparser.h
[edit]
[-] gre.h
[edit]
[-] ndisc.h
[edit]
[-] dn_nsp.h
[edit]
[-] ax25.h
[edit]
[-] inet_connection_sock.h
[edit]
[-] neighbour.h
[edit]
[-] af_vsock.h
[edit]
[-] seg6_local.h
[edit]
[-] llc_conn.h
[edit]
[-] llc.h
[edit]
[-] tls.h
[edit]
[-] pptp.h
[edit]
[+]
libeth
[-] failover.h
[edit]
[-] dst_ops.h
[edit]
[-] inet_dscp.h
[edit]
[-] dsa_stubs.h
[edit]
[-] mac802154.h
[edit]
[-] p8022.h
[edit]
[-] gro_cells.h
[edit]
[-] request_sock.h
[edit]
[-] atmclip.h
[edit]
[-] net_ratelimit.h
[edit]
[-] firewire.h
[edit]
[-] dst.h
[edit]
[-] tcx.h
[edit]
[-] rpl.h
[edit]
[-] tipc.h
[edit]
[-] ip_fib.h
[edit]
[-] snmp.h
[edit]
[-] tcp.h
[edit]
[+]
iucv
[-] nexthop.h
[edit]
[-] mptcp.h
[edit]
[-] netdev_queues.h
[edit]
[-] protocol.h
[edit]
[+]
sctp
[-] fou.h
[edit]
[-] inet_sock.h
[edit]
[-] bond_alb.h
[edit]
[-] ipv6.h
[edit]
[-] net_trackers.h
[edit]
[-] 6lowpan.h
[edit]
[-] mld.h
[edit]
[-] raw.h
[edit]
[-] netdev_rx_queue.h
[edit]
[-] garp.h
[edit]
[-] cfg80211-wext.h
[edit]
[-] checksum.h
[edit]
[-] llc_pdu.h
[edit]
[-] cfg80211.h
[edit]
[-] dn.h
[edit]
[-] udp.h
[edit]
[-] stp.h
[edit]
[-] flow.h
[edit]
[-] handshake.h
[edit]
[-] transp_v6.h
[edit]
[-] llc_s_ac.h
[edit]
[-] ip_vs.h
[edit]
[-] mip6.h
[edit]
[-] sch_generic.h
[edit]
[-] ip_tunnels.h
[edit]
[-] smc.h
[edit]
[-] xdp_sock_drv.h
[edit]
[-] inet6_connection_sock.h
[edit]
[-] dn_neigh.h
[edit]
[-] cipso_ipv4.h
[edit]
[-] vsock_addr.h
[edit]
[-] dcbnl.h
[edit]
[-] ife.h
[edit]
[-] lwtunnel.h
[edit]
[-] netlabel.h
[edit]
[-] compat.h
[edit]
[-] gen_stats.h
[edit]
[-] genetlink.h
[edit]
[-] net_shaper.h
[edit]
[-] inet_timewait_sock.h
[edit]
[-] cls_cgroup.h
[edit]
[-] llc_if.h
[edit]
[+]
phonet
[-] erspan.h
[edit]
[-] inet_frag.h
[edit]
[-] inet_ecn.h
[edit]
[-] bareudp.h
[edit]
[-] slhc_vj.h
[edit]
[-] seg6_hmac.h
[edit]
[-] inet_hashtables.h
[edit]
[-] llc_s_ev.h
[edit]
[-] gso.h
[edit]
[-] net_failover.h
[edit]
[-] iw_handler.h
[edit]
[-] selftests.h
[edit]
[-] addrconf.h
[edit]
[-] lag.h
[edit]
[-] esp.h
[edit]
[-] ping.h
[edit]
[-] net_namespace.h
[edit]
[-] ip6_checksum.h
[edit]
[-] macsec.h
[edit]
[-] scm.h
[edit]
[-] arp.h
[edit]
[-] tso.h
[edit]
[-] netprio_cgroup.h
[edit]
[-] ipv6_stubs.h
[edit]
[-] flow_dissector.h
[edit]
[-] cfg802154.h
[edit]
[-] ncsi.h
[edit]