drivers/net/netdevsim/ipsec.c
Source file repositories/reference/linux-study-clean/drivers/net/netdevsim/ipsec.c
File Facts
- System
- Linux kernel
- Corpus path
drivers/net/netdevsim/ipsec.c- Extension
.c- Size
- 7270 bytes
- Lines
- 297
- Domain
- Driver Families
- Bucket
- drivers/net
- Inferred role
- Driver Families: operation-table or driver-model contract
- Status
- pattern implementation candidate
Why This File Exists
Repeatable hardware-adapter layer. Deep compatibility for every driver is out of scope; this atlas records patterns, probe lifecycles, bus glue, IRQ/DMA usage, and links back to core abstractions.
- Repeatable hardware-adapter layer. Deep compatibility for every driver is out of scope; this atlas records patterns, probe lifecycles, bus glue, IRQ/DMA usage, and links back to core abstractions.
- Defines an operation table; this is where Linux turns generic core objects into subsystem-specific behavior.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
crypto/aead.hlinux/debugfs.hnet/xfrm.hnetdevsim.h
Detected Declarations
function nsim_dbg_netdev_ops_readfunction nsim_ipsec_find_empty_idxfunction nsim_ipsec_parse_proto_keysfunction nsim_ipsec_add_safunction nsim_ipsec_del_safunction nsim_ipsec_txfunction nsim_ipsec_initfunction nsim_ipsec_teardown
Annotated Snippet
static const struct file_operations ipsec_dbg_fops = {
.owner = THIS_MODULE,
.open = simple_open,
.read = nsim_dbg_netdev_ops_read,
};
static int nsim_ipsec_find_empty_idx(struct nsim_ipsec *ipsec)
{
u32 i;
if (ipsec->count == NSIM_IPSEC_MAX_SA_COUNT)
return -ENOSPC;
/* search sa table */
for (i = 0; i < NSIM_IPSEC_MAX_SA_COUNT; i++) {
if (!ipsec->sa[i].used)
return i;
}
return -ENOSPC;
}
static int nsim_ipsec_parse_proto_keys(struct net_device *dev,
struct xfrm_state *xs,
u32 *mykey, u32 *mysalt)
{
const char aes_gcm_name[] = "rfc4106(gcm(aes))";
unsigned char *key_data;
char *alg_name = NULL;
int key_len;
if (!xs->aead) {
netdev_err(dev, "Unsupported IPsec algorithm\n");
return -EINVAL;
}
if (xs->aead->alg_icv_len != NSIM_IPSEC_AUTH_BITS) {
netdev_err(dev, "IPsec offload requires %d bit authentication\n",
NSIM_IPSEC_AUTH_BITS);
return -EINVAL;
}
key_data = &xs->aead->alg_key[0];
key_len = xs->aead->alg_key_len;
alg_name = xs->aead->alg_name;
if (strcmp(alg_name, aes_gcm_name)) {
netdev_err(dev, "Unsupported IPsec algorithm - please use %s\n",
aes_gcm_name);
return -EINVAL;
}
/* 160 accounts for 16 byte key and 4 byte salt */
if (key_len > NSIM_IPSEC_AUTH_BITS) {
*mysalt = ((u32 *)key_data)[4];
} else if (key_len == NSIM_IPSEC_AUTH_BITS) {
*mysalt = 0;
} else {
netdev_err(dev, "IPsec hw offload only supports 128 bit keys with optional 32 bit salt\n");
return -EINVAL;
}
memcpy(mykey, key_data, 16);
return 0;
}
static int nsim_ipsec_add_sa(struct net_device *dev,
struct xfrm_state *xs,
struct netlink_ext_ack *extack)
{
struct nsim_ipsec *ipsec;
struct netdevsim *ns;
struct nsim_sa sa;
u16 sa_idx;
int ret;
ns = netdev_priv(dev);
ipsec = &ns->ipsec;
if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for ipsec offload");
return -EINVAL;
}
if (xs->calg) {
NL_SET_ERR_MSG_MOD(extack, "Compression offload not supported");
return -EINVAL;
}
if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
Annotation
- Immediate include surface: `crypto/aead.h`, `linux/debugfs.h`, `net/xfrm.h`, `netdevsim.h`.
- Detected declarations: `function nsim_dbg_netdev_ops_read`, `function nsim_ipsec_find_empty_idx`, `function nsim_ipsec_parse_proto_keys`, `function nsim_ipsec_add_sa`, `function nsim_ipsec_del_sa`, `function nsim_ipsec_tx`, `function nsim_ipsec_init`, `function nsim_ipsec_teardown`.
- Atlas domain: Driver Families / drivers/net.
- Implementation status: pattern implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.