From patchwork Fri Sep 29 02:08:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chaoyong He X-Patchwork-Id: 132174 X-Patchwork-Delegate: ferruh.yigit@amd.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BD3D642668; Fri, 29 Sep 2023 04:09:37 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 08FD540A8B; Fri, 29 Sep 2023 04:08:53 +0200 (CEST) Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2103.outbound.protection.outlook.com [40.107.220.103]) by mails.dpdk.org (Postfix) with ESMTP id 03BAE402EE for ; Fri, 29 Sep 2023 04:08:51 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jQVER+rQ75irziX9flHkKCgyS+r5wF89TyXRz6PxnachcoZUovSn0eYmGashbJ2qnno9y8OzUuCURDBJ1V39TZ4RXVBQ6jNrVF+IXUs03VYQY06TnJX3nrWhFjpQvWzpShawlmbKKqC7LNv1XjSQRJinB+S5dqsAITSabrv0WNjkGePzPTc4ccNQOVKeVQ4M6UbACytKBmamD9GJrOsF0L/5/IRipvFhb74IgpddChQ7XHoO3RS3+7zV5SEL+AXtCtbj/l3cJKOey4ScyvZ+Srxvh6BSkG0OM8sgwARbskgYnQg2X6SFzPFumjfQwbHQLar+joCr0+Zo5z5MOsTyIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FkpSVVw1+k7HsRCGkHUOYtnnSOG2Vk+IX5nnw/JnEq4=; b=l98oBA6X0hFGbZpkNKGQQ/nzrP2G/tLge8NA8Hh5VlcO3REq0+uKeAYl+3S1lbnQdtdI6tYLorSPFnpg2NED1hEAqhSrZ4lKroKmG9et3eAnYWp3FB2FUpLV801/cIO0RnorOf8lhqvs4oFJtoTzO3rv4IYUdZ3NsmhZY/HWNcPizIjTm3sv1fs2oMLDo7aZNoQqGn0ef2/GIRrRyvIQRa4ZzHiHp2jtZViyS01UBpXsNz0G47CgxieIIuJzKYDMhRyMkhikPgCjLPGlLefq5GdfZWTKS/cF8TEI/cc3xpRcWMRb0Wm9XwmBI+SMxaFqPvnJqdrHPcZsX49l24Osvw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=corigine.com; dmarc=pass action=none header.from=corigine.com; dkim=pass header.d=corigine.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corigine.onmicrosoft.com; s=selector2-corigine-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FkpSVVw1+k7HsRCGkHUOYtnnSOG2Vk+IX5nnw/JnEq4=; b=RZ4U+cguSkjjSYOfot3Xan1JkorHqmcLvdjiN0+sk9FxVEoKVSxxAi175wpL+8TP6F0T5Vr9bKiVLOt0yRPCDJZgGezBFKIM2nNtAwJi5h3UMCTQDA4+Z/l2tg5weqmaPTIV6b+iVxw7JQKAuENZ8lr3i6wdxU16RUQPI5wN+Nc= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=corigine.com; Received: from SJ0PR13MB5545.namprd13.prod.outlook.com (2603:10b6:a03:424::5) by CO3PR13MB5687.namprd13.prod.outlook.com (2603:10b6:303:17a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.19; Fri, 29 Sep 2023 02:08:49 +0000 Received: from SJ0PR13MB5545.namprd13.prod.outlook.com ([fe80::28c0:63e2:ecd1:9314]) by SJ0PR13MB5545.namprd13.prod.outlook.com ([fe80::28c0:63e2:ecd1:9314%4]) with mapi id 15.20.6813.027; Fri, 29 Sep 2023 02:08:49 +0000 From: Chaoyong He To: dev@dpdk.org Cc: oss-drivers@corigine.com, Shihong Wang , Chang Miao , Chaoyong He Subject: [PATCH v3 8/9] net/nfp: support IPsec Rx and Tx offload Date: Fri, 29 Sep 2023 10:08:09 +0800 Message-Id: <20230929020810.1219391-9-chaoyong.he@corigine.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230929020810.1219391-1-chaoyong.he@corigine.com> References: <20230926024959.207098-1-chaoyong.he@corigine.com> <20230929020810.1219391-1-chaoyong.he@corigine.com> X-ClientProxiedBy: PH8PR07CA0028.namprd07.prod.outlook.com (2603:10b6:510:2cf::23) To SJ0PR13MB5545.namprd13.prod.outlook.com (2603:10b6:a03:424::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ0PR13MB5545:EE_|CO3PR13MB5687:EE_ X-MS-Office365-Filtering-Correlation-Id: a825edbe-3f6a-45d0-8554-08dbc09104ec X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: m6Ie4t6LTk5aJSA2ZNepeiCfX/erfN047+DvS0jqjK3x6CRzXPQEPn5Blw43ADoCknJ63ynTzeq5hVRcvSqzKf/Th9OKHKxhAW9RoHwHKSNmrz/rvASu73nZgaoczIRFy4Hf6COvEsjZDpvUurqitQui27K1aiHPE5GI2I1CEccrgqf1IZrZO2nj9ez9le80EEGnzuXsgQ8qC56j04vROurtGpaYyhKy7CplfV1E4fR2P9rFJwJPl6CBjOqqI5xr0pUu0bet2C0svjx7xk3jtaFLtjYdp1qIsvTWzv44npc3i1M7fv0vMCcEW6fWJ9TJVTm3QlgINZ6unTW26uGllCU2rjwQU2gGO9k2GZz2Mju6yrGEq/MmG9se32UKX8/rxThzzmVwNU++vTJZWDPcfBrAtq/nBw9rBoKrDJC2HcDTi4mpAuq+s8OxmV1OpykZ6x+NcIwoAKRNgGKLs7tttImYZcbq24H/Ybnd5vndH/fJBeanbIH4ls3yMzWuuKwW0UlOSiihiGDyQK1MmuWb/PDvagSGkU/lXfo2+epmbHmA5xbFOaKMFlDpPUuYV38rDoJ1uow6o8wF8GD4UZGxEmrILyK4yqOnCtrrmVI+Go+j8QB/7Y8Gae31TOtT6BWgn9UnvTwRFAniRPliX51p7Op12HuatAzwLBR2ClVMooY= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR13MB5545.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(366004)(396003)(376002)(39830400003)(136003)(230922051799003)(451199024)(1800799009)(64100799003)(186009)(30864003)(2906002)(6916009)(316002)(54906003)(66946007)(66556008)(66476007)(44832011)(8936002)(8676002)(4326008)(41300700001)(5660300002)(2616005)(83380400001)(107886003)(1076003)(26005)(36756003)(86362001)(38100700002)(38350700002)(52116002)(6666004)(478600001)(6486002)(6512007)(6506007); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ztr89HDfornT+iVJMCzGEwneYnx5ytbs+wjGG2gVRUKjTkYlbQ+jbbi2PGXktfPEasKgUhTr+qedHFmKbCpIPViCtcPRikP7/NwGaRIemb7ncuWr0F35dvWUTp6D7N7uteKzbR0Go/ost1QqWS622EYt9LTvK5wKl7ehigFAKI5rTN8W4emtTGsjkgurJPV7vHjLhpKzCQQJsMglW9sHltFK8bPljCCQdj9vhfG+WIh+K2Fc0TVIqoHBr6QbFkifJVT+DQ1pkX6Ge0HS0m83DcQnXSX1JPK/jcmO4jQmXUSuGrckGBBoRjVnThJ0lLWtiy9uAvsTJ16CA7vvT8nvrzSo+3SB8QsaaAW5yUR6/Fx1WXfAxxZmVv8+DnBhee/7mflqV8x6s98A9fMphoUbt/4/PUNhgBvgDKF7gN8XlL0XgLWlo7qmys4PewPjnZ6GsW+FDgqgF3kSCjCKoQfarvDD9I+Ay2lzYlQonEN2TjvLO/YuLOlCcqLEvZWHLIS4N9KhSwo3v9uPdSiBEbkZeHIaQS38ec3bS6U+6BFAkuO5NMcjEmKdqWWf5wYQAFaFPTe9uhQqAfrPqyO9gwKBAaDR0jXwa55Ns+AVN7H/hXlHFndkyNFmOCRMtE1efbGYY4+iRc04tmGgmFiftMFhjCMpg0izpHUpH+J6u/9ulYPzlFvArwr2qsR52BBpoBtkTFKoXFUCQMuGRE8bLdQTXIzd4I0Fga6miaQBYtT3hEDls2gfIWvPTwHXQnjZ67stGyJ9AttmgMU8kPKW2UTBEm52iXeGNRmAQg4wM+hFNdlOTd4Nh5oTpTLFZqJAGy5/NXDrYGc/5u9w2RH8XR0hfran5m2BbJ1ctbk9jhDZQ8wrf9NlECKcy9htX6N6xFq4aaUVP8v+j5MZby/ILdjPrAn9tNwvM7MXmXOYDcCpcV11ZsIeLoED96Dtq+UJnRdgZkXT7Db3bMQRNREa8o7mKneJNUAGOv8+S+MKhFUFpkQPtKd1+4l3bUQR1LScO96pSbWUXtHvT6BiwMfO61zpC2y2y2f6F01N7wQRP8d/WW0c541rCNDi1XtDAE+wXwihHwX7WS85OttaPIQPwGd4Jc+AzrYd6bPXJATX2RM6HKvO59tjhunRy1NoL851eMGmIv3fxht/U9KnrSoJHqgddKpiiWMeNXMp6wnrd46XGTwL9M2zmWXdkwcqrFlfGf3/wj0FYeVwHIcIXtMs3GQVoDlWaV7YhUa+ib693hpxvRDgt9ySd4lXWa25khHqgLSelt8g8EPw1VYYSh+evxiMfvGDeWDgJFxiynct4EdzrLQgsM4n/thSiDdpq3ZXwF0MlG0bkUPBFHW8lOrTUnduD03lCDNYjSI+iEvl7fsSdmaUGcrSMONL+BxVQXDRyYpr/2EacSMalnAUYcAqnWxH27Nc6gDMKj5EG0Li6DqYUcrGPg4XftW5ytq+w+hEIkHYysKgHL4hKJE4vZdZVdCzAei6p1DGF/r+uA6BGxq+eeT/eOlNV7G7a3SS8FMla+ajQw+05C8bl8ulcSRxQjG03KQEl0sGjFWWn3wPAvXXrHLTq75F2C7MQgHKVCFM/4fh7Oqesyy33h5vgWvOca+5zA== X-OriginatorOrg: corigine.com X-MS-Exchange-CrossTenant-Network-Message-Id: a825edbe-3f6a-45d0-8554-08dbc09104ec X-MS-Exchange-CrossTenant-AuthSource: SJ0PR13MB5545.namprd13.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2023 02:08:49.1287 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fe128f2c-073b-4c20-818e-7246a585940c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zP4lT2GFw/UopN1/KZZRWl/VyxlKl8wMFRifSX4F8COdJqsOzJ2vzqqcyuqqWMiTWunRUrBttO0gAc5bseKGm9qs4MEq5TWH+on/zQKR1fY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO3PR13MB5687 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Shihong Wang The Rx path checks the ipsec metadata and base on the crypto status sets ol_flags in the rte_mbuf. The Tx path write IPsec message to mbuf metadata based on mbuf dynamic field. Signed-off-by: Shihong Wang Signed-off-by: Chang Miao Reviewed-by: Chaoyong He --- doc/guides/nics/nfp.rst | 31 +++++++++++++ drivers/net/nfp/nfd3/nfp_nfd3_dp.c | 24 ++++++++++ drivers/net/nfp/nfdk/nfp_nfdk_dp.c | 24 ++++++++++ drivers/net/nfp/nfp_ctrl.h | 1 + drivers/net/nfp/nfp_ipsec.c | 42 +++++++++++++++++ drivers/net/nfp/nfp_ipsec.h | 6 +++ drivers/net/nfp/nfp_rxtx.c | 74 ++++++++++++++++++++++++++++++ drivers/net/nfp/nfp_rxtx.h | 5 ++ 8 files changed, 207 insertions(+) diff --git a/doc/guides/nics/nfp.rst b/doc/guides/nics/nfp.rst index 456a22dcbc..fee1860f4a 100644 --- a/doc/guides/nics/nfp.rst +++ b/doc/guides/nics/nfp.rst @@ -348,6 +348,18 @@ Metadata with L2 (1W/4B) The vlan[0] is the innermost VLAN The vlan[1] is the QinQ info +NFP_NET_META_IPSEC +The IPsec type requires 4 bit. +The SA index value is 32 bit which need 1 data field. +:: + + ---------------------------------------------------------------- + 3 2 1 0 + 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | sa_idx | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + TX ~~ @@ -363,3 +375,22 @@ NFP_NET_META_VLAN ^ ^ NOTE: | TCI | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +NFP_NET_META_IPSEC +The IPsec type requires 12 bit, because it requires three data fields. +:: + + ---------------------------------------------------------------- + 3 2 1 0 + 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | sa_idx | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | nfp_ipsec_force_seq_low | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | nfp_ipsec_force_seq_hi | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The sa_idx is 32 bit which need 1 data field. + The nfp_ipsec_force_seq_low & nfp_ipsec_force_seq_hi is Anti-re-anti-count, + which is 64 bit need two data fields. diff --git a/drivers/net/nfp/nfd3/nfp_nfd3_dp.c b/drivers/net/nfp/nfd3/nfp_nfd3_dp.c index ab0747fc16..64928254d8 100644 --- a/drivers/net/nfp/nfd3/nfp_nfd3_dp.c +++ b/drivers/net/nfp/nfd3/nfp_nfd3_dp.c @@ -147,10 +147,13 @@ nfp_net_nfd3_set_meta_data(struct nfp_net_meta_raw *meta_data, char *meta; uint8_t layer = 0; uint32_t meta_info; + uint32_t cap_extend; struct nfp_net_hw *hw; uint8_t vlan_layer = 0; + uint8_t ipsec_layer = 0; hw = txq->hw; + cap_extend = nn_cfg_readl(hw, NFP_NET_CFG_CAP_WORD1); if ((pkt->ol_flags & RTE_MBUF_F_TX_VLAN) != 0 && (hw->ctrl & NFP_NET_CFG_CTRL_TXVLAN_V2) != 0) { @@ -160,6 +163,18 @@ nfp_net_nfd3_set_meta_data(struct nfp_net_meta_raw *meta_data, meta_data->header |= NFP_NET_META_VLAN; } + if ((pkt->ol_flags & RTE_MBUF_F_TX_SEC_OFFLOAD) != 0 && + (cap_extend & NFP_NET_CFG_CTRL_IPSEC) != 0) { + uint32_t ipsec_type = NFP_NET_META_IPSEC | + NFP_NET_META_IPSEC << NFP_NET_META_FIELD_SIZE | + NFP_NET_META_IPSEC << (2 * NFP_NET_META_FIELD_SIZE); + if (meta_data->length == 0) + meta_data->length = NFP_NET_META_FIELD_SIZE; + uint8_t ipsec_offset = meta_data->length - NFP_NET_META_FIELD_SIZE; + meta_data->header |= (ipsec_type << ipsec_offset); + meta_data->length += 3 * NFP_NET_META_FIELD_SIZE; + } + if (meta_data->length == 0) return; @@ -180,6 +195,15 @@ nfp_net_nfd3_set_meta_data(struct nfp_net_meta_raw *meta_data, nfp_net_set_meta_vlan(meta_data, pkt, layer); vlan_layer++; break; + case NFP_NET_META_IPSEC: + if (ipsec_layer > 2) { + PMD_DRV_LOG(ERR, "At most 3 layers of ipsec is supported for now."); + return; + } + + nfp_net_set_meta_ipsec(meta_data, txq, pkt, layer, ipsec_layer); + ipsec_layer++; + break; default: PMD_DRV_LOG(ERR, "The metadata type not supported"); return; diff --git a/drivers/net/nfp/nfdk/nfp_nfdk_dp.c b/drivers/net/nfp/nfdk/nfp_nfdk_dp.c index a85734f121..d4bd5edb0a 100644 --- a/drivers/net/nfp/nfdk/nfp_nfdk_dp.c +++ b/drivers/net/nfp/nfdk/nfp_nfdk_dp.c @@ -177,13 +177,16 @@ nfp_net_nfdk_set_meta_data(struct rte_mbuf *pkt, char *meta; uint8_t layer = 0; uint32_t meta_type; + uint32_t cap_extend; struct nfp_net_hw *hw; uint32_t header_offset; uint8_t vlan_layer = 0; + uint8_t ipsec_layer = 0; struct nfp_net_meta_raw meta_data; memset(&meta_data, 0, sizeof(meta_data)); hw = txq->hw; + cap_extend = nn_cfg_readl(hw, NFP_NET_CFG_CAP_WORD1); if ((pkt->ol_flags & RTE_MBUF_F_TX_VLAN) != 0 && (hw->ctrl & NFP_NET_CFG_CTRL_TXVLAN_V2) != 0) { @@ -193,6 +196,18 @@ nfp_net_nfdk_set_meta_data(struct rte_mbuf *pkt, meta_data.header |= NFP_NET_META_VLAN; } + if ((pkt->ol_flags & RTE_MBUF_F_TX_SEC_OFFLOAD) != 0 && + (cap_extend & NFP_NET_CFG_CTRL_IPSEC) != 0) { + uint32_t ipsec_type = NFP_NET_META_IPSEC | + NFP_NET_META_IPSEC << NFP_NET_META_FIELD_SIZE | + NFP_NET_META_IPSEC << (2 * NFP_NET_META_FIELD_SIZE); + if (meta_data.length == 0) + meta_data.length = NFP_NET_META_FIELD_SIZE; + uint8_t ipsec_offset = meta_data.length - NFP_NET_META_FIELD_SIZE; + meta_data.header |= (ipsec_type << ipsec_offset); + meta_data.length += 3 * NFP_NET_META_FIELD_SIZE; + } + if (meta_data.length == 0) return; @@ -215,6 +230,15 @@ nfp_net_nfdk_set_meta_data(struct rte_mbuf *pkt, nfp_net_set_meta_vlan(&meta_data, pkt, layer); vlan_layer++; break; + case NFP_NET_META_IPSEC: + if (ipsec_layer > 2) { + PMD_DRV_LOG(ERR, "At most 3 layers of ipsec is supported for now."); + return; + } + + nfp_net_set_meta_ipsec(&meta_data, txq, pkt, layer, ipsec_layer); + ipsec_layer++; + break; default: PMD_DRV_LOG(ERR, "The metadata type not supported"); return; diff --git a/drivers/net/nfp/nfp_ctrl.h b/drivers/net/nfp/nfp_ctrl.h index 99890a33a1..55073c3cea 100644 --- a/drivers/net/nfp/nfp_ctrl.h +++ b/drivers/net/nfp/nfp_ctrl.h @@ -39,6 +39,7 @@ #define NFP_NET_META_HASH 1 /* next field carries hash type */ #define NFP_NET_META_VLAN 4 #define NFP_NET_META_PORTID 5 +#define NFP_NET_META_IPSEC 9 #define NFP_META_PORT_ID_CTRL ~0U diff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c index 33c77f0b74..d1d593f18c 100644 --- a/drivers/net/nfp/nfp_ipsec.c +++ b/drivers/net/nfp/nfp_ipsec.c @@ -1148,6 +1148,47 @@ nfp_crypto_update_session(void *device __rte_unused, return 0; } +static int +nfp_security_set_pkt_metadata(void *device, + struct rte_security_session *session, + struct rte_mbuf *m, + void *params) +{ + int offset; + uint64_t *sqn; + struct nfp_net_hw *hw; + struct rte_eth_dev *eth_dev; + struct nfp_ipsec_session *priv_session; + + sqn = params; + eth_dev = device; + priv_session = SECURITY_GET_SESS_PRIV(session); + hw = NFP_NET_DEV_PRIVATE_TO_HW(eth_dev->data->dev_private); + + if (priv_session->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + struct nfp_tx_ipsec_desc_msg *desc_md; + + offset = hw->ipsec_data->pkt_dynfield_offset; + desc_md = RTE_MBUF_DYNFIELD(m, offset, struct nfp_tx_ipsec_desc_msg *); + + if (priv_session->msg.ctrl_word.ext_seq != 0 && sqn != NULL) { + desc_md->esn.low = rte_cpu_to_be_32(*sqn); + desc_md->esn.hi = rte_cpu_to_be_32(*sqn >> 32); + } else if (priv_session->msg.ctrl_word.ext_seq != 0) { + desc_md->esn.low = rte_cpu_to_be_32(priv_session->ipsec.esn.low); + desc_md->esn.hi = rte_cpu_to_be_32(priv_session->ipsec.esn.hi); + } else { + desc_md->esn.low = rte_cpu_to_be_32(priv_session->ipsec.esn.value); + desc_md->esn.hi = 0; + } + + desc_md->enc = 1; + desc_md->sa_idx = rte_cpu_to_be_32(priv_session->sa_index); + } + + return 0; +} + /** * Get discards packet statistics for each SA * @@ -1242,6 +1283,7 @@ static const struct rte_security_ops nfp_security_ops = { .session_update = nfp_crypto_update_session, .session_get_size = nfp_security_session_get_size, .session_stats_get = nfp_security_session_get_stats, + .set_pkt_metadata = nfp_security_set_pkt_metadata, .capabilities_get = nfp_crypto_capabilities_get, }; diff --git a/drivers/net/nfp/nfp_ipsec.h b/drivers/net/nfp/nfp_ipsec.h index 06792199c6..aaebb80fe1 100644 --- a/drivers/net/nfp/nfp_ipsec.h +++ b/drivers/net/nfp/nfp_ipsec.h @@ -168,6 +168,12 @@ struct nfp_net_ipsec_data { struct nfp_ipsec_session *sa_entries[NFP_NET_IPSEC_MAX_SA_CNT]; }; +enum nfp_ipsec_meta_layer { + NFP_IPSEC_META_SAIDX, /**< Order of SA index in metadata */ + NFP_IPSEC_META_SEQLOW, /**< Order of Sequence Number (low 32bits) in metadata */ + NFP_IPSEC_META_SEQHI, /**< Order of Sequence Number (high 32bits) in metadata */ +}; + int nfp_ipsec_init(struct rte_eth_dev *dev); void nfp_ipsec_uninit(struct rte_eth_dev *dev); diff --git a/drivers/net/nfp/nfp_rxtx.c b/drivers/net/nfp/nfp_rxtx.c index e74aba7439..66a5d6cb3a 100644 --- a/drivers/net/nfp/nfp_rxtx.c +++ b/drivers/net/nfp/nfp_rxtx.c @@ -8,11 +8,13 @@ #include "nfp_rxtx.h" #include +#include #include "nfd3/nfp_nfd3.h" #include "nfdk/nfp_nfdk.h" #include "flower/nfp_flower.h" +#include "nfp_ipsec.h" #include "nfp_logs.h" /* Maximum number of supported VLANs in parsed form packet metadata. */ @@ -25,8 +27,10 @@ * read-only after it have been recorded during parsing by nfp_net_parse_meta(). * * @port_id: Port id value + * @sa_idx: IPsec SA index * @hash: RSS hash value * @hash_type: RSS hash type + * @ipsec_type: IPsec type * @vlan_layer: The layers of VLAN info which are passed from nic. * Only this number of entries of the @vlan array are valid. * @@ -44,8 +48,10 @@ */ struct nfp_meta_parsed { uint32_t port_id; + uint32_t sa_idx; uint32_t hash; uint8_t hash_type; + uint8_t ipsec_type; uint8_t vlan_layer; struct { uint8_t offload; @@ -304,6 +310,10 @@ nfp_net_parse_chained_meta(uint8_t *meta_base, meta->vlan[meta->vlan_layer].tpid = NFP_NET_META_TPID(vlan_info); ++meta->vlan_layer; break; + case NFP_NET_META_IPSEC: + meta->sa_idx = rte_be_to_cpu_32(*(rte_be32_t *)meta_offset); + meta->ipsec_type = meta_info & NFP_NET_META_FIELD_MASK; + break; default: /* Unsupported metadata can be a performance issue */ return false; @@ -429,6 +439,39 @@ nfp_net_parse_meta_qinq(const struct nfp_meta_parsed *meta, mb->ol_flags |= RTE_MBUF_F_RX_QINQ | RTE_MBUF_F_RX_QINQ_STRIPPED; } +/* + * Set mbuf IPsec Offload features based on metadata info. + * + * The IPsec Offload features is prepended to the mbuf ol_flags. + * Extract and decode metadata info and set the mbuf ol_flags. + */ +static void +nfp_net_parse_meta_ipsec(struct nfp_meta_parsed *meta, + struct nfp_net_rxq *rxq, + struct rte_mbuf *mbuf) +{ + int offset; + uint32_t sa_idx; + struct nfp_net_hw *hw; + struct nfp_tx_ipsec_desc_msg *desc_md; + + hw = rxq->hw; + sa_idx = meta->sa_idx; + + if (meta->ipsec_type != NFP_NET_META_IPSEC) + return; + + if (sa_idx >= NFP_NET_IPSEC_MAX_SA_CNT) { + mbuf->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED; + } else { + mbuf->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD; + offset = hw->ipsec_data->pkt_dynfield_offset; + desc_md = RTE_MBUF_DYNFIELD(mbuf, offset, struct nfp_tx_ipsec_desc_msg *); + desc_md->sa_idx = sa_idx; + desc_md->enc = 0; + } +} + /* nfp_net_parse_meta() - Parse the metadata from packet */ static void nfp_net_parse_meta(struct nfp_net_rx_desc *rxds, @@ -453,6 +496,7 @@ nfp_net_parse_meta(struct nfp_net_rx_desc *rxds, nfp_net_parse_meta_hash(meta, rxq, mb); nfp_net_parse_meta_vlan(meta, rxds, rxq, mb); nfp_net_parse_meta_qinq(meta, rxq, mb); + nfp_net_parse_meta_ipsec(meta, rxq, mb); } else { PMD_RX_LOG(DEBUG, "RX chained metadata format is wrong!"); } @@ -1035,6 +1079,36 @@ nfp_net_set_meta_vlan(struct nfp_net_meta_raw *meta_data, meta_data->data[layer] = rte_cpu_to_be_32(tpid << 16 | vlan_tci); } +void +nfp_net_set_meta_ipsec(struct nfp_net_meta_raw *meta_data, + struct nfp_net_txq *txq, + struct rte_mbuf *pkt, + uint8_t layer, + uint8_t ipsec_layer) +{ + int offset; + struct nfp_net_hw *hw; + struct nfp_tx_ipsec_desc_msg *desc_md; + + hw = txq->hw; + offset = hw->ipsec_data->pkt_dynfield_offset; + desc_md = RTE_MBUF_DYNFIELD(pkt, offset, struct nfp_tx_ipsec_desc_msg *); + + switch (ipsec_layer) { + case NFP_IPSEC_META_SAIDX: + meta_data->data[layer] = desc_md->sa_idx; + break; + case NFP_IPSEC_META_SEQLOW: + meta_data->data[layer] = desc_md->esn.low; + break; + case NFP_IPSEC_META_SEQHI: + meta_data->data[layer] = desc_md->esn.hi; + break; + default: + break; + } +} + int nfp_net_tx_queue_setup(struct rte_eth_dev *dev, uint16_t queue_idx, diff --git a/drivers/net/nfp/nfp_rxtx.h b/drivers/net/nfp/nfp_rxtx.h index 4e8558074e..3c7138f7d6 100644 --- a/drivers/net/nfp/nfp_rxtx.h +++ b/drivers/net/nfp/nfp_rxtx.h @@ -257,5 +257,10 @@ int nfp_net_tx_free_bufs(struct nfp_net_txq *txq); void nfp_net_set_meta_vlan(struct nfp_net_meta_raw *meta_data, struct rte_mbuf *pkt, uint8_t layer); +void nfp_net_set_meta_ipsec(struct nfp_net_meta_raw *meta_data, + struct nfp_net_txq *txq, + struct rte_mbuf *pkt, + uint8_t layer, + uint8_t ipsec_layer); #endif /* _NFP_RXTX_H_ */