diff mbox series

[2/3] common/cnxk: add support for UDP ports verification

Message ID 20210908082531.27477-3-ktejasree@marvell.com (mailing list archive)
State Changes Requested
Delegated to: akhil goyal
Headers show
Series add option to configure UDP ports verification | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Tejasree Kondoj Sept. 8, 2021, 8:25 a.m. UTC
Adding support to verify UDP encapsulation ports
in IPsec inbound.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/common/cnxk/cnxk_security.c               | 3 +++
 drivers/common/cnxk/roc_ie_ot.h                   | 4 ++--
 drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

Comments

Akhil Goyal Sept. 8, 2021, 10:46 a.m. UTC | #1
> Adding support to verify UDP encapsulation ports
> in IPsec inbound.
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
>  drivers/common/cnxk/cnxk_security.c               | 3 +++
Acked-by: Akhil Goyal <gakhil@marvell.com>
diff mbox series

Patch

diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index cc5daf333c..13c4f128ae 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -303,6 +303,9 @@  cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
 		sa->w10.s.udp_dst_port = 4500;
 	}
 
+	if (ipsec_xfrm->options.udp_ports_verify)
+		sa->w2.s.udp_ports_verify = 1;
+
 	offset = offsetof(struct roc_ot_ipsec_inb_sa, ctx);
 	/* Word offset for HW managed SA field */
 	sa->w0.s.hw_ctx_off = offset / 8;
diff --git a/drivers/common/cnxk/roc_ie_ot.h b/drivers/common/cnxk/roc_ie_ot.h
index 12c75afac2..e8415cff3c 100644
--- a/drivers/common/cnxk/roc_ie_ot.h
+++ b/drivers/common/cnxk/roc_ie_ot.h
@@ -184,7 +184,7 @@  union roc_ot_ipsec_sa_word2 {
 		uint64_t esn_en : 1;
 		uint64_t tport_l4_incr_csum : 1;
 		uint64_t ip_hdr_verify : 2;
-		uint64_t rsvd5 : 1;
+		uint64_t udp_ports_verify : 1;
 
 		uint64_t rsvd2 : 7;
 		uint64_t async_mode : 1;
@@ -329,7 +329,7 @@  struct roc_ot_ipsec_inb_sa {
 			uint64_t esn_en : 1;
 			uint64_t tport_l4_incr_csum : 1;
 			uint64_t ip_hdr_verify : 2;
-			uint64_t rsvd5 : 1;
+			uint64_t udp_ports_verify : 1;
 
 			uint64_t rsvd6 : 7;
 			uint64_t async_mode : 1;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 8a0cf289fd..ba4166c56d 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -921,6 +921,7 @@  cn10k_sec_caps_update(struct rte_security_capability *sec_cap)
 		sec_cap->ipsec.options.iv_gen_disable = 1;
 #endif
 	} else {
+		sec_cap->ipsec.options.udp_ports_verify = 1;
 		if (sec_cap->ipsec.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
 			sec_cap->ipsec.options.tunnel_hdr_verify =
 				RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;