@@ -260,13 +260,17 @@ ot_ipsec_inb_tunnel_hdr_fill(struct roc_ot_ipsec_inb_sa *sa,
int
cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
struct rte_security_ipsec_xform *ipsec_xfrm,
- struct rte_crypto_sym_xform *crypto_xfrm)
+ struct rte_crypto_sym_xform *crypto_xfrm,
+ bool is_inline)
{
union roc_ot_ipsec_sa_word2 w2;
uint32_t replay_win_sz;
size_t offset;
int rc;
+ /* Initialize the SA */
+ roc_ot_ipsec_inb_sa_init(sa, is_inline);
+
w2.u64 = 0;
rc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->w8.s.salt,
sa->hmac_opad_ipad, ipsec_xfrm,
@@ -291,13 +295,6 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
if (rc)
return rc;
- /* Default options for pkt_out and pkt_fmt are with
- * second pass meta and no defrag.
- */
- sa->w0.s.pkt_format = ROC_IE_OT_SA_PKT_FMT_META;
- sa->w0.s.pkt_output = ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG;
- sa->w0.s.pkind = ROC_OT_CPT_META_PKIND;
-
/* ESN */
sa->w2.s.esn_en = !!ipsec_xfrm->options.esn;
if (ipsec_xfrm->options.udp_encap) {
@@ -346,11 +343,6 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
sa->w0.s.hard_life_dec = 1;
}
- /* There are two words of CPT_CTX_HW_S for ucode to skip */
- sa->w0.s.ctx_hdr_size = 1;
- sa->w0.s.aop_valid = 1;
- sa->w0.s.et_ovrwr = 1;
-
rte_wmb();
/* Enable SA */
@@ -368,6 +360,9 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,
size_t offset;
int rc;
+ /* Initialize the SA */
+ roc_ot_ipsec_outb_sa_init(sa);
+
w2.u64 = 0;
rc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->iv.s.salt,
sa->hmac_opad_ipad, ipsec_xfrm,
@@ -38,7 +38,8 @@ cnxk_ipsec_outb_roundup_byte(enum rte_crypto_cipher_algorithm c_algo,
int __roc_api
cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
struct rte_security_ipsec_xform *ipsec_xfrm,
- struct rte_crypto_sym_xform *crypto_xfrm);
+ struct rte_crypto_sym_xform *crypto_xfrm,
+ bool is_inline);
int __roc_api
cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,
struct rte_security_ipsec_xform *ipsec_xfrm,
@@ -23,6 +23,7 @@ sources = files(
'roc_hash.c',
'roc_idev.c',
'roc_irq.c',
+ 'roc_ie_ot.c',
'roc_mbox.c',
'roc_model.c',
'roc_nix.c',
new file mode 100644
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2022 Marvell.
+ */
+
+#include "roc_api.h"
+#include "roc_priv.h"
+
+void
+roc_ot_ipsec_inb_sa_init(struct roc_ot_ipsec_inb_sa *sa, bool is_inline)
+{
+ size_t offset;
+
+ memset(sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
+
+ if (is_inline) {
+ sa->w0.s.pkt_output = ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG;
+ sa->w0.s.pkt_format = ROC_IE_OT_SA_PKT_FMT_META;
+ sa->w0.s.pkind = ROC_IE_OT_CPT_PKIND;
+ sa->w0.s.et_ovrwr = 1;
+ }
+
+ offset = offsetof(struct roc_ot_ipsec_inb_sa, ctx);
+ sa->w0.s.hw_ctx_off = offset / ROC_CTX_UNIT_8B;
+ sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off + 1;
+ sa->w0.s.ctx_size = ROC_IE_OT_CTX_ILEN;
+ sa->w0.s.ctx_hdr_size = ROC_IE_OT_SA_CTX_HDR_SIZE;
+ sa->w0.s.aop_valid = 1;
+}
+
+void
+roc_ot_ipsec_outb_sa_init(struct roc_ot_ipsec_outb_sa *sa)
+{
+ size_t offset;
+
+ memset(sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
+
+ offset = offsetof(struct roc_ot_ipsec_outb_sa, ctx);
+ sa->w0.s.ctx_push_size = (offset / ROC_CTX_UNIT_8B) + 1;
+ sa->w0.s.ctx_size = ROC_IE_OT_CTX_ILEN;
+ sa->w0.s.aop_valid = 1;
+}
@@ -1,13 +1,10 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(C) 2021 Marvell.
+ * Copyright(C) 2022 Marvell.
*/
#ifndef __ROC_IE_OT_H__
#define __ROC_IE_OT_H__
-/* PKIND to be used for CPT Meta parsing */
-#define ROC_OT_CPT_META_PKIND 58
-
/* CN10K IPSEC opcodes */
#define ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x28UL
#define ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x29UL
@@ -16,6 +13,9 @@
#define ROC_IE_OT_MINOR_OP_WRITE_SA 0x09UL
#define ROC_IE_OT_CTX_ILEN 2
+/* PKIND to be used for CPT Meta parsing */
+#define ROC_IE_OT_CPT_PKIND 58
+#define ROC_IE_OT_SA_CTX_HDR_SIZE 1
enum roc_ie_ot_ucc_ipsec {
ROC_IE_OT_UCC_SUCCESS = 0x00,
@@ -517,4 +517,7 @@ PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, hmac_opad_ipad) ==
PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, ctx) ==
31 * sizeof(uint64_t));
+void __roc_api roc_ot_ipsec_inb_sa_init(struct roc_ot_ipsec_inb_sa *sa,
+ bool is_inline);
+void __roc_api roc_ot_ipsec_outb_sa_init(struct roc_ot_ipsec_outb_sa *sa);
#endif /* __ROC_IE_OT_H__ */
@@ -43,7 +43,7 @@ nix_inl_inb_sa_tbl_setup(struct roc_nix *roc_nix)
if (roc_model_is_cn10k()) {
for (i = 0; i < ipsec_in_max_spi; i++) {
sa = ((uint8_t *)nix->inb_sa_base) + (i * inb_sa_sz);
- roc_nix_inl_inb_sa_init(sa);
+ roc_ot_ipsec_inb_sa_init(sa, true);
}
}
@@ -401,7 +401,7 @@ roc_nix_inl_outb_init(struct roc_nix *roc_nix)
if (roc_model_is_cn10k()) {
for (i = 0; i < roc_nix->ipsec_out_max_sa; i++) {
sa = ((uint8_t *)sa_base) + (i * sa_sz);
- roc_nix_inl_outb_sa_init(sa);
+ roc_ot_ipsec_outb_sa_init(sa);
}
}
nix->outb_sa_base = sa_base;
@@ -867,33 +867,6 @@ roc_nix_inl_ctx_write(struct roc_nix *roc_nix, void *sa_dptr, void *sa_cptr,
}
void
-roc_nix_inl_inb_sa_init(struct roc_ot_ipsec_inb_sa *sa)
-{
- size_t offset;
-
- memset(sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
-
- offset = offsetof(struct roc_ot_ipsec_inb_sa, ctx);
- sa->w0.s.hw_ctx_off = offset / ROC_CTX_UNIT_8B;
- sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off + 1;
- sa->w0.s.ctx_size = ROC_IE_OT_CTX_ILEN;
- sa->w0.s.aop_valid = 1;
-}
-
-void
-roc_nix_inl_outb_sa_init(struct roc_ot_ipsec_outb_sa *sa)
-{
- size_t offset;
-
- memset(sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
-
- offset = offsetof(struct roc_ot_ipsec_outb_sa, ctx);
- sa->w0.s.ctx_push_size = (offset / ROC_CTX_UNIT_8B);
- sa->w0.s.ctx_size = ROC_IE_OT_CTX_ILEN;
- sa->w0.s.aop_valid = 1;
-}
-
-void
roc_nix_inl_dev_lock(void)
{
struct idev_cfg *idev = idev_get_cfg();
@@ -171,7 +171,5 @@ int __roc_api roc_nix_inl_sa_sync(struct roc_nix *roc_nix, void *sa, bool inb,
enum roc_nix_inl_sa_sync_op op);
int __roc_api roc_nix_inl_ctx_write(struct roc_nix *roc_nix, void *sa_dptr,
void *sa_cptr, bool inb, uint16_t sa_len);
-void __roc_api roc_nix_inl_inb_sa_init(struct roc_ot_ipsec_inb_sa *sa);
-void __roc_api roc_nix_inl_outb_sa_init(struct roc_ot_ipsec_outb_sa *sa);
#endif /* _ROC_NIX_INL_H_ */
@@ -397,7 +397,7 @@ nix_inl_nix_setup(struct nix_inl_dev *inl_dev)
for (i = 0; i < ipsec_in_max_spi; i++) {
sa = ((uint8_t *)inl_dev->inb_sa_base) +
(i * inb_sa_sz);
- roc_nix_inl_inb_sa_init(sa);
+ roc_ot_ipsec_inb_sa_init(sa, true);
}
}
/* Setup device specific inb SA table */
@@ -157,8 +157,6 @@ INTERNAL {
roc_nix_inl_sa_sync;
roc_nix_inl_ctx_write;
roc_nix_inl_dev_pffunc_get;
- roc_nix_inl_inb_sa_init;
- roc_nix_inl_outb_sa_init;
roc_nix_cpt_ctx_cache_sync;
roc_nix_is_lbk;
roc_nix_is_pf;
@@ -322,6 +320,8 @@ INTERNAL {
roc_npc_mcam_read_counter;
roc_npc_profile_name_get;
roc_npc_validate_portid_action;
+ roc_ot_ipsec_inb_sa_init;
+ roc_ot_ipsec_outb_sa_init;
roc_plt_init;
roc_plt_init_cb_register;
roc_sso_dev_fini;
@@ -128,7 +128,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
in_sa = &sa->in_sa;
/* Translate security parameters to SA */
- ret = cnxk_ot_ipsec_inb_sa_fill(in_sa, ipsec_xfrm, crypto_xfrm);
+ ret = cnxk_ot_ipsec_inb_sa_fill(in_sa, ipsec_xfrm, crypto_xfrm,
+ false);
if (ret)
return ret;
@@ -319,7 +319,8 @@ cn10k_eth_sec_session_create(void *device,
memset(inb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa));
/* Fill inbound sa params */
- rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto);
+ rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto,
+ true);
if (rc) {
snprintf(tbuf, sizeof(tbuf),
"Failed to init inbound sa, rc=%d", rc);
@@ -464,7 +465,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
if (eth_sec->inb) {
/* Disable SA */
sa_dptr = dev->inb.sa_dptr;
- roc_nix_inl_inb_sa_init(sa_dptr);
+ roc_ot_ipsec_inb_sa_init(sa_dptr, true);
roc_nix_inl_ctx_write(&dev->nix, sa_dptr, eth_sec->sa,
eth_sec->inb,
@@ -474,7 +475,7 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)
} else {
/* Disable SA */
sa_dptr = dev->outb.sa_dptr;
- roc_nix_inl_outb_sa_init(sa_dptr);
+ roc_ot_ipsec_outb_sa_init(sa_dptr);
roc_nix_inl_ctx_write(&dev->nix, sa_dptr, eth_sec->sa,
eth_sec->inb,