@@ -1696,7 +1696,8 @@ struct mlx5_ifc_cmd_hca_cap_bits {
u8 reserved_at_460[0x8];
u8 aes_xts[0x1];
u8 crypto[0x1];
- u8 reserved_at_46a[0x6];
+ u8 ipsec_offload[0x1];
+ u8 reserved_at_46b[0x5];
u8 max_num_eqs[0x10];
u8 reserved_at_480[0x3];
u8 log_max_l2_table[0x5];
@@ -906,6 +906,9 @@ int mlx5dr_cmd_query_caps(struct ibv_context *ctx,
caps->sq_ts_format = MLX5_GET(query_hca_cap_out, out,
capability.cmd_hca_cap.sq_ts_format);
+ caps->ipsec_offload = MLX5_GET(query_hca_cap_out, out,
+ capability.cmd_hca_cap.ipsec_offload);
+
MLX5_SET(query_hca_cap_in, in, op_mod,
MLX5_GET_HCA_CAP_OP_MOD_GENERAL_DEVICE_2 |
MLX5_HCA_CAP_OPMOD_GET_CUR);
@@ -202,6 +202,7 @@ struct mlx5dr_cmd_query_caps {
bool cross_vhca_resources;
uint32_t shared_vhca_id;
char fw_ver[64];
+ bool ipsec_offload;
};
int mlx5dr_cmd_destroy_obj(struct mlx5dr_devx_obj *devx_obj);
@@ -162,7 +162,9 @@ struct mlx5dr_definer_conv_data {
X(SET_BE32, gre_opt_key, v->key.key, rte_flow_item_gre_opt) \
X(SET_BE32, gre_opt_seq, v->sequence.sequence, rte_flow_item_gre_opt) \
X(SET_BE16, gre_opt_checksum, v->checksum_rsvd.checksum, rte_flow_item_gre_opt) \
- X(SET, meter_color, rte_col_2_mlx5_col(v->color), rte_flow_item_meter_color)
+ X(SET, meter_color, rte_col_2_mlx5_col(v->color), rte_flow_item_meter_color) \
+ X(SET_BE32, ipsec_spi, v->hdr.spi, rte_flow_item_esp) \
+ X(SET_BE32, ipsec_sequence_number, v->hdr.seq, rte_flow_item_esp)
/* Item set function format */
#define X(set_type, func_name, value, item_type) \
@@ -1645,6 +1647,36 @@ mlx5dr_definer_check_item_range_supp(struct rte_flow_item *item)
}
}
+static int
+mlx5dr_definer_conv_item_esp(struct mlx5dr_definer_conv_data *cd,
+ struct rte_flow_item *item,
+ int item_idx)
+{
+ const struct rte_flow_item_esp *m = item->mask;
+ struct mlx5dr_definer_fc *fc;
+
+ if (!cd->caps->ipsec_offload) {
+ rte_errno = ENOTSUP;
+ return rte_errno;
+ }
+
+ if (!m)
+ return 0;
+ if (m->hdr.spi) {
+ fc = &cd->fc[MLX5DR_DEFINER_FNAME_ESP_SPI];
+ fc->item_idx = item_idx;
+ fc->tag_set = &mlx5dr_definer_ipsec_spi_set;
+ DR_CALC_SET_HDR(fc, ipsec, spi);
+ }
+ if (m->hdr.seq) {
+ fc = &cd->fc[MLX5DR_DEFINER_FNAME_ESP_SEQUENCE_NUMBER];
+ fc->item_idx = item_idx;
+ fc->tag_set = &mlx5dr_definer_ipsec_sequence_number_set;
+ DR_CALC_SET_HDR(fc, ipsec, sequence_number);
+ }
+ return 0;
+}
+
static int
mlx5dr_definer_conv_items_to_hl(struct mlx5dr_context *ctx,
struct mlx5dr_match_template *mt,
@@ -1767,6 +1799,10 @@ mlx5dr_definer_conv_items_to_hl(struct mlx5dr_context *ctx,
ret = mlx5dr_definer_conv_item_meter_color(&cd, items, i);
item_flags |= MLX5_FLOW_ITEM_METER_COLOR;
break;
+ case RTE_FLOW_ITEM_TYPE_ESP:
+ ret = mlx5dr_definer_conv_item_esp(&cd, items, i);
+ item_flags |= MLX5_FLOW_ITEM_ESP;
+ break;
default:
DR_LOG(ERR, "Unsupported item type %d", items->type);
rte_errno = ENOTSUP;
@@ -112,6 +112,8 @@ enum mlx5dr_definer_fname {
MLX5DR_DEFINER_FNAME_INTEGRITY_I,
MLX5DR_DEFINER_FNAME_ICMP_DW1,
MLX5DR_DEFINER_FNAME_ICMP_DW2,
+ MLX5DR_DEFINER_FNAME_ESP_SPI,
+ MLX5DR_DEFINER_FNAME_ESP_SEQUENCE_NUMBER,
MLX5DR_DEFINER_FNAME_MAX,
};
@@ -4734,6 +4734,7 @@ flow_hw_pattern_validate(struct rte_eth_dev *dev,
case RTE_FLOW_ITEM_TYPE_ICMP6_ECHO_REQUEST:
case RTE_FLOW_ITEM_TYPE_ICMP6_ECHO_REPLY:
case RTE_FLOW_ITEM_TYPE_CONNTRACK:
+ case RTE_FLOW_ITEM_TYPE_ESP:
break;
case RTE_FLOW_ITEM_TYPE_INTEGRITY:
/*