[03/10] net/mlx5/hws: support ASO IPsec action

Message ID 20231031122512.434686-4-getelson@nvidia.com (mailing list archive)
State Rejected
Delegated to: Raslan Darawsheh
Headers
Series net/mlx5/hws: IPSEC reparse submission |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Gregory Etelson Oct. 31, 2023, 12:25 p.m. UTC
  From: Hamdan Igbaria <hamdani@nvidia.com>

Support ASO IPsec action, this action will allow performing
some of ipsec full offload operations, for example replay
protection and sequence number incrementation.
In Tx flow this action used before encrypting the packet to
increase the sequence number.
In Rx flow this action used after decrypting the packet to
check it against the replay protection window for validity.

Signed-off-by: Hamdan Igbaria <hamdani@nvidia.com>
Reviewed-by: Alex Vesker <valex@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
---
 drivers/common/mlx5/mlx5_prm.h       |  1 +
 drivers/net/mlx5/hws/mlx5dr.h        | 23 ++++++++++++++++++++
 drivers/net/mlx5/hws/mlx5dr_action.c | 32 +++++++++++++++++++++++++---
 drivers/net/mlx5/hws/mlx5dr_debug.c  |  1 +
 4 files changed, 54 insertions(+), 3 deletions(-)
  

Patch

diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h
index 0eecf0691b..31ebec7bcf 100644
--- a/drivers/common/mlx5/mlx5_prm.h
+++ b/drivers/common/mlx5/mlx5_prm.h
@@ -3539,6 +3539,7 @@  struct mlx5_ifc_stc_ste_param_flow_counter_bits {
 enum {
 	MLX5_ASO_CT_NUM_PER_OBJ = 1,
 	MLX5_ASO_METER_NUM_PER_OBJ = 2,
+	MLX5_ASO_IPSEC_NUM_PER_OBJ = 1,
 };
 
 struct mlx5_ifc_stc_ste_param_execute_aso_bits {
diff --git a/drivers/net/mlx5/hws/mlx5dr.h b/drivers/net/mlx5/hws/mlx5dr.h
index 74d05229c7..bd352fa26d 100644
--- a/drivers/net/mlx5/hws/mlx5dr.h
+++ b/drivers/net/mlx5/hws/mlx5dr.h
@@ -45,6 +45,7 @@  enum mlx5dr_action_type {
 	MLX5DR_ACTION_TYP_PUSH_VLAN,
 	MLX5DR_ACTION_TYP_ASO_METER,
 	MLX5DR_ACTION_TYP_ASO_CT,
+	MLX5DR_ACTION_TYP_ASO_IPSEC,
 	MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT,
 	MLX5DR_ACTION_TYP_CRYPTO_DECRYPT,
 	MLX5DR_ACTION_TYP_DEST_ROOT,
@@ -235,6 +236,10 @@  struct mlx5dr_rule_action {
 			enum mlx5dr_action_aso_ct_flags direction;
 		} aso_ct;
 
+		struct {
+			uint32_t offset;
+		} aso_ipsec;
+
 		struct {
 			uint32_t offset;
 		} crypto;
@@ -659,6 +664,24 @@  mlx5dr_action_create_aso_ct(struct mlx5dr_context *ctx,
 			    uint8_t return_reg_id,
 			    uint32_t flags);
 
+/* Create direct rule ASO IPSEC action.
+ *
+ * @param[in] ctx
+ *	The context in which the new action will be created.
+ * @param[in] devx_obj
+ *	The DEVX ASO object.
+ * @param[in] return_reg_id
+ *	Copy the ASO object value into this reg_id, after a packet hits a rule with this ASO object.
+ * @param[in] flags
+ *	Action creation flags. (enum mlx5dr_action_flags)
+ * @return pointer to mlx5dr_action on success NULL otherwise.
+ */
+struct mlx5dr_action *
+mlx5dr_action_create_aso_ipsec(struct mlx5dr_context *ctx,
+			       struct mlx5dr_devx_obj *devx_obj,
+			       uint8_t return_reg_id,
+			       uint32_t flags);
+
 /* Create direct rule pop vlan action.
  * @param[in] ctx
  *	The context in which the new action will be created.
diff --git a/drivers/net/mlx5/hws/mlx5dr_action.c b/drivers/net/mlx5/hws/mlx5dr_action.c
index 4910b4f730..956909a628 100644
--- a/drivers/net/mlx5/hws/mlx5dr_action.c
+++ b/drivers/net/mlx5/hws/mlx5dr_action.c
@@ -9,11 +9,11 @@ 
 #define MLX5DR_ACTION_METER_INIT_COLOR_OFFSET 1
 
 /* This is the maximum allowed action order for each table type:
- *	 TX: POP_VLAN, CTR, ASO_METER, AS_CT, PUSH_VLAN, MODIFY, ENCAP, ENCRYPT,
+ *	 TX: POP_VLAN, CTR, ASO, PUSH_VLAN, MODIFY, ENCAP, ENCRYPT,
  *	     Term
- *	 RX: TAG, DECAP, POP_VLAN, CTR, DECRYPT, ASO_METER, ASO_CT, PUSH_VLAN,
+ *	 RX: TAG, DECAP, POP_VLAN, CTR, DECRYPT, ASO, PUSH_VLAN,
  *	     MODIFY, ENCAP, Term
- *	FDB: DECAP, POP_VLAN, CTR, DECRYPT, ASO_METER, ASO_CT, PUSH_VLAN, MODIFY,
+ *	FDB: DECAP, POP_VLAN, CTR, DECRYPT, ASO, PUSH_VLAN, MODIFY,
  *	     ENCAP, ENCRYPT, Term
  */
 static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_MAX] = {
@@ -27,6 +27,7 @@  static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
 		BIT(MLX5DR_ACTION_TYP_CRYPTO_DECRYPT),
 		BIT(MLX5DR_ACTION_TYP_ASO_METER),
 		BIT(MLX5DR_ACTION_TYP_ASO_CT),
+		BIT(MLX5DR_ACTION_TYP_ASO_IPSEC),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
@@ -46,6 +47,7 @@  static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
 		BIT(MLX5DR_ACTION_TYP_CTR),
 		BIT(MLX5DR_ACTION_TYP_ASO_METER),
 		BIT(MLX5DR_ACTION_TYP_ASO_CT),
+		BIT(MLX5DR_ACTION_TYP_ASO_IPSEC),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
@@ -67,6 +69,7 @@  static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
 		BIT(MLX5DR_ACTION_TYP_CRYPTO_DECRYPT),
 		BIT(MLX5DR_ACTION_TYP_ASO_METER),
 		BIT(MLX5DR_ACTION_TYP_ASO_CT),
+		BIT(MLX5DR_ACTION_TYP_ASO_IPSEC),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
@@ -642,6 +645,13 @@  static void mlx5dr_action_fill_stc_attr(struct mlx5dr_action *action,
 		attr->aso.devx_obj_id = obj->id;
 		attr->aso.return_reg_id = action->aso.return_reg_id;
 		break;
+	case MLX5DR_ACTION_TYP_ASO_IPSEC:
+		attr->action_offset = MLX5DR_ACTION_OFFSET_DW6;
+		attr->action_type = MLX5_IFC_STC_ACTION_TYPE_ASO;
+		attr->aso.aso_type = ASO_OPC_MOD_IPSEC;
+		attr->aso.devx_obj_id = obj->id;
+		attr->aso.return_reg_id = action->aso.return_reg_id;
+		break;
 	case MLX5DR_ACTION_TYP_VPORT:
 		attr->action_offset = MLX5DR_ACTION_OFFSET_HIT;
 		attr->action_type = MLX5_IFC_STC_ACTION_TYPE_JUMP_TO_VPORT;
@@ -1076,6 +1086,16 @@  mlx5dr_action_create_aso_ct(struct mlx5dr_context *ctx,
 					devx_obj, return_reg_id, flags);
 }
 
+struct mlx5dr_action *
+mlx5dr_action_create_aso_ipsec(struct mlx5dr_context *ctx,
+			       struct mlx5dr_devx_obj *devx_obj,
+			       uint8_t return_reg_id,
+			       uint32_t flags)
+{
+	return mlx5dr_action_create_aso(ctx, MLX5DR_ACTION_TYP_ASO_IPSEC,
+					devx_obj, return_reg_id, flags);
+}
+
 struct mlx5dr_action *
 mlx5dr_action_create_counter(struct mlx5dr_context *ctx,
 			     struct mlx5dr_devx_obj *obj,
@@ -2079,6 +2099,7 @@  static void mlx5dr_action_destroy_hws(struct mlx5dr_action *action)
 	case MLX5DR_ACTION_TYP_REFORMAT_TNL_L2_TO_L2:
 	case MLX5DR_ACTION_TYP_ASO_METER:
 	case MLX5DR_ACTION_TYP_ASO_CT:
+	case MLX5DR_ACTION_TYP_ASO_IPSEC:
 	case MLX5DR_ACTION_TYP_PUSH_VLAN:
 	case MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT:
 	case MLX5DR_ACTION_TYP_CRYPTO_DECRYPT:
@@ -2490,6 +2511,10 @@  mlx5dr_action_setter_aso(struct mlx5dr_actions_apply_data *apply,
 		offset = rule_action->aso_ct.offset / MLX5_ASO_CT_NUM_PER_OBJ;
 		exe_aso_ctrl = rule_action->aso_ct.direction;
 		break;
+	case MLX5DR_ACTION_TYP_ASO_IPSEC:
+		offset = rule_action->aso_ipsec.offset / MLX5_ASO_IPSEC_NUM_PER_OBJ;
+		exe_aso_ctrl = 0;
+		break;
 	default:
 		DR_LOG(ERR, "Unsupported ASO action type: %d", rule_action->action->type);
 		rte_errno = ENOTSUP;
@@ -2679,6 +2704,7 @@  int mlx5dr_action_template_process(struct mlx5dr_action_template *at)
 
 		case MLX5DR_ACTION_TYP_ASO_METER:
 		case MLX5DR_ACTION_TYP_ASO_CT:
+		case MLX5DR_ACTION_TYP_ASO_IPSEC:
 			setter = mlx5dr_action_setter_find_first(last_setter, ASF_DOUBLE);
 			setter->flags |= ASF_DOUBLE;
 			setter->set_double = &mlx5dr_action_setter_aso;
diff --git a/drivers/net/mlx5/hws/mlx5dr_debug.c b/drivers/net/mlx5/hws/mlx5dr_debug.c
index 8cf3909606..74893f61fb 100644
--- a/drivers/net/mlx5/hws/mlx5dr_debug.c
+++ b/drivers/net/mlx5/hws/mlx5dr_debug.c
@@ -22,6 +22,7 @@  const char *mlx5dr_debug_action_type_str[] = {
 	[MLX5DR_ACTION_TYP_PUSH_VLAN] = "PUSH_VLAN",
 	[MLX5DR_ACTION_TYP_ASO_METER] = "ASO_METER",
 	[MLX5DR_ACTION_TYP_ASO_CT] = "ASO_CT",
+	[MLX5DR_ACTION_TYP_ASO_IPSEC] = "ASO_IPSEC",
 	[MLX5DR_ACTION_TYP_DEST_ROOT] = "DEST_ROOT",
 	[MLX5DR_ACTION_TYP_DEST_ARRAY] = "DEST_ARRAY",
 	[MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT] = "CRYPTO_ENCRYPT",