* [dpdk-dev] [PATCH] net/octeontx2: support non-ethernet L2 hdr
@ 2021-07-01 9:29 Anoob Joseph
2021-07-12 12:06 ` Jerin Jacob
0 siblings, 1 reply; 2+ messages in thread
From: Anoob Joseph @ 2021-07-01 9:29 UTC (permalink / raw)
To: Akhil Goyal, Jerin Jacob
Cc: Anoob Joseph, Ankur Dwivedi, Tejasree Kondoj, dev
In the inline inound path, a custom header would be present at L3 which
has sequence number & SPI. L2 need to be adjusted such that the eventual
packet would have L3 after L2. Remove assumption of L2 type in this
handling.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h | 9 ++---
drivers/crypto/octeontx2/otx2_ipsec_fp.h | 13 +++----
drivers/net/octeontx2/otx2_rx.h | 45 ++++++++++++++++-------
3 files changed, 42 insertions(+), 25 deletions(-)
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
index b2b1f77..089a3d0 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
@@ -166,8 +166,9 @@ anti_replay_check(struct otx2_ipsec_replay *replay, uint64_t seq,
}
static inline int
-cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
+cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, void *l3_ptr)
{
+ struct otx2_ipsec_fp_res_hdr *hdr = l3_ptr;
uint64_t seq_in_sa;
uint32_t seqh = 0;
uint32_t seql;
@@ -176,14 +177,12 @@ cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
int ret;
esn = sa->ctl.esn_en;
- seql = rte_be_to_cpu_32(*((uint32_t *)(data +
- OTX2_IPSEC_SEQNO_LO_INDEX)));
+ seql = rte_be_to_cpu_32(hdr->seq_no_lo);
if (!esn)
seq = (uint64_t)seql;
else {
- seqh = rte_be_to_cpu_32(*((uint32_t *)(data +
- OTX2_IPSEC_SEQNO_HI_INDEX)));
+ seqh = rte_be_to_cpu_32(hdr->seq_no_hi);
seq = ((uint64_t)seqh << 32) | seql;
}
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
index a33041d..4be22d4 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
@@ -10,14 +10,13 @@
/* Macros for anti replay and ESN */
#define OTX2_IPSEC_MAX_REPLAY_WIN_SZ 1024
-#define OTX2_IPSEC_SAINDEX_SZ 4
-#define OTX2_IPSEC_SEQNO_LO 4
-#define OTX2_IPSEC_SEQNO_LO_INDEX (RTE_ETHER_HDR_LEN + \
- OTX2_IPSEC_SAINDEX_SZ)
-
-#define OTX2_IPSEC_SEQNO_HI_INDEX (OTX2_IPSEC_SEQNO_LO_INDEX + \
- OTX2_IPSEC_SEQNO_LO)
+struct otx2_ipsec_fp_res_hdr {
+ uint32_t spi;
+ uint32_t seq_no_lo;
+ uint32_t seq_no_hi;
+ uint32_t rsvd;
+};
enum {
OTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,
diff --git a/drivers/net/octeontx2/otx2_rx.h b/drivers/net/octeontx2/otx2_rx.h
index 257492a..ea29aec 100644
--- a/drivers/net/octeontx2/otx2_rx.h
+++ b/drivers/net/octeontx2/otx2_rx.h
@@ -41,7 +41,6 @@
/* Inline IPsec offsets */
-#define INLINE_INB_RPTR_HDR 16
/* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */
#define INLINE_CPT_RESULT_OFFSET 80
@@ -239,14 +238,18 @@ nix_rx_sec_sa_get(const void * const lookup_mem, int spi, uint16_t port)
}
static __rte_always_inline uint64_t
-nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
+nix_rx_sec_mbuf_update(const struct nix_rx_parse_s *rx,
+ const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
const void * const lookup_mem)
{
+ uint8_t *l2_ptr, *l3_ptr, *l2_ptr_actual, *l3_ptr_actual;
struct otx2_ipsec_fp_in_sa *sa;
- struct rte_ipv4_hdr *ipv4;
- uint16_t m_len;
+ uint16_t m_len, l2_len, ip_len;
+ struct rte_ipv6_hdr *ip6h;
+ struct rte_ipv4_hdr *iph;
+ uint16_t *ether_type;
uint32_t spi;
- char *data;
+ int i;
if (unlikely(nix_rx_sec_cptres_get(cq) != OTX2_SEC_COMP_GOOD))
return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
@@ -257,22 +260,38 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port);
*rte_security_dynfield(m) = sa->udata64;
- data = rte_pktmbuf_mtod(m, char *);
+ l2_ptr = rte_pktmbuf_mtod(m, uint8_t *);
+ l2_len = rx->lcptr - rx->laptr;
+ l3_ptr = RTE_PTR_ADD(l2_ptr, l2_len);
if (sa->replay_win_sz) {
- if (cpt_ipsec_ip_antireplay_check(sa, data) < 0)
+ if (cpt_ipsec_ip_antireplay_check(sa, l3_ptr) < 0)
return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
}
- memcpy(data + INLINE_INB_RPTR_HDR, data, RTE_ETHER_HDR_LEN);
+ l2_ptr_actual = RTE_PTR_ADD(l2_ptr,
+ sizeof(struct otx2_ipsec_fp_res_hdr));
+ l3_ptr_actual = RTE_PTR_ADD(l3_ptr,
+ sizeof(struct otx2_ipsec_fp_res_hdr));
- m->data_off += INLINE_INB_RPTR_HDR;
+ for (i = l2_len - RTE_ETHER_TYPE_LEN - 1; i >= 0; i--)
+ l2_ptr_actual[i] = l2_ptr[i];
- ipv4 = (struct rte_ipv4_hdr *)(data + INLINE_INB_RPTR_HDR +
- RTE_ETHER_HDR_LEN);
+ m->data_off += sizeof(struct otx2_ipsec_fp_res_hdr);
- m_len = rte_be_to_cpu_16(ipv4->total_length) + RTE_ETHER_HDR_LEN;
+ ether_type = RTE_PTR_SUB(l3_ptr_actual, RTE_ETHER_TYPE_LEN);
+ iph = (struct rte_ipv4_hdr *)l3_ptr_actual;
+ if ((iph->version_ihl >> 4) == 4) {
+ ip_len = rte_be_to_cpu_16(iph->total_length);
+ *ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
+ } else {
+ ip6h = (struct rte_ipv6_hdr *)iph;
+ ip_len = rte_be_to_cpu_16(ip6h->payload_len);
+ *ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
+ }
+
+ m_len = ip_len + l2_len;
m->data_len = m_len;
m->pkt_len = m_len;
return PKT_RX_SEC_OFFLOAD;
@@ -322,7 +341,7 @@ otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag,
if ((flag & NIX_RX_OFFLOAD_SECURITY_F) &&
cq->cqe_type == NIX_XQE_TYPE_RX_IPSECH) {
*(uint64_t *)(&mbuf->rearm_data) = val;
- ol_flags |= nix_rx_sec_mbuf_update(cq, mbuf, lookup_mem);
+ ol_flags |= nix_rx_sec_mbuf_update(rx, cq, mbuf, lookup_mem);
mbuf->ol_flags = ol_flags;
return;
}
--
2.7.4
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dpdk-dev] [PATCH] net/octeontx2: support non-ethernet L2 hdr
2021-07-01 9:29 [dpdk-dev] [PATCH] net/octeontx2: support non-ethernet L2 hdr Anoob Joseph
@ 2021-07-12 12:06 ` Jerin Jacob
0 siblings, 0 replies; 2+ messages in thread
From: Jerin Jacob @ 2021-07-12 12:06 UTC (permalink / raw)
To: Anoob Joseph
Cc: Akhil Goyal, Jerin Jacob, Ankur Dwivedi, Tejasree Kondoj, dpdk-dev
On Thu, Jul 1, 2021 at 2:59 PM Anoob Joseph <anoobj@marvell.com> wrote:
>
> In the inline inound path, a custom header would be present at L3 which
> has sequence number & SPI. L2 need to be adjusted such that the eventual
> packet would have L3 after L2. Remove assumption of L2 type in this
> handling.
>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Applied to dpdk-next-net-mrvl/for-next-net. Thanks
> ---
> drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h | 9 ++---
> drivers/crypto/octeontx2/otx2_ipsec_fp.h | 13 +++----
> drivers/net/octeontx2/otx2_rx.h | 45 ++++++++++++++++-------
> 3 files changed, 42 insertions(+), 25 deletions(-)
>
> diff --git a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
> index b2b1f77..089a3d0 100644
> --- a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
> +++ b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
> @@ -166,8 +166,9 @@ anti_replay_check(struct otx2_ipsec_replay *replay, uint64_t seq,
> }
>
> static inline int
> -cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
> +cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, void *l3_ptr)
> {
> + struct otx2_ipsec_fp_res_hdr *hdr = l3_ptr;
> uint64_t seq_in_sa;
> uint32_t seqh = 0;
> uint32_t seql;
> @@ -176,14 +177,12 @@ cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
> int ret;
>
> esn = sa->ctl.esn_en;
> - seql = rte_be_to_cpu_32(*((uint32_t *)(data +
> - OTX2_IPSEC_SEQNO_LO_INDEX)));
> + seql = rte_be_to_cpu_32(hdr->seq_no_lo);
>
> if (!esn)
> seq = (uint64_t)seql;
> else {
> - seqh = rte_be_to_cpu_32(*((uint32_t *)(data +
> - OTX2_IPSEC_SEQNO_HI_INDEX)));
> + seqh = rte_be_to_cpu_32(hdr->seq_no_hi);
> seq = ((uint64_t)seqh << 32) | seql;
> }
>
> diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
> index a33041d..4be22d4 100644
> --- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
> +++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
> @@ -10,14 +10,13 @@
>
> /* Macros for anti replay and ESN */
> #define OTX2_IPSEC_MAX_REPLAY_WIN_SZ 1024
> -#define OTX2_IPSEC_SAINDEX_SZ 4
> -#define OTX2_IPSEC_SEQNO_LO 4
>
> -#define OTX2_IPSEC_SEQNO_LO_INDEX (RTE_ETHER_HDR_LEN + \
> - OTX2_IPSEC_SAINDEX_SZ)
> -
> -#define OTX2_IPSEC_SEQNO_HI_INDEX (OTX2_IPSEC_SEQNO_LO_INDEX + \
> - OTX2_IPSEC_SEQNO_LO)
> +struct otx2_ipsec_fp_res_hdr {
> + uint32_t spi;
> + uint32_t seq_no_lo;
> + uint32_t seq_no_hi;
> + uint32_t rsvd;
> +};
>
> enum {
> OTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,
> diff --git a/drivers/net/octeontx2/otx2_rx.h b/drivers/net/octeontx2/otx2_rx.h
> index 257492a..ea29aec 100644
> --- a/drivers/net/octeontx2/otx2_rx.h
> +++ b/drivers/net/octeontx2/otx2_rx.h
> @@ -41,7 +41,6 @@
>
> /* Inline IPsec offsets */
>
> -#define INLINE_INB_RPTR_HDR 16
> /* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */
> #define INLINE_CPT_RESULT_OFFSET 80
>
> @@ -239,14 +238,18 @@ nix_rx_sec_sa_get(const void * const lookup_mem, int spi, uint16_t port)
> }
>
> static __rte_always_inline uint64_t
> -nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
> +nix_rx_sec_mbuf_update(const struct nix_rx_parse_s *rx,
> + const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
> const void * const lookup_mem)
> {
> + uint8_t *l2_ptr, *l3_ptr, *l2_ptr_actual, *l3_ptr_actual;
> struct otx2_ipsec_fp_in_sa *sa;
> - struct rte_ipv4_hdr *ipv4;
> - uint16_t m_len;
> + uint16_t m_len, l2_len, ip_len;
> + struct rte_ipv6_hdr *ip6h;
> + struct rte_ipv4_hdr *iph;
> + uint16_t *ether_type;
> uint32_t spi;
> - char *data;
> + int i;
>
> if (unlikely(nix_rx_sec_cptres_get(cq) != OTX2_SEC_COMP_GOOD))
> return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
> @@ -257,22 +260,38 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
> sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port);
> *rte_security_dynfield(m) = sa->udata64;
>
> - data = rte_pktmbuf_mtod(m, char *);
> + l2_ptr = rte_pktmbuf_mtod(m, uint8_t *);
> + l2_len = rx->lcptr - rx->laptr;
> + l3_ptr = RTE_PTR_ADD(l2_ptr, l2_len);
>
> if (sa->replay_win_sz) {
> - if (cpt_ipsec_ip_antireplay_check(sa, data) < 0)
> + if (cpt_ipsec_ip_antireplay_check(sa, l3_ptr) < 0)
> return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
> }
>
> - memcpy(data + INLINE_INB_RPTR_HDR, data, RTE_ETHER_HDR_LEN);
> + l2_ptr_actual = RTE_PTR_ADD(l2_ptr,
> + sizeof(struct otx2_ipsec_fp_res_hdr));
> + l3_ptr_actual = RTE_PTR_ADD(l3_ptr,
> + sizeof(struct otx2_ipsec_fp_res_hdr));
>
> - m->data_off += INLINE_INB_RPTR_HDR;
> + for (i = l2_len - RTE_ETHER_TYPE_LEN - 1; i >= 0; i--)
> + l2_ptr_actual[i] = l2_ptr[i];
>
> - ipv4 = (struct rte_ipv4_hdr *)(data + INLINE_INB_RPTR_HDR +
> - RTE_ETHER_HDR_LEN);
> + m->data_off += sizeof(struct otx2_ipsec_fp_res_hdr);
>
> - m_len = rte_be_to_cpu_16(ipv4->total_length) + RTE_ETHER_HDR_LEN;
> + ether_type = RTE_PTR_SUB(l3_ptr_actual, RTE_ETHER_TYPE_LEN);
>
> + iph = (struct rte_ipv4_hdr *)l3_ptr_actual;
> + if ((iph->version_ihl >> 4) == 4) {
> + ip_len = rte_be_to_cpu_16(iph->total_length);
> + *ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
> + } else {
> + ip6h = (struct rte_ipv6_hdr *)iph;
> + ip_len = rte_be_to_cpu_16(ip6h->payload_len);
> + *ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
> + }
> +
> + m_len = ip_len + l2_len;
> m->data_len = m_len;
> m->pkt_len = m_len;
> return PKT_RX_SEC_OFFLOAD;
> @@ -322,7 +341,7 @@ otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag,
> if ((flag & NIX_RX_OFFLOAD_SECURITY_F) &&
> cq->cqe_type == NIX_XQE_TYPE_RX_IPSECH) {
> *(uint64_t *)(&mbuf->rearm_data) = val;
> - ol_flags |= nix_rx_sec_mbuf_update(cq, mbuf, lookup_mem);
> + ol_flags |= nix_rx_sec_mbuf_update(rx, cq, mbuf, lookup_mem);
> mbuf->ol_flags = ol_flags;
> return;
> }
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-07-12 12:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-01 9:29 [dpdk-dev] [PATCH] net/octeontx2: support non-ethernet L2 hdr Anoob Joseph
2021-07-12 12:06 ` Jerin Jacob
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).