From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>, <radu.nicolau@inel.com>,
<roy.fan.zhang@intel.com>, <hemant.agrawal@nxp.com>,
<konstantin.ananyev@intel.com>
Cc: Archana Muniganti <marchana@marvell.com>, <anoobj@marvell.com>,
<ktejasree@marvell.com>, <adwivedi@marvell.com>,
<jerinj@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH 2/3] crypto/cnxk: add inner checksum
Date: Tue, 28 Sep 2021 18:56:29 +0530 [thread overview]
Message-ID: <20210928132630.12457-3-marchana@marvell.com> (raw)
In-Reply-To: <20210928132630.12457-1-marchana@marvell.com>
Add inner checksum support for cn10k
Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
doc/guides/rel_notes/release_21_11.rst | 1 +
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 65 +++++++++++++++----
drivers/crypto/cnxk/cn10k_ipsec.c | 49 +++++++++++++-
drivers/crypto/cnxk/cn10k_ipsec.h | 1 +
drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 9 ++-
drivers/crypto/cnxk/cnxk_cryptodev.c | 3 +
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 2 +
7 files changed, 112 insertions(+), 18 deletions(-)
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 42ed9ee580..8dc3008199 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -72,6 +72,7 @@ New Features
* Added Transport mode support in lookaside protocol (IPsec) for CN10K.
* Added UDP encapsulation support in lookaside protocol (IPsec) for CN10K.
* Added support for lookaside protocol (IPsec) offload for CN9K.
+ * Added inner checksum support in lookaside protocol (IPsec) for CN10K.
* **Added support for event crypto adapter on Marvell CN10K and CN9K.**
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 3caf05aab9..c25c8e67b2 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -50,7 +50,7 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
static __rte_always_inline int __rte_hot
cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess,
- struct cpt_inst_s *inst)
+ struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst)
{
struct rte_crypto_sym_op *sym_op = op->sym;
union roc_ot_ipsec_sa_word2 *w2;
@@ -72,8 +72,10 @@ cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess,
if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND)
ret = process_outb_sa(op, sa, inst);
- else
+ else {
+ infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND;
ret = process_inb_sa(op, sa, inst);
+ }
return ret;
}
@@ -122,7 +124,8 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[],
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
sec_sess = get_sec_session_private_data(
sym_op->sec_session);
- ret = cpt_sec_inst_fill(op, sec_sess, &inst[0]);
+ ret = cpt_sec_inst_fill(op, sec_sess, infl_req,
+ &inst[0]);
if (unlikely(ret))
return 0;
w7 = sec_sess->sa.inst.w7;
@@ -342,6 +345,49 @@ cn10k_cpt_sec_post_process(struct rte_crypto_op *cop,
m->pkt_len = m_len;
}
+static inline void
+cn10k_cpt_sec_ucc_process(struct rte_crypto_op *cop,
+ struct cpt_inflight_req *infl_req,
+ const uint8_t uc_compcode)
+{
+ struct cn10k_sec_session *sess;
+ struct cn10k_ipsec_sa *sa;
+ struct rte_mbuf *mbuf;
+
+ if (uc_compcode == ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST)
+ cop->aux_flags = RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY;
+
+ if (!(infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND))
+ return;
+
+ sess = get_sec_session_private_data(cop->sym->sec_session);
+ sa = &sess->sa;
+
+ mbuf = cop->sym->m_src;
+
+ switch (uc_compcode) {
+ case ROC_IE_OT_UCC_SUCCESS:
+ if (sa->ip_csum_enable)
+ mbuf->ol_flags |= PKT_RX_IP_CKSUM_GOOD;
+ break;
+ case ROC_IE_OT_UCC_SUCCESS_PKT_IP_BADCSUM:
+ mbuf->ol_flags |= PKT_RX_IP_CKSUM_BAD;
+ break;
+ case ROC_IE_OT_UCC_SUCCESS_PKT_L4_GOODCSUM:
+ mbuf->ol_flags |= PKT_RX_L4_CKSUM_GOOD;
+ if (sa->ip_csum_enable)
+ mbuf->ol_flags |= PKT_RX_IP_CKSUM_GOOD;
+ break;
+ case ROC_IE_OT_UCC_SUCCESS_PKT_L4_BADCSUM:
+ mbuf->ol_flags |= PKT_RX_L4_CKSUM_BAD;
+ if (sa->ip_csum_enable)
+ mbuf->ol_flags |= PKT_RX_IP_CKSUM_GOOD;
+ break;
+ default:
+ break;
+ }
+}
+
static inline void
cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
struct rte_crypto_op *cop,
@@ -357,17 +403,8 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
if (likely(compcode == CPT_COMP_WARN)) {
- if (unlikely(uc_compcode != ROC_IE_OT_UCC_SUCCESS)) {
- /* Success with additional info */
- switch (uc_compcode) {
- case ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST:
- cop->aux_flags =
- RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY;
- break;
- default:
- break;
- }
- }
+ /* Success with additional info */
+ cn10k_cpt_sec_ucc_process(cop, infl_req, uc_compcode);
cn10k_cpt_sec_post_process(cop, res);
} else {
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index ebb2a7ec48..defc792aa8 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -37,6 +37,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
struct rte_crypto_sym_xform *crypto_xfrm,
struct rte_security_session *sec_sess)
{
+ union roc_ot_ipsec_outb_param1 param1;
struct roc_ot_ipsec_outb_sa *out_sa;
struct cnxk_ipsec_outb_rlens rlens;
struct cn10k_sec_session *sess;
@@ -83,7 +84,27 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
/* pre-populate CPT INST word 4 */
inst_w4.u64 = 0;
inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC;
- inst_w4.s.param1 = 0;
+
+ param1.u16 = 0;
+
+ /* Disable IP checksum computation by default */
+ param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE;
+
+ if (ipsec_xfrm->options.ip_csum_enable) {
+ param1.s.ip_csum_disable =
+ ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE;
+ }
+
+ /* Disable L4 checksum computation by default */
+ param1.s.l4_csum_disable = ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE;
+
+ if (ipsec_xfrm->options.l4_csum_enable) {
+ param1.s.l4_csum_disable =
+ ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE;
+ }
+
+ inst_w4.s.param1 = param1.u16;
+
sa->inst.w4 = inst_w4.u64;
return 0;
@@ -95,6 +116,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
struct rte_crypto_sym_xform *crypto_xfrm,
struct rte_security_session *sec_sess)
{
+ union roc_ot_ipsec_inb_param1 param1;
struct roc_ot_ipsec_inb_sa *in_sa;
struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
@@ -121,8 +143,29 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
inst_w4.u64 = 0;
inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC;
- /* Disable checksum verification for now */
- inst_w4.s.param1 = 7;
+ param1.u16 = 0;
+
+ /* Disable IP checksum verification by default */
+ param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE;
+
+ if (ipsec_xfrm->options.ip_csum_enable) {
+ param1.s.ip_csum_disable =
+ ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE;
+ sa->ip_csum_enable = true;
+ }
+
+ /* Disable L4 checksum verification by default */
+ param1.s.l4_csum_disable = ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE;
+
+ if (ipsec_xfrm->options.l4_csum_enable) {
+ param1.s.l4_csum_disable =
+ ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE;
+ }
+
+ param1.s.esp_trailer_disable = 1;
+
+ inst_w4.s.param1 = param1.u16;
+
sa->inst.w4 = inst_w4.u64;
return 0;
diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h
index 6f974b716d..86cd2483f5 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec.h
@@ -23,6 +23,7 @@ struct cn10k_ipsec_sa {
uint16_t max_extended_len;
uint16_t iv_offset;
uint8_t iv_length;
+ bool ip_csum_enable;
};
struct cn10k_sec_session {
diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
index 862476a72e..df1b0a3678 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h
@@ -53,6 +53,7 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess,
{
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
+ uint64_t inst_w4_u64 = sess->inst.w4;
if (unlikely(rte_pktmbuf_tailroom(m_src) < sess->max_extended_len)) {
plt_dp_err("Not enough tail room");
@@ -68,8 +69,14 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess,
}
#endif
+ if (m_src->ol_flags & PKT_TX_IP_CKSUM)
+ inst_w4_u64 &= ~BIT_ULL(33);
+
+ if (m_src->ol_flags & PKT_TX_L4_MASK)
+ inst_w4_u64 &= ~BIT_ULL(32);
+
/* Prepare CPT instruction */
- inst->w4.u64 = sess->inst.w4;
+ inst->w4.u64 = inst_w4_u64;
inst->w4.s.dlen = rte_pktmbuf_pkt_len(m_src);
inst->dptr = rte_pktmbuf_iova(m_src);
inst->rptr = inst->dptr;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c b/drivers/crypto/cnxk/cnxk_cryptodev.c
index 5c7801ec48..d67de54a7b 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
@@ -24,6 +24,9 @@ cnxk_cpt_default_ff_get(void)
RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED |
RTE_CRYPTODEV_FF_SECURITY;
+ if (roc_model_is_cn10k())
+ ff |= RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM;
+
return ff;
}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index ba4166c56d..20df37709a 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -926,6 +926,8 @@ cn10k_sec_caps_update(struct rte_security_capability *sec_cap)
sec_cap->ipsec.options.tunnel_hdr_verify =
RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;
}
+ sec_cap->ipsec.options.ip_csum_enable = 1;
+ sec_cap->ipsec.options.l4_csum_enable = 1;
}
static void
--
2.22.0
next prev parent reply other threads:[~2021-09-28 13:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-28 13:26 [dpdk-dev] [PATCH 0/3] add SA config option for inner pkt csum Archana Muniganti
2021-09-28 13:26 ` [dpdk-dev] [PATCH 1/3] security: " Archana Muniganti
2021-09-28 16:41 ` Akhil Goyal
2021-09-28 13:26 ` Archana Muniganti [this message]
2021-09-28 13:26 ` [dpdk-dev] [PATCH 3/3] app/test: add inner checksum tests Archana Muniganti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210928132630.12457-3-marchana@marvell.com \
--to=marchana@marvell.com \
--cc=adwivedi@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=ktejasree@marvell.com \
--cc=radu.nicolau@inel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).