From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 83AF1A0547; Wed, 29 Sep 2021 04:31:57 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7F586410F7; Wed, 29 Sep 2021 04:31:52 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E5E38410F7 for ; Wed, 29 Sep 2021 04:31:50 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SHQPf7008439; Tue, 28 Sep 2021 19:31:50 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=iUNn6QWv/NnMpSEdMi0V6+vJLba7IEoj41H53UJLDas=; b=YpZ23r0n6eHyv4jGezOKjsK+jya+FFyj1bgtQHGhcMjMA4P4w2taLFhHVlR3LPKaRGdz cJDVssFLSadY6wUrH/f2CwuzUbKJZ/8CJ7vjoBZNDNBT5pW6qKycyjpU5g9f6f/3znrw SqDSB9n8zai0kZNJQA7vHw6O5EuoMIlsbctAqlpw7c5NryNfPFFpKWhu4dhpZ5VuIq8T mHDFTDbmfYEfBRXvh1akEms4tZEvMQkTSmQwuC9nrzAWEG91nJ6NmwaikOZZqCb535KP wr3S8XYCY79ar1Pvm1FFakr8N37wbvQIyY6Q8ZPL/R5Nn6IqxIrn3f7rlRX/UUBp7nU2 sA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3bc7eyhsgu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 19:31:49 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 19:31:48 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 19:31:48 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id A29BF3F7080; Tue, 28 Sep 2021 19:31:44 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau , Declan Doherty CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Jerin Jacob , Konstantin Ananyev , Ciara Power , Hemant Agrawal , Gagandeep Singh , Fan Zhang , Archana Muniganti , Date: Wed, 29 Sep 2021 08:55:13 +0530 Message-ID: <20210929032514.9416-3-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210929032514.9416-1-ktejasree@marvell.com> References: <20210929032514.9416-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: LxgRXJ9223m-6RIETUNNqpzJ2Dl0W6sv X-Proofpoint-ORIG-GUID: LxgRXJ9223m-6RIETUNNqpzJ2Dl0W6sv X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_11,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 2/3] common/cnxk: add support for UDP ports verification X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support to verify UDP encapsulation ports in IPsec inbound. Signed-off-by: Tejasree Kondoj --- drivers/common/cnxk/cnxk_security.c | 3 +++ drivers/common/cnxk/roc_ie_ot.h | 4 ++-- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index cc5daf333c..13c4f128ae 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -303,6 +303,9 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa, sa->w10.s.udp_dst_port = 4500; } + if (ipsec_xfrm->options.udp_ports_verify) + sa->w2.s.udp_ports_verify = 1; + offset = offsetof(struct roc_ot_ipsec_inb_sa, ctx); /* Word offset for HW managed SA field */ sa->w0.s.hw_ctx_off = offset / 8; diff --git a/drivers/common/cnxk/roc_ie_ot.h b/drivers/common/cnxk/roc_ie_ot.h index 12c75afac2..e8415cff3c 100644 --- a/drivers/common/cnxk/roc_ie_ot.h +++ b/drivers/common/cnxk/roc_ie_ot.h @@ -184,7 +184,7 @@ union roc_ot_ipsec_sa_word2 { uint64_t esn_en : 1; uint64_t tport_l4_incr_csum : 1; uint64_t ip_hdr_verify : 2; - uint64_t rsvd5 : 1; + uint64_t udp_ports_verify : 1; uint64_t rsvd2 : 7; uint64_t async_mode : 1; @@ -329,7 +329,7 @@ struct roc_ot_ipsec_inb_sa { uint64_t esn_en : 1; uint64_t tport_l4_incr_csum : 1; uint64_t ip_hdr_verify : 2; - uint64_t rsvd5 : 1; + uint64_t udp_ports_verify : 1; uint64_t rsvd6 : 7; uint64_t async_mode : 1; diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 8a0cf289fd..ba4166c56d 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -921,6 +921,7 @@ cn10k_sec_caps_update(struct rte_security_capability *sec_cap) sec_cap->ipsec.options.iv_gen_disable = 1; #endif } else { + sec_cap->ipsec.options.udp_ports_verify = 1; if (sec_cap->ipsec.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) sec_cap->ipsec.options.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR; -- 2.27.0