From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BC2EEA00C4; Mon, 18 Apr 2022 13:02:14 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 64B4F40150; Mon, 18 Apr 2022 13:02:14 +0200 (CEST) Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2088.outbound.protection.outlook.com [40.107.93.88]) by mails.dpdk.org (Postfix) with ESMTP id 01FD44014F for ; Mon, 18 Apr 2022 13:02:11 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gxL3LMgEOK+6ZuwW2sGFmXp6RfDX80QpLQEo3sjB0DQ7vxmvkRrCs8cMPJy3vWi/vD3Yvnss18oKkUBcKGjH9wtOKRrRsrFDXutChAOYvWYysvmXQvSDgfJP3HopyBUrwPUWF+AnApYDV5TIdTcKOLxxyMw/NvlNlyjwcJPg7iKpacxoA/IozuE9r0HIshpEs4VFgKuXZjzQq4uvvkGG7CxmSZNOG7H5D3fHI3kgSi9ke4LFlRVZIGRZF7pmwfZmRqIw0ecx7kl5uH9Jgc0JX2A8yuUOAylnru9gnRtWZOp3jh7JF5xwytFlBqo+ivk51OaEhSBbaPyMgOAAscRMBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4vHbdKNVh2AHXaGbxpwMByaXoB5UjC+8PWgD24Dxit8=; b=lBiC6aXQ7SW/tqzJJ9RjxlGJK/JeJ2+sp2bs9SoELhTr9GOfzq4Rph+Uc8jyKKyn/QsGBCHpAlm7qpFoGO9ADESAcW1omKd3mgxdelnsKX7DJHs8X4vQmAUybR3aw953iGo5sVUuNG47jC3SIR+/6F4c+q7A0HuSZ7IX/U7qAmv/ik/FISU2EpkJQqJu1PCqkiYpwi0XvPvwo9cB46nIgVTjAL2Kcv5bFk4u3ANeJY3HLqD3az6ZFOkij/JN3sh25J5ujCWYf82UQ2m9hV1uKFFfevx7YMp0aGRVvcw+sq/AQ/fwWjmQ9OkFke4a/12mfTD/xmvhMtRt+Wd8rxq7bw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.238) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4vHbdKNVh2AHXaGbxpwMByaXoB5UjC+8PWgD24Dxit8=; b=YFp6TnhPSh6hFK+cV0+QbCQ5o01Aa09C11wRcVLJUgvu3QLu37J+HAUdQAqWSQS54L9EqXCjZWQn9kfJc9+rCtVJBBY8Qm3zD3zlZ6/Jb0tBBYMkE2Abuj7BpYGNwKZhMf0agXbPjkM0Z+qRJOy/wVAh763JhkSeXv30PCmlpfBuqb8AokDzIzJOtCmWyqKC35Nb9l4Wmbk4RJTjVQrJc4vDjMg196amb6RdIX3ZEdYQh1tr21TCbm5k0wRVWlBL1TrKe1FwkMWwCBKwhkBf7Afp5+J8Iphdp5+8lxM9xiwx26bNgS4oWqYTrDQJlCOz+fWlYP496inlgqt3wd88WQ== Received: from MW4PR04CA0053.namprd04.prod.outlook.com (2603:10b6:303:6a::28) by BN9PR12MB5113.namprd12.prod.outlook.com (2603:10b6:408:136::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Mon, 18 Apr 2022 11:02:09 +0000 Received: from CO1NAM11FT050.eop-nam11.prod.protection.outlook.com (2603:10b6:303:6a:cafe::a0) by MW4PR04CA0053.outlook.office365.com (2603:10b6:303:6a::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20 via Frontend Transport; Mon, 18 Apr 2022 11:02:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.238) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.238 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.238; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.238) by CO1NAM11FT050.mail.protection.outlook.com (10.13.174.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5164.19 via Frontend Transport; Mon, 18 Apr 2022 11:02:08 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL105.nvidia.com (10.27.9.14) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Mon, 18 Apr 2022 11:02:08 +0000 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Mon, 18 Apr 2022 04:02:06 -0700 From: Raja Zidane To: CC: Subject: [PATCH V3] net/mlx5: support ESP SPI match and RSS hash Date: Mon, 18 Apr 2022 14:01:58 +0300 Message-ID: <20220418110158.1782-1-rzidane@nvidia.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20220418105734.30302-1-rzidane@nvidia.com> References: <20220418105734.30302-1-rzidane@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 880bfb3a-5a6e-4e3b-6f7b-08da212ae1dd X-MS-TrafficTypeDiagnostic: BN9PR12MB5113:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: l45wo1golO1MDNWJoLB3dI/OeqKXGHpZzghuOhB2+1A1tq/tP3aeAp+b1bNH+tPdyjrLQ7nic8nL8l9Oeif+qsA4fHX3aQ0KzvGmEV84gLGACy14S0qy1rXwIkXefFYW8RMk6WwV7h0NbwDsu9G5R6ayLd5VGdVuTB/V1Qg31obuyszo6Wg4UQPfyrLcBNfADpy5yxUuoe5YEmdwEGF54ug43gY0EBjsGjppWXiUlJExmTRd3uULC0jwCC46NpNITh2cjcrcwOmmj4o1tkOVvYE6Iu4xvHbk7qK4exQ9WqK2WUc99aTm1fTIiZ609fUsnN1r5dgPrEZe1INrFWXRI2pH4mqE17AauipWcTELMQE5ANgN38UQqqpvZ6S/2qYzt8NdZRsJxMbjnE3vdlAOZxnbxmKlQWlBDMvO50cA6RhiDSRiQh8s/+etag86kaUa79gRcMxcdhzh41YeZnY3uySvF7NZx8REe5pDoCGtau6lX8kPNivYYKNeQuCuaDrkESK+teQGpQyW1W41LPOSBbi/o3XPkdzoRAAvZ6dbjbF9FMyd8pxPPFoFn67FDA0j2tbQVA3DLlHyHeofHkzMv2Aq3sNA2vXuG+kGkr/ymOjAcduWpgQnDkHqSaid4wVQqk7XLUKC+pDXGbOj+nt5n9oH3ctoxd9iJQPfLlaJ+FQPqgkqgu4gQY8BwbzHpMhnODsV4ZEijtkPX953khIu9w== X-Forefront-Antispam-Report: CIP:12.22.5.238; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(36840700001)(46966006)(2906002)(83380400001)(40460700003)(5660300002)(356005)(316002)(16526019)(47076005)(70206006)(1076003)(36756003)(7696005)(6286002)(55016003)(6666004)(26005)(508600001)(6916009)(82310400005)(81166007)(70586007)(86362001)(107886003)(2616005)(36860700001)(186003)(30864003)(426003)(4326008)(336012)(8936002)(8676002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2022 11:02:08.6668 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 880bfb3a-5a6e-4e3b-6f7b-08da212ae1dd X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.238]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT050.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR12MB5113 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org In packets with ESP header, The Inner IP will be encrypted, and its fields cannot be used for RSS hashing. So, ESP packets can be hashed only by the outer IP layer. So, when using RSS on ESP packets, hashing may not be efficient, because the fields used by the hash functions are only the Outer IPs, causing all traffic belonging to all tunnels between a given pair of GWs to land on one core. Adding the SPI hash field can extend the spreading of IPSec packets. support matching on ESP SPI. Support RSS on ESP header by hashing SPI field. Signed-off-by: Raja Zidane --- V2: added doc. V3: fixed checkpatch. doc/guides/nics/features/mlx5.ini | 1 + doc/guides/rel_notes/release_22_07.rst | 2 + drivers/common/mlx5/linux/meson.build | 2 + drivers/common/mlx5/mlx5_prm.h | 5 +- drivers/net/mlx5/mlx5_defs.h | 2 +- drivers/net/mlx5/mlx5_devx.c | 4 +- drivers/net/mlx5/mlx5_flow.c | 84 +++++++++++++++++++++++- drivers/net/mlx5/mlx5_flow.h | 20 ++++++ drivers/net/mlx5/mlx5_flow_dv.c | 88 +++++++++++++++++++++++++- 9 files changed, 203 insertions(+), 5 deletions(-) diff --git a/doc/guides/nics/features/mlx5.ini b/doc/guides/nics/features/mlx5.ini index fb5993124d..5738f35324 100644 --- a/doc/guides/nics/features/mlx5.ini +++ b/doc/guides/nics/features/mlx5.ini @@ -56,6 +56,7 @@ Usage doc = Y [rte_flow items] conntrack = Y ecpri = Y +esp = Y eth = Y flex = Y geneve = Y diff --git a/doc/guides/rel_notes/release_22_07.rst b/doc/guides/rel_notes/release_22_07.rst index 49b7b33f87..824ef08ea0 100644 --- a/doc/guides/rel_notes/release_22_07.rst +++ b/doc/guides/rel_notes/release_22_07.rst @@ -59,6 +59,8 @@ New Features * Added support for set promiscuous mode in Windows. * Added support for set and get MTU in Windows. + * Added new item (ESP). + * Added RSS for ESP. Removed Items ------------- diff --git a/drivers/common/mlx5/linux/meson.build b/drivers/common/mlx5/linux/meson.build index ed48245c67..5335f5b027 100644 --- a/drivers/common/mlx5/linux/meson.build +++ b/drivers/common/mlx5/linux/meson.build @@ -72,6 +72,8 @@ has_member_args = [ # [ "MACRO to define if found", "header for the search", # "symbol to search" ] has_sym_args = [ + [ 'HAVE_IBV_RX_HASH_IPSEC_SPI', 'infiniband/verbs.h', + 'IBV_RX_HASH_IPSEC_SPI' ], [ 'HAVE_IBV_RELAXED_ORDERING', 'infiniband/verbs.h', 'IBV_ACCESS_RELAXED_ORDERING ' ], [ 'HAVE_IBV_DEVICE_STRIDING_RQ_SUPPORT', 'infiniband/mlx5dv.h', diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h index 44b18225f6..630b2c5100 100644 --- a/drivers/common/mlx5/mlx5_prm.h +++ b/drivers/common/mlx5/mlx5_prm.h @@ -899,7 +899,10 @@ struct mlx5_ifc_fte_match_set_misc_bits { u8 reserved_at_120[0xa]; u8 geneve_opt_len[0x6]; u8 geneve_protocol_type[0x10]; - u8 reserved_at_140[0xc0]; + u8 reserved_at_140[0x20]; + u8 inner_esp_spi[0x20]; + u8 outer_esp_spi[0x20]; + u8 reserved_at_1a0[0x60]; }; struct mlx5_ifc_ipv4_layout_bits { diff --git a/drivers/net/mlx5/mlx5_defs.h b/drivers/net/mlx5/mlx5_defs.h index 15728fb41f..f5c6f23d56 100644 --- a/drivers/net/mlx5/mlx5_defs.h +++ b/drivers/net/mlx5/mlx5_defs.h @@ -90,7 +90,7 @@ /* Supported RSS */ #define MLX5_RSS_HF_MASK (~(RTE_ETH_RSS_IP | RTE_ETH_RSS_UDP | RTE_ETH_RSS_TCP | \ - MLX5_RSS_SRC_DST_ONLY)) + MLX5_RSS_SRC_DST_ONLY | RTE_ETH_RSS_ESP)) /* Timeout in seconds to get a valid link status. */ #define MLX5_LINK_STATUS_TIMEOUT 10 diff --git a/drivers/net/mlx5/mlx5_devx.c b/drivers/net/mlx5/mlx5_devx.c index 5ab092a259..7ae389dc10 100644 --- a/drivers/net/mlx5/mlx5_devx.c +++ b/drivers/net/mlx5/mlx5_devx.c @@ -765,7 +765,9 @@ mlx5_devx_tir_attr_set(struct rte_eth_dev *dev, const uint8_t *rss_key, (!!(hash_fields & MLX5_L4_SRC_IBV_RX_HASH)) << MLX5_RX_HASH_FIELD_SELECT_SELECTED_FIELDS_L4_SPORT | (!!(hash_fields & MLX5_L4_DST_IBV_RX_HASH)) << - MLX5_RX_HASH_FIELD_SELECT_SELECTED_FIELDS_L4_DPORT; + MLX5_RX_HASH_FIELD_SELECT_SELECTED_FIELDS_L4_DPORT | + (!!(hash_fields & IBV_RX_HASH_IPSEC_SPI)) << + MLX5_RX_HASH_FIELD_SELECT_SELECTED_FIELDS_IPSEC_SPI; } if (is_hairpin) tir_attr->transport_domain = priv->sh->td->id; diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index f5bdf661b0..de0c15fef6 100644 --- a/drivers/net/mlx5/mlx5_flow.c +++ b/drivers/net/mlx5/mlx5_flow.c @@ -149,6 +149,7 @@ mlx5_flow_is_rss_expandable_item(const struct rte_flow_item *item) case RTE_FLOW_ITEM_TYPE_IPV6: case RTE_FLOW_ITEM_TYPE_UDP: case RTE_FLOW_ITEM_TYPE_TCP: + case RTE_FLOW_ITEM_TYPE_ESP: case RTE_FLOW_ITEM_TYPE_VXLAN: case RTE_FLOW_ITEM_TYPE_NVGRE: case RTE_FLOW_ITEM_TYPE_GRE: @@ -214,6 +215,9 @@ mlx5_inet_proto_to_item_type(uint8_t proto_spec, uint8_t proto_mask) case IPPROTO_IPV6: type = RTE_FLOW_ITEM_TYPE_IPV6; break; + case IPPROTO_ESP: + type = RTE_FLOW_ITEM_TYPE_ESP; + break; default: type = RTE_FLOW_ITEM_TYPE_END; } @@ -558,9 +562,11 @@ enum mlx5_expansion { MLX5_EXPANSION_OUTER_IPV4, MLX5_EXPANSION_OUTER_IPV4_UDP, MLX5_EXPANSION_OUTER_IPV4_TCP, + MLX5_EXPANSION_OUTER_IPV4_ESP, MLX5_EXPANSION_OUTER_IPV6, MLX5_EXPANSION_OUTER_IPV6_UDP, MLX5_EXPANSION_OUTER_IPV6_TCP, + MLX5_EXPANSION_OUTER_IPV6_ESP, MLX5_EXPANSION_VXLAN, MLX5_EXPANSION_STD_VXLAN, MLX5_EXPANSION_L3_VXLAN, @@ -574,9 +580,11 @@ enum mlx5_expansion { MLX5_EXPANSION_IPV4, MLX5_EXPANSION_IPV4_UDP, MLX5_EXPANSION_IPV4_TCP, + MLX5_EXPANSION_IPV4_ESP, MLX5_EXPANSION_IPV6, MLX5_EXPANSION_IPV6_UDP, MLX5_EXPANSION_IPV6_TCP, + MLX5_EXPANSION_IPV6_ESP, MLX5_EXPANSION_IPV6_FRAG_EXT, MLX5_EXPANSION_GTP, MLX5_EXPANSION_GENEVE, @@ -611,6 +619,7 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT (MLX5_EXPANSION_OUTER_IPV4_UDP, MLX5_EXPANSION_OUTER_IPV4_TCP, + MLX5_EXPANSION_OUTER_IPV4_ESP, MLX5_EXPANSION_GRE, MLX5_EXPANSION_NVGRE, MLX5_EXPANSION_IPV4, @@ -632,10 +641,15 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .type = RTE_FLOW_ITEM_TYPE_TCP, .rss_types = RTE_ETH_RSS_NONFRAG_IPV4_TCP, }, + [MLX5_EXPANSION_OUTER_IPV4_ESP] = { + .type = RTE_FLOW_ITEM_TYPE_ESP, + .rss_types = RTE_ETH_RSS_ESP, + }, [MLX5_EXPANSION_OUTER_IPV6] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT (MLX5_EXPANSION_OUTER_IPV6_UDP, MLX5_EXPANSION_OUTER_IPV6_TCP, + MLX5_EXPANSION_OUTER_IPV6_ESP, MLX5_EXPANSION_IPV4, MLX5_EXPANSION_IPV6, MLX5_EXPANSION_GRE, @@ -657,6 +671,10 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .type = RTE_FLOW_ITEM_TYPE_TCP, .rss_types = RTE_ETH_RSS_NONFRAG_IPV6_TCP, }, + [MLX5_EXPANSION_OUTER_IPV6_ESP] = { + .type = RTE_FLOW_ITEM_TYPE_ESP, + .rss_types = RTE_ETH_RSS_ESP, + }, [MLX5_EXPANSION_VXLAN] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT(MLX5_EXPANSION_ETH, MLX5_EXPANSION_IPV4, @@ -716,7 +734,8 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { }, [MLX5_EXPANSION_IPV4] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT(MLX5_EXPANSION_IPV4_UDP, - MLX5_EXPANSION_IPV4_TCP), + MLX5_EXPANSION_IPV4_TCP, + MLX5_EXPANSION_IPV4_ESP), .type = RTE_FLOW_ITEM_TYPE_IPV4, .rss_types = RTE_ETH_RSS_IPV4 | RTE_ETH_RSS_FRAG_IPV4 | RTE_ETH_RSS_NONFRAG_IPV4_OTHER, @@ -729,9 +748,14 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .type = RTE_FLOW_ITEM_TYPE_TCP, .rss_types = RTE_ETH_RSS_NONFRAG_IPV4_TCP, }, + [MLX5_EXPANSION_IPV4_ESP] = { + .type = RTE_FLOW_ITEM_TYPE_ESP, + .rss_types = RTE_ETH_RSS_ESP, + }, [MLX5_EXPANSION_IPV6] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT(MLX5_EXPANSION_IPV6_UDP, MLX5_EXPANSION_IPV6_TCP, + MLX5_EXPANSION_IPV6_ESP, MLX5_EXPANSION_IPV6_FRAG_EXT), .type = RTE_FLOW_ITEM_TYPE_IPV6, .rss_types = RTE_ETH_RSS_IPV6 | RTE_ETH_RSS_FRAG_IPV6 | @@ -745,6 +769,10 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .type = RTE_FLOW_ITEM_TYPE_TCP, .rss_types = RTE_ETH_RSS_NONFRAG_IPV6_TCP, }, + [MLX5_EXPANSION_IPV6_ESP] = { + .type = RTE_FLOW_ITEM_TYPE_ESP, + .rss_types = RTE_ETH_RSS_ESP, + }, [MLX5_EXPANSION_IPV6_FRAG_EXT] = { .type = RTE_FLOW_ITEM_TYPE_IPV6_FRAG_EXT, }, @@ -2618,6 +2646,60 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item, return 0; } +/** + * Validate ESP item. + * + * @param[in] item + * Item specification. + * @param[in] item_flags + * Bit-fields that holds the items detected until now. + * @param[in] target_protocol + * The next protocol in the previous item. + * @param[out] error + * Pointer to error structure. + * + * @return + * 0 on success, a negative errno value otherwise and rte_errno is set. + */ +int +mlx5_flow_validate_item_esp(const struct rte_flow_item *item, + uint64_t item_flags, + uint8_t target_protocol, + struct rte_flow_error *error) +{ + const struct rte_flow_item_esp *mask = item->mask; + const int tunnel = !!(item_flags & MLX5_FLOW_LAYER_TUNNEL); + const uint64_t l3m = tunnel ? MLX5_FLOW_LAYER_INNER_L3 : + MLX5_FLOW_LAYER_OUTER_L3; + const uint64_t l4m = tunnel ? MLX5_FLOW_LAYER_INNER_L4 : + MLX5_FLOW_LAYER_OUTER_L4; + int ret; + + if (!(item_flags & l3m)) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, item, + "L3 is mandatory to filter on L4"); + if (item_flags & l4m) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, item, + "multiple L4 layers not supported"); + if (target_protocol != 0xff && target_protocol != IPPROTO_ESP) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, item, + "protocol filtering not compatible" + " with ESP layer"); + if (!mask) + mask = &rte_flow_item_esp_mask; + ret = mlx5_flow_item_acceptable + (item, (const uint8_t *)mask, + (const uint8_t *)&rte_flow_item_esp_mask, + sizeof(struct rte_flow_item_esp), MLX5_ITEM_RANGE_NOT_ACCEPTED, + error); + if (ret < 0) + return ret; + return 0; +} + /** * Validate UDP item. * diff --git a/drivers/net/mlx5/mlx5_flow.h b/drivers/net/mlx5/mlx5_flow.h index f56115dd11..fcb05abced 100644 --- a/drivers/net/mlx5/mlx5_flow.h +++ b/drivers/net/mlx5/mlx5_flow.h @@ -186,6 +186,9 @@ enum mlx5_feature_name { #define MLX5_FLOW_ITEM_INNER_FLEX (UINT64_C(1) << 38) #define MLX5_FLOW_ITEM_FLEX_TUNNEL (UINT64_C(1) << 39) +/* ESP item */ +#define MLX5_FLOW_ITEM_ESP (UINT64_C(1) << 40) + /* Outer Masks. */ #define MLX5_FLOW_LAYER_OUTER_L3 \ (MLX5_FLOW_LAYER_OUTER_L3_IPV4 | MLX5_FLOW_LAYER_OUTER_L3_IPV6) @@ -1185,6 +1188,16 @@ struct rte_flow_template_table { (MLX5_RSS_HASH_IPV6 | IBV_RX_HASH_SRC_PORT_TCP) #define MLX5_RSS_HASH_IPV6_TCP_DST_ONLY \ (MLX5_RSS_HASH_IPV6 | IBV_RX_HASH_DST_PORT_TCP) + +#ifndef HAVE_IBV_RX_HASH_IPSEC_SPI +#define IBV_RX_HASH_IPSEC_SPI (1U << 8) +#endif + +#define MLX5_RSS_HASH_ESP_SPI IBV_RX_HASH_IPSEC_SPI +#define MLX5_RSS_HASH_IPV4_ESP (MLX5_RSS_HASH_IPV4 | \ + MLX5_RSS_HASH_ESP_SPI) +#define MLX5_RSS_HASH_IPV6_ESP (MLX5_RSS_HASH_IPV6 | \ + MLX5_RSS_HASH_ESP_SPI) #define MLX5_RSS_HASH_NONE 0ULL @@ -1200,9 +1213,12 @@ static const uint64_t mlx5_rss_hash_fields[] = { MLX5_RSS_HASH_IPV4, MLX5_RSS_HASH_IPV4_TCP, MLX5_RSS_HASH_IPV4_UDP, + MLX5_RSS_HASH_IPV4_ESP, MLX5_RSS_HASH_IPV6, MLX5_RSS_HASH_IPV6_TCP, MLX5_RSS_HASH_IPV6_UDP, + MLX5_RSS_HASH_IPV6_ESP, + MLX5_RSS_HASH_ESP_SPI, MLX5_RSS_HASH_NONE, }; @@ -1812,6 +1828,10 @@ int mlx5_flow_validate_item_tcp(const struct rte_flow_item *item, uint8_t target_protocol, const struct rte_flow_item_tcp *flow_mask, struct rte_flow_error *error); +int mlx5_flow_validate_item_esp(const struct rte_flow_item *item, + uint64_t item_flags, + uint8_t target_protocol, + struct rte_flow_error *error); int mlx5_flow_validate_item_udp(const struct rte_flow_item *item, uint64_t item_flags, uint8_t target_protocol, diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index 1e9bd63635..15097e340a 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -6955,6 +6955,14 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr, switch (type) { case RTE_FLOW_ITEM_TYPE_VOID: break; + case RTE_FLOW_ITEM_TYPE_ESP: + ret = mlx5_flow_validate_item_esp(items, item_flags, + next_protocol, + error); + if (ret < 0) + return ret; + last_item = MLX5_FLOW_ITEM_ESP; + break; case RTE_FLOW_ITEM_TYPE_PORT_ID: ret = flow_dv_validate_item_port_id (dev, items, attr, item_flags, error); @@ -8729,6 +8737,58 @@ flow_dv_translate_item_tcp(void *matcher, void *key, (tcp_v->hdr.tcp_flags & tcp_m->hdr.tcp_flags)); } +/** + * Add ESP item to matcher and to the value. + * + * @param[in, out] matcher + * Flow matcher. + * @param[in, out] key + * Flow matcher value. + * @param[in] item + * Flow pattern to translate. + * @param[in] inner + * Item is inner pattern. + */ +static void +flow_dv_translate_item_esp(void *matcher, void *key, + const struct rte_flow_item *item, + int inner) +{ + const struct rte_flow_item_esp *esp_m = item->mask; + const struct rte_flow_item_esp *esp_v = item->spec; + void *headers_m; + void *headers_v; + char *spi_m; + char *spi_v; + + if (inner) { + headers_m = MLX5_ADDR_OF(fte_match_param, matcher, + inner_headers); + headers_v = MLX5_ADDR_OF(fte_match_param, key, inner_headers); + } else { + headers_m = MLX5_ADDR_OF(fte_match_param, matcher, + outer_headers); + headers_v = MLX5_ADDR_OF(fte_match_param, key, outer_headers); + } + MLX5_SET(fte_match_set_lyr_2_4, headers_m, ip_protocol, 0xff); + MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_protocol, IPPROTO_ESP); + if (!esp_v) + return; + if (!esp_m) + esp_m = &rte_flow_item_esp_mask; + headers_m = MLX5_ADDR_OF(fte_match_param, matcher, misc_parameters); + headers_v = MLX5_ADDR_OF(fte_match_param, key, misc_parameters); + if (inner) { + spi_m = MLX5_ADDR_OF(fte_match_set_misc, headers_m, inner_esp_spi); + spi_v = MLX5_ADDR_OF(fte_match_set_misc, headers_v, inner_esp_spi); + } else { + spi_m = MLX5_ADDR_OF(fte_match_set_misc, headers_m, outer_esp_spi); + spi_v = MLX5_ADDR_OF(fte_match_set_misc, headers_v, outer_esp_spi); + } + *(uint32_t *)spi_m = esp_m->hdr.spi; + *(uint32_t *)spi_v = esp_m->hdr.spi & esp_v->hdr.spi; +} + /** * Add UDP item to matcher and to the value. * @@ -11188,12 +11248,18 @@ flow_dv_hashfields_set(uint64_t item_flags, fields |= MLX5_IPV6_IBV_RX_HASH; } } - if (fields == 0) + if (items & MLX5_FLOW_ITEM_ESP) { + if (rss_types & RTE_ETH_RSS_ESP) + fields |= IBV_RX_HASH_IPSEC_SPI; + } + if ((fields & ~IBV_RX_HASH_IPSEC_SPI) == 0) { + *hash_fields = fields; /* * There is no match between the RSS types and the * L3 protocol (IPv4/IPv6) defined in the flow rule. */ return; + } if ((rss_inner && (items & MLX5_FLOW_LAYER_INNER_L4_UDP)) || (!rss_inner && (items & MLX5_FLOW_LAYER_OUTER_L4_UDP)) || !items) { @@ -13538,6 +13604,11 @@ flow_dv_translate(struct rte_eth_dev *dev, RTE_FLOW_ERROR_TYPE_ITEM, NULL, "item not supported"); switch (item_type) { + case RTE_FLOW_ITEM_TYPE_ESP: + flow_dv_translate_item_esp(match_mask, match_value, + items, tunnel); + last_item = MLX5_FLOW_ITEM_ESP; + break; case RTE_FLOW_ITEM_TYPE_PORT_ID: flow_dv_translate_item_port_id (dev, match_mask, match_value, items, attr); @@ -14007,6 +14078,15 @@ __flow_dv_action_rss_hrxq_set(struct mlx5_shared_action_rss *action, case MLX5_RSS_HASH_NONE: hrxqs[6] = hrxq_idx; return 0; + case MLX5_RSS_HASH_IPV4_ESP: + hrxqs[7] = hrxq_idx; + return 0; + case MLX5_RSS_HASH_IPV6_ESP: + hrxqs[8] = hrxq_idx; + return 0; + case MLX5_RSS_HASH_ESP_SPI: + hrxqs[9] = hrxq_idx; + return 0; default: return -1; } @@ -14076,6 +14156,12 @@ flow_dv_action_rss_hrxq_lookup(struct rte_eth_dev *dev, uint32_t idx, return hrxqs[5]; case MLX5_RSS_HASH_NONE: return hrxqs[6]; + case MLX5_RSS_HASH_IPV4_ESP: + return hrxqs[7]; + case MLX5_RSS_HASH_IPV6_ESP: + return hrxqs[8]; + case MLX5_RSS_HASH_ESP_SPI: + return hrxqs[9]; default: return 0; } -- 2.21.0