From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 30BD045BC5; Thu, 24 Oct 2024 17:02:38 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 48DD9434D1; Thu, 24 Oct 2024 17:02:18 +0200 (CEST) Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2052.outbound.protection.outlook.com [40.107.104.52]) by mails.dpdk.org (Postfix) with ESMTP id 1FEE3434C2 for ; Thu, 24 Oct 2024 17:02:13 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Fks8bEQbKDf+48fL5/kY5og5zH1bDJ5guZRXJhmU3oKN9nbSE5vVYz9WiRC6BknJm7TLTjtge5ItN61Njfwn2nI5CePgFWGFP2Mbw6/4cw/WcujE9Ng6RDbGYJkqTchSGuwZEj+NZiWbo6FZ5gP8hgqZ6omH1djSRm0ABbYG30BbmmVX1K3tFg+XZXvJbxH24rFVx3/1FcZbigTcCDskLigUu9iTiQq2y51iuci4RrpKqbojzSBOZYBUR31cTnBbaUWI3CTVtwmUAhaboYezoDCmfrWCfP21LeaWKoBhLwMQ6NiFD2WRdRX4OLM9xxatOlGZNNN2m68PNNk8bcgtHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oHnojdXMPdmb185hCAyxWwGPGKCvrGeuuIvNSVaX5Os=; b=Eb9/0Jof/3S2Dvg5IYChiORwXK/XwBINSK9vhA0EM2mHUwj5tLwC2rfeAKTKcENd5SqvvtlG7Zwcu7zQGPcLgjnQ+wJWXwVgJhawoVX7UgMB3PxtDqqcfF8UG+CN0cs4NWdbIs5WR22uYwvdRefAbRGGvpmAtinGTrPAr3cjuJGZgUYn1XZKmLDFmOm7ZsI/U0ffSDypACq4o7MFMYDpCmii6/7H8DZzJjc0nmSkFjyL7NTNWpg6X2lk/6IN2/PhqNpWgM1xMIeG7NA6L8FmpL384Uq6UuWG8H9SjH5ddVQ7Cps+vHImAn1vKsRx76RebhvR6GbzAhSW3brOQaCMWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oHnojdXMPdmb185hCAyxWwGPGKCvrGeuuIvNSVaX5Os=; b=QWHpzYUihHQT3YqptOuy7q2TgfL5a4EQPmF24MND5KG5DpXmBpVpa6oBWrRkpIUnYRg782UupYX84bujQ1GPKjEJGnKYM3z8bD3iRZuiGODgvmV1wmgX2FqMj2tqbZH/rEgCy+c7zg8kBAyqO7SHrEMcp8rxuZwPs6iN2VLBfqi9hOl8w+jmTmEIemo5wDv4MR6jU9u9FElFOq4HShJJ7NjhOw7ASLVtaWDNGGRfUVrRVJHUoR/sb+8Ha0QXeYBl+JhFTAQP6XUkoF9eClFT0rk4D48AFPZ4fCUSpCACZnYbQcEDLazkmvYoS9HDjLpaWv1G7QfiRyreZhTpmstybQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from PAXPR04MB9328.eurprd04.prod.outlook.com (2603:10a6:102:2b6::15) by AM9PR04MB7715.eurprd04.prod.outlook.com (2603:10a6:20b:285::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.28; Thu, 24 Oct 2024 15:02:12 +0000 Received: from PAXPR04MB9328.eurprd04.prod.outlook.com ([fe80::367:d59:375:fb87]) by PAXPR04MB9328.eurprd04.prod.outlook.com ([fe80::367:d59:375:fb87%3]) with mapi id 15.20.8093.014; Thu, 24 Oct 2024 15:02:12 +0000 From: Hemant Agrawal To: gakhil@marvell.com Cc: dev@dpdk.org Subject: [PATCH 4/4] crypto/dpaa2_sec: add support for IPv6 UDP encap Date: Thu, 24 Oct 2024 20:31:51 +0530 Message-Id: <20241024150151.2290617-4-hemant.agrawal@nxp.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241024150151.2290617-1-hemant.agrawal@nxp.com> References: <20241024150151.2290617-1-hemant.agrawal@nxp.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: SG3P274CA0012.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:be::24) To PAXPR04MB9328.eurprd04.prod.outlook.com (2603:10a6:102:2b6::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR04MB9328:EE_|AM9PR04MB7715:EE_ X-MS-Office365-Filtering-Correlation-Id: 9f8e245c-6e3b-4b64-8032-08dcf43cd6e1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|52116014|376014|366016|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Ks85+0y5neQglzU+hA/XdwFC9ORQDhmHkweWC2mvzzIwMOI4RLX6hMrOYj9n?= =?us-ascii?Q?2RieeAafKadBW1bVewz/2MMVXOvFJLLyXZjjLS5cdySrIQ/z9kfW+4yy/bP0?= =?us-ascii?Q?rF8LiOskz+7TRyMy1wHtwofAg3rX3/wZ0ipuo3ItxwRDQI92oeucnCl39f6w?= =?us-ascii?Q?7AFi2tJFC+EnuhN+3CATuC9bh0JIzOVGnkq91rK6EHrEfbEB6S2IEXHujwI5?= =?us-ascii?Q?A+IiJRcAbNbpb/cuSjH9gRC3TpoyVchODbV3o/KWwz+34IBYPgFlRupfL5OR?= =?us-ascii?Q?XoxNkSKcPa77mKEsWZYU6wu2gssqinN9zUqJJUezNusFh2Oo3OI3Jq9joTSV?= =?us-ascii?Q?dERmhXVC3nQxZIMQGGMkpECZCl9EA/njG55LFkxBIHXnXbKK1WcSlL0vPLg+?= =?us-ascii?Q?uPlWHn+3BMOpNk/a66CiXRsPcrBWuxViWyyzENZarm7qPKodf86hx6h/TAhI?= =?us-ascii?Q?cqUX1d7o7XNWuhj1EdJ1rCmqw5JP+1XTqicC2tMEpxycFHsfZHXZDcHzN9Va?= =?us-ascii?Q?upDN8yGk3yOxHOrt23zVZahhpNwcI7fcF1W2HcneXwIXcTjTpT/UABs1XvPl?= =?us-ascii?Q?UcRk50AE322M6YJauge9ddzZ9FUtq3UlsLvZJcKt9nNmXEk/kd9VryOaU+uQ?= =?us-ascii?Q?FrEJ2LK/C51uVP4XnAB302KjSDtzQVJ3YlocHzV7x0cNKE4XWTrbS3xGhyZD?= =?us-ascii?Q?mi0GDMLQTfJ206yLGc+ZLOY9gW/gtb5lYt2FDiQN+xYJIdus7u03Zne1Ro0Y?= =?us-ascii?Q?gc32owNfPVpZ8e//mKfN0manPfVj2zKxI+/RJ830OyLEq/zKkSoN62zBtywW?= =?us-ascii?Q?UAuIelsrElga3/EzC1DfX66ZEwI9N9lt1Mml93fDEfCYkhcledGHKMwy3EU5?= =?us-ascii?Q?tkwL3mMrJuWAyppyNE2q0ITDSYVGgmEiOXxL44iYkxCi/Peaj6AUgw6EmbYa?= =?us-ascii?Q?ZhDB99RmdLOv1w/Cj9bN2Zz3UhyMDu0hmZwsOiaM0lX3IvEweccRlkpu1Yk4?= =?us-ascii?Q?l2o7YJqya8G6A8KHZxa2ZHgYZY7e+DYRKEa+YtC6VAutKTVS0Ck9/IUgFZ+8?= =?us-ascii?Q?tEeEvE413+DY9qu4WUlfhd6G04EugMIqYssxYGMjhDOSyjC0h/atS/9gzL2M?= =?us-ascii?Q?mGL0pRq81M834m7idlAPNg9wVPUGkgSaJosr9N7s7gBwn0NN9TSsbe3CQKyy?= =?us-ascii?Q?DZ+LOFMBrn7RzABkiTGbrt91ACc1WVbPSJVFlgLYPrpPxjCa0PwkQ0yy0sJC?= =?us-ascii?Q?n0czb8afHAH68uAkXgVmLzitqUvLINLt2diSLoyFtFwyclD30PHeOw65Yj7W?= =?us-ascii?Q?2kavhT4ZFfxu2WYxZ+6B+jcSnbfTjWUo9Nw+x4nI6ytiIA/WqIYvA5jUfxPB?= =?us-ascii?Q?s0oQ+Ks=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR04MB9328.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(52116014)(376014)(366016)(1800799024)(38350700014); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?bk0iTkTW4m8i7KZmCTgPUnKzIStiQj1Em4UZk3a1O/5V62ETfcI+he1/lnSY?= =?us-ascii?Q?dqVR4H051JqOn3aMbjceYquy2ilj5dlvW5q/bo2Vqovo1s3S5ByvmMtk+fem?= =?us-ascii?Q?H9N1IToTXnbUIvhTB6+iAeeH4y4F3wD4qQeEqLrzMWRl1TluXbySR830eFLd?= =?us-ascii?Q?tb8HwUhMse3oG7F+t+0SujTNic4TxvgfsdZ6rMNHMJF16MnXs9/OwneOiKqM?= =?us-ascii?Q?p5NXjiPZS337FCHhyYgjNUvAE2odqDucFIWNA9QZX2o2TquSvt3dqi3cnjGW?= =?us-ascii?Q?EYyFFOQT2NNehy9C8HxhfdjY90d2gTz0ZzqOBE8GDX7ZCM8N18agEBQayh4m?= =?us-ascii?Q?HEaY3GNdtEbFIaJ31WKoeYxvs9F1FkGD6nsrj1sB/rHpL0cB7Tc1xWYaFmYM?= =?us-ascii?Q?fqLIFd1wSz4NXdfdkZJldby4kA2jRIgkzw1dfiK15as4sTgwDUA1mFZEuEEV?= =?us-ascii?Q?Sc/GRdRZ1uu5XRLvjk/QOQ8+CfRKa7Jpryc0hslG+G1LnJAF1URGYQ3d9Ugs?= =?us-ascii?Q?0sJ1oNbF5lW5XHcygD2ml7cKAvvx3jcLtNpCclDJH5IPqQJZ2smKipYlnhFq?= =?us-ascii?Q?w6Oj0hXd8DunogxxFMUymbNKgp0JoMqv0WzjzCZ8K3WL1cFLw/kATsLs39/j?= =?us-ascii?Q?jW1i0/S2iJwPMBCqiix1Eqvndw8/letXvjqWALjOoinVEadnekKs2W64tA9t?= =?us-ascii?Q?ypSMRtM2DMuOspV/31BvKZdp1syGOUuZ34F8ZuvftOA8mNWzyfSd3cYwL13B?= =?us-ascii?Q?8ahq5MoGQdKtyA5YX7CF8PjrJ6uwhkisPq/yeFuBkl3+iaIA4jwetUl9CioP?= =?us-ascii?Q?vwtJXmJXUTdCcIIjmx+j+AAkO0XKrR/VY1qmQbghRDIBMcMuCZn0KPFPE+Dz?= =?us-ascii?Q?h39XyvOsPUIqbCmN/cU4Zcbc8gix/Z97PkR6SUGYqgUWDoF5o40pcAE08xlF?= =?us-ascii?Q?PW9x6gs8FgwkBcgP9ipMtYTeov9hJ9uF5NxkYkl1d+uX2z1VTUKfss5EhnLH?= =?us-ascii?Q?Ab67aESjE4TPXUjjISiVjL0gzKlHGlP3fpFKkskPVmsXhcTvJhsXYfA270Cj?= =?us-ascii?Q?+oQGkwIcRRaq+rUy+XSCQDQp5Eq09NNiSQztO323PMAkpmYlHvELNAAnw8kO?= =?us-ascii?Q?NiS7PFWnas1XkdyhdXc8mkgaDcHlXxFMy4avgl0XAeO+rQZOUqD/ncPyocL1?= =?us-ascii?Q?0fPzI6RD1sSy/fLdcfefJVn/op+X/+duAzGny6gSrazbfMjcTPEG+LkTMBMD?= =?us-ascii?Q?6sNdPjylk5io3koOqwvfLBXSwxdXrnhyRNqcR63oh6qVMu6hYOKy6ROndKWZ?= =?us-ascii?Q?UFvhpvr9+gJYTCHBMg7nG1ZHg/OgMY8fq4DS9pjgaP4V71B0uzpxkHmNIlHe?= =?us-ascii?Q?Rhkmx9NEhkmGjVDG4FiBdPT2MEjPZ86k9cMDhKQft37AOVDiz9tN+5RmOHbS?= =?us-ascii?Q?2XEbswc3C743gtcW/JVdd1nOMviQqrvBhs0zAiGoLem9l5yzmxRh9/KSsbVS?= =?us-ascii?Q?wgQaMAvudVT4niFyHxECeRqaDVmt3aVjDSW0LWQo+TLaG8jxg1olIIXTiQhf?= =?us-ascii?Q?Lx7tho4y194K1Q9Eock3cmpYIPeYMW1C7aY/sRc6vPfth3AIYTQ78IqafUaJ?= =?us-ascii?Q?iw=3D=3D?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9f8e245c-6e3b-4b64-8032-08dcf43cd6e1 X-MS-Exchange-CrossTenant-AuthSource: PAXPR04MB9328.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2024 15:02:12.1527 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4JVNDKT6Ih+tmhWkWErd7IixpVEHqBBhpHoznbkl8TemQ2XU/4AhMuJwzSJt0s/9xnT8lzPOdWTrR+YLcLSghw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7715 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This patch enables support for NAT-T traversal in IPSEC ESP protocol offload mode for IPv6 Signed-off-by: Hemant Agrawal --- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 68 +++++++++++++-------- 1 file changed, 43 insertions(+), 25 deletions(-) diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index b34183d594..3814f954ce 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -50,6 +50,7 @@ #define FSL_SUBSYSTEM_SEC 1 #define FSL_MC_DPSECI_DEVID 3 +#define DPAA2_DEFAULT_NAT_T_PORT 4500 #define NO_PREFETCH 0 #define DRIVER_DUMP_MODE "drv_dump_mode" @@ -3164,6 +3165,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev, uint8_t hdr[48] = {}; struct rte_ipv4_hdr *ip4_hdr; struct rte_ipv6_hdr *ip6_hdr; + struct rte_udp_hdr *uh = NULL; struct ipsec_encap_pdb encap_pdb; flc->dhr = SEC_FLC_DHR_OUTBOUND; @@ -3235,29 +3237,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev, memcpy(&ip4_hdr->dst_addr, &ipsec_xform->tunnel.ipv4.dst_ip, sizeof(struct in_addr)); if (ipsec_xform->options.udp_encap) { - uint16_t sport, dport; - struct rte_udp_hdr *uh = - (struct rte_udp_hdr *) (hdr + - sizeof(struct rte_ipv4_hdr)); - - sport = ipsec_xform->udp.sport ? - ipsec_xform->udp.sport : 4500; - dport = ipsec_xform->udp.dport ? - ipsec_xform->udp.dport : 4500; - uh->src_port = rte_cpu_to_be_16(sport); - uh->dst_port = rte_cpu_to_be_16(dport); - uh->dgram_len = 0; - uh->dgram_cksum = 0; - ip4_hdr->next_proto_id = IPPROTO_UDP; - ip4_hdr->total_length = - rte_cpu_to_be_16( + ip4_hdr->total_length = rte_cpu_to_be_16( sizeof(struct rte_ipv4_hdr) + sizeof(struct rte_udp_hdr)); - encap_pdb.ip_hdr_len += - sizeof(struct rte_udp_hdr); - encap_pdb.options |= - PDBOPTS_ESP_NAT | PDBOPTS_ESP_NUC; } else { ip4_hdr->total_length = rte_cpu_to_be_16( @@ -3284,14 +3267,39 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev, ip6_hdr->payload_len = 0; ip6_hdr->hop_limits = ipsec_xform->tunnel.ipv6.hlimit ? ipsec_xform->tunnel.ipv6.hlimit : 0x40; - ip6_hdr->proto = (ipsec_xform->proto == - RTE_SECURITY_IPSEC_SA_PROTO_ESP) ? - IPPROTO_ESP : IPPROTO_AH; memcpy(&ip6_hdr->src_addr, &ipsec_xform->tunnel.ipv6.src_addr, 16); memcpy(&ip6_hdr->dst_addr, &ipsec_xform->tunnel.ipv6.dst_addr, 16); encap_pdb.ip_hdr_len = sizeof(struct rte_ipv6_hdr); + if (ipsec_xform->options.udp_encap) + ip6_hdr->proto = IPPROTO_UDP; + else + ip6_hdr->proto = (ipsec_xform->proto == + RTE_SECURITY_IPSEC_SA_PROTO_ESP) ? + IPPROTO_ESP : IPPROTO_AH; + } + if (ipsec_xform->options.udp_encap) { + uint16_t sport, dport; + + if (ipsec_xform->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) + uh = (struct rte_udp_hdr *) (hdr + + sizeof(struct rte_ipv4_hdr)); + else + uh = (struct rte_udp_hdr *) (hdr + + sizeof(struct rte_ipv6_hdr)); + + sport = ipsec_xform->udp.sport ? + ipsec_xform->udp.sport : DPAA2_DEFAULT_NAT_T_PORT; + dport = ipsec_xform->udp.dport ? + ipsec_xform->udp.dport : DPAA2_DEFAULT_NAT_T_PORT; + uh->src_port = rte_cpu_to_be_16(sport); + uh->dst_port = rte_cpu_to_be_16(dport); + uh->dgram_len = 0; + uh->dgram_cksum = 0; + + encap_pdb.ip_hdr_len += sizeof(struct rte_udp_hdr); + encap_pdb.options |= PDBOPTS_ESP_NAT | PDBOPTS_ESP_NUC; } bufsize = cnstr_shdsc_ipsec_new_encap(priv->flc_desc[0].desc, @@ -3320,13 +3328,23 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev, if (ipsec_xform->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { - decap_pdb.options = sizeof(struct ip) << 16; + if (ipsec_xform->options.udp_encap) + decap_pdb.options = + (sizeof(struct ip) + sizeof(struct rte_udp_hdr)) << 16; + else + decap_pdb.options = sizeof(struct ip) << 16; if (ipsec_xform->options.copy_df) decap_pdb.options |= PDBHMO_ESP_DFV; if (ipsec_xform->options.dec_ttl) decap_pdb.options |= PDBHMO_ESP_DECAP_DTTL; } else { - decap_pdb.options = sizeof(struct rte_ipv6_hdr) << 16; + if (ipsec_xform->options.udp_encap) { + decap_pdb.options = + (sizeof(struct rte_ipv6_hdr) + + sizeof(struct rte_udp_hdr)) << 16; + } else { + decap_pdb.options = sizeof(struct rte_ipv6_hdr) << 16; + } } if (ipsec_xform->options.esn) { decap_pdb.options |= PDBOPTS_ESP_ESN; -- 2.25.1