From: Nithin Dabilpuram <ndabilpuram@marvell.com>
To: <jerinj@marvell.com>, Nithin Dabilpuram <ndabilpuram@marvell.com>,
"Kiran Kumar K" <kirankumark@marvell.com>,
Sunil Kumar Kori <skori@marvell.com>,
Satha Rao <skoteshwar@marvell.com>,
Harman Kalra <hkalra@marvell.com>
Cc: <dev@dpdk.org>
Subject: [PATCH 01/34] net/cnxk: allow duplicate SPI in outbound IPsec
Date: Fri, 31 Jan 2025 13:34:56 +0530 [thread overview]
Message-ID: <20250131080530.3224977-1-ndabilpuram@marvell.com> (raw)
Since outbound IPsec is not really dependent on SPI,
allow duplicate SPI in outbound inline IPsec sessions.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
---
Depends-on: series-34428 ("[v4,1/2] common/cnxk: support NPC flow on cn20k")
drivers/net/cnxk/cn10k_ethdev_sec.c | 14 +++++++-------
drivers/net/cnxk/cn9k_ethdev_sec.c | 14 +++++++-------
drivers/net/cnxk/cnxk_ethdev.h | 4 ++--
drivers/net/cnxk/cnxk_ethdev_sec.c | 8 ++++++--
4 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 6acab8afa0..41dfba36d3 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -793,13 +793,6 @@ cn10k_eth_sec_session_create(void *device,
inbound = !!(ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
inl_dev = !!dev->inb.inl_dev;
- /* Search if a session already exits */
- if (cnxk_eth_sec_sess_get_by_spi(dev, ipsec->spi, inbound)) {
- plt_err("%s SA with SPI %u already in use",
- inbound ? "Inbound" : "Outbound", ipsec->spi);
- return -EEXIST;
- }
-
memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
sess_priv.u64 = 0;
@@ -821,6 +814,13 @@ cn10k_eth_sec_session_create(void *device,
spi_mask = roc_nix_inl_inb_spi_range(nix, inl_dev, NULL, NULL);
+ /* Search if a session already exits */
+ if (cnxk_eth_sec_sess_get_by_sa_idx(dev, ipsec->spi & spi_mask, true)) {
+ plt_err("Inbound SA with SPI/SA index %u already in use", ipsec->spi);
+ rc = -EEXIST;
+ goto err;
+ }
+
/* Get Inbound SA from NIX_RX_IPSEC_SA_BASE */
sa = roc_nix_inl_inb_sa_get(nix, inl_dev, ipsec->spi);
if (!sa && dev->inb.inl_dev) {
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index 390853c728..5e13dc862e 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -604,13 +604,6 @@ cn9k_eth_sec_session_create(void *device,
crypto = conf->crypto_xform;
inbound = !!(ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
- /* Search if a session already exists */
- if (cnxk_eth_sec_sess_get_by_spi(dev, ipsec->spi, inbound)) {
- plt_err("%s SA with SPI %u already in use",
- inbound ? "Inbound" : "Outbound", ipsec->spi);
- return -EEXIST;
- }
-
lock = inbound ? &dev->inb.lock : &dev->outb.lock;
rte_spinlock_lock(lock);
@@ -633,6 +626,13 @@ cn9k_eth_sec_session_create(void *device,
spi_mask = roc_nix_inl_inb_spi_range(nix, false, NULL, NULL);
+ /* Search if a session already exits */
+ if (cnxk_eth_sec_sess_get_by_sa_idx(dev, ipsec->spi & spi_mask, true)) {
+ plt_err("Inbound SA with SPI/SA index %u already in use", ipsec->spi);
+ rc = -EEXIST;
+ goto err;
+ }
+
/* Get Inbound SA from NIX_RX_IPSEC_SA_BASE. Assume no inline
* device always for CN9K.
*/
diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
index 350adc1161..eae5336a9b 100644
--- a/drivers/net/cnxk/cnxk_ethdev.h
+++ b/drivers/net/cnxk/cnxk_ethdev.h
@@ -729,8 +729,8 @@ typedef void (*cnxk_ethdev_rx_offload_cb_t)(uint16_t port_id, uint64_t flags);
__rte_internal
void cnxk_ethdev_rx_offload_cb_register(cnxk_ethdev_rx_offload_cb_t cb);
-struct cnxk_eth_sec_sess *cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev,
- uint32_t spi, bool inb);
+struct cnxk_eth_sec_sess *cnxk_eth_sec_sess_get_by_sa_idx(struct cnxk_eth_dev *dev,
+ uint32_t sa_idx, bool inb);
struct cnxk_eth_sec_sess *
cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,
struct rte_security_session *sess);
diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c
index ef75e5f0f1..2c649c985a 100644
--- a/drivers/net/cnxk/cnxk_ethdev_sec.c
+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c
@@ -231,6 +231,10 @@ cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
if (spi > dev->outb.max_sa)
return -ENOTSUP;
idx = spi;
+ if (!plt_bitmap_get(dev->outb.sa_bmap, idx)) {
+ plt_err("Outbound SA index %u already in use", idx);
+ return -EEXIST;
+ }
} else {
/* Scan bitmap to get the free sa index */
rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
@@ -265,14 +269,14 @@ cnxk_eth_outb_sa_idx_put(struct cnxk_eth_dev *dev, uint32_t idx)
}
struct cnxk_eth_sec_sess *
-cnxk_eth_sec_sess_get_by_spi(struct cnxk_eth_dev *dev, uint32_t spi, bool inb)
+cnxk_eth_sec_sess_get_by_sa_idx(struct cnxk_eth_dev *dev, uint32_t sa_idx, bool inb)
{
struct cnxk_eth_sec_sess_list *list;
struct cnxk_eth_sec_sess *eth_sec;
list = inb ? &dev->inb.list : &dev->outb.list;
TAILQ_FOREACH(eth_sec, list, entry) {
- if (eth_sec->spi == spi)
+ if (eth_sec->sa_idx == sa_idx)
return eth_sec;
}
--
2.34.1
next reply other threads:[~2025-01-31 8:05 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-31 8:04 Nithin Dabilpuram [this message]
2025-01-31 8:04 ` [PATCH 02/34] common/cnxk: remove unused param in SA init Nithin Dabilpuram
2025-01-31 8:04 ` [PATCH 03/34] net/cnxk: remove unnecessary delay on stats read Nithin Dabilpuram
2025-01-31 8:04 ` [PATCH 04/34] common/cnxk: move CTX defines to common Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 05/34] common/cnxk: add cn20k CPT result struct Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 06/34] common/cnxk: enable IE with cn9k and cn10k only Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 07/34] common/cnxk: make special handling only for 9k Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 08/34] common/cnxk: add CPT cn20k device enumeration Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 09/34] common/cnxk: add CPT LMT defines Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 10/34] common/cnxk: add 20k defines for IPsec Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 11/34] common/cnxk: update default eng group for cn20k Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 12/34] common/cnxk: support for cn20k IPsec session Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 13/34] common/cnxk: add cn20k meta pkt structs Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 14/34] common/cnxk: support for inline IPsec for cn20k Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 15/34] common/cnxk: support inline SA context invalidate Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 16/34] common/cnxk: update feature flags for cn20k Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 17/34] common/cnxk: add mbox define for inline profile support Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 18/34] common/cnxk: support for inline inbound queue Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 19/34] common/cnxk: add NIX inline reassembly profile config Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 20/34] common/cnxk: add API to fetch inline profile ID Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 21/34] common/cnxk: add NPC action2 support Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 22/34] common/cnxk: support for NPC inline rule for cn20k Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 23/34] net/cnxk: support for cn20k inline IPsec session Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 24/34] common/cnxk: update CPT RXC time config mbox for cn20k Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 25/34] net/cnxk: store pool buffer size in lookup memory Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 26/34] net/cnxk: inline IPsec Rx support for cn20k Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 27/34] event/cnxk: " Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 28/34] common/cnxk: enable allmulti mode on rpm/cgx VF Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 29/34] net/cnxk: fix of NIX send header L3 type Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 30/34] common/cnxk: fix inbound IPsec sa setup Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 31/34] common/cnxk: add stats reset for inline device Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 32/34] common/cnxk: change the error log to a debug log Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 33/34] net/cnxk: update MC address list configure API Nithin Dabilpuram
2025-01-31 8:05 ` [PATCH 34/34] common/cnxk: move interrupt handling to platform-specific Nithin Dabilpuram
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250131080530.3224977-1-ndabilpuram@marvell.com \
--to=ndabilpuram@marvell.com \
--cc=dev@dpdk.org \
--cc=hkalra@marvell.com \
--cc=jerinj@marvell.com \
--cc=kirankumark@marvell.com \
--cc=skori@marvell.com \
--cc=skoteshwar@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).