DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] crypto/octeontx2: fix lookaside IPsec IPv6 support
@ 2021-10-28 11:11 Tejasree Kondoj
  2021-10-29 11:27 ` Anoob Joseph
  0 siblings, 1 reply; 3+ messages in thread
From: Tejasree Kondoj @ 2021-10-28 11:11 UTC (permalink / raw)
  To: Akhil Goyal; +Cc: Tejasree Kondoj, Anoob Joseph, dev, stable

Fixing IPv6 mixed tunnel mode support by updating
inputs to firmware.

Fixes: 4edede7bc6ee ("crypto/octeontx2: support lookaside IPsec IPv6")
Cc: stable@dpdk.org

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  9 ++++----
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 22 +++++++------------
 drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  2 --
 drivers/crypto/octeontx2/otx2_ipsec_po.h      |  8 -------
 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h  | 10 +++------
 5 files changed, 15 insertions(+), 36 deletions(-)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index e6274bea42..e0ae3e161e 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -993,13 +993,12 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
 
 	if (word0->s.opcode.major == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
 		data = rte_pktmbuf_mtod(m, char *);
+		ip = (struct rte_ipv4_hdr *)(data +
+			OTX2_IPSEC_PO_INB_RPTR_HDR);
 
-		if (rsp[4] == OTX2_IPSEC_PO_TRANSPORT ||
-		    rsp[4] == OTX2_IPSEC_PO_TUNNEL_IPV4) {
-			ip = (struct rte_ipv4_hdr *)(data +
-				OTX2_IPSEC_PO_INB_RPTR_HDR);
+		if ((ip->version_ihl >> 4) == 4) {
 			m_len = rte_be_to_cpu_16(ip->total_length);
-		} else if (rsp[4] == OTX2_IPSEC_PO_TUNNEL_IPV6) {
+		} else {
 			ip6 = (struct rte_ipv6_hdr *)(data +
 				OTX2_IPSEC_PO_INB_RPTR_HDR);
 			m_len = rte_be_to_cpu_16(ip6->payload_len) +
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index a5db40047d..9a4f84f8d8 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -194,9 +194,6 @@ set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess,
 		sess->auth_iv_length = auth_xform->auth.iv.length;
 		sess->mac_len = auth_xform->auth.digest_length;
 	}
-
-	sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV;
-	sess->ucmd_param2 = 0;
 }
 
 static int
@@ -232,7 +229,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	memset(sa, 0, sizeof(struct otx2_ipsec_po_out_sa));
 
 	/* Initialize lookaside ipsec private data */
-	lp->mode_type = OTX2_IPSEC_PO_TRANSPORT;
 	lp->ip_id = 0;
 	lp->seq_lo = 1;
 	lp->seq_hi = 0;
@@ -285,7 +281,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 
 	if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
 		if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
-			lp->mode_type = OTX2_IPSEC_PO_TUNNEL_IPV4;
 			ip->version_ihl = RTE_IPV4_VHL_DEF;
 			ip->time_to_live = ipsec->tunnel.ipv4.ttl;
 			ip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2);
@@ -298,7 +293,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 		} else if (ipsec->tunnel.type ==
 				RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
 
-			lp->mode_type = OTX2_IPSEC_PO_TUNNEL_IPV6;
 			if (ctl->enc_type == OTX2_IPSEC_PO_SA_ENC_AES_GCM) {
 				template = &sa->aes_gcm.template;
 				ctx_len = offsetof(struct otx2_ipsec_po_out_sa,
@@ -387,6 +381,10 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
 				(OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB);
 
+	/* Set per packet IV and IKEv2 bits */
+	lp->ucmd_param1 = BIT(11) | BIT(9);
+	lp->ucmd_param2 = 0;
+
 	set_session_misc_attributes(lp, crypto_xform,
 				    auth_xform, cipher_xform);
 
@@ -429,20 +427,12 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	if (ret)
 		return ret;
 
-	lp->mode_type = OTX2_IPSEC_PO_TRANSPORT;
-
 	auth_xform = crypto_xform;
 	cipher_xform = crypto_xform->next;
 
 	cipher_key_len = 0;
 	auth_key_len = 0;
 
-	if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
-		lp->mode_type = (ipsec->tunnel.type ==
-				RTE_SECURITY_IPSEC_TUNNEL_IPV4) ?
-				OTX2_IPSEC_PO_TUNNEL_IPV4 :
-				OTX2_IPSEC_PO_TUNNEL_IPV6;
-
 	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 		if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
 			memcpy(sa->iv.gcm.nonce, &ipsec->salt, 4);
@@ -482,6 +472,10 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	lp->cpt_inst_w7 = inst.u64[7];
 	lp->ucmd_opcode = (lp->ctx_len << 8) |
 				(OTX2_IPSEC_PO_PROCESS_IPSEC_INB);
+	lp->ucmd_param1 = 0;
+
+	/* Set IKEv2 bit */
+	lp->ucmd_param2 = BIT(12);
 
 	set_session_misc_attributes(lp, crypto_xform,
 				    auth_xform, cipher_xform);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
index 87f55c97fe..ff3329c9c1 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
@@ -55,8 +55,6 @@ struct otx2_sec_session_ipsec_lp {
 	uint8_t iv_length;
 	/** Auth IV length in bytes */
 	uint8_t auth_iv_length;
-	/** IPsec mode and tunnel type */
-	enum otx2_ipsec_po_mode_type mode_type;
 };
 
 int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index b61c5e0c04..695f552644 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -11,8 +11,6 @@
 
 #define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN    0x09
 
-#define OTX2_IPSEC_PO_PER_PKT_IV  BIT(11)
-
 #define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB     0x20
 #define OTX2_IPSEC_PO_WRITE_IPSEC_INB      0x21
 #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB   0x23
@@ -20,12 +18,6 @@
 
 #define OTX2_IPSEC_PO_INB_RPTR_HDR         0x8
 
-enum otx2_ipsec_po_mode_type {
-	OTX2_IPSEC_PO_TRANSPORT = 1,
-	OTX2_IPSEC_PO_TUNNEL_IPV4,
-	OTX2_IPSEC_PO_TUNNEL_IPV6,
-};
-
 enum otx2_ipsec_po_comp_e {
 	OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
 	OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
index 25ee10f342..c3abf02187 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
@@ -25,8 +25,7 @@ otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess,
 }
 
 static __rte_always_inline struct cpt_request_info *
-alloc_request_struct(char *maddr, void *cop, int mdata_len,
-		     enum otx2_ipsec_po_mode_type mode_type)
+alloc_request_struct(char *maddr, void *cop, int mdata_len)
 {
 	struct cpt_request_info *req;
 	struct cpt_meta_info *meta;
@@ -48,7 +47,6 @@ alloc_request_struct(char *maddr, void *cop, int mdata_len,
 	op[1] = (uintptr_t)cop;
 	op[2] = (uintptr_t)req;
 	op[3] = mdata_len;
-	op[4] = mode_type;
 
 	return req;
 }
@@ -86,8 +84,7 @@ process_outb_sa(struct rte_crypto_op *cop,
 	}
 
 	mdata += extend_tail; /* mdata follows encrypted data */
-	req = alloc_request_struct(mdata, (void *)cop, mdata_len,
-		sess->mode_type);
+	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
 
 	data = rte_pktmbuf_prepend(m_src, extend_head);
 	if (unlikely(data == NULL)) {
@@ -153,8 +150,7 @@ process_inb_sa(struct rte_crypto_op *cop,
 		goto exit;
 	}
 
-	req = alloc_request_struct(mdata, (void *)cop, mdata_len,
-		sess->mode_type);
+	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
 
 	/* Prepare CPT instruction */
 	word0.u64 = sess->ucmd_w0;
-- 
2.27.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/octeontx2: fix lookaside IPsec IPv6 support
  2021-10-28 11:11 [dpdk-dev] [PATCH] crypto/octeontx2: fix lookaside IPsec IPv6 support Tejasree Kondoj
@ 2021-10-29 11:27 ` Anoob Joseph
  2021-10-31 20:48   ` Akhil Goyal
  0 siblings, 1 reply; 3+ messages in thread
From: Anoob Joseph @ 2021-10-29 11:27 UTC (permalink / raw)
  To: Tejasree Kondoj, Akhil Goyal; +Cc: Tejasree Kondoj, dev, stable

> Subject: [PATCH] crypto/octeontx2: fix lookaside IPsec IPv6 support
> 
> Fixing IPv6 mixed tunnel mode support by updating inputs to firmware.
> 
> Fixes: 4edede7bc6ee ("crypto/octeontx2: support lookaside IPsec IPv6")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>

Acked-by: Anoob Joseph <anoobj@marvell.com>


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/octeontx2: fix lookaside IPsec IPv6 support
  2021-10-29 11:27 ` Anoob Joseph
@ 2021-10-31 20:48   ` Akhil Goyal
  0 siblings, 0 replies; 3+ messages in thread
From: Akhil Goyal @ 2021-10-31 20:48 UTC (permalink / raw)
  To: Anoob Joseph, Tejasree Kondoj; +Cc: Tejasree Kondoj, dev, stable



> -----Original Message-----
> From: Anoob Joseph <anoobj@marvell.com>
> Sent: Friday, October 29, 2021 4:57 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Akhil Goyal
> <gakhil@marvell.com>
> Cc: Tejasree Kondoj <ktejasree@marvell.com>; dev@dpdk.org;
> stable@dpdk.org
> Subject: RE: [PATCH] crypto/octeontx2: fix lookaside IPsec IPv6 support
> 
> > Subject: [PATCH] crypto/octeontx2: fix lookaside IPsec IPv6 support
> >
> > Fixing IPv6 mixed tunnel mode support by updating inputs to firmware.
> >
> > Fixes: 4edede7bc6ee ("crypto/octeontx2: support lookaside IPsec IPv6")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> 
> Acked-by: Anoob Joseph <anoobj@marvell.com>
Applied to dpdk-next-crypto

Thanks.


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-10-31 20:48 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-28 11:11 [dpdk-dev] [PATCH] crypto/octeontx2: fix lookaside IPsec IPv6 support Tejasree Kondoj
2021-10-29 11:27 ` Anoob Joseph
2021-10-31 20:48   ` Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).