[dpdk-dev] [PATCH] net/octeontx2: support non-ethernet L2 hdr

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
	Ankur Dwivedi <adwivedi@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH] net/octeontx2: support non-ethernet L2 hdr
Date: Thu, 1 Jul 2021 14:59:29 +0530	[thread overview]
Message-ID: <1625131769-31114-1-git-send-email-anoobj@marvell.com> (raw)

In the inline inound path, a custom header would be present at L3 which
has sequence number & SPI. L2 need to be adjusted such that the eventual
packet would have L3 after L2. Remove assumption of L2 type in this
handling.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h |  9 ++---
 drivers/crypto/octeontx2/otx2_ipsec_fp.h          | 13 +++----
 drivers/net/octeontx2/otx2_rx.h                   | 45 ++++++++++++++++-------
 3 files changed, 42 insertions(+), 25 deletions(-)

diff --git a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
index b2b1f77..089a3d0 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
@@ -166,8 +166,9 @@ anti_replay_check(struct otx2_ipsec_replay *replay, uint64_t seq,
 }
 
 static inline int
-cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
+cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, void *l3_ptr)
 {
+	struct otx2_ipsec_fp_res_hdr *hdr = l3_ptr;
 	uint64_t seq_in_sa;
 	uint32_t seqh = 0;
 	uint32_t seql;
@@ -176,14 +177,12 @@ cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
 	int ret;
 
 	esn = sa->ctl.esn_en;
-	seql = rte_be_to_cpu_32(*((uint32_t *)(data +
-			OTX2_IPSEC_SEQNO_LO_INDEX)));
+	seql = rte_be_to_cpu_32(hdr->seq_no_lo);
 
 	if (!esn)
 		seq = (uint64_t)seql;
 	else {
-		seqh = rte_be_to_cpu_32(*((uint32_t *)(data +
-				OTX2_IPSEC_SEQNO_HI_INDEX)));
+		seqh = rte_be_to_cpu_32(hdr->seq_no_hi);
 		seq = ((uint64_t)seqh << 32) | seql;
 	}
 
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
index a33041d..4be22d4 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
@@ -10,14 +10,13 @@
 
 /* Macros for anti replay and ESN */
 #define OTX2_IPSEC_MAX_REPLAY_WIN_SZ	1024
-#define OTX2_IPSEC_SAINDEX_SZ		4
-#define OTX2_IPSEC_SEQNO_LO		4
 
-#define OTX2_IPSEC_SEQNO_LO_INDEX	(RTE_ETHER_HDR_LEN + \
-					 OTX2_IPSEC_SAINDEX_SZ)
-
-#define OTX2_IPSEC_SEQNO_HI_INDEX	(OTX2_IPSEC_SEQNO_LO_INDEX + \
-					 OTX2_IPSEC_SEQNO_LO)
+struct otx2_ipsec_fp_res_hdr {
+	uint32_t spi;
+	uint32_t seq_no_lo;
+	uint32_t seq_no_hi;
+	uint32_t rsvd;
+};
 
 enum {
 	OTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,
diff --git a/drivers/net/octeontx2/otx2_rx.h b/drivers/net/octeontx2/otx2_rx.h
index 257492a..ea29aec 100644
--- a/drivers/net/octeontx2/otx2_rx.h
+++ b/drivers/net/octeontx2/otx2_rx.h
@@ -41,7 +41,6 @@
 
 /* Inline IPsec offsets */
 
-#define INLINE_INB_RPTR_HDR		16
 /* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */
 #define INLINE_CPT_RESULT_OFFSET	80
 
@@ -239,14 +238,18 @@ nix_rx_sec_sa_get(const void * const lookup_mem, int spi, uint16_t port)
 }
 
 static __rte_always_inline uint64_t
-nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
+nix_rx_sec_mbuf_update(const struct nix_rx_parse_s *rx,
+		       const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
 		       const void * const lookup_mem)
 {
+	uint8_t *l2_ptr, *l3_ptr, *l2_ptr_actual, *l3_ptr_actual;
 	struct otx2_ipsec_fp_in_sa *sa;
-	struct rte_ipv4_hdr *ipv4;
-	uint16_t m_len;
+	uint16_t m_len, l2_len, ip_len;
+	struct rte_ipv6_hdr *ip6h;
+	struct rte_ipv4_hdr *iph;
+	uint16_t *ether_type;
 	uint32_t spi;
-	char *data;
+	int i;
 
 	if (unlikely(nix_rx_sec_cptres_get(cq) != OTX2_SEC_COMP_GOOD))
 		return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
@@ -257,22 +260,38 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
 	sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port);
 	*rte_security_dynfield(m) = sa->udata64;
 
-	data = rte_pktmbuf_mtod(m, char *);
+	l2_ptr = rte_pktmbuf_mtod(m, uint8_t *);
+	l2_len = rx->lcptr - rx->laptr;
+	l3_ptr = RTE_PTR_ADD(l2_ptr, l2_len);
 
 	if (sa->replay_win_sz) {
-		if (cpt_ipsec_ip_antireplay_check(sa, data) < 0)
+		if (cpt_ipsec_ip_antireplay_check(sa, l3_ptr) < 0)
 			return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
 	}
 
-	memcpy(data + INLINE_INB_RPTR_HDR, data, RTE_ETHER_HDR_LEN);
+	l2_ptr_actual = RTE_PTR_ADD(l2_ptr,
+				    sizeof(struct otx2_ipsec_fp_res_hdr));
+	l3_ptr_actual = RTE_PTR_ADD(l3_ptr,
+				    sizeof(struct otx2_ipsec_fp_res_hdr));
 
-	m->data_off += INLINE_INB_RPTR_HDR;
+	for (i = l2_len - RTE_ETHER_TYPE_LEN - 1; i >= 0; i--)
+		l2_ptr_actual[i] = l2_ptr[i];
 
-	ipv4 = (struct rte_ipv4_hdr *)(data + INLINE_INB_RPTR_HDR +
-				       RTE_ETHER_HDR_LEN);
+	m->data_off += sizeof(struct otx2_ipsec_fp_res_hdr);
 
-	m_len = rte_be_to_cpu_16(ipv4->total_length) + RTE_ETHER_HDR_LEN;
+	ether_type = RTE_PTR_SUB(l3_ptr_actual, RTE_ETHER_TYPE_LEN);
 
+	iph = (struct rte_ipv4_hdr *)l3_ptr_actual;
+	if ((iph->version_ihl >> 4) == 4) {
+		ip_len = rte_be_to_cpu_16(iph->total_length);
+		*ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
+	} else {
+		ip6h = (struct rte_ipv6_hdr *)iph;
+		ip_len = rte_be_to_cpu_16(ip6h->payload_len);
+		*ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
+	}
+
+	m_len = ip_len + l2_len;
 	m->data_len = m_len;
 	m->pkt_len = m_len;
 	return PKT_RX_SEC_OFFLOAD;
@@ -322,7 +341,7 @@ otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag,
 	if ((flag & NIX_RX_OFFLOAD_SECURITY_F) &&
 	    cq->cqe_type == NIX_XQE_TYPE_RX_IPSECH) {
 		*(uint64_t *)(&mbuf->rearm_data) = val;
-		ol_flags |= nix_rx_sec_mbuf_update(cq, mbuf, lookup_mem);
+		ol_flags |= nix_rx_sec_mbuf_update(rx, cq, mbuf, lookup_mem);
 		mbuf->ol_flags = ol_flags;
 		return;
 	}
-- 
2.7.4

next             reply	other threads:[~2021-07-01  9:29 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-01  9:29 Anoob Joseph [this message]
2021-07-12 12:06 ` Jerin Jacob

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1625131769-31114-1-git-send-email-anoobj@marvell.com \
    --to=anoobj@marvell.com \
    --cc=adwivedi@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    --cc=ktejasree@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).