DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] crypto/octeontx2: add lookaside IPsec IPv6 support
@ 2020-09-04 15:24 Tejasree Kondoj
  2020-09-22 10:46 ` Anoob Joseph
  2020-10-08 21:21 ` Akhil Goyal
  0 siblings, 2 replies; 3+ messages in thread
From: Tejasree Kondoj @ 2020-09-04 15:24 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, dev

Adding IPv6 tunnel mode support in lookaside IPsec PMD.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev.h     |  2 +-
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 13 +++++++--
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 28 ++++++++++++++++++-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  2 ++
 drivers/crypto/octeontx2/otx2_ipsec_po.h      |  2 +-
 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h  | 10 +++++--
 6 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.h b/drivers/crypto/octeontx2/otx2_cryptodev.h
index a00f3d696..fe5eeccfe 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.h
@@ -35,7 +35,7 @@ struct otx2_cpt_vf {
 };
 
 struct cpt_meta_info {
-	uint64_t deq_op_info[4];
+	uint64_t deq_op_info[5];
 	uint64_t comp_code_sz;
 	union cpt_res_s cpt_res __rte_aligned(16);
 	struct cpt_request_info cpt_req;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 9d51b17dd..82d8889ab 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -842,6 +842,7 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
 	vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct rte_mbuf *m = sym_op->m_src;
+	struct rte_ipv6_hdr *ip6;
 	struct rte_ipv4_hdr *ip;
 	uint16_t m_len;
 	int mdata_len;
@@ -852,9 +853,17 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
 
 	if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
 		data = rte_pktmbuf_mtod(m, char *);
-		ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR);
 
-		m_len = rte_be_to_cpu_16(ip->total_length);
+		if (rsp[4] == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+			ip = (struct rte_ipv4_hdr *)(data +
+				OTX2_IPSEC_PO_INB_RPTR_HDR);
+			m_len = rte_be_to_cpu_16(ip->total_length);
+		} else {
+			ip6 = (struct rte_ipv6_hdr *)(data +
+				OTX2_IPSEC_PO_INB_RPTR_HDR);
+			m_len = rte_be_to_cpu_16(ip6->payload_len) +
+				sizeof(struct rte_ipv6_hdr);
+		}
 
 		m->data_len = m_len;
 		m->pkt_len = m_len;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 0741a592c..5d8766682 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -25,7 +25,12 @@ ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec,
 {
 	struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
 
-	lp->partial_len = sizeof(struct rte_ipv4_hdr);
+	if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)
+		lp->partial_len = sizeof(struct rte_ipv4_hdr);
+	else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6)
+		lp->partial_len = sizeof(struct rte_ipv6_hdr);
+	else
+		return -EINVAL;
 
 	if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {
 		lp->partial_len += sizeof(struct rte_esp_hdr);
@@ -203,6 +208,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	struct otx2_ipsec_po_out_sa *sa;
 	struct otx2_sec_session *sess;
 	struct otx2_cpt_inst_s inst;
+	struct rte_ipv6_hdr *ip6;
 	struct rte_ipv4_hdr *ip;
 	int ret;
 
@@ -222,6 +228,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 	lp->ip_id = 0;
 	lp->seq_lo = 1;
 	lp->seq_hi = 0;
+	lp->tunnel_type = ipsec->tunnel.type;
 
 	ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
 	if (ret)
@@ -254,6 +261,24 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
 				sizeof(struct in_addr));
 			memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip,
 				sizeof(struct in_addr));
+		} else if (ipsec->tunnel.type ==
+				RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
+			ip6 = &sa->template.ipv6_hdr;
+			ip6->vtc_flow = rte_cpu_to_be_32(0x60000000 |
+				((ipsec->tunnel.ipv6.dscp <<
+					RTE_IPV6_HDR_TC_SHIFT) &
+					RTE_IPV6_HDR_TC_MASK) |
+				((ipsec->tunnel.ipv6.flabel <<
+					RTE_IPV6_HDR_FL_SHIFT) &
+					RTE_IPV6_HDR_FL_MASK));
+			ip6->hop_limits = ipsec->tunnel.ipv6.hlimit;
+			ip6->proto = (ipsec->proto ==
+					RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
+					IPPROTO_ESP : IPPROTO_AH;
+			memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr,
+				sizeof(struct in6_addr));
+			memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr,
+				sizeof(struct in6_addr));
 		} else {
 			return -EINVAL;
 		}
@@ -342,6 +367,7 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
 	if (ret)
 		return ret;
 
+	lp->tunnel_type = ipsec->tunnel.type;
 	auth_xform = crypto_xform;
 	cipher_xform = crypto_xform->next;
 
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
index b989251e7..b4a39d2fe 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
@@ -55,6 +55,8 @@ struct otx2_sec_session_ipsec_lp {
 	uint8_t iv_length;
 	/** Auth IV length in bytes */
 	uint8_t auth_iv_length;
+	/** IPsec tunnel type */
+	enum rte_security_ipsec_tunnel_type tunnel_type;
 };
 
 int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index 020748609..da24f6a5d 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -319,7 +319,7 @@ ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 			return -EINVAL;
 	}
 
-	ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;
+	ctl->inner_ip_ver = ctl->outer_ip_ver;
 
 	if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
 		ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT;
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
index dd29c413d..5dd0b391a 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
@@ -25,7 +25,8 @@ otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess,
 }
 
 static __rte_always_inline struct cpt_request_info *
-alloc_request_struct(char *maddr, void *cop, int mdata_len)
+alloc_request_struct(char *maddr, void *cop, int mdata_len,
+		     enum rte_security_ipsec_tunnel_type tunnel_type)
 {
 	struct cpt_request_info *req;
 	struct cpt_meta_info *meta;
@@ -47,6 +48,7 @@ alloc_request_struct(char *maddr, void *cop, int mdata_len)
 	op[1] = (uintptr_t)cop;
 	op[2] = (uintptr_t)req;
 	op[3] = mdata_len;
+	op[4] = tunnel_type;
 
 	return req;
 }
@@ -86,7 +88,8 @@ process_outb_sa(struct rte_crypto_op *cop,
 	}
 
 	mdata += extend_tail; /* mdata follows encrypted data */
-	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
+	req = alloc_request_struct(mdata, (void *)cop, mdata_len,
+		sess->tunnel_type);
 
 	data = rte_pktmbuf_prepend(m_src, extend_head);
 	if (unlikely(data == NULL)) {
@@ -157,7 +160,8 @@ process_inb_sa(struct rte_crypto_op *cop,
 		goto exit;
 	}
 
-	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
+	req = alloc_request_struct(mdata, (void *)cop, mdata_len,
+		sess->tunnel_type);
 
 	/* Prepare CPT instruction */
 	word0.u64 = sess->ucmd_w0;
-- 
2.27.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-10-08 21:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-04 15:24 [dpdk-dev] [PATCH] crypto/octeontx2: add lookaside IPsec IPv6 support Tejasree Kondoj
2020-09-22 10:46 ` Anoob Joseph
2020-10-08 21:21 ` Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).