From: Tejasree Kondoj <ktejasree@marvell.com> To: Akhil Goyal <gakhil@marvell.com>, Radu Nicolau <radu.nicolau@intel.com> Cc: Tejasree Kondoj <ktejasree@marvell.com>, Anoob Joseph <anoobj@marvell.com>, Ankur Dwivedi <adwivedi@marvell.com>, Jerin Jacob <jerinj@marvell.com>, <dev@dpdk.org> Subject: [dpdk-dev] [PATCH 1/3] crypto/octeontx2: add UDP encapsulation support Date: Mon, 15 Mar 2021 16:06:14 +0530 Message-ID: <20210315103616.31364-2-ktejasree@marvell.com> (raw) In-Reply-To: <20210315103616.31364-1-ktejasree@marvell.com> Adding UDP encapsulation support for IPsec in lookaside protocol mode. Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com> --- doc/guides/cryptodevs/octeontx2.rst | 1 + doc/guides/rel_notes/release_21_05.rst | 5 +++ drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 40 ++++++------------- 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/doc/guides/cryptodevs/octeontx2.rst b/doc/guides/cryptodevs/octeontx2.rst index d312eeb74c..b30f98180a 100644 --- a/doc/guides/cryptodevs/octeontx2.rst +++ b/doc/guides/cryptodevs/octeontx2.rst @@ -181,6 +181,7 @@ Features supported * Tunnel mode * ESN * Anti-replay +* UDP Encapsulation * AES-128/192/256-GCM * AES-128/192/256-CBC-SHA1-HMAC * AES-128/192/256-CBC-SHA256-128-HMAC diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst index 23f7f0bff9..66e28e21be 100644 --- a/doc/guides/rel_notes/release_21_05.rst +++ b/doc/guides/rel_notes/release_21_05.rst @@ -65,6 +65,11 @@ New Features * Added support for txgbevf PMD. +* **Updated the OCTEON TX2 crypto PMD.** + + * Updated the OCTEON TX2 crypto PMD lookaside protocol offload for IPsec with + UDP encapsulation support for NAT Traversal. + * **Updated testpmd.** * Added command to display Rx queue used descriptor count. diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index 342f089df8..8942ff1fac 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -203,6 +203,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct rte_security_session *sec_sess) { struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + struct otx2_ipsec_po_ip_template *template; const uint8_t *cipher_key, *auth_key; struct otx2_sec_session_ipsec_lp *lp; struct otx2_ipsec_po_sa_ctl *ctl; @@ -248,11 +249,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { if (ctl->enc_type == OTX2_IPSEC_PO_SA_ENC_AES_GCM) { - if (ipsec->options.udp_encap) { - sa->aes_gcm.template.ip4.udp_src = 4500; - sa->aes_gcm.template.ip4.udp_dst = 4500; - } - ip = &sa->aes_gcm.template.ip4.ipv4_hdr; + template = &sa->aes_gcm.template; ctx_len = offsetof(struct otx2_ipsec_po_out_sa, aes_gcm.template) + sizeof( sa->aes_gcm.template.ip4); @@ -260,11 +257,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, lp->ctx_len = ctx_len >> 3; } else if (ctl->auth_type == OTX2_IPSEC_PO_SA_AUTH_SHA1) { - if (ipsec->options.udp_encap) { - sa->sha1.template.ip4.udp_src = 4500; - sa->sha1.template.ip4.udp_dst = 4500; - } - ip = &sa->sha1.template.ip4.ipv4_hdr; + template = &sa->sha1.template; ctx_len = offsetof(struct otx2_ipsec_po_out_sa, sha1.template) + sizeof( sa->sha1.template.ip4); @@ -272,11 +265,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, lp->ctx_len = ctx_len >> 3; } else if (ctl->auth_type == OTX2_IPSEC_PO_SA_AUTH_SHA2_256) { - if (ipsec->options.udp_encap) { - sa->sha2.template.ip4.udp_src = 4500; - sa->sha2.template.ip4.udp_dst = 4500; - } - ip = &sa->sha2.template.ip4.ipv4_hdr; + template = &sa->sha2.template; ctx_len = offsetof(struct otx2_ipsec_po_out_sa, sha2.template) + sizeof( sa->sha2.template.ip4); @@ -285,8 +274,15 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, } else { return -EINVAL; } + ip = &template->ip4.ipv4_hdr; + if (ipsec->options.udp_encap) { + ip->next_proto_id = IPPROTO_UDP; + template->ip4.udp_src = rte_be_to_cpu_16(4500); + template->ip4.udp_dst = rte_be_to_cpu_16(4500); + } else { + ip->next_proto_id = IPPROTO_ESP; + } ip->version_ihl = RTE_IPV4_VHL_DEF; - ip->next_proto_id = IPPROTO_ESP; ip->time_to_live = ipsec->tunnel.ipv4.ttl; ip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2); if (ipsec->tunnel.ipv4.df) @@ -299,10 +295,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, RTE_SECURITY_IPSEC_TUNNEL_IPV6) { if (ctl->enc_type == OTX2_IPSEC_PO_SA_ENC_AES_GCM) { - if (ipsec->options.udp_encap) { - sa->aes_gcm.template.ip6.udp_src = 4500; - sa->aes_gcm.template.ip6.udp_dst = 4500; - } ip6 = &sa->aes_gcm.template.ip6.ipv6_hdr; ctx_len = offsetof(struct otx2_ipsec_po_out_sa, aes_gcm.template) + sizeof( @@ -311,10 +303,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, lp->ctx_len = ctx_len >> 3; } else if (ctl->auth_type == OTX2_IPSEC_PO_SA_AUTH_SHA1) { - if (ipsec->options.udp_encap) { - sa->sha1.template.ip6.udp_src = 4500; - sa->sha1.template.ip6.udp_dst = 4500; - } ip6 = &sa->sha1.template.ip6.ipv6_hdr; ctx_len = offsetof(struct otx2_ipsec_po_out_sa, sha1.template) + sizeof( @@ -323,10 +311,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, lp->ctx_len = ctx_len >> 3; } else if (ctl->auth_type == OTX2_IPSEC_PO_SA_AUTH_SHA2_256) { - if (ipsec->options.udp_encap) { - sa->sha2.template.ip6.udp_src = 4500; - sa->sha2.template.ip6.udp_dst = 4500; - } ip6 = &sa->sha2.template.ip6.ipv6_hdr; ctx_len = offsetof(struct otx2_ipsec_po_out_sa, sha2.template) + sizeof( -- 2.27.0
next prev parent reply other threads:[~2021-03-15 9:39 UTC|newest] Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-15 10:36 [dpdk-dev] [PATCH 0/3] add lookaside IPsec UDP encapsulation and transport mode Tejasree Kondoj 2021-03-15 10:36 ` Tejasree Kondoj [this message] 2021-03-15 10:36 ` [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support Tejasree Kondoj 2021-03-19 16:46 ` Ananyev, Konstantin 2021-03-23 8:02 ` Akhil Goyal 2021-03-23 14:29 ` Ananyev, Konstantin 2021-03-23 15:06 ` Akhil Goyal 2021-03-23 15:46 ` Ananyev, Konstantin 2021-03-23 17:54 ` Akhil Goyal 2021-03-24 9:45 ` Tejasree Kondoj 2021-03-24 10:39 ` Ananyev, Konstantin 2021-03-25 8:38 ` Tejasree Kondoj 2021-03-15 10:36 ` [dpdk-dev] [PATCH 3/3] crypto/octeontx2: support lookaside IPv4 transport mode Tejasree Kondoj
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210315103616.31364-2-ktejasree@marvell.com \ --to=ktejasree@marvell.com \ --cc=adwivedi@marvell.com \ --cc=anoobj@marvell.com \ --cc=dev@dpdk.org \ --cc=gakhil@marvell.com \ --cc=jerinj@marvell.com \ --cc=radu.nicolau@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
DPDK patches and discussions This inbox may be cloned and mirrored by anyone: git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \ dev@dpdk.org public-inbox-index dev Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dev AGPL code for this site: git clone https://public-inbox.org/public-inbox.git