From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Radu Nicolau <radu.nicolau@intel.com>
Cc: Tejasree Kondoj <ktejasree@marvell.com>,
Anoob Joseph <anoobj@marvell.com>,
Ankur Dwivedi <adwivedi@marvell.com>,
Jerin Jacob <jerinj@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v2 1/4] crypto/octeontx2: add UDP encapsulation support
Date: Thu, 1 Apr 2021 16:56:20 +0530 [thread overview]
Message-ID: <20210401112623.20951-2-ktejasree@marvell.com> (raw)
In-Reply-To: <20210401112623.20951-1-ktejasree@marvell.com>
Adding UDP encapsulation support for IPsec in
lookaside protocol mode.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
doc/guides/cryptodevs/octeontx2.rst | 1 +
doc/guides/rel_notes/release_21_05.rst | 5 +++
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 40 ++++++-------------
3 files changed, 18 insertions(+), 28 deletions(-)
diff --git a/doc/guides/cryptodevs/octeontx2.rst b/doc/guides/cryptodevs/octeontx2.rst
index d312eeb74c..b30f98180a 100644
--- a/doc/guides/cryptodevs/octeontx2.rst
+++ b/doc/guides/cryptodevs/octeontx2.rst
@@ -181,6 +181,7 @@ Features supported
* Tunnel mode
* ESN
* Anti-replay
+* UDP Encapsulation
* AES-128/192/256-GCM
* AES-128/192/256-CBC-SHA1-HMAC
* AES-128/192/256-CBC-SHA256-128-HMAC
diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst
index 8e686cc627..8065b3daf8 100644
--- a/doc/guides/rel_notes/release_21_05.rst
+++ b/doc/guides/rel_notes/release_21_05.rst
@@ -94,6 +94,11 @@ New Features
* Added support for preferred busy polling.
+* **Updated the OCTEON TX2 crypto PMD.**
+
+ * Updated the OCTEON TX2 crypto PMD lookaside protocol offload for IPsec with
+ UDP encapsulation support for NAT Traversal.
+
* **Updated testpmd.**
* Added a command line option to configure forced speed for Ethernet port.
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 342f089df8..8942ff1fac 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -203,6 +203,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
struct rte_security_session *sec_sess)
{
struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+ struct otx2_ipsec_po_ip_template *template;
const uint8_t *cipher_key, *auth_key;
struct otx2_sec_session_ipsec_lp *lp;
struct otx2_ipsec_po_sa_ctl *ctl;
@@ -248,11 +249,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
if (ctl->enc_type == OTX2_IPSEC_PO_SA_ENC_AES_GCM) {
- if (ipsec->options.udp_encap) {
- sa->aes_gcm.template.ip4.udp_src = 4500;
- sa->aes_gcm.template.ip4.udp_dst = 4500;
- }
- ip = &sa->aes_gcm.template.ip4.ipv4_hdr;
+ template = &sa->aes_gcm.template;
ctx_len = offsetof(struct otx2_ipsec_po_out_sa,
aes_gcm.template) + sizeof(
sa->aes_gcm.template.ip4);
@@ -260,11 +257,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
lp->ctx_len = ctx_len >> 3;
} else if (ctl->auth_type ==
OTX2_IPSEC_PO_SA_AUTH_SHA1) {
- if (ipsec->options.udp_encap) {
- sa->sha1.template.ip4.udp_src = 4500;
- sa->sha1.template.ip4.udp_dst = 4500;
- }
- ip = &sa->sha1.template.ip4.ipv4_hdr;
+ template = &sa->sha1.template;
ctx_len = offsetof(struct otx2_ipsec_po_out_sa,
sha1.template) + sizeof(
sa->sha1.template.ip4);
@@ -272,11 +265,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
lp->ctx_len = ctx_len >> 3;
} else if (ctl->auth_type ==
OTX2_IPSEC_PO_SA_AUTH_SHA2_256) {
- if (ipsec->options.udp_encap) {
- sa->sha2.template.ip4.udp_src = 4500;
- sa->sha2.template.ip4.udp_dst = 4500;
- }
- ip = &sa->sha2.template.ip4.ipv4_hdr;
+ template = &sa->sha2.template;
ctx_len = offsetof(struct otx2_ipsec_po_out_sa,
sha2.template) + sizeof(
sa->sha2.template.ip4);
@@ -285,8 +274,15 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
} else {
return -EINVAL;
}
+ ip = &template->ip4.ipv4_hdr;
+ if (ipsec->options.udp_encap) {
+ ip->next_proto_id = IPPROTO_UDP;
+ template->ip4.udp_src = rte_be_to_cpu_16(4500);
+ template->ip4.udp_dst = rte_be_to_cpu_16(4500);
+ } else {
+ ip->next_proto_id = IPPROTO_ESP;
+ }
ip->version_ihl = RTE_IPV4_VHL_DEF;
- ip->next_proto_id = IPPROTO_ESP;
ip->time_to_live = ipsec->tunnel.ipv4.ttl;
ip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2);
if (ipsec->tunnel.ipv4.df)
@@ -299,10 +295,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
if (ctl->enc_type == OTX2_IPSEC_PO_SA_ENC_AES_GCM) {
- if (ipsec->options.udp_encap) {
- sa->aes_gcm.template.ip6.udp_src = 4500;
- sa->aes_gcm.template.ip6.udp_dst = 4500;
- }
ip6 = &sa->aes_gcm.template.ip6.ipv6_hdr;
ctx_len = offsetof(struct otx2_ipsec_po_out_sa,
aes_gcm.template) + sizeof(
@@ -311,10 +303,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
lp->ctx_len = ctx_len >> 3;
} else if (ctl->auth_type ==
OTX2_IPSEC_PO_SA_AUTH_SHA1) {
- if (ipsec->options.udp_encap) {
- sa->sha1.template.ip6.udp_src = 4500;
- sa->sha1.template.ip6.udp_dst = 4500;
- }
ip6 = &sa->sha1.template.ip6.ipv6_hdr;
ctx_len = offsetof(struct otx2_ipsec_po_out_sa,
sha1.template) + sizeof(
@@ -323,10 +311,6 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
lp->ctx_len = ctx_len >> 3;
} else if (ctl->auth_type ==
OTX2_IPSEC_PO_SA_AUTH_SHA2_256) {
- if (ipsec->options.udp_encap) {
- sa->sha2.template.ip6.udp_src = 4500;
- sa->sha2.template.ip6.udp_dst = 4500;
- }
ip6 = &sa->sha2.template.ip6.ipv6_hdr;
ctx_len = offsetof(struct otx2_ipsec_po_out_sa,
sha2.template) + sizeof(
--
2.27.0
next prev parent reply other threads:[~2021-04-01 10:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-01 11:26 [dpdk-dev] [PATCH v2 0/4] add lookaside IPsec UDP encapsulation and transport mode Tejasree Kondoj
2021-04-01 11:26 ` Tejasree Kondoj [this message]
2021-04-05 18:14 ` [dpdk-dev] [PATCH v2 1/4] crypto/octeontx2: add UDP encapsulation support Akhil Goyal
2021-04-01 11:26 ` [dpdk-dev] [PATCH v2 2/4] mbuf: add packet type for UDP-ESP tunnel packets Tejasree Kondoj
2021-04-05 18:11 ` Akhil Goyal
2021-04-05 19:03 ` Thomas Monjalon
2021-04-01 11:26 ` [dpdk-dev] [PATCH v2 3/4] examples/ipsec-secgw: add UDP encapsulation support Tejasree Kondoj
2021-04-05 18:22 ` Akhil Goyal
2021-04-05 23:16 ` Ananyev, Konstantin
2021-04-06 13:38 ` Ananyev, Konstantin
2021-04-08 8:16 ` Tejasree Kondoj
2021-04-01 11:26 ` [dpdk-dev] [PATCH v2 4/4] crypto/octeontx2: support lookaside IPv4 transport mode Tejasree Kondoj
2021-04-05 18:15 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210401112623.20951-2-ktejasree@marvell.com \
--to=ktejasree@marvell.com \
--cc=adwivedi@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=radu.nicolau@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).