From: Simei Su <simei.su@intel.com>
To: qi.z.zhang@intel.com
Cc: dev@dpdk.org, junfeng.guo@intel.com, yahui.cao@intel.com,
Simei Su <simei.su@intel.com>
Subject: [dpdk-dev] [PATCH 2/2] net/ice: support FDIR ESP and NATT to match outer IP
Date: Thu, 27 May 2021 13:53:30 +0800 [thread overview]
Message-ID: <20210527055330.341052-3-simei.su@intel.com> (raw)
In-Reply-To: <20210527055330.341052-1-simei.su@intel.com>
This patch adds IPV4/IPV6 SRC/DST input set for ESP/NAT_T_ESP to
support outer IP match.
Signed-off-by: Simei Su <simei.su@intel.com>
---
drivers/net/ice/ice_fdir_filter.c | 73 +++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
diff --git a/drivers/net/ice/ice_fdir_filter.c b/drivers/net/ice/ice_fdir_filter.c
index 092c704..8afe65a 100644
--- a/drivers/net/ice/ice_fdir_filter.c
+++ b/drivers/net/ice/ice_fdir_filter.c
@@ -90,6 +90,22 @@
ICE_INSET_IPV6_SRC | ICE_INSET_IPV6_DST | \
ICE_INSET_GTPU_TEID | ICE_INSET_GTPU_QFI)
+#define ICE_FDIR_INSET_IPV4_ESP (\
+ ICE_INSET_IPV4_SRC | ICE_INSET_IPV4_DST | \
+ ICE_INSET_ESP_SPI)
+
+#define ICE_FDIR_INSET_IPV6_ESP (\
+ ICE_INSET_IPV6_SRC | ICE_INSET_IPV6_DST | \
+ ICE_INSET_ESP_SPI)
+
+#define ICE_FDIR_INSET_IPV4_NATT_ESP (\
+ ICE_INSET_IPV4_SRC | ICE_INSET_IPV4_DST | \
+ ICE_INSET_ESP_SPI)
+
+#define ICE_FDIR_INSET_IPV6_NATT_ESP (\
+ ICE_INSET_IPV6_SRC | ICE_INSET_IPV6_DST | \
+ ICE_INSET_ESP_SPI)
+
static struct ice_pattern_match_item ice_fdir_pattern_list[] = {
{pattern_ethertype, ICE_FDIR_INSET_ETH, ICE_INSET_NONE, ICE_INSET_NONE},
{pattern_eth_ipv4, ICE_FDIR_INSET_ETH_IPV4, ICE_INSET_NONE, ICE_INSET_NONE},
@@ -101,6 +117,10 @@ static struct ice_pattern_match_item ice_fdir_pattern_list[] = {
{pattern_eth_ipv6_udp, ICE_FDIR_INSET_ETH_IPV6_UDP, ICE_INSET_NONE, ICE_INSET_NONE},
{pattern_eth_ipv6_tcp, ICE_FDIR_INSET_ETH_IPV6_TCP, ICE_INSET_NONE, ICE_INSET_NONE},
{pattern_eth_ipv6_sctp, ICE_FDIR_INSET_ETH_IPV6_SCTP, ICE_INSET_NONE, ICE_INSET_NONE},
+ {pattern_eth_ipv4_esp, ICE_FDIR_INSET_IPV4_ESP, ICE_INSET_NONE, ICE_INSET_NONE},
+ {pattern_eth_ipv4_udp_esp, ICE_FDIR_INSET_IPV4_NATT_ESP, ICE_INSET_NONE, ICE_INSET_NONE},
+ {pattern_eth_ipv6_esp, ICE_FDIR_INSET_IPV6_ESP, ICE_INSET_NONE, ICE_INSET_NONE},
+ {pattern_eth_ipv6_udp_esp, ICE_FDIR_INSET_IPV6_NATT_ESP, ICE_INSET_NONE, ICE_INSET_NONE},
{pattern_eth_ipv4_udp_vxlan_ipv4, ICE_FDIR_INSET_ETH_IPV4_VXLAN, ICE_FDIR_INSET_IPV4, ICE_INSET_NONE},
{pattern_eth_ipv4_udp_vxlan_ipv4_udp, ICE_FDIR_INSET_ETH_IPV4_VXLAN, ICE_FDIR_INSET_IPV4_UDP, ICE_INSET_NONE},
{pattern_eth_ipv4_udp_vxlan_ipv4_tcp, ICE_FDIR_INSET_ETH_IPV4_VXLAN, ICE_FDIR_INSET_IPV4_TCP, ICE_INSET_NONE},
@@ -999,6 +1019,26 @@ ice_fdir_input_set_hdrs(enum ice_fltr_ptype flow, struct ice_flow_seg_info *seg)
case ICE_FLTR_PTYPE_NON_IP_L2:
ICE_FLOW_SET_HDRS(seg, ICE_FLOW_SEG_HDR_ETH_NON_IP);
break;
+ case ICE_FLTR_PTYPE_NONF_IPV4_ESP:
+ ICE_FLOW_SET_HDRS(seg, ICE_FLOW_SEG_HDR_ESP |
+ ICE_FLOW_SEG_HDR_IPV4 |
+ ICE_FLOW_SEG_HDR_IPV_OTHER);
+ break;
+ case ICE_FLTR_PTYPE_NONF_IPV6_ESP:
+ ICE_FLOW_SET_HDRS(seg, ICE_FLOW_SEG_HDR_ESP |
+ ICE_FLOW_SEG_HDR_IPV6 |
+ ICE_FLOW_SEG_HDR_IPV_OTHER);
+ break;
+ case ICE_FLTR_PTYPE_NONF_IPV4_NAT_T_ESP:
+ ICE_FLOW_SET_HDRS(seg, ICE_FLOW_SEG_HDR_NAT_T_ESP |
+ ICE_FLOW_SEG_HDR_IPV4 |
+ ICE_FLOW_SEG_HDR_IPV_OTHER);
+ break;
+ case ICE_FLTR_PTYPE_NONF_IPV6_NAT_T_ESP:
+ ICE_FLOW_SET_HDRS(seg, ICE_FLOW_SEG_HDR_NAT_T_ESP |
+ ICE_FLOW_SEG_HDR_IPV6 |
+ ICE_FLOW_SEG_HDR_IPV_OTHER);
+ break;
default:
PMD_DRV_LOG(ERR, "not supported filter type.");
break;
@@ -1610,6 +1650,7 @@ ice_fdir_parse_pattern(__rte_unused struct ice_adapter *ad,
const struct rte_flow_item *item = pattern;
enum rte_flow_item_type item_type;
enum rte_flow_item_type l3 = RTE_FLOW_ITEM_TYPE_END;
+ enum rte_flow_item_type l4 = RTE_FLOW_ITEM_TYPE_END;
enum ice_fdir_tunnel_type tunnel_type = ICE_FDIR_TUNNEL_TYPE_NONE;
const struct rte_flow_item_eth *eth_spec, *eth_mask;
const struct rte_flow_item_ipv4 *ipv4_spec, *ipv4_last, *ipv4_mask;
@@ -1622,6 +1663,7 @@ ice_fdir_parse_pattern(__rte_unused struct ice_adapter *ad,
const struct rte_flow_item_vxlan *vxlan_spec, *vxlan_mask;
const struct rte_flow_item_gtp *gtp_spec, *gtp_mask;
const struct rte_flow_item_gtp_psc *gtp_psc_spec, *gtp_psc_mask;
+ const struct rte_flow_item_esp *esp_spec, *esp_mask;
uint64_t input_set_i = ICE_INSET_NONE; /* only for tunnel inner */
uint64_t input_set_o = ICE_INSET_NONE; /* non-tunnel and tunnel outer */
uint64_t *input_set;
@@ -1915,6 +1957,7 @@ ice_fdir_parse_pattern(__rte_unused struct ice_adapter *ad,
}
break;
case RTE_FLOW_ITEM_TYPE_UDP:
+ l4 = RTE_FLOW_ITEM_TYPE_UDP;
if (l3 == RTE_FLOW_ITEM_TYPE_IPV4)
flow_type = ICE_FLTR_PTYPE_NONF_IPV4_UDP;
if (l3 == RTE_FLOW_ITEM_TYPE_IPV6)
@@ -2052,6 +2095,36 @@ ice_fdir_parse_pattern(__rte_unused struct ice_adapter *ad,
filter->input.gtpu_data.qfi =
gtp_psc_spec->qfi;
break;
+ case RTE_FLOW_ITEM_TYPE_ESP:
+ if (l3 == RTE_FLOW_ITEM_TYPE_IPV4 &&
+ l4 == RTE_FLOW_ITEM_TYPE_UDP)
+ flow_type = ICE_FLTR_PTYPE_NONF_IPV4_NAT_T_ESP;
+ else if (l3 == RTE_FLOW_ITEM_TYPE_IPV6 &&
+ l4 == RTE_FLOW_ITEM_TYPE_UDP)
+ flow_type = ICE_FLTR_PTYPE_NONF_IPV6_NAT_T_ESP;
+ else if (l3 == RTE_FLOW_ITEM_TYPE_IPV4 &&
+ l4 == RTE_FLOW_ITEM_TYPE_END)
+ flow_type = ICE_FLTR_PTYPE_NONF_IPV4_ESP;
+ else if (l3 == RTE_FLOW_ITEM_TYPE_IPV6 &&
+ l4 == RTE_FLOW_ITEM_TYPE_END)
+ flow_type = ICE_FLTR_PTYPE_NONF_IPV6_ESP;
+
+ esp_spec = item->spec;
+ esp_mask = item->mask;
+
+ if (!(esp_spec && esp_mask))
+ break;
+
+ if (esp_mask->hdr.spi == UINT32_MAX)
+ *input_set |= ICE_INSET_ESP_SPI;
+
+ if (l3 == RTE_FLOW_ITEM_TYPE_IPV4)
+ filter->input.ip.v4.sec_parm_idx =
+ esp_spec->hdr.spi;
+ else if (l3 == RTE_FLOW_ITEM_TYPE_IPV6)
+ filter->input.ip.v6.sec_parm_idx =
+ esp_spec->hdr.spi;
+ break;
default:
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
--
2.9.5
next prev parent reply other threads:[~2021-05-27 6:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-27 5:53 [dpdk-dev] [PATCH 0/2] " Simei Su
2021-05-27 5:53 ` [dpdk-dev] [PATCH 1/2] net/ice/base: support FDIR ESP for outer IP match Simei Su
2021-05-27 5:53 ` Simei Su [this message]
2021-06-09 2:49 ` [dpdk-dev] [PATCH v2 0/3] net/ice: support FDIR ESP and NATT to match outer IP Simei Su
2021-06-09 2:49 ` [dpdk-dev] [PATCH v2 1/3] net/iavf: add FDIR ESP support " Simei Su
2021-06-09 2:49 ` [dpdk-dev] [PATCH v2 2/3] net/ice/base: support FDIR ESP for outer IP match Simei Su
2021-06-09 2:49 ` [dpdk-dev] [PATCH v2 3/3] net/ice: support FDIR ESP and NATT to match outer IP Simei Su
2021-06-18 2:57 ` [dpdk-dev] [PATCH v2 0/3] " Zhang, Qi Z
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210527055330.341052-3-simei.su@intel.com \
--to=simei.su@intel.com \
--cc=dev@dpdk.org \
--cc=junfeng.guo@intel.com \
--cc=qi.z.zhang@intel.com \
--cc=yahui.cao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).