DPDK patches and discussions
 help / color / mirror / Atom feed
From: Radu Nicolau <radu.nicolau@intel.com>
To: Radu Nicolau <radu.nicolau@intel.com>, Akhil Goyal <gakhil@marvell.com>
Cc: dev@dpdk.org, declan.doherty@intel.com, hemant.agrawal@oss.nxp.com
Subject: [dpdk-dev] [PATCH v6 3/7] examples/ipsec-secgw: add support for inline crypto UDP encapsulation
Date: Mon,  1 Nov 2021 12:58:11 +0000	[thread overview]
Message-ID: <20211101125815.3219304-4-radu.nicolau@intel.com> (raw)
In-Reply-To: <20211101125815.3219304-1-radu.nicolau@intel.com>

Enable UDP encapsulation for both transport and tunnel modes for the
inline crypto offload path.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst |  3 ++-
 examples/ipsec-secgw/ipsec.c             | 33 +++++++++++++++++++++---
 examples/ipsec-secgw/ipsec.h             |  7 ++++-
 examples/ipsec-secgw/sa.c                |  9 +++++++
 4 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 282926924f..ec0085d8c4 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -717,7 +717,8 @@ where each options means:
  ``<udp-encap>``
 
  * Option to enable IPsec UDP encapsulation for NAT Traversal.
-   Only *lookaside-protocol-offload* mode is supported at the moment.
+   Only *lookaside-protocol-offload* and *inline-crypto-offload* modes are
+   supported at the moment.
 
  * Optional: Yes, it is disabled by default
 
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index b6b7bddca8..90d9e61e5b 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -221,6 +221,12 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		}
 	}
 
+	if (sa->udp_encap) {
+		sess_conf.ipsec.options.udp_encap = 1;
+		sess_conf.ipsec.udp.sport = htons(sa->udp.sport);
+		sess_conf.ipsec.udp.dport = htons(sa->udp.dport);
+	}
+
 	RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n",
 		sa->spi, sa->portid);
 
@@ -289,12 +295,31 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 			sa->ipv4_spec.hdr.src_addr = sa->src.ip.ip4;
 		}
 
-		sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;
-		sa->pattern[2].spec = &sa->esp_spec;
-		sa->pattern[2].mask = &rte_flow_item_esp_mask;
 		sa->esp_spec.hdr.spi = rte_cpu_to_be_32(sa->spi);
 
-		sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;
+		if (sa->udp_encap) {
+
+			sa->udp_spec.hdr.dst_port =
+					rte_cpu_to_be_16(sa->udp.dport);
+			sa->udp_spec.hdr.src_port =
+					rte_cpu_to_be_16(sa->udp.sport);
+
+			sa->pattern[2].mask = &rte_flow_item_udp_mask;
+			sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_UDP;
+			sa->pattern[2].spec = &sa->udp_spec;
+
+			sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_ESP;
+			sa->pattern[3].spec = &sa->esp_spec;
+			sa->pattern[3].mask = &rte_flow_item_esp_mask;
+
+			sa->pattern[4].type = RTE_FLOW_ITEM_TYPE_END;
+		} else {
+			sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;
+			sa->pattern[2].spec = &sa->esp_spec;
+			sa->pattern[2].mask = &rte_flow_item_esp_mask;
+
+			sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;
+		}
 
 		sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
 		sa->action[0].conf = ips->security.ses;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 8405c48171..06bb11d5d5 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -125,6 +125,10 @@ struct ipsec_sa {
 #define IP6_TRANSPORT (1 << 4)
 	struct ip_addr src;
 	struct ip_addr dst;
+	struct {
+		uint16_t sport;
+		uint16_t dport;
+	} udp;
 	uint8_t cipher_key[MAX_KEY_SIZE];
 	uint16_t cipher_key_len;
 	uint8_t auth_key[MAX_KEY_SIZE];
@@ -140,7 +144,7 @@ struct ipsec_sa {
 	uint8_t fdir_qid;
 	uint8_t fdir_flag;
 
-#define MAX_RTE_FLOW_PATTERN (4)
+#define MAX_RTE_FLOW_PATTERN (5)
 #define MAX_RTE_FLOW_ACTIONS (3)
 	struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN];
 	struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS];
@@ -149,6 +153,7 @@ struct ipsec_sa {
 		struct rte_flow_item_ipv4 ipv4_spec;
 		struct rte_flow_item_ipv6 ipv6_spec;
 	};
+	struct rte_flow_item_udp udp_spec;
 	struct rte_flow_item_esp esp_spec;
 	struct rte_flow *flow;
 	struct rte_security_session_conf sess_conf;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 88dd30464f..daebc1f09b 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -17,6 +17,7 @@
 #include <rte_byteorder.h>
 #include <rte_errno.h>
 #include <rte_ip.h>
+#include <rte_udp.h>
 #include <rte_random.h>
 #include <rte_ethdev.h>
 #include <rte_malloc.h>
@@ -771,6 +772,11 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 				app_sa_prm.udp_encap = 1;
 				udp_encap_p = 1;
 				break;
+			case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+				rule->udp_encap = 1;
+				rule->udp.sport = 0;
+				rule->udp.dport = 4500;
+				break;
 			default:
 				APP_CHECK(0, status,
 					"UDP encapsulation not supported for "
@@ -858,6 +864,8 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
 	}
 
 	printf("mode:");
+	if (sa->udp_encap)
+		printf("UDP encapsulated ");
 
 	switch (WITHOUT_TRANSPORT_VERSION(sa->flags)) {
 	case IP4_TUNNEL:
@@ -1311,6 +1319,7 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
 	prm->ipsec_xform.mode = (IS_TRANSPORT(ss->flags)) ?
 		RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT :
 		RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
+	prm->ipsec_xform.options.udp_encap = ss->udp_encap;
 	prm->ipsec_xform.options.ecn = 1;
 	prm->ipsec_xform.options.copy_dscp = 1;
 
-- 
2.25.1


  parent reply	other threads:[~2021-11-01 13:21 UTC|newest]

Thread overview: 82+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-03 11:22 [dpdk-dev] [PATCH 0/7] IPsec Sec GW new features Radu Nicolau
2021-09-03 11:22 ` [dpdk-dev] [PATCH 1/7] examples/ipsec-secgw: add ol_flags support Radu Nicolau
2021-09-08 12:48   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-09  8:57     ` Nicolau, Radu
2021-09-03 11:22 ` [dpdk-dev] [PATCH 2/7] examples/ipsec-secgw: add support for NAT-T Radu Nicolau
2021-09-08 10:36   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-03 11:22 ` [dpdk-dev] [PATCH 3/7] examples/ipsec-secgw: add support for TSO Radu Nicolau
2021-09-08 12:54   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-03 11:22 ` [dpdk-dev] [PATCH 4/7] examples/ipsec-secgw: enable stats by default Radu Nicolau
2021-09-03 12:50   ` Zhang, Roy Fan
2021-09-08 13:08   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-08 16:05     ` Hemant Agrawal
2021-09-03 11:22 ` [dpdk-dev] [PATCH 5/7] examples/ipsec-secgw: add support for telemetry Radu Nicolau
2021-09-08 14:09   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-03 11:22 ` [dpdk-dev] [PATCH 6/7] examples/ipsec-secgw: add support for defining initial sequence number value Radu Nicolau
2021-09-08 14:11   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-03 11:22 ` [dpdk-dev] [PATCH 7/7] examples/ipsec-secgw: add ethdev reset callback Radu Nicolau
2021-09-08 14:24   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-15 13:45 ` [dpdk-dev] [PATCH v2 0/9] IPsec Sec GW new features Radu Nicolau
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 1/9] examples/ipsec-secgw: update create inline session Radu Nicolau
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 2/9] examples/ipsec-secgw: update SA parameters with L3 options Radu Nicolau
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 3/9] examples/ipsec-secgw: add support for telemetry Radu Nicolau
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 4/9] examples/ipsec-secgw: add stats interval argument Radu Nicolau
2021-09-16  9:13     ` Hemant Agrawal
2021-09-16  9:30     ` [dpdk-dev] [EXT] " Anoob Joseph
2021-09-16 10:24       ` Nicolau, Radu
2021-09-17 12:51         ` Anoob Joseph
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 5/9] examples/ipsec-secgw: add support for TSO Radu Nicolau
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 6/9] examples/ipsec-secgw: add support for defining initial sequence number value Radu Nicolau
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 7/9] examples/ipsec-secgw: add ethdev reset callback Radu Nicolau
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 8/9] examples/ipsec-secgw: add support for additional algorithms Radu Nicolau
2021-09-15 13:45   ` [dpdk-dev] [PATCH v2 9/9] examples/ipsec-secgw: add support for inline crypto UDP encapsulation Radu Nicolau
2021-10-01  9:51 ` [dpdk-dev] [PATCH v3 0/8] IPsec Sec GW new features Radu Nicolau
2021-10-01  9:51   ` [dpdk-dev] [PATCH v3 1/8] examples/ipsec-secgw: add stats interval argument Radu Nicolau
2021-10-08 18:37     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-01  9:51   ` [dpdk-dev] [PATCH v3 2/8] examples/ipsec-secgw: update create inline session Radu Nicolau
2021-10-08 18:38     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-01  9:51   ` [dpdk-dev] [PATCH v3 3/8] examples/ipsec-secgw: add support for inline crypto UDP encapsulation Radu Nicolau
2021-10-08 18:42     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-01  9:51   ` [dpdk-dev] [PATCH v3 4/8] examples/ipsec-secgw: add support for TSO Radu Nicolau
2021-10-08 18:46     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-01  9:51   ` [dpdk-dev] [PATCH v3 5/8] examples/ipsec-secgw: add support for telemetry Radu Nicolau
2021-10-08 18:51     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-01  9:52   ` [dpdk-dev] [PATCH v3 6/8] examples/ipsec-secgw: add support for defining initial sequence number value Radu Nicolau
2021-10-08 18:57     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-01  9:52   ` [dpdk-dev] [PATCH v3 7/8] examples/ipsec-secgw: add ethdev reset callback Radu Nicolau
2021-10-01  9:52   ` [dpdk-dev] [PATCH v3 8/8] examples/ipsec-secgw: add support for additional algorithms Radu Nicolau
2021-10-08 19:07     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-11 15:40       ` Nicolau, Radu
2021-10-18 10:28 ` [dpdk-dev] [PATCH v4 0/7] IPsec Sec GW new features Radu Nicolau
2021-10-18 10:28   ` [dpdk-dev] [PATCH v4 1/7] examples/ipsec-secgw: add stats interval argument Radu Nicolau
2021-10-18 10:28   ` [dpdk-dev] [PATCH v4 2/7] examples/ipsec-secgw: update create inline session Radu Nicolau
2021-10-18 10:28   ` [dpdk-dev] [PATCH v4 3/7] examples/ipsec-secgw: add support for inline crypto UDP encapsulation Radu Nicolau
2021-10-18 10:28   ` [dpdk-dev] [PATCH v4 4/7] examples/ipsec-secgw: support telemetry Radu Nicolau
2021-10-18 10:28   ` [dpdk-dev] [PATCH v4 5/7] examples/ipsec-secgw: define initial ESN value Radu Nicolau
2021-10-18 10:28   ` [dpdk-dev] [PATCH v4 6/7] examples/ipsec-secgw: add ethdev reset callback Radu Nicolau
2021-10-18 10:29   ` [dpdk-dev] [PATCH v4 7/7] examples/ipsec-secgw: add support for additional algorithms Radu Nicolau
2021-10-27 11:45 ` [dpdk-dev] [PATCH v5 0/7] IPsec Sec GW new features Radu Nicolau
2021-10-27 11:45   ` [dpdk-dev] [PATCH v5 1/7] examples/ipsec-secgw: add stats interval argument Radu Nicolau
2021-10-27 11:45   ` [dpdk-dev] [PATCH v5 2/7] examples/ipsec-secgw: update create inline session Radu Nicolau
2021-10-27 11:45   ` [dpdk-dev] [PATCH v5 3/7] examples/ipsec-secgw: add support for inline crypto UDP encapsulation Radu Nicolau
2021-10-31 20:03     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-27 11:45   ` [dpdk-dev] [PATCH v5 4/7] examples/ipsec-secgw: support telemetry Radu Nicolau
2021-10-31 20:22     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-27 11:45   ` [dpdk-dev] [PATCH v5 5/7] examples/ipsec-secgw: define initial ESN value Radu Nicolau
2021-10-31 20:23     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-27 11:45   ` [dpdk-dev] [PATCH v5 6/7] examples/ipsec-secgw: add ethdev reset callback Radu Nicolau
2021-10-31 20:25     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-27 11:45   ` [dpdk-dev] [PATCH v5 7/7] examples/ipsec-secgw: add support for additional algorithms Radu Nicolau
2021-10-31 20:29     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-11-01 12:58 ` [dpdk-dev] [PATCH v6 0/7] IPsec Sec GW new features Radu Nicolau
2021-11-01 12:58   ` [dpdk-dev] [PATCH v6 1/7] examples/ipsec-secgw: add stats interval argument Radu Nicolau
2021-11-03  9:23     ` [dpdk-dev] [EXT] " Akhil Goyal
2021-11-03 10:51       ` Nicolau, Radu
2021-11-03 13:20         ` Akhil Goyal
2021-11-01 12:58   ` [dpdk-dev] [PATCH v6 2/7] examples/ipsec-secgw: update create inline session Radu Nicolau
2021-11-01 12:58   ` Radu Nicolau [this message]
2021-11-01 12:58   ` [dpdk-dev] [PATCH v6 4/7] examples/ipsec-secgw: support telemetry Radu Nicolau
2021-11-01 12:58   ` [dpdk-dev] [PATCH v6 5/7] examples/ipsec-secgw: define initial ESN value Radu Nicolau
2021-11-01 12:58   ` [dpdk-dev] [PATCH v6 6/7] examples/ipsec-secgw: add ethdev reset callback Radu Nicolau
2021-11-01 12:58   ` [dpdk-dev] [PATCH v6 7/7] examples/ipsec-secgw: add support for additional algorithms Radu Nicolau
2021-11-03 14:13   ` [dpdk-dev] [EXT] [PATCH v6 0/7] IPsec Sec GW new features Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211101125815.3219304-4-radu.nicolau@intel.com \
    --to=radu.nicolau@intel.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=hemant.agrawal@oss.nxp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).