DPDK patches and discussions
 help / color / mirror / Atom feed
From: Radu Nicolau <radu.nicolau@intel.com>
To: Jingjing Wu <jingjing.wu@intel.com>, Beilei Xing <beilei.xing@intel.com>
Cc: dev@dpdk.org, Radu Nicolau <radu.nicolau@intel.com>
Subject: [PATCH] net/iavf: add NAT-T / UDP encapsulation support
Date: Thu, 24 Feb 2022 12:27:28 +0000	[thread overview]
Message-ID: <20220224122729.1777159-1-radu.nicolau@intel.com> (raw)

Add support for NAT-T / UDP encapsulated ESP.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 drivers/common/iavf/virtchnl_inline_ipsec.h |  9 +++++++++
 drivers/net/iavf/iavf_ipsec_crypto.c        | 16 +++++++++++++---
 drivers/net/iavf/iavf_ipsec_crypto.h        |  4 +++-
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/drivers/common/iavf/virtchnl_inline_ipsec.h b/drivers/common/iavf/virtchnl_inline_ipsec.h
index 1e9134501e..2f4bf15725 100644
--- a/drivers/common/iavf/virtchnl_inline_ipsec.h
+++ b/drivers/common/iavf/virtchnl_inline_ipsec.h
@@ -446,6 +446,15 @@ struct virtchnl_ipsec_sp_cfg {
 
 	/* Set TC (congestion domain) if true. For future use. */
 	u8 set_tc;
+
+	/* 0 for NAT-T unsupported, 1 for NAT-T supported */
+	u8 is_udp;
+
+	/* reserved */
+	u8 reserved;
+
+	/* NAT-T UDP port number. Only valid in case NAT-T supported */
+	u16 udp_port;
 } __rte_packed;
 
 
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index 6ac1b213db..35aa420a1b 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -736,7 +736,9 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	uint8_t is_v4,
 	rte_be32_t v4_dst_addr,
 	uint8_t *v6_dst_addr,
-	uint8_t drop)
+	uint8_t drop,
+	bool is_udp,
+	uint16_t udp_port)
 {
 	struct inline_ipsec_msg *request = NULL, *response = NULL;
 	size_t request_len, response_len;
@@ -781,6 +783,8 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	/** Traffic Class/Congestion Domain currently not support */
 	request->ipsec_data.sp_cfg->set_tc = 0;
 	request->ipsec_data.sp_cfg->cgd = 0;
+	request->ipsec_data.sp_cfg->is_udp = is_udp;
+	request->ipsec_data.sp_cfg->udp_port = htons(udp_port);
 
 	response_len = sizeof(struct inline_ipsec_msg) +
 			sizeof(struct virtchnl_ipsec_sp_cfg_resp);
@@ -1625,6 +1629,7 @@ struct iavf_ipsec_flow_item {
 		struct rte_ipv6_hdr ipv6_hdr;
 	};
 	struct rte_udp_hdr udp_hdr;
+	uint8_t is_udp;
 };
 
 static void
@@ -1737,6 +1742,7 @@ iavf_ipsec_flow_item_parse(struct rte_eth_dev *ethdev,
 		parse_udp_item((const struct rte_flow_item_udp *)
 				pattern[2].spec,
 			&ipsec_flow->udp_hdr);
+		ipsec_flow->is_udp = true;
 		ipsec_flow->spi =
 			((const struct rte_flow_item_esp *)
 					pattern[3].spec)->hdr.spi;
@@ -1806,7 +1812,9 @@ iavf_ipsec_flow_create(struct iavf_adapter *ad,
 			1,
 			ipsec_flow->ipv4_hdr.dst_addr,
 			NULL,
-			0);
+			0,
+			ipsec_flow->is_udp,
+			ipsec_flow->udp_hdr.dst_port);
 	} else {
 		ipsec_flow->id =
 			iavf_ipsec_crypto_inbound_security_policy_add(ad,
@@ -1814,7 +1822,9 @@ iavf_ipsec_flow_create(struct iavf_adapter *ad,
 			0,
 			0,
 			ipsec_flow->ipv6_hdr.dst_addr,
-			0);
+			0,
+			ipsec_flow->is_udp,
+			ipsec_flow->udp_hdr.dst_port);
 	}
 
 	if (ipsec_flow->id < 1) {
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h
index 687541077a..8ea0f9540e 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -145,7 +145,9 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	uint8_t is_v4,
 	rte_be32_t v4_dst_addr,
 	uint8_t *v6_dst_addr,
-	uint8_t drop);
+	uint8_t drop,
+	bool is_udp,
+	uint16_t udp_port);
 
 /**
  * Delete inbound security policy rule from hardware
-- 
2.25.1


             reply	other threads:[~2022-02-24 12:27 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-24 12:27 Radu Nicolau [this message]
2022-02-28 15:00 ` [PATCH v2] " Radu Nicolau
2022-03-01 11:24   ` Zhang, Qi Z

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220224122729.1777159-1-radu.nicolau@intel.com \
    --to=radu.nicolau@intel.com \
    --cc=beilei.xing@intel.com \
    --cc=dev@dpdk.org \
    --cc=jingjing.wu@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).