From: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
To: <dev@dpdk.org>
Cc: <matan@nvidia.com>, <rasland@nvidia.com>, <orika@nvidia.com>,
"Hamdan Igbaria" <hamdani@nvidia.com>
Subject: [PATCH v3] net/mlx5/hws: support match on ESP item
Date: Mon, 13 Feb 2023 15:45:48 +0200 [thread overview]
Message-ID: <20230213134548.17923-1-viacheslavo@nvidia.com> (raw)
In-Reply-To: <20230206095550.24572-1-viacheslavo@nvidia.com>
From: Hamdan Igbaria <hamdani@nvidia.com>
Add the support to match on SPI and sequence
number fields of ESP header.
The match on ESP header in hardware steering
is supported only if firmware reports the device
supports IPsec offload.
Signed-off-by: Hamdan Igbaria <hamdani@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
---
drivers/common/mlx5/mlx5_prm.h | 3 ++-
drivers/net/mlx5/hws/mlx5dr_cmd.c | 3 +++
drivers/net/mlx5/hws/mlx5dr_cmd.h | 1 +
drivers/net/mlx5/hws/mlx5dr_definer.c | 38 ++++++++++++++++++++++++++-
drivers/net/mlx5/hws/mlx5dr_definer.h | 2 ++
drivers/net/mlx5/mlx5_flow_hw.c | 1 +
6 files changed, 46 insertions(+), 2 deletions(-)
diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h
index 243952bf85..ad563908ce 100644
--- a/drivers/common/mlx5/mlx5_prm.h
+++ b/drivers/common/mlx5/mlx5_prm.h
@@ -1696,7 +1696,8 @@ struct mlx5_ifc_cmd_hca_cap_bits {
u8 reserved_at_460[0x8];
u8 aes_xts[0x1];
u8 crypto[0x1];
- u8 reserved_at_46a[0x6];
+ u8 ipsec_offload[0x1];
+ u8 reserved_at_46b[0x5];
u8 max_num_eqs[0x10];
u8 reserved_at_480[0x3];
u8 log_max_l2_table[0x5];
diff --git a/drivers/net/mlx5/hws/mlx5dr_cmd.c b/drivers/net/mlx5/hws/mlx5dr_cmd.c
index 3578fe4b69..a444fb4438 100644
--- a/drivers/net/mlx5/hws/mlx5dr_cmd.c
+++ b/drivers/net/mlx5/hws/mlx5dr_cmd.c
@@ -906,6 +906,9 @@ int mlx5dr_cmd_query_caps(struct ibv_context *ctx,
caps->sq_ts_format = MLX5_GET(query_hca_cap_out, out,
capability.cmd_hca_cap.sq_ts_format);
+ caps->ipsec_offload = MLX5_GET(query_hca_cap_out, out,
+ capability.cmd_hca_cap.ipsec_offload);
+
MLX5_SET(query_hca_cap_in, in, op_mod,
MLX5_GET_HCA_CAP_OP_MOD_GENERAL_DEVICE_2 |
MLX5_HCA_CAP_OPMOD_GET_CUR);
diff --git a/drivers/net/mlx5/hws/mlx5dr_cmd.h b/drivers/net/mlx5/hws/mlx5dr_cmd.h
index 0fc65aad49..3f40c085be 100644
--- a/drivers/net/mlx5/hws/mlx5dr_cmd.h
+++ b/drivers/net/mlx5/hws/mlx5dr_cmd.h
@@ -202,6 +202,7 @@ struct mlx5dr_cmd_query_caps {
bool cross_vhca_resources;
uint32_t shared_vhca_id;
char fw_ver[64];
+ bool ipsec_offload;
};
int mlx5dr_cmd_destroy_obj(struct mlx5dr_devx_obj *devx_obj);
diff --git a/drivers/net/mlx5/hws/mlx5dr_definer.c b/drivers/net/mlx5/hws/mlx5dr_definer.c
index 4849158407..b682d7582d 100644
--- a/drivers/net/mlx5/hws/mlx5dr_definer.c
+++ b/drivers/net/mlx5/hws/mlx5dr_definer.c
@@ -162,7 +162,9 @@ struct mlx5dr_definer_conv_data {
X(SET_BE32, gre_opt_key, v->key.key, rte_flow_item_gre_opt) \
X(SET_BE32, gre_opt_seq, v->sequence.sequence, rte_flow_item_gre_opt) \
X(SET_BE16, gre_opt_checksum, v->checksum_rsvd.checksum, rte_flow_item_gre_opt) \
- X(SET, meter_color, rte_col_2_mlx5_col(v->color), rte_flow_item_meter_color)
+ X(SET, meter_color, rte_col_2_mlx5_col(v->color), rte_flow_item_meter_color) \
+ X(SET_BE32, ipsec_spi, v->hdr.spi, rte_flow_item_esp) \
+ X(SET_BE32, ipsec_sequence_number, v->hdr.seq, rte_flow_item_esp)
/* Item set function format */
#define X(set_type, func_name, value, item_type) \
@@ -1645,6 +1647,36 @@ mlx5dr_definer_check_item_range_supp(struct rte_flow_item *item)
}
}
+static int
+mlx5dr_definer_conv_item_esp(struct mlx5dr_definer_conv_data *cd,
+ struct rte_flow_item *item,
+ int item_idx)
+{
+ const struct rte_flow_item_esp *m = item->mask;
+ struct mlx5dr_definer_fc *fc;
+
+ if (!cd->caps->ipsec_offload) {
+ rte_errno = ENOTSUP;
+ return rte_errno;
+ }
+
+ if (!m)
+ return 0;
+ if (m->hdr.spi) {
+ fc = &cd->fc[MLX5DR_DEFINER_FNAME_ESP_SPI];
+ fc->item_idx = item_idx;
+ fc->tag_set = &mlx5dr_definer_ipsec_spi_set;
+ DR_CALC_SET_HDR(fc, ipsec, spi);
+ }
+ if (m->hdr.seq) {
+ fc = &cd->fc[MLX5DR_DEFINER_FNAME_ESP_SEQUENCE_NUMBER];
+ fc->item_idx = item_idx;
+ fc->tag_set = &mlx5dr_definer_ipsec_sequence_number_set;
+ DR_CALC_SET_HDR(fc, ipsec, sequence_number);
+ }
+ return 0;
+}
+
static int
mlx5dr_definer_conv_items_to_hl(struct mlx5dr_context *ctx,
struct mlx5dr_match_template *mt,
@@ -1767,6 +1799,10 @@ mlx5dr_definer_conv_items_to_hl(struct mlx5dr_context *ctx,
ret = mlx5dr_definer_conv_item_meter_color(&cd, items, i);
item_flags |= MLX5_FLOW_ITEM_METER_COLOR;
break;
+ case RTE_FLOW_ITEM_TYPE_ESP:
+ ret = mlx5dr_definer_conv_item_esp(&cd, items, i);
+ item_flags |= MLX5_FLOW_ITEM_ESP;
+ break;
default:
DR_LOG(ERR, "Unsupported item type %d", items->type);
rte_errno = ENOTSUP;
diff --git a/drivers/net/mlx5/hws/mlx5dr_definer.h b/drivers/net/mlx5/hws/mlx5dr_definer.h
index 464872acd6..d8d6157154 100644
--- a/drivers/net/mlx5/hws/mlx5dr_definer.h
+++ b/drivers/net/mlx5/hws/mlx5dr_definer.h
@@ -112,6 +112,8 @@ enum mlx5dr_definer_fname {
MLX5DR_DEFINER_FNAME_INTEGRITY_I,
MLX5DR_DEFINER_FNAME_ICMP_DW1,
MLX5DR_DEFINER_FNAME_ICMP_DW2,
+ MLX5DR_DEFINER_FNAME_ESP_SPI,
+ MLX5DR_DEFINER_FNAME_ESP_SEQUENCE_NUMBER,
MLX5DR_DEFINER_FNAME_MAX,
};
diff --git a/drivers/net/mlx5/mlx5_flow_hw.c b/drivers/net/mlx5/mlx5_flow_hw.c
index aacde224f2..9cbd3b2693 100644
--- a/drivers/net/mlx5/mlx5_flow_hw.c
+++ b/drivers/net/mlx5/mlx5_flow_hw.c
@@ -4734,6 +4734,7 @@ flow_hw_pattern_validate(struct rte_eth_dev *dev,
case RTE_FLOW_ITEM_TYPE_ICMP6_ECHO_REQUEST:
case RTE_FLOW_ITEM_TYPE_ICMP6_ECHO_REPLY:
case RTE_FLOW_ITEM_TYPE_CONNTRACK:
+ case RTE_FLOW_ITEM_TYPE_ESP:
break;
case RTE_FLOW_ITEM_TYPE_INTEGRITY:
/*
--
2.18.1
prev parent reply other threads:[~2023-02-13 13:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-06 9:55 [PATCH] " Viacheslav Ovsiienko
2023-02-07 11:40 ` [PATCH v2] " Viacheslav Ovsiienko
2023-02-07 13:56 ` [PATCH v2] doc: update cross-port indirect shared action Viacheslav Ovsiienko
2023-02-13 13:45 ` Viacheslav Ovsiienko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230213134548.17923-1-viacheslavo@nvidia.com \
--to=viacheslavo@nvidia.com \
--cc=dev@dpdk.org \
--cc=hamdani@nvidia.com \
--cc=matan@nvidia.com \
--cc=orika@nvidia.com \
--cc=rasland@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).