From: Chaoyong He <chaoyong.he@corigine.com>
To: dev@dpdk.org
Cc: oss-drivers@corigine.com,
Shihong Wang <shihong.wang@corigine.com>,
Chaoyong He <chaoyong.he@corigine.com>
Subject: [PATCH 06/10] net/nfp: get IPsec Rx/Tx packet statistics
Date: Mon, 25 Sep 2023 14:06:40 +0800 [thread overview]
Message-ID: <20230925060644.1458598-7-chaoyong.he@corigine.com> (raw)
In-Reply-To: <20230925060644.1458598-1-chaoyong.he@corigine.com>
From: Shihong Wang <shihong.wang@corigine.com>
IPsec packet processing is mostly carried out in hardware.
The hardware statistics on successful packets and discarded
packets. The driver can obtain these statistics by Mailbox.
Signed-off-by: Shihong Wang <shihong.wang@corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
---
drivers/net/nfp/nfp_ipsec.c | 149 ++++++++++++++++++++++++++++++++++++
1 file changed, 149 insertions(+)
diff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c
index 51770def9d..d4292c3b90 100644
--- a/drivers/net/nfp/nfp_ipsec.c
+++ b/drivers/net/nfp/nfp_ipsec.c
@@ -356,6 +356,154 @@ static const struct rte_security_capability nfp_security_caps[] = {
}
};
+/* IPsec config message cmd codes */
+enum nfp_ipsec_cfg_msg_cmd_codes {
+ NFP_IPSEC_CFG_MSG_ADD_SA, /**< Add a new SA */
+ NFP_IPSEC_CFG_MSG_INV_SA, /**< Invalidate an existing SA */
+ NFP_IPSEC_CFG_MSG_MODIFY_SA, /**< Modify an existing SA */
+ NFP_IPSEC_CFG_MSG_GET_SA_STATS, /**< Report SA counters, flags, etc. */
+ NFP_IPSEC_CFG_MSG_GET_SEQ_NUMS, /**< Allocate sequence numbers */
+ NFP_IPSEC_CFG_MSG_LAST
+};
+
+enum nfp_ipsec_cfg_msg_rsp_codes {
+ NFP_IPSEC_CFG_MSG_OK,
+ NFP_IPSEC_CFG_MSG_FAILED,
+ NFP_IPSEC_CFG_MSG_SA_VALID,
+ NFP_IPSEC_CFG_MSG_SA_HASH_ADD_FAILED,
+ NFP_IPSEC_CFG_MSG_SA_HASH_DEL_FAILED,
+ NFP_IPSEC_CFG_MSG_SA_INVALID_CMD
+};
+
+static int
+nfp_ipsec_cfg_cmd_issue(struct nfp_net_hw *hw,
+ struct nfp_ipsec_msg *msg)
+{
+ int ret;
+ uint32_t i;
+ uint32_t msg_size;
+
+ msg_size = RTE_DIM(msg->raw);
+ msg->rsp = NFP_IPSEC_CFG_MSG_OK;
+
+ for (i = 0; i < msg_size; i++)
+ nn_cfg_writel(hw, NFP_NET_CFG_MBOX_VAL + 4 * i, msg->raw[i]);
+
+ ret = nfp_net_mbox_reconfig(hw, NFP_NET_CFG_MBOX_CMD_IPSEC);
+ if (ret < 0) {
+ PMD_DRV_LOG(ERR, "Failed to IPsec reconfig mbox");
+ return ret;
+ }
+
+ /*
+ * Not all commands and callers make use of response message data. But
+ * leave this up to the caller and always read and store the full
+ * response. One example where the data is needed is for statistics.
+ */
+ for (i = 0; i < msg_size; i++)
+ msg->raw[i] = nn_cfg_readl(hw, NFP_NET_CFG_MBOX_VAL + 4 * i);
+
+ switch (msg->rsp) {
+ case NFP_IPSEC_CFG_MSG_OK:
+ ret = 0;
+ break;
+ case NFP_IPSEC_CFG_MSG_SA_INVALID_CMD:
+ ret = -EINVAL;
+ break;
+ case NFP_IPSEC_CFG_MSG_SA_VALID:
+ ret = -EEXIST;
+ break;
+ case NFP_IPSEC_CFG_MSG_FAILED:
+ /* FALLTHROUGH */
+ case NFP_IPSEC_CFG_MSG_SA_HASH_ADD_FAILED:
+ /* FALLTHROUGH */
+ case NFP_IPSEC_CFG_MSG_SA_HASH_DEL_FAILED:
+ ret = -EIO;
+ break;
+ default:
+ ret = -EDOM;
+ }
+
+ return ret;
+}
+
+/**
+ * Get discards packet statistics for each SA
+ *
+ * The sa_discard_stats contains the statistics of discards packets
+ * of an SA. This function calculates the sum total of discarded packets.
+ *
+ * @param errors
+ * The value is SA discards packet sum total
+ * @param sa_discard_stats
+ * The struct is SA discards packet Statistics
+ */
+static void
+nfp_get_errorstats(uint64_t *errors,
+ struct ipsec_discard_stats *sa_discard_stats)
+{
+ uint32_t i;
+ uint32_t len;
+ uint32_t *perror;
+
+ perror = &sa_discard_stats->discards_auth;
+ len = sizeof(struct ipsec_discard_stats) / sizeof(uint32_t);
+
+ for (i = 0; i < len; i++)
+ *errors += *perror++;
+
+ *errors -= sa_discard_stats->ipv4_id_counter;
+}
+
+static int
+nfp_security_session_get_stats(void *device,
+ struct rte_security_session *session,
+ struct rte_security_stats *stats)
+{
+ int ret;
+ struct nfp_net_hw *hw;
+ struct nfp_ipsec_msg msg;
+ struct rte_eth_dev *eth_dev;
+ struct ipsec_get_sa_stats *cfg_s;
+ struct rte_security_ipsec_stats *ips_s;
+ struct nfp_ipsec_session *priv_session;
+ enum rte_security_ipsec_sa_direction direction;
+
+ eth_dev = device;
+ priv_session = SECURITY_GET_SESS_PRIV(session);
+ memset(&msg, 0, sizeof(msg));
+ msg.cmd = NFP_IPSEC_CFG_MSG_GET_SA_STATS;
+ msg.sa_idx = priv_session->sa_index;
+ hw = NFP_NET_DEV_PRIVATE_TO_HW(eth_dev->data->dev_private);
+
+ ret = nfp_ipsec_cfg_cmd_issue(hw, &msg);
+ if (ret < 0) {
+ PMD_DRV_LOG(ERR, "Failed to get SA stats");
+ return ret;
+ }
+
+ cfg_s = &msg.cfg_get_stats;
+ direction = priv_session->ipsec.direction;
+ memset(stats, 0, sizeof(struct rte_security_stats)); /* Start with zeros */
+ stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
+ ips_s = &stats->ipsec;
+
+ /* Only display SA if any counters are non-zero */
+ if (cfg_s->lifetime_byte_count != 0 || cfg_s->pkt_count != 0) {
+ if (direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+ ips_s->ipackets = cfg_s->pkt_count;
+ ips_s->ibytes = cfg_s->lifetime_byte_count;
+ nfp_get_errorstats(&ips_s->ierrors, &cfg_s->sa_discard_stats);
+ } else {
+ ips_s->opackets = cfg_s->pkt_count;
+ ips_s->obytes = cfg_s->lifetime_byte_count;
+ nfp_get_errorstats(&ips_s->oerrors, &cfg_s->sa_discard_stats);
+ }
+ }
+
+ return 0;
+}
+
static const struct rte_security_capability *
nfp_crypto_capabilities_get(void *device __rte_unused)
{
@@ -370,6 +518,7 @@ nfp_security_session_get_size(void *device __rte_unused)
static const struct rte_security_ops nfp_security_ops = {
.session_get_size = nfp_security_session_get_size,
+ .session_stats_get = nfp_security_session_get_stats,
.capabilities_get = nfp_crypto_capabilities_get,
};
--
2.39.1
next prev parent reply other threads:[~2023-09-25 6:08 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-25 6:06 [PATCH 00/10] add the support of ipsec offload Chaoyong He
2023-09-25 6:06 ` [PATCH 01/10] mailmap: update contributor entry Chaoyong He
2023-09-27 14:19 ` Ferruh Yigit
2023-09-28 1:50 ` Chaoyong He
2023-09-25 6:06 ` [PATCH 02/10] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-27 14:19 ` Ferruh Yigit
2023-09-28 2:02 ` Chaoyong He
2023-09-28 9:30 ` Ferruh Yigit
2023-09-25 6:06 ` [PATCH 03/10] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-25 6:06 ` [PATCH 04/10] net/nfp: initialize IPsec related content Chaoyong He
2023-09-25 6:06 ` [PATCH 05/10] net/nfp: get security capabilities and session size Chaoyong He
2023-09-25 6:06 ` Chaoyong He [this message]
2023-09-25 6:06 ` [PATCH 07/10] net/nfp: create security session Chaoyong He
2023-09-25 6:06 ` [PATCH 08/10] net/nfp: update " Chaoyong He
2023-09-25 6:06 ` [PATCH 09/10] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-25 6:06 ` [PATCH 10/10] net/nfp: destroy security session Chaoyong He
2023-09-26 2:49 ` [PATCH v2 00/10] add the support of ipsec offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 01/10] mailmap: update contributor entry Chaoyong He
2023-09-26 2:49 ` [PATCH v2 02/10] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-26 2:49 ` [PATCH v2 03/10] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 04/10] net/nfp: initialize IPsec related content Chaoyong He
2023-09-26 2:49 ` [PATCH v2 05/10] net/nfp: get security capabilities and session size Chaoyong He
2023-09-26 2:49 ` [PATCH v2 06/10] net/nfp: get IPsec Rx/Tx packet statistics Chaoyong He
2023-09-26 2:49 ` [PATCH v2 07/10] net/nfp: create security session Chaoyong He
2023-09-26 2:49 ` [PATCH v2 08/10] net/nfp: update " Chaoyong He
2023-09-26 2:49 ` [PATCH v2 09/10] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 10/10] net/nfp: destroy security session Chaoyong He
2023-09-27 14:20 ` [PATCH v2 00/10] add the support of ipsec offload Ferruh Yigit
2023-09-28 2:05 ` Chaoyong He
2023-09-28 9:33 ` Ferruh Yigit
2023-09-29 2:08 ` [PATCH v3 0/9] " Chaoyong He
2023-09-29 2:08 ` [PATCH v3 1/9] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-29 2:08 ` [PATCH v3 2/9] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-29 2:08 ` [PATCH v3 3/9] net/nfp: initialize IPsec related content Chaoyong He
2023-09-29 10:00 ` Ferruh Yigit
2023-09-29 2:08 ` [PATCH v3 4/9] net/nfp: get security capabilities and session size Chaoyong He
2023-09-29 2:08 ` [PATCH v3 5/9] net/nfp: get IPsec Rx/Tx packet statistics Chaoyong He
2023-09-29 2:08 ` [PATCH v3 6/9] net/nfp: create security session Chaoyong He
2023-09-29 2:08 ` [PATCH v3 7/9] net/nfp: update " Chaoyong He
2023-09-29 2:08 ` [PATCH v3 8/9] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-29 2:08 ` [PATCH v3 9/9] net/nfp: destroy security session Chaoyong He
2023-09-29 10:05 ` [PATCH v3 0/9] add the support of ipsec offload Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230925060644.1458598-7-chaoyong.he@corigine.com \
--to=chaoyong.he@corigine.com \
--cc=dev@dpdk.org \
--cc=oss-drivers@corigine.com \
--cc=shihong.wang@corigine.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).