From: Gregory Etelson <getelson@nvidia.com>
To: <dev@dpdk.org>
Cc: <getelson@nvidia.com>, <mkashani@nvidia.com>,
<rasland@nvidia.com>, "Hamdan Igbaria" <hamdani@nvidia.com>,
Alex Vesker <valex@nvidia.com>, Matan Azrad <matan@nvidia.com>,
Viacheslav Ovsiienko <viacheslavo@nvidia.com>,
Ori Kam <orika@nvidia.com>, Suanming Mou <suanmingm@nvidia.com>
Subject: [PATCH 17/30] net/mlx5/hws: support ASO IPsec action
Date: Sun, 29 Oct 2023 18:31:49 +0200 [thread overview]
Message-ID: <20231029163202.216450-17-getelson@nvidia.com> (raw)
In-Reply-To: <20231029163202.216450-1-getelson@nvidia.com>
From: Hamdan Igbaria <hamdani@nvidia.com>
Support ASO IPsec action, this action will allow performing
some of ipsec full offload operations, for example replay
protection and sequence number incrementation.
In Tx flow this action used before encrypting the packet to
increase the sequence number.
In Rx flow this action used after decrypting the packet to
check it against the replay protection window for validity.
Signed-off-by: Hamdan Igbaria <hamdani@nvidia.com>
Reviewed-by: Alex Vesker <valex@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
---
drivers/common/mlx5/mlx5_prm.h | 1 +
drivers/net/mlx5/hws/mlx5dr.h | 23 ++++++++++++++++++++
drivers/net/mlx5/hws/mlx5dr_action.c | 32 +++++++++++++++++++++++++---
drivers/net/mlx5/hws/mlx5dr_debug.c | 1 +
4 files changed, 54 insertions(+), 3 deletions(-)
diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h
index 0eecf0691b..31ebec7bcf 100644
--- a/drivers/common/mlx5/mlx5_prm.h
+++ b/drivers/common/mlx5/mlx5_prm.h
@@ -3539,6 +3539,7 @@ struct mlx5_ifc_stc_ste_param_flow_counter_bits {
enum {
MLX5_ASO_CT_NUM_PER_OBJ = 1,
MLX5_ASO_METER_NUM_PER_OBJ = 2,
+ MLX5_ASO_IPSEC_NUM_PER_OBJ = 1,
};
struct mlx5_ifc_stc_ste_param_execute_aso_bits {
diff --git a/drivers/net/mlx5/hws/mlx5dr.h b/drivers/net/mlx5/hws/mlx5dr.h
index 74d05229c7..bd352fa26d 100644
--- a/drivers/net/mlx5/hws/mlx5dr.h
+++ b/drivers/net/mlx5/hws/mlx5dr.h
@@ -45,6 +45,7 @@ enum mlx5dr_action_type {
MLX5DR_ACTION_TYP_PUSH_VLAN,
MLX5DR_ACTION_TYP_ASO_METER,
MLX5DR_ACTION_TYP_ASO_CT,
+ MLX5DR_ACTION_TYP_ASO_IPSEC,
MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT,
MLX5DR_ACTION_TYP_CRYPTO_DECRYPT,
MLX5DR_ACTION_TYP_DEST_ROOT,
@@ -235,6 +236,10 @@ struct mlx5dr_rule_action {
enum mlx5dr_action_aso_ct_flags direction;
} aso_ct;
+ struct {
+ uint32_t offset;
+ } aso_ipsec;
+
struct {
uint32_t offset;
} crypto;
@@ -659,6 +664,24 @@ mlx5dr_action_create_aso_ct(struct mlx5dr_context *ctx,
uint8_t return_reg_id,
uint32_t flags);
+/* Create direct rule ASO IPSEC action.
+ *
+ * @param[in] ctx
+ * The context in which the new action will be created.
+ * @param[in] devx_obj
+ * The DEVX ASO object.
+ * @param[in] return_reg_id
+ * Copy the ASO object value into this reg_id, after a packet hits a rule with this ASO object.
+ * @param[in] flags
+ * Action creation flags. (enum mlx5dr_action_flags)
+ * @return pointer to mlx5dr_action on success NULL otherwise.
+ */
+struct mlx5dr_action *
+mlx5dr_action_create_aso_ipsec(struct mlx5dr_context *ctx,
+ struct mlx5dr_devx_obj *devx_obj,
+ uint8_t return_reg_id,
+ uint32_t flags);
+
/* Create direct rule pop vlan action.
* @param[in] ctx
* The context in which the new action will be created.
diff --git a/drivers/net/mlx5/hws/mlx5dr_action.c b/drivers/net/mlx5/hws/mlx5dr_action.c
index 4910b4f730..956909a628 100644
--- a/drivers/net/mlx5/hws/mlx5dr_action.c
+++ b/drivers/net/mlx5/hws/mlx5dr_action.c
@@ -9,11 +9,11 @@
#define MLX5DR_ACTION_METER_INIT_COLOR_OFFSET 1
/* This is the maximum allowed action order for each table type:
- * TX: POP_VLAN, CTR, ASO_METER, AS_CT, PUSH_VLAN, MODIFY, ENCAP, ENCRYPT,
+ * TX: POP_VLAN, CTR, ASO, PUSH_VLAN, MODIFY, ENCAP, ENCRYPT,
* Term
- * RX: TAG, DECAP, POP_VLAN, CTR, DECRYPT, ASO_METER, ASO_CT, PUSH_VLAN,
+ * RX: TAG, DECAP, POP_VLAN, CTR, DECRYPT, ASO, PUSH_VLAN,
* MODIFY, ENCAP, Term
- * FDB: DECAP, POP_VLAN, CTR, DECRYPT, ASO_METER, ASO_CT, PUSH_VLAN, MODIFY,
+ * FDB: DECAP, POP_VLAN, CTR, DECRYPT, ASO, PUSH_VLAN, MODIFY,
* ENCAP, ENCRYPT, Term
*/
static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_MAX] = {
@@ -27,6 +27,7 @@ static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
BIT(MLX5DR_ACTION_TYP_CRYPTO_DECRYPT),
BIT(MLX5DR_ACTION_TYP_ASO_METER),
BIT(MLX5DR_ACTION_TYP_ASO_CT),
+ BIT(MLX5DR_ACTION_TYP_ASO_IPSEC),
BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
@@ -46,6 +47,7 @@ static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
BIT(MLX5DR_ACTION_TYP_CTR),
BIT(MLX5DR_ACTION_TYP_ASO_METER),
BIT(MLX5DR_ACTION_TYP_ASO_CT),
+ BIT(MLX5DR_ACTION_TYP_ASO_IPSEC),
BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
@@ -67,6 +69,7 @@ static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
BIT(MLX5DR_ACTION_TYP_CRYPTO_DECRYPT),
BIT(MLX5DR_ACTION_TYP_ASO_METER),
BIT(MLX5DR_ACTION_TYP_ASO_CT),
+ BIT(MLX5DR_ACTION_TYP_ASO_IPSEC),
BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
@@ -642,6 +645,13 @@ static void mlx5dr_action_fill_stc_attr(struct mlx5dr_action *action,
attr->aso.devx_obj_id = obj->id;
attr->aso.return_reg_id = action->aso.return_reg_id;
break;
+ case MLX5DR_ACTION_TYP_ASO_IPSEC:
+ attr->action_offset = MLX5DR_ACTION_OFFSET_DW6;
+ attr->action_type = MLX5_IFC_STC_ACTION_TYPE_ASO;
+ attr->aso.aso_type = ASO_OPC_MOD_IPSEC;
+ attr->aso.devx_obj_id = obj->id;
+ attr->aso.return_reg_id = action->aso.return_reg_id;
+ break;
case MLX5DR_ACTION_TYP_VPORT:
attr->action_offset = MLX5DR_ACTION_OFFSET_HIT;
attr->action_type = MLX5_IFC_STC_ACTION_TYPE_JUMP_TO_VPORT;
@@ -1076,6 +1086,16 @@ mlx5dr_action_create_aso_ct(struct mlx5dr_context *ctx,
devx_obj, return_reg_id, flags);
}
+struct mlx5dr_action *
+mlx5dr_action_create_aso_ipsec(struct mlx5dr_context *ctx,
+ struct mlx5dr_devx_obj *devx_obj,
+ uint8_t return_reg_id,
+ uint32_t flags)
+{
+ return mlx5dr_action_create_aso(ctx, MLX5DR_ACTION_TYP_ASO_IPSEC,
+ devx_obj, return_reg_id, flags);
+}
+
struct mlx5dr_action *
mlx5dr_action_create_counter(struct mlx5dr_context *ctx,
struct mlx5dr_devx_obj *obj,
@@ -2079,6 +2099,7 @@ static void mlx5dr_action_destroy_hws(struct mlx5dr_action *action)
case MLX5DR_ACTION_TYP_REFORMAT_TNL_L2_TO_L2:
case MLX5DR_ACTION_TYP_ASO_METER:
case MLX5DR_ACTION_TYP_ASO_CT:
+ case MLX5DR_ACTION_TYP_ASO_IPSEC:
case MLX5DR_ACTION_TYP_PUSH_VLAN:
case MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT:
case MLX5DR_ACTION_TYP_CRYPTO_DECRYPT:
@@ -2490,6 +2511,10 @@ mlx5dr_action_setter_aso(struct mlx5dr_actions_apply_data *apply,
offset = rule_action->aso_ct.offset / MLX5_ASO_CT_NUM_PER_OBJ;
exe_aso_ctrl = rule_action->aso_ct.direction;
break;
+ case MLX5DR_ACTION_TYP_ASO_IPSEC:
+ offset = rule_action->aso_ipsec.offset / MLX5_ASO_IPSEC_NUM_PER_OBJ;
+ exe_aso_ctrl = 0;
+ break;
default:
DR_LOG(ERR, "Unsupported ASO action type: %d", rule_action->action->type);
rte_errno = ENOTSUP;
@@ -2679,6 +2704,7 @@ int mlx5dr_action_template_process(struct mlx5dr_action_template *at)
case MLX5DR_ACTION_TYP_ASO_METER:
case MLX5DR_ACTION_TYP_ASO_CT:
+ case MLX5DR_ACTION_TYP_ASO_IPSEC:
setter = mlx5dr_action_setter_find_first(last_setter, ASF_DOUBLE);
setter->flags |= ASF_DOUBLE;
setter->set_double = &mlx5dr_action_setter_aso;
diff --git a/drivers/net/mlx5/hws/mlx5dr_debug.c b/drivers/net/mlx5/hws/mlx5dr_debug.c
index 8cf3909606..74893f61fb 100644
--- a/drivers/net/mlx5/hws/mlx5dr_debug.c
+++ b/drivers/net/mlx5/hws/mlx5dr_debug.c
@@ -22,6 +22,7 @@ const char *mlx5dr_debug_action_type_str[] = {
[MLX5DR_ACTION_TYP_PUSH_VLAN] = "PUSH_VLAN",
[MLX5DR_ACTION_TYP_ASO_METER] = "ASO_METER",
[MLX5DR_ACTION_TYP_ASO_CT] = "ASO_CT",
+ [MLX5DR_ACTION_TYP_ASO_IPSEC] = "ASO_IPSEC",
[MLX5DR_ACTION_TYP_DEST_ROOT] = "DEST_ROOT",
[MLX5DR_ACTION_TYP_DEST_ARRAY] = "DEST_ARRAY",
[MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT] = "CRYPTO_ENCRYPT",
--
2.39.2
next prev parent reply other threads:[~2023-10-29 16:34 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-29 16:31 [PATCH 01/30] net/mlx5/hws: Definer, add mlx5dr context to definer_conv_data Gregory Etelson
2023-10-29 16:31 ` [PATCH 02/30] net/mlx5: add flow_hw_get_reg_id_from_ctx() Gregory Etelson
2023-10-29 16:31 ` [PATCH 03/30] net/mlx5/hws: Definer, use flow_hw_get_reg_id_from_ctx function call Gregory Etelson
2023-10-29 16:31 ` [PATCH 04/30] net/mlx5: add rte_device parameter to locate HWS registers Gregory Etelson
2023-11-05 20:27 ` Thomas Monjalon
2023-10-29 16:31 ` [PATCH 05/30] net/mlx5: separate port REG_C registers usage Gregory Etelson
2023-10-29 16:31 ` [PATCH 06/30] net/mlx5: merge REG_C aliases Gregory Etelson
2023-10-29 16:31 ` [PATCH 07/30] net/mlx5: initialize HWS flow tags registers in shared dev context Gregory Etelson
2023-10-29 16:31 ` [PATCH 08/30] net/mlx5/hws: adding method to query rule hash Gregory Etelson
2023-10-29 16:31 ` [PATCH 09/30] net/mlx5: add support for calc hash Gregory Etelson
2023-10-29 16:31 ` [PATCH 10/30] net/mlx5: fix insert by index Gregory Etelson
2023-10-29 16:31 ` [PATCH 11/30] net/mlx5: fix query for NIC flow cap Gregory Etelson
2023-10-29 16:31 ` [PATCH 12/30] net/mlx5: add support for more registers Gregory Etelson
2023-10-29 16:31 ` [PATCH 13/30] net/mlx5: add validation support for tags Gregory Etelson
2023-10-29 16:31 ` [PATCH 14/30] net/mlx5: reuse reformat and modify header actions in a table Gregory Etelson
2023-10-29 16:31 ` [PATCH 15/30] net/mlx5/hws: check the rule status on rule update Gregory Etelson
2023-10-29 16:31 ` [PATCH 16/30] net/mlx5/hws: support IPsec encryption/decryption action Gregory Etelson
2023-10-29 16:31 ` Gregory Etelson [this message]
2023-10-29 16:31 ` [PATCH 18/30] net/mlx5/hws: support reformat trailer action Gregory Etelson
2023-10-29 16:31 ` [PATCH 19/30] net/mlx5/hws: support ASO first hit action Gregory Etelson
2023-10-29 16:31 ` [PATCH 20/30] net/mlx5/hws: support insert header action Gregory Etelson
2023-10-29 16:31 ` [PATCH 21/30] net/mlx5/hws: support remove " Gregory Etelson
2023-10-29 16:31 ` [PATCH 22/30] net/mlx5/hws: allow jump to TIR over FDB Gregory Etelson
2023-10-29 16:31 ` [PATCH 23/30] net/mlx5/hws: support dynamic re-parse Gregory Etelson
2023-10-29 16:31 ` [PATCH 24/30] net/mlx5/hws: dynamic re-parse for modify header Gregory Etelson
2023-10-29 16:31 ` [PATCH 25/30] net/mlx5: sample the srv6 last segment Gregory Etelson
2023-10-29 16:31 ` [PATCH 26/30] net/mlx5/hws: fix potential wrong errno value Gregory Etelson
2023-10-29 16:31 ` [PATCH 27/30] net/mlx5/hws: add IPv6 routing extension push remove actions Gregory Etelson
2023-10-29 16:32 ` [PATCH 28/30] net/mlx5/hws: add setter for IPv6 routing push remove Gregory Etelson
2023-10-29 16:32 ` [PATCH 29/30] net/mlx5: implement " Gregory Etelson
2023-10-29 16:32 ` [PATCH 30/30] net/mlx5/hws: add stc reparse support for srv6 push pop Gregory Etelson
2023-11-05 18:49 ` [PATCH 01/30] net/mlx5/hws: Definer, add mlx5dr context to definer_conv_data Thomas Monjalon
2023-11-06 7:32 ` Etelson, Gregory
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231029163202.216450-17-getelson@nvidia.com \
--to=getelson@nvidia.com \
--cc=dev@dpdk.org \
--cc=hamdani@nvidia.com \
--cc=matan@nvidia.com \
--cc=mkashani@nvidia.com \
--cc=orika@nvidia.com \
--cc=rasland@nvidia.com \
--cc=suanmingm@nvidia.com \
--cc=valex@nvidia.com \
--cc=viacheslavo@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).