From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 311B243238; Sun, 29 Oct 2023 17:34:58 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CBB0642D2B; Sun, 29 Oct 2023 17:33:28 +0100 (CET) Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2066.outbound.protection.outlook.com [40.107.100.66]) by mails.dpdk.org (Postfix) with ESMTP id D7D0240E54 for ; Sun, 29 Oct 2023 17:33:26 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GnNb5Yl9kzJHUdBUyKrNWmvVUFL7/qu1wlei/fHOXHT6RqMPpamqlWnp0Q633kgIVFUijPEU400ESRqaXmvPMZ8c34CbTDZs9kcbPTV7OO8LQyiwspZUkCNR4D5E6RhsGMzB6pRkvK0OjeBUsHPUi5VPoSStmiCRSKzpUV6LzWrceVLkBrQpLLUvqtFUZck/XGkTsJtE3fIahKB5/FcqPNNTYwXtSMOVkr14iF9YyF+CDcMkeuMI5YjfyjkGLtwFxer3N8Jk/GpMd/6VkLB3Uoo67oh0bU0OfoJhrYWC+IpGubJScsQPBmxput+VoiCNucWyXtpYmL/Fb5Ae0aAjtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gmZiSWiQdqjmljkECe/f5+0HEBA3T8CwsdsNSc7scTc=; b=VAw6G6NlL5xDzGs/voH6YTXqQs2C0TRJHP+hkmGRq9l+N6I4i9eDpLZZVaf9KVaAs84R5n2XJoJ1S4iOthMpJSjvtxNoKJ/Dz4fpnoU8Eow9PPavXGD/KZhB1zUfqwu3CZQ+zqpdJKzMXVLUMxXra2FD/7bYzbgJgVeQX/+Nq1XK5q70qahLP0ZmMWzsr9wvihc7GAzHROLn5s2hgdxkhHLgr0wKd/ZaR3QA4RDNA+L+LQ5bGsdARtLumaOsHMa1SO8xKQI+FegSyUGFqF57qjOhcLutupnFUhbgoNlFWyITPHbsv3CQgN0RE+KJdmIS5CiuHH9I/ObUXGGP4FQAYQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gmZiSWiQdqjmljkECe/f5+0HEBA3T8CwsdsNSc7scTc=; b=SaBSro2CT+1Y4DYs02lnxaC2Xx0WT27RYUOQfsMFO09lxWAVSLzejHTOpjcxzJ/7ai5JW3p6wYz9AsTKh3u+ZfdjLrO+9VRylPbunvWrcZvpiFgXtpddMgjwpQpE6ZSNLToZpmUga6ZORdruglDGgtH4HuIdSXxK/sAjnEC5uVcNTJ2yNaRd6HCXkAa4fkTvf9Qmvud7nMxji2UjN1yEngVlv9bvmYUR2wZJ8JC6H1QeyH1HYPFYOMRjk64rH68Y30nmKX/ooNDt904fhCROuQmHJiz10T8FlFzhjTkJLm9W9jhnfElOHBnoXReRKC4ZeB8W0Cfq2INfr4kw8fS3SQ== Received: from BYAPR02CA0069.namprd02.prod.outlook.com (2603:10b6:a03:54::46) by DS0PR12MB6629.namprd12.prod.outlook.com (2603:10b6:8:d3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.24; Sun, 29 Oct 2023 16:33:23 +0000 Received: from CO1PEPF000044F4.namprd05.prod.outlook.com (2603:10b6:a03:54:cafe::7d) by BYAPR02CA0069.outlook.office365.com (2603:10b6:a03:54::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.26 via Frontend Transport; Sun, 29 Oct 2023 16:33:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by CO1PEPF000044F4.mail.protection.outlook.com (10.167.241.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.22 via Frontend Transport; Sun, 29 Oct 2023 16:33:22 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 29 Oct 2023 09:33:11 -0700 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Sun, 29 Oct 2023 09:33:08 -0700 From: Gregory Etelson To: CC: , , , "Hamdan Igbaria" , Alex Vesker , Matan Azrad , Viacheslav Ovsiienko , Ori Kam , Suanming Mou Subject: [PATCH 17/30] net/mlx5/hws: support ASO IPsec action Date: Sun, 29 Oct 2023 18:31:49 +0200 Message-ID: <20231029163202.216450-17-getelson@nvidia.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231029163202.216450-1-getelson@nvidia.com> References: <20231029163202.216450-1-getelson@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F4:EE_|DS0PR12MB6629:EE_ X-MS-Office365-Filtering-Correlation-Id: 47410b70-0adf-4567-bd7c-08dbd89cc48e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SCaKlubJlRfBSQflcpXrTxyLuZPpnMqKc/DWOc0CQ6A2MTO5LhhHZgnx5fg/Go7Y0bXHY5puHFdkanX72m/v42wHfybd2b50fKL/PvQ9HxQ+k1lGTlRk1xKJEkBxxHLO8mqu2ImSQ0VQ8hSKJ5KRLeYbMyzTNgbUhyhyWJ6QM8k5/ILHJ2XUBl5vogU47THizimvQLZgdKZjw4D3rIAkpYr9Fzc0qWi53B1XJNZECVMN+2APRl7qLZ3z85vdmkJVLXTKBhBkv+jUAlQfuL6qvMIJ/xYY4qZJXowUa5QW2ORS+ahuRGBVaf2FXiSCstKxk5oZRiVV3+8ngy3VV3eHxCsgBJ2zklgy1vSnuV5UKbW2AyBOGgX94ugXHcdXJmftvgJbVWIF3VTO88SrtlrNHQtVJwLGK+N4VHRBC3uUSR7C05cENUnqVPieFUDMWgS8u3yxBCURjm0cj/dXFy6QYJfdBZX9SHypzPDQMSsaJ6Zz4Trh4/EQInxPbzCAAybbKlrdVFpV8pz3eMUPoZ6cBRmqc3Xd89gjAmtBPPMTIng8pYcqVk8gntMV773q/d+WT3+QbgmbqH+4d12JMCZZ76SAcA0dYcnVsBDik2UYWxcZz7+c4iwsI+ZRTbeg4hQIAhHr1BxIoXMdD8tLvSwosBV/NAHOtZWML3C0nyDK9WBeeIlPDsG1yMrmn/yj1zm4kPqldVWvMqfikZ3TnDzW+Xa3wVMmDCyuKabgbUAHdRkHWhV6ROkt2ZR7/S/iI+gc X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(376002)(39860400002)(346002)(396003)(136003)(230922051799003)(1800799009)(451199024)(82310400011)(186009)(64100799003)(46966006)(40470700004)(36840700001)(47076005)(40480700001)(55016003)(40460700003)(70206006)(1076003)(83380400001)(6286002)(16526019)(26005)(2616005)(5660300002)(7636003)(336012)(82740400003)(36860700001)(426003)(356005)(70586007)(54906003)(316002)(6916009)(6666004)(41300700001)(8676002)(8936002)(7696005)(478600001)(2906002)(4326008)(36756003)(86362001)(107886003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Oct 2023 16:33:22.6306 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 47410b70-0adf-4567-bd7c-08dbd89cc48e X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F4.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB6629 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Hamdan Igbaria Support ASO IPsec action, this action will allow performing some of ipsec full offload operations, for example replay protection and sequence number incrementation. In Tx flow this action used before encrypting the packet to increase the sequence number. In Rx flow this action used after decrypting the packet to check it against the replay protection window for validity. Signed-off-by: Hamdan Igbaria Reviewed-by: Alex Vesker Acked-by: Matan Azrad --- drivers/common/mlx5/mlx5_prm.h | 1 + drivers/net/mlx5/hws/mlx5dr.h | 23 ++++++++++++++++++++ drivers/net/mlx5/hws/mlx5dr_action.c | 32 +++++++++++++++++++++++++--- drivers/net/mlx5/hws/mlx5dr_debug.c | 1 + 4 files changed, 54 insertions(+), 3 deletions(-) diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h index 0eecf0691b..31ebec7bcf 100644 --- a/drivers/common/mlx5/mlx5_prm.h +++ b/drivers/common/mlx5/mlx5_prm.h @@ -3539,6 +3539,7 @@ struct mlx5_ifc_stc_ste_param_flow_counter_bits { enum { MLX5_ASO_CT_NUM_PER_OBJ = 1, MLX5_ASO_METER_NUM_PER_OBJ = 2, + MLX5_ASO_IPSEC_NUM_PER_OBJ = 1, }; struct mlx5_ifc_stc_ste_param_execute_aso_bits { diff --git a/drivers/net/mlx5/hws/mlx5dr.h b/drivers/net/mlx5/hws/mlx5dr.h index 74d05229c7..bd352fa26d 100644 --- a/drivers/net/mlx5/hws/mlx5dr.h +++ b/drivers/net/mlx5/hws/mlx5dr.h @@ -45,6 +45,7 @@ enum mlx5dr_action_type { MLX5DR_ACTION_TYP_PUSH_VLAN, MLX5DR_ACTION_TYP_ASO_METER, MLX5DR_ACTION_TYP_ASO_CT, + MLX5DR_ACTION_TYP_ASO_IPSEC, MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT, MLX5DR_ACTION_TYP_CRYPTO_DECRYPT, MLX5DR_ACTION_TYP_DEST_ROOT, @@ -235,6 +236,10 @@ struct mlx5dr_rule_action { enum mlx5dr_action_aso_ct_flags direction; } aso_ct; + struct { + uint32_t offset; + } aso_ipsec; + struct { uint32_t offset; } crypto; @@ -659,6 +664,24 @@ mlx5dr_action_create_aso_ct(struct mlx5dr_context *ctx, uint8_t return_reg_id, uint32_t flags); +/* Create direct rule ASO IPSEC action. + * + * @param[in] ctx + * The context in which the new action will be created. + * @param[in] devx_obj + * The DEVX ASO object. + * @param[in] return_reg_id + * Copy the ASO object value into this reg_id, after a packet hits a rule with this ASO object. + * @param[in] flags + * Action creation flags. (enum mlx5dr_action_flags) + * @return pointer to mlx5dr_action on success NULL otherwise. + */ +struct mlx5dr_action * +mlx5dr_action_create_aso_ipsec(struct mlx5dr_context *ctx, + struct mlx5dr_devx_obj *devx_obj, + uint8_t return_reg_id, + uint32_t flags); + /* Create direct rule pop vlan action. * @param[in] ctx * The context in which the new action will be created. diff --git a/drivers/net/mlx5/hws/mlx5dr_action.c b/drivers/net/mlx5/hws/mlx5dr_action.c index 4910b4f730..956909a628 100644 --- a/drivers/net/mlx5/hws/mlx5dr_action.c +++ b/drivers/net/mlx5/hws/mlx5dr_action.c @@ -9,11 +9,11 @@ #define MLX5DR_ACTION_METER_INIT_COLOR_OFFSET 1 /* This is the maximum allowed action order for each table type: - * TX: POP_VLAN, CTR, ASO_METER, AS_CT, PUSH_VLAN, MODIFY, ENCAP, ENCRYPT, + * TX: POP_VLAN, CTR, ASO, PUSH_VLAN, MODIFY, ENCAP, ENCRYPT, * Term - * RX: TAG, DECAP, POP_VLAN, CTR, DECRYPT, ASO_METER, ASO_CT, PUSH_VLAN, + * RX: TAG, DECAP, POP_VLAN, CTR, DECRYPT, ASO, PUSH_VLAN, * MODIFY, ENCAP, Term - * FDB: DECAP, POP_VLAN, CTR, DECRYPT, ASO_METER, ASO_CT, PUSH_VLAN, MODIFY, + * FDB: DECAP, POP_VLAN, CTR, DECRYPT, ASO, PUSH_VLAN, MODIFY, * ENCAP, ENCRYPT, Term */ static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_MAX] = { @@ -27,6 +27,7 @@ static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_ BIT(MLX5DR_ACTION_TYP_CRYPTO_DECRYPT), BIT(MLX5DR_ACTION_TYP_ASO_METER), BIT(MLX5DR_ACTION_TYP_ASO_CT), + BIT(MLX5DR_ACTION_TYP_ASO_IPSEC), BIT(MLX5DR_ACTION_TYP_PUSH_VLAN), BIT(MLX5DR_ACTION_TYP_PUSH_VLAN), BIT(MLX5DR_ACTION_TYP_MODIFY_HDR), @@ -46,6 +47,7 @@ static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_ BIT(MLX5DR_ACTION_TYP_CTR), BIT(MLX5DR_ACTION_TYP_ASO_METER), BIT(MLX5DR_ACTION_TYP_ASO_CT), + BIT(MLX5DR_ACTION_TYP_ASO_IPSEC), BIT(MLX5DR_ACTION_TYP_PUSH_VLAN), BIT(MLX5DR_ACTION_TYP_PUSH_VLAN), BIT(MLX5DR_ACTION_TYP_MODIFY_HDR), @@ -67,6 +69,7 @@ static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_ BIT(MLX5DR_ACTION_TYP_CRYPTO_DECRYPT), BIT(MLX5DR_ACTION_TYP_ASO_METER), BIT(MLX5DR_ACTION_TYP_ASO_CT), + BIT(MLX5DR_ACTION_TYP_ASO_IPSEC), BIT(MLX5DR_ACTION_TYP_PUSH_VLAN), BIT(MLX5DR_ACTION_TYP_PUSH_VLAN), BIT(MLX5DR_ACTION_TYP_MODIFY_HDR), @@ -642,6 +645,13 @@ static void mlx5dr_action_fill_stc_attr(struct mlx5dr_action *action, attr->aso.devx_obj_id = obj->id; attr->aso.return_reg_id = action->aso.return_reg_id; break; + case MLX5DR_ACTION_TYP_ASO_IPSEC: + attr->action_offset = MLX5DR_ACTION_OFFSET_DW6; + attr->action_type = MLX5_IFC_STC_ACTION_TYPE_ASO; + attr->aso.aso_type = ASO_OPC_MOD_IPSEC; + attr->aso.devx_obj_id = obj->id; + attr->aso.return_reg_id = action->aso.return_reg_id; + break; case MLX5DR_ACTION_TYP_VPORT: attr->action_offset = MLX5DR_ACTION_OFFSET_HIT; attr->action_type = MLX5_IFC_STC_ACTION_TYPE_JUMP_TO_VPORT; @@ -1076,6 +1086,16 @@ mlx5dr_action_create_aso_ct(struct mlx5dr_context *ctx, devx_obj, return_reg_id, flags); } +struct mlx5dr_action * +mlx5dr_action_create_aso_ipsec(struct mlx5dr_context *ctx, + struct mlx5dr_devx_obj *devx_obj, + uint8_t return_reg_id, + uint32_t flags) +{ + return mlx5dr_action_create_aso(ctx, MLX5DR_ACTION_TYP_ASO_IPSEC, + devx_obj, return_reg_id, flags); +} + struct mlx5dr_action * mlx5dr_action_create_counter(struct mlx5dr_context *ctx, struct mlx5dr_devx_obj *obj, @@ -2079,6 +2099,7 @@ static void mlx5dr_action_destroy_hws(struct mlx5dr_action *action) case MLX5DR_ACTION_TYP_REFORMAT_TNL_L2_TO_L2: case MLX5DR_ACTION_TYP_ASO_METER: case MLX5DR_ACTION_TYP_ASO_CT: + case MLX5DR_ACTION_TYP_ASO_IPSEC: case MLX5DR_ACTION_TYP_PUSH_VLAN: case MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT: case MLX5DR_ACTION_TYP_CRYPTO_DECRYPT: @@ -2490,6 +2511,10 @@ mlx5dr_action_setter_aso(struct mlx5dr_actions_apply_data *apply, offset = rule_action->aso_ct.offset / MLX5_ASO_CT_NUM_PER_OBJ; exe_aso_ctrl = rule_action->aso_ct.direction; break; + case MLX5DR_ACTION_TYP_ASO_IPSEC: + offset = rule_action->aso_ipsec.offset / MLX5_ASO_IPSEC_NUM_PER_OBJ; + exe_aso_ctrl = 0; + break; default: DR_LOG(ERR, "Unsupported ASO action type: %d", rule_action->action->type); rte_errno = ENOTSUP; @@ -2679,6 +2704,7 @@ int mlx5dr_action_template_process(struct mlx5dr_action_template *at) case MLX5DR_ACTION_TYP_ASO_METER: case MLX5DR_ACTION_TYP_ASO_CT: + case MLX5DR_ACTION_TYP_ASO_IPSEC: setter = mlx5dr_action_setter_find_first(last_setter, ASF_DOUBLE); setter->flags |= ASF_DOUBLE; setter->set_double = &mlx5dr_action_setter_aso; diff --git a/drivers/net/mlx5/hws/mlx5dr_debug.c b/drivers/net/mlx5/hws/mlx5dr_debug.c index 8cf3909606..74893f61fb 100644 --- a/drivers/net/mlx5/hws/mlx5dr_debug.c +++ b/drivers/net/mlx5/hws/mlx5dr_debug.c @@ -22,6 +22,7 @@ const char *mlx5dr_debug_action_type_str[] = { [MLX5DR_ACTION_TYP_PUSH_VLAN] = "PUSH_VLAN", [MLX5DR_ACTION_TYP_ASO_METER] = "ASO_METER", [MLX5DR_ACTION_TYP_ASO_CT] = "ASO_CT", + [MLX5DR_ACTION_TYP_ASO_IPSEC] = "ASO_IPSEC", [MLX5DR_ACTION_TYP_DEST_ROOT] = "DEST_ROOT", [MLX5DR_ACTION_TYP_DEST_ARRAY] = "DEST_ARRAY", [MLX5DR_ACTION_TYP_CRYPTO_ENCRYPT] = "CRYPTO_ENCRYPT", -- 2.39.2