common/cnxk: support UDP port verification

Adding support to verify UDP encapsulation ports in IPsec inbound. Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-09-29 08:55:13 +05:30 · 2021-09-29 08:55:13 +05:30 · 2d5ca27281
commit 2d5ca27281
parent f7e3aa693d
3 changed files with 6 additions and 2 deletions
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@ -303,6 +303,9 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
 		sa->w10.s.udp_dst_port = 4500;
 	}

+	if (ipsec_xfrm->options.udp_ports_verify)
+		sa->w2.s.udp_ports_verify = 1;
+
 	offset = offsetof(struct roc_ot_ipsec_inb_sa, ctx);
 	/* Word offset for HW managed SA field */
 	sa->w0.s.hw_ctx_off = offset / 8;
--- a/drivers/common/cnxk/roc_ie_ot.h
+++ b/drivers/common/cnxk/roc_ie_ot.h
@ -184,7 +184,7 @@ union roc_ot_ipsec_sa_word2 {
 		uint64_t esn_en : 1;
 		uint64_t tport_l4_incr_csum : 1;
 		uint64_t ip_hdr_verify : 2;
-		uint64_t rsvd5 : 1;
+		uint64_t udp_ports_verify : 1;

 		uint64_t rsvd2 : 7;
 		uint64_t async_mode : 1;
@ -329,7 +329,7 @@ struct roc_ot_ipsec_inb_sa {
 			uint64_t esn_en : 1;
 			uint64_t tport_l4_incr_csum : 1;
 			uint64_t ip_hdr_verify : 2;
-			uint64_t rsvd5 : 1;
+			uint64_t udp_ports_verify : 1;

 			uint64_t rsvd6 : 7;
 			uint64_t async_mode : 1;
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@ -921,6 +921,7 @@ cn10k_sec_caps_update(struct rte_security_capability *sec_cap)
 		sec_cap->ipsec.options.iv_gen_disable = 1;
 #endif
 	} else {
+		sec_cap->ipsec.options.udp_ports_verify = 1;
 		if (sec_cap->ipsec.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
 			sec_cap->ipsec.options.tunnel_hdr_verify =
 				RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;