crypto/octeontx2: support lookaside IPsec IPv6
Adding IPv6 tunnel mode support in lookaside IPsec PMD. Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com> Acked-by: Anoob Joseph <anoobj@marvell.com>
This commit is contained in:
Tejasree Kondoj
Akhil Goyal
parent
880bc71de1
commit
4edede7bc6
@ -176,6 +176,7 @@ Features supported
|
|||||||
~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
* IPv4
|
* IPv4
|
||||||
|
* IPv6
|
||||||
* ESP
|
* ESP
|
||||||
* Tunnel mode
|
* Tunnel mode
|
||||||
* AES-128/192/256-GCM
|
* AES-128/192/256-GCM
|
||||||
|
|||||||
@ -156,6 +156,11 @@ New Features
|
|||||||
|
|
||||||
* Added support for AES-ECB 128, 192 and 256 in aesni_mb PMD.
|
* Added support for AES-ECB 128, 192 and 256 in aesni_mb PMD.
|
||||||
|
|
||||||
|
* **Updated the OCTEON TX2 crypto PMD.**
|
||||||
|
|
||||||
|
* Updated the OCTEON TX2 crypto PMD lookaside protocol offload for IPsec with
|
||||||
|
IPv6 support.
|
||||||
|
|
||||||
* **Added Intel ACC100 bbdev PMD.**
|
* **Added Intel ACC100 bbdev PMD.**
|
||||||
|
|
||||||
Added a new ``acc100`` bbdev driver for the Intel\ |reg| ACC100 accelerator
|
Added a new ``acc100`` bbdev driver for the Intel\ |reg| ACC100 accelerator
|
||||||
|
|||||||
@ -36,7 +36,7 @@ struct otx2_cpt_vf {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct cpt_meta_info {
|
struct cpt_meta_info {
|
||||||
uint64_t deq_op_info[4];
|
uint64_t deq_op_info[5];
|
||||||
uint64_t comp_code_sz;
|
uint64_t comp_code_sz;
|
||||||
union cpt_res_s cpt_res __rte_aligned(16);
|
union cpt_res_s cpt_res __rte_aligned(16);
|
||||||
struct cpt_request_info cpt_req;
|
struct cpt_request_info cpt_req;
|
||||||
|
|||||||
@ -842,6 +842,7 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
|
|||||||
vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
|
vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
|
||||||
struct rte_crypto_sym_op *sym_op = cop->sym;
|
struct rte_crypto_sym_op *sym_op = cop->sym;
|
||||||
struct rte_mbuf *m = sym_op->m_src;
|
struct rte_mbuf *m = sym_op->m_src;
|
||||||
|
struct rte_ipv6_hdr *ip6;
|
||||||
struct rte_ipv4_hdr *ip;
|
struct rte_ipv4_hdr *ip;
|
||||||
uint16_t m_len;
|
uint16_t m_len;
|
||||||
int mdata_len;
|
int mdata_len;
|
||||||
@ -852,9 +853,17 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
|
|||||||
|
|
||||||
if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
|
if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
|
||||||
data = rte_pktmbuf_mtod(m, char *);
|
data = rte_pktmbuf_mtod(m, char *);
|
||||||
ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR);
|
|
||||||
|
|
||||||
m_len = rte_be_to_cpu_16(ip->total_length);
|
if (rsp[4] == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
|
||||||
|
ip = (struct rte_ipv4_hdr *)(data +
|
||||||
|
OTX2_IPSEC_PO_INB_RPTR_HDR);
|
||||||
|
m_len = rte_be_to_cpu_16(ip->total_length);
|
||||||
|
} else {
|
||||||
|
ip6 = (struct rte_ipv6_hdr *)(data +
|
||||||
|
OTX2_IPSEC_PO_INB_RPTR_HDR);
|
||||||
|
m_len = rte_be_to_cpu_16(ip6->payload_len) +
|
||||||
|
sizeof(struct rte_ipv6_hdr);
|
||||||
|
}
|
||||||
|
|
||||||
m->data_len = m_len;
|
m->data_len = m_len;
|
||||||
m->pkt_len = m_len;
|
m->pkt_len = m_len;
|
||||||
|
|||||||
@ -25,7 +25,12 @@ ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec,
|
|||||||
{
|
{
|
||||||
struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
|
struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
|
||||||
|
|
||||||
lp->partial_len = sizeof(struct rte_ipv4_hdr);
|
if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)
|
||||||
|
lp->partial_len = sizeof(struct rte_ipv4_hdr);
|
||||||
|
else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6)
|
||||||
|
lp->partial_len = sizeof(struct rte_ipv6_hdr);
|
||||||
|
else
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {
|
if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {
|
||||||
lp->partial_len += sizeof(struct rte_esp_hdr);
|
lp->partial_len += sizeof(struct rte_esp_hdr);
|
||||||
@ -203,6 +208,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
|
|||||||
struct otx2_ipsec_po_out_sa *sa;
|
struct otx2_ipsec_po_out_sa *sa;
|
||||||
struct otx2_sec_session *sess;
|
struct otx2_sec_session *sess;
|
||||||
struct otx2_cpt_inst_s inst;
|
struct otx2_cpt_inst_s inst;
|
||||||
|
struct rte_ipv6_hdr *ip6;
|
||||||
struct rte_ipv4_hdr *ip;
|
struct rte_ipv4_hdr *ip;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
@ -222,6 +228,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
|
|||||||
lp->ip_id = 0;
|
lp->ip_id = 0;
|
||||||
lp->seq_lo = 1;
|
lp->seq_lo = 1;
|
||||||
lp->seq_hi = 0;
|
lp->seq_hi = 0;
|
||||||
|
lp->tunnel_type = ipsec->tunnel.type;
|
||||||
|
|
||||||
ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
|
ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
|
||||||
if (ret)
|
if (ret)
|
||||||
@ -254,6 +261,24 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
|
|||||||
sizeof(struct in_addr));
|
sizeof(struct in_addr));
|
||||||
memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip,
|
memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip,
|
||||||
sizeof(struct in_addr));
|
sizeof(struct in_addr));
|
||||||
|
} else if (ipsec->tunnel.type ==
|
||||||
|
RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
|
||||||
|
ip6 = &sa->template.ipv6_hdr;
|
||||||
|
ip6->vtc_flow = rte_cpu_to_be_32(0x60000000 |
|
||||||
|
((ipsec->tunnel.ipv6.dscp <<
|
||||||
|
RTE_IPV6_HDR_TC_SHIFT) &
|
||||||
|
RTE_IPV6_HDR_TC_MASK) |
|
||||||
|
((ipsec->tunnel.ipv6.flabel <<
|
||||||
|
RTE_IPV6_HDR_FL_SHIFT) &
|
||||||
|
RTE_IPV6_HDR_FL_MASK));
|
||||||
|
ip6->hop_limits = ipsec->tunnel.ipv6.hlimit;
|
||||||
|
ip6->proto = (ipsec->proto ==
|
||||||
|
RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
|
||||||
|
IPPROTO_ESP : IPPROTO_AH;
|
||||||
|
memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr,
|
||||||
|
sizeof(struct in6_addr));
|
||||||
|
memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr,
|
||||||
|
sizeof(struct in6_addr));
|
||||||
} else {
|
} else {
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
@ -342,6 +367,7 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
|
|||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
lp->tunnel_type = ipsec->tunnel.type;
|
||||||
auth_xform = crypto_xform;
|
auth_xform = crypto_xform;
|
||||||
cipher_xform = crypto_xform->next;
|
cipher_xform = crypto_xform->next;
|
||||||
|
|
||||||
|
|||||||
@ -55,6 +55,8 @@ struct otx2_sec_session_ipsec_lp {
|
|||||||
uint8_t iv_length;
|
uint8_t iv_length;
|
||||||
/** Auth IV length in bytes */
|
/** Auth IV length in bytes */
|
||||||
uint8_t auth_iv_length;
|
uint8_t auth_iv_length;
|
||||||
|
/** IPsec tunnel type */
|
||||||
|
enum rte_security_ipsec_tunnel_type tunnel_type;
|
||||||
};
|
};
|
||||||
|
|
||||||
int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
|
int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
|
||||||
|
|||||||
@ -319,7 +319,7 @@ ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;
|
ctl->inner_ip_ver = ctl->outer_ip_ver;
|
||||||
|
|
||||||
if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
|
if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
|
||||||
ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT;
|
ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT;
|
||||||
|
|||||||
@ -25,7 +25,8 @@ otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static __rte_always_inline struct cpt_request_info *
|
static __rte_always_inline struct cpt_request_info *
|
||||||
alloc_request_struct(char *maddr, void *cop, int mdata_len)
|
alloc_request_struct(char *maddr, void *cop, int mdata_len,
|
||||||
|
enum rte_security_ipsec_tunnel_type tunnel_type)
|
||||||
{
|
{
|
||||||
struct cpt_request_info *req;
|
struct cpt_request_info *req;
|
||||||
struct cpt_meta_info *meta;
|
struct cpt_meta_info *meta;
|
||||||
@ -47,6 +48,7 @@ alloc_request_struct(char *maddr, void *cop, int mdata_len)
|
|||||||
op[1] = (uintptr_t)cop;
|
op[1] = (uintptr_t)cop;
|
||||||
op[2] = (uintptr_t)req;
|
op[2] = (uintptr_t)req;
|
||||||
op[3] = mdata_len;
|
op[3] = mdata_len;
|
||||||
|
op[4] = tunnel_type;
|
||||||
|
|
||||||
return req;
|
return req;
|
||||||
}
|
}
|
||||||
@ -86,7 +88,8 @@ process_outb_sa(struct rte_crypto_op *cop,
|
|||||||
}
|
}
|
||||||
|
|
||||||
mdata += extend_tail; /* mdata follows encrypted data */
|
mdata += extend_tail; /* mdata follows encrypted data */
|
||||||
req = alloc_request_struct(mdata, (void *)cop, mdata_len);
|
req = alloc_request_struct(mdata, (void *)cop, mdata_len,
|
||||||
|
sess->tunnel_type);
|
||||||
|
|
||||||
data = rte_pktmbuf_prepend(m_src, extend_head);
|
data = rte_pktmbuf_prepend(m_src, extend_head);
|
||||||
if (unlikely(data == NULL)) {
|
if (unlikely(data == NULL)) {
|
||||||
@ -157,7 +160,8 @@ process_inb_sa(struct rte_crypto_op *cop,
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
req = alloc_request_struct(mdata, (void *)cop, mdata_len);
|
req = alloc_request_struct(mdata, (void *)cop, mdata_len,
|
||||||
|
sess->tunnel_type);
|
||||||
|
|
||||||
/* Prepare CPT instruction */
|
/* Prepare CPT instruction */
|
||||||
word0.u64 = sess->ucmd_w0;
|
word0.u64 = sess->ucmd_w0;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user