diff --git a/drivers/crypto/octeontx2/Makefile b/drivers/crypto/octeontx2/Makefile index 3ba67ed0c3..1458e2b72f 100644 --- a/drivers/crypto/octeontx2/Makefile +++ b/drivers/crypto/octeontx2/Makefile @@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a CFLAGS += $(WERROR_FLAGS) LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring -LDLIBS += -lrte_cryptodev +LDLIBS += -lrte_cryptodev -lrte_security LDLIBS += -lrte_pci -lrte_bus_pci LDLIBS += -lrte_common_cpt -lrte_common_octeontx2 @@ -20,6 +20,7 @@ VPATH += $(RTE_SDK)/drivers/crypto/octeontx2 CFLAGS += -O3 CFLAGS += -I$(RTE_SDK)/drivers/common/cpt CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2 +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2 CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2 CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2 CFLAGS += -DALLOW_EXPERIMENTAL_API diff --git a/drivers/crypto/octeontx2/meson.build b/drivers/crypto/octeontx2/meson.build index 67deca3ae4..a5317990a7 100644 --- a/drivers/crypto/octeontx2/meson.build +++ b/drivers/crypto/octeontx2/meson.build @@ -9,6 +9,7 @@ deps += ['bus_pci'] deps += ['common_cpt'] deps += ['common_octeontx2'] deps += ['ethdev'] +deps += ['security'] name = 'octeontx2_crypto' allow_experimental_apis = true @@ -32,5 +33,6 @@ endforeach includes += include_directories('../../common/cpt') includes += include_directories('../../common/octeontx2') +includes += include_directories('../../crypto/octeontx2') includes += include_directories('../../mempool/octeontx2') includes += include_directories('../../net/octeontx2') diff --git a/drivers/event/octeontx2/Makefile b/drivers/event/octeontx2/Makefile index 6dab69c590..bcd22ee8cd 100644 --- a/drivers/event/octeontx2/Makefile +++ b/drivers/event/octeontx2/Makefile @@ -11,6 +11,7 @@ LIB = librte_pmd_octeontx2_event.a CFLAGS += $(WERROR_FLAGS) CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2 +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2 CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2 CFLAGS += -I$(RTE_SDK)/drivers/event/octeontx2 CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2 diff --git a/drivers/event/octeontx2/meson.build b/drivers/event/octeontx2/meson.build index 807818b30d..56febb8d86 100644 --- a/drivers/event/octeontx2/meson.build +++ b/drivers/event/octeontx2/meson.build @@ -32,3 +32,5 @@ foreach flag: extra_flags endforeach deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2', 'pmd_octeontx2'] + +includes += include_directories('../../crypto/octeontx2') diff --git a/drivers/net/octeontx2/otx2_rx.h b/drivers/net/octeontx2/otx2_rx.h index 351ad0fcb4..eac47170a8 100644 --- a/drivers/net/octeontx2/otx2_rx.h +++ b/drivers/net/octeontx2/otx2_rx.h @@ -5,6 +5,12 @@ #ifndef __OTX2_RX_H__ #define __OTX2_RX_H__ +#include + +#include "otx2_common.h" +#include "otx2_ethdev_sec.h" +#include "otx2_ipsec_fp.h" + /* Default mark value used when none is provided. */ #define OTX2_FLOW_ACTION_FLAG_DEFAULT 0xffff @@ -31,6 +37,12 @@ #define NIX_RX_MULTI_SEG_F BIT(15) #define NIX_TIMESYNC_RX_OFFSET 8 +/* Inline IPsec offsets */ + +#define INLINE_INB_RPTR_HDR 16 +/* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */ +#define INLINE_CPT_RESULT_OFFSET 80 + struct otx2_timesync_info { uint64_t rx_tstamp; rte_iova_t tx_tstamp_iova; @@ -190,6 +202,60 @@ nix_cqe_xtract_mseg(const struct nix_rx_parse_s *rx, } } +static __rte_always_inline uint16_t +nix_rx_sec_cptres_get(const void *cq) +{ + volatile const struct otx2_cpt_res *res; + + res = (volatile const struct otx2_cpt_res *)((const char *)cq + + INLINE_CPT_RESULT_OFFSET); + + return res->u16[0]; +} + +static __rte_always_inline void * +nix_rx_sec_sa_get(const void * const lookup_mem, int spi, uint16_t port) +{ + const uint64_t *const *sa_tbl = (const uint64_t * const *) + ((const uint8_t *)lookup_mem + OTX2_NIX_SA_TBL_START); + + return (void *)sa_tbl[port][spi]; +} + +static __rte_always_inline uint64_t +nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m, + const void * const lookup_mem) +{ + struct otx2_ipsec_fp_in_sa *sa; + struct rte_ipv4_hdr *ipv4; + uint16_t m_len; + uint32_t spi; + char *data; + + if (unlikely(nix_rx_sec_cptres_get(cq) != OTX2_SEC_COMP_GOOD)) + return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED; + + /* 20 bits of tag would have the SPI */ + spi = cq->tag & 0xFFFFF; + + sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port); + m->udata64 = (uint64_t)sa->userdata; + + data = rte_pktmbuf_mtod(m, char *); + memcpy(data + INLINE_INB_RPTR_HDR, data, RTE_ETHER_HDR_LEN); + + m->data_off += INLINE_INB_RPTR_HDR; + + ipv4 = (struct rte_ipv4_hdr *)(data + INLINE_INB_RPTR_HDR + + RTE_ETHER_HDR_LEN); + + m_len = rte_be_to_cpu_16(ipv4->total_length) + RTE_ETHER_HDR_LEN; + + m->data_len = m_len; + m->pkt_len = m_len; + return PKT_RX_SEC_OFFLOAD; +} + static __rte_always_inline void otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag, struct rte_mbuf *mbuf, const void *lookup_mem, @@ -231,6 +297,13 @@ otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag, if (flag & NIX_RX_OFFLOAD_MARK_UPDATE_F) ol_flags = nix_update_match_id(rx->match_id, ol_flags, mbuf); + if (cq->cqe_type == NIX_XQE_TYPE_RX_IPSECH) { + *(uint64_t *)(&mbuf->rearm_data) = val; + ol_flags |= nix_rx_sec_mbuf_update(cq, mbuf, lookup_mem); + mbuf->ol_flags = ol_flags; + return; + } + mbuf->ol_flags = ol_flags; *(uint64_t *)(&mbuf->rearm_data) = val; mbuf->pkt_len = len;