net/octeontx2: support non-ethernet L2 header

In the inline inound path, a custom header would be present at L3 which has sequence number & SPI. L2 need to be adjusted such that the eventual packet would have L3 after L2. Remove assumption of L2 type in this handling. Signed-off-by: Anoob Joseph <anoobj@marvell.com> Acked-by: Jerin Jacob <jerinj@marvell.com>
2021-07-01 14:59:29 +05:30 · 2021-07-01 14:59:29 +05:30 · ec8f303c65
commit ec8f303c65
parent 71c5085bfb
3 changed files with 42 additions and 25 deletions
--- a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
@ -166,8 +166,9 @@ anti_replay_check(struct otx2_ipsec_replay *replay, uint64_t seq,
 }

 static inline int
-cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
+cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, void *l3_ptr)
 {
+	struct otx2_ipsec_fp_res_hdr *hdr = l3_ptr;
 	uint64_t seq_in_sa;
 	uint32_t seqh = 0;
 	uint32_t seql;
@ -176,14 +177,12 @@ cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
 	int ret;

 	esn = sa->ctl.esn_en;
-	seql = rte_be_to_cpu_32(*((uint32_t *)(data +
-			OTX2_IPSEC_SEQNO_LO_INDEX)));
+	seql = rte_be_to_cpu_32(hdr->seq_no_lo);

 	if (!esn)
 		seq = (uint64_t)seql;
 	else {
-		seqh = rte_be_to_cpu_32(*((uint32_t *)(data +
-				OTX2_IPSEC_SEQNO_HI_INDEX)));
+		seqh = rte_be_to_cpu_32(hdr->seq_no_hi);
 		seq = ((uint64_t)seqh << 32) | seql;
 	}

--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
@ -10,14 +10,13 @@

 /* Macros for anti replay and ESN */
 #define OTX2_IPSEC_MAX_REPLAY_WIN_SZ	1024
-#define OTX2_IPSEC_SAINDEX_SZ		4
-#define OTX2_IPSEC_SEQNO_LO		4

-#define OTX2_IPSEC_SEQNO_LO_INDEX	(RTE_ETHER_HDR_LEN + \
-					 OTX2_IPSEC_SAINDEX_SZ)
-
-#define OTX2_IPSEC_SEQNO_HI_INDEX	(OTX2_IPSEC_SEQNO_LO_INDEX + \
-					 OTX2_IPSEC_SEQNO_LO)
+struct otx2_ipsec_fp_res_hdr {
+	uint32_t spi;
+	uint32_t seq_no_lo;
+	uint32_t seq_no_hi;
+	uint32_t rsvd;
+};

 enum {
 	OTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,
--- a/drivers/net/octeontx2/otx2_rx.h
+++ b/drivers/net/octeontx2/otx2_rx.h
@ -41,7 +41,6 @@

 /* Inline IPsec offsets */

-#define INLINE_INB_RPTR_HDR		16
 /* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */
 #define INLINE_CPT_RESULT_OFFSET	80

@ -239,14 +238,18 @@ nix_rx_sec_sa_get(const void * const lookup_mem, int spi, uint16_t port)
 }

 static __rte_always_inline uint64_t
-nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
+nix_rx_sec_mbuf_update(const struct nix_rx_parse_s *rx,
+		       const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
 		       const void * const lookup_mem)
 {
+	uint8_t *l2_ptr, *l3_ptr, *l2_ptr_actual, *l3_ptr_actual;
 	struct otx2_ipsec_fp_in_sa *sa;
-	struct rte_ipv4_hdr *ipv4;
-	uint16_t m_len;
+	uint16_t m_len, l2_len, ip_len;
+	struct rte_ipv6_hdr *ip6h;
+	struct rte_ipv4_hdr *iph;
+	uint16_t *ether_type;
 	uint32_t spi;
-	char *data;
+	int i;

 	if (unlikely(nix_rx_sec_cptres_get(cq) != OTX2_SEC_COMP_GOOD))
 		return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
@ -257,22 +260,38 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
 	sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port);
 	*rte_security_dynfield(m) = sa->udata64;

-	data = rte_pktmbuf_mtod(m, char *);
+	l2_ptr = rte_pktmbuf_mtod(m, uint8_t *);
+	l2_len = rx->lcptr - rx->laptr;
+	l3_ptr = RTE_PTR_ADD(l2_ptr, l2_len);

 	if (sa->replay_win_sz) {
-		if (cpt_ipsec_ip_antireplay_check(sa, data) < 0)
+		if (cpt_ipsec_ip_antireplay_check(sa, l3_ptr) < 0)
 			return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
 	}

-	memcpy(data + INLINE_INB_RPTR_HDR, data, RTE_ETHER_HDR_LEN);
+	l2_ptr_actual = RTE_PTR_ADD(l2_ptr,
+				    sizeof(struct otx2_ipsec_fp_res_hdr));
+	l3_ptr_actual = RTE_PTR_ADD(l3_ptr,
+				    sizeof(struct otx2_ipsec_fp_res_hdr));

-	m->data_off += INLINE_INB_RPTR_HDR;
+	for (i = l2_len - RTE_ETHER_TYPE_LEN - 1; i >= 0; i--)
+		l2_ptr_actual[i] = l2_ptr[i];

-	ipv4 = (struct rte_ipv4_hdr *)(data + INLINE_INB_RPTR_HDR +
-				       RTE_ETHER_HDR_LEN);
+	m->data_off += sizeof(struct otx2_ipsec_fp_res_hdr);

-	m_len = rte_be_to_cpu_16(ipv4->total_length) + RTE_ETHER_HDR_LEN;
+	ether_type = RTE_PTR_SUB(l3_ptr_actual, RTE_ETHER_TYPE_LEN);

+	iph = (struct rte_ipv4_hdr *)l3_ptr_actual;
+	if ((iph->version_ihl >> 4) == 4) {
+		ip_len = rte_be_to_cpu_16(iph->total_length);
+		*ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
+	} else {
+		ip6h = (struct rte_ipv6_hdr *)iph;
+		ip_len = rte_be_to_cpu_16(ip6h->payload_len);
+		*ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
+	}
+
+	m_len = ip_len + l2_len;
 	m->data_len = m_len;
 	m->pkt_len = m_len;
 	return PKT_RX_SEC_OFFLOAD;
@ -322,7 +341,7 @@ otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag,
 	if ((flag & NIX_RX_OFFLOAD_SECURITY_F) &&
 	    cq->cqe_type == NIX_XQE_TYPE_RX_IPSECH) {
 		*(uint64_t *)(&mbuf->rearm_data) = val;
-		ol_flags |= nix_rx_sec_mbuf_update(cq, mbuf, lookup_mem);
+		ol_flags |= nix_rx_sec_mbuf_update(rx, cq, mbuf, lookup_mem);
 		mbuf->ol_flags = ol_flags;
 		return;
 	}