6bc987ecb8
Add support for inline crypto for IPsec, for ESP transport and tunnel over IPv4 and IPv6, as well as supporting the offload for ESP over UDP, and in conjunction with TSO for UDP and TCP flows. Implement support for rte_security packet metadata Add definition for IPsec descriptors, extend support for offload in data and context descriptor to support Add support to virtual channel mailbox for IPsec Crypto request operations. IPsec Crypto requests receive an initial acknowledgment from physical function driver of receipt of request and then an asynchronous response with success/failure of request including any response data. Add enhanced descriptor debugging Refactor of scalar tx burst function to support integration of offload Signed-off-by: Declan Doherty <declan.doherty@intel.com> Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Reviewed-by: Jingjing Wu <jingjing.wu@intel.com>
161 lines
4.3 KiB
C
161 lines
4.3 KiB
C
/* SPDX-License-Identifier: BSD-3-Clause
|
|
* Copyright(c) 2020 Intel Corporation
|
|
*/
|
|
|
|
#ifndef _IAVF_IPSEC_CRYPTO_H_
|
|
#define _IAVF_IPSEC_CRYPTO_H_
|
|
|
|
#include <rte_security.h>
|
|
|
|
#include "iavf.h"
|
|
|
|
|
|
|
|
struct iavf_tx_ipsec_desc {
|
|
union {
|
|
struct {
|
|
__le64 qw0;
|
|
__le64 qw1;
|
|
};
|
|
struct {
|
|
__le16 l4payload_length;
|
|
__le32 esn;
|
|
__le16 trailer_length;
|
|
u8 type:4;
|
|
u8 rsv:1;
|
|
u8 udp:1;
|
|
u8 ivlen:2;
|
|
u8 next_header;
|
|
__le16 ipv6_ext_hdr_length;
|
|
__le32 said;
|
|
} __rte_packed;
|
|
};
|
|
} __rte_packed;
|
|
|
|
#define IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_SHIFT 0
|
|
#define IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_MASK (0x3FFFULL << \
|
|
IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_SHIFT)
|
|
|
|
#define IAVF_IPSEC_TX_DESC_QW0_IPSECESN_SHIFT 16
|
|
#define IAVF_IPSEC_TX_DESC_QW0_IPSECESN_MASK (0xFFFFFFFFULL << \
|
|
IAVF_IPSEC_TX_DESC_QW0_IPSECESN_SHIFT)
|
|
|
|
#define IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_SHIFT 48
|
|
#define IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_MASK (0x3FULL << \
|
|
IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_SHIFT)
|
|
|
|
#define IAVF_IPSEC_TX_DESC_QW1_UDP_SHIFT 5
|
|
#define IAVF_IPSEC_TX_DESC_QW1_UDP_MASK (0x1ULL << \
|
|
IAVF_IPSEC_TX_DESC_QW1_UDP_SHIFT)
|
|
|
|
#define IAVF_IPSEC_TX_DESC_QW1_IVLEN_SHIFT 6
|
|
#define IAVF_IPSEC_TX_DESC_QW1_IVLEN_MASK (0x3ULL << \
|
|
IAVF_IPSEC_TX_DESC_QW1_IVLEN_SHIFT)
|
|
|
|
#define IAVF_IPSEC_TX_DESC_QW1_IPSECNH_SHIFT 8
|
|
#define IAVF_IPSEC_TX_DESC_QW1_IPSECNH_MASK (0xFFULL << \
|
|
IAVF_IPSEC_TX_DESC_QW1_IPSECNH_SHIFT)
|
|
|
|
#define IAVF_IPSEC_TX_DESC_QW1_EXTLEN_SHIFT 16
|
|
#define IAVF_IPSEC_TX_DESC_QW1_EXTLEN_MASK (0xFFULL << \
|
|
IAVF_IPSEC_TX_DESC_QW1_EXTLEN_SHIFT)
|
|
|
|
#define IAVF_IPSEC_TX_DESC_QW1_IPSECSA_SHIFT 32
|
|
#define IAVF_IPSEC_TX_DESC_QW1_IPSECSA_MASK (0xFFFFFULL << \
|
|
IAVF_IPSEC_TX_DESC_QW1_IPSECSA_SHIFT)
|
|
|
|
/* Initialization Vector Length type */
|
|
enum iavf_ipsec_iv_len {
|
|
IAVF_IPSEC_IV_LEN_NONE, /* No IV */
|
|
IAVF_IPSEC_IV_LEN_DW, /* 4B IV */
|
|
IAVF_IPSEC_IV_LEN_DDW, /* 8B IV */
|
|
IAVF_IPSEC_IV_LEN_QDW, /* 16B IV */
|
|
};
|
|
|
|
|
|
/* IPsec Crypto Packet Metaday offload flags */
|
|
#define IAVF_IPSEC_CRYPTO_OL_FLAGS_IS_TUN (0x1 << 0)
|
|
#define IAVF_IPSEC_CRYPTO_OL_FLAGS_ESN (0x1 << 1)
|
|
#define IAVF_IPSEC_CRYPTO_OL_FLAGS_IPV6_EXT_HDRS (0x1 << 2)
|
|
#define IAVF_IPSEC_CRYPTO_OL_FLAGS_NATT (0x1 << 3)
|
|
|
|
/**
|
|
* Packet metadata data structure used to hold parameters required by the iAVF
|
|
* transmit data path. Parameters set for session by calling
|
|
* rte_security_set_pkt_metadata() API.
|
|
*/
|
|
struct iavf_ipsec_crypto_pkt_metadata {
|
|
uint32_t sa_idx; /* SA hardware index (20b/4B) */
|
|
|
|
uint8_t ol_flags; /* flags (1B) */
|
|
uint8_t len_iv; /* IV length (2b/1B) */
|
|
uint8_t ctx_desc_ipsec_params; /* IPsec params for ctx desc (7b/1B) */
|
|
uint8_t esp_trailer_len; /* ESP trailer length (6b/1B) */
|
|
|
|
uint16_t l4_payload_len; /* L4 payload length */
|
|
uint8_t ipv6_ext_hdrs_len; /* IPv6 extender headers len (5b/1B) */
|
|
uint8_t next_proto; /* Next Protocol (8b/1B) */
|
|
|
|
uint32_t esn; /* Extended Sequence Number (32b/4B) */
|
|
} __rte_packed;
|
|
|
|
/**
|
|
* Inline IPsec Crypto offload is supported
|
|
*/
|
|
int
|
|
iavf_ipsec_crypto_supported(struct iavf_adapter *adapter);
|
|
|
|
/**
|
|
* Create security context
|
|
*/
|
|
int iavf_security_ctx_create(struct iavf_adapter *adapter);
|
|
|
|
/**
|
|
* Create security context
|
|
*/
|
|
int iavf_security_init(struct iavf_adapter *adapter);
|
|
|
|
/**
|
|
* Set security capabilities
|
|
*/
|
|
int iavf_ipsec_crypto_set_security_capabililites(struct iavf_security_ctx
|
|
*iavf_sctx, struct virtchnl_ipsec_cap *virtchl_capabilities);
|
|
|
|
|
|
int iavf_security_get_pkt_md_offset(struct iavf_adapter *adapter);
|
|
|
|
/**
|
|
* Destroy security context
|
|
*/
|
|
int iavf_security_ctx_destroy(struct iavf_adapter *adapterv);
|
|
|
|
/**
|
|
* Verify that the inline IPsec Crypto action is valid for this device
|
|
*/
|
|
uint32_t
|
|
iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
|
|
const struct rte_security_session *session, uint32_t spi);
|
|
|
|
/**
|
|
* Add inbound security policy rule to hardware
|
|
*/
|
|
int
|
|
iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
|
|
uint32_t esp_spi,
|
|
uint8_t is_v4,
|
|
rte_be32_t v4_dst_addr,
|
|
uint8_t *v6_dst_addr,
|
|
uint8_t drop);
|
|
|
|
/**
|
|
* Delete inbound security policy rule from hardware
|
|
*/
|
|
int
|
|
iavf_ipsec_crypto_security_policy_delete(struct iavf_adapter *adapter,
|
|
uint8_t is_v4, uint32_t flow_id);
|
|
|
|
int
|
|
iavf_security_get_pkt_md_offset(struct iavf_adapter *adapter);
|
|
|
|
#endif /* _IAVF_IPSEC_CRYPTO_H_ */
|