Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/101756/?format=api
{ "id": 101756, "url": "http://patches.dpdk.org/api/patches/101756/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20211015101511.699128-2-radu.nicolau@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20211015101511.699128-2-radu.nicolau@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20211015101511.699128-2-radu.nicolau@intel.com", "date": "2021-10-15T10:15:05", "name": "[v8,1/7] common/iavf: add iAVF IPsec inline crypto support", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "d672fe8e370d41f075f66ad3a2626175c6b5d53c", "submitter": { "id": 743, "url": "http://patches.dpdk.org/api/people/743/?format=api", "name": "Radu Nicolau", "email": "radu.nicolau@intel.com" }, "delegate": { "id": 1540, "url": "http://patches.dpdk.org/api/users/1540/?format=api", "username": "qzhan15", "first_name": "Qi", "last_name": "Zhang", "email": "qi.z.zhang@intel.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20211015101511.699128-2-radu.nicolau@intel.com/mbox/", "series": [ { "id": 19688, "url": "http://patches.dpdk.org/api/series/19688/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=19688", "date": "2021-10-15T10:15:04", "name": "iavf: add iAVF IPsec inline crypto support", "version": 8, "mbox": "http://patches.dpdk.org/series/19688/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/101756/comments/", "check": "warning", "checks": "http://patches.dpdk.org/api/patches/101756/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 49A72A0C4B;\n\tFri, 15 Oct 2021 12:27:31 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id D108B41209;\n\tFri, 15 Oct 2021 12:27:25 +0200 (CEST)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n by mails.dpdk.org (Postfix) with ESMTP id 30BE140692\n for <dev@dpdk.org>; Fri, 15 Oct 2021 12:27:23 +0200 (CEST)", "from orsmga006.jf.intel.com ([10.7.209.51])\n by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 15 Oct 2021 03:27:22 -0700", "from silpixa00400884.ir.intel.com ([10.243.22.82])\n by orsmga006.jf.intel.com with ESMTP; 15 Oct 2021 03:27:20 -0700" ], "X-IronPort-AV": [ "E=McAfee;i=\"6200,9189,10137\"; a=\"208004303\"", "E=Sophos;i=\"5.85,375,1624345200\"; d=\"scan'208\";a=\"208004303\"", "E=Sophos;i=\"5.85,375,1624345200\"; d=\"scan'208\";a=\"442478917\"" ], "X-ExtLoop1": "1", "From": "Radu Nicolau <radu.nicolau@intel.com>", "To": "Jingjing Wu <jingjing.wu@intel.com>,\n\tBeilei Xing <beilei.xing@intel.com>", "Cc": "dev@dpdk.org, declan.doherty@intel.com, abhijit.sinha@intel.com,\n qi.z.zhang@intel.com, bruce.richardson@intel.com,\n konstantin.ananyev@intel.com, Radu Nicolau <radu.nicolau@intel.com>", "Date": "Fri, 15 Oct 2021 11:15:05 +0100", "Message-Id": "<20211015101511.699128-2-radu.nicolau@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20211015101511.699128-1-radu.nicolau@intel.com>", "References": "<20210909142428.750634-1-radu.nicolau@intel.com>\n <20211015101511.699128-1-radu.nicolau@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [PATCH v8 1/7] common/iavf: add iAVF IPsec inline crypto\n support", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add support for inline crypto for IPsec.\n\nSigned-off-by: Declan Doherty <declan.doherty@intel.com>\nSigned-off-by: Abhijit Sinha <abhijit.sinha@intel.com>\nSigned-off-by: Radu Nicolau <radu.nicolau@intel.com>\n---\n drivers/common/iavf/iavf_type.h | 1 +\n drivers/common/iavf/virtchnl.h | 17 +-\n drivers/common/iavf/virtchnl_inline_ipsec.h | 553 ++++++++++++++++++++\n 3 files changed, 569 insertions(+), 2 deletions(-)\n create mode 100644 drivers/common/iavf/virtchnl_inline_ipsec.h", "diff": "diff --git a/drivers/common/iavf/iavf_type.h b/drivers/common/iavf/iavf_type.h\nindex 73dfb47e70..51267ca3b3 100644\n--- a/drivers/common/iavf/iavf_type.h\n+++ b/drivers/common/iavf/iavf_type.h\n@@ -723,6 +723,7 @@ enum iavf_tx_desc_dtype_value {\n \tIAVF_TX_DESC_DTYPE_NOP\t\t= 0x1, /* same as Context desc */\n \tIAVF_TX_DESC_DTYPE_CONTEXT\t= 0x1,\n \tIAVF_TX_DESC_DTYPE_FCOE_CTX\t= 0x2,\n+\tIAVF_TX_DESC_DTYPE_IPSEC\t= 0x3,\n \tIAVF_TX_DESC_DTYPE_FILTER_PROG\t= 0x8,\n \tIAVF_TX_DESC_DTYPE_DDP_CTX\t= 0x9,\n \tIAVF_TX_DESC_DTYPE_FLEX_DATA\t= 0xB,\ndiff --git a/drivers/common/iavf/virtchnl.h b/drivers/common/iavf/virtchnl.h\nindex 067f715945..269578f7c0 100644\n--- a/drivers/common/iavf/virtchnl.h\n+++ b/drivers/common/iavf/virtchnl.h\n@@ -38,6 +38,8 @@\n * value in current and future projects\n */\n \n+#include \"virtchnl_inline_ipsec.h\"\n+\n /* Error Codes */\n enum virtchnl_status_code {\n \tVIRTCHNL_STATUS_SUCCESS\t\t\t\t= 0,\n@@ -133,7 +135,8 @@ enum virtchnl_ops {\n \tVIRTCHNL_OP_DISABLE_CHANNELS = 31,\n \tVIRTCHNL_OP_ADD_CLOUD_FILTER = 32,\n \tVIRTCHNL_OP_DEL_CLOUD_FILTER = 33,\n-\t/* opcodes 34, 35, 36, and 37 are reserved */\n+\tVIRTCHNL_OP_INLINE_IPSEC_CRYPTO = 34,\n+\t/* opcodes 35 and 36 are reserved */\n \tVIRTCHNL_OP_DCF_CONFIG_BW = 37,\n \tVIRTCHNL_OP_DCF_VLAN_OFFLOAD = 38,\n \tVIRTCHNL_OP_DCF_CMD_DESC = 39,\n@@ -225,6 +228,8 @@ static inline const char *virtchnl_op_str(enum virtchnl_ops v_opcode)\n \t\treturn \"VIRTCHNL_OP_ADD_CLOUD_FILTER\";\n \tcase VIRTCHNL_OP_DEL_CLOUD_FILTER:\n \t\treturn \"VIRTCHNL_OP_DEL_CLOUD_FILTER\";\n+\tcase VIRTCHNL_OP_INLINE_IPSEC_CRYPTO:\n+\t\treturn \"VIRTCHNL_OP_INLINE_IPSEC_CRYPTO\";\n \tcase VIRTCHNL_OP_DCF_CMD_DESC:\n \t\treturn \"VIRTCHNL_OP_DCF_CMD_DESC\";\n \tcase VIRTCHNL_OP_DCF_CMD_BUFF:\n@@ -385,7 +390,7 @@ VIRTCHNL_CHECK_STRUCT_LEN(16, virtchnl_vsi_resource);\n #define VIRTCHNL_VF_OFFLOAD_REQ_QUEUES\t\tBIT(6)\n /* used to negotiate communicating link speeds in Mbps */\n #define VIRTCHNL_VF_CAP_ADV_LINK_SPEED\t\tBIT(7)\n-\t/* BIT(8) is reserved */\n+#define VIRTCHNL_VF_OFFLOAD_INLINE_IPSEC_CRYPTO\tBIT(8)\n #define VIRTCHNL_VF_LARGE_NUM_QPAIRS\t\tBIT(9)\n #define VIRTCHNL_VF_OFFLOAD_CRC\t\t\tBIT(10)\n #define VIRTCHNL_VF_OFFLOAD_VLAN_V2\t\tBIT(15)\n@@ -2291,6 +2296,14 @@ virtchnl_vc_validate_vf_msg(struct virtchnl_version_info *ver, u32 v_opcode,\n \t\t\t\t sizeof(struct virtchnl_queue_vector);\n \t\t}\n \t\tbreak;\n+\n+\tcase VIRTCHNL_OP_INLINE_IPSEC_CRYPTO:\n+\t{\n+\t\tstruct inline_ipsec_msg *iim = (struct inline_ipsec_msg *)msg;\n+\t\tvalid_len =\n+\t\t\tvirtchnl_inline_ipsec_val_msg_len(iim->ipsec_opcode);\n+\t\tbreak;\n+\t}\n \t/* These are always errors coming from the VF. */\n \tcase VIRTCHNL_OP_EVENT:\n \tcase VIRTCHNL_OP_UNKNOWN:\ndiff --git a/drivers/common/iavf/virtchnl_inline_ipsec.h b/drivers/common/iavf/virtchnl_inline_ipsec.h\nnew file mode 100644\nindex 0000000000..1e9134501e\n--- /dev/null\n+++ b/drivers/common/iavf/virtchnl_inline_ipsec.h\n@@ -0,0 +1,553 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2001-2021 Intel Corporation\n+ */\n+\n+#ifndef _VIRTCHNL_INLINE_IPSEC_H_\n+#define _VIRTCHNL_INLINE_IPSEC_H_\n+\n+#define VIRTCHNL_IPSEC_MAX_CRYPTO_CAP_NUM\t3\n+#define VIRTCHNL_IPSEC_MAX_ALGO_CAP_NUM\t\t16\n+#define VIRTCHNL_IPSEC_MAX_TX_DESC_NUM\t\t128\n+#define VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER\t2\n+#define VIRTCHNL_IPSEC_MAX_KEY_LEN\t\t128\n+#define VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM\t8\n+#define VIRTCHNL_IPSEC_SA_DESTROY\t\t0\n+#define VIRTCHNL_IPSEC_BROADCAST_VFID\t\t0xFFFFFFFF\n+#define VIRTCHNL_IPSEC_INVALID_REQ_ID\t\t0xFFFF\n+#define VIRTCHNL_IPSEC_INVALID_SA_CFG_RESP\t0xFFFFFFFF\n+#define VIRTCHNL_IPSEC_INVALID_SP_CFG_RESP\t0xFFFFFFFF\n+\n+/* crypto type */\n+#define VIRTCHNL_AUTH\t\t1\n+#define VIRTCHNL_CIPHER\t\t2\n+#define VIRTCHNL_AEAD\t\t3\n+\n+/* caps enabled */\n+#define VIRTCHNL_IPSEC_ESN_ENA\t\t\tBIT(0)\n+#define VIRTCHNL_IPSEC_UDP_ENCAP_ENA\t\tBIT(1)\n+#define VIRTCHNL_IPSEC_SA_INDEX_SW_ENA\t\tBIT(2)\n+#define VIRTCHNL_IPSEC_AUDIT_ENA\t\tBIT(3)\n+#define VIRTCHNL_IPSEC_BYTE_LIMIT_ENA\t\tBIT(4)\n+#define VIRTCHNL_IPSEC_DROP_ON_AUTH_FAIL_ENA\tBIT(5)\n+#define VIRTCHNL_IPSEC_ARW_CHECK_ENA\t\tBIT(6)\n+#define VIRTCHNL_IPSEC_24BIT_SPI_ENA\t\tBIT(7)\n+\n+/* algorithm type */\n+/* Hash Algorithm */\n+#define VIRTCHNL_HASH_NO_ALG\t0 /* NULL algorithm */\n+#define VIRTCHNL_AES_CBC_MAC\t1 /* AES-CBC-MAC algorithm */\n+#define VIRTCHNL_AES_CMAC\t2 /* AES CMAC algorithm */\n+#define VIRTCHNL_AES_GMAC\t3 /* AES GMAC algorithm */\n+#define VIRTCHNL_AES_XCBC_MAC\t4 /* AES XCBC algorithm */\n+#define VIRTCHNL_MD5_HMAC\t5 /* HMAC using MD5 algorithm */\n+#define VIRTCHNL_SHA1_HMAC\t6 /* HMAC using 128 bit SHA algorithm */\n+#define VIRTCHNL_SHA224_HMAC\t7 /* HMAC using 224 bit SHA algorithm */\n+#define VIRTCHNL_SHA256_HMAC\t8 /* HMAC using 256 bit SHA algorithm */\n+#define VIRTCHNL_SHA384_HMAC\t9 /* HMAC using 384 bit SHA algorithm */\n+#define VIRTCHNL_SHA512_HMAC\t10 /* HMAC using 512 bit SHA algorithm */\n+#define VIRTCHNL_SHA3_224_HMAC\t11 /* HMAC using 224 bit SHA3 algorithm */\n+#define VIRTCHNL_SHA3_256_HMAC\t12 /* HMAC using 256 bit SHA3 algorithm */\n+#define VIRTCHNL_SHA3_384_HMAC\t13 /* HMAC using 384 bit SHA3 algorithm */\n+#define VIRTCHNL_SHA3_512_HMAC\t14 /* HMAC using 512 bit SHA3 algorithm */\n+/* Cipher Algorithm */\n+#define VIRTCHNL_CIPHER_NO_ALG\t15 /* NULL algorithm */\n+#define VIRTCHNL_3DES_CBC\t16 /* Triple DES algorithm in CBC mode */\n+#define VIRTCHNL_AES_CBC\t17 /* AES algorithm in CBC mode */\n+#define VIRTCHNL_AES_CTR\t18 /* AES algorithm in Counter mode */\n+/* AEAD Algorithm */\n+#define VIRTCHNL_AES_CCM\t19 /* AES algorithm in CCM mode */\n+#define VIRTCHNL_AES_GCM\t20 /* AES algorithm in GCM mode */\n+#define VIRTCHNL_CHACHA20_POLY1305 21 /* algorithm of ChaCha20-Poly1305 */\n+\n+/* protocol type */\n+#define VIRTCHNL_PROTO_ESP\t1\n+#define VIRTCHNL_PROTO_AH\t2\n+#define VIRTCHNL_PROTO_RSVD1\t3\n+\n+/* sa mode */\n+#define VIRTCHNL_SA_MODE_TRANSPORT\t1\n+#define VIRTCHNL_SA_MODE_TUNNEL\t\t2\n+#define VIRTCHNL_SA_MODE_TRAN_TUN\t3\n+#define VIRTCHNL_SA_MODE_UNKNOWN\t4\n+\n+/* sa direction */\n+#define VIRTCHNL_DIR_INGRESS\t\t1\n+#define VIRTCHNL_DIR_EGRESS\t\t2\n+#define VIRTCHNL_DIR_INGRESS_EGRESS\t3\n+\n+/* sa termination */\n+#define VIRTCHNL_TERM_SOFTWARE\t1\n+#define VIRTCHNL_TERM_HARDWARE\t2\n+\n+/* sa ip type */\n+#define VIRTCHNL_IPV4\t1\n+#define VIRTCHNL_IPV6\t2\n+\n+/* for virtchnl_ipsec_resp */\n+enum inline_ipsec_resp {\n+\tINLINE_IPSEC_SUCCESS = 0,\n+\tINLINE_IPSEC_FAIL = -1,\n+\tINLINE_IPSEC_ERR_FIFO_FULL = -2,\n+\tINLINE_IPSEC_ERR_NOT_READY = -3,\n+\tINLINE_IPSEC_ERR_VF_DOWN = -4,\n+\tINLINE_IPSEC_ERR_INVALID_PARAMS = -5,\n+\tINLINE_IPSEC_ERR_NO_MEM = -6,\n+};\n+\n+/* Detailed opcodes for DPDK and IPsec use */\n+enum inline_ipsec_ops {\n+\tINLINE_IPSEC_OP_GET_CAP = 0,\n+\tINLINE_IPSEC_OP_GET_STATUS = 1,\n+\tINLINE_IPSEC_OP_SA_CREATE = 2,\n+\tINLINE_IPSEC_OP_SA_UPDATE = 3,\n+\tINLINE_IPSEC_OP_SA_DESTROY = 4,\n+\tINLINE_IPSEC_OP_SP_CREATE = 5,\n+\tINLINE_IPSEC_OP_SP_DESTROY = 6,\n+\tINLINE_IPSEC_OP_SA_READ = 7,\n+\tINLINE_IPSEC_OP_EVENT = 8,\n+\tINLINE_IPSEC_OP_RESP = 9,\n+};\n+\n+/* Not all valid, if certain field is invalid, set 1 for all bits */\n+struct virtchnl_algo_cap {\n+\tu32 algo_type;\n+\n+\tu16 block_size;\n+\n+\tu16 min_key_size;\n+\tu16 max_key_size;\n+\tu16 inc_key_size;\n+\n+\tu16 min_iv_size;\n+\tu16 max_iv_size;\n+\tu16 inc_iv_size;\n+\n+\tu16 min_digest_size;\n+\tu16 max_digest_size;\n+\tu16 inc_digest_size;\n+\n+\tu16 min_aad_size;\n+\tu16 max_aad_size;\n+\tu16 inc_aad_size;\n+} __rte_packed;\n+\n+/* vf record the capability of crypto from the virtchnl */\n+struct virtchnl_sym_crypto_cap {\n+\tu8 crypto_type;\n+\tu8 algo_cap_num;\n+\tstruct virtchnl_algo_cap algo_cap_list[VIRTCHNL_IPSEC_MAX_ALGO_CAP_NUM];\n+} __rte_packed;\n+\n+/* VIRTCHNL_OP_GET_IPSEC_CAP\n+ * VF pass virtchnl_ipsec_cap to PF\n+ * and PF return capability of ipsec from virtchnl.\n+ */\n+struct virtchnl_ipsec_cap {\n+\t/* max number of SA per VF */\n+\tu16 max_sa_num;\n+\n+\t/* IPsec SA Protocol - value ref VIRTCHNL_PROTO_XXX */\n+\tu8 virtchnl_protocol_type;\n+\n+\t/* IPsec SA Mode - value ref VIRTCHNL_SA_MODE_XXX */\n+\tu8 virtchnl_sa_mode;\n+\n+\t/* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */\n+\tu8 virtchnl_direction;\n+\n+\t/* termination mode - value ref VIRTCHNL_TERM_XXX */\n+\tu8 termination_mode;\n+\n+\t/* number of supported crypto capability */\n+\tu8 crypto_cap_num;\n+\n+\t/* descriptor ID */\n+\tu16 desc_id;\n+\n+\t/* capabilities enabled - value ref VIRTCHNL_IPSEC_XXX_ENA */\n+\tu32 caps_enabled;\n+\n+\t/* crypto capabilities */\n+\tstruct virtchnl_sym_crypto_cap cap[VIRTCHNL_IPSEC_MAX_CRYPTO_CAP_NUM];\n+} __rte_packed;\n+\n+/* configuration of crypto function */\n+struct virtchnl_ipsec_crypto_cfg_item {\n+\tu8 crypto_type;\n+\n+\tu32 algo_type;\n+\n+\t/* Length of valid IV data. */\n+\tu16 iv_len;\n+\n+\t/* Length of digest */\n+\tu16 digest_len;\n+\n+\t/* SA salt */\n+\tu32 salt;\n+\n+\t/* The length of the symmetric key */\n+\tu16 key_len;\n+\n+\t/* key data buffer */\n+\tu8 key_data[VIRTCHNL_IPSEC_MAX_KEY_LEN];\n+} __rte_packed;\n+\n+struct virtchnl_ipsec_sym_crypto_cfg {\n+\tstruct virtchnl_ipsec_crypto_cfg_item\n+\t\titems[VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER];\n+};\n+\n+/* VIRTCHNL_OP_IPSEC_SA_CREATE\n+ * VF send this SA configuration to PF using virtchnl;\n+ * PF create SA as configuration and PF driver will return\n+ * an unique index (sa_idx) for the created SA.\n+ */\n+struct virtchnl_ipsec_sa_cfg {\n+\t/* IPsec SA Protocol - AH/ESP */\n+\tu8 virtchnl_protocol_type;\n+\n+\t/* termination mode - value ref VIRTCHNL_TERM_XXX */\n+\tu8 virtchnl_termination;\n+\n+\t/* type of outer IP - IPv4/IPv6 */\n+\tu8 virtchnl_ip_type;\n+\n+\t/* type of esn - !0:enable/0:disable */\n+\tu8 esn_enabled;\n+\n+\t/* udp encap - !0:enable/0:disable */\n+\tu8 udp_encap_enabled;\n+\n+\t/* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */\n+\tu8 virtchnl_direction;\n+\n+\t/* reserved */\n+\tu8 reserved1;\n+\n+\t/* SA security parameter index */\n+\tu32 spi;\n+\n+\t/* outer src ip address */\n+\tu8 src_addr[16];\n+\n+\t/* outer dst ip address */\n+\tu8 dst_addr[16];\n+\n+\t/* SPD reference. Used to link an SA with its policy.\n+\t * PF drivers may ignore this field.\n+\t */\n+\tu16 spd_ref;\n+\n+\t/* high 32 bits of esn */\n+\tu32 esn_hi;\n+\n+\t/* low 32 bits of esn */\n+\tu32 esn_low;\n+\n+\t/* When enabled, sa_index must be valid */\n+\tu8 sa_index_en;\n+\n+\t/* SA index when sa_index_en is true */\n+\tu32 sa_index;\n+\n+\t/* auditing mode - enable/disable */\n+\tu8 audit_en;\n+\n+\t/* lifetime byte limit - enable/disable\n+\t * When enabled, byte_limit_hard and byte_limit_soft\n+\t * must be valid.\n+\t */\n+\tu8 byte_limit_en;\n+\n+\t/* hard byte limit count */\n+\tu64 byte_limit_hard;\n+\n+\t/* soft byte limit count */\n+\tu64 byte_limit_soft;\n+\n+\t/* drop on authentication failure - enable/disable */\n+\tu8 drop_on_auth_fail_en;\n+\n+\t/* anti-reply window check - enable/disable\n+\t * When enabled, arw_size must be valid.\n+\t */\n+\tu8 arw_check_en;\n+\n+\t/* size of arw window, offset by 1. Setting to 0\n+\t * represents ARW window size of 1. Setting to 127\n+\t * represents ARW window size of 128\n+\t */\n+\tu8 arw_size;\n+\n+\t/* no ip offload mode - enable/disable\n+\t * When enabled, ip type and address must not be valid.\n+\t */\n+\tu8 no_ip_offload_en;\n+\n+\t/* SA Domain. Used to logical separate an SADB into groups.\n+\t * PF drivers supporting a single group ignore this field.\n+\t */\n+\tu16 sa_domain;\n+\n+\t/* crypto configuration */\n+\tstruct virtchnl_ipsec_sym_crypto_cfg crypto_cfg;\n+} __rte_packed;\n+\n+/* VIRTCHNL_OP_IPSEC_SA_UPDATE\n+ * VF send configuration of index of SA to PF\n+ * PF will update SA according to configuration\n+ */\n+struct virtchnl_ipsec_sa_update {\n+\tu32 sa_index; /* SA to update */\n+\tu32 esn_hi; /* high 32 bits of esn */\n+\tu32 esn_low; /* low 32 bits of esn */\n+} __rte_packed;\n+\n+/* VIRTCHNL_OP_IPSEC_SA_DESTROY\n+ * VF send configuration of index of SA to PF\n+ * PF will destroy SA according to configuration\n+ * flag bitmap indicate all SA or just selected SA will\n+ * be destroyed\n+ */\n+struct virtchnl_ipsec_sa_destroy {\n+\t/* All zero bitmap indicates all SA will be destroyed.\n+\t * Non-zero bitmap indicates the selected SA in\n+\t * array sa_index will be destroyed.\n+\t */\n+\tu8 flag;\n+\n+\t/* selected SA index */\n+\tu32 sa_index[VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM];\n+} __rte_packed;\n+\n+/* VIRTCHNL_OP_IPSEC_SA_READ\n+ * VF send this SA configuration to PF using virtchnl;\n+ * PF read SA and will return configuration for the created SA.\n+ */\n+struct virtchnl_ipsec_sa_read {\n+\t/* SA valid - invalid/valid */\n+\tu8 valid;\n+\n+\t/* SA active - inactive/active */\n+\tu8 active;\n+\n+\t/* SA SN rollover - not_rollover/rollover */\n+\tu8 sn_rollover;\n+\n+\t/* IPsec SA Protocol - AH/ESP */\n+\tu8 virtchnl_protocol_type;\n+\n+\t/* termination mode - value ref VIRTCHNL_TERM_XXX */\n+\tu8 virtchnl_termination;\n+\n+\t/* auditing mode - enable/disable */\n+\tu8 audit_en;\n+\n+\t/* lifetime byte limit - enable/disable\n+\t * When set to limit, byte_limit_hard and byte_limit_soft\n+\t * must be valid.\n+\t */\n+\tu8 byte_limit_en;\n+\n+\t/* hard byte limit count */\n+\tu64 byte_limit_hard;\n+\n+\t/* soft byte limit count */\n+\tu64 byte_limit_soft;\n+\n+\t/* drop on authentication failure - enable/disable */\n+\tu8 drop_on_auth_fail_en;\n+\n+\t/* anti-replay window check - enable/disable\n+\t * When set to check, arw_size, arw_top, and arw must be valid\n+\t */\n+\tu8 arw_check_en;\n+\n+\t/* size of arw window, offset by 1. Setting to 0\n+\t * represents ARW window size of 1. Setting to 127\n+\t * represents ARW window size of 128\n+\t */\n+\tu8 arw_size;\n+\n+\t/* reserved */\n+\tu8 reserved1;\n+\n+\t/* top of anti-replay-window */\n+\tu64 arw_top;\n+\n+\t/* anti-replay-window */\n+\tu8 arw[16];\n+\n+\t/* packets processed */\n+\tu64 packets_processed;\n+\n+\t/* bytes processed */\n+\tu64 bytes_processed;\n+\n+\t/* packets dropped */\n+\tu32 packets_dropped;\n+\n+\t/* authentication failures */\n+\tu32 auth_fails;\n+\n+\t/* ARW check failures */\n+\tu32 arw_fails;\n+\n+\t/* type of esn - enable/disable */\n+\tu8 esn;\n+\n+\t/* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */\n+\tu8 virtchnl_direction;\n+\n+\t/* SA security parameter index */\n+\tu32 spi;\n+\n+\t/* SA salt */\n+\tu32 salt;\n+\n+\t/* high 32 bits of esn */\n+\tu32 esn_hi;\n+\n+\t/* low 32 bits of esn */\n+\tu32 esn_low;\n+\n+\t/* SA Domain. Used to logical separate an SADB into groups.\n+\t * PF drivers supporting a single group ignore this field.\n+\t */\n+\tu16 sa_domain;\n+\n+\t/* SPD reference. Used to link an SA with its policy.\n+\t * PF drivers may ignore this field.\n+\t */\n+\tu16 spd_ref;\n+\n+\t/* crypto configuration. Salt and keys are set to 0 */\n+\tstruct virtchnl_ipsec_sym_crypto_cfg crypto_cfg;\n+} __rte_packed;\n+\n+\n+#define VIRTCHNL_IPSEC_INBOUND_SPD_TBL_IPV4\t(0)\n+#define VIRTCHNL_IPSEC_INBOUND_SPD_TBL_IPV6\t(1)\n+\n+/* Add allowlist entry in IES */\n+struct virtchnl_ipsec_sp_cfg {\n+\tu32 spi;\n+\tu32 dip[4];\n+\n+\t/* Drop frame if true or redirect to QAT if false. */\n+\tu8 drop;\n+\n+\t/* Congestion domain. For future use. */\n+\tu8 cgd;\n+\n+\t/* 0 for IPv4 table, 1 for IPv6 table. */\n+\tu8 table_id;\n+\n+\t/* Set TC (congestion domain) if true. For future use. */\n+\tu8 set_tc;\n+} __rte_packed;\n+\n+\n+/* Delete allowlist entry in IES */\n+struct virtchnl_ipsec_sp_destroy {\n+\t/* 0 for IPv4 table, 1 for IPv6 table. */\n+\tu8 table_id;\n+\tu32 rule_id;\n+} __rte_packed;\n+\n+/* Response from IES to allowlist operations */\n+struct virtchnl_ipsec_sp_cfg_resp {\n+\tu32 rule_id;\n+};\n+\n+struct virtchnl_ipsec_sa_cfg_resp {\n+\tu32 sa_handle;\n+};\n+\n+#define INLINE_IPSEC_EVENT_RESET\t0x1\n+#define INLINE_IPSEC_EVENT_CRYPTO_ON\t0x2\n+#define INLINE_IPSEC_EVENT_CRYPTO_OFF\t0x4\n+\n+struct virtchnl_ipsec_event {\n+\tu32 ipsec_event_data;\n+};\n+\n+#define INLINE_IPSEC_STATUS_AVAILABLE\t0x1\n+#define INLINE_IPSEC_STATUS_UNAVAILABLE\t0x2\n+\n+struct virtchnl_ipsec_status {\n+\tu32 status;\n+};\n+\n+struct virtchnl_ipsec_resp {\n+\tu32 resp;\n+};\n+\n+/* Internal message descriptor for VF <-> IPsec communication */\n+struct inline_ipsec_msg {\n+\tu16 ipsec_opcode;\n+\tu16 req_id;\n+\n+\tunion {\n+\t\t/* IPsec request */\n+\t\tstruct virtchnl_ipsec_sa_cfg sa_cfg[0];\n+\t\tstruct virtchnl_ipsec_sp_cfg sp_cfg[0];\n+\t\tstruct virtchnl_ipsec_sa_update sa_update[0];\n+\t\tstruct virtchnl_ipsec_sa_destroy sa_destroy[0];\n+\t\tstruct virtchnl_ipsec_sp_destroy sp_destroy[0];\n+\n+\t\t/* IPsec response */\n+\t\tstruct virtchnl_ipsec_sa_cfg_resp sa_cfg_resp[0];\n+\t\tstruct virtchnl_ipsec_sp_cfg_resp sp_cfg_resp[0];\n+\t\tstruct virtchnl_ipsec_cap ipsec_cap[0];\n+\t\tstruct virtchnl_ipsec_status ipsec_status[0];\n+\t\t/* response to del_sa, del_sp, update_sa */\n+\t\tstruct virtchnl_ipsec_resp ipsec_resp[0];\n+\n+\t\t/* IPsec event (no req_id is required) */\n+\t\tstruct virtchnl_ipsec_event event[0];\n+\n+\t\t/* Reserved */\n+\t\tstruct virtchnl_ipsec_sa_read sa_read[0];\n+\t} ipsec_data;\n+} __rte_packed;\n+\n+static inline u16 virtchnl_inline_ipsec_val_msg_len(u16 opcode)\n+{\n+\tu16 valid_len = sizeof(struct inline_ipsec_msg);\n+\n+\tswitch (opcode) {\n+\tcase INLINE_IPSEC_OP_GET_CAP:\n+\tcase INLINE_IPSEC_OP_GET_STATUS:\n+\t\tbreak;\n+\tcase INLINE_IPSEC_OP_SA_CREATE:\n+\t\tvalid_len += sizeof(struct virtchnl_ipsec_sa_cfg);\n+\t\tbreak;\n+\tcase INLINE_IPSEC_OP_SP_CREATE:\n+\t\tvalid_len += sizeof(struct virtchnl_ipsec_sp_cfg);\n+\t\tbreak;\n+\tcase INLINE_IPSEC_OP_SA_UPDATE:\n+\t\tvalid_len += sizeof(struct virtchnl_ipsec_sa_update);\n+\t\tbreak;\n+\tcase INLINE_IPSEC_OP_SA_DESTROY:\n+\t\tvalid_len += sizeof(struct virtchnl_ipsec_sa_destroy);\n+\t\tbreak;\n+\tcase INLINE_IPSEC_OP_SP_DESTROY:\n+\t\tvalid_len += sizeof(struct virtchnl_ipsec_sp_destroy);\n+\t\tbreak;\n+\t/* Only for msg length calculation of response to VF in case of\n+\t * inline ipsec failure.\n+\t */\n+\tcase INLINE_IPSEC_OP_RESP:\n+\t\tvalid_len += sizeof(struct virtchnl_ipsec_resp);\n+\t\tbreak;\n+\tdefault:\n+\t\tvalid_len = 0;\n+\t\tbreak;\n+\t}\n+\n+\treturn valid_len;\n+}\n+\n+#endif /* _VIRTCHNL_INLINE_IPSEC_H_ */\n", "prefixes": [ "v8", "1/7" ] }