[v3,11/15] net/octeontx2: add inline ipsec Rx path changes
diff mbox series

Message ID 1580465035-30455-12-git-send-email-anoobj@marvell.com
State Superseded, archived
Delegated to: akhil goyal
Headers show
Series
  • add OCTEON TX2 inline IPsec support
Related show

Checks

Context Check Description
ci/Intel-compilation fail apply issues
ci/checkpatch success coding style OK

Commit Message

Anoob Joseph Jan. 31, 2020, 10:03 a.m. UTC
From: Tejasree Kondoj <ktejasree@marvell.com>

Adding post-processing required for inline IPsec inbound packets.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
---
 drivers/crypto/octeontx2/Makefile    |  3 +-
 drivers/crypto/octeontx2/meson.build |  2 +
 drivers/event/octeontx2/Makefile     |  1 +
 drivers/event/octeontx2/meson.build  |  2 +
 drivers/net/octeontx2/otx2_rx.h      | 73 ++++++++++++++++++++++++++++++++++++
 5 files changed, 80 insertions(+), 1 deletion(-)

Comments

Akhil Goyal Jan. 31, 2020, 1:39 p.m. UTC | #1
Hi Anoob,
> 
> From: Tejasree Kondoj <ktejasree@marvell.com>
> 
> Adding post-processing required for inline IPsec inbound packets.
> 
> Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> Signed-off-by: Archana Muniganti <marchana@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> ---
>  drivers/crypto/octeontx2/Makefile    |  3 +-
>  drivers/crypto/octeontx2/meson.build |  2 +
>  drivers/event/octeontx2/Makefile     |  1 +
>  drivers/event/octeontx2/meson.build  |  2 +
>  drivers/net/octeontx2/otx2_rx.h      | 73
> ++++++++++++++++++++++++++++++++++++
>  5 files changed, 80 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/octeontx2/Makefile
> b/drivers/crypto/octeontx2/Makefile
> index 3ba67ed..1458e2b 100644
> --- a/drivers/crypto/octeontx2/Makefile
> +++ b/drivers/crypto/octeontx2/Makefile
> @@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a
>  CFLAGS += $(WERROR_FLAGS)
> 
>  LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
> -LDLIBS += -lrte_cryptodev
> +LDLIBS += -lrte_cryptodev -lrte_security
>  LDLIBS += -lrte_pci -lrte_bus_pci
>  LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
> 
> @@ -20,6 +20,7 @@ VPATH += $(RTE_SDK)/drivers/crypto/octeontx2
>  CFLAGS += -O3
>  CFLAGS += -I$(RTE_SDK)/drivers/common/cpt
>  CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
> +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2

Why do you need to include self path for the driver?

>  CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
>  CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
>  CFLAGS += -DALLOW_EXPERIMENTAL_API
> diff --git a/drivers/crypto/octeontx2/meson.build
> b/drivers/crypto/octeontx2/meson.build
> index 67deca3..a531799 100644
> --- a/drivers/crypto/octeontx2/meson.build
> +++ b/drivers/crypto/octeontx2/meson.build
> @@ -9,6 +9,7 @@ deps += ['bus_pci']
>  deps += ['common_cpt']
>  deps += ['common_octeontx2']
>  deps += ['ethdev']
> +deps += ['security']
>  name = 'octeontx2_crypto'
> 
>  allow_experimental_apis = true
> @@ -32,5 +33,6 @@ endforeach
> 
>  includes += include_directories('../../common/cpt')
>  includes += include_directories('../../common/octeontx2')
> +includes += include_directories('../../crypto/octeontx2')

Same here.

>  includes += include_directories('../../mempool/octeontx2')
>  includes += include_directories('../../net/octeontx2')
> diff --git a/drivers/event/octeontx2/Makefile
> b/drivers/event/octeontx2/Makefile
> index 6dab69c..bcd22ee 100644
> --- a/drivers/event/octeontx2/Makefile
> +++ b/drivers/event/octeontx2/Makefile
> @@ -11,6 +11,7 @@ LIB = librte_pmd_octeontx2_event.a
> 
>  CFLAGS += $(WERROR_FLAGS)
>  CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
> +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
>  CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
>  CFLAGS += -I$(RTE_SDK)/drivers/event/octeontx2
>  CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
> diff --git a/drivers/event/octeontx2/meson.build
> b/drivers/event/octeontx2/meson.build
> index 807818b..56febb8 100644
> --- a/drivers/event/octeontx2/meson.build
> +++ b/drivers/event/octeontx2/meson.build
> @@ -32,3 +32,5 @@ foreach flag: extra_flags
>  endforeach
> 
>  deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2',
> 'pmd_octeontx2']
> +
> +includes += include_directories('../../crypto/octeontx2')
Anoob Joseph Jan. 31, 2020, 3:05 p.m. UTC | #2
Hi Akhil,

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal
> Sent: Friday, January 31, 2020 7:09 PM
> To: Anoob Joseph <anoobj@marvell.com>; Declan Doherty
> <declan.doherty@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> Cc: Tejasree Kondoj <ktejasree@marvell.com>; Jerin Jacob Kollanukkaran
> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
> <pathreya@marvell.com>; Kiran Kumar Kokkilagadda
> <kirankumark@marvell.com>; Nithin Kumar Dabilpuram
> <ndabilpuram@marvell.com>; Pavan Nikhilesh Bhagavatula
> <pbhagavatula@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Archana Muniganti <marchana@marvell.com>; Vamsi Krishna Attunuru
> <vattunuru@marvell.com>; Lukas Bartosik <lbartosik@marvell.com>;
> dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH v3 11/15] net/octeontx2: add inline ipsec Rx
> path changes
> 
> Hi Anoob,
> >
> > From: Tejasree Kondoj <ktejasree@marvell.com>
> >
> > Adding post-processing required for inline IPsec inbound packets.
> >
> > Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
> > Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> > Signed-off-by: Archana Muniganti <marchana@marvell.com>
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> > ---
> >  drivers/crypto/octeontx2/Makefile    |  3 +-
> >  drivers/crypto/octeontx2/meson.build |  2 +
> >  drivers/event/octeontx2/Makefile     |  1 +
> >  drivers/event/octeontx2/meson.build  |  2 +
> >  drivers/net/octeontx2/otx2_rx.h      | 73
> > ++++++++++++++++++++++++++++++++++++
> >  5 files changed, 80 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/crypto/octeontx2/Makefile
> > b/drivers/crypto/octeontx2/Makefile
> > index 3ba67ed..1458e2b 100644
> > --- a/drivers/crypto/octeontx2/Makefile
> > +++ b/drivers/crypto/octeontx2/Makefile
> > @@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a  CFLAGS +=
> > $(WERROR_FLAGS)
> >
> >  LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
> > -LDLIBS += -lrte_cryptodev
> > +LDLIBS += -lrte_cryptodev -lrte_security
> >  LDLIBS += -lrte_pci -lrte_bus_pci
> >  LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
> >
> > @@ -20,6 +20,7 @@ VPATH += $(RTE_SDK)/drivers/crypto/octeontx2
> >  CFLAGS += -O3
> >  CFLAGS += -I$(RTE_SDK)/drivers/common/cpt  CFLAGS +=
> > -I$(RTE_SDK)/drivers/common/octeontx2
> > +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
> 
> Why do you need to include self path for the driver?

[Anoob] Well this is interesting. I cannot explain this but when I'm building otx2_cryptodev*.c files which include otx2_ethdev_sec.h, it's throwing an error that otx2_ipsec_fp.h is not found (in case of shared build and meson, I guess). The file otx2_ethdev_sec.h is in net/octeontx2 and it includes otx2_ipsec_fp.h which is in crypto/octeontx2.

I'll cross check and let you know if it's needed in both Makefile & meson.
 
> 
> >  CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
> >  CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
> >  CFLAGS += -DALLOW_EXPERIMENTAL_API
> > diff --git a/drivers/crypto/octeontx2/meson.build
> > b/drivers/crypto/octeontx2/meson.build
> > index 67deca3..a531799 100644
> > --- a/drivers/crypto/octeontx2/meson.build
> > +++ b/drivers/crypto/octeontx2/meson.build
> > @@ -9,6 +9,7 @@ deps += ['bus_pci']
> >  deps += ['common_cpt']
> >  deps += ['common_octeontx2']
> >  deps += ['ethdev']
> > +deps += ['security']
> >  name = 'octeontx2_crypto'
> >
> >  allow_experimental_apis = true
> > @@ -32,5 +33,6 @@ endforeach
> >
> >  includes += include_directories('../../common/cpt')
> >  includes += include_directories('../../common/octeontx2')
> > +includes += include_directories('../../crypto/octeontx2')
> 
> Same here.
> 
> >  includes += include_directories('../../mempool/octeontx2')
> >  includes += include_directories('../../net/octeontx2')
> > diff --git a/drivers/event/octeontx2/Makefile
> > b/drivers/event/octeontx2/Makefile
> > index 6dab69c..bcd22ee 100644
> > --- a/drivers/event/octeontx2/Makefile
> > +++ b/drivers/event/octeontx2/Makefile
> > @@ -11,6 +11,7 @@ LIB = librte_pmd_octeontx2_event.a
> >
> >  CFLAGS += $(WERROR_FLAGS)
> >  CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
> > +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
> >  CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
> >  CFLAGS += -I$(RTE_SDK)/drivers/event/octeontx2
> >  CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
> > diff --git a/drivers/event/octeontx2/meson.build
> > b/drivers/event/octeontx2/meson.build
> > index 807818b..56febb8 100644
> > --- a/drivers/event/octeontx2/meson.build
> > +++ b/drivers/event/octeontx2/meson.build
> > @@ -32,3 +32,5 @@ foreach flag: extra_flags  endforeach
> >
> >  deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2',
> > 'pmd_octeontx2']
> > +
> > +includes += include_directories('../../crypto/octeontx2')

Patch
diff mbox series

diff --git a/drivers/crypto/octeontx2/Makefile b/drivers/crypto/octeontx2/Makefile
index 3ba67ed..1458e2b 100644
--- a/drivers/crypto/octeontx2/Makefile
+++ b/drivers/crypto/octeontx2/Makefile
@@ -11,7 +11,7 @@  LIB = librte_pmd_octeontx2_crypto.a
 CFLAGS += $(WERROR_FLAGS)
 
 LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
-LDLIBS += -lrte_cryptodev
+LDLIBS += -lrte_cryptodev -lrte_security
 LDLIBS += -lrte_pci -lrte_bus_pci
 LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
 
@@ -20,6 +20,7 @@  VPATH += $(RTE_SDK)/drivers/crypto/octeontx2
 CFLAGS += -O3
 CFLAGS += -I$(RTE_SDK)/drivers/common/cpt
 CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
+CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
 CFLAGS += -DALLOW_EXPERIMENTAL_API
diff --git a/drivers/crypto/octeontx2/meson.build b/drivers/crypto/octeontx2/meson.build
index 67deca3..a531799 100644
--- a/drivers/crypto/octeontx2/meson.build
+++ b/drivers/crypto/octeontx2/meson.build
@@ -9,6 +9,7 @@  deps += ['bus_pci']
 deps += ['common_cpt']
 deps += ['common_octeontx2']
 deps += ['ethdev']
+deps += ['security']
 name = 'octeontx2_crypto'
 
 allow_experimental_apis = true
@@ -32,5 +33,6 @@  endforeach
 
 includes += include_directories('../../common/cpt')
 includes += include_directories('../../common/octeontx2')
+includes += include_directories('../../crypto/octeontx2')
 includes += include_directories('../../mempool/octeontx2')
 includes += include_directories('../../net/octeontx2')
diff --git a/drivers/event/octeontx2/Makefile b/drivers/event/octeontx2/Makefile
index 6dab69c..bcd22ee 100644
--- a/drivers/event/octeontx2/Makefile
+++ b/drivers/event/octeontx2/Makefile
@@ -11,6 +11,7 @@  LIB = librte_pmd_octeontx2_event.a
 
 CFLAGS += $(WERROR_FLAGS)
 CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
+CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/event/octeontx2
 CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
diff --git a/drivers/event/octeontx2/meson.build b/drivers/event/octeontx2/meson.build
index 807818b..56febb8 100644
--- a/drivers/event/octeontx2/meson.build
+++ b/drivers/event/octeontx2/meson.build
@@ -32,3 +32,5 @@  foreach flag: extra_flags
 endforeach
 
 deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2', 'pmd_octeontx2']
+
+includes += include_directories('../../crypto/octeontx2')
diff --git a/drivers/net/octeontx2/otx2_rx.h b/drivers/net/octeontx2/otx2_rx.h
index 351ad0f..eac4717 100644
--- a/drivers/net/octeontx2/otx2_rx.h
+++ b/drivers/net/octeontx2/otx2_rx.h
@@ -5,6 +5,12 @@ 
 #ifndef __OTX2_RX_H__
 #define __OTX2_RX_H__
 
+#include <rte_ether.h>
+
+#include "otx2_common.h"
+#include "otx2_ethdev_sec.h"
+#include "otx2_ipsec_fp.h"
+
 /* Default mark value used when none is provided. */
 #define OTX2_FLOW_ACTION_FLAG_DEFAULT	0xffff
 
@@ -31,6 +37,12 @@ 
 #define NIX_RX_MULTI_SEG_F            BIT(15)
 #define NIX_TIMESYNC_RX_OFFSET		8
 
+/* Inline IPsec offsets */
+
+#define INLINE_INB_RPTR_HDR		16
+/* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */
+#define INLINE_CPT_RESULT_OFFSET	80
+
 struct otx2_timesync_info {
 	uint64_t	rx_tstamp;
 	rte_iova_t	tx_tstamp_iova;
@@ -190,6 +202,60 @@  nix_cqe_xtract_mseg(const struct nix_rx_parse_s *rx,
 	}
 }
 
+static __rte_always_inline uint16_t
+nix_rx_sec_cptres_get(const void *cq)
+{
+	volatile const struct otx2_cpt_res *res;
+
+	res = (volatile const struct otx2_cpt_res *)((const char *)cq +
+			INLINE_CPT_RESULT_OFFSET);
+
+	return res->u16[0];
+}
+
+static __rte_always_inline void *
+nix_rx_sec_sa_get(const void * const lookup_mem, int spi, uint16_t port)
+{
+	const uint64_t *const *sa_tbl = (const uint64_t * const *)
+			((const uint8_t *)lookup_mem + OTX2_NIX_SA_TBL_START);
+
+	return (void *)sa_tbl[port][spi];
+}
+
+static __rte_always_inline uint64_t
+nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
+		       const void * const lookup_mem)
+{
+	struct otx2_ipsec_fp_in_sa *sa;
+	struct rte_ipv4_hdr *ipv4;
+	uint16_t m_len;
+	uint32_t spi;
+	char *data;
+
+	if (unlikely(nix_rx_sec_cptres_get(cq) != OTX2_SEC_COMP_GOOD))
+		return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
+
+	/* 20 bits of tag would have the SPI */
+	spi = cq->tag & 0xFFFFF;
+
+	sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port);
+	m->udata64 = (uint64_t)sa->userdata;
+
+	data = rte_pktmbuf_mtod(m, char *);
+	memcpy(data + INLINE_INB_RPTR_HDR, data, RTE_ETHER_HDR_LEN);
+
+	m->data_off += INLINE_INB_RPTR_HDR;
+
+	ipv4 = (struct rte_ipv4_hdr *)(data + INLINE_INB_RPTR_HDR +
+				       RTE_ETHER_HDR_LEN);
+
+	m_len = rte_be_to_cpu_16(ipv4->total_length) + RTE_ETHER_HDR_LEN;
+
+	m->data_len = m_len;
+	m->pkt_len = m_len;
+	return PKT_RX_SEC_OFFLOAD;
+}
+
 static __rte_always_inline void
 otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag,
 		     struct rte_mbuf *mbuf, const void *lookup_mem,
@@ -231,6 +297,13 @@  otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag,
 	if (flag & NIX_RX_OFFLOAD_MARK_UPDATE_F)
 		ol_flags = nix_update_match_id(rx->match_id, ol_flags, mbuf);
 
+	if (cq->cqe_type == NIX_XQE_TYPE_RX_IPSECH) {
+		*(uint64_t *)(&mbuf->rearm_data) = val;
+		ol_flags |= nix_rx_sec_mbuf_update(cq, mbuf, lookup_mem);
+		mbuf->ol_flags = ol_flags;
+		return;
+	}
+
 	mbuf->ol_flags = ol_flags;
 	*(uint64_t *)(&mbuf->rearm_data) = val;
 	mbuf->pkt_len = len;