[v2,9/9] crypto/octeontx2: add cryptodev sec dequeue routine
Checks
Commit Message
From: Vamsi Attunuru <vattunuru@marvell.com>
This patch adds lookaside IPsec dequeue routine.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
doc/guides/cryptodevs/octeontx2.rst | 19 ++++++++++
doc/guides/rel_notes/release_20_08.rst | 5 +++
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37 +++++++++++++++++++
drivers/crypto/octeontx2/otx2_ipsec_po.h | 30 +++++++++++++++
4 files changed, 91 insertions(+)
Comments
> From: Vamsi Attunuru <vattunuru@marvell.com>
>
> This patch adds lookaside IPsec dequeue routine.
>
> Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
The patch can be squashed into the previous one.
As enqueue will not work without dequeue operation.
> doc/guides/cryptodevs/octeontx2.rst | 19 ++++++++++
> doc/guides/rel_notes/release_20_08.rst | 5 +++
> drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37 +++++++++++++++++++
> drivers/crypto/octeontx2/otx2_ipsec_po.h | 30 +++++++++++++++
> 4 files changed, 91 insertions(+)
>
> diff --git a/doc/guides/cryptodevs/octeontx2.rst
> b/doc/guides/cryptodevs/octeontx2.rst
> index 085d669e49..5d111e46c3 100644
> --- a/doc/guides/cryptodevs/octeontx2.rst
> +++ b/doc/guides/cryptodevs/octeontx2.rst
> @@ -158,3 +158,22 @@ application:
>
> ./test
> RTE>>cryptodev_octeontx2_asym_autotest
> +
> +
> +Lookaside IPsec Support
> +-----------------------
> +
> +The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol mode,
> +with its **cryptographic accelerator (CPT)**. ``OCTEON TX2 crypto PMD``
> implements
> +this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload.
> +
> +Refer to :doc:`../prog_guide/rte_security` for more details on protocol
> offloads.
> +
You can probably add here that the feature can be tested with ipsec-secgw
sample application
> +
> +Features supported
> +~~~~~~~~~~~~~~~~~~
> +
> +* IPv4
> +* ESP
> +* Tunnel mode
> +* AES-128/192/256-GCM
> diff --git a/doc/guides/rel_notes/release_20_08.rst
> b/doc/guides/rel_notes/release_20_08.rst
> index f19b748728..2d57adc283 100644
> --- a/doc/guides/rel_notes/release_20_08.rst
> +++ b/doc/guides/rel_notes/release_20_08.rst
> @@ -225,6 +225,11 @@ New Features
> See the :doc:`../sample_app_ug/l2_forward_real_virtual` for more
> details of this parameter usage.
>
> +* **Added lookaside IPsec support to OCTEON TX2 crypto PMD.**
> +
> + Added lookaside IPsec support to OCTEON TX2 crypto PMD. With this feature,
> + applications will be able to offload lookaside IPsec to the hardware.
> +
Move this bullet as per the order described in this doc(below the new features section).
And it would be better to re-phrase the statement as
* **Updated the OCTEON TX2 crypto PMD to support rte_security.**
Updated the OCTEON TX2 crypto PMD to support ``rte_security`` lookaside
protocol offload for IPsec.
>
> Removed Items
> -------------
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> index 6a2753eb22..9d51b17ddd 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> @@ -835,11 +835,48 @@ otx2_cpt_asym_post_process(struct rte_crypto_op
> *cop,
> }
> }
>
<snip>
> +
> enum otx2_ipsec_po_comp_e {
> OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
> OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
> OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
> + OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2,
> + OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3,
> + OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4,
> + OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5,
> + OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6,
> + OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7,
> + OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8,
> + OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9,
> + OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA,
> + OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB,
> + OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC,
> + OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD,
> + OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE,
> + OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF,
> + OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0,
> + OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1,
> + OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2,
> + OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3,
> + OTX2_IPSEC_PO_CC_PADDING = 0xC4,
> + OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5,
> + OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6,
> + OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7,
> + OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8,
> + OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9,
> + OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA,
> + OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB,
> + OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC,
> + OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE,
> };
Are these error codes? Are they added in the debug prints somewhere?
>
> enum {
> --
> 2.27.0
Hi Akhil,
Please see inline.
Thanks
Tejasree
> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Wednesday, July 15, 2020 10:40 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Vamsi Krishna Attunuru <vattunuru@marvell.com>; Narayana Prasad
> Raju Athreya <pathreya@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; dev@dpdk.org
> Subject: [EXT] RE: [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec
> dequeue routine
>
> External Email
>
> ----------------------------------------------------------------------
> > From: Vamsi Attunuru <vattunuru@marvell.com>
> >
> > This patch adds lookaside IPsec dequeue routine.
> >
> > Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
>
> The patch can be squashed into the previous one.
> As enqueue will not work without dequeue operation.
[Tejasree] Will squash it with previous patch.
>
> > doc/guides/cryptodevs/octeontx2.rst | 19 ++++++++++
> > doc/guides/rel_notes/release_20_08.rst | 5 +++
> > drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37
> +++++++++++++++++++
> > drivers/crypto/octeontx2/otx2_ipsec_po.h | 30 +++++++++++++++
> > 4 files changed, 91 insertions(+)
> >
> > diff --git a/doc/guides/cryptodevs/octeontx2.rst
> > b/doc/guides/cryptodevs/octeontx2.rst
> > index 085d669e49..5d111e46c3 100644
> > --- a/doc/guides/cryptodevs/octeontx2.rst
> > +++ b/doc/guides/cryptodevs/octeontx2.rst
> > @@ -158,3 +158,22 @@ application:
> >
> > ./test
> > RTE>>cryptodev_octeontx2_asym_autotest
> > +
> > +
> > +Lookaside IPsec Support
> > +-----------------------
> > +
> > +The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol
> > +mode, with its **cryptographic accelerator (CPT)**. ``OCTEON TX2
> > +crypto PMD``
> > implements
> > +this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL``
> offload.
> > +
> > +Refer to :doc:`../prog_guide/rte_security` for more details on
> > +protocol
> > offloads.
> > +
> You can probably add here that the feature can be tested with ipsec-secgw
> sample application
[Tejasree] Sure
>
> > +
> > +Features supported
> > +~~~~~~~~~~~~~~~~~~
> > +
> > +* IPv4
> > +* ESP
> > +* Tunnel mode
> > +* AES-128/192/256-GCM
> > diff --git a/doc/guides/rel_notes/release_20_08.rst
> > b/doc/guides/rel_notes/release_20_08.rst
> > index f19b748728..2d57adc283 100644
> > --- a/doc/guides/rel_notes/release_20_08.rst
> > +++ b/doc/guides/rel_notes/release_20_08.rst
> > @@ -225,6 +225,11 @@ New Features
> > See the :doc:`../sample_app_ug/l2_forward_real_virtual` for more
> > details of this parameter usage.
> >
> > +* **Added lookaside IPsec support to OCTEON TX2 crypto PMD.**
> > +
> > + Added lookaside IPsec support to OCTEON TX2 crypto PMD. With this
> > + feature, applications will be able to offload lookaside IPsec to the
> hardware.
> > +
>
> Move this bullet as per the order described in this doc(below the new
> features section).
> And it would be better to re-phrase the statement as
> * **Updated the OCTEON TX2 crypto PMD to support rte_security.**
>
> Updated the OCTEON TX2 crypto PMD to support ``rte_security`` lookaside
> protocol offload for IPsec.
[Tejasree] Will move it and rephrase the statement.
>
> >
> > Removed Items
> > -------------
> > diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > index 6a2753eb22..9d51b17ddd 100644
> > --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > @@ -835,11 +835,48 @@ otx2_cpt_asym_post_process(struct
> rte_crypto_op
> > *cop,
> > }
> > }
> >
>
> <snip>
>
> > +
> > enum otx2_ipsec_po_comp_e {
> > OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
> > OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
> > OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
> > + OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2,
> > + OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3,
> > + OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4,
> > + OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5,
> > + OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6,
> > + OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7,
> > + OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8,
> > + OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9,
> > + OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA,
> > + OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB,
> > + OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC,
> > + OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD,
> > + OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE,
> > + OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF,
> > + OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0,
> > + OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1,
> > + OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2,
> > + OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3,
> > + OTX2_IPSEC_PO_CC_PADDING = 0xC4,
> > + OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5,
> > + OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6,
> > + OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7,
> > + OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8,
> > + OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9,
> > + OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA,
> > + OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB,
> > + OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC,
> > + OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE,
> > };
>
> Are these error codes? Are they added in the debug prints somewhere?
[Tejasree] Yes, these are error codes but they are not used right now. Will remove them.
> >
> > enum {
> > --
> > 2.27.0
@@ -158,3 +158,22 @@ application:
./test
RTE>>cryptodev_octeontx2_asym_autotest
+
+
+Lookaside IPsec Support
+-----------------------
+
+The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol mode,
+with its **cryptographic accelerator (CPT)**. ``OCTEON TX2 crypto PMD`` implements
+this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload.
+
+Refer to :doc:`../prog_guide/rte_security` for more details on protocol offloads.
+
+
+Features supported
+~~~~~~~~~~~~~~~~~~
+
+* IPv4
+* ESP
+* Tunnel mode
+* AES-128/192/256-GCM
@@ -225,6 +225,11 @@ New Features
See the :doc:`../sample_app_ug/l2_forward_real_virtual` for more
details of this parameter usage.
+* **Added lookaside IPsec support to OCTEON TX2 crypto PMD.**
+
+ Added lookaside IPsec support to OCTEON TX2 crypto PMD. With this feature,
+ applications will be able to offload lookaside IPsec to the hardware.
+
Removed Items
-------------
@@ -835,11 +835,48 @@ otx2_cpt_asym_post_process(struct rte_crypto_op *cop,
}
}
+static void
+otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
+{
+ struct cpt_request_info *req = (struct cpt_request_info *)rsp[2];
+ vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
+ struct rte_crypto_sym_op *sym_op = cop->sym;
+ struct rte_mbuf *m = sym_op->m_src;
+ struct rte_ipv4_hdr *ip;
+ uint16_t m_len;
+ int mdata_len;
+ char *data;
+
+ mdata_len = (int)rsp[3];
+ rte_pktmbuf_trim(m, mdata_len);
+
+ if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
+ data = rte_pktmbuf_mtod(m, char *);
+ ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR);
+
+ m_len = rte_be_to_cpu_16(ip->total_length);
+
+ m->data_len = m_len;
+ m->pkt_len = m_len;
+ m->data_off += OTX2_IPSEC_PO_INB_RPTR_HDR;
+ }
+}
+
static inline void
otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop,
uintptr_t *rsp, uint8_t cc)
{
if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+ if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+ if (likely(cc == OTX2_IPSEC_PO_CC_SUCCESS)) {
+ otx2_cpt_sec_post_process(cop, rsp);
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ } else
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+ return;
+ }
+
if (likely(cc == NO_ERR)) {
/* Verify authentication data if required */
if (unlikely(rsp[2]))
@@ -22,10 +22,40 @@
#define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23
#define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24
+#define OTX2_IPSEC_PO_INB_RPTR_HDR 0x8
+
enum otx2_ipsec_po_comp_e {
OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
+ OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2,
+ OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3,
+ OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4,
+ OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5,
+ OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6,
+ OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7,
+ OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8,
+ OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9,
+ OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA,
+ OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB,
+ OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC,
+ OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD,
+ OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE,
+ OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF,
+ OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0,
+ OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1,
+ OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2,
+ OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3,
+ OTX2_IPSEC_PO_CC_PADDING = 0xC4,
+ OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5,
+ OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6,
+ OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7,
+ OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8,
+ OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9,
+ OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA,
+ OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB,
+ OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC,
+ OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE,
};
enum {