Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 100160,
    "url": "https://patches.dpdk.org/api/patches/100160/?format=api",
    "web_url": "https://patches.dpdk.org/project/dpdk/patch/20210930170113.29030-23-ndabilpuram@marvell.com/",
    "project": {
        "id": 1,
        "url": "https://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20210930170113.29030-23-ndabilpuram@marvell.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20210930170113.29030-23-ndabilpuram@marvell.com",
    "date": "2021-09-30T17:01:07",
    "name": "[v2,22/28] net/cnxk: support IPsec anti replay in cn9k",
    "commit_ref": null,
    "pull_url": null,
    "state": "changes-requested",
    "archived": true,
    "hash": "f163eb9b97ec8100a22447fc4b847505a9b7dba5",
    "submitter": {
        "id": 1202,
        "url": "https://patches.dpdk.org/api/people/1202/?format=api",
        "name": "Nithin Dabilpuram",
        "email": "ndabilpuram@marvell.com"
    },
    "delegate": {
        "id": 310,
        "url": "https://patches.dpdk.org/api/users/310/?format=api",
        "username": "jerin",
        "first_name": "Jerin",
        "last_name": "Jacob",
        "email": "jerinj@marvell.com"
    },
    "mbox": "https://patches.dpdk.org/project/dpdk/patch/20210930170113.29030-23-ndabilpuram@marvell.com/mbox/",
    "series": [
        {
            "id": 19307,
            "url": "https://patches.dpdk.org/api/series/19307/?format=api",
            "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=19307",
            "date": "2021-09-30T17:00:48",
            "name": "net/cnxk: support for inline ipsec",
            "version": 2,
            "mbox": "https://patches.dpdk.org/series/19307/mbox/"
        }
    ],
    "comments": "https://patches.dpdk.org/api/patches/100160/comments/",
    "check": "success",
    "checks": "https://patches.dpdk.org/api/patches/100160/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id CCC48A0C43;\n\tThu, 30 Sep 2021 19:05:21 +0200 (CEST)",
            "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 8FF7B41194;\n\tThu, 30 Sep 2021 19:03:44 +0200 (CEST)",
            "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 265F8410FA\n for <dev@dpdk.org>; Thu, 30 Sep 2021 19:02:24 +0200 (CEST)",
            "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18UDg3bV025462\n for <dev@dpdk.org>; Thu, 30 Sep 2021 10:02:24 -0700",
            "from dc5-exch01.marvell.com ([199.233.59.181])\n by mx0a-0016f401.pphosted.com with ESMTP id 3bdebtgyr7-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Thu, 30 Sep 2021 10:02:24 -0700",
            "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Thu, 30 Sep 2021 10:02:22 -0700",
            "from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Thu, 30 Sep 2021 10:02:22 -0700",
            "from hyd1588t430.marvell.com (unknown [10.29.52.204])\n by maili.marvell.com (Postfix) with ESMTP id 6BDF23F7067;\n Thu, 30 Sep 2021 10:02:20 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-type; s=pfpt0220; bh=pJHcBiQP5/YOk3pv1oTjQuFqgVK2zkQAjm8ExO5F6AE=;\n b=iBeL85u8lh53r3vOUZ3TFJOP+bXszzsdIt895UKgSlQhYS7NKNeJlb1MMh6MDWh4znl8\n 2hb4JyvcDzjYIsNjRDrzJyTXdsXAkwEwfOWFMgXc0iCGDj0kW8sgRyTYqJcY0LOtDY+e\n iowjSHdSv8ivKE72SO6vpSTr4kSYabZM89gf0rQiR5bJ+4JCTAaLmWOxxRy+j14Rpdzy\n Y3cGkAJN3yJ/HM++BMs3qgjxOU5YFpgm9ppDzJU4VRwmylYtKHbfTCKBXSFoAfYESOKW\n 3869EGxChpJ0Yo4C8RA/VVvES8HfMCF5NlKsR3ZHJvLUsqMlLoxIbQTjJN9Y31/RNnJf ZA==",
        "From": "Nithin Dabilpuram <ndabilpuram@marvell.com>",
        "To": "<jerinj@marvell.com>, Nithin Dabilpuram <ndabilpuram@marvell.com>, \"Kiran\n Kumar K\" <kirankumark@marvell.com>, Sunil Kumar Kori <skori@marvell.com>,\n Satha Rao <skoteshwar@marvell.com>",
        "CC": "<dev@dpdk.org>, Srujana Challa <schalla@marvell.com>",
        "Date": "Thu, 30 Sep 2021 22:31:07 +0530",
        "Message-ID": "<20210930170113.29030-23-ndabilpuram@marvell.com>",
        "X-Mailer": "git-send-email 2.8.4",
        "In-Reply-To": "<20210930170113.29030-1-ndabilpuram@marvell.com>",
        "References": "<20210902021505.17607-1-ndabilpuram@marvell.com>\n <20210930170113.29030-1-ndabilpuram@marvell.com>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain",
        "X-Proofpoint-ORIG-GUID": "-aj57Ui_tMegpYcHn-xxlUwsOSbaiqmd",
        "X-Proofpoint-GUID": "-aj57Ui_tMegpYcHn-xxlUwsOSbaiqmd",
        "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475\n definitions=2021-09-30_06,2021-09-30_01,2020-04-07_01",
        "Subject": "[dpdk-dev] [PATCH v2 22/28] net/cnxk: support IPsec anti replay in\n cn9k",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "From: Srujana Challa <schalla@marvell.com>\n\nAdds anti replay support for cn9k platform using\nSW anti replay check.\n\nSigned-off-by: Srujana Challa <schalla@marvell.com>\n---\n drivers/net/cnxk/cn9k_ethdev.h     |  3 +++\n drivers/net/cnxk/cn9k_ethdev_sec.c | 29 ++++++++++++++++++++\n drivers/net/cnxk/cn9k_rx.h         | 54 +++++++++++++++++++++++++++++++++++++-\n 3 files changed, 85 insertions(+), 1 deletion(-)",
    "diff": "diff --git a/drivers/net/cnxk/cn9k_ethdev.h b/drivers/net/cnxk/cn9k_ethdev.h\nindex f8818b8..2b452fe 100644\n--- a/drivers/net/cnxk/cn9k_ethdev.h\n+++ b/drivers/net/cnxk/cn9k_ethdev.h\n@@ -6,6 +6,7 @@\n \n #include <cnxk_ethdev.h>\n #include <cnxk_security.h>\n+#include <cnxk_security_ar.h>\n \n struct cn9k_eth_txq {\n \tuint64_t cmd[8];\n@@ -40,6 +41,8 @@ struct cn9k_eth_rxq {\n /* Private data in sw rsvd area of struct roc_onf_ipsec_inb_sa */\n struct cn9k_inb_priv_data {\n \tvoid *userdata;\n+\tuint32_t replay_win_sz;\n+\tstruct cnxk_on_ipsec_ar ar;\n \tstruct cnxk_eth_sec_sess *eth_sec;\n };\n \ndiff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c\nindex 3ec7497..deb1daf 100644\n--- a/drivers/net/cnxk/cn9k_ethdev_sec.c\n+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c\n@@ -73,6 +73,27 @@ static const struct rte_security_capability cn9k_eth_sec_capabilities[] = {\n \t}\n };\n \n+static inline int\n+ar_window_init(struct cn9k_inb_priv_data *inb_priv)\n+{\n+\tif (inb_priv->replay_win_sz > CNXK_ON_AR_WIN_SIZE_MAX) {\n+\t\tplt_err(\"Replay window size:%u is not supported\",\n+\t\t\tinb_priv->replay_win_sz);\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\trte_spinlock_init(&inb_priv->ar.lock);\n+\t/*\n+\t * Set window bottom to 1, base and top to size of\n+\t * window\n+\t */\n+\tinb_priv->ar.winb = 1;\n+\tinb_priv->ar.wint = inb_priv->replay_win_sz;\n+\tinb_priv->ar.base = inb_priv->replay_win_sz;\n+\n+\treturn 0;\n+}\n+\n static int\n cn9k_eth_sec_session_create(void *device,\n \t\t\t    struct rte_security_session_conf *conf,\n@@ -158,6 +179,14 @@ cn9k_eth_sec_session_create(void *device,\n \t\t/* Save userdata in inb private area */\n \t\tinb_priv->userdata = conf->userdata;\n \n+\t\tinb_priv->replay_win_sz = ipsec->replay_win_sz;\n+\t\tif (inb_priv->replay_win_sz) {\n+\t\t\trc = ar_window_init(inb_priv);\n+\t\t\tif (rc)\n+\t\t\t\tgoto mempool_put;\n+\t\t}\n+\n+\t\t/* Prepare session priv */\n \t\tsess_priv.inb_sa = 1;\n \t\tsess_priv.sa_idx = ipsec->spi;\n \ndiff --git a/drivers/net/cnxk/cn9k_rx.h b/drivers/net/cnxk/cn9k_rx.h\nindex bdedeab..7ab415a 100644\n--- a/drivers/net/cnxk/cn9k_rx.h\n+++ b/drivers/net/cnxk/cn9k_rx.h\n@@ -31,6 +31,9 @@\n #define CQE_CAST(x)\t     ((struct nix_cqe_hdr_s *)(x))\n #define CQE_SZ(x)\t     ((x) * CNXK_NIX_CQ_ENTRY_SZ)\n \n+#define IPSEC_SQ_LO_IDX 4\n+#define IPSEC_SQ_HI_IDX 8\n+\n union mbuf_initializer {\n \tstruct {\n \t\tuint16_t data_off;\n@@ -166,6 +169,48 @@ nix_cqe_xtract_mseg(const union nix_rx_parse_u *rx, struct rte_mbuf *mbuf,\n \tmbuf->next = NULL;\n }\n \n+static inline int\n+ipsec_antireplay_check(struct roc_onf_ipsec_inb_sa *sa,\n+\t\t       struct cn9k_inb_priv_data *priv, uintptr_t data,\n+\t\t       uint32_t win_sz)\n+{\n+\tstruct cnxk_on_ipsec_ar *ar = &priv->ar;\n+\tuint64_t seq_in_sa;\n+\tuint32_t seqh = 0;\n+\tuint32_t seql;\n+\tuint64_t seq;\n+\tuint8_t esn;\n+\tint rc;\n+\n+\tesn = sa->ctl.esn_en;\n+\tseql = rte_be_to_cpu_32(*((uint32_t *)(data + IPSEC_SQ_LO_IDX)));\n+\n+\tif (!esn) {\n+\t\tseq = (uint64_t)seql;\n+\t} else {\n+\t\tseqh = rte_be_to_cpu_32(*((uint32_t *)(data +\n+\t\t\t\t\tIPSEC_SQ_HI_IDX)));\n+\t\tseq = ((uint64_t)seqh << 32) | seql;\n+\t}\n+\n+\tif (unlikely(seq == 0))\n+\t\treturn -1;\n+\n+\trte_spinlock_lock(&ar->lock);\n+\trc = cnxk_on_anti_replay_check(seq, ar, win_sz);\n+\tif (esn && !rc) {\n+\t\tseq_in_sa = ((uint64_t)rte_be_to_cpu_32(sa->esn_hi) << 32) |\n+\t\t\t    rte_be_to_cpu_32(sa->esn_low);\n+\t\tif (seq > seq_in_sa) {\n+\t\t\tsa->esn_low = rte_cpu_to_be_32(seql);\n+\t\t\tsa->esn_hi = rte_cpu_to_be_32(seqh);\n+\t\t}\n+\t}\n+\trte_spinlock_unlock(&ar->lock);\n+\n+\treturn rc;\n+}\n+\n static __rte_always_inline uint64_t\n nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,\n \t\t       uintptr_t sa_base, uint64_t *rearm_val, uint16_t *len)\n@@ -178,8 +223,8 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,\n \tuint8_t lcptr = rx->lcptr;\n \tstruct rte_ipv4_hdr *ipv4;\n \tuint16_t data_off, res;\n+\tuint32_t spi, win_sz;\n \tuint32_t spi_mask;\n-\tuint32_t spi;\n \tuintptr_t data;\n \t__uint128_t dw;\n \tuint8_t sa_w;\n@@ -209,6 +254,13 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,\n \tdw = *(__uint128_t *)sa_priv;\n \t*rte_security_dynfield(m) = (uint64_t)dw;\n \n+\t/* Check if anti-replay is enabled */\n+\twin_sz = (uint32_t)(dw >> 64);\n+\tif (win_sz) {\n+\t\tif (ipsec_antireplay_check(sa, sa_priv, data, win_sz) < 0)\n+\t\t\treturn PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;\n+\t}\n+\n \t/* Get total length from IPv4 header. We can assume only IPv4 */\n \tipv4 = (struct rte_ipv4_hdr *)(data + ROC_ONF_IPSEC_INB_SPI_SEQ_SZ +\n \t\t\t\t       ROC_ONF_IPSEC_INB_MAX_L2_SZ);\n",
    "prefixes": [
        "v2",
        "22/28"
    ]
}