Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/97747/?format=api
https://patches.dpdk.org/api/patches/97747/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20210902021505.17607-22-ndabilpuram@marvell.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210902021505.17607-22-ndabilpuram@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210902021505.17607-22-ndabilpuram@marvell.com", "date": "2021-09-02T02:14:59", "name": "[21/27] net/cnxk: add cn9k anti replay support for security offload", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "f163eb9b97ec8100a22447fc4b847505a9b7dba5", "submitter": { "id": 1202, "url": "https://patches.dpdk.org/api/people/1202/?format=api", "name": "Nithin Dabilpuram", "email": "ndabilpuram@marvell.com" }, "delegate": { "id": 310, "url": "https://patches.dpdk.org/api/users/310/?format=api", "username": "jerin", "first_name": "Jerin", "last_name": "Jacob", "email": "jerinj@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20210902021505.17607-22-ndabilpuram@marvell.com/mbox/", "series": [ { "id": 18612, "url": "https://patches.dpdk.org/api/series/18612/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=18612", "date": "2021-09-02T02:14:38", "name": "net/cnxk: support for inline ipsec", "version": 1, "mbox": "https://patches.dpdk.org/series/18612/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/97747/comments/", "check": "success", "checks": "https://patches.dpdk.org/api/patches/97747/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 82C18A0C4C;\n\tThu, 2 Sep 2021 04:19:10 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id A586C41197;\n\tThu, 2 Sep 2021 04:17:52 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id BA8984119D\n for <dev@dpdk.org>; Thu, 2 Sep 2021 04:17:50 +0200 (CEST)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 181HQCpu011801\n for <dev@dpdk.org>; Wed, 1 Sep 2021 19:17:50 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0b-0016f401.pphosted.com with ESMTP id 3atdwq9huq-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Wed, 01 Sep 2021 19:17:49 -0700", "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Wed, 1 Sep 2021 19:17:47 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Wed, 1 Sep 2021 19:17:47 -0700", "from hyd1588t430.marvell.com (unknown [10.29.52.204])\n by maili.marvell.com (Postfix) with ESMTP id 2C6933F7040;\n Wed, 1 Sep 2021 19:17:44 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-type; s=pfpt0220; bh=dWCVK1wq45KoC4KwL037N0S4jX5zugmcBKPBw+8Ziuc=;\n b=OI5Rz2kR+IKo0FsmEZL5w+rsYc+NP9bTlOFYaLzaGBnFgTnCkl5+sB/q3mumxF7O4/NH\n wZRGodWkgrJLu0YJHp8UG6bNciJdCk/M4IeH69FnMqxmNsSfCn3bPPd61c1NP0f161qj\n 9J9RT8ahobCs2SzA6gEpukPdSgpoAOYrAqaouO5NUOMMI9UhCcj1RPvWD9ztDEaJ+p16\n MZSZJLXNc5DhlY49R/k6aTBB934P9PpxC+ObnIN5Yba5L82C5aqJocIJi7vVn4KovaXd\n z3+Wn9vpLrF8/7x6nVIYc/zHiBC5VmeH7p6jiVT3A7Cc2DJ72L4f1ji4cPW3ZVUXiVnC aA==", "From": "Nithin Dabilpuram <ndabilpuram@marvell.com>", "To": "Nithin Dabilpuram <ndabilpuram@marvell.com>, Kiran Kumar K\n <kirankumark@marvell.com>, Sunil Kumar Kori <skori@marvell.com>, Satha Rao\n <skoteshwar@marvell.com>", "CC": "<jerinj@marvell.com>, <schalla@marvell.com>, <dev@dpdk.org>", "Date": "Thu, 2 Sep 2021 07:44:59 +0530", "Message-ID": "<20210902021505.17607-22-ndabilpuram@marvell.com>", "X-Mailer": "git-send-email 2.8.4", "In-Reply-To": "<20210902021505.17607-1-ndabilpuram@marvell.com>", "References": "<20210902021505.17607-1-ndabilpuram@marvell.com>", "MIME-Version": "1.0", "Content-Type": "text/plain", "X-Proofpoint-ORIG-GUID": "rjqddn7eXjz8Ddv_Oy7xcKm7dsle4Kjf", "X-Proofpoint-GUID": "rjqddn7eXjz8Ddv_Oy7xcKm7dsle4Kjf", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475\n definitions=2021-09-01_05,2021-09-01_01,2020-04-07_01", "Subject": "[dpdk-dev] [PATCH 21/27] net/cnxk: add cn9k anti replay support for\n security offload", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Srujana Challa <schalla@marvell.com>\n\nAdds anti replay support for cn9k platform.\n\nSigned-off-by: Srujana Challa <schalla@marvell.com>\n---\n drivers/net/cnxk/cn9k_ethdev.h | 3 +++\n drivers/net/cnxk/cn9k_ethdev_sec.c | 29 ++++++++++++++++++++\n drivers/net/cnxk/cn9k_rx.h | 54 +++++++++++++++++++++++++++++++++++++-\n 3 files changed, 85 insertions(+), 1 deletion(-)", "diff": "diff --git a/drivers/net/cnxk/cn9k_ethdev.h b/drivers/net/cnxk/cn9k_ethdev.h\nindex f8818b8..2b452fe 100644\n--- a/drivers/net/cnxk/cn9k_ethdev.h\n+++ b/drivers/net/cnxk/cn9k_ethdev.h\n@@ -6,6 +6,7 @@\n \n #include <cnxk_ethdev.h>\n #include <cnxk_security.h>\n+#include <cnxk_security_ar.h>\n \n struct cn9k_eth_txq {\n \tuint64_t cmd[8];\n@@ -40,6 +41,8 @@ struct cn9k_eth_rxq {\n /* Private data in sw rsvd area of struct roc_onf_ipsec_inb_sa */\n struct cn9k_inb_priv_data {\n \tvoid *userdata;\n+\tuint32_t replay_win_sz;\n+\tstruct cnxk_on_ipsec_ar ar;\n \tstruct cnxk_eth_sec_sess *eth_sec;\n };\n \ndiff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c\nindex 3ec7497..deb1daf 100644\n--- a/drivers/net/cnxk/cn9k_ethdev_sec.c\n+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c\n@@ -73,6 +73,27 @@ static const struct rte_security_capability cn9k_eth_sec_capabilities[] = {\n \t}\n };\n \n+static inline int\n+ar_window_init(struct cn9k_inb_priv_data *inb_priv)\n+{\n+\tif (inb_priv->replay_win_sz > CNXK_ON_AR_WIN_SIZE_MAX) {\n+\t\tplt_err(\"Replay window size:%u is not supported\",\n+\t\t\tinb_priv->replay_win_sz);\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\trte_spinlock_init(&inb_priv->ar.lock);\n+\t/*\n+\t * Set window bottom to 1, base and top to size of\n+\t * window\n+\t */\n+\tinb_priv->ar.winb = 1;\n+\tinb_priv->ar.wint = inb_priv->replay_win_sz;\n+\tinb_priv->ar.base = inb_priv->replay_win_sz;\n+\n+\treturn 0;\n+}\n+\n static int\n cn9k_eth_sec_session_create(void *device,\n \t\t\t struct rte_security_session_conf *conf,\n@@ -158,6 +179,14 @@ cn9k_eth_sec_session_create(void *device,\n \t\t/* Save userdata in inb private area */\n \t\tinb_priv->userdata = conf->userdata;\n \n+\t\tinb_priv->replay_win_sz = ipsec->replay_win_sz;\n+\t\tif (inb_priv->replay_win_sz) {\n+\t\t\trc = ar_window_init(inb_priv);\n+\t\t\tif (rc)\n+\t\t\t\tgoto mempool_put;\n+\t\t}\n+\n+\t\t/* Prepare session priv */\n \t\tsess_priv.inb_sa = 1;\n \t\tsess_priv.sa_idx = ipsec->spi;\n \ndiff --git a/drivers/net/cnxk/cn9k_rx.h b/drivers/net/cnxk/cn9k_rx.h\nindex bdedeab..7ab415a 100644\n--- a/drivers/net/cnxk/cn9k_rx.h\n+++ b/drivers/net/cnxk/cn9k_rx.h\n@@ -31,6 +31,9 @@\n #define CQE_CAST(x)\t ((struct nix_cqe_hdr_s *)(x))\n #define CQE_SZ(x)\t ((x) * CNXK_NIX_CQ_ENTRY_SZ)\n \n+#define IPSEC_SQ_LO_IDX 4\n+#define IPSEC_SQ_HI_IDX 8\n+\n union mbuf_initializer {\n \tstruct {\n \t\tuint16_t data_off;\n@@ -166,6 +169,48 @@ nix_cqe_xtract_mseg(const union nix_rx_parse_u *rx, struct rte_mbuf *mbuf,\n \tmbuf->next = NULL;\n }\n \n+static inline int\n+ipsec_antireplay_check(struct roc_onf_ipsec_inb_sa *sa,\n+\t\t struct cn9k_inb_priv_data *priv, uintptr_t data,\n+\t\t uint32_t win_sz)\n+{\n+\tstruct cnxk_on_ipsec_ar *ar = &priv->ar;\n+\tuint64_t seq_in_sa;\n+\tuint32_t seqh = 0;\n+\tuint32_t seql;\n+\tuint64_t seq;\n+\tuint8_t esn;\n+\tint rc;\n+\n+\tesn = sa->ctl.esn_en;\n+\tseql = rte_be_to_cpu_32(*((uint32_t *)(data + IPSEC_SQ_LO_IDX)));\n+\n+\tif (!esn) {\n+\t\tseq = (uint64_t)seql;\n+\t} else {\n+\t\tseqh = rte_be_to_cpu_32(*((uint32_t *)(data +\n+\t\t\t\t\tIPSEC_SQ_HI_IDX)));\n+\t\tseq = ((uint64_t)seqh << 32) | seql;\n+\t}\n+\n+\tif (unlikely(seq == 0))\n+\t\treturn -1;\n+\n+\trte_spinlock_lock(&ar->lock);\n+\trc = cnxk_on_anti_replay_check(seq, ar, win_sz);\n+\tif (esn && !rc) {\n+\t\tseq_in_sa = ((uint64_t)rte_be_to_cpu_32(sa->esn_hi) << 32) |\n+\t\t\t rte_be_to_cpu_32(sa->esn_low);\n+\t\tif (seq > seq_in_sa) {\n+\t\t\tsa->esn_low = rte_cpu_to_be_32(seql);\n+\t\t\tsa->esn_hi = rte_cpu_to_be_32(seqh);\n+\t\t}\n+\t}\n+\trte_spinlock_unlock(&ar->lock);\n+\n+\treturn rc;\n+}\n+\n static __rte_always_inline uint64_t\n nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,\n \t\t uintptr_t sa_base, uint64_t *rearm_val, uint16_t *len)\n@@ -178,8 +223,8 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,\n \tuint8_t lcptr = rx->lcptr;\n \tstruct rte_ipv4_hdr *ipv4;\n \tuint16_t data_off, res;\n+\tuint32_t spi, win_sz;\n \tuint32_t spi_mask;\n-\tuint32_t spi;\n \tuintptr_t data;\n \t__uint128_t dw;\n \tuint8_t sa_w;\n@@ -209,6 +254,13 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,\n \tdw = *(__uint128_t *)sa_priv;\n \t*rte_security_dynfield(m) = (uint64_t)dw;\n \n+\t/* Check if anti-replay is enabled */\n+\twin_sz = (uint32_t)(dw >> 64);\n+\tif (win_sz) {\n+\t\tif (ipsec_antireplay_check(sa, sa_priv, data, win_sz) < 0)\n+\t\t\treturn PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;\n+\t}\n+\n \t/* Get total length from IPv4 header. We can assume only IPv4 */\n \tipv4 = (struct rte_ipv4_hdr *)(data + ROC_ONF_IPSEC_INB_SPI_SEQ_SZ +\n \t\t\t\t ROC_ONF_IPSEC_INB_MAX_L2_SZ);\n", "prefixes": [ "21/27" ] }{ "id": 97747, "url": "