[v3,11/15] net/octeontx2: add inline ipsec Rx path changes
Checks
Commit Message
From: Tejasree Kondoj <ktejasree@marvell.com>
Adding post-processing required for inline IPsec inbound packets.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
---
drivers/crypto/octeontx2/Makefile | 3 +-
drivers/crypto/octeontx2/meson.build | 2 +
drivers/event/octeontx2/Makefile | 1 +
drivers/event/octeontx2/meson.build | 2 +
drivers/net/octeontx2/otx2_rx.h | 73 ++++++++++++++++++++++++++++++++++++
5 files changed, 80 insertions(+), 1 deletion(-)
Comments
Hi Anoob,
>
> From: Tejasree Kondoj <ktejasree@marvell.com>
>
> Adding post-processing required for inline IPsec inbound packets.
>
> Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> Signed-off-by: Archana Muniganti <marchana@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> ---
> drivers/crypto/octeontx2/Makefile | 3 +-
> drivers/crypto/octeontx2/meson.build | 2 +
> drivers/event/octeontx2/Makefile | 1 +
> drivers/event/octeontx2/meson.build | 2 +
> drivers/net/octeontx2/otx2_rx.h | 73
> ++++++++++++++++++++++++++++++++++++
> 5 files changed, 80 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/octeontx2/Makefile
> b/drivers/crypto/octeontx2/Makefile
> index 3ba67ed..1458e2b 100644
> --- a/drivers/crypto/octeontx2/Makefile
> +++ b/drivers/crypto/octeontx2/Makefile
> @@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a
> CFLAGS += $(WERROR_FLAGS)
>
> LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
> -LDLIBS += -lrte_cryptodev
> +LDLIBS += -lrte_cryptodev -lrte_security
> LDLIBS += -lrte_pci -lrte_bus_pci
> LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
>
> @@ -20,6 +20,7 @@ VPATH += $(RTE_SDK)/drivers/crypto/octeontx2
> CFLAGS += -O3
> CFLAGS += -I$(RTE_SDK)/drivers/common/cpt
> CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
> +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
Why do you need to include self path for the driver?
> CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
> CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
> CFLAGS += -DALLOW_EXPERIMENTAL_API
> diff --git a/drivers/crypto/octeontx2/meson.build
> b/drivers/crypto/octeontx2/meson.build
> index 67deca3..a531799 100644
> --- a/drivers/crypto/octeontx2/meson.build
> +++ b/drivers/crypto/octeontx2/meson.build
> @@ -9,6 +9,7 @@ deps += ['bus_pci']
> deps += ['common_cpt']
> deps += ['common_octeontx2']
> deps += ['ethdev']
> +deps += ['security']
> name = 'octeontx2_crypto'
>
> allow_experimental_apis = true
> @@ -32,5 +33,6 @@ endforeach
>
> includes += include_directories('../../common/cpt')
> includes += include_directories('../../common/octeontx2')
> +includes += include_directories('../../crypto/octeontx2')
Same here.
> includes += include_directories('../../mempool/octeontx2')
> includes += include_directories('../../net/octeontx2')
> diff --git a/drivers/event/octeontx2/Makefile
> b/drivers/event/octeontx2/Makefile
> index 6dab69c..bcd22ee 100644
> --- a/drivers/event/octeontx2/Makefile
> +++ b/drivers/event/octeontx2/Makefile
> @@ -11,6 +11,7 @@ LIB = librte_pmd_octeontx2_event.a
>
> CFLAGS += $(WERROR_FLAGS)
> CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
> +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
> CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
> CFLAGS += -I$(RTE_SDK)/drivers/event/octeontx2
> CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
> diff --git a/drivers/event/octeontx2/meson.build
> b/drivers/event/octeontx2/meson.build
> index 807818b..56febb8 100644
> --- a/drivers/event/octeontx2/meson.build
> +++ b/drivers/event/octeontx2/meson.build
> @@ -32,3 +32,5 @@ foreach flag: extra_flags
> endforeach
>
> deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2',
> 'pmd_octeontx2']
> +
> +includes += include_directories('../../crypto/octeontx2')
Hi Akhil,
Please see inline.
Thanks,
Anoob
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal
> Sent: Friday, January 31, 2020 7:09 PM
> To: Anoob Joseph <anoobj@marvell.com>; Declan Doherty
> <declan.doherty@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> Cc: Tejasree Kondoj <ktejasree@marvell.com>; Jerin Jacob Kollanukkaran
> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
> <pathreya@marvell.com>; Kiran Kumar Kokkilagadda
> <kirankumark@marvell.com>; Nithin Kumar Dabilpuram
> <ndabilpuram@marvell.com>; Pavan Nikhilesh Bhagavatula
> <pbhagavatula@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Archana Muniganti <marchana@marvell.com>; Vamsi Krishna Attunuru
> <vattunuru@marvell.com>; Lukas Bartosik <lbartosik@marvell.com>;
> dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH v3 11/15] net/octeontx2: add inline ipsec Rx
> path changes
>
> Hi Anoob,
> >
> > From: Tejasree Kondoj <ktejasree@marvell.com>
> >
> > Adding post-processing required for inline IPsec inbound packets.
> >
> > Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
> > Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> > Signed-off-by: Archana Muniganti <marchana@marvell.com>
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> > ---
> > drivers/crypto/octeontx2/Makefile | 3 +-
> > drivers/crypto/octeontx2/meson.build | 2 +
> > drivers/event/octeontx2/Makefile | 1 +
> > drivers/event/octeontx2/meson.build | 2 +
> > drivers/net/octeontx2/otx2_rx.h | 73
> > ++++++++++++++++++++++++++++++++++++
> > 5 files changed, 80 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/crypto/octeontx2/Makefile
> > b/drivers/crypto/octeontx2/Makefile
> > index 3ba67ed..1458e2b 100644
> > --- a/drivers/crypto/octeontx2/Makefile
> > +++ b/drivers/crypto/octeontx2/Makefile
> > @@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a CFLAGS +=
> > $(WERROR_FLAGS)
> >
> > LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
> > -LDLIBS += -lrte_cryptodev
> > +LDLIBS += -lrte_cryptodev -lrte_security
> > LDLIBS += -lrte_pci -lrte_bus_pci
> > LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
> >
> > @@ -20,6 +20,7 @@ VPATH += $(RTE_SDK)/drivers/crypto/octeontx2
> > CFLAGS += -O3
> > CFLAGS += -I$(RTE_SDK)/drivers/common/cpt CFLAGS +=
> > -I$(RTE_SDK)/drivers/common/octeontx2
> > +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
>
> Why do you need to include self path for the driver?
[Anoob] Well this is interesting. I cannot explain this but when I'm building otx2_cryptodev*.c files which include otx2_ethdev_sec.h, it's throwing an error that otx2_ipsec_fp.h is not found (in case of shared build and meson, I guess). The file otx2_ethdev_sec.h is in net/octeontx2 and it includes otx2_ipsec_fp.h which is in crypto/octeontx2.
I'll cross check and let you know if it's needed in both Makefile & meson.
>
> > CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
> > CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
> > CFLAGS += -DALLOW_EXPERIMENTAL_API
> > diff --git a/drivers/crypto/octeontx2/meson.build
> > b/drivers/crypto/octeontx2/meson.build
> > index 67deca3..a531799 100644
> > --- a/drivers/crypto/octeontx2/meson.build
> > +++ b/drivers/crypto/octeontx2/meson.build
> > @@ -9,6 +9,7 @@ deps += ['bus_pci']
> > deps += ['common_cpt']
> > deps += ['common_octeontx2']
> > deps += ['ethdev']
> > +deps += ['security']
> > name = 'octeontx2_crypto'
> >
> > allow_experimental_apis = true
> > @@ -32,5 +33,6 @@ endforeach
> >
> > includes += include_directories('../../common/cpt')
> > includes += include_directories('../../common/octeontx2')
> > +includes += include_directories('../../crypto/octeontx2')
>
> Same here.
>
> > includes += include_directories('../../mempool/octeontx2')
> > includes += include_directories('../../net/octeontx2')
> > diff --git a/drivers/event/octeontx2/Makefile
> > b/drivers/event/octeontx2/Makefile
> > index 6dab69c..bcd22ee 100644
> > --- a/drivers/event/octeontx2/Makefile
> > +++ b/drivers/event/octeontx2/Makefile
> > @@ -11,6 +11,7 @@ LIB = librte_pmd_octeontx2_event.a
> >
> > CFLAGS += $(WERROR_FLAGS)
> > CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
> > +CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
> > CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
> > CFLAGS += -I$(RTE_SDK)/drivers/event/octeontx2
> > CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
> > diff --git a/drivers/event/octeontx2/meson.build
> > b/drivers/event/octeontx2/meson.build
> > index 807818b..56febb8 100644
> > --- a/drivers/event/octeontx2/meson.build
> > +++ b/drivers/event/octeontx2/meson.build
> > @@ -32,3 +32,5 @@ foreach flag: extra_flags endforeach
> >
> > deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2',
> > 'pmd_octeontx2']
> > +
> > +includes += include_directories('../../crypto/octeontx2')
@@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a
CFLAGS += $(WERROR_FLAGS)
LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring
-LDLIBS += -lrte_cryptodev
+LDLIBS += -lrte_cryptodev -lrte_security
LDLIBS += -lrte_pci -lrte_bus_pci
LDLIBS += -lrte_common_cpt -lrte_common_octeontx2
@@ -20,6 +20,7 @@ VPATH += $(RTE_SDK)/drivers/crypto/octeontx2
CFLAGS += -O3
CFLAGS += -I$(RTE_SDK)/drivers/common/cpt
CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
+CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
CFLAGS += -DALLOW_EXPERIMENTAL_API
@@ -9,6 +9,7 @@ deps += ['bus_pci']
deps += ['common_cpt']
deps += ['common_octeontx2']
deps += ['ethdev']
+deps += ['security']
name = 'octeontx2_crypto'
allow_experimental_apis = true
@@ -32,5 +33,6 @@ endforeach
includes += include_directories('../../common/cpt')
includes += include_directories('../../common/octeontx2')
+includes += include_directories('../../crypto/octeontx2')
includes += include_directories('../../mempool/octeontx2')
includes += include_directories('../../net/octeontx2')
@@ -11,6 +11,7 @@ LIB = librte_pmd_octeontx2_event.a
CFLAGS += $(WERROR_FLAGS)
CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2
+CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2
CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2
CFLAGS += -I$(RTE_SDK)/drivers/event/octeontx2
CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2
@@ -32,3 +32,5 @@ foreach flag: extra_flags
endforeach
deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2', 'pmd_octeontx2']
+
+includes += include_directories('../../crypto/octeontx2')
@@ -5,6 +5,12 @@
#ifndef __OTX2_RX_H__
#define __OTX2_RX_H__
+#include <rte_ether.h>
+
+#include "otx2_common.h"
+#include "otx2_ethdev_sec.h"
+#include "otx2_ipsec_fp.h"
+
/* Default mark value used when none is provided. */
#define OTX2_FLOW_ACTION_FLAG_DEFAULT 0xffff
@@ -31,6 +37,12 @@
#define NIX_RX_MULTI_SEG_F BIT(15)
#define NIX_TIMESYNC_RX_OFFSET 8
+/* Inline IPsec offsets */
+
+#define INLINE_INB_RPTR_HDR 16
+/* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */
+#define INLINE_CPT_RESULT_OFFSET 80
+
struct otx2_timesync_info {
uint64_t rx_tstamp;
rte_iova_t tx_tstamp_iova;
@@ -190,6 +202,60 @@ nix_cqe_xtract_mseg(const struct nix_rx_parse_s *rx,
}
}
+static __rte_always_inline uint16_t
+nix_rx_sec_cptres_get(const void *cq)
+{
+ volatile const struct otx2_cpt_res *res;
+
+ res = (volatile const struct otx2_cpt_res *)((const char *)cq +
+ INLINE_CPT_RESULT_OFFSET);
+
+ return res->u16[0];
+}
+
+static __rte_always_inline void *
+nix_rx_sec_sa_get(const void * const lookup_mem, int spi, uint16_t port)
+{
+ const uint64_t *const *sa_tbl = (const uint64_t * const *)
+ ((const uint8_t *)lookup_mem + OTX2_NIX_SA_TBL_START);
+
+ return (void *)sa_tbl[port][spi];
+}
+
+static __rte_always_inline uint64_t
+nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
+ const void * const lookup_mem)
+{
+ struct otx2_ipsec_fp_in_sa *sa;
+ struct rte_ipv4_hdr *ipv4;
+ uint16_t m_len;
+ uint32_t spi;
+ char *data;
+
+ if (unlikely(nix_rx_sec_cptres_get(cq) != OTX2_SEC_COMP_GOOD))
+ return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
+
+ /* 20 bits of tag would have the SPI */
+ spi = cq->tag & 0xFFFFF;
+
+ sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port);
+ m->udata64 = (uint64_t)sa->userdata;
+
+ data = rte_pktmbuf_mtod(m, char *);
+ memcpy(data + INLINE_INB_RPTR_HDR, data, RTE_ETHER_HDR_LEN);
+
+ m->data_off += INLINE_INB_RPTR_HDR;
+
+ ipv4 = (struct rte_ipv4_hdr *)(data + INLINE_INB_RPTR_HDR +
+ RTE_ETHER_HDR_LEN);
+
+ m_len = rte_be_to_cpu_16(ipv4->total_length) + RTE_ETHER_HDR_LEN;
+
+ m->data_len = m_len;
+ m->pkt_len = m_len;
+ return PKT_RX_SEC_OFFLOAD;
+}
+
static __rte_always_inline void
otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag,
struct rte_mbuf *mbuf, const void *lookup_mem,
@@ -231,6 +297,13 @@ otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq, const uint32_t tag,
if (flag & NIX_RX_OFFLOAD_MARK_UPDATE_F)
ol_flags = nix_update_match_id(rx->match_id, ol_flags, mbuf);
+ if (cq->cqe_type == NIX_XQE_TYPE_RX_IPSECH) {
+ *(uint64_t *)(&mbuf->rearm_data) = val;
+ ol_flags |= nix_rx_sec_mbuf_update(cq, mbuf, lookup_mem);
+ mbuf->ol_flags = ol_flags;
+ return;
+ }
+
mbuf->ol_flags = ol_flags;
*(uint64_t *)(&mbuf->rearm_data) = val;
mbuf->pkt_len = len;