From patchwork Thu May 12 09:17:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raja Zidane X-Patchwork-Id: 111054 X-Patchwork-Delegate: rasland@nvidia.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C95B0A0032; Thu, 12 May 2022 11:17:38 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7598B40E64; Thu, 12 May 2022 11:17:38 +0200 (CEST) Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2085.outbound.protection.outlook.com [40.107.243.85]) by mails.dpdk.org (Postfix) with ESMTP id 6384B4014F for ; Thu, 12 May 2022 11:17:37 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CMoBoToeez0HKGaJ0GqvT+nyEHP74N11ejf8f6gVhmULY3QaMCBsWyTSuLxtNpkO71Dhqb+CBXPLKqfM2tP4Zun8OhiInw/NV9WEliZHBPzNapui0lwONrue3fYIFJZ6PTE+SBzarMgWan0kqDkn0I+I9+pPQ0gZXBq8NQsyB+L2W3yqryXsiXNw4fOdOVAnrpwjiT/rl+YxES5O7ebSeq5LTo/4sZwDpP91O3guIvS4fePp+GafGSPgITLhc4AZ72Usc/a1rlAh7b9PwgQHDt/cedEeIQEHsIw3amQe+rGKYdsiUJvglvvhbJiq3ry0FyKw3c5hQ1jvP0DnkYiQAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RjI+gRjaZZwDUvTwD1PUbh+P4/naz0Pp6xwD6kNoxSo=; b=oebzWHh6QjdFhbIANxdKy34Mi2yr7n3vyWRGsnUZGt5kb7zOwk+G+eo1SJLQLhqRiwgVfFMMnHu7HMdYdFXFImgXs8NDRA/bpgoQUd8WNxnF7BaRTUyxasZgyQYbwgmK5cTKufBcQZH2ukHvQglzYxAWBm28hHG3hnBYQ5p3OQq6axBb+MfuF1O2szhPezLEzqzmdXtFDr9PlYfFMa1nZZowQVHpjAsndWKAuWWuwigMOpiPFjmafw9zDqVYrgX/MxyDXhQrJDZsD+T3tuc9EajP5cSDE/pH1p3YtwVU/oPc3jli1mA7YhNqp2PHmED4190z/OtLkKEkK95q1RDBgw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.234) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RjI+gRjaZZwDUvTwD1PUbh+P4/naz0Pp6xwD6kNoxSo=; b=QVgTh6ugIMkrrmruOeGbuloHJbOTwEpR0wWYMlpzTjFXKDVAYEmK7VY+5e0d33KqvoZqLpMngbxMht5d6PsgnyH496VBv8yMKAiU6J7FKjVT/Ca+xFsLOSPUJ1rY5GN/0SGJ9HKUA5MgAq/Qdsu9/yl+L1O+un67OxRBQul0MGNInZnJ+yC73Fr0ILzyUg1i0T1ak1megaid/nczQ1C09Ms4VEpe6G+hebKjqDA2xuYPJLhqc/jfCs5efIn5Faj8I9PvPhvPiJOuYJCabINXM6PuoYz4iNPZNQge9xQSADF7VdXxxszw38E/W+VvCFSl9x9OabsjHcPQuEJgblIBOQ== Received: from DS7PR03CA0331.namprd03.prod.outlook.com (2603:10b6:8:55::26) by BYAPR12MB3176.namprd12.prod.outlook.com (2603:10b6:a03:134::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.23; Thu, 12 May 2022 09:17:33 +0000 Received: from DM6NAM11FT034.eop-nam11.prod.protection.outlook.com (2603:10b6:8:55:cafe::e7) by DS7PR03CA0331.outlook.office365.com (2603:10b6:8:55::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14 via Frontend Transport; Thu, 12 May 2022 09:17:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.234) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.234 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.234; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.234) by DM6NAM11FT034.mail.protection.outlook.com (10.13.173.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5250.13 via Frontend Transport; Thu, 12 May 2022 09:17:33 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL101.nvidia.com (10.27.9.10) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Thu, 12 May 2022 09:17:32 +0000 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Thu, 12 May 2022 02:17:31 -0700 From: Raja Zidane To: CC: Subject: [PATCH V5] net/mlx5: support ESP SPI match and RSS hash Date: Thu, 12 May 2022 12:17:11 +0300 Message-ID: <20220512091711.16894-1-rzidane@nvidia.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20220428154328.8155-1-rzidane@nvidia.com> References: <20220428154328.8155-1-rzidane@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e32efc0c-7391-408e-80b6-08da33f83f4b X-MS-TrafficTypeDiagnostic: BYAPR12MB3176:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mYkgSetAbeavRvZAu1ifA6sRMB85eXbVKhLFhhIsz7WiGRVxJYnVHOuL1AbEPiQv7FKq+qmdpGOkR/b3Ede6OBrB25HCvKEWE1ro+7iWS/n1qgp0gHwwjRUcHgWswEi8II/hxBHacKnrmMoO1Hdw6y5fHQ5YE8owHbGsfkAwRBaDp/t8y5U5Tueq/Li3uKpkQJk3mEeBjEK/uM2OsJWlysVAvI9yuC4bPKhBpxYkOtsHj9sx8dHFqsXV3OrUdIYjaXK2Qz0Usz5OGFNCp5i0v4mf2BXDKEbbd4sqfWOZYIB4Q1H9LwTuS6OI2LN5sJIhFywECOIxGYbFccWv42GNC77M9IxiQaaHleOjAHk9kKhSsMuN5UZgrLwq4gBVItpa82on+IZPK66PQxvvRQjQMvVZr+4AEdOWMpPVpdylfxp+BwRM1jMDM6+yf+aN37wuabu+hkAt+SGRtopaH9rWM7j3XcYijVvj5jogIfGzVvmsAfuhV9x1uEJWEyZbZVQ6tmA14oZm6b4dHSLphror3SQx8bWEiBbdhueBRwIT7Q7sdGkRky11DLx8f31DZeW2fsdmYvKF82EaEkdE6AoduCsCsbbD02lg9eyv2JQOw+ZXGRD8DJEYfQjiynXJbu1U5taXeGBF0K+ExDbM6kj6c6BGE2MhJuZkE5xrejKCVMz6cICkXYgde+JndxCo7JvzNzz3ohJvWB+hbs1AA4Qv5g== X-Forefront-Antispam-Report: CIP:12.22.5.234; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(46966006)(36840700001)(16526019)(7696005)(186003)(30864003)(36860700001)(356005)(83380400001)(6286002)(2616005)(26005)(2906002)(107886003)(1076003)(36756003)(55016003)(82310400005)(47076005)(40460700003)(336012)(426003)(66574015)(5660300002)(6666004)(8936002)(86362001)(6916009)(70586007)(70206006)(8676002)(81166007)(4326008)(316002)(508600001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2022 09:17:33.1134 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e32efc0c-7391-408e-80b6-08da33f83f4b X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.234]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT034.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3176 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org In packets with ESP header, The Inner IP will be encrypted, and its fields cannot be used for RSS hashing. So, ESP packets can be hashed only by the outer IP layer. So, when using RSS on ESP packets, hashing may not be efficient, because the fields used by the hash functions are only the Outer IPs, causing all traffic belonging to all tunnels between a given pair of GWs to land on one core. Adding the SPI hash field can extend the spreading of IPSec packets. support matching on ESP SPI. Support RSS on ESP header by hashing SPI field. Signed-off-by: Raja Zidane Acked-by: Matan Azrad --- V2: added doc. V3: fixed checkpatch. V4: rebase V5: rebase and doc. doc/guides/nics/features/mlx5.ini | 1 + doc/guides/nics/mlx5.rst | 1 + doc/guides/rel_notes/release_22_07.rst | 2 + drivers/common/mlx5/linux/meson.build | 2 + drivers/common/mlx5/mlx5_prm.h | 5 +- drivers/net/mlx5/mlx5_defs.h | 2 +- drivers/net/mlx5/mlx5_devx.c | 4 +- drivers/net/mlx5/mlx5_flow.c | 84 +++++++++++++++++++++++- drivers/net/mlx5/mlx5_flow.h | 20 ++++++ drivers/net/mlx5/mlx5_flow_dv.c | 88 +++++++++++++++++++++++++- 10 files changed, 204 insertions(+), 5 deletions(-) diff --git a/doc/guides/nics/features/mlx5.ini b/doc/guides/nics/features/mlx5.ini index fb5993124d..5738f35324 100644 --- a/doc/guides/nics/features/mlx5.ini +++ b/doc/guides/nics/features/mlx5.ini @@ -56,6 +56,7 @@ Usage doc = Y [rte_flow items] conntrack = Y ecpri = Y +esp = Y eth = Y flex = Y geneve = Y diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst index 4805d08a76..a0b9284c0f 100644 --- a/doc/guides/nics/mlx5.rst +++ b/doc/guides/nics/mlx5.rst @@ -81,6 +81,7 @@ Features - Matching on IPv4 Internet Header Length (IHL). - Matching on GTP extension header with raw encap/decap action. - Matching on Geneve TLV option header with raw encap/decap action. +- Matching on ESP header SPI field. - RSS support in sample action. - E-Switch mirroring and jump. - E-Switch mirroring and modify. diff --git a/doc/guides/rel_notes/release_22_07.rst b/doc/guides/rel_notes/release_22_07.rst index 9a8465dc15..bc829062bc 100644 --- a/doc/guides/rel_notes/release_22_07.rst +++ b/doc/guides/rel_notes/release_22_07.rst @@ -69,6 +69,8 @@ New Features * Added support for promiscuous mode on Windows. * Added support for MTU on Windows. + * Added new item (ESP). + * Added RSS for ESP. Removed Items diff --git a/drivers/common/mlx5/linux/meson.build b/drivers/common/mlx5/linux/meson.build index ed48245c67..5335f5b027 100644 --- a/drivers/common/mlx5/linux/meson.build +++ b/drivers/common/mlx5/linux/meson.build @@ -72,6 +72,8 @@ has_member_args = [ # [ "MACRO to define if found", "header for the search", # "symbol to search" ] has_sym_args = [ + [ 'HAVE_IBV_RX_HASH_IPSEC_SPI', 'infiniband/verbs.h', + 'IBV_RX_HASH_IPSEC_SPI' ], [ 'HAVE_IBV_RELAXED_ORDERING', 'infiniband/verbs.h', 'IBV_ACCESS_RELAXED_ORDERING ' ], [ 'HAVE_IBV_DEVICE_STRIDING_RQ_SUPPORT', 'infiniband/mlx5dv.h', diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h index 44b18225f6..630b2c5100 100644 --- a/drivers/common/mlx5/mlx5_prm.h +++ b/drivers/common/mlx5/mlx5_prm.h @@ -899,7 +899,10 @@ struct mlx5_ifc_fte_match_set_misc_bits { u8 reserved_at_120[0xa]; u8 geneve_opt_len[0x6]; u8 geneve_protocol_type[0x10]; - u8 reserved_at_140[0xc0]; + u8 reserved_at_140[0x20]; + u8 inner_esp_spi[0x20]; + u8 outer_esp_spi[0x20]; + u8 reserved_at_1a0[0x60]; }; struct mlx5_ifc_ipv4_layout_bits { diff --git a/drivers/net/mlx5/mlx5_defs.h b/drivers/net/mlx5/mlx5_defs.h index 15728fb41f..f5c6f23d56 100644 --- a/drivers/net/mlx5/mlx5_defs.h +++ b/drivers/net/mlx5/mlx5_defs.h @@ -90,7 +90,7 @@ /* Supported RSS */ #define MLX5_RSS_HF_MASK (~(RTE_ETH_RSS_IP | RTE_ETH_RSS_UDP | RTE_ETH_RSS_TCP | \ - MLX5_RSS_SRC_DST_ONLY)) + MLX5_RSS_SRC_DST_ONLY | RTE_ETH_RSS_ESP)) /* Timeout in seconds to get a valid link status. */ #define MLX5_LINK_STATUS_TIMEOUT 10 diff --git a/drivers/net/mlx5/mlx5_devx.c b/drivers/net/mlx5/mlx5_devx.c index 03c0fac32f..4b48f9433a 100644 --- a/drivers/net/mlx5/mlx5_devx.c +++ b/drivers/net/mlx5/mlx5_devx.c @@ -765,7 +765,9 @@ mlx5_devx_tir_attr_set(struct rte_eth_dev *dev, const uint8_t *rss_key, (!!(hash_fields & MLX5_L4_SRC_IBV_RX_HASH)) << MLX5_RX_HASH_FIELD_SELECT_SELECTED_FIELDS_L4_SPORT | (!!(hash_fields & MLX5_L4_DST_IBV_RX_HASH)) << - MLX5_RX_HASH_FIELD_SELECT_SELECTED_FIELDS_L4_DPORT; + MLX5_RX_HASH_FIELD_SELECT_SELECTED_FIELDS_L4_DPORT | + (!!(hash_fields & IBV_RX_HASH_IPSEC_SPI)) << + MLX5_RX_HASH_FIELD_SELECT_SELECTED_FIELDS_IPSEC_SPI; } if (is_hairpin) tir_attr->transport_domain = priv->sh->td->id; diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index f5bdf661b0..de0c15fef6 100644 --- a/drivers/net/mlx5/mlx5_flow.c +++ b/drivers/net/mlx5/mlx5_flow.c @@ -149,6 +149,7 @@ mlx5_flow_is_rss_expandable_item(const struct rte_flow_item *item) case RTE_FLOW_ITEM_TYPE_IPV6: case RTE_FLOW_ITEM_TYPE_UDP: case RTE_FLOW_ITEM_TYPE_TCP: + case RTE_FLOW_ITEM_TYPE_ESP: case RTE_FLOW_ITEM_TYPE_VXLAN: case RTE_FLOW_ITEM_TYPE_NVGRE: case RTE_FLOW_ITEM_TYPE_GRE: @@ -214,6 +215,9 @@ mlx5_inet_proto_to_item_type(uint8_t proto_spec, uint8_t proto_mask) case IPPROTO_IPV6: type = RTE_FLOW_ITEM_TYPE_IPV6; break; + case IPPROTO_ESP: + type = RTE_FLOW_ITEM_TYPE_ESP; + break; default: type = RTE_FLOW_ITEM_TYPE_END; } @@ -558,9 +562,11 @@ enum mlx5_expansion { MLX5_EXPANSION_OUTER_IPV4, MLX5_EXPANSION_OUTER_IPV4_UDP, MLX5_EXPANSION_OUTER_IPV4_TCP, + MLX5_EXPANSION_OUTER_IPV4_ESP, MLX5_EXPANSION_OUTER_IPV6, MLX5_EXPANSION_OUTER_IPV6_UDP, MLX5_EXPANSION_OUTER_IPV6_TCP, + MLX5_EXPANSION_OUTER_IPV6_ESP, MLX5_EXPANSION_VXLAN, MLX5_EXPANSION_STD_VXLAN, MLX5_EXPANSION_L3_VXLAN, @@ -574,9 +580,11 @@ enum mlx5_expansion { MLX5_EXPANSION_IPV4, MLX5_EXPANSION_IPV4_UDP, MLX5_EXPANSION_IPV4_TCP, + MLX5_EXPANSION_IPV4_ESP, MLX5_EXPANSION_IPV6, MLX5_EXPANSION_IPV6_UDP, MLX5_EXPANSION_IPV6_TCP, + MLX5_EXPANSION_IPV6_ESP, MLX5_EXPANSION_IPV6_FRAG_EXT, MLX5_EXPANSION_GTP, MLX5_EXPANSION_GENEVE, @@ -611,6 +619,7 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT (MLX5_EXPANSION_OUTER_IPV4_UDP, MLX5_EXPANSION_OUTER_IPV4_TCP, + MLX5_EXPANSION_OUTER_IPV4_ESP, MLX5_EXPANSION_GRE, MLX5_EXPANSION_NVGRE, MLX5_EXPANSION_IPV4, @@ -632,10 +641,15 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .type = RTE_FLOW_ITEM_TYPE_TCP, .rss_types = RTE_ETH_RSS_NONFRAG_IPV4_TCP, }, + [MLX5_EXPANSION_OUTER_IPV4_ESP] = { + .type = RTE_FLOW_ITEM_TYPE_ESP, + .rss_types = RTE_ETH_RSS_ESP, + }, [MLX5_EXPANSION_OUTER_IPV6] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT (MLX5_EXPANSION_OUTER_IPV6_UDP, MLX5_EXPANSION_OUTER_IPV6_TCP, + MLX5_EXPANSION_OUTER_IPV6_ESP, MLX5_EXPANSION_IPV4, MLX5_EXPANSION_IPV6, MLX5_EXPANSION_GRE, @@ -657,6 +671,10 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .type = RTE_FLOW_ITEM_TYPE_TCP, .rss_types = RTE_ETH_RSS_NONFRAG_IPV6_TCP, }, + [MLX5_EXPANSION_OUTER_IPV6_ESP] = { + .type = RTE_FLOW_ITEM_TYPE_ESP, + .rss_types = RTE_ETH_RSS_ESP, + }, [MLX5_EXPANSION_VXLAN] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT(MLX5_EXPANSION_ETH, MLX5_EXPANSION_IPV4, @@ -716,7 +734,8 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { }, [MLX5_EXPANSION_IPV4] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT(MLX5_EXPANSION_IPV4_UDP, - MLX5_EXPANSION_IPV4_TCP), + MLX5_EXPANSION_IPV4_TCP, + MLX5_EXPANSION_IPV4_ESP), .type = RTE_FLOW_ITEM_TYPE_IPV4, .rss_types = RTE_ETH_RSS_IPV4 | RTE_ETH_RSS_FRAG_IPV4 | RTE_ETH_RSS_NONFRAG_IPV4_OTHER, @@ -729,9 +748,14 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .type = RTE_FLOW_ITEM_TYPE_TCP, .rss_types = RTE_ETH_RSS_NONFRAG_IPV4_TCP, }, + [MLX5_EXPANSION_IPV4_ESP] = { + .type = RTE_FLOW_ITEM_TYPE_ESP, + .rss_types = RTE_ETH_RSS_ESP, + }, [MLX5_EXPANSION_IPV6] = { .next = MLX5_FLOW_EXPAND_RSS_NEXT(MLX5_EXPANSION_IPV6_UDP, MLX5_EXPANSION_IPV6_TCP, + MLX5_EXPANSION_IPV6_ESP, MLX5_EXPANSION_IPV6_FRAG_EXT), .type = RTE_FLOW_ITEM_TYPE_IPV6, .rss_types = RTE_ETH_RSS_IPV6 | RTE_ETH_RSS_FRAG_IPV6 | @@ -745,6 +769,10 @@ static const struct mlx5_flow_expand_node mlx5_support_expansion[] = { .type = RTE_FLOW_ITEM_TYPE_TCP, .rss_types = RTE_ETH_RSS_NONFRAG_IPV6_TCP, }, + [MLX5_EXPANSION_IPV6_ESP] = { + .type = RTE_FLOW_ITEM_TYPE_ESP, + .rss_types = RTE_ETH_RSS_ESP, + }, [MLX5_EXPANSION_IPV6_FRAG_EXT] = { .type = RTE_FLOW_ITEM_TYPE_IPV6_FRAG_EXT, }, @@ -2618,6 +2646,60 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item, return 0; } +/** + * Validate ESP item. + * + * @param[in] item + * Item specification. + * @param[in] item_flags + * Bit-fields that holds the items detected until now. + * @param[in] target_protocol + * The next protocol in the previous item. + * @param[out] error + * Pointer to error structure. + * + * @return + * 0 on success, a negative errno value otherwise and rte_errno is set. + */ +int +mlx5_flow_validate_item_esp(const struct rte_flow_item *item, + uint64_t item_flags, + uint8_t target_protocol, + struct rte_flow_error *error) +{ + const struct rte_flow_item_esp *mask = item->mask; + const int tunnel = !!(item_flags & MLX5_FLOW_LAYER_TUNNEL); + const uint64_t l3m = tunnel ? MLX5_FLOW_LAYER_INNER_L3 : + MLX5_FLOW_LAYER_OUTER_L3; + const uint64_t l4m = tunnel ? MLX5_FLOW_LAYER_INNER_L4 : + MLX5_FLOW_LAYER_OUTER_L4; + int ret; + + if (!(item_flags & l3m)) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, item, + "L3 is mandatory to filter on L4"); + if (item_flags & l4m) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, item, + "multiple L4 layers not supported"); + if (target_protocol != 0xff && target_protocol != IPPROTO_ESP) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, item, + "protocol filtering not compatible" + " with ESP layer"); + if (!mask) + mask = &rte_flow_item_esp_mask; + ret = mlx5_flow_item_acceptable + (item, (const uint8_t *)mask, + (const uint8_t *)&rte_flow_item_esp_mask, + sizeof(struct rte_flow_item_esp), MLX5_ITEM_RANGE_NOT_ACCEPTED, + error); + if (ret < 0) + return ret; + return 0; +} + /** * Validate UDP item. * diff --git a/drivers/net/mlx5/mlx5_flow.h b/drivers/net/mlx5/mlx5_flow.h index f56115dd11..fcb05abced 100644 --- a/drivers/net/mlx5/mlx5_flow.h +++ b/drivers/net/mlx5/mlx5_flow.h @@ -186,6 +186,9 @@ enum mlx5_feature_name { #define MLX5_FLOW_ITEM_INNER_FLEX (UINT64_C(1) << 38) #define MLX5_FLOW_ITEM_FLEX_TUNNEL (UINT64_C(1) << 39) +/* ESP item */ +#define MLX5_FLOW_ITEM_ESP (UINT64_C(1) << 40) + /* Outer Masks. */ #define MLX5_FLOW_LAYER_OUTER_L3 \ (MLX5_FLOW_LAYER_OUTER_L3_IPV4 | MLX5_FLOW_LAYER_OUTER_L3_IPV6) @@ -1185,6 +1188,16 @@ struct rte_flow_template_table { (MLX5_RSS_HASH_IPV6 | IBV_RX_HASH_SRC_PORT_TCP) #define MLX5_RSS_HASH_IPV6_TCP_DST_ONLY \ (MLX5_RSS_HASH_IPV6 | IBV_RX_HASH_DST_PORT_TCP) + +#ifndef HAVE_IBV_RX_HASH_IPSEC_SPI +#define IBV_RX_HASH_IPSEC_SPI (1U << 8) +#endif + +#define MLX5_RSS_HASH_ESP_SPI IBV_RX_HASH_IPSEC_SPI +#define MLX5_RSS_HASH_IPV4_ESP (MLX5_RSS_HASH_IPV4 | \ + MLX5_RSS_HASH_ESP_SPI) +#define MLX5_RSS_HASH_IPV6_ESP (MLX5_RSS_HASH_IPV6 | \ + MLX5_RSS_HASH_ESP_SPI) #define MLX5_RSS_HASH_NONE 0ULL @@ -1200,9 +1213,12 @@ static const uint64_t mlx5_rss_hash_fields[] = { MLX5_RSS_HASH_IPV4, MLX5_RSS_HASH_IPV4_TCP, MLX5_RSS_HASH_IPV4_UDP, + MLX5_RSS_HASH_IPV4_ESP, MLX5_RSS_HASH_IPV6, MLX5_RSS_HASH_IPV6_TCP, MLX5_RSS_HASH_IPV6_UDP, + MLX5_RSS_HASH_IPV6_ESP, + MLX5_RSS_HASH_ESP_SPI, MLX5_RSS_HASH_NONE, }; @@ -1812,6 +1828,10 @@ int mlx5_flow_validate_item_tcp(const struct rte_flow_item *item, uint8_t target_protocol, const struct rte_flow_item_tcp *flow_mask, struct rte_flow_error *error); +int mlx5_flow_validate_item_esp(const struct rte_flow_item *item, + uint64_t item_flags, + uint8_t target_protocol, + struct rte_flow_error *error); int mlx5_flow_validate_item_udp(const struct rte_flow_item *item, uint64_t item_flags, uint8_t target_protocol, diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index f9c56204c4..9a0102abb5 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -6956,6 +6956,14 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr, switch (type) { case RTE_FLOW_ITEM_TYPE_VOID: break; + case RTE_FLOW_ITEM_TYPE_ESP: + ret = mlx5_flow_validate_item_esp(items, item_flags, + next_protocol, + error); + if (ret < 0) + return ret; + last_item = MLX5_FLOW_ITEM_ESP; + break; case RTE_FLOW_ITEM_TYPE_PORT_ID: ret = flow_dv_validate_item_port_id (dev, items, attr, item_flags, error); @@ -8730,6 +8738,58 @@ flow_dv_translate_item_tcp(void *matcher, void *key, (tcp_v->hdr.tcp_flags & tcp_m->hdr.tcp_flags)); } +/** + * Add ESP item to matcher and to the value. + * + * @param[in, out] matcher + * Flow matcher. + * @param[in, out] key + * Flow matcher value. + * @param[in] item + * Flow pattern to translate. + * @param[in] inner + * Item is inner pattern. + */ +static void +flow_dv_translate_item_esp(void *matcher, void *key, + const struct rte_flow_item *item, + int inner) +{ + const struct rte_flow_item_esp *esp_m = item->mask; + const struct rte_flow_item_esp *esp_v = item->spec; + void *headers_m; + void *headers_v; + char *spi_m; + char *spi_v; + + if (inner) { + headers_m = MLX5_ADDR_OF(fte_match_param, matcher, + inner_headers); + headers_v = MLX5_ADDR_OF(fte_match_param, key, inner_headers); + } else { + headers_m = MLX5_ADDR_OF(fte_match_param, matcher, + outer_headers); + headers_v = MLX5_ADDR_OF(fte_match_param, key, outer_headers); + } + MLX5_SET(fte_match_set_lyr_2_4, headers_m, ip_protocol, 0xff); + MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_protocol, IPPROTO_ESP); + if (!esp_v) + return; + if (!esp_m) + esp_m = &rte_flow_item_esp_mask; + headers_m = MLX5_ADDR_OF(fte_match_param, matcher, misc_parameters); + headers_v = MLX5_ADDR_OF(fte_match_param, key, misc_parameters); + if (inner) { + spi_m = MLX5_ADDR_OF(fte_match_set_misc, headers_m, inner_esp_spi); + spi_v = MLX5_ADDR_OF(fte_match_set_misc, headers_v, inner_esp_spi); + } else { + spi_m = MLX5_ADDR_OF(fte_match_set_misc, headers_m, outer_esp_spi); + spi_v = MLX5_ADDR_OF(fte_match_set_misc, headers_v, outer_esp_spi); + } + *(uint32_t *)spi_m = esp_m->hdr.spi; + *(uint32_t *)spi_v = esp_m->hdr.spi & esp_v->hdr.spi; +} + /** * Add UDP item to matcher and to the value. * @@ -11189,12 +11249,18 @@ flow_dv_hashfields_set(uint64_t item_flags, fields |= MLX5_IPV6_IBV_RX_HASH; } } - if (fields == 0) + if (items & MLX5_FLOW_ITEM_ESP) { + if (rss_types & RTE_ETH_RSS_ESP) + fields |= IBV_RX_HASH_IPSEC_SPI; + } + if ((fields & ~IBV_RX_HASH_IPSEC_SPI) == 0) { + *hash_fields = fields; /* * There is no match between the RSS types and the * L3 protocol (IPv4/IPv6) defined in the flow rule. */ return; + } if ((rss_inner && (items & MLX5_FLOW_LAYER_INNER_L4_UDP)) || (!rss_inner && (items & MLX5_FLOW_LAYER_OUTER_L4_UDP)) || !items) { @@ -13539,6 +13605,11 @@ flow_dv_translate(struct rte_eth_dev *dev, RTE_FLOW_ERROR_TYPE_ITEM, NULL, "item not supported"); switch (item_type) { + case RTE_FLOW_ITEM_TYPE_ESP: + flow_dv_translate_item_esp(match_mask, match_value, + items, tunnel); + last_item = MLX5_FLOW_ITEM_ESP; + break; case RTE_FLOW_ITEM_TYPE_PORT_ID: flow_dv_translate_item_port_id (dev, match_mask, match_value, items, attr); @@ -14008,6 +14079,15 @@ __flow_dv_action_rss_hrxq_set(struct mlx5_shared_action_rss *action, case MLX5_RSS_HASH_NONE: hrxqs[6] = hrxq_idx; return 0; + case MLX5_RSS_HASH_IPV4_ESP: + hrxqs[7] = hrxq_idx; + return 0; + case MLX5_RSS_HASH_IPV6_ESP: + hrxqs[8] = hrxq_idx; + return 0; + case MLX5_RSS_HASH_ESP_SPI: + hrxqs[9] = hrxq_idx; + return 0; default: return -1; } @@ -14077,6 +14157,12 @@ flow_dv_action_rss_hrxq_lookup(struct rte_eth_dev *dev, uint32_t idx, return hrxqs[5]; case MLX5_RSS_HASH_NONE: return hrxqs[6]; + case MLX5_RSS_HASH_IPV4_ESP: + return hrxqs[7]; + case MLX5_RSS_HASH_IPV6_ESP: + return hrxqs[8]; + case MLX5_RSS_HASH_ESP_SPI: + return hrxqs[9]; default: return 0; }