[v4,1/5] net/mlx5/hws: support NAT64 action

Message ID 20240228150913.32603-2-bingz@nvidia.com (mailing list archive)
State Accepted, archived
Delegated to: Raslan Darawsheh
Headers
Series NAT64 support in mlx5 PMD |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Bing Zhao Feb. 28, 2024, 3:09 p.m. UTC
From: Erez Shitrit <erezsh@nvidia.com>

Add support of new action mlx5dr_action_create_nat64.
The new action allows to modify IP packets from version to version, IPV6
to IPV4 and vice versa.

Signed-off-by: Erez Shitrit <erezsh@nvidia.com>
Signed-off-by: Bing Zhao <bingz@nvidia.com>
---
 drivers/net/mlx5/hws/mlx5dr.h        |  29 ++
 drivers/net/mlx5/hws/mlx5dr_action.c | 436 ++++++++++++++++++++++++++-
 drivers/net/mlx5/hws/mlx5dr_action.h |  35 +++
 drivers/net/mlx5/hws/mlx5dr_debug.c  |   1 +
 4 files changed, 500 insertions(+), 1 deletion(-)
  

Patch

diff --git a/drivers/net/mlx5/hws/mlx5dr.h b/drivers/net/mlx5/hws/mlx5dr.h
index d612f300c6..8441ae97e9 100644
--- a/drivers/net/mlx5/hws/mlx5dr.h
+++ b/drivers/net/mlx5/hws/mlx5dr.h
@@ -51,6 +51,7 @@  enum mlx5dr_action_type {
 	MLX5DR_ACTION_TYP_DEST_ARRAY,
 	MLX5DR_ACTION_TYP_POP_IPV6_ROUTE_EXT,
 	MLX5DR_ACTION_TYP_PUSH_IPV6_ROUTE_EXT,
+	MLX5DR_ACTION_TYP_NAT64,
 	MLX5DR_ACTION_TYP_MAX,
 };
 
@@ -868,6 +869,34 @@  mlx5dr_action_create_reformat_ipv6_ext(struct mlx5dr_context *ctx,
 				       uint32_t log_bulk_size,
 				       uint32_t flags);
 
+enum mlx5dr_action_nat64_flags {
+	MLX5DR_ACTION_NAT64_V4_TO_V6 = 1 << 0,
+	MLX5DR_ACTION_NAT64_V6_TO_V4 = 1 << 1,
+	/* Indicates if to backup ipv4 addresses in last two registers */
+	MLX5DR_ACTION_NAT64_BACKUP_ADDR = 1 << 2,
+};
+
+struct mlx5dr_action_nat64_attr {
+	uint8_t num_of_registers;
+	uint8_t *registers;
+	enum mlx5dr_action_nat64_flags flags;
+};
+
+/* Create direct rule nat64 action.
+ *
+ * @param[in] ctx
+ *	The context in which the new action will be created.
+ * @param[in] attr
+ *	The relevant attribute of the NAT action.
+ * @param[in] flags
+ *	Action creation flags. (enum mlx5dr_action_flags)
+ * @return pointer to mlx5dr_action on success NULL otherwise.
+ */
+struct mlx5dr_action *
+mlx5dr_action_create_nat64(struct mlx5dr_context *ctx,
+			   struct mlx5dr_action_nat64_attr *attr,
+			   uint32_t flags);
+
 /* Destroy direct rule action.
  *
  * @param[in] action
diff --git a/drivers/net/mlx5/hws/mlx5dr_action.c b/drivers/net/mlx5/hws/mlx5dr_action.c
index 631763dee0..96cad553aa 100644
--- a/drivers/net/mlx5/hws/mlx5dr_action.c
+++ b/drivers/net/mlx5/hws/mlx5dr_action.c
@@ -31,6 +31,7 @@  static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
 		BIT(MLX5DR_ACTION_TYP_ASO_CT),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
+		BIT(MLX5DR_ACTION_TYP_NAT64),
 		BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
 		BIT(MLX5DR_ACTION_TYP_INSERT_HEADER) |
 		BIT(MLX5DR_ACTION_TYP_PUSH_IPV6_ROUTE_EXT) |
@@ -52,6 +53,7 @@  static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
 		BIT(MLX5DR_ACTION_TYP_ASO_CT),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
+		BIT(MLX5DR_ACTION_TYP_NAT64),
 		BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
 		BIT(MLX5DR_ACTION_TYP_INSERT_HEADER) |
 		BIT(MLX5DR_ACTION_TYP_PUSH_IPV6_ROUTE_EXT) |
@@ -75,6 +77,7 @@  static const uint32_t action_order_arr[MLX5DR_TABLE_TYPE_MAX][MLX5DR_ACTION_TYP_
 		BIT(MLX5DR_ACTION_TYP_ASO_CT),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
 		BIT(MLX5DR_ACTION_TYP_PUSH_VLAN),
+		BIT(MLX5DR_ACTION_TYP_NAT64),
 		BIT(MLX5DR_ACTION_TYP_MODIFY_HDR),
 		BIT(MLX5DR_ACTION_TYP_INSERT_HEADER) |
 		BIT(MLX5DR_ACTION_TYP_PUSH_IPV6_ROUTE_EXT) |
@@ -246,6 +249,310 @@  static void mlx5dr_action_put_shared_stc(struct mlx5dr_action *action,
 		mlx5dr_action_put_shared_stc_nic(ctx, stc_type, MLX5DR_TABLE_TYPE_FDB);
 }
 
+static struct mlx5dr_action *
+mlx5dr_action_create_nat64_copy_state(struct mlx5dr_context *ctx,
+				      struct mlx5dr_action_nat64_attr *attr,
+				      uint32_t flags)
+{
+	__be64 modify_action_data[MLX5DR_ACTION_NAT64_MAX_MODIFY_ACTIONS];
+	struct mlx5dr_action_mh_pattern pat[2];
+	struct mlx5dr_action *action;
+	uint32_t packet_len_field;
+	uint8_t *action_ptr;
+	uint32_t ttl_field;
+	uint32_t src_addr;
+	uint32_t dst_addr;
+	bool is_v4_to_v6;
+
+	is_v4_to_v6 = attr->flags & MLX5DR_ACTION_NAT64_V4_TO_V6;
+
+	if (is_v4_to_v6) {
+		packet_len_field = MLX5_MODI_OUT_IPV4_TOTAL_LEN;
+		ttl_field = MLX5_MODI_OUT_IPV4_TTL;
+		src_addr = MLX5_MODI_OUT_SIPV4;
+		dst_addr = MLX5_MODI_OUT_DIPV4;
+	} else {
+		packet_len_field = MLX5_MODI_OUT_IPV6_PAYLOAD_LEN;
+		ttl_field = MLX5_MODI_OUT_IPV6_HOPLIMIT;
+		src_addr = MLX5_MODI_OUT_SIPV6_31_0;
+		dst_addr = MLX5_MODI_OUT_DIPV6_31_0;
+	}
+
+	memset(modify_action_data, 0, sizeof(modify_action_data));
+	action_ptr = (uint8_t *)modify_action_data;
+
+	if (attr->flags & MLX5DR_ACTION_NAT64_BACKUP_ADDR) {
+		MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+		MLX5_SET(copy_action_in, action_ptr, src_field, src_addr);
+		MLX5_SET(copy_action_in, action_ptr, dst_field,
+			 attr->registers[MLX5DR_ACTION_NAT64_REG_SRC_IP]);
+		action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+		MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+		MLX5_SET(copy_action_in, action_ptr, src_field, dst_addr);
+		MLX5_SET(copy_action_in, action_ptr, dst_field,
+			 attr->registers[MLX5DR_ACTION_NAT64_REG_DST_IP]);
+		action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+	}
+
+	/* | 8 bit - 8 bit     - 16 bit     |
+	 * | ttl   - protocol  - packet-len |
+	 */
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+	MLX5_SET(copy_action_in, action_ptr, src_field, packet_len_field);
+	MLX5_SET(copy_action_in, action_ptr, dst_field,
+		 attr->registers[MLX5DR_ACTION_NAT64_REG_CONTROL]);
+	MLX5_SET(copy_action_in, action_ptr, dst_offset, 0);/* 16 bits in the lsb */
+	MLX5_SET(copy_action_in, action_ptr, length, 16);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_NOP);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+	MLX5_SET(copy_action_in, action_ptr, src_field, MLX5_MODI_OUT_IP_PROTOCOL);
+	MLX5_SET(copy_action_in, action_ptr, dst_field,
+		 attr->registers[MLX5DR_ACTION_NAT64_REG_CONTROL]);
+	MLX5_SET(copy_action_in, action_ptr, dst_offset, 16);
+	MLX5_SET(copy_action_in, action_ptr, length, 8);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_NOP);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+	MLX5_SET(copy_action_in, action_ptr, src_field, ttl_field);
+	MLX5_SET(copy_action_in, action_ptr, dst_field,
+		 attr->registers[MLX5DR_ACTION_NAT64_REG_CONTROL]);
+	MLX5_SET(copy_action_in, action_ptr, dst_offset, 24);
+	MLX5_SET(copy_action_in, action_ptr, length, 8);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	/* set sip and dip to 0, in order to have new csum */
+	if (is_v4_to_v6) {
+		MLX5_SET(set_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_SET);
+		MLX5_SET(set_action_in, action_ptr, field, MLX5_MODI_OUT_SIPV4);
+		MLX5_SET(set_action_in, action_ptr, data, 0);
+		action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+		MLX5_SET(set_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_SET);
+		MLX5_SET(set_action_in, action_ptr, field, MLX5_MODI_OUT_DIPV4);
+		MLX5_SET(set_action_in, action_ptr, data, 0);
+		action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+	}
+
+	pat[0].data = modify_action_data;
+	pat[0].sz = (action_ptr - (uint8_t *)modify_action_data);
+
+	action = mlx5dr_action_create_modify_header(ctx, 1, pat, 0, flags);
+	if (!action) {
+		DR_LOG(ERR, "Failed to create copy for NAT64: action_sz: %zu, flags: 0x%x\n",
+		       pat[0].sz, flags);
+		return NULL;
+	}
+
+	return action;
+}
+
+static struct mlx5dr_action *
+mlx5dr_action_create_nat64_repalce_state(struct mlx5dr_context *ctx,
+					 struct mlx5dr_action_nat64_attr *attr,
+					 uint32_t flags)
+{
+	uint32_t address_prefix[MLX5DR_ACTION_NAT64_HEADER_MINUS_ONE] = {0};
+	__be64 modify_action_data[MLX5DR_ACTION_NAT64_MAX_MODIFY_ACTIONS];
+	struct mlx5dr_action_mh_pattern pat[2];
+	static struct mlx5dr_action *action;
+	uint8_t header_size_in_dw;
+	uint8_t *action_ptr;
+	uint32_t eth_type;
+	bool is_v4_to_v6;
+	uint32_t ip_ver;
+	int i;
+
+	is_v4_to_v6 = attr->flags & MLX5DR_ACTION_NAT64_V4_TO_V6;
+
+	if (is_v4_to_v6) {
+		uint32_t nat64_well_known_pref[] = {0x00010000,
+						    0x9bff6400, 0x0, 0x0, 0x0,
+						    0x9bff6400, 0x0, 0x0, 0x0};
+
+		header_size_in_dw = MLX5DR_ACTION_NAT64_IPV6_HEADER;
+		ip_ver = MLX5DR_ACTION_NAT64_IPV6_VER;
+		eth_type = RTE_ETHER_TYPE_IPV6;
+		memcpy(address_prefix, nat64_well_known_pref,
+		       MLX5DR_ACTION_NAT64_HEADER_MINUS_ONE * sizeof(uint32_t));
+	} else {
+		header_size_in_dw = MLX5DR_ACTION_NAT64_IPV4_HEADER;
+		ip_ver = MLX5DR_ACTION_NAT64_IPV4_VER;
+		eth_type = RTE_ETHER_TYPE_IPV4;
+	}
+
+	memset(modify_action_data, 0, sizeof(modify_action_data));
+	action_ptr = (uint8_t *)modify_action_data;
+
+	MLX5_SET(set_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_SET);
+	MLX5_SET(set_action_in, action_ptr, field, MLX5_MODI_OUT_ETHERTYPE);
+	MLX5_SET(set_action_in, action_ptr, length, 16);
+	MLX5_SET(set_action_in, action_ptr, data, eth_type);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	/* push empty header with ipv6 as version */
+	MLX5_SET(stc_ste_param_insert, action_ptr, action_type,
+		 MLX5_MODIFICATION_TYPE_INSERT);
+	MLX5_SET(stc_ste_param_insert, action_ptr, inline_data, 0x1);
+	MLX5_SET(stc_ste_param_insert, action_ptr, insert_anchor,
+		 MLX5_HEADER_ANCHOR_IPV6_IPV4);
+	MLX5_SET(stc_ste_param_insert, action_ptr, insert_size, 2);
+	MLX5_SET(stc_ste_param_insert, action_ptr, insert_argument, ip_ver);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	for (i = 0; i < header_size_in_dw - 1; i++) {
+		MLX5_SET(stc_ste_param_insert, action_ptr, action_type,
+				MLX5_MODIFICATION_TYPE_INSERT);
+		MLX5_SET(stc_ste_param_insert, action_ptr, inline_data, 0x1);
+		MLX5_SET(stc_ste_param_insert, action_ptr, insert_anchor,
+				MLX5_HEADER_ANCHOR_IPV6_IPV4);
+		MLX5_SET(stc_ste_param_insert, action_ptr, insert_size, 2);
+		MLX5_SET(stc_ste_param_insert, action_ptr, insert_argument,
+			 htobe32(address_prefix[i]));
+		action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+	}
+
+	/* Remove orig src/dst addr (8 bytes, 4 words) */
+	MLX5_SET(stc_ste_param_remove, action_ptr, action_type,
+		 MLX5_MODIFICATION_TYPE_REMOVE);
+	MLX5_SET(stc_ste_param_remove, action_ptr, remove_start_anchor,
+		 MLX5_HEADER_ANCHOR_IPV6_IPV4);
+	MLX5_SET(stc_ste_param_remove, action_ptr, remove_end_anchor,
+		 MLX5_HEADER_ANCHOR_TCP_UDP);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	pat[0].data = modify_action_data;
+	pat[0].sz = action_ptr - (uint8_t *)modify_action_data;
+
+	action = mlx5dr_action_create_modify_header(ctx, 1, pat, 0, flags);
+	if (!action) {
+		DR_LOG(ERR, "Failed to create action: action_sz: %zu flags: 0x%x\n",
+		       pat[0].sz, flags);
+		return NULL;
+	}
+
+	return action;
+}
+
+static struct mlx5dr_action *
+mlx5dr_action_create_nat64_copy_back_state(struct mlx5dr_context *ctx,
+					   struct mlx5dr_action_nat64_attr *attr,
+					   uint32_t flags)
+{
+	__be64 modify_action_data[MLX5DR_ACTION_NAT64_MAX_MODIFY_ACTIONS];
+	struct mlx5dr_action_mh_pattern pat[2];
+	struct mlx5dr_action *action;
+	uint32_t packet_len_field;
+	uint32_t packet_len_add;
+	uint8_t *action_ptr;
+	uint32_t ttl_field;
+	uint32_t src_addr;
+	uint32_t dst_addr;
+	bool is_v4_to_v6;
+
+	is_v4_to_v6 = attr->flags & MLX5DR_ACTION_NAT64_V4_TO_V6;
+
+	if (is_v4_to_v6) {
+		packet_len_field = MLX5_MODI_OUT_IPV6_PAYLOAD_LEN;
+		 /* 2' comp to 20, to get -20 in add operation */
+		packet_len_add = MLX5DR_ACTION_NAT64_DEC_20;
+		ttl_field = MLX5_MODI_OUT_IPV6_HOPLIMIT;
+		src_addr = MLX5_MODI_OUT_SIPV6_31_0;
+		dst_addr = MLX5_MODI_OUT_DIPV6_31_0;
+	} else {
+		packet_len_field = MLX5_MODI_OUT_IPV4_TOTAL_LEN;
+		/* ipv4 len is including 20 bytes of the header, so add 20 over ipv6 len */
+		packet_len_add = MLX5DR_ACTION_NAT64_ADD_20;
+		ttl_field = MLX5_MODI_OUT_IPV4_TTL;
+		src_addr = MLX5_MODI_OUT_SIPV4;
+		dst_addr = MLX5_MODI_OUT_DIPV4;
+	}
+
+	memset(modify_action_data, 0, sizeof(modify_action_data));
+	action_ptr = (uint8_t *)modify_action_data;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+	MLX5_SET(copy_action_in, action_ptr, src_field,
+		 attr->registers[MLX5DR_ACTION_NAT64_REG_CONTROL]);
+	MLX5_SET(copy_action_in, action_ptr, dst_field,
+		 packet_len_field);
+	MLX5_SET(copy_action_in, action_ptr, src_offset, 32);
+	MLX5_SET(copy_action_in, action_ptr, length, 16);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_NOP);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+	MLX5_SET(copy_action_in, action_ptr, src_field,
+		 attr->registers[MLX5DR_ACTION_NAT64_REG_CONTROL]);
+	MLX5_SET(copy_action_in, action_ptr, dst_field,
+		 MLX5_MODI_OUT_IP_PROTOCOL);
+	MLX5_SET(copy_action_in, action_ptr, src_offset, 16);
+	MLX5_SET(copy_action_in, action_ptr, dst_offset, 0);
+	MLX5_SET(copy_action_in, action_ptr, length, 8);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_NOP);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+	MLX5_SET(copy_action_in, action_ptr, src_field,
+		 attr->registers[MLX5DR_ACTION_NAT64_REG_CONTROL]);
+	MLX5_SET(copy_action_in, action_ptr, dst_field, ttl_field);
+	MLX5_SET(copy_action_in, action_ptr, src_offset, 24);
+	MLX5_SET(copy_action_in, action_ptr, length, 8);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_NOP);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	/* if required Copy original addresses */
+	if (attr->flags & MLX5DR_ACTION_NAT64_BACKUP_ADDR) {
+		MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+		MLX5_SET(copy_action_in, action_ptr, src_field,
+			 attr->registers[MLX5DR_ACTION_NAT64_REG_SRC_IP]);
+		MLX5_SET(copy_action_in, action_ptr, dst_field, src_addr);
+		MLX5_SET(copy_action_in, action_ptr, src_offset, 0);
+		MLX5_SET(copy_action_in, action_ptr, length, 32);
+		action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+		MLX5_SET(copy_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_COPY);
+		MLX5_SET(copy_action_in, action_ptr, src_field,
+			 attr->registers[MLX5DR_ACTION_NAT64_REG_DST_IP]);
+		MLX5_SET(copy_action_in, action_ptr, dst_field, dst_addr);
+		MLX5_SET(copy_action_in, action_ptr, src_offset, 0);
+		MLX5_SET(copy_action_in, action_ptr, length, 32);
+		action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+	}
+
+	/* take/add off 20 bytes ipv4/6 from/to the total size */
+	MLX5_SET(set_action_in, action_ptr, action_type, MLX5_MODIFICATION_TYPE_ADD);
+	MLX5_SET(set_action_in, action_ptr, field, packet_len_field);
+	MLX5_SET(set_action_in, action_ptr, data, packet_len_add);
+	MLX5_SET(set_action_in, action_ptr, length, 16);
+	action_ptr += MLX5DR_ACTION_DOUBLE_SIZE;
+
+	pat[0].data = modify_action_data;
+	pat[0].sz = action_ptr - (uint8_t *)modify_action_data;
+
+	action = mlx5dr_action_create_modify_header(ctx, 1, pat, 0, flags);
+	if (!action) {
+		DR_LOG(ERR, "Failed to create action: action_sz: %zu, flags: 0x%x\n",
+		       pat[0].sz, flags);
+		return NULL;
+	}
+
+	return action;
+}
+
 static void mlx5dr_action_print_combo(enum mlx5dr_action_type *user_actions)
 {
 	DR_LOG(ERR, "Invalid action_type sequence");
@@ -2530,6 +2837,94 @@  mlx5dr_action_create_reformat_ipv6_ext(struct mlx5dr_context *ctx,
 	return NULL;
 }
 
+static bool
+mlx5dr_action_nat64_validate_param(struct mlx5dr_action_nat64_attr *attr,
+				   uint32_t flags)
+{
+	if (mlx5dr_action_is_root_flags(flags)) {
+		DR_LOG(ERR, "Nat64 action not supported for root");
+		rte_errno = ENOTSUP;
+		return false;
+	}
+
+	if (!(flags & MLX5DR_ACTION_FLAG_SHARED)) {
+		DR_LOG(ERR, "Nat64 action must be with SHARED flag");
+		rte_errno = EINVAL;
+		return false;
+	}
+
+	if (attr->num_of_registers > MLX5DR_ACTION_NAT64_REG_MAX) {
+		DR_LOG(ERR, "Nat64 action doesn't support more than %d registers",
+		       MLX5DR_ACTION_NAT64_REG_MAX);
+		rte_errno = EINVAL;
+		return false;
+	}
+
+	if (attr->flags & MLX5DR_ACTION_NAT64_BACKUP_ADDR &&
+	    attr->num_of_registers != MLX5DR_ACTION_NAT64_REG_MAX) {
+		DR_LOG(ERR, "Nat64 backup addr requires %d registers",
+		       MLX5DR_ACTION_NAT64_REG_MAX);
+		rte_errno = EINVAL;
+		return false;
+	}
+
+	if (!(attr->flags & MLX5DR_ACTION_NAT64_V4_TO_V6 ||
+	      attr->flags & MLX5DR_ACTION_NAT64_V6_TO_V4)) {
+		DR_LOG(ERR, "Nat64 backup addr requires one mode at least");
+		rte_errno = EINVAL;
+		return false;
+	}
+
+	return true;
+}
+
+struct mlx5dr_action *
+mlx5dr_action_create_nat64(struct mlx5dr_context *ctx,
+			   struct mlx5dr_action_nat64_attr *attr,
+			   uint32_t flags)
+{
+	struct mlx5dr_action *action;
+
+	if (!mlx5dr_action_nat64_validate_param(attr, flags))
+		return NULL;
+
+	action = mlx5dr_action_create_generic(ctx, flags, MLX5DR_ACTION_TYP_NAT64);
+	if (!action)
+		return NULL;
+
+	action->nat64.stages[MLX5DR_ACTION_NAT64_STAGE_COPY] =
+		mlx5dr_action_create_nat64_copy_state(ctx, attr, flags);
+	if (!action->nat64.stages[MLX5DR_ACTION_NAT64_STAGE_COPY]) {
+		DR_LOG(ERR, "Nat64 failed creating copy state");
+		goto free_action;
+	}
+
+	action->nat64.stages[MLX5DR_ACTION_NAT64_STAGE_REPLACE] =
+		mlx5dr_action_create_nat64_repalce_state(ctx, attr, flags);
+	if (!action->nat64.stages[MLX5DR_ACTION_NAT64_STAGE_REPLACE]) {
+		DR_LOG(ERR, "Nat64 failed creating replace state");
+		goto free_copy;
+	}
+
+	action->nat64.stages[MLX5DR_ACTION_NAT64_STAGE_COPYBACK] =
+		mlx5dr_action_create_nat64_copy_back_state(ctx, attr, flags);
+	if (!action->nat64.stages[MLX5DR_ACTION_NAT64_STAGE_COPYBACK]) {
+		DR_LOG(ERR, "Nat64 failed creating copyback state");
+		goto free_replace;
+	}
+
+	return action;
+
+
+free_replace:
+	mlx5dr_action_destroy(action->nat64.stages[MLX5DR_ACTION_NAT64_STAGE_REPLACE]);
+free_copy:
+	mlx5dr_action_destroy(action->nat64.stages[MLX5DR_ACTION_NAT64_STAGE_COPY]);
+free_action:
+	simple_free(action);
+	return NULL;
+}
+
 static void mlx5dr_action_destroy_hws(struct mlx5dr_action *action)
 {
 	struct mlx5dr_devx_obj *obj = NULL;
@@ -2604,6 +2999,10 @@  static void mlx5dr_action_destroy_hws(struct mlx5dr_action *action)
 			if (action->ipv6_route_ext.action[i])
 				mlx5dr_action_destroy(action->ipv6_route_ext.action[i]);
 		break;
+	case MLX5DR_ACTION_TYP_NAT64:
+		for (i = 0; i < MLX5DR_ACTION_NAT64_STAGES; i++)
+			mlx5dr_action_destroy(action->nat64.stages[i]);
+		break;
 	}
 }
 
@@ -2878,6 +3277,28 @@  mlx5dr_action_setter_modify_header(struct mlx5dr_actions_apply_data *apply,
 	}
 }
 
+static void
+mlx5dr_action_setter_nat64(struct mlx5dr_actions_apply_data *apply,
+			   struct mlx5dr_actions_wqe_setter *setter)
+{
+	struct mlx5dr_rule_action *rule_action;
+	struct mlx5dr_action *cur_stage_action;
+	struct mlx5dr_action *action;
+	uint32_t stc_idx;
+
+	rule_action = &apply->rule_action[setter->idx_double];
+	action = rule_action->action;
+	cur_stage_action = action->nat64.stages[setter->stage_idx];
+
+	stc_idx = htobe32(cur_stage_action->stc[apply->tbl_type].offset);
+
+	apply->wqe_ctrl->stc_ix[MLX5DR_ACTION_STC_IDX_DW6] = stc_idx;
+	apply->wqe_ctrl->stc_ix[MLX5DR_ACTION_STC_IDX_DW7] = 0;
+
+	apply->wqe_data[MLX5DR_ACTION_OFFSET_DW6] = 0;
+	apply->wqe_data[MLX5DR_ACTION_OFFSET_DW7] = 0;
+}
+
 static void
 mlx5dr_action_setter_insert_ptr(struct mlx5dr_actions_apply_data *apply,
 				struct mlx5dr_actions_wqe_setter *setter)
@@ -3178,7 +3599,7 @@  int mlx5dr_action_template_process(struct mlx5dr_action_template *at)
 	struct mlx5dr_actions_wqe_setter *setter = at->setters;
 	struct mlx5dr_actions_wqe_setter *pop_setter = NULL;
 	struct mlx5dr_actions_wqe_setter *last_setter;
-	int i;
+	int i, j;
 
 	/* Note: Given action combination must be valid */
 
@@ -3366,6 +3787,19 @@  int mlx5dr_action_template_process(struct mlx5dr_action_template *at)
 			setter->idx_ctr = i;
 			break;
 
+		case MLX5DR_ACTION_TYP_NAT64:
+			/* NAT64 requires 3 setters, each of them does specific modify header */
+			for (j = 0; j < MLX5DR_ACTION_NAT64_STAGES; j++) {
+				setter = mlx5dr_action_setter_find_first(last_setter,
+									 ASF_DOUBLE | ASF_REMOVE);
+				setter->flags |= ASF_DOUBLE | ASF_MODIFY;
+				setter->set_double = &mlx5dr_action_setter_nat64;
+				setter->idx_double = i;
+				/* The stage indicates which modify-header to push */
+				setter->stage_idx = j;
+			}
+			break;
+
 		default:
 			DR_LOG(ERR, "Unsupported action type: %d", action_type[i]);
 			rte_errno = ENOTSUP;
diff --git a/drivers/net/mlx5/hws/mlx5dr_action.h b/drivers/net/mlx5/hws/mlx5dr_action.h
index 0c8e4bbb5a..064c18a90c 100644
--- a/drivers/net/mlx5/hws/mlx5dr_action.h
+++ b/drivers/net/mlx5/hws/mlx5dr_action.h
@@ -11,6 +11,9 @@ 
 /* Max number of internal subactions of ipv6_ext */
 #define MLX5DR_ACTION_IPV6_EXT_MAX_SA 4
 
+/* Number of MH in NAT64 */
+#define MLX5DR_ACTION_NAT64_STAGES 3
+
 enum mlx5dr_action_stc_idx {
 	MLX5DR_ACTION_STC_IDX_CTRL = 0,
 	MLX5DR_ACTION_STC_IDX_HIT = 1,
@@ -68,6 +71,34 @@  enum mlx5dr_action_stc_reparse {
 	MLX5DR_ACTION_STC_REPARSE_OFF,
 };
 
+ /* 2' comp to 20, to get -20 in add operation */
+#define MLX5DR_ACTION_NAT64_DEC_20 0xffffffec
+
+enum {
+	MLX5DR_ACTION_NAT64_MAX_MODIFY_ACTIONS = 20,
+	MLX5DR_ACTION_NAT64_ADD_20 = 20,
+	MLX5DR_ACTION_NAT64_HEADER_MINUS_ONE = 9,
+	MLX5DR_ACTION_NAT64_IPV6_HEADER = 10,
+	MLX5DR_ACTION_NAT64_IPV4_HEADER = 5,
+	MLX5DR_ACTION_NAT64_IPV6_VER = 0x60000000,
+	MLX5DR_ACTION_NAT64_IPV4_VER = 0x45000000,
+};
+
+/* 3 stages for the nat64 action */
+enum mlx5dr_action_nat64_stages {
+	MLX5DR_ACTION_NAT64_STAGE_COPY = 0,
+	MLX5DR_ACTION_NAT64_STAGE_REPLACE = 1,
+	MLX5DR_ACTION_NAT64_STAGE_COPYBACK = 2,
+};
+
+/* Registers for keeping data from stage to stage */
+enum {
+	MLX5DR_ACTION_NAT64_REG_CONTROL = 0,
+	MLX5DR_ACTION_NAT64_REG_SRC_IP = 1,
+	MLX5DR_ACTION_NAT64_REG_DST_IP = 2,
+	MLX5DR_ACTION_NAT64_REG_MAX = 3,
+};
+
 struct mlx5dr_action_default_stc {
 	struct mlx5dr_pool_chunk nop_ctr;
 	struct mlx5dr_pool_chunk nop_dw5;
@@ -109,6 +140,7 @@  struct mlx5dr_actions_wqe_setter {
 	uint8_t idx_double;
 	uint8_t idx_ctr;
 	uint8_t idx_hit;
+	uint8_t stage_idx;
 	uint8_t flags;
 	uint8_t extra_data;
 };
@@ -184,6 +216,9 @@  struct mlx5dr_action {
 					uint8_t num_of_words;
 					bool decap;
 				} remove_header;
+				struct {
+					struct mlx5dr_action *stages[MLX5DR_ACTION_NAT64_STAGES];
+				} nat64;
 			};
 		};
 
diff --git a/drivers/net/mlx5/hws/mlx5dr_debug.c b/drivers/net/mlx5/hws/mlx5dr_debug.c
index a9094cd35b..8f07c7fd66 100644
--- a/drivers/net/mlx5/hws/mlx5dr_debug.c
+++ b/drivers/net/mlx5/hws/mlx5dr_debug.c
@@ -28,6 +28,7 @@  const char *mlx5dr_debug_action_type_str[] = {
 	[MLX5DR_ACTION_TYP_REMOVE_HEADER] = "REMOVE_HEADER",
 	[MLX5DR_ACTION_TYP_POP_IPV6_ROUTE_EXT] = "POP_IPV6_ROUTE_EXT",
 	[MLX5DR_ACTION_TYP_PUSH_IPV6_ROUTE_EXT] = "PUSH_IPV6_ROUTE_EXT",
+	[MLX5DR_ACTION_TYP_NAT64] = "NAT64",
 };
 
 static_assert(ARRAY_SIZE(mlx5dr_debug_action_type_str) == MLX5DR_ACTION_TYP_MAX,