Adding IPv6 tunnel mode support in lookaside IPsec PMD.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
~~~~~~~~~~~~~~~~~~
* IPv4
+* IPv6
* ESP
* Tunnel mode
* AES-128/192/256-GCM
* Added support for AES-ECB 128, 192 and 256 in aesni_mb PMD.
+* **Updated the OCTEON TX2 crypto PMD.**
+
+ * Updated the OCTEON TX2 crypto PMD lookaside protocol offload for IPsec with
+ IPv6 support.
+
* **Added Intel ACC100 bbdev PMD.**
Added a new ``acc100`` bbdev driver for the Intel\ |reg| ACC100 accelerator
};
struct cpt_meta_info {
- uint64_t deq_op_info[4];
+ uint64_t deq_op_info[5];
uint64_t comp_code_sz;
union cpt_res_s cpt_res __rte_aligned(16);
struct cpt_request_info cpt_req;
vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m = sym_op->m_src;
+ struct rte_ipv6_hdr *ip6;
struct rte_ipv4_hdr *ip;
uint16_t m_len;
int mdata_len;
if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
data = rte_pktmbuf_mtod(m, char *);
- ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR);
- m_len = rte_be_to_cpu_16(ip->total_length);
+ if (rsp[4] == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ ip = (struct rte_ipv4_hdr *)(data +
+ OTX2_IPSEC_PO_INB_RPTR_HDR);
+ m_len = rte_be_to_cpu_16(ip->total_length);
+ } else {
+ ip6 = (struct rte_ipv6_hdr *)(data +
+ OTX2_IPSEC_PO_INB_RPTR_HDR);
+ m_len = rte_be_to_cpu_16(ip6->payload_len) +
+ sizeof(struct rte_ipv6_hdr);
+ }
m->data_len = m_len;
m->pkt_len = m_len;
{
struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
- lp->partial_len = sizeof(struct rte_ipv4_hdr);
+ if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)
+ lp->partial_len = sizeof(struct rte_ipv4_hdr);
+ else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6)
+ lp->partial_len = sizeof(struct rte_ipv6_hdr);
+ else
+ return -EINVAL;
if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {
lp->partial_len += sizeof(struct rte_esp_hdr);
struct otx2_ipsec_po_out_sa *sa;
struct otx2_sec_session *sess;
struct otx2_cpt_inst_s inst;
+ struct rte_ipv6_hdr *ip6;
struct rte_ipv4_hdr *ip;
int ret;
lp->ip_id = 0;
lp->seq_lo = 1;
lp->seq_hi = 0;
+ lp->tunnel_type = ipsec->tunnel.type;
ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
if (ret)
sizeof(struct in_addr));
memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip,
sizeof(struct in_addr));
+ } else if (ipsec->tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
+ ip6 = &sa->template.ipv6_hdr;
+ ip6->vtc_flow = rte_cpu_to_be_32(0x60000000 |
+ ((ipsec->tunnel.ipv6.dscp <<
+ RTE_IPV6_HDR_TC_SHIFT) &
+ RTE_IPV6_HDR_TC_MASK) |
+ ((ipsec->tunnel.ipv6.flabel <<
+ RTE_IPV6_HDR_FL_SHIFT) &
+ RTE_IPV6_HDR_FL_MASK));
+ ip6->hop_limits = ipsec->tunnel.ipv6.hlimit;
+ ip6->proto = (ipsec->proto ==
+ RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
+ IPPROTO_ESP : IPPROTO_AH;
+ memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr,
+ sizeof(struct in6_addr));
+ memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr,
+ sizeof(struct in6_addr));
} else {
return -EINVAL;
}
if (ret)
return ret;
+ lp->tunnel_type = ipsec->tunnel.type;
auth_xform = crypto_xform;
cipher_xform = crypto_xform->next;
uint8_t iv_length;
/** Auth IV length in bytes */
uint8_t auth_iv_length;
+ /** IPsec tunnel type */
+ enum rte_security_ipsec_tunnel_type tunnel_type;
};
int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
return -EINVAL;
}
- ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;
+ ctl->inner_ip_ver = ctl->outer_ip_ver;
if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT;
}
static __rte_always_inline struct cpt_request_info *
-alloc_request_struct(char *maddr, void *cop, int mdata_len)
+alloc_request_struct(char *maddr, void *cop, int mdata_len,
+ enum rte_security_ipsec_tunnel_type tunnel_type)
{
struct cpt_request_info *req;
struct cpt_meta_info *meta;
op[1] = (uintptr_t)cop;
op[2] = (uintptr_t)req;
op[3] = mdata_len;
+ op[4] = tunnel_type;
return req;
}
}
mdata += extend_tail; /* mdata follows encrypted data */
- req = alloc_request_struct(mdata, (void *)cop, mdata_len);
+ req = alloc_request_struct(mdata, (void *)cop, mdata_len,
+ sess->tunnel_type);
data = rte_pktmbuf_prepend(m_src, extend_head);
if (unlikely(data == NULL)) {
goto exit;
}
- req = alloc_request_struct(mdata, (void *)cop, mdata_len);
+ req = alloc_request_struct(mdata, (void *)cop, mdata_len,
+ sess->tunnel_type);
/* Prepare CPT instruction */
word0.u64 = sess->ucmd_w0;
git.droids-corp.org / dpdk.git / commitdiff