if (word0->s.opcode.major == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
data = rte_pktmbuf_mtod(m, char *);
+ ip = (struct rte_ipv4_hdr *)(data +
+ OTX2_IPSEC_PO_INB_RPTR_HDR);
- if (rsp[4] == OTX2_IPSEC_PO_TRANSPORT ||
- rsp[4] == OTX2_IPSEC_PO_TUNNEL_IPV4) {
- ip = (struct rte_ipv4_hdr *)(data +
- OTX2_IPSEC_PO_INB_RPTR_HDR);
+ if ((ip->version_ihl >> 4) == 4) {
m_len = rte_be_to_cpu_16(ip->total_length);
- } else if (rsp[4] == OTX2_IPSEC_PO_TUNNEL_IPV6) {
+ } else {
ip6 = (struct rte_ipv6_hdr *)(data +
OTX2_IPSEC_PO_INB_RPTR_HDR);
m_len = rte_be_to_cpu_16(ip6->payload_len) +
sess->auth_iv_length = auth_xform->auth.iv.length;
sess->mac_len = auth_xform->auth.digest_length;
}
-
- sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV;
- sess->ucmd_param2 = 0;
}
static int
memset(sa, 0, sizeof(struct otx2_ipsec_po_out_sa));
/* Initialize lookaside ipsec private data */
- lp->mode_type = OTX2_IPSEC_PO_TRANSPORT;
lp->ip_id = 0;
lp->seq_lo = 1;
lp->seq_hi = 0;
if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
- lp->mode_type = OTX2_IPSEC_PO_TUNNEL_IPV4;
ip->version_ihl = RTE_IPV4_VHL_DEF;
ip->time_to_live = ipsec->tunnel.ipv4.ttl;
ip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2);
} else if (ipsec->tunnel.type ==
RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
- lp->mode_type = OTX2_IPSEC_PO_TUNNEL_IPV6;
if (ctl->enc_type == OTX2_IPSEC_PO_SA_ENC_AES_GCM) {
template = &sa->aes_gcm.template;
ctx_len = offsetof(struct otx2_ipsec_po_out_sa,
lp->ucmd_opcode = (lp->ctx_len << 8) |
(OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB);
+ /* Set per packet IV and IKEv2 bits */
+ lp->ucmd_param1 = BIT(11) | BIT(9);
+ lp->ucmd_param2 = 0;
+
set_session_misc_attributes(lp, crypto_xform,
auth_xform, cipher_xform);
if (ret)
return ret;
- lp->mode_type = OTX2_IPSEC_PO_TRANSPORT;
-
auth_xform = crypto_xform;
cipher_xform = crypto_xform->next;
cipher_key_len = 0;
auth_key_len = 0;
- if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
- lp->mode_type = (ipsec->tunnel.type ==
- RTE_SECURITY_IPSEC_TUNNEL_IPV4) ?
- OTX2_IPSEC_PO_TUNNEL_IPV4 :
- OTX2_IPSEC_PO_TUNNEL_IPV6;
-
if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
memcpy(sa->iv.gcm.nonce, &ipsec->salt, 4);
lp->cpt_inst_w7 = inst.u64[7];
lp->ucmd_opcode = (lp->ctx_len << 8) |
(OTX2_IPSEC_PO_PROCESS_IPSEC_INB);
+ lp->ucmd_param1 = 0;
+
+ /* Set IKEv2 bit */
+ lp->ucmd_param2 = BIT(12);
set_session_misc_attributes(lp, crypto_xform,
auth_xform, cipher_xform);
uint8_t iv_length;
/** Auth IV length in bytes */
uint8_t auth_iv_length;
- /** IPsec mode and tunnel type */
- enum otx2_ipsec_po_mode_type mode_type;
};
int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
#define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN 0x09
-#define OTX2_IPSEC_PO_PER_PKT_IV BIT(11)
-
#define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB 0x20
#define OTX2_IPSEC_PO_WRITE_IPSEC_INB 0x21
#define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23
#define OTX2_IPSEC_PO_INB_RPTR_HDR 0x8
-enum otx2_ipsec_po_mode_type {
- OTX2_IPSEC_PO_TRANSPORT = 1,
- OTX2_IPSEC_PO_TUNNEL_IPV4,
- OTX2_IPSEC_PO_TUNNEL_IPV6,
-};
-
enum otx2_ipsec_po_comp_e {
OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
}
static __rte_always_inline struct cpt_request_info *
-alloc_request_struct(char *maddr, void *cop, int mdata_len,
- enum otx2_ipsec_po_mode_type mode_type)
+alloc_request_struct(char *maddr, void *cop, int mdata_len)
{
struct cpt_request_info *req;
struct cpt_meta_info *meta;
op[1] = (uintptr_t)cop;
op[2] = (uintptr_t)req;
op[3] = mdata_len;
- op[4] = mode_type;
return req;
}
}
mdata += extend_tail; /* mdata follows encrypted data */
- req = alloc_request_struct(mdata, (void *)cop, mdata_len,
- sess->mode_type);
+ req = alloc_request_struct(mdata, (void *)cop, mdata_len);
data = rte_pktmbuf_prepend(m_src, extend_head);
if (unlikely(data == NULL)) {
goto exit;
}
- req = alloc_request_struct(mdata, (void *)cop, mdata_len,
- sess->mode_type);
+ req = alloc_request_struct(mdata, (void *)cop, mdata_len);
/* Prepare CPT instruction */
word0.u64 = sess->ucmd_w0;
git.droids-corp.org / dpdk.git / commitdiff