From c91d30f46d4cef7865d51bec3490845ab5ce6cba Mon Sep 17 00:00:00 2001 From: Satheesh Paul Date: Fri, 1 Oct 2021 19:10:21 +0530 Subject: [PATCH] net/cnxk: support configuring channel mask via devargs This patch adds support to configure channel mask which will be used by rte flow when adding flow rules with inline IPsec action. Signed-off-by: Satheesh Paul Acked-by: Jerin Jacob --- doc/guides/nics/cnxk.rst | 20 +++++++++++++++ drivers/net/cnxk/cnxk_ethdev_sec.c | 39 +++++++++++++++++++++++++++++- 2 files changed, 58 insertions(+), 1 deletion(-) diff --git a/doc/guides/nics/cnxk.rst b/doc/guides/nics/cnxk.rst index b5424376f1..dd955d31b0 100644 --- a/doc/guides/nics/cnxk.rst +++ b/doc/guides/nics/cnxk.rst @@ -255,6 +255,26 @@ Runtime Config Options With the above configuration, inbound encrypted traffic from both the ports is received by ipsec inline device. +- ``Inline IPsec device channel and mask`` (default ``none``) + + Set channel and channel mask configuration for the inline IPSec device. This + will be used when creating flow rules with RTE_FLOW_ACTION_TYPE_SECURITY + action. + + By default, RTE Flow API sets the channel number of the port on which the + rule is created in the MCAM entry and matches it exactly. This behaviour can + be modified using the ``inl_cpt_channel`` ``devargs`` parameter. + + For example:: + + -a 0002:1d:00.0,inl_cpt_channel=0x100/0xf00 + + With the above configuration, RTE Flow rules API will set the channel + and channel mask as 0x100 and 0xF00 in the MCAM entries of the flow rules + created with RTE_FLOW_ACTION_TYPE_SECURITY action. Since channel number is + set with this custom mask, inbound encrypted traffic from all ports with + matching channel number pattern will be directed to the inline IPSec device. + .. note:: Above devarg parameters are configurable per device, user needs to pass the diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c index c76e23024b..ae3e49cc82 100644 --- a/drivers/net/cnxk/cnxk_ethdev_sec.c +++ b/drivers/net/cnxk/cnxk_ethdev_sec.c @@ -6,6 +6,13 @@ #define CNXK_NIX_INL_SELFTEST "selftest" #define CNXK_NIX_INL_IPSEC_IN_MAX_SPI "ipsec_in_max_spi" +#define CNXK_INL_CPT_CHANNEL "inl_cpt_channel" + +struct inl_cpt_channel { + bool is_multi_channel; + uint16_t channel; + uint16_t mask; +}; #define CNXK_NIX_INL_DEV_NAME RTE_STR(cnxk_nix_inl_dev_) #define CNXK_NIX_INL_DEV_NAME_LEN \ @@ -136,14 +143,38 @@ parse_selftest(const char *key, const char *value, void *extra_args) return 0; } +static int +parse_inl_cpt_channel(const char *key, const char *value, void *extra_args) +{ + RTE_SET_USED(key); + uint16_t chan = 0, mask = 0; + char *next = 0; + + /* next will point to the separator '/' */ + chan = strtol(value, &next, 16); + mask = strtol(++next, 0, 16); + + if (chan > GENMASK(12, 0) || mask > GENMASK(12, 0)) + return -EINVAL; + + ((struct inl_cpt_channel *)extra_args)->channel = chan; + ((struct inl_cpt_channel *)extra_args)->mask = mask; + ((struct inl_cpt_channel *)extra_args)->is_multi_channel = true; + + return 0; +} + static int nix_inl_parse_devargs(struct rte_devargs *devargs, struct roc_nix_inl_dev *inl_dev) { uint32_t ipsec_in_max_spi = BIT(8) - 1; + struct inl_cpt_channel cpt_channel; struct rte_kvargs *kvlist; uint8_t selftest = 0; + memset(&cpt_channel, 0, sizeof(cpt_channel)); + if (devargs == NULL) goto null_devargs; @@ -155,11 +186,16 @@ nix_inl_parse_devargs(struct rte_devargs *devargs, &selftest); rte_kvargs_process(kvlist, CNXK_NIX_INL_IPSEC_IN_MAX_SPI, &parse_ipsec_in_max_spi, &ipsec_in_max_spi); + rte_kvargs_process(kvlist, CNXK_INL_CPT_CHANNEL, &parse_inl_cpt_channel, + &cpt_channel); rte_kvargs_free(kvlist); null_devargs: inl_dev->ipsec_in_max_spi = ipsec_in_max_spi; inl_dev->selftest = selftest; + inl_dev->channel = cpt_channel.channel; + inl_dev->chan_mask = cpt_channel.mask; + inl_dev->is_multi_channel = cpt_channel.is_multi_channel; return 0; exit: return -EINVAL; @@ -275,4 +311,5 @@ RTE_PMD_REGISTER_KMOD_DEP(cnxk_nix_inl, "vfio-pci"); RTE_PMD_REGISTER_PARAM_STRING(cnxk_nix_inl, CNXK_NIX_INL_SELFTEST "=1" - CNXK_NIX_INL_IPSEC_IN_MAX_SPI "=<1-65535>"); + CNXK_NIX_INL_IPSEC_IN_MAX_SPI "=<1-65535>" + CNXK_INL_CPT_CHANNEL "=<1-4095>/<1-4095>"); -- 2.20.1