On Thu, Jul 1, 2021 at 2:59 PM Anoob Joseph <ano...@marvell.com> wrote:
>
> In the inline inound path, a custom header would be present at L3 which
> has sequence number & SPI. L2 need to be adjusted such that the eventual
> packet would have L3 after L2. Remove assumption of L2 type in this
> handling.
>
> Signed-off-by: Anoob Joseph <ano...@marvell.com>
Acked-by: Jerin Jacob <jer...@marvell.com>
Applied to dpdk-next-net-mrvl/for-next-net. Thanks
> ---
> drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h | 9 ++---
> drivers/crypto/octeontx2/otx2_ipsec_fp.h | 13 +++----
> drivers/net/octeontx2/otx2_rx.h | 45
> ++++++++++++++++-------
> 3 files changed, 42 insertions(+), 25 deletions(-)
>
> diff --git a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
> b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
> index b2b1f77..089a3d0 100644
> --- a/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
> +++ b/drivers/crypto/octeontx2/otx2_ipsec_anti_replay.h
> @@ -166,8 +166,9 @@ anti_replay_check(struct otx2_ipsec_replay *replay,
> uint64_t seq,
> }
>
> static inline int
> -cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, char *data)
> +cpt_ipsec_ip_antireplay_check(struct otx2_ipsec_fp_in_sa *sa, void *l3_ptr)
> {
> + struct otx2_ipsec_fp_res_hdr *hdr = l3_ptr;
> uint64_t seq_in_sa;
> uint32_t seqh = 0;
> uint32_t seql;
> @@ -176,14 +177,12 @@ cpt_ipsec_ip_antireplay_check(struct
> otx2_ipsec_fp_in_sa *sa, char *data)
> int ret;
>
> esn = sa->ctl.esn_en;
> - seql = rte_be_to_cpu_32(*((uint32_t *)(data +
> - OTX2_IPSEC_SEQNO_LO_INDEX)));
> + seql = rte_be_to_cpu_32(hdr->seq_no_lo);
>
> if (!esn)
> seq = (uint64_t)seql;
> else {
> - seqh = rte_be_to_cpu_32(*((uint32_t *)(data +
> - OTX2_IPSEC_SEQNO_HI_INDEX)));
> + seqh = rte_be_to_cpu_32(hdr->seq_no_hi);
> seq = ((uint64_t)seqh << 32) | seql;
> }
>
> diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
> b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
> index a33041d..4be22d4 100644
> --- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h
> +++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h
> @@ -10,14 +10,13 @@
>
> /* Macros for anti replay and ESN */
> #define OTX2_IPSEC_MAX_REPLAY_WIN_SZ 1024
> -#define OTX2_IPSEC_SAINDEX_SZ 4
> -#define OTX2_IPSEC_SEQNO_LO 4
>
> -#define OTX2_IPSEC_SEQNO_LO_INDEX (RTE_ETHER_HDR_LEN + \
> - OTX2_IPSEC_SAINDEX_SZ)
> -
> -#define OTX2_IPSEC_SEQNO_HI_INDEX (OTX2_IPSEC_SEQNO_LO_INDEX + \
> - OTX2_IPSEC_SEQNO_LO)
> +struct otx2_ipsec_fp_res_hdr {
> + uint32_t spi;
> + uint32_t seq_no_lo;
> + uint32_t seq_no_hi;
> + uint32_t rsvd;
> +};
>
> enum {
> OTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,
> diff --git a/drivers/net/octeontx2/otx2_rx.h b/drivers/net/octeontx2/otx2_rx.h
> index 257492a..ea29aec 100644
> --- a/drivers/net/octeontx2/otx2_rx.h
> +++ b/drivers/net/octeontx2/otx2_rx.h
> @@ -41,7 +41,6 @@
>
> /* Inline IPsec offsets */
>
> -#define INLINE_INB_RPTR_HDR 16
> /* nix_cqe_hdr_s + nix_rx_parse_s + nix_rx_sg_s + nix_iova_s */
> #define INLINE_CPT_RESULT_OFFSET 80
>
> @@ -239,14 +238,18 @@ nix_rx_sec_sa_get(const void * const lookup_mem, int
> spi, uint16_t port)
> }
>
> static __rte_always_inline uint64_t
> -nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
> +nix_rx_sec_mbuf_update(const struct nix_rx_parse_s *rx,
> + const struct nix_cqe_hdr_s *cq, struct rte_mbuf *m,
> const void * const lookup_mem)
> {
> + uint8_t *l2_ptr, *l3_ptr, *l2_ptr_actual, *l3_ptr_actual;
> struct otx2_ipsec_fp_in_sa *sa;
> - struct rte_ipv4_hdr *ipv4;
> - uint16_t m_len;
> + uint16_t m_len, l2_len, ip_len;
> + struct rte_ipv6_hdr *ip6h;
> + struct rte_ipv4_hdr *iph;
> + uint16_t *ether_type;
> uint32_t spi;
> - char *data;
> + int i;
>
> if (unlikely(nix_rx_sec_cptres_get(cq) != OTX2_SEC_COMP_GOOD))
> return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
> @@ -257,22 +260,38 @@ nix_rx_sec_mbuf_update(const struct nix_cqe_hdr_s *cq,
> struct rte_mbuf *m,
> sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port);
> *rte_security_dynfield(m) = sa->udata64;
>
> - data = rte_pktmbuf_mtod(m, char *);
> + l2_ptr = rte_pktmbuf_mtod(m, uint8_t *);
> + l2_len = rx->lcptr - rx->laptr;
> + l3_ptr = RTE_PTR_ADD(l2_ptr, l2_len);
>
> if (sa->replay_win_sz) {
> - if (cpt_ipsec_ip_antireplay_check(sa, data) < 0)
> + if (cpt_ipsec_ip_antireplay_check(sa, l3_ptr) < 0)
> return PKT_RX_SEC_OFFLOAD | PKT_RX_SEC_OFFLOAD_FAILED;
> }
>
> - memcpy(data + INLINE_INB_RPTR_HDR, data, RTE_ETHER_HDR_LEN);
> + l2_ptr_actual = RTE_PTR_ADD(l2_ptr,
> + sizeof(struct otx2_ipsec_fp_res_hdr));
> + l3_ptr_actual = RTE_PTR_ADD(l3_ptr,
> + sizeof(struct otx2_ipsec_fp_res_hdr));
>
> - m->data_off += INLINE_INB_RPTR_HDR;
> + for (i = l2_len - RTE_ETHER_TYPE_LEN - 1; i >= 0; i--)
> + l2_ptr_actual[i] = l2_ptr[i];
>
> - ipv4 = (struct rte_ipv4_hdr *)(data + INLINE_INB_RPTR_HDR +
> - RTE_ETHER_HDR_LEN);
> + m->data_off += sizeof(struct otx2_ipsec_fp_res_hdr);
>
> - m_len = rte_be_to_cpu_16(ipv4->total_length) + RTE_ETHER_HDR_LEN;
> + ether_type = RTE_PTR_SUB(l3_ptr_actual, RTE_ETHER_TYPE_LEN);
>
> + iph = (struct rte_ipv4_hdr *)l3_ptr_actual;
> + if ((iph->version_ihl >> 4) == 4) {
> + ip_len = rte_be_to_cpu_16(iph->total_length);
> + *ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
> + } else {
> + ip6h = (struct rte_ipv6_hdr *)iph;
> + ip_len = rte_be_to_cpu_16(ip6h->payload_len);
> + *ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
> + }
> +
> + m_len = ip_len + l2_len;
> m->data_len = m_len;
> m->pkt_len = m_len;
> return PKT_RX_SEC_OFFLOAD;
> @@ -322,7 +341,7 @@ otx2_nix_cqe_to_mbuf(const struct nix_cqe_hdr_s *cq,
> const uint32_t tag,
> if ((flag & NIX_RX_OFFLOAD_SECURITY_F) &&
> cq->cqe_type == NIX_XQE_TYPE_RX_IPSECH) {
> *(uint64_t *)(&mbuf->rearm_data) = val;
> - ol_flags |= nix_rx_sec_mbuf_update(cq, mbuf, lookup_mem);
> + ol_flags |= nix_rx_sec_mbuf_update(rx, cq, mbuf, lookup_mem);
> mbuf->ol_flags = ol_flags;
> return;
> }
> --
> 2.7.4
>
