[dpdk-dev] [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec dequeue routine

Tejasree Kondoj ktejasree at marvell.com
Wed Jul 15 11:27:03 CEST 2020 

From: Vamsi Attunuru <vattunuru at marvell.com>

This patch adds lookaside IPsec dequeue routine.

Signed-off-by: Vamsi Attunuru <vattunuru at marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
---
 doc/guides/cryptodevs/octeontx2.rst           | 19 ++++++++++
 doc/guides/rel_notes/release_20_08.rst        |  5 +++
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37 +++++++++++++++++++
 drivers/crypto/octeontx2/otx2_ipsec_po.h      | 30 +++++++++++++++
 4 files changed, 91 insertions(+)

diff --git a/doc/guides/cryptodevs/octeontx2.rst b/doc/guides/cryptodevs/octeontx2.rst
index 085d669e49..5d111e46c3 100644
--- a/doc/guides/cryptodevs/octeontx2.rst
+++ b/doc/guides/cryptodevs/octeontx2.rst
@@ -158,3 +158,22 @@ application:
 
     ./test
     RTE>>cryptodev_octeontx2_asym_autotest
+
+
+Lookaside IPsec Support
+-----------------------
+
+The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol mode,
+with its **cryptographic accelerator (CPT)**. ``OCTEON TX2 crypto PMD`` implements
+this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload.
+
+Refer to :doc:`../prog_guide/rte_security` for more details on protocol offloads.
+
+
+Features supported
+~~~~~~~~~~~~~~~~~~
+
+* IPv4
+* ESP
+* Tunnel mode
+* AES-128/192/256-GCM
diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst
index f19b748728..2d57adc283 100644
--- a/doc/guides/rel_notes/release_20_08.rst
+++ b/doc/guides/rel_notes/release_20_08.rst
@@ -225,6 +225,11 @@ New Features
   See the :doc:`../sample_app_ug/l2_forward_real_virtual` for more
   details of this parameter usage.
 
+* **Added lookaside IPsec support to OCTEON TX2 crypto PMD.**
+
+  Added lookaside IPsec support to OCTEON TX2 crypto PMD. With this feature,
+  applications will be able to offload lookaside IPsec to the hardware.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 6a2753eb22..9d51b17ddd 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -835,11 +835,48 @@ otx2_cpt_asym_post_process(struct rte_crypto_op *cop,
 	}
 }
 
+static void
+otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
+{
+	struct cpt_request_info *req = (struct cpt_request_info *)rsp[2];
+	vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
+	struct rte_crypto_sym_op *sym_op = cop->sym;
+	struct rte_mbuf *m = sym_op->m_src;
+	struct rte_ipv4_hdr *ip;
+	uint16_t m_len;
+	int mdata_len;
+	char *data;
+
+	mdata_len = (int)rsp[3];
+	rte_pktmbuf_trim(m, mdata_len);
+
+	if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
+		data = rte_pktmbuf_mtod(m, char *);
+		ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR);
+
+		m_len = rte_be_to_cpu_16(ip->total_length);
+
+		m->data_len = m_len;
+		m->pkt_len = m_len;
+		m->data_off += OTX2_IPSEC_PO_INB_RPTR_HDR;
+	}
+}
+
 static inline void
 otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop,
 			      uintptr_t *rsp, uint8_t cc)
 {
 	if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+		if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+			if (likely(cc == OTX2_IPSEC_PO_CC_SUCCESS)) {
+				otx2_cpt_sec_post_process(cop, rsp);
+				cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+			} else
+				cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+			return;
+		}
+
 		if (likely(cc == NO_ERR)) {
 			/* Verify authentication data if required */
 			if (unlikely(rsp[2]))
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index 5acda79749..bafc5c7653 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -22,10 +22,40 @@
 #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB   0x23
 #define OTX2_IPSEC_PO_PROCESS_IPSEC_INB    0x24
 
+#define OTX2_IPSEC_PO_INB_RPTR_HDR         0x8
+
 enum otx2_ipsec_po_comp_e {
 	OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
 	OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
 	OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
+	OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2,
+	OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3,
+	OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4,
+	OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5,
+	OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6,
+	OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7,
+	OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8,
+	OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9,
+	OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA,
+	OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB,
+	OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC,
+	OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD,
+	OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE,
+	OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF,
+	OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0,
+	OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1,
+	OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2,
+	OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3,
+	OTX2_IPSEC_PO_CC_PADDING = 0xC4,
+	OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5,
+	OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6,
+	OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7,
+	OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8,
+	OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9,
+	OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA,
+	OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB,
+	OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC,
+	OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE,
 };
 
 enum {
-- 
2.27.0

More information about the dev mailing list