[dpdk-dev] [PATCH v4 05/12] mbuf: add security crypto flags and mbuf fields

Aviad Yehezkel aviadye at dev.mellanox.co.il
Sun Oct 15 14:49:06 CEST 2017



On 10/15/2017 1:17 AM, Akhil Goyal wrote:
> From: Boris Pismenny <borisp at mellanox.com>
>
> Add security crypto flags and update mbuf fields to support
> IPsec crypto offload for transmitted packets, and to indicate
> crypto result for received packets.
>
> Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
> Signed-off-by: Boris Pismenny <borisp at mellanox.com>
> Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
> ---
>   lib/librte_mbuf/rte_mbuf.c       |  6 ++++++
>   lib/librte_mbuf/rte_mbuf.h       | 35 ++++++++++++++++++++++++++++++++---
>   lib/librte_mbuf/rte_mbuf_ptype.c |  1 +
>   lib/librte_mbuf/rte_mbuf_ptype.h | 11 +++++++++++
>   4 files changed, 50 insertions(+), 3 deletions(-)
>
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index 0e18709..6659261 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -324,6 +324,8 @@ const char *rte_get_rx_ol_flag_name(uint64_t mask)
>   	case PKT_RX_QINQ_STRIPPED: return "PKT_RX_QINQ_STRIPPED";
>   	case PKT_RX_LRO: return "PKT_RX_LRO";
>   	case PKT_RX_TIMESTAMP: return "PKT_RX_TIMESTAMP";
> +	case PKT_RX_SEC_OFFLOAD: return "PKT_RX_SEC_OFFLOAD";
> +	case PKT_RX_SEC_OFFLOAD_FAILED: return "PKT_RX_SEC_OFFLOAD_FAILED";
>   	default: return NULL;
>   	}
>   }
> @@ -359,6 +361,8 @@ rte_get_rx_ol_flag_list(uint64_t mask, char *buf, size_t buflen)
>   		{ PKT_RX_QINQ_STRIPPED, PKT_RX_QINQ_STRIPPED, NULL },
>   		{ PKT_RX_LRO, PKT_RX_LRO, NULL },
>   		{ PKT_RX_TIMESTAMP, PKT_RX_TIMESTAMP, NULL },
> +		{ PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD, NULL },
> +		{ PKT_RX_SEC_OFFLOAD_FAILED, PKT_RX_SEC_OFFLOAD_FAILED, NULL },
>   	};
>   	const char *name;
>   	unsigned int i;
> @@ -411,6 +415,7 @@ const char *rte_get_tx_ol_flag_name(uint64_t mask)
>   	case PKT_TX_TUNNEL_GENEVE: return "PKT_TX_TUNNEL_GENEVE";
>   	case PKT_TX_TUNNEL_MPLSINUDP: return "PKT_TX_TUNNEL_MPLSINUDP";
>   	case PKT_TX_MACSEC: return "PKT_TX_MACSEC";
> +	case PKT_TX_SEC_OFFLOAD: return "PKT_TX_SEC_OFFLOAD";
>   	default: return NULL;
>   	}
>   }
> @@ -444,6 +449,7 @@ rte_get_tx_ol_flag_list(uint64_t mask, char *buf, size_t buflen)
>   		{ PKT_TX_TUNNEL_MPLSINUDP, PKT_TX_TUNNEL_MASK,
>   		  "PKT_TX_TUNNEL_NONE" },
>   		{ PKT_TX_MACSEC, PKT_TX_MACSEC, NULL },
> +		{ PKT_TX_SEC_OFFLOAD, PKT_TX_SEC_OFFLOAD, NULL },
>   	};
>   	const char *name;
>   	unsigned int i;
> diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
> index cc38040..5d478da 100644
> --- a/lib/librte_mbuf/rte_mbuf.h
> +++ b/lib/librte_mbuf/rte_mbuf.h
> @@ -189,11 +189,26 @@ extern "C" {
>    */
>   #define PKT_RX_TIMESTAMP     (1ULL << 17)
>   
> +/**
> + * Indicate that security offload processing was applied on the RX packet.
> + */
> +#define PKT_RX_SEC_OFFLOAD		(1ULL << 18)
> +
> +/**
> + * Indicate that security offload processing failed on the RX packet.
> + */
> +#define PKT_RX_SEC_OFFLOAD_FAILED  (1ULL << 19)
> +
>   /* add new RX flags here */
>   
>   /* add new TX flags here */
>   
>   /**
> + * Request security offload processing on the TX packet.
> + */
> +#define PKT_TX_SEC_OFFLOAD (1ULL << 43)
> +
> +/**
>    * Offload the MACsec. This flag must be set by the application to enable
>    * this offload feature for a packet to be transmitted.
>    */
> @@ -316,7 +331,8 @@ extern "C" {
>   		PKT_TX_QINQ_PKT |        \
>   		PKT_TX_VLAN_PKT |        \
>   		PKT_TX_TUNNEL_MASK |	 \
> -		PKT_TX_MACSEC)
> +		PKT_TX_MACSEC |		 \
> +		PKT_TX_SEC_OFFLOAD)
>   
>   #define __RESERVED           (1ULL << 61) /**< reserved for future mbuf use */
>   
> @@ -456,8 +472,21 @@ struct rte_mbuf {
>   			uint32_t l3_type:4; /**< (Outer) L3 type. */
>   			uint32_t l4_type:4; /**< (Outer) L4 type. */
>   			uint32_t tun_type:4; /**< Tunnel type. */
> -			uint32_t inner_l2_type:4; /**< Inner L2 type. */
> -			uint32_t inner_l3_type:4; /**< Inner L3 type. */
> +			RTE_STD_C11
> +			union {
> +				uint8_t inner_esp_next_proto;
> +				/**< ESP next protocol type, valid if
> +				 * RTE_PTYPE_TUNNEL_ESP tunnel type is set
> +				 * on both Tx and Rx.
> +				 */
> +				__extension__
> +				struct {
> +					uint8_t inner_l2_type:4;
> +					/**< Inner L2 type. */
> +					uint8_t inner_l3_type:4;
> +					/**< Inner L3 type. */
> +				};
> +			};
>   			uint32_t inner_l4_type:4; /**< Inner L4 type. */
>   		};
>   	};
> diff --git a/lib/librte_mbuf/rte_mbuf_ptype.c b/lib/librte_mbuf/rte_mbuf_ptype.c
> index a450814..a623226 100644
> --- a/lib/librte_mbuf/rte_mbuf_ptype.c
> +++ b/lib/librte_mbuf/rte_mbuf_ptype.c
> @@ -91,6 +91,7 @@ const char *rte_get_ptype_tunnel_name(uint32_t ptype)
>   	case RTE_PTYPE_TUNNEL_GRENAT: return "TUNNEL_GRENAT";
>   	case RTE_PTYPE_TUNNEL_GTPC: return "TUNNEL_GTPC";
>   	case RTE_PTYPE_TUNNEL_GTPU: return "TUNNEL_GTPU";
> +	case RTE_PTYPE_TUNNEL_ESP: return "TUNNEL_ESP";
>   	default: return "TUNNEL_UNKNOWN";
>   	}
>   }
> diff --git a/lib/librte_mbuf/rte_mbuf_ptype.h b/lib/librte_mbuf/rte_mbuf_ptype.h
> index 978c4a2..5c62435 100644
> --- a/lib/librte_mbuf/rte_mbuf_ptype.h
> +++ b/lib/librte_mbuf/rte_mbuf_ptype.h
> @@ -415,6 +415,17 @@ extern "C" {
>    */
>   #define RTE_PTYPE_TUNNEL_GTPU               0x00008000
>   /**
> + * ESP (IP Encapsulating Security Payload) tunneling packet type.
> + *
> + * Packet format:
> + * <'ether type'=0x0800
> + * | 'version'=4, 'protocol'=51>
> + * or,
> + * <'ether type'=0x86DD
> + * | 'version'=6, 'next header'=51>
> + */
> +#define RTE_PTYPE_TUNNEL_ESP                0x00009000
> +/**
>    * Mask of tunneling packet types.
>    */
>   #define RTE_PTYPE_TUNNEL_MASK               0x0000f000

Tested-by: Aviad Yehezkel <aviadye at mellanox.com>



More information about the dev mailing list