[dpdk-dev] [PATCH v4 05/12] mbuf: add security crypto flags and mbuf fields
Aviad Yehezkel
aviadye at dev.mellanox.co.il
Sun Oct 15 14:49:06 CEST 2017
On 10/15/2017 1:17 AM, Akhil Goyal wrote:
> From: Boris Pismenny <borisp at mellanox.com>
>
> Add security crypto flags and update mbuf fields to support
> IPsec crypto offload for transmitted packets, and to indicate
> crypto result for received packets.
>
> Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
> Signed-off-by: Boris Pismenny <borisp at mellanox.com>
> Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
> ---
> lib/librte_mbuf/rte_mbuf.c | 6 ++++++
> lib/librte_mbuf/rte_mbuf.h | 35 ++++++++++++++++++++++++++++++++---
> lib/librte_mbuf/rte_mbuf_ptype.c | 1 +
> lib/librte_mbuf/rte_mbuf_ptype.h | 11 +++++++++++
> 4 files changed, 50 insertions(+), 3 deletions(-)
>
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index 0e18709..6659261 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -324,6 +324,8 @@ const char *rte_get_rx_ol_flag_name(uint64_t mask)
> case PKT_RX_QINQ_STRIPPED: return "PKT_RX_QINQ_STRIPPED";
> case PKT_RX_LRO: return "PKT_RX_LRO";
> case PKT_RX_TIMESTAMP: return "PKT_RX_TIMESTAMP";
> + case PKT_RX_SEC_OFFLOAD: return "PKT_RX_SEC_OFFLOAD";
> + case PKT_RX_SEC_OFFLOAD_FAILED: return "PKT_RX_SEC_OFFLOAD_FAILED";
> default: return NULL;
> }
> }
> @@ -359,6 +361,8 @@ rte_get_rx_ol_flag_list(uint64_t mask, char *buf, size_t buflen)
> { PKT_RX_QINQ_STRIPPED, PKT_RX_QINQ_STRIPPED, NULL },
> { PKT_RX_LRO, PKT_RX_LRO, NULL },
> { PKT_RX_TIMESTAMP, PKT_RX_TIMESTAMP, NULL },
> + { PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD, NULL },
> + { PKT_RX_SEC_OFFLOAD_FAILED, PKT_RX_SEC_OFFLOAD_FAILED, NULL },
> };
> const char *name;
> unsigned int i;
> @@ -411,6 +415,7 @@ const char *rte_get_tx_ol_flag_name(uint64_t mask)
> case PKT_TX_TUNNEL_GENEVE: return "PKT_TX_TUNNEL_GENEVE";
> case PKT_TX_TUNNEL_MPLSINUDP: return "PKT_TX_TUNNEL_MPLSINUDP";
> case PKT_TX_MACSEC: return "PKT_TX_MACSEC";
> + case PKT_TX_SEC_OFFLOAD: return "PKT_TX_SEC_OFFLOAD";
> default: return NULL;
> }
> }
> @@ -444,6 +449,7 @@ rte_get_tx_ol_flag_list(uint64_t mask, char *buf, size_t buflen)
> { PKT_TX_TUNNEL_MPLSINUDP, PKT_TX_TUNNEL_MASK,
> "PKT_TX_TUNNEL_NONE" },
> { PKT_TX_MACSEC, PKT_TX_MACSEC, NULL },
> + { PKT_TX_SEC_OFFLOAD, PKT_TX_SEC_OFFLOAD, NULL },
> };
> const char *name;
> unsigned int i;
> diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
> index cc38040..5d478da 100644
> --- a/lib/librte_mbuf/rte_mbuf.h
> +++ b/lib/librte_mbuf/rte_mbuf.h
> @@ -189,11 +189,26 @@ extern "C" {
> */
> #define PKT_RX_TIMESTAMP (1ULL << 17)
>
> +/**
> + * Indicate that security offload processing was applied on the RX packet.
> + */
> +#define PKT_RX_SEC_OFFLOAD (1ULL << 18)
> +
> +/**
> + * Indicate that security offload processing failed on the RX packet.
> + */
> +#define PKT_RX_SEC_OFFLOAD_FAILED (1ULL << 19)
> +
> /* add new RX flags here */
>
> /* add new TX flags here */
>
> /**
> + * Request security offload processing on the TX packet.
> + */
> +#define PKT_TX_SEC_OFFLOAD (1ULL << 43)
> +
> +/**
> * Offload the MACsec. This flag must be set by the application to enable
> * this offload feature for a packet to be transmitted.
> */
> @@ -316,7 +331,8 @@ extern "C" {
> PKT_TX_QINQ_PKT | \
> PKT_TX_VLAN_PKT | \
> PKT_TX_TUNNEL_MASK | \
> - PKT_TX_MACSEC)
> + PKT_TX_MACSEC | \
> + PKT_TX_SEC_OFFLOAD)
>
> #define __RESERVED (1ULL << 61) /**< reserved for future mbuf use */
>
> @@ -456,8 +472,21 @@ struct rte_mbuf {
> uint32_t l3_type:4; /**< (Outer) L3 type. */
> uint32_t l4_type:4; /**< (Outer) L4 type. */
> uint32_t tun_type:4; /**< Tunnel type. */
> - uint32_t inner_l2_type:4; /**< Inner L2 type. */
> - uint32_t inner_l3_type:4; /**< Inner L3 type. */
> + RTE_STD_C11
> + union {
> + uint8_t inner_esp_next_proto;
> + /**< ESP next protocol type, valid if
> + * RTE_PTYPE_TUNNEL_ESP tunnel type is set
> + * on both Tx and Rx.
> + */
> + __extension__
> + struct {
> + uint8_t inner_l2_type:4;
> + /**< Inner L2 type. */
> + uint8_t inner_l3_type:4;
> + /**< Inner L3 type. */
> + };
> + };
> uint32_t inner_l4_type:4; /**< Inner L4 type. */
> };
> };
> diff --git a/lib/librte_mbuf/rte_mbuf_ptype.c b/lib/librte_mbuf/rte_mbuf_ptype.c
> index a450814..a623226 100644
> --- a/lib/librte_mbuf/rte_mbuf_ptype.c
> +++ b/lib/librte_mbuf/rte_mbuf_ptype.c
> @@ -91,6 +91,7 @@ const char *rte_get_ptype_tunnel_name(uint32_t ptype)
> case RTE_PTYPE_TUNNEL_GRENAT: return "TUNNEL_GRENAT";
> case RTE_PTYPE_TUNNEL_GTPC: return "TUNNEL_GTPC";
> case RTE_PTYPE_TUNNEL_GTPU: return "TUNNEL_GTPU";
> + case RTE_PTYPE_TUNNEL_ESP: return "TUNNEL_ESP";
> default: return "TUNNEL_UNKNOWN";
> }
> }
> diff --git a/lib/librte_mbuf/rte_mbuf_ptype.h b/lib/librte_mbuf/rte_mbuf_ptype.h
> index 978c4a2..5c62435 100644
> --- a/lib/librte_mbuf/rte_mbuf_ptype.h
> +++ b/lib/librte_mbuf/rte_mbuf_ptype.h
> @@ -415,6 +415,17 @@ extern "C" {
> */
> #define RTE_PTYPE_TUNNEL_GTPU 0x00008000
> /**
> + * ESP (IP Encapsulating Security Payload) tunneling packet type.
> + *
> + * Packet format:
> + * <'ether type'=0x0800
> + * | 'version'=4, 'protocol'=51>
> + * or,
> + * <'ether type'=0x86DD
> + * | 'version'=6, 'next header'=51>
> + */
> +#define RTE_PTYPE_TUNNEL_ESP 0x00009000
> +/**
> * Mask of tunneling packet types.
> */
> #define RTE_PTYPE_TUNNEL_MASK 0x0000f000
Tested-by: Aviad Yehezkel <aviadye at mellanox.com>
More information about the dev
mailing list