[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID:
<BY3PR18MB4737F1C148F2C230A4ABC49CC6FF2@BY3PR18MB4737.namprd18.prod.outlook.com>
Date: Mon, 3 Jun 2024 04:33:30 +0000
From: Sunil Kovvuri Goutham <sgoutham@...vell.com>
To: Leon Romanovsky <leon@...nel.org>, Bharat Bhushan <bbhushan2@...vell.com>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Geethasowjanya
Akula <gakula@...vell.com>,
Subbaraya Sundeep Bhatta <sbhatta@...vell.com>,
Hariprasad Kelam <hkelam@...vell.com>,
"davem@...emloft.net"
<davem@...emloft.net>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"pabeni@...hat.com" <pabeni@...hat.com>,
Jerin Jacob <jerinj@...vell.com>, Linu Cherian <lcherian@...vell.com>,
"richardcochran@...il.com" <richardcochran@...il.com>
Subject: RE: [EXTERNAL] Re: [net-next,v3 6/8] cn10k-ipsec: Process inline
ipsec transmit offload
>-----Original Message-----
>From: Leon Romanovsky <leon@...nel.org>
>Sent: Sunday, June 2, 2024 12:21 PM
>To: Bharat Bhushan <bbhushan2@...vell.com>
>Cc: netdev@...r.kernel.org; linux-kernel@...r.kernel.org; Sunil Kovvuri
>Goutham <sgoutham@...vell.com>; Geethasowjanya Akula
><gakula@...vell.com>; Subbaraya Sundeep Bhatta <sbhatta@...vell.com>;
>Hariprasad Kelam <hkelam@...vell.com>; davem@...emloft.net;
>edumazet@...gle.com; kuba@...nel.org; pabeni@...hat.com; Jerin Jacob
><jerinj@...vell.com>; Linu Cherian <lcherian@...vell.com>;
>richardcochran@...il.com
>Subject: [EXTERNAL] Re: [net-next,v3 6/8] cn10k-ipsec: Process inline ipsec
>transmit offload
>
>Prioritize security for external emails: Confirm sender and content safety before
>clicking links or opening attachments
>
>----------------------------------------------------------------------
>On Tue, May 28, 2024 at 07:23:47PM +0530, Bharat Bhushan wrote:
>> Prepare and submit crypto hardware (CPT) instruction for outbound
>> inline ipsec crypto mode offload. The CPT instruction have
>> authentication offset, IV offset and encapsulation offset in input
>> packet. Also provide SA context pointer which have details about algo,
>> keys, salt etc. Crypto hardware encrypt, authenticate and provide the
>> ESP packet to networking hardware.
>>
>> Signed-off-by: Bharat Bhushan <bbhushan2@...vell.com>
>> ---
>> .../marvell/octeontx2/nic/cn10k_ipsec.c | 224 ++++++++++++++++++
>> .../marvell/octeontx2/nic/cn10k_ipsec.h | 40 ++++
>> .../marvell/octeontx2/nic/otx2_common.c | 23 ++
>> .../marvell/octeontx2/nic/otx2_common.h | 3 +
>> .../ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +
>> .../marvell/octeontx2/nic/otx2_txrx.c | 33 ++-
>> .../marvell/octeontx2/nic/otx2_txrx.h | 3 +
>> 7 files changed, 325 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
>> b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
>> index 136aebe2a007..1974fda2e0d3 100644
>> --- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
>> +++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c
>> @@ -7,8 +7,11 @@
>> #include <net/xfrm.h>
>> #include <linux/netdevice.h>
>> #include <linux/bitfield.h>
>> +#include <crypto/aead.h>
>> +#include <crypto/gcm.h>
>>
>> #include "otx2_common.h"
>> +#include "otx2_struct.h"
>> #include "cn10k_ipsec.h"
>>
>> static bool is_dev_support_inline_ipsec(struct pci_dev *pdev) @@
>> -843,3 +846,224 @@ void cn10k_ipsec_clean(struct otx2_nic *pf)
>> cn10k_outb_cpt_clean(pf);
>> }
>> EXPORT_SYMBOL(cn10k_ipsec_clean);
>
><...>
>
>> +bool cn10k_ipsec_transmit(struct otx2_nic *pf, struct netdev_queue *txq,
>> + struct otx2_snd_queue *sq, struct sk_buff *skb,
>> + int num_segs, int size)
>> +{
>> + struct cpt_ctx_info_s *sa_info;
>> + struct cpt_inst_s inst;
>> + struct cpt_res_s *res;
>> + struct xfrm_state *x;
>> + dma_addr_t dptr_iova;
>> + struct sec_path *sp;
>> + u8 encap_offset;
>> + u8 auth_offset;
>> + u8 gthr_size;
>> + u8 iv_offset;
>> + u16 dlen;
>> +
>> + /* Check for Inline IPSEC enabled */
>> + if (!(pf->flags & OTX2_FLAG_INLINE_IPSEC_ENABLED)) {
>> + netdev_err(pf->netdev, "Ipsec not enabled, drop packet\n");
>
><...>
>
>> + netdev_err(pf->netdev, "%s: no xfrm state len = %d\n",
>> + __func__, sp->len);
>
><...>
>
>> + netdev_err(pf->netdev, "no xfrm_input_state()\n");
>
><...>
>
>> + netdev_err(pf->netdev, "un supported offload mode %d\n",
>> + x->props.mode);
>
><...>
>
>> + netdev_err(pf->netdev, "Invalid IP header, ip-length zero\n");
>
><...>
>
>> + netdev_err(pf->netdev, "Invalid SA conext\n");
>
>All these prints are in datapath and can be triggered by network packets. These
>and RX prints need to be deleted.
>
Yes, all these error messages in datapath should be under netif_msg_tx_err().
Thanks,
Sunil.
Powered by blists - more mailing lists