diff mbox series

[net-next,05/10] net/mlx5e: Support IPsec RX packet offload in tunnel mode

Message ID 255b601d3652bb8c770571ed3e683f695614923f.1681106636.git.leonro@nvidia.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series Support tunnel mode in mlx5 IPsec packet offload | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next, async
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 18 this patch: 18
netdev/cc_maintainers warning 2 maintainers not CCed: linux-rdma@vger.kernel.org borisp@nvidia.com
netdev/build_clang success Errors and warnings before: 18 this patch: 18
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 18 this patch: 18
netdev/checkpatch warning CHECK: spaces preferred around that '*' (ctx:WxV)
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Leon Romanovsky April 10, 2023, 6:19 a.m. UTC 
From: Leon Romanovsky <leonro@nvidia.com>

Extend mlx5 driver with logic to support IPsec RX packet offload
in tunnel mode.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 .../mellanox/mlx5/core/en_accel/ipsec.c       | 36 ++++++++++++
 .../mellanox/mlx5/core/en_accel/ipsec.h       |  2 +
 .../mellanox/mlx5/core/en_accel/ipsec_fs.c    | 57 +++++++++++++++++++
 3 files changed, 95 insertions(+)

Comments

Simon Horman April 11, 2023, 4:37 p.m. UTC | #1 
On Mon, Apr 10, 2023 at 09:19:07AM +0300, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
> 
> Extend mlx5 driver with logic to support IPsec RX packet offload
> in tunnel mode.
> 
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>

...

> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> index 980583fb1e52..8ecaf4100b9c 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> @@ -836,6 +836,60 @@ static int setup_modify_header(struct mlx5_core_dev *mdev, u32 val, u8 dir,
>  	return 0;
>  }
>  
> +static int
> +setup_pkt_tunnel_reformat(struct mlx5_core_dev *mdev,
> +			  struct mlx5_accel_esp_xfrm_attrs *attrs,
> +			  struct mlx5_pkt_reformat_params *reformat_params)
> +{
> +	union {
> +		struct {
> +			u8 dmac[6];
> +			u8 smac[6];
> +			__be16 ethertype;
> +		} __packed;
> +		u8 raw[ETH_HLEN];
> +	} __packed *mac_hdr;

Can struct ethhrd be used here?
I think it has the same layout as the fields of the inner structure above.
And I don't think the union is giving us much: the raw field seems unused.

> +	char *reformatbf;
> +	size_t bfflen;
> +
> +	bfflen = sizeof(*mac_hdr);
> +
> +	reformatbf = kzalloc(bfflen, GFP_KERNEL);

I'm not sure that reformatbf is providing much value.
Perhaps:

	mac_hdr = kzalloc(bfflen, GFP_KERNEL);

> +	if (!reformatbf)
> +		return -ENOMEM;
> +
> +	mac_hdr = (void *)reformatbf;

If you must cast, perhaps to the type of mac_hdr, which is not void *.

> +	switch (attrs->family) {
> +	case AF_INET:
> +		mac_hdr->ethertype = htons(ETH_P_IP);
> +		break;
> +	case AF_INET6:
> +		mac_hdr->ethertype = htons(ETH_P_IPV6);
> +		break;
> +	default:
> +		goto free_reformatbf;
> +	}
> +
> +	ether_addr_copy(mac_hdr->dmac, attrs->dmac);
> +	ether_addr_copy(mac_hdr->smac, attrs->smac);
> +
> +	switch (attrs->dir) {
> +	case XFRM_DEV_OFFLOAD_IN:
> +		reformat_params->type = MLX5_REFORMAT_TYPE_L3_ESP_TUNNEL_TO_L2;
> +		break;
> +	default:
> +		goto free_reformatbf;
> +	}
> +
> +	reformat_params->size = bfflen;
> +	reformat_params->data = reformatbf;
> +	return 0;
> +
> +free_reformatbf:
> +	kfree(reformatbf);
> +	return -EINVAL;
> +}

...
Leon Romanovsky April 13, 2023, 11:46 a.m. UTC | #2 
On Tue, Apr 11, 2023 at 06:37:03PM +0200, Simon Horman wrote:
> On Mon, Apr 10, 2023 at 09:19:07AM +0300, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> > 
> > Extend mlx5 driver with logic to support IPsec RX packet offload
> > in tunnel mode.
> > 
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> 
> ...
> 
> > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > index 980583fb1e52..8ecaf4100b9c 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
> > @@ -836,6 +836,60 @@ static int setup_modify_header(struct mlx5_core_dev *mdev, u32 val, u8 dir,
> >  	return 0;
> >  }
> >  
> > +static int
> > +setup_pkt_tunnel_reformat(struct mlx5_core_dev *mdev,
> > +			  struct mlx5_accel_esp_xfrm_attrs *attrs,
> > +			  struct mlx5_pkt_reformat_params *reformat_params)
> > +{
> > +	union {
> > +		struct {
> > +			u8 dmac[6];
> > +			u8 smac[6];
> > +			__be16 ethertype;
> > +		} __packed;
> > +		u8 raw[ETH_HLEN];
> > +	} __packed *mac_hdr;
> 
> Can struct ethhrd be used here?
> I think it has the same layout as the fields of the inner structure above.

Yes, it can, will change.

> And I don't think the union is giving us much: the raw field seems unused.

Thanks, it isn't needed here.

> 
> > +	char *reformatbf;
> > +	size_t bfflen;
> > +
> > +	bfflen = sizeof(*mac_hdr);
> > +
> > +	reformatbf = kzalloc(bfflen, GFP_KERNEL);
> 
> I'm not sure that reformatbf is providing much value.

It is more useful in next patch, where reformatbf will hold ESP, ipv4/6 and ETH
headers.

> Perhaps:
> 
> 	mac_hdr = kzalloc(bfflen, GFP_KERNEL);
> 
> > +	if (!reformatbf)
> > +		return -ENOMEM;
> > +
> > +	mac_hdr = (void *)reformatbf;
> 
> If you must cast, perhaps to the type of mac_hdr, which is not void *.

I'll change.

> 
> > +	switch (attrs->family) {
> > +	case AF_INET:
> > +		mac_hdr->ethertype = htons(ETH_P_IP);
> > +		break;
> > +	case AF_INET6:
> > +		mac_hdr->ethertype = htons(ETH_P_IPV6);
> > +		break;
> > +	default:
> > +		goto free_reformatbf;
> > +	}
> > +
> > +	ether_addr_copy(mac_hdr->dmac, attrs->dmac);
> > +	ether_addr_copy(mac_hdr->smac, attrs->smac);
> > +
> > +	switch (attrs->dir) {
> > +	case XFRM_DEV_OFFLOAD_IN:
> > +		reformat_params->type = MLX5_REFORMAT_TYPE_L3_ESP_TUNNEL_TO_L2;
> > +		break;
> > +	default:
> > +		goto free_reformatbf;
> > +	}
> > +
> > +	reformat_params->size = bfflen;
> > +	reformat_params->data = reformatbf;
> > +	return 0;
> > +
> > +free_reformatbf:
> > +	kfree(reformatbf);
> > +	return -EINVAL;
> > +}
> 
> ...
diff mbox series

Patch

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 359da277c03a..7c55b37c1c01 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -242,6 +242,41 @@  static void mlx5e_ipsec_init_limits(struct mlx5e_ipsec_sa_entry *sa_entry,
 	attrs->lft.numb_rounds_soft = (u64)n;
 }
 
+static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry,
+				  struct mlx5_accel_esp_xfrm_attrs *attrs)
+{
+	struct mlx5_core_dev *mdev = mlx5e_ipsec_sa2dev(sa_entry);
+	struct xfrm_state *x = sa_entry->x;
+	struct net_device *netdev;
+	struct neighbour *n;
+	u8 addr[ETH_ALEN];
+
+	if (attrs->mode != XFRM_MODE_TUNNEL &&
+	    attrs->type != XFRM_DEV_OFFLOAD_PACKET)
+		return;
+
+	netdev = x->xso.real_dev;
+
+	mlx5_query_mac_address(mdev, addr);
+	switch (attrs->dir) {
+	case XFRM_DEV_OFFLOAD_IN:
+		ether_addr_copy(attrs->dmac, addr);
+		n = neigh_lookup(&arp_tbl, &attrs->saddr.a4, netdev);
+		if (!n) {
+			n = neigh_create(&arp_tbl, &attrs->saddr.a4, netdev);
+			if (IS_ERR(n))
+				return;
+			neigh_event_send(n, NULL);
+		}
+		neigh_ha_snapshot(addr, n, netdev);
+		ether_addr_copy(attrs->smac, addr);
+		break;
+	default:
+		return;
+	}
+	neigh_release(n);
+}
+
 void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
 					struct mlx5_accel_esp_xfrm_attrs *attrs)
 {
@@ -300,6 +335,7 @@  void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
 	attrs->mode = x->props.mode;
 
 	mlx5e_ipsec_init_limits(sa_entry, attrs);
+	mlx5e_ipsec_init_macs(sa_entry, attrs);
 }
 
 static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
index ae525420a492..77384ffa4451 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h
@@ -99,6 +99,8 @@  struct mlx5_accel_esp_xfrm_attrs {
 	u32 authsize;
 	u32 reqid;
 	struct mlx5_ipsec_lft lft;
+	u8 smac[ETH_ALEN];
+	u8 dmac[ETH_ALEN];
 };
 
 enum mlx5_ipsec_cap {
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
index 980583fb1e52..8ecaf4100b9c 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
@@ -836,6 +836,60 @@  static int setup_modify_header(struct mlx5_core_dev *mdev, u32 val, u8 dir,
 	return 0;
 }
 
+static int
+setup_pkt_tunnel_reformat(struct mlx5_core_dev *mdev,
+			  struct mlx5_accel_esp_xfrm_attrs *attrs,
+			  struct mlx5_pkt_reformat_params *reformat_params)
+{
+	union {
+		struct {
+			u8 dmac[6];
+			u8 smac[6];
+			__be16 ethertype;
+		} __packed;
+		u8 raw[ETH_HLEN];
+	} __packed *mac_hdr;
+	char *reformatbf;
+	size_t bfflen;
+
+	bfflen = sizeof(*mac_hdr);
+
+	reformatbf = kzalloc(bfflen, GFP_KERNEL);
+	if (!reformatbf)
+		return -ENOMEM;
+
+	mac_hdr = (void *)reformatbf;
+	switch (attrs->family) {
+	case AF_INET:
+		mac_hdr->ethertype = htons(ETH_P_IP);
+		break;
+	case AF_INET6:
+		mac_hdr->ethertype = htons(ETH_P_IPV6);
+		break;
+	default:
+		goto free_reformatbf;
+	}
+
+	ether_addr_copy(mac_hdr->dmac, attrs->dmac);
+	ether_addr_copy(mac_hdr->smac, attrs->smac);
+
+	switch (attrs->dir) {
+	case XFRM_DEV_OFFLOAD_IN:
+		reformat_params->type = MLX5_REFORMAT_TYPE_L3_ESP_TUNNEL_TO_L2;
+		break;
+	default:
+		goto free_reformatbf;
+	}
+
+	reformat_params->size = bfflen;
+	reformat_params->data = reformatbf;
+	return 0;
+
+free_reformatbf:
+	kfree(reformatbf);
+	return -EINVAL;
+}
+
 static int
 setup_pkt_transport_reformat(struct mlx5_accel_esp_xfrm_attrs *attrs,
 			     struct mlx5_pkt_reformat_params *reformat_params)
@@ -898,6 +952,9 @@  static int setup_pkt_reformat(struct mlx5_core_dev *mdev,
 	case XFRM_MODE_TRANSPORT:
 		ret = setup_pkt_transport_reformat(attrs, &reformat_params);
 		break;
+	case XFRM_MODE_TUNNEL:
+		ret = setup_pkt_tunnel_reformat(mdev, attrs, &reformat_params);
+		break;
 	default:
 		ret = -EINVAL;
 	}