19d1c1574SAnoob Joseph.. SPDX-License-Identifier: BSD-3-Clause 29d1c1574SAnoob Joseph Copyright(C) 2023 Marvell. 39d1c1574SAnoob Joseph 49d1c1574SAnoob JosephPDCP Protocol Processing Library 59d1c1574SAnoob Joseph================================ 69d1c1574SAnoob Joseph 79d1c1574SAnoob JosephDPDK provides a library for PDCP protocol processing. 89d1c1574SAnoob JosephThe library utilizes other DPDK libraries such as cryptodev, reorder, etc., 99d1c1574SAnoob Josephto provide the application with a transparent and 109d1c1574SAnoob Josephhigh performant PDCP protocol processing library. 119d1c1574SAnoob Joseph 129d1c1574SAnoob JosephThe library abstracts complete PDCP protocol processing conforming to 139d1c1574SAnoob Joseph`ETSI TS 138 323 V17.1.0 (2022-08) 149d1c1574SAnoob Joseph<https://www.etsi.org/deliver/etsi_ts/138300_138399/138323/17.01.00_60/ts_138323v170100p.pdf>`_ 159d1c1574SAnoob Joseph 169d1c1574SAnoob JosephPDCP would involve the following operations: 179d1c1574SAnoob Joseph 189d1c1574SAnoob Joseph#. Transfer of user plane data 199d1c1574SAnoob Joseph#. Transfer of control plane data 209d1c1574SAnoob Joseph#. Header compression 219d1c1574SAnoob Joseph#. Uplink data compression 229d1c1574SAnoob Joseph#. Ciphering and integrity protection 239d1c1574SAnoob Joseph 249d1c1574SAnoob Joseph.. _figure_pdcp_functional_overview: 259d1c1574SAnoob Joseph 269d1c1574SAnoob Joseph.. figure:: img/pdcp_functional_overview.* 279d1c1574SAnoob Joseph 289d1c1574SAnoob Joseph PDCP functional overview 299d1c1574SAnoob Joseph 309d1c1574SAnoob JosephPDCP library would abstract the protocol offload features of the cryptodev and 319d1c1574SAnoob Josephwould provide a uniform interface and consistent API usage 329d1c1574SAnoob Josephto work with cryptodev irrespective of the protocol offload features supported. 339d1c1574SAnoob Joseph 349d1c1574SAnoob JosephPDCP entity API 359d1c1574SAnoob Joseph--------------- 369d1c1574SAnoob Joseph 379d1c1574SAnoob JosephPDCP library provides following control path API that is used to 389d1c1574SAnoob Josephconfigure various PDCP entities: 399d1c1574SAnoob Joseph 409d1c1574SAnoob Joseph- ``rte_pdcp_entity_establish()`` 419d1c1574SAnoob Joseph- ``rte_pdcp_entity_suspend()`` 429d1c1574SAnoob Joseph- ``rte_pdcp_entity_release()`` 439d1c1574SAnoob Joseph 449d1c1574SAnoob JosephA PDCP entity would translate to one ``rte_cryptodev_sym_session`` or 459d1c1574SAnoob Joseph``rte_security_session`` based on the config. 469d1c1574SAnoob JosephThe sessions would be created/destroyed 479d1c1574SAnoob Josephwhile corresponding PDCP entity operations are performed. 489d1c1574SAnoob Joseph 499d1c1574SAnoob JosephWhen upper layers request a PDCP entity suspend (``rte_pdcp_entity_suspend()``), 509d1c1574SAnoob Josephit would result in flushing out of all cached packets and 519d1c1574SAnoob Josephinternal state variables are updated as described in 5.1.4. 529d1c1574SAnoob Joseph 539d1c1574SAnoob JosephWhen upper layers request a PDCP entity release (``rte_pdcp_entity_release()``), 549d1c1574SAnoob Josephit would result in flushing out of all cached packets 559d1c1574SAnoob Josephand releasing of all memory associated with the entity. 569d1c1574SAnoob JosephIt would internally free any crypto/security sessions created. 579d1c1574SAnoob JosephAll procedures mentioned in 5.1.3 would be performed. 589d1c1574SAnoob Joseph 599d1c1574SAnoob JosephPDCP PDU (Protocol Data Unit) API 609d1c1574SAnoob Joseph--------------------------------- 619d1c1574SAnoob Joseph 629d1c1574SAnoob JosephPDCP PDUs can be categorized as: 639d1c1574SAnoob Joseph 649d1c1574SAnoob Joseph- Control PDU 659d1c1574SAnoob Joseph- Data PDU 669d1c1574SAnoob Joseph 679d1c1574SAnoob JosephControl PDUs are used for signalling between entities on either end 689d1c1574SAnoob Josephand can be one of the following: 699d1c1574SAnoob Joseph 709d1c1574SAnoob Joseph- PDCP status report 719d1c1574SAnoob Joseph- ROHC feedback 729d1c1574SAnoob Joseph- EHC feedback 739d1c1574SAnoob Joseph 749d1c1574SAnoob JosephControl PDUs are not ciphered or authenticated, 759d1c1574SAnoob Josephand so such packets are not submitted to cryptodev for processing. 769d1c1574SAnoob Joseph 779d1c1574SAnoob JosephData PDUs are regular packets submitted by upper layers 789d1c1574SAnoob Josephfor transmission to other end. 799d1c1574SAnoob JosephSuch packets would need to be ciphered and authenticated 809d1c1574SAnoob Josephbased on the entity configuration. 819d1c1574SAnoob Joseph 823a3e8931SAnoob JosephPDCP packet processing API for control PDU 833a3e8931SAnoob Joseph~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 843a3e8931SAnoob Joseph 853a3e8931SAnoob JosephControl PDUs are used in PDCP as a communication channel 863a3e8931SAnoob Josephbetween transmitting and receiving entities. 873a3e8931SAnoob JosephWhen upper layer request for operations such as re-establishment, 883a3e8931SAnoob Josephreceiving PDCP entity need to prepare a status report 893a3e8931SAnoob Josephand send it to the other end. 903a3e8931SAnoob JosephThe API ``rte_pdcp_control_pdu_create()`` allows application to request the same. 913a3e8931SAnoob Joseph 929d1c1574SAnoob JosephPDCP packet processing API for data PDU 939d1c1574SAnoob Joseph~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 949d1c1574SAnoob Joseph 959d1c1574SAnoob JosephPDCP processing is split into 2 parts. 969d1c1574SAnoob JosephOne before cryptodev processing (``rte_pdcp_pkt_pre_process()``) 979d1c1574SAnoob Josephand one after cryptodev processing (``rte_pdcp_pkt_post_process()``). 989d1c1574SAnoob JosephSince cryptodev dequeue can return crypto operations 999d1c1574SAnoob Josephbelonging to multiple entities, ``rte_pdcp_pkt_crypto_group()`` 1009d1c1574SAnoob Josephis added to help grouping crypto operations belonging to same PDCP entity. 1019d1c1574SAnoob Joseph 1029d1c1574SAnoob JosephLib PDCP would allow application to use same API sequence 1039d1c1574SAnoob Josephwhile leveraging protocol offload features enabled by ``rte_security`` library. 1049d1c1574SAnoob Joseph 1059d1c1574SAnoob JosephLib PDCP would internally change the handles registered 1069d1c1574SAnoob Josephfor ``pre_process`` and ``post_process`` based on features enabled in the entity. 1079d1c1574SAnoob Joseph 1089d1c1574SAnoob JosephLib PDCP would create the required sessions on the device 1099d1c1574SAnoob Josephprovided in entity to minimize the application requirements. 1109d1c1574SAnoob JosephAlso, the ``rte_crypto_op`` allocation and free would also be done internally 1119d1c1574SAnoob Josephby lib PDCP to allow the library to create crypto ops as required for the input packets. 1129d1c1574SAnoob JosephFor example, when control PDUs are received, no cryptodev enqueue-dequeue is expected 1139d1c1574SAnoob Josephfor the same and lib PDCP is expected to handle it differently. 1149d1c1574SAnoob Joseph 1159d1c1574SAnoob JosephSupported features 1169d1c1574SAnoob Joseph------------------ 1179d1c1574SAnoob Joseph 1189d1c1574SAnoob Joseph- 12-bit & 18-bit sequence numbers 1199d1c1574SAnoob Joseph- Uplink & downlink traffic 1209d1c1574SAnoob Joseph- HFN increment 1219d1c1574SAnoob Joseph- IV generation as required per algorithm 1229d1c1574SAnoob Joseph 1239d1c1574SAnoob JosephSupported ciphering algorithms 1249d1c1574SAnoob Joseph~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1259d1c1574SAnoob Joseph 1269d1c1574SAnoob Joseph- ``RTE_CRYPTO_CIPHER_NULL`` 1279d1c1574SAnoob Joseph- ``RTE_CRYPTO_CIPHER_AES_CTR`` 1289d1c1574SAnoob Joseph- ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2`` 1299d1c1574SAnoob Joseph- ``RTE_CRYPTO_CIPHER_ZUC_EEA3`` 1309d1c1574SAnoob Joseph 1319d1c1574SAnoob JosephSupported integrity protection algorithms 1329d1c1574SAnoob Joseph~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1339d1c1574SAnoob Joseph 1349d1c1574SAnoob Joseph- ``RTE_CRYPTO_AUTH_NULL`` 1359d1c1574SAnoob Joseph- ``RTE_CRYPTO_AUTH_AES_CMAC`` 1369d1c1574SAnoob Joseph- ``RTE_CRYPTO_AUTH_SNOW3G_UIA2`` 1379d1c1574SAnoob Joseph- ``RTE_CRYPTO_AUTH_ZUC_EIA3`` 1389d1c1574SAnoob Joseph 139*f381ac0fSVolodymyr FialkoTimers 140*f381ac0fSVolodymyr Fialko------ 141*f381ac0fSVolodymyr Fialko 142*f381ac0fSVolodymyr FialkoPDCP utilizes a reception window mechanism to limit the bits of ``COUNT`` value 143*f381ac0fSVolodymyr Fialkotransmitted in the packet. 144*f381ac0fSVolodymyr FialkoIt utilizes state variables such as ``RX_REORD``, ``RX_DELIV`` 145*f381ac0fSVolodymyr Fialkoto define the window and uses ``RX_DELIV`` as the lower pivot point of the window. 146*f381ac0fSVolodymyr Fialko 147*f381ac0fSVolodymyr Fialko``RX_DELIV`` would be updated only when packets are received in-order. 148*f381ac0fSVolodymyr FialkoAny missing packet would mean ``RX_DELIV`` won't be updated. 149*f381ac0fSVolodymyr FialkoA timer, ``t-Reordering``, helps PDCP to slide the window 150*f381ac0fSVolodymyr Fialkoif the missing packet is not received in a specified time duration. 151*f381ac0fSVolodymyr Fialko 152*f381ac0fSVolodymyr FialkoWhile starting and stopping the timer will be done by lib PDCP, 153*f381ac0fSVolodymyr Fialkoapplication could register its own timer implementation. 154*f381ac0fSVolodymyr FialkoThis is to make sure application can choose between timers 155*f381ac0fSVolodymyr Fialkosuch as ``rte_timer`` and ``rte_event`` based timers. 156*f381ac0fSVolodymyr FialkoStarting and stopping of timer would happen during pre & post process API. 157*f381ac0fSVolodymyr Fialko 158*f381ac0fSVolodymyr FialkoWhen the ``t-Reordering`` timer expires, application would receive the expiry event. 159*f381ac0fSVolodymyr FialkoTo perform the PDCP handling of the expiry event, 160*f381ac0fSVolodymyr Fialko``rte_pdcp_t_reordering_expiry_handle`` can be used. 161*f381ac0fSVolodymyr FialkoExpiry handling would involve sliding the window by updating state variables 162*f381ac0fSVolodymyr Fialkoand passing the expired packets to the application. 163*f381ac0fSVolodymyr Fialko 164*f381ac0fSVolodymyr Fialko.. literalinclude:: ../../../lib/pdcp/rte_pdcp.h 165*f381ac0fSVolodymyr Fialko :language: c 166*f381ac0fSVolodymyr Fialko :start-after: Structure rte_pdcp_t_reordering 8< 167*f381ac0fSVolodymyr Fialko :end-before: >8 End of structure rte_pdcp_t_reordering. 168*f381ac0fSVolodymyr Fialko 1699d1c1574SAnoob JosephSample API usage 1709d1c1574SAnoob Joseph---------------- 1719d1c1574SAnoob Joseph 1729d1c1574SAnoob JosephThe ``rte_pdcp_entity_conf`` structure is used to pass 1739d1c1574SAnoob Josephthe configuration parameters for entity creation. 1749d1c1574SAnoob Joseph 1759d1c1574SAnoob Joseph.. literalinclude:: ../../../lib/pdcp/rte_pdcp.h 1769d1c1574SAnoob Joseph :language: c 1779d1c1574SAnoob Joseph :start-after: Structure rte_pdcp_entity_conf 8< 1789d1c1574SAnoob Joseph :end-before: >8 End of structure rte_pdcp_entity_conf. 1799d1c1574SAnoob Joseph 1809d1c1574SAnoob Joseph.. code-block:: c 1819d1c1574SAnoob Joseph 1829d1c1574SAnoob Joseph struct rte_mbuf **out_mb, *pkts[MAX_BURST_SIZE]; 1839d1c1574SAnoob Joseph struct rte_crypto_op *cop[MAX_BURST_SIZE]; 1849d1c1574SAnoob Joseph struct rte_pdcp_group grp[MAX_BURST_SIZE]; 1859d1c1574SAnoob Joseph struct rte_pdcp_entity *pdcp_entity; 1869d1c1574SAnoob Joseph int nb_max_out_mb, ret, nb_grp; 1879d1c1574SAnoob Joseph uint16_t nb_ops; 1889d1c1574SAnoob Joseph 1899d1c1574SAnoob Joseph /* Create PDCP entity */ 1909d1c1574SAnoob Joseph pdcp_entity = rte_pdcp_entity_establish(&conf); 1919d1c1574SAnoob Joseph 1929d1c1574SAnoob Joseph /** 1939d1c1574SAnoob Joseph * Allocate buffer for holding mbufs returned during PDCP suspend, 1949d1c1574SAnoob Joseph * release & post-process APIs. 1959d1c1574SAnoob Joseph */ 1969d1c1574SAnoob Joseph 1979d1c1574SAnoob Joseph /* Max packets that can be cached in entity + burst size */ 1989d1c1574SAnoob Joseph nb_max_out_mb = pdcp_entity->max_pkt_cache + MAX_BURST_SIZE; 1999d1c1574SAnoob Joseph out_mb = rte_malloc(NULL, nb_max_out_mb * sizeof(uintptr_t), 0); 2009d1c1574SAnoob Joseph if (out_mb == NULL) { 2019d1c1574SAnoob Joseph /* Handle error */ 2029d1c1574SAnoob Joseph } 2039d1c1574SAnoob Joseph 2049d1c1574SAnoob Joseph while (1) { 2059d1c1574SAnoob Joseph /* Receive packet and form mbuf */ 2069d1c1574SAnoob Joseph 2079d1c1574SAnoob Joseph /** 2089d1c1574SAnoob Joseph * Prepare packets for crypto operation. 2099d1c1574SAnoob Joseph * Following operations would be done, 2109d1c1574SAnoob Joseph * 2119d1c1574SAnoob Joseph * Transmitting entity/UL (only data PDUs): 2129d1c1574SAnoob Joseph * - Perform compression 2139d1c1574SAnoob Joseph * - Assign sequence number 2149d1c1574SAnoob Joseph * - Add PDCP header 2159d1c1574SAnoob Joseph * - Create & prepare crypto_op 2169d1c1574SAnoob Joseph * - Prepare IV for crypto operation (auth_gen, encrypt) 2179d1c1574SAnoob Joseph * - Save original PDCP SDU (during PDCP re-establishment, 2189d1c1574SAnoob Joseph * unconfirmed PDCP SDUs need to be crypto processed again and 2199d1c1574SAnoob Joseph * transmitted/re-transmitted) 2209d1c1574SAnoob Joseph * 2219d1c1574SAnoob Joseph * Receiving entity/DL: 2229d1c1574SAnoob Joseph * - Any control PDUs received would be processed and 2239d1c1574SAnoob Joseph * appropriate actions taken. If data PDU, continue. 2249d1c1574SAnoob Joseph * - Determine sequence number (based on HFN & per packet SN) 2259d1c1574SAnoob Joseph * - Prepare crypto_op 2269d1c1574SAnoob Joseph * - Prepare IV for crypto operation (decrypt, auth_verify) 2279d1c1574SAnoob Joseph */ 2289d1c1574SAnoob Joseph nb_success = rte_pdcp_pkt_pre_process(pdcp_entity, pkts, cop, 2299d1c1574SAnoob Joseph nb_rx, &nb_err); 2309d1c1574SAnoob Joseph if (nb_err != 0) { 2319d1c1574SAnoob Joseph /* Handle error packets */ 2329d1c1574SAnoob Joseph } 2339d1c1574SAnoob Joseph 2349d1c1574SAnoob Joseph if ((rte_cryptodev_enqueue_burst(dev_id, qp_id, cop, nb_success) 2359d1c1574SAnoob Joseph != nb_success) { 2369d1c1574SAnoob Joseph /* Retry for enqueue failure packets */ 2379d1c1574SAnoob Joseph } 2389d1c1574SAnoob Joseph 2399d1c1574SAnoob Joseph ... 2409d1c1574SAnoob Joseph 2419d1c1574SAnoob Joseph nb_ops = rte_cryptodev_dequeue_burst(dev_id, qp_id, cop, 2429d1c1574SAnoob Joseph MAX_BURST_SIZE); 2439d1c1574SAnoob Joseph if (nb_ops == 0) 2449d1c1574SAnoob Joseph continue; 2459d1c1574SAnoob Joseph 2469d1c1574SAnoob Joseph /** 2479d1c1574SAnoob Joseph * Received a burst of completed crypto ops from cryptodev. It 2489d1c1574SAnoob Joseph * may belong to various entities. Group similar ones together 2499d1c1574SAnoob Joseph * for entity specific post-processing. 2509d1c1574SAnoob Joseph */ 2519d1c1574SAnoob Joseph 2529d1c1574SAnoob Joseph /** 2539d1c1574SAnoob Joseph * Groups similar entities together. Frees crypto op and based 2549d1c1574SAnoob Joseph * on crypto_op status, set mbuf->ol_flags which would be 2559d1c1574SAnoob Joseph * checked in rte_pdcp_pkt_post_process(). 2569d1c1574SAnoob Joseph */ 2579d1c1574SAnoob Joseph nb_grp = rte_pdcp_pkt_crypto_group(cop, pkts, grp, ret); 2589d1c1574SAnoob Joseph 2599d1c1574SAnoob Joseph for (i = 0; i != nb_grp; i++) { 2609d1c1574SAnoob Joseph 2619d1c1574SAnoob Joseph /** 2629d1c1574SAnoob Joseph * Post process packets after crypto completion. 2639d1c1574SAnoob Joseph * Following operations would be done, 2649d1c1574SAnoob Joseph * 2659d1c1574SAnoob Joseph * Transmitting entity/UL: 2669d1c1574SAnoob Joseph * - Check crypto result 2679d1c1574SAnoob Joseph * 2689d1c1574SAnoob Joseph * Receiving entity/DL: 2699d1c1574SAnoob Joseph * - Check crypto operation status 2709d1c1574SAnoob Joseph * - Check for duplication (if yes, drop duplicate) 2719d1c1574SAnoob Joseph * - Perform decompression 2729d1c1574SAnoob Joseph * - Trim PDCP header 2739d1c1574SAnoob Joseph * - Hold packet (SDU) for in-order delivery (return 2749d1c1574SAnoob Joseph * completed packets as and when sequence is 2759d1c1574SAnoob Joseph * completed) 2769d1c1574SAnoob Joseph * - If not in sequence, cache the packet and start 2779d1c1574SAnoob Joseph * t-Reordering timer. When timer expires, the 2789d1c1574SAnoob Joseph * packets need to delivered to upper layers (not 2799d1c1574SAnoob Joseph * treated as error packets). 2809d1c1574SAnoob Joseph */ 2819d1c1574SAnoob Joseph nb_success = rte_pdcp_pkt_post_process(grp[i].id.ptr, 2829d1c1574SAnoob Joseph grp[i].m, out_mb, 2839d1c1574SAnoob Joseph grp[i].cnt, 2849d1c1574SAnoob Joseph &nb_err); 2859d1c1574SAnoob Joseph if (nb_err != 0) { 2869d1c1574SAnoob Joseph /* Handle error packets */ 2879d1c1574SAnoob Joseph } 2889d1c1574SAnoob Joseph 2899d1c1574SAnoob Joseph /* Perform additional operations */ 2909d1c1574SAnoob Joseph 2919d1c1574SAnoob Joseph /** 2929d1c1574SAnoob Joseph * Transmitting entity/UL 2939d1c1574SAnoob Joseph * - If duplication is enabled, duplicate PDCP PDUs 2949d1c1574SAnoob Joseph * - When lower layers confirm reception of a PDCP PDU, 2959d1c1574SAnoob Joseph * it should be communicated to PDCP layer so that 2969d1c1574SAnoob Joseph * PDCP can drop the corresponding SDU 2979d1c1574SAnoob Joseph */ 2989d1c1574SAnoob Joseph } 2999d1c1574SAnoob Joseph } 300