14965dda0SLukasz Bartosik /* SPDX-License-Identifier: BSD-3-Clause
24965dda0SLukasz Bartosik * Copyright (C) 2020 Marvell International Ltd.
34965dda0SLukasz Bartosik */
44965dda0SLukasz Bartosik #ifndef _IPSEC_SECGW_H_
54965dda0SLukasz Bartosik #define _IPSEC_SECGW_H_
64965dda0SLukasz Bartosik
74965dda0SLukasz Bartosik #include <stdbool.h>
8d8d51d4fSRahul Bhansali #include <rte_ethdev.h>
94965dda0SLukasz Bartosik
10dcbf9ad5SNithin Dabilpuram #define MAX_RX_QUEUE_PER_LCORE 16
111329602bSAnoob Joseph
124965dda0SLukasz Bartosik #define NB_SOCKETS 4
134965dda0SLukasz Bartosik
149ad50c29SLukasz Bartosik #define MAX_PKT_BURST 32
15a2b445b8SNithin Dabilpuram #define MAX_PKT_BURST_VEC 256
16a2b445b8SNithin Dabilpuram
17a2b445b8SNithin Dabilpuram #define MAX_PKTS \
18a2b445b8SNithin Dabilpuram ((MAX_PKT_BURST_VEC > MAX_PKT_BURST ? \
19a2b445b8SNithin Dabilpuram MAX_PKT_BURST_VEC : MAX_PKT_BURST) * 2)
209ad50c29SLukasz Bartosik
219ad50c29SLukasz Bartosik #define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1
229ad50c29SLukasz Bartosik
239ad50c29SLukasz Bartosik #if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN
249ad50c29SLukasz Bartosik #define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
259ad50c29SLukasz Bartosik (((uint64_t)((a) & 0xff) << 56) | \
269ad50c29SLukasz Bartosik ((uint64_t)((b) & 0xff) << 48) | \
279ad50c29SLukasz Bartosik ((uint64_t)((c) & 0xff) << 40) | \
289ad50c29SLukasz Bartosik ((uint64_t)((d) & 0xff) << 32) | \
299ad50c29SLukasz Bartosik ((uint64_t)((e) & 0xff) << 24) | \
309ad50c29SLukasz Bartosik ((uint64_t)((f) & 0xff) << 16) | \
319ad50c29SLukasz Bartosik ((uint64_t)((g) & 0xff) << 8) | \
329ad50c29SLukasz Bartosik ((uint64_t)(h) & 0xff))
339ad50c29SLukasz Bartosik #else
349ad50c29SLukasz Bartosik #define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
359ad50c29SLukasz Bartosik (((uint64_t)((h) & 0xff) << 56) | \
369ad50c29SLukasz Bartosik ((uint64_t)((g) & 0xff) << 48) | \
379ad50c29SLukasz Bartosik ((uint64_t)((f) & 0xff) << 40) | \
389ad50c29SLukasz Bartosik ((uint64_t)((e) & 0xff) << 32) | \
399ad50c29SLukasz Bartosik ((uint64_t)((d) & 0xff) << 24) | \
409ad50c29SLukasz Bartosik ((uint64_t)((c) & 0xff) << 16) | \
419ad50c29SLukasz Bartosik ((uint64_t)((b) & 0xff) << 8) | \
429ad50c29SLukasz Bartosik ((uint64_t)(a) & 0xff))
439ad50c29SLukasz Bartosik #endif
449ad50c29SLukasz Bartosik
458e693616SAnoob Joseph #define uint32_t_to_char(ip, a, b, c, d) do {\
468e693616SAnoob Joseph *a = (uint8_t)(ip >> 24 & 0xff);\
478e693616SAnoob Joseph *b = (uint8_t)(ip >> 16 & 0xff);\
488e693616SAnoob Joseph *c = (uint8_t)(ip >> 8 & 0xff);\
498e693616SAnoob Joseph *d = (uint8_t)(ip & 0xff);\
508e693616SAnoob Joseph } while (0)
518e693616SAnoob Joseph
529ad50c29SLukasz Bartosik #define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0))
539ad50c29SLukasz Bartosik
549a1cc8f1STejasree Kondoj #define IPSEC_NAT_T_PORT 4500
559a1cc8f1STejasree Kondoj #define MBUF_PTYPE_TUNNEL_ESP_IN_UDP (RTE_PTYPE_TUNNEL_ESP | RTE_PTYPE_L4_UDP)
569a1cc8f1STejasree Kondoj
57*7e06c0deSTyler Retzlaff struct __rte_cache_aligned traffic_type {
589ad50c29SLukasz Bartosik uint32_t num;
59a2b445b8SNithin Dabilpuram struct rte_mbuf *pkts[MAX_PKTS];
60a2b445b8SNithin Dabilpuram const uint8_t *data[MAX_PKTS];
61a2b445b8SNithin Dabilpuram void *saptr[MAX_PKTS];
62a2b445b8SNithin Dabilpuram uint32_t res[MAX_PKTS];
63*7e06c0deSTyler Retzlaff };
649ad50c29SLukasz Bartosik
659ad50c29SLukasz Bartosik struct ipsec_traffic {
669ad50c29SLukasz Bartosik struct traffic_type ipsec;
679ad50c29SLukasz Bartosik struct traffic_type ip4;
689ad50c29SLukasz Bartosik struct traffic_type ip6;
699ad50c29SLukasz Bartosik };
709ad50c29SLukasz Bartosik
719ad50c29SLukasz Bartosik /* Fields optimized for devices without burst */
729ad50c29SLukasz Bartosik struct traffic_type_nb {
739ad50c29SLukasz Bartosik const uint8_t *data;
749ad50c29SLukasz Bartosik struct rte_mbuf *pkt;
759ad50c29SLukasz Bartosik uint32_t res;
769ad50c29SLukasz Bartosik uint32_t num;
779ad50c29SLukasz Bartosik };
789ad50c29SLukasz Bartosik
799ad50c29SLukasz Bartosik struct ipsec_traffic_nb {
809ad50c29SLukasz Bartosik struct traffic_type_nb ipsec;
819ad50c29SLukasz Bartosik struct traffic_type_nb ip4;
829ad50c29SLukasz Bartosik struct traffic_type_nb ip6;
839ad50c29SLukasz Bartosik };
849ad50c29SLukasz Bartosik
859ad50c29SLukasz Bartosik /* port/source ethernet addr and destination ethernet addr */
869ad50c29SLukasz Bartosik struct ethaddr_info {
87fbe58580SRahul Bhansali struct rte_ether_addr src, dst;
889ad50c29SLukasz Bartosik };
899ad50c29SLukasz Bartosik
903e7b7dd8SRadu Nicolau struct ipsec_spd_stats {
913e7b7dd8SRadu Nicolau uint64_t protect;
923e7b7dd8SRadu Nicolau uint64_t bypass;
933e7b7dd8SRadu Nicolau uint64_t discard;
943e7b7dd8SRadu Nicolau };
953e7b7dd8SRadu Nicolau
963e7b7dd8SRadu Nicolau struct ipsec_sa_stats {
973e7b7dd8SRadu Nicolau uint64_t hit;
983e7b7dd8SRadu Nicolau uint64_t miss;
993e7b7dd8SRadu Nicolau };
1003e7b7dd8SRadu Nicolau
101*7e06c0deSTyler Retzlaff struct __rte_cache_aligned ipsec_core_statistics {
1021329602bSAnoob Joseph uint64_t tx;
1031329602bSAnoob Joseph uint64_t rx;
1041329602bSAnoob Joseph uint64_t rx_call;
1051329602bSAnoob Joseph uint64_t tx_call;
1061329602bSAnoob Joseph uint64_t dropped;
107d8d51d4fSRahul Bhansali uint64_t frag_dropped;
1081329602bSAnoob Joseph uint64_t burst_rx;
1093e7b7dd8SRadu Nicolau
1103e7b7dd8SRadu Nicolau struct {
1113e7b7dd8SRadu Nicolau struct ipsec_spd_stats spd4;
1123e7b7dd8SRadu Nicolau struct ipsec_spd_stats spd6;
1133e7b7dd8SRadu Nicolau struct ipsec_sa_stats sad;
1143e7b7dd8SRadu Nicolau } outbound;
1153e7b7dd8SRadu Nicolau
1163e7b7dd8SRadu Nicolau struct {
1173e7b7dd8SRadu Nicolau struct ipsec_spd_stats spd4;
1183e7b7dd8SRadu Nicolau struct ipsec_spd_stats spd6;
1193e7b7dd8SRadu Nicolau struct ipsec_sa_stats sad;
1203e7b7dd8SRadu Nicolau } inbound;
1213e7b7dd8SRadu Nicolau
1223e7b7dd8SRadu Nicolau struct {
1233e7b7dd8SRadu Nicolau uint64_t miss;
1243e7b7dd8SRadu Nicolau } lpm4;
1253e7b7dd8SRadu Nicolau
1263e7b7dd8SRadu Nicolau struct {
1273e7b7dd8SRadu Nicolau uint64_t miss;
1283e7b7dd8SRadu Nicolau } lpm6;
129*7e06c0deSTyler Retzlaff };
1301329602bSAnoob Joseph
1316f1d5c0bSRadu Nicolau extern struct ipsec_core_statistics core_statistics[RTE_MAX_LCORE];
1321329602bSAnoob Joseph
1339ad50c29SLukasz Bartosik extern struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS];
1349ad50c29SLukasz Bartosik
1354965dda0SLukasz Bartosik /* Port mask to identify the unprotected ports */
1364965dda0SLukasz Bartosik extern uint32_t unprotected_port_mask;
1374965dda0SLukasz Bartosik
1384965dda0SLukasz Bartosik /* Index of SA in single mode */
1394965dda0SLukasz Bartosik extern uint32_t single_sa_idx;
1400d76e22dSNithin Dabilpuram extern uint32_t single_sa;
1414965dda0SLukasz Bartosik
1424965dda0SLukasz Bartosik extern volatile bool force_quit;
1434965dda0SLukasz Bartosik
14486738ebeSSrujana Challa extern uint32_t nb_bufs_in_pool;
14586738ebeSSrujana Challa
14648a39871SNithin Dabilpuram extern bool per_port_pool;
147d8d51d4fSRahul Bhansali extern int ip_reassembly_dynfield_offset;
148d8d51d4fSRahul Bhansali extern uint64_t ip_reassembly_dynflag;
149dcbf9ad5SNithin Dabilpuram extern uint32_t mtu_size;
150dcbf9ad5SNithin Dabilpuram extern uint32_t frag_tbl_sz;
1511d5078c6SVolodymyr Fialko extern uint32_t qp_desc_nb;
152dcbf9ad5SNithin Dabilpuram
1530d76e22dSNithin Dabilpuram #define SS_F (1U << 0) /* Single SA mode */
1540d76e22dSNithin Dabilpuram #define INL_PR_F (1U << 1) /* Inline Protocol */
1550d76e22dSNithin Dabilpuram #define INL_CR_F (1U << 2) /* Inline Crypto */
1560d76e22dSNithin Dabilpuram #define LA_PR_F (1U << 3) /* Lookaside Protocol */
1570d76e22dSNithin Dabilpuram #define LA_ANY_F (1U << 4) /* Lookaside Any */
1580d76e22dSNithin Dabilpuram #define MAX_F (LA_ANY_F << 1)
1590d76e22dSNithin Dabilpuram
1600d76e22dSNithin Dabilpuram extern uint16_t wrkr_flags;
1610d76e22dSNithin Dabilpuram
1624965dda0SLukasz Bartosik static inline uint8_t
is_unprotected_port(uint16_t port_id)1634965dda0SLukasz Bartosik is_unprotected_port(uint16_t port_id)
1644965dda0SLukasz Bartosik {
1654965dda0SLukasz Bartosik return unprotected_port_mask & (1 << port_id);
1664965dda0SLukasz Bartosik }
1674965dda0SLukasz Bartosik
1681329602bSAnoob Joseph static inline void
core_stats_update_rx(int n)1691329602bSAnoob Joseph core_stats_update_rx(int n)
1701329602bSAnoob Joseph {
1711329602bSAnoob Joseph int lcore_id = rte_lcore_id();
1721329602bSAnoob Joseph core_statistics[lcore_id].rx += n;
1731329602bSAnoob Joseph core_statistics[lcore_id].rx_call++;
1741329602bSAnoob Joseph if (n == MAX_PKT_BURST)
1751329602bSAnoob Joseph core_statistics[lcore_id].burst_rx += n;
1761329602bSAnoob Joseph }
1771329602bSAnoob Joseph
1781329602bSAnoob Joseph static inline void
core_stats_update_tx(int n)1791329602bSAnoob Joseph core_stats_update_tx(int n)
1801329602bSAnoob Joseph {
1811329602bSAnoob Joseph int lcore_id = rte_lcore_id();
1821329602bSAnoob Joseph core_statistics[lcore_id].tx += n;
1831329602bSAnoob Joseph core_statistics[lcore_id].tx_call++;
1841329602bSAnoob Joseph }
1851329602bSAnoob Joseph
1861329602bSAnoob Joseph static inline void
core_stats_update_drop(int n)1871329602bSAnoob Joseph core_stats_update_drop(int n)
1881329602bSAnoob Joseph {
1891329602bSAnoob Joseph int lcore_id = rte_lcore_id();
1901329602bSAnoob Joseph core_statistics[lcore_id].dropped += n;
1911329602bSAnoob Joseph }
1921329602bSAnoob Joseph
193d8d51d4fSRahul Bhansali static inline void
core_stats_update_frag_drop(int n)194d8d51d4fSRahul Bhansali core_stats_update_frag_drop(int n)
195d8d51d4fSRahul Bhansali {
196d8d51d4fSRahul Bhansali int lcore_id = rte_lcore_id();
197d8d51d4fSRahul Bhansali core_statistics[lcore_id].frag_dropped += n;
198d8d51d4fSRahul Bhansali }
199d8d51d4fSRahul Bhansali
200d8d51d4fSRahul Bhansali static inline int
is_ip_reassembly_incomplete(struct rte_mbuf * mbuf)201d8d51d4fSRahul Bhansali is_ip_reassembly_incomplete(struct rte_mbuf *mbuf)
202d8d51d4fSRahul Bhansali {
203d8d51d4fSRahul Bhansali if (ip_reassembly_dynflag == 0)
204d8d51d4fSRahul Bhansali return -1;
205d8d51d4fSRahul Bhansali return (mbuf->ol_flags & ip_reassembly_dynflag) != 0;
206d8d51d4fSRahul Bhansali }
207d8d51d4fSRahul Bhansali
208d8d51d4fSRahul Bhansali static inline void
free_reassembly_fail_pkt(struct rte_mbuf * mb)209d8d51d4fSRahul Bhansali free_reassembly_fail_pkt(struct rte_mbuf *mb)
210d8d51d4fSRahul Bhansali {
211d8d51d4fSRahul Bhansali if (ip_reassembly_dynfield_offset >= 0) {
212d8d51d4fSRahul Bhansali rte_eth_ip_reassembly_dynfield_t dynfield;
213d8d51d4fSRahul Bhansali uint32_t frag_cnt = 0;
214d8d51d4fSRahul Bhansali
215d8d51d4fSRahul Bhansali while (mb) {
216d8d51d4fSRahul Bhansali dynfield = *RTE_MBUF_DYNFIELD(mb,
217d8d51d4fSRahul Bhansali ip_reassembly_dynfield_offset,
218d8d51d4fSRahul Bhansali rte_eth_ip_reassembly_dynfield_t *);
219d8d51d4fSRahul Bhansali rte_pktmbuf_free(mb);
220d8d51d4fSRahul Bhansali mb = dynfield.next_frag;
221d8d51d4fSRahul Bhansali frag_cnt++;
222d8d51d4fSRahul Bhansali }
223d8d51d4fSRahul Bhansali
224d8d51d4fSRahul Bhansali core_stats_update_frag_drop(frag_cnt);
225d8d51d4fSRahul Bhansali } else {
226d8d51d4fSRahul Bhansali rte_pktmbuf_free(mb);
227d8d51d4fSRahul Bhansali core_stats_update_drop(1);
228d8d51d4fSRahul Bhansali }
229d8d51d4fSRahul Bhansali }
230d8d51d4fSRahul Bhansali
2311329602bSAnoob Joseph /* helper routine to free bulk of packets */
232fee894d4SRahul Bhansali static __rte_always_inline void
free_pkts(struct rte_mbuf * mb[],const uint32_t n)233fee894d4SRahul Bhansali free_pkts(struct rte_mbuf *mb[], const uint32_t n)
2341329602bSAnoob Joseph {
235fee894d4SRahul Bhansali n == 1 ? rte_pktmbuf_free(mb[0]) : rte_pktmbuf_free_bulk(mb, n);
2361329602bSAnoob Joseph core_stats_update_drop(n);
2371329602bSAnoob Joseph }
2381329602bSAnoob Joseph
2394965dda0SLukasz Bartosik #endif /* _IPSEC_SECGW_H_ */
240