Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/117055/?format=api
{ "id": 117055, "url": "http://patches.dpdk.org/api/patches/117055/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20220928124516.93050-4-gakhil@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20220928124516.93050-4-gakhil@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20220928124516.93050-4-gakhil@marvell.com", "date": "2022-09-28T12:45:14", "name": "[3/5] net/cnxk: support MACsec", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "88da0d9f421a992d317ab41c577758ac5c320c57", "submitter": { "id": 2094, "url": "http://patches.dpdk.org/api/people/2094/?format=api", "name": "Akhil Goyal", "email": "gakhil@marvell.com" }, "delegate": { "id": 310, "url": "http://patches.dpdk.org/api/users/310/?format=api", "username": "jerin", "first_name": "Jerin", "last_name": "Jacob", "email": "jerinj@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20220928124516.93050-4-gakhil@marvell.com/mbox/", "series": [ { "id": 24879, "url": "http://patches.dpdk.org/api/series/24879/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=24879", "date": "2022-09-28T12:45:11", "name": "Support and test inline MACsec for cnxk", "version": 1, "mbox": "http://patches.dpdk.org/series/24879/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/117055/comments/", "check": "warning", "checks": "http://patches.dpdk.org/api/patches/117055/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 717D4A00C4;\n\tWed, 28 Sep 2022 14:46:17 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 7B01942B6C;\n\tWed, 28 Sep 2022 14:45:59 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 820B64113C\n for <dev@dpdk.org>; Wed, 28 Sep 2022 14:45:55 +0200 (CEST)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id\n 28SA4cpZ003076;\n Wed, 28 Sep 2022 05:45:53 -0700", "from dc5-exch01.marvell.com ([199.233.59.181])\n by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jvjkk8skd-5\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Wed, 28 Sep 2022 05:45:53 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Wed, 28 Sep 2022 05:45:39 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Wed, 28 Sep 2022 05:45:39 -0700", "from localhost.localdomain (unknown [10.28.36.102])\n by maili.marvell.com (Postfix) with ESMTP id 3EEF63F7053;\n Wed, 28 Sep 2022 05:45:35 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=vkDMsPEoOIG2oyZqUDRdK4plrTZ62FKD3cxPMuDtOsw=;\n b=ieJtj46bsY2DWuTglpSnPmTqTOzmgRFKnWfa6+YMvPW2sQ4Yirh5H64fsxeKanWVLi0w\n Z+H8RZO++6XaLgyUjvHIrAPCkV16kJ8ZVXiWQLr+kROXPBHW/ErVCyEu8movoVsinJCz\n wM25LGS0CO/RHicHlNPLZCvnbxJEYdLr4krglF+t0PdHwmswp6N30JNrQCR6EN6jv4OB\n GcKx0jdmWWhR/LpOd1IEOBtSBAGnOCBYATSRrvKpDUlLjUaSKk4jxvvfvEPsglji5M2w\n eyBGJjqWwx7w207uS94cxN2Mt48cHM7xc9ZuZPWFjsUM54uzdqOPuj87y3jxQWj73Sdi RA==", "From": "Akhil Goyal <gakhil@marvell.com>", "To": "<dev@dpdk.org>", "CC": "<thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>,\n <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>,\n <vattunuru@marvell.com>, <ferruh.yigit@xilinx.com>,\n <andrew.rybchenko@oktetlabs.ru>, <konstantin.v.ananyev@yandex.ru>,\n <jiawenwu@trustnetic.com>, <yisen.zhuang@huawei.com>,\n <irusskikh@marvell.com>, <qiming.yang@intel.com>, <jerinj@marvell.com>,\n <adwivedi@marvell.com>, Akhil Goyal <gakhil@marvell.com>", "Subject": "[PATCH 3/5] net/cnxk: support MACsec", "Date": "Wed, 28 Sep 2022 18:15:14 +0530", "Message-ID": "<20220928124516.93050-4-gakhil@marvell.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20220928124516.93050-1-gakhil@marvell.com>", "References": "<20220928122253.23108-4-gakhil@marvell.com>\n <20220928124516.93050-1-gakhil@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "ZZ-JXnq0FiUXl3FK9woH6eZBwkNeiZmg", "X-Proofpoint-ORIG-GUID": "ZZ-JXnq0FiUXl3FK9woH6eZBwkNeiZmg", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1\n definitions=2022-09-28_06,2022-09-28_01,2022-06-22_01", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "Signed-off-by: Akhil Goyal <gakhil@marvell.com>\n---\n drivers/net/cnxk/cn10k_ethdev_mcs.c | 407 ++++++++++++++++++++++++++++\n drivers/net/cnxk/cn10k_ethdev_mcs.h | 59 ++++\n drivers/net/cnxk/cn10k_ethdev_sec.c | 11 +-\n drivers/net/cnxk/cn10k_flow.c | 14 +\n drivers/net/cnxk/cnxk_ethdev.h | 31 +++\n drivers/net/cnxk/cnxk_ethdev_sec.c | 2 +-\n drivers/net/cnxk/meson.build | 1 +\n 7 files changed, 523 insertions(+), 2 deletions(-)\n create mode 100644 drivers/net/cnxk/cn10k_ethdev_mcs.c\n create mode 100644 drivers/net/cnxk/cn10k_ethdev_mcs.h", "diff": "diff --git a/drivers/net/cnxk/cn10k_ethdev_mcs.c b/drivers/net/cnxk/cn10k_ethdev_mcs.c\nnew file mode 100644\nindex 0000000000..90363f8e17\n--- /dev/null\n+++ b/drivers/net/cnxk/cn10k_ethdev_mcs.c\n@@ -0,0 +1,407 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2022 Marvell.\n+ */\n+\n+#include <cnxk_ethdev.h>\n+#include <cn10k_ethdev_mcs.h>\n+#include <roc_mcs.h>\n+\n+static int\n+mcs_resource_alloc(struct cnxk_mcs_dev *mcs_dev, enum rte_security_macsec_direction dir,\n+\t\t uint8_t rsrc_id[], uint8_t rsrc_cnt, enum cnxk_mcs_rsrc_type type)\n+{\n+\tstruct roc_mcs_alloc_rsrc_req req = {0};\n+\tstruct roc_mcs_alloc_rsrc_rsp rsp = {0};\n+\tint i;\n+\n+\treq.rsrc_type = type;\n+\treq.rsrc_cnt = rsrc_cnt;\n+\treq.mcs_id = mcs_dev->idx;\n+\treq.dir = dir;\n+\n+\tif (roc_mcs_alloc_rsrc(mcs_dev->mdev, &req, &rsp)) {\n+\t\tprintf(\"error: Cannot allocate mcs resource.\\n\");\n+\t\treturn -1;\n+\t}\n+\n+\tfor (i = 0; i < rsrc_cnt; i++) {\n+\t\tswitch (rsp.rsrc_type) {\n+\t\tcase CNXK_MCS_RSRC_TYPE_FLOWID:\n+\t\t\trsrc_id[i] = rsp.flow_ids[i];\n+\t\t\tbreak;\n+\t\tcase CNXK_MCS_RSRC_TYPE_SECY:\n+\t\t\trsrc_id[i] = rsp.secy_ids[i];\n+\t\t\tbreak;\n+\t\tcase CNXK_MCS_RSRC_TYPE_SC:\n+\t\t\trsrc_id[i] = rsp.sc_ids[i];\n+\t\t\tbreak;\n+\t\tcase CNXK_MCS_RSRC_TYPE_SA:\n+\t\t\trsrc_id[i] = rsp.sa_ids[i];\n+\t\t\tbreak;\n+\t\tdefault :\n+\t\t\tprintf(\"error: Invalid mcs resource allocated.\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\t}\n+\treturn 0;\n+}\n+\n+int\n+cn10k_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf)\n+{\n+\tstruct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;\n+\tstruct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);\n+\tstruct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;\n+\tstruct roc_mcs_pn_table_write_req pn_req = {0};\n+\tstruct roc_mcs_sa_plcy_write_req req = {0};\n+\tuint8_t hash_key[16] = {0};\n+\tuint8_t sa_id = 0;\n+\tint ret = 0;\n+\n+\tret = mcs_resource_alloc(mcs_dev, conf->dir, &sa_id, 1, CNXK_MCS_RSRC_TYPE_SA);\n+\tif (ret) {\n+\t\tprintf(\"Failed to allocate SA id.\\n\");\n+\t\treturn -ENOMEM;\n+\t}\n+\treq.sa_index[0] = sa_id;\n+\treq.sa_cnt = 1;\n+\treq.mcs_id = mcs_dev->idx;\n+\treq.dir = conf->dir;\n+\n+\tif (conf->key.length != 16 || conf->key.length != 32)\n+\t\treturn -EINVAL;\n+\n+\tmemcpy(&req.plcy[0][0], conf->key.data, conf->key.length);\n+\troc_aes_hash_key_derive(conf->key.data, conf->key.length, hash_key);\n+\tmemcpy(&req.plcy[0][4], hash_key, CNXK_MACSEC_HASH_KEY);\n+\tmemcpy(&req.plcy[0][6], conf->salt, RTE_SECURITY_MACSEC_SALT_LEN);\n+\treq.plcy[0][7] |= (uint64_t)conf->ssci << 32;\n+\treq.plcy[0][8] = conf->an & 0x3;\n+\n+\tret = roc_mcs_sa_policy_write(mcs_dev->mdev, &req);\n+\tif (ret) {\n+\t\tprintf(\"Failed to write SA policy.\\n\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tpn_req.next_pn = conf->next_pn;\n+\tpn_req.pn_id = sa_id;\n+\tpn_req.mcs_id = mcs_dev->idx;\n+\tpn_req.dir = conf->dir;\n+\n+\tret = roc_mcs_pn_table_write(mcs_dev->mdev, &pn_req);\n+\tif (ret) {\n+\t\tprintf(\"Failed to write PN table.\\n\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\treturn sa_id;\n+}\n+\n+int\n+cn10k_eth_macsec_sa_destroy(void *device, uint16_t sa_id)\n+{\n+\tRTE_SET_USED(device);\n+\tRTE_SET_USED(sa_id);\n+\n+\treturn 0;\n+}\n+\n+int\n+cn10k_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf)\n+{\n+\tstruct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;\n+\tstruct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);\n+\tstruct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;\n+\tuint8_t sc_id = 0;\n+\tint i, ret = 0;\n+\n+\tret = mcs_resource_alloc(mcs_dev, conf->dir, &sc_id, 1, CNXK_MCS_RSRC_TYPE_SC);\n+\tif (ret) {\n+\t\tprintf(\"Failed to allocate SC id.\\n\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tif (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) {\n+\t\tstruct roc_mcs_tx_sc_sa_map req = {0};\n+\n+\t\treq.mcs_id = mcs_dev->idx;\n+\t\treq.sa_index0 = conf->sc_tx.sa_id & 0x7F;\n+\t\treq.sa_index1 = conf->sc_tx.sa_id_rekey & 0x7F;\n+\t\treq.rekey_ena = conf->sc_tx.re_key_en;\n+\t\treq.sa_index0_vld = conf->sc_tx.active;\n+\t\treq.sa_index1_vld = conf->sc_tx.re_key_en && conf->sc_tx.active;\n+\t\treq.tx_sa_active = conf->sc_tx.active;\n+\t\treq.sectag_sci = conf->sc_tx.sci;\n+\t\treq.sc_id = sc_id;\n+\t\treq.mcs_id = mcs_dev->idx;\n+\n+\t\tret = roc_mcs_tx_sc_sa_map_write(mcs_dev->mdev, &req);\n+\t\tif (ret) {\n+\t\t\tprintf(\"Failed to map TX SC-SA\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t} else {\n+\t\tfor (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {\n+\t\t\tstruct roc_mcs_rx_sc_sa_map req = {0};\n+\n+\t\t\treq.mcs_id = mcs_dev->idx;\n+\t\t\treq.sa_index = conf->sc_rx.sa_id[i] & 0x7F;\n+\t\t\treq.sa_in_use = conf->sc_rx.sa_in_use[i];\n+\t\t\treq.sc_id = sc_id;\n+\t\t\treq.an = i & 0x3;\n+\t\t\treq.mcs_id = mcs_dev->idx;\n+\t\t\tret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);\n+\t\t\tif (ret) {\n+\t\t\t\tprintf(\"Failed to map RX SC-SA\");\n+\t\t\t\treturn -EINVAL;\n+\t\t\t}\n+\t\t}\n+\t}\n+\treturn sc_id;\n+}\n+\n+int\n+cn10k_eth_macsec_sc_destroy(void *device, uint16_t sc_id)\n+{\n+\tRTE_SET_USED(device);\n+\tRTE_SET_USED(sc_id);\n+\n+\treturn 0;\n+}\n+\n+struct cnxk_macsec_sess *\n+cnxk_eth_macsec_sess_get_by_sess(struct cnxk_eth_dev *dev,\n+\t\t\t\t const struct rte_security_session *sess)\n+{\n+\tstruct cnxk_macsec_sess *macsec_sess = NULL;\n+\n+\tTAILQ_FOREACH(macsec_sess, &dev->mcs_list, entry) {\n+\t\tif (macsec_sess->sess == sess)\n+\t\t\treturn macsec_sess;\n+\t}\n+\n+\treturn NULL;\n+}\n+\n+int\n+cn10k_eth_macsec_session_create(struct cnxk_eth_dev *dev,\n+\t\t\t\tstruct rte_security_session_conf *conf,\n+\t\t\t\tstruct rte_security_session *sess,\n+\t\t\t\tstruct rte_mempool *mempool)\n+{\n+\tstruct rte_security_macsec_xform *xform = &conf->macsec;\n+\tstruct cnxk_macsec_sess *macsec_sess_priv;\n+\tstruct roc_mcs_secy_plcy_write_req req;\n+\tstruct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;\n+\tuint8_t secy_id = 0;\n+\tuint8_t sectag_tci = 0;\n+\tint ret = 0;\n+\n+\tret = mcs_resource_alloc(mcs_dev, xform->dir, &secy_id, 1, CNXK_MCS_RSRC_TYPE_SECY);\n+\tif (ret) {\n+\t\tprintf(\"Failed to allocate SECY id.\\n\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\treq.secy_id = secy_id;\n+\treq.mcs_id = mcs_dev->idx;\n+\treq.dir = xform->dir;\n+\treq.plcy = 0L;\n+\n+\tif (xform->dir == RTE_SECURITY_MACSEC_DIR_TX) {\n+\t\tsectag_tci = ((uint8_t)xform->tx_secy.sectag_version << 5) |\n+\t\t\t\t((uint8_t)xform->tx_secy.end_station << 4) |\n+\t\t\t\t((uint8_t)xform->tx_secy.send_sci << 3) |\n+\t\t\t\t((uint8_t)xform->tx_secy.scb << 2) |\n+\t\t\t\t((uint8_t)xform->tx_secy.encrypt << 1) |\n+\t\t\t\t(uint8_t)xform->tx_secy.encrypt;\n+\t\treq.plcy = ((uint64_t)xform->tx_secy.mtu << 48) |\n+\t\t\t (((uint64_t)sectag_tci & 0x3F) << 40) |\n+\t\t\t (((uint64_t)xform->tx_secy.sectag_off & 0x7F) << 32) |\n+\t\t\t ((uint64_t)xform->tx_secy.sectag_insert_mode << 30) |\n+\t\t\t ((uint64_t)xform->tx_secy.icv_include_da_sa << 28) |\n+\t\t\t (((uint64_t)xform->cipher_off & 0x7F) << 20) |\n+\t\t\t ((uint64_t)xform->alg << 12) |\n+\t\t\t ((uint64_t)xform->tx_secy.protect_frames << 4) |\n+\t\t\t (uint64_t)xform->tx_secy.ctrl_port_enable;\n+\t} else {\n+\t\treq.plcy = ((uint64_t)xform->rx_secy.replay_win_sz << 32) |\n+\t\t\t ((uint64_t)xform->rx_secy.replay_protect << 30) |\n+\t\t\t ((uint64_t)xform->rx_secy.icv_include_da_sa << 28) |\n+\t\t\t (((uint64_t)xform->cipher_off & 0x7F) << 20) |\n+\t\t\t ((uint64_t)xform->alg << 12) |\n+\t\t\t ((uint64_t)xform->rx_secy.preserve_sectag << 9) |\n+\t\t\t ((uint64_t)xform->rx_secy.preserve_icv << 8) |\n+\t\t\t ((uint64_t)xform->rx_secy.validate_frames << 4) |\n+\t\t\t (uint64_t)xform->rx_secy.ctrl_port_enable;\n+\t}\n+\n+\tret = roc_mcs_secy_policy_write(mcs_dev->mdev, &req);\n+\tif (ret) {\n+\t\tprintf(\"\\n Failed to configure SECY\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\t/*get session priv*/\n+\tif (rte_mempool_get(mempool, (void **)&macsec_sess_priv)) {\n+\t\tplt_err(\"Could not allocate security session private data\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tmacsec_sess_priv->sci = xform->sci;\n+\tmacsec_sess_priv->sc_id = xform->sc_id;\n+\tmacsec_sess_priv->secy_id = secy_id;\n+\tmacsec_sess_priv->dir = xform->dir;\n+\n+\tTAILQ_INSERT_TAIL(&dev->mcs_list, macsec_sess_priv, entry);\n+\tset_sec_session_private_data(sess, (void *)macsec_sess_priv);\n+\n+\treturn 0;\n+}\n+\n+int\n+cn10k_eth_macsec_session_destroy(void *device, struct rte_security_session *sess)\n+{\n+\tRTE_SET_USED(device);\n+\tRTE_SET_USED(sess);\n+\n+\treturn 0;\n+}\n+\n+int\n+cn10k_mcs_flow_configure(struct rte_eth_dev *eth_dev,\n+\t\t\t const struct rte_flow_attr *attr __rte_unused,\n+\t\t\t const struct rte_flow_item pattern[],\n+\t\t\t const struct rte_flow_action actions[],\n+\t\t\t struct rte_flow_error *error __rte_unused,\n+\t\t\t void **mcs_flow)\n+{\n+\tstruct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);\n+\tstruct roc_mcs_flowid_entry_write_req req = {0};\n+\tstruct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;\n+\tstruct cnxk_mcs_flow_opts opts = {0};\n+\tstruct cnxk_macsec_sess *sess = cnxk_eth_macsec_sess_get_by_sess(dev,\n+\t\t\t(const struct rte_security_session *)actions->conf);\n+\tconst struct rte_flow_item_eth *eth_item = NULL;\n+\tstruct rte_ether_addr src;\n+\tstruct rte_ether_addr dst;\n+\tint ret;\n+\tint i = 0;\n+\n+\tret = mcs_resource_alloc(mcs_dev, sess->dir, &(sess->flow_id), 1, CNXK_MCS_RSRC_TYPE_FLOWID);\n+\tif (ret) {\n+\t\tprintf(\"Failed to allocate FLow id.\\n\");\n+\t\treturn -ENOMEM;\n+\t}\n+\treq.sci = sess->sci;\n+\treq.flow_id = sess->flow_id;\n+\treq.secy_id = sess->secy_id;\n+\treq.sc_id = sess->sc_id;\n+\treq.ena = 1;\n+\treq.ctr_pkt = 0; /* TBD */\n+\treq.mcs_id = mcs_dev->idx;\n+\treq.dir = sess->dir;\n+\n+\twhile (pattern[i].type != RTE_FLOW_ITEM_TYPE_END) {\n+\t\tif (pattern[i].type == RTE_FLOW_ITEM_TYPE_ETH)\n+\t\t\teth_item = pattern[i].spec;\n+\t\telse\n+\t\t\tprintf(\"%s:%d unhandled flow item : %d\", __func__, __LINE__,\n+\t\t\t\t\tpattern[i].type);\n+\t\ti++;\n+\t}\n+\tif (eth_item) {\n+\t\tdst = eth_item->hdr.dst_addr;\n+\t\tsrc = eth_item->hdr.src_addr;\n+\n+\t\t/* Find ways to fill opts */\n+\n+\t\treq.data[0] = (uint64_t)dst.addr_bytes[0] << 40 | (uint64_t)dst.addr_bytes[1] << 32 |\n+\t\t\t (uint64_t)dst.addr_bytes[2] << 24 | (uint64_t)dst.addr_bytes[3] << 16 |\n+\t\t\t (uint64_t)dst.addr_bytes[4] << 8 | (uint64_t)dst.addr_bytes[5] |\n+\t\t\t (uint64_t)src.addr_bytes[5] << 48 | (uint64_t)src.addr_bytes[4] << 56;\n+\t\treq.data[1] = (uint64_t)src.addr_bytes[3] | (uint64_t)src.addr_bytes[2] << 8 |\n+\t\t\t (uint64_t)src.addr_bytes[1] << 16 | (uint64_t)src.addr_bytes[0] << 24 |\n+\t\t\t (uint64_t)eth_item->hdr.ether_type << 32 |\n+\t\t\t ((uint64_t)opts.outer_tag_id & 0xFFFF) << 48;\n+\t\treq.data[2] = ((uint64_t)opts.outer_tag_id & 0xF0000) |\n+\t\t\t ((uint64_t)opts.outer_priority & 0xF) << 4 |\n+\t\t\t ((uint64_t)opts.second_outer_tag_id & 0xFFFFF) << 8 |\n+\t\t\t ((uint64_t)opts.second_outer_priority & 0xF) << 28 |\n+\t\t\t ((uint64_t)opts.bonus_data << 32) |\n+\t\t\t ((uint64_t)opts.tag_match_bitmap << 48) |\n+\t\t\t ((uint64_t)opts.packet_type & 0xF) << 56 |\n+\t\t\t ((uint64_t)opts.outer_vlan_type & 0x7) << 60 |\n+\t\t\t ((uint64_t)opts.inner_vlan_type & 0x1) << 63;\n+\t\treq.data[3] = ((uint64_t)opts.inner_vlan_type & 0x6) |\n+\t\t\t ((uint64_t)opts.num_tags & 0x7F) << 2 | ((uint64_t)opts.express & 1) << 9 |\n+\t\t\t ((uint64_t)opts.port & 0x3) << 10 |\n+\t\t\t ((uint64_t)opts.flowid_user & 0xF) << 12;\n+\n+\t\treq.mask[0] = 0x0;\n+\t\treq.mask[1] = 0xFFFFFFFF00000000;\n+\t\treq.mask[2] = 0xFFFFFFFFFFFFFFFF;\n+\t\treq.mask[3] = 0xFFFFFFFFFFFFF3FF;\n+\n+\t\tret = roc_mcs_flowid_entry_write(mcs_dev->mdev, &req);\n+\t\tif (ret)\n+\t\t\treturn ret;\n+\n+\t\t*mcs_flow = &req;\n+\t} else {\n+\t\tprintf(\"\\nFlow not confirured\");\n+\t\treturn -EINVAL;\n+\t}\n+\treturn 0;\n+}\n+\n+int\n+cn10k_eth_macsec_sa_stats_get(void *device, uint16_t sa_id,\n+\t\t\t struct rte_security_macsec_sa_stats *stats)\n+{\n+\tRTE_SET_USED(device);\n+\tRTE_SET_USED(sa_id);\n+\tRTE_SET_USED(stats);\n+\n+\treturn 0;\n+}\n+\n+int\n+cn10k_eth_macsec_sc_stats_get(void *device, uint16_t sc_id,\n+\t\t\t struct rte_security_macsec_sc_stats *stats)\n+{\n+\tRTE_SET_USED(device);\n+\tRTE_SET_USED(sc_id);\n+\tRTE_SET_USED(stats);\n+\n+\treturn 0;\n+}\n+\n+void\n+cnxk_mcs_dev_fini(struct cnxk_mcs_dev *mcs_dev)\n+{\n+\t/* Cleanup MACsec dev */\n+\troc_mcs_dev_fini(mcs_dev->mdev);\n+\n+\tplt_free(mcs_dev);\n+}\n+\n+struct cnxk_mcs_dev *\n+cnxk_mcs_dev_init(uint8_t mcs_idx)\n+{\n+\tstruct cnxk_mcs_dev *mcs_dev;\n+\n+\tmcs_dev = plt_zmalloc(sizeof(struct cnxk_mcs_dev), PLT_CACHE_LINE_SIZE);\n+\tif (!mcs_dev)\n+\t\treturn NULL;\n+\n+\tmcs_dev->mdev = roc_mcs_dev_init(mcs_dev->idx);\n+\tif (!mcs_dev->mdev) {\n+\t\tplt_free(mcs_dev);\n+\t\treturn NULL;\n+\t}\n+\tmcs_dev->idx = mcs_idx;\n+\n+\treturn mcs_dev;\n+}\ndiff --git a/drivers/net/cnxk/cn10k_ethdev_mcs.h b/drivers/net/cnxk/cn10k_ethdev_mcs.h\nnew file mode 100644\nindex 0000000000..b905f4402a\n--- /dev/null\n+++ b/drivers/net/cnxk/cn10k_ethdev_mcs.h\n@@ -0,0 +1,59 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2022 Marvell.\n+ */\n+\n+#include <cnxk_ethdev.h>\n+\n+#define CNXK_MACSEC_HASH_KEY\t16\n+\n+struct cnxk_mcs_dev {\n+\tuint64_t default_sci;\n+\tvoid *mdev;\n+\tuint8_t port_id;\n+\tuint8_t idx;\n+};\n+\n+enum cnxk_mcs_rsrc_type {\n+\tCNXK_MCS_RSRC_TYPE_FLOWID,\n+\tCNXK_MCS_RSRC_TYPE_SECY,\n+\tCNXK_MCS_RSRC_TYPE_SC,\n+\tCNXK_MCS_RSRC_TYPE_SA,\n+};\n+\n+struct cnxk_mcs_flow_opts {\n+\tuint32_t outer_tag_id;\n+\t/**< {VLAN_ID[11:0]}, or 20-bit MPLS label*/\n+\tuint8_t outer_priority;\n+\t/**< {PCP/Pbits, DE/CFI} or {1'b0, EXP} for MPLS.*/\n+\tuint32_t second_outer_tag_id;\n+\t/**< {VLAN_ID[11:0]}, or 20-bit MPLS label*/\n+\tuint8_t second_outer_priority;\n+\t/**< {PCP/Pbits, DE/CFI} or {1'b0, EXP} for MPLS. */\n+\tuint16_t bonus_data;\n+\t/**< 2 bytes of additional bonus data extracted from one of the custom tags*/\n+\tuint8_t tag_match_bitmap;\n+\tuint8_t packet_type;\n+\tuint8_t outer_vlan_type;\n+\tuint8_t inner_vlan_type;\n+\tuint8_t num_tags;\n+\tbool express;\n+\tuint8_t port; /**< port 0-3 */\n+\tuint8_t flowid_user;\n+};\n+\n+int cn10k_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf);\n+int cn10k_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf);\n+\n+int cn10k_eth_macsec_sa_destroy(void *device, uint16_t sa_id);\n+int cn10k_eth_macsec_sc_destroy(void *device, uint16_t sc_id);\n+\n+int cn10k_eth_macsec_sa_stats_get(void *device, uint16_t sa_id,\n+\t\t\t struct rte_security_macsec_sa_stats *stats);\n+int cn10k_eth_macsec_sc_stats_get(void *device, uint16_t sa_id,\n+\t\t\t struct rte_security_macsec_sc_stats *stats);\n+\n+int cn10k_eth_macsec_session_create(struct cnxk_eth_dev *dev,\n+\t\t\t struct rte_security_session_conf *conf,\n+\t\t\t struct rte_security_session *sess,\n+\t\t\t struct rte_mempool *mempool);\n+int cn10k_eth_macsec_session_destroy(void *device, struct rte_security_session *sess);\ndiff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c\nindex 3795b0c78b..70fb1eb39a 100644\n--- a/drivers/net/cnxk/cn10k_ethdev_sec.c\n+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c\n@@ -9,6 +9,7 @@\n #include <rte_pmd_cnxk.h>\n \n #include <cn10k_ethdev.h>\n+#include <cn10k_ethdev_mcs.h>\n #include <cnxk_security.h>\n #include <roc_priv.h>\n \n@@ -601,7 +602,9 @@ cn10k_eth_sec_session_create(void *device,\n \tif (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)\n \t\treturn -ENOTSUP;\n \n-\tif (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)\n+\tif (conf->protocol == RTE_SECURITY_PROTOCOL_MACSEC)\n+\t\treturn cn10k_eth_macsec_session_create(dev, conf, sess, mempool);\n+\telse if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)\n \t\treturn -ENOTSUP;\n \n \tif (rte_security_dynfield_register() < 0)\n@@ -1058,9 +1061,15 @@ cn10k_eth_sec_ops_override(void)\n \tinit_once = 1;\n \n \t/* Update platform specific ops */\n+\tcnxk_eth_sec_ops.macsec_sa_create = cn10k_eth_macsec_sa_create;\n+\tcnxk_eth_sec_ops.macsec_sc_create = cn10k_eth_macsec_sc_create;\n+\tcnxk_eth_sec_ops.macsec_sa_destroy = cn10k_eth_macsec_sa_destroy;\n+\tcnxk_eth_sec_ops.macsec_sc_destroy = cn10k_eth_macsec_sc_destroy;\n \tcnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;\n \tcnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;\n \tcnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;\n \tcnxk_eth_sec_ops.session_update = cn10k_eth_sec_session_update;\n \tcnxk_eth_sec_ops.session_stats_get = cn10k_eth_sec_session_stats_get;\n+\tcnxk_eth_sec_ops.macsec_sc_stats_get = cn10k_eth_macsec_sc_stats_get;\n+\tcnxk_eth_sec_ops.macsec_sa_stats_get = cn10k_eth_macsec_sa_stats_get;\n }\ndiff --git a/drivers/net/cnxk/cn10k_flow.c b/drivers/net/cnxk/cn10k_flow.c\nindex 7df879a2bb..e95a73ec55 100644\n--- a/drivers/net/cnxk/cn10k_flow.c\n+++ b/drivers/net/cnxk/cn10k_flow.c\n@@ -2,6 +2,7 @@\n * Copyright(C) 2020 Marvell.\n */\n #include <cnxk_flow.h>\n+#include \"cn10k_ethdev_mcs.h\"\n #include \"cn10k_flow.h\"\n #include \"cn10k_ethdev.h\"\n #include \"cn10k_rx.h\"\n@@ -133,6 +134,7 @@ cn10k_flow_create(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr,\n \tconst struct rte_flow_action *act_q = NULL;\n \tstruct roc_npc *npc = &dev->npc;\n \tstruct roc_npc_flow *flow;\n+\tvoid *mcs_flow = NULL;\n \tint vtag_actions = 0;\n \tuint32_t req_act = 0;\n \tint i, rc;\n@@ -186,6 +188,18 @@ cn10k_flow_create(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr,\n \t\t}\n \t}\n \n+\tif (actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY &&\n+\t\t\tcnxk_eth_macsec_sess_get_by_sess(dev, actions[0].conf) != NULL) {\n+\t\trc = cn10k_mcs_flow_configure(eth_dev, attr, pattern, actions, error, &mcs_flow);\n+\t\tif (rc) {\n+\t\t\trte_flow_error_set(error, rc,\n+\t\t\t\t\tRTE_FLOW_ERROR_TYPE_ACTION, NULL,\n+\t\t\t\t\t\"Failed to configure mcs flow\");\n+\t\t\treturn NULL;\n+\t\t}\n+\t\treturn (struct rte_flow *)mcs_flow;\n+\t}\n+\n \tflow = cnxk_flow_create(eth_dev, attr, pattern, actions, error);\n \tif (!flow) {\n \t\tif (mtr)\ndiff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h\nindex c09e9bff8e..4ae64060f1 100644\n--- a/drivers/net/cnxk/cnxk_ethdev.h\n+++ b/drivers/net/cnxk/cnxk_ethdev.h\n@@ -337,6 +337,21 @@ struct cnxk_eth_dev_sec_outb {\n \trte_spinlock_t lock;\n };\n \n+/* MACsec session private data */\n+struct cnxk_macsec_sess {\n+\t/* List entry */\n+\tTAILQ_ENTRY(cnxk_macsec_sess) entry;\n+\n+\t/* Back pointer to session */\n+\tstruct rte_security_session *sess;\n+\tenum rte_security_macsec_direction dir;\n+\tuint64_t sci;\n+\tuint8_t secy_id;\n+\tuint8_t sc_id;\n+\tuint8_t flow_id;\n+};\n+TAILQ_HEAD(cnxk_macsec_sess_list, cnxk_macsec_sess);\n+\n struct cnxk_eth_dev {\n \t/* ROC NIX */\n \tstruct roc_nix nix;\n@@ -437,6 +452,10 @@ struct cnxk_eth_dev {\n \t/* Reassembly dynfield/flag offsets */\n \tint reass_dynfield_off;\n \tint reass_dynflag_bit;\n+\n+\t/* MCS device */\n+\tstruct cnxk_mcs_dev *mcs_dev;\n+\tstruct cnxk_macsec_sess_list mcs_list;\n };\n \n struct cnxk_eth_rxq_sp {\n@@ -649,6 +668,18 @@ cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,\n int cnxk_nix_inl_meta_pool_cb(uint64_t *aura_handle, uint32_t buf_sz, uint32_t nb_bufs,\n \t\t\t bool destroy);\n \n+struct cnxk_mcs_dev * cnxk_mcs_dev_init(uint8_t mcs_idx);\n+void cnxk_mcs_dev_fini(struct cnxk_mcs_dev *mcs_dev);\n+\n+struct cnxk_macsec_sess *\n+cnxk_eth_macsec_sess_get_by_sess(struct cnxk_eth_dev *dev,\n+\t\t\t\t const struct rte_security_session *sess);\n+int cn10k_mcs_flow_configure(struct rte_eth_dev *eth_dev,\n+\t\t\t const struct rte_flow_attr *attr,\n+\t\t\t const struct rte_flow_item pattern[],\n+\t\t\t const struct rte_flow_action actions[],\n+\t\t\t struct rte_flow_error *error, void **mcs_flow);\n+\n /* Other private functions */\n int nix_recalc_mtu(struct rte_eth_dev *eth_dev);\n int nix_mtr_validate(struct rte_eth_dev *dev, uint32_t id);\ndiff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c\nindex 9304b1465d..56fb2733a4 100644\n--- a/drivers/net/cnxk/cnxk_ethdev_sec.c\n+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c\n@@ -203,7 +203,7 @@ cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,\n static unsigned int\n cnxk_eth_sec_session_get_size(void *device __rte_unused)\n {\n-\treturn sizeof(struct cnxk_eth_sec_sess);\n+\treturn RTE_MAX(sizeof(struct cnxk_macsec_sess), sizeof(struct cnxk_eth_sec_sess));\n }\n \n struct rte_security_ops cnxk_eth_sec_ops = {\ndiff --git a/drivers/net/cnxk/meson.build b/drivers/net/cnxk/meson.build\nindex f347e98fce..34bba3fb23 100644\n--- a/drivers/net/cnxk/meson.build\n+++ b/drivers/net/cnxk/meson.build\n@@ -106,6 +106,7 @@ sources += files(\n # CN10K\n sources += files(\n 'cn10k_ethdev.c',\n+ 'cn10k_ethdev_mcs.c',\n 'cn10k_ethdev_sec.c',\n 'cn10k_flow.c',\n 'cn10k_rx_select.c',\n", "prefixes": [ "3/5" ] }