Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/128548/?format=api
{ "id": 128548, "url": "http://patches.dpdk.org/api/patches/128548/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20230613071614.2259604-15-gakhil@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20230613071614.2259604-15-gakhil@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20230613071614.2259604-15-gakhil@marvell.com", "date": "2023-06-13T07:16:13", "name": "[v3,14/15] net/cnxk: add MACsec session and flow configuration", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "b40de8c52d1c12cab5c48000bd7f2a78360f9cde", "submitter": { "id": 2094, "url": "http://patches.dpdk.org/api/people/2094/?format=api", "name": "Akhil Goyal", "email": "gakhil@marvell.com" }, "delegate": { "id": 310, "url": "http://patches.dpdk.org/api/users/310/?format=api", "username": "jerin", "first_name": "Jerin", "last_name": "Jacob", "email": "jerinj@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20230613071614.2259604-15-gakhil@marvell.com/mbox/", "series": [ { "id": 28472, "url": "http://patches.dpdk.org/api/series/28472/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=28472", "date": "2023-06-13T07:15:59", "name": "net/cnxk: add MACsec support", "version": 3, "mbox": "http://patches.dpdk.org/series/28472/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/128548/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/128548/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 5B35C42CA0;\n\tTue, 13 Jun 2023 09:18:24 +0200 (CEST)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 5C37E42D10;\n\tTue, 13 Jun 2023 09:17:18 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id AF2F742D85\n for <dev@dpdk.org>; Tue, 13 Jun 2023 09:17:16 +0200 (CEST)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id\n 35D563w4013030; Tue, 13 Jun 2023 00:17:16 -0700", "from dc5-exch01.marvell.com ([199.233.59.181])\n by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3r4rpkf763-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Tue, 13 Jun 2023 00:17:15 -0700", "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48;\n Tue, 13 Jun 2023 00:17:13 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend\n Transport; Tue, 13 Jun 2023 00:17:13 -0700", "from localhost.localdomain (unknown [10.28.36.102])\n by maili.marvell.com (Postfix) with ESMTP id 14BB55E6861;\n Tue, 13 Jun 2023 00:17:10 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=nsiN3ubLSiUShYasIGO6vJhWI8x02UDNYN+aJ2TnIZ4=;\n b=Z/KQgiXjW7hjFXujCVa0KDg0FufxTxxSs7L0LcVy3k9zZuvAgjfGVdHPtD1KqLO1uRmf\n lc+GY0Ye1D3/zy/ebJvZrPljRifVQM7K2o7/Mq6uxIAMq8Gisz97UxeGnRb9+/5ltocO\n 6PHYVTkkK4rvT6pdhF2K4GV33nSL4pFMtBEqZOG9042U7t4TvsLEsmQOc6WeQqhoplto\n G8sCD+KkKL1rYet03D5HkipY5R9K8EwtGTvQaqTeCoQPJxs4OOb3nW+pHOxdCXb60jTp\n aN4ICpZBxk8j6PEDY4DgIPocQmLaLIV/zvMN571h4Kva7+naYk0O434/vw0NkgWEWPSt Lw==", "From": "Akhil Goyal <gakhil@marvell.com>", "To": "<dev@dpdk.org>", "CC": "<thomas@monjalon.net>, <david.marchand@redhat.com>,\n <vattunuru@marvell.com>, <jerinj@marvell.com>, <adwivedi@marvell.com>,\n <ndabilpuram@marvell.com>, Akhil Goyal <gakhil@marvell.com>", "Subject": "[PATCH v3 14/15] net/cnxk: add MACsec session and flow configuration", "Date": "Tue, 13 Jun 2023 12:46:13 +0530", "Message-ID": "<20230613071614.2259604-15-gakhil@marvell.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20230613071614.2259604-1-gakhil@marvell.com>", "References": "<20230607152819.226838-1-gakhil@marvell.com>\n <20230613071614.2259604-1-gakhil@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-ORIG-GUID": "OTzmtDN0DY_rGczyFk56_iPy1es8flwM", "X-Proofpoint-GUID": "OTzmtDN0DY_rGczyFk56_iPy1es8flwM", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26\n definitions=2023-06-13_04,2023-06-12_02,2023-05-22_02", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "Added support for MACsec session/flow create/destroy.\n\nSigned-off-by: Akhil Goyal <gakhil@marvell.com>\n---\n drivers/net/cnxk/cn10k_ethdev_sec.c | 11 +-\n drivers/net/cnxk/cn10k_flow.c | 23 ++-\n drivers/net/cnxk/cnxk_ethdev.c | 2 +\n drivers/net/cnxk/cnxk_ethdev.h | 16 ++\n drivers/net/cnxk/cnxk_ethdev_mcs.c | 261 ++++++++++++++++++++++++++++\n drivers/net/cnxk/cnxk_ethdev_mcs.h | 25 +++\n drivers/net/cnxk/cnxk_ethdev_sec.c | 2 +-\n drivers/net/cnxk/cnxk_flow.c | 5 +\n 8 files changed, 341 insertions(+), 4 deletions(-)", "diff": "diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c\nindex 1db29a0b55..f20e573338 100644\n--- a/drivers/net/cnxk/cn10k_ethdev_sec.c\n+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c\n@@ -642,7 +642,9 @@ cn10k_eth_sec_session_create(void *device,\n \tif (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)\n \t\treturn -ENOTSUP;\n \n-\tif (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)\n+\tif (conf->protocol == RTE_SECURITY_PROTOCOL_MACSEC)\n+\t\treturn cnxk_eth_macsec_session_create(dev, conf, sess);\n+\telse if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)\n \t\treturn -ENOTSUP;\n \n \tif (rte_security_dynfield_register() < 0)\n@@ -887,13 +889,18 @@ cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess)\n {\n \tstruct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;\n \tstruct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);\n+\tstruct cnxk_macsec_sess *macsec_sess;\n \tstruct cnxk_eth_sec_sess *eth_sec;\n \trte_spinlock_t *lock;\n \tvoid *sa_dptr;\n \n \teth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);\n-\tif (!eth_sec)\n+\tif (!eth_sec) {\n+\t\tmacsec_sess = cnxk_eth_macsec_sess_get_by_sess(dev, sess);\n+\t\tif (macsec_sess)\n+\t\t\treturn cnxk_eth_macsec_session_destroy(dev, sess);\n \t\treturn -ENOENT;\n+\t}\n \n \tlock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock;\n \trte_spinlock_lock(lock);\ndiff --git a/drivers/net/cnxk/cn10k_flow.c b/drivers/net/cnxk/cn10k_flow.c\nindex d7a3442c5f..db5e427362 100644\n--- a/drivers/net/cnxk/cn10k_flow.c\n+++ b/drivers/net/cnxk/cn10k_flow.c\n@@ -1,10 +1,11 @@\n /* SPDX-License-Identifier: BSD-3-Clause\n * Copyright(C) 2020 Marvell.\n */\n-#include <cnxk_flow.h>\n #include \"cn10k_flow.h\"\n #include \"cn10k_ethdev.h\"\n #include \"cn10k_rx.h\"\n+#include \"cnxk_ethdev_mcs.h\"\n+#include <cnxk_flow.h>\n \n static int\n cn10k_mtr_connect(struct rte_eth_dev *eth_dev, uint32_t mtr_id)\n@@ -133,6 +134,7 @@ cn10k_flow_create(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr,\n \tconst struct rte_flow_action *act_q = NULL;\n \tstruct roc_npc *npc = &dev->npc;\n \tstruct roc_npc_flow *flow;\n+\tvoid *mcs_flow = NULL;\n \tint vtag_actions = 0;\n \tuint32_t req_act = 0;\n \tint mark_actions;\n@@ -187,6 +189,17 @@ cn10k_flow_create(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr,\n \t\t}\n \t}\n \n+\tif (actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY &&\n+\t cnxk_eth_macsec_sess_get_by_sess(dev, actions[0].conf) != NULL) {\n+\t\trc = cnxk_mcs_flow_configure(eth_dev, attr, pattern, actions, error, &mcs_flow);\n+\t\tif (rc) {\n+\t\t\trte_flow_error_set(error, rc, RTE_FLOW_ERROR_TYPE_ACTION, NULL,\n+\t\t\t\t\t \"Failed to configure mcs flow\");\n+\t\t\treturn NULL;\n+\t\t}\n+\t\treturn (struct rte_flow *)mcs_flow;\n+\t}\n+\n \tflow = cnxk_flow_create(eth_dev, attr, pattern, actions, error);\n \tif (!flow) {\n \t\tif (mtr)\n@@ -265,6 +278,14 @@ cn10k_flow_destroy(struct rte_eth_dev *eth_dev, struct rte_flow *rte_flow,\n \t\t}\n \t}\n \n+\tif (cnxk_eth_macsec_sess_get_by_sess(dev, (void *)flow) != NULL) {\n+\t\trc = cnxk_mcs_flow_destroy(dev, (void *)flow);\n+\t\tif (rc < 0)\n+\t\t\trte_flow_error_set(error, rc, RTE_FLOW_ERROR_TYPE_UNSPECIFIED,\n+\t\t\t\t\tNULL, \"Failed to free mcs flow\");\n+\t\treturn rc;\n+\t}\n+\n \tmtr_id = flow->mtr_id;\n \trc = cnxk_flow_destroy(eth_dev, flow, error);\n \tif (!rc && mtr_id != ROC_NIX_MTR_ID_INVALID) {\ndiff --git a/drivers/net/cnxk/cnxk_ethdev.c b/drivers/net/cnxk/cnxk_ethdev.c\nindex 5368f0777d..4b98faa729 100644\n--- a/drivers/net/cnxk/cnxk_ethdev.c\n+++ b/drivers/net/cnxk/cnxk_ethdev.c\n@@ -1969,6 +1969,8 @@ cnxk_eth_dev_init(struct rte_eth_dev *eth_dev)\n \t\t}\n \t\tdev->rx_offload_capa |= RTE_ETH_RX_OFFLOAD_MACSEC_STRIP;\n \t\tdev->tx_offload_capa |= RTE_ETH_TX_OFFLOAD_MACSEC_INSERT;\n+\n+\t\tTAILQ_INIT(&dev->mcs_list);\n \t}\n \n \tplt_nix_dbg(\"Port=%d pf=%d vf=%d ver=%s hwcap=0x%\" PRIx64\ndiff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h\nindex d5bb06b823..45dc72b609 100644\n--- a/drivers/net/cnxk/cnxk_ethdev.h\n+++ b/drivers/net/cnxk/cnxk_ethdev.h\n@@ -292,6 +292,21 @@ struct cnxk_eth_dev_sec_outb {\n \tuint64_t cpt_eng_caps;\n };\n \n+/* MACsec session private data */\n+struct cnxk_macsec_sess {\n+\t/* List entry */\n+\tTAILQ_ENTRY(cnxk_macsec_sess) entry;\n+\n+\t/* Back pointer to session */\n+\tstruct rte_security_session *sess;\n+\tenum mcs_direction dir;\n+\tuint64_t sci;\n+\tuint8_t secy_id;\n+\tuint8_t sc_id;\n+\tuint8_t flow_id;\n+};\n+TAILQ_HEAD(cnxk_macsec_sess_list, cnxk_macsec_sess);\n+\n struct cnxk_eth_dev {\n \t/* ROC NIX */\n \tstruct roc_nix nix;\n@@ -398,6 +413,7 @@ struct cnxk_eth_dev {\n \n \t/* MCS device */\n \tstruct cnxk_mcs_dev *mcs_dev;\n+\tstruct cnxk_macsec_sess_list mcs_list;\n };\n \n struct cnxk_eth_rxq_sp {\ndiff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.c b/drivers/net/cnxk/cnxk_ethdev_mcs.c\nindex 89876abc57..b47991e259 100644\n--- a/drivers/net/cnxk/cnxk_ethdev_mcs.c\n+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.c\n@@ -256,6 +256,267 @@ cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id, enum rte_security_macse\n \treturn ret;\n }\n \n+struct cnxk_macsec_sess *\n+cnxk_eth_macsec_sess_get_by_sess(struct cnxk_eth_dev *dev, const struct rte_security_session *sess)\n+{\n+\tstruct cnxk_macsec_sess *macsec_sess = NULL;\n+\n+\tTAILQ_FOREACH(macsec_sess, &dev->mcs_list, entry) {\n+\t\tif (macsec_sess->sess == sess)\n+\t\t\treturn macsec_sess;\n+\t}\n+\n+\treturn NULL;\n+}\n+\n+int\n+cnxk_eth_macsec_session_create(struct cnxk_eth_dev *dev, struct rte_security_session_conf *conf,\n+\t\t\t struct rte_security_session *sess)\n+{\n+\tstruct cnxk_macsec_sess *macsec_sess_priv = SECURITY_GET_SESS_PRIV(sess);\n+\tstruct rte_security_macsec_xform *xform = &conf->macsec;\n+\tstruct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;\n+\tstruct roc_mcs_secy_plcy_write_req req;\n+\tenum mcs_direction dir;\n+\tuint8_t secy_id = 0;\n+\tuint8_t sectag_tci = 0;\n+\tint ret = 0;\n+\n+\tif (!roc_feature_nix_has_macsec())\n+\t\treturn -ENOTSUP;\n+\n+\tdir = (xform->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;\n+\tret = mcs_resource_alloc(mcs_dev, dir, &secy_id, 1, CNXK_MCS_RSRC_TYPE_SECY);\n+\tif (ret) {\n+\t\tplt_err(\"Failed to allocate SECY id.\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\treq.secy_id = secy_id;\n+\treq.dir = dir;\n+\treq.plcy = 0L;\n+\n+\tif (xform->dir == RTE_SECURITY_MACSEC_DIR_TX) {\n+\t\tsectag_tci = ((uint8_t)xform->tx_secy.sectag_version << 5) |\n+\t\t\t ((uint8_t)xform->tx_secy.end_station << 4) |\n+\t\t\t ((uint8_t)xform->tx_secy.send_sci << 3) |\n+\t\t\t ((uint8_t)xform->tx_secy.scb << 2) |\n+\t\t\t ((uint8_t)xform->tx_secy.encrypt << 1) |\n+\t\t\t (uint8_t)xform->tx_secy.encrypt;\n+\t\treq.plcy = (((uint64_t)xform->tx_secy.mtu & 0xFFFF) << 28) |\n+\t\t\t (((uint64_t)sectag_tci & 0x3F) << 22) |\n+\t\t\t (((uint64_t)xform->tx_secy.sectag_off & 0x7F) << 15) |\n+\t\t\t ((uint64_t)xform->tx_secy.sectag_insert_mode << 14) |\n+\t\t\t ((uint64_t)xform->tx_secy.icv_include_da_sa << 13) |\n+\t\t\t (((uint64_t)xform->cipher_off & 0x7F) << 6) |\n+\t\t\t ((uint64_t)xform->alg << 2) |\n+\t\t\t ((uint64_t)xform->tx_secy.protect_frames << 1) |\n+\t\t\t (uint64_t)xform->tx_secy.ctrl_port_enable;\n+\t} else {\n+\t\treq.plcy = ((uint64_t)xform->rx_secy.replay_win_sz << 18) |\n+\t\t\t ((uint64_t)xform->rx_secy.replay_protect << 17) |\n+\t\t\t ((uint64_t)xform->rx_secy.icv_include_da_sa << 16) |\n+\t\t\t (((uint64_t)xform->cipher_off & 0x7F) << 9) |\n+\t\t\t ((uint64_t)xform->alg << 5) |\n+\t\t\t ((uint64_t)xform->rx_secy.preserve_sectag << 4) |\n+\t\t\t ((uint64_t)xform->rx_secy.preserve_icv << 3) |\n+\t\t\t ((uint64_t)xform->rx_secy.validate_frames << 1) |\n+\t\t\t (uint64_t)xform->rx_secy.ctrl_port_enable;\n+\t}\n+\n+\tret = roc_mcs_secy_policy_write(mcs_dev->mdev, &req);\n+\tif (ret) {\n+\t\tplt_err(\" Failed to configure Tx SECY\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (xform->dir == RTE_SECURITY_MACSEC_DIR_RX) {\n+\t\tstruct roc_mcs_rx_sc_cam_write_req rx_sc_cam = {0};\n+\n+\t\trx_sc_cam.sci = xform->sci;\n+\t\trx_sc_cam.secy_id = secy_id & 0x3F;\n+\t\trx_sc_cam.sc_id = xform->sc_id;\n+\t\tret = roc_mcs_rx_sc_cam_write(mcs_dev->mdev, &rx_sc_cam);\n+\t\tif (ret) {\n+\t\t\tplt_err(\" Failed to write rx_sc_cam\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t}\n+\tmacsec_sess_priv->sci = xform->sci;\n+\tmacsec_sess_priv->sc_id = xform->sc_id;\n+\tmacsec_sess_priv->secy_id = secy_id;\n+\tmacsec_sess_priv->dir = dir;\n+\tmacsec_sess_priv->sess = sess;\n+\n+\tTAILQ_INSERT_TAIL(&dev->mcs_list, macsec_sess_priv, entry);\n+\n+\treturn 0;\n+}\n+\n+int\n+cnxk_eth_macsec_session_destroy(struct cnxk_eth_dev *dev, struct rte_security_session *sess)\n+{\n+\tstruct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;\n+\tstruct roc_mcs_clear_stats stats_req = {0};\n+\tstruct roc_mcs_free_rsrc_req req = {0};\n+\tstruct cnxk_macsec_sess *s;\n+\tint ret = 0;\n+\n+\tif (!roc_feature_nix_has_macsec())\n+\t\treturn -ENOTSUP;\n+\n+\ts = SECURITY_GET_SESS_PRIV(sess);\n+\n+\tstats_req.type = CNXK_MCS_RSRC_TYPE_SECY;\n+\tstats_req.id = s->secy_id;\n+\tstats_req.dir = s->dir;\n+\tstats_req.all = 0;\n+\n+\tret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);\n+\tif (ret)\n+\t\tplt_err(\"Failed to clear stats for SECY id %u, dir %u.\", s->secy_id, s->dir);\n+\n+\treq.rsrc_id = s->secy_id;\n+\treq.dir = s->dir;\n+\treq.rsrc_type = CNXK_MCS_RSRC_TYPE_SECY;\n+\n+\tret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);\n+\tif (ret)\n+\t\tplt_err(\"Failed to free SC id.\");\n+\n+\tTAILQ_REMOVE(&dev->mcs_list, s, entry);\n+\n+\treturn ret;\n+}\n+\n+int\n+cnxk_mcs_flow_configure(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr __rte_unused,\n+\t\t\t const struct rte_flow_item pattern[],\n+\t\t\t const struct rte_flow_action actions[],\n+\t\t\t struct rte_flow_error *error __rte_unused, void **mcs_flow)\n+{\n+\tstruct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);\n+\tstruct roc_mcs_flowid_entry_write_req req = {0};\n+\tconst struct rte_flow_item_eth *eth_item = NULL;\n+\tstruct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;\n+\tstruct cnxk_mcs_flow_opts opts = {0};\n+\tstruct cnxk_macsec_sess *sess;\n+\tstruct rte_ether_addr src;\n+\tstruct rte_ether_addr dst;\n+\tint ret;\n+\tint i = 0;\n+\n+\tif (!roc_feature_nix_has_macsec())\n+\t\treturn -ENOTSUP;\n+\n+\tsess = cnxk_eth_macsec_sess_get_by_sess(dev,\n+\t\t\t(const struct rte_security_session *)actions->conf);\n+\tif (sess == NULL)\n+\t\treturn -EINVAL;\n+\n+\tret = mcs_resource_alloc(mcs_dev, sess->dir, &sess->flow_id, 1,\n+\t\t\t\t CNXK_MCS_RSRC_TYPE_FLOWID);\n+\tif (ret) {\n+\t\tplt_err(\"Failed to allocate FLow id.\");\n+\t\treturn -ENOMEM;\n+\t}\n+\treq.sci = sess->sci;\n+\treq.flow_id = sess->flow_id;\n+\treq.secy_id = sess->secy_id;\n+\treq.sc_id = sess->sc_id;\n+\treq.ena = 1;\n+\treq.ctr_pkt = 0;\n+\treq.dir = sess->dir;\n+\n+\twhile (pattern[i].type != RTE_FLOW_ITEM_TYPE_END) {\n+\t\tif (pattern[i].type == RTE_FLOW_ITEM_TYPE_ETH)\n+\t\t\teth_item = pattern[i].spec;\n+\t\telse\n+\t\t\tplt_err(\"Unhandled flow item : %d\", pattern[i].type);\n+\t\ti++;\n+\t}\n+\tif (eth_item) {\n+\t\tdst = eth_item->hdr.dst_addr;\n+\t\tsrc = eth_item->hdr.src_addr;\n+\n+\t\t/* Find ways to fill opts */\n+\n+\t\treq.data[0] =\n+\t\t\t(uint64_t)dst.addr_bytes[0] << 40 | (uint64_t)dst.addr_bytes[1] << 32 |\n+\t\t\t(uint64_t)dst.addr_bytes[2] << 24 | (uint64_t)dst.addr_bytes[3] << 16 |\n+\t\t\t(uint64_t)dst.addr_bytes[4] << 8 | (uint64_t)dst.addr_bytes[5] |\n+\t\t\t(uint64_t)src.addr_bytes[5] << 48 | (uint64_t)src.addr_bytes[4] << 56;\n+\t\treq.data[1] = (uint64_t)src.addr_bytes[3] | (uint64_t)src.addr_bytes[2] << 8 |\n+\t\t\t (uint64_t)src.addr_bytes[1] << 16 |\n+\t\t\t (uint64_t)src.addr_bytes[0] << 24 |\n+\t\t\t (uint64_t)eth_item->hdr.ether_type << 32 |\n+\t\t\t ((uint64_t)opts.outer_tag_id & 0xFFFF) << 48;\n+\t\treq.data[2] = ((uint64_t)opts.outer_tag_id & 0xF0000) |\n+\t\t\t ((uint64_t)opts.outer_priority & 0xF) << 4 |\n+\t\t\t ((uint64_t)opts.second_outer_tag_id & 0xFFFFF) << 8 |\n+\t\t\t ((uint64_t)opts.second_outer_priority & 0xF) << 28 |\n+\t\t\t ((uint64_t)opts.bonus_data << 32) |\n+\t\t\t ((uint64_t)opts.tag_match_bitmap << 48) |\n+\t\t\t ((uint64_t)opts.packet_type & 0xF) << 56 |\n+\t\t\t ((uint64_t)opts.outer_vlan_type & 0x7) << 60 |\n+\t\t\t ((uint64_t)opts.inner_vlan_type & 0x1) << 63;\n+\t\treq.data[3] = ((uint64_t)opts.inner_vlan_type & 0x6) >> 1 |\n+\t\t\t ((uint64_t)opts.num_tags & 0x7F) << 2 |\n+\t\t\t ((uint64_t)opts.flowid_user & 0x1F) << 9 |\n+\t\t\t ((uint64_t)opts.express & 1) << 14 |\n+\t\t\t ((uint64_t)opts.lmac_id & 0x1F) << 15;\n+\n+\t\treq.mask[0] = 0x0;\n+\t\treq.mask[1] = 0xFFFFFFFF00000000;\n+\t\treq.mask[2] = 0xFFFFFFFFFFFFFFFF;\n+\t\treq.mask[3] = 0xFFFFFFFFFFFFFFFF;\n+\n+\t\tret = roc_mcs_flowid_entry_write(mcs_dev->mdev, &req);\n+\t\tif (ret)\n+\t\t\treturn ret;\n+\t\t*mcs_flow = (void *)(uintptr_t)actions->conf;\n+\t} else {\n+\t\tplt_err(\"Flow not confirured\");\n+\t\treturn -EINVAL;\n+\t}\n+\treturn 0;\n+}\n+\n+int\n+cnxk_mcs_flow_destroy(struct cnxk_eth_dev *dev, void *flow)\n+{\n+\tconst struct cnxk_macsec_sess *s = cnxk_eth_macsec_sess_get_by_sess(dev, flow);\n+\tstruct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;\n+\tstruct roc_mcs_clear_stats stats_req = {0};\n+\tstruct roc_mcs_free_rsrc_req req = {0};\n+\tint ret = 0;\n+\n+\tif (!roc_feature_nix_has_macsec())\n+\t\treturn -ENOTSUP;\n+\n+\tif (s == NULL)\n+\t\treturn 0;\n+\n+\tstats_req.type = CNXK_MCS_RSRC_TYPE_FLOWID;\n+\tstats_req.id = s->flow_id;\n+\tstats_req.dir = s->dir;\n+\tstats_req.all = 0;\n+\n+\tret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);\n+\tif (ret)\n+\t\tplt_err(\"Failed to clear stats for Flow id %u, dir %u.\", s->flow_id, s->dir);\n+\n+\treq.rsrc_id = s->flow_id;\n+\treq.dir = s->dir;\n+\treq.rsrc_type = CNXK_MCS_RSRC_TYPE_FLOWID;\n+\n+\tret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);\n+\tif (ret)\n+\t\tplt_err(\"Failed to free flow_id: %d.\", s->flow_id);\n+\n+\treturn ret;\n+}\n+\n static int\n cnxk_mcs_event_cb(void *userdata, struct roc_mcs_event_desc *desc, void *cb_arg)\n {\ndiff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.h b/drivers/net/cnxk/cnxk_ethdev_mcs.h\nindex 68c6493169..2b1a6f2c90 100644\n--- a/drivers/net/cnxk/cnxk_ethdev_mcs.h\n+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.h\n@@ -21,6 +21,27 @@ enum cnxk_mcs_rsrc_type {\n \tCNXK_MCS_RSRC_TYPE_PORT,\n };\n \n+struct cnxk_mcs_flow_opts {\n+\tuint32_t outer_tag_id;\n+\t/**< {VLAN_ID[11:0]}, or 20-bit MPLS label*/\n+\tuint8_t outer_priority;\n+\t/**< {PCP/Pbits, DE/CFI} or {1'b0, EXP} for MPLS.*/\n+\tuint32_t second_outer_tag_id;\n+\t/**< {VLAN_ID[11:0]}, or 20-bit MPLS label*/\n+\tuint8_t second_outer_priority;\n+\t/**< {PCP/Pbits, DE/CFI} or {1'b0, EXP} for MPLS. */\n+\tuint16_t bonus_data;\n+\t/**< 2 bytes of additional bonus data extracted from one of the custom tags*/\n+\tuint8_t tag_match_bitmap;\n+\tuint8_t packet_type;\n+\tuint8_t outer_vlan_type;\n+\tuint8_t inner_vlan_type;\n+\tuint8_t num_tags;\n+\tbool express;\n+\tuint8_t lmac_id;\n+\tuint8_t flowid_user;\n+};\n+\n struct cnxk_mcs_event_data {\n \t/* Valid for below events\n \t * - ROC_MCS_EVENT_RX_SA_PN_SOFT_EXP\n@@ -75,3 +96,7 @@ int cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id,\n \t\t\t enum rte_security_macsec_direction dir);\n int cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id,\n \t\t\t enum rte_security_macsec_direction dir);\n+\n+int cnxk_eth_macsec_session_create(struct cnxk_eth_dev *dev, struct rte_security_session_conf *conf,\n+\t\t\t\t struct rte_security_session *sess);\n+int cnxk_eth_macsec_session_destroy(struct cnxk_eth_dev *dev, struct rte_security_session *sess);\ndiff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c\nindex a66d58ca61..dc17c128de 100644\n--- a/drivers/net/cnxk/cnxk_ethdev_sec.c\n+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c\n@@ -284,7 +284,7 @@ cnxk_eth_sec_sess_get_by_sess(struct cnxk_eth_dev *dev,\n static unsigned int\n cnxk_eth_sec_session_get_size(void *device __rte_unused)\n {\n-\treturn sizeof(struct cnxk_eth_sec_sess);\n+\treturn RTE_MAX(sizeof(struct cnxk_macsec_sess), sizeof(struct cnxk_eth_sec_sess));\n }\n \n struct rte_security_ops cnxk_eth_sec_ops = {\ndiff --git a/drivers/net/cnxk/cnxk_flow.c b/drivers/net/cnxk/cnxk_flow.c\nindex 9595fe9386..1bacb20784 100644\n--- a/drivers/net/cnxk/cnxk_flow.c\n+++ b/drivers/net/cnxk/cnxk_flow.c\n@@ -300,6 +300,11 @@ cnxk_flow_validate(struct rte_eth_dev *eth_dev,\n \tuint32_t flowkey_cfg = 0;\n \tint rc;\n \n+\t/* Skip flow validation for MACsec. */\n+\tif (actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY &&\n+\t cnxk_eth_macsec_sess_get_by_sess(dev, actions[0].conf) != NULL)\n+\t\treturn 0;\n+\n \tmemset(&flow, 0, sizeof(flow));\n \tflow.is_validate = true;\n \n", "prefixes": [ "v3", "14/15" ] }