Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/131903/?format=api
{ "id": 131903, "url": "http://patches.dpdk.org/api/patches/131903/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20230926024959.207098-5-chaoyong.he@corigine.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20230926024959.207098-5-chaoyong.he@corigine.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20230926024959.207098-5-chaoyong.he@corigine.com", "date": "2023-09-26T02:49:53", "name": "[v2,04/10] net/nfp: initialize IPsec related content", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "c5d3151c026c89ef211c3323cf28a903bcdca4b4", "submitter": { "id": 2554, "url": "http://patches.dpdk.org/api/people/2554/?format=api", "name": "Chaoyong He", "email": "chaoyong.he@corigine.com" }, "delegate": { "id": 319, "url": "http://patches.dpdk.org/api/users/319/?format=api", "username": "fyigit", "first_name": "Ferruh", "last_name": "Yigit", "email": "ferruh.yigit@amd.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20230926024959.207098-5-chaoyong.he@corigine.com/mbox/", "series": [ { "id": 29622, "url": "http://patches.dpdk.org/api/series/29622/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=29622", "date": "2023-09-26T02:49:49", "name": "add the support of ipsec offload", "version": 2, "mbox": "http://patches.dpdk.org/series/29622/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/131903/comments/", "check": "warning", "checks": "http://patches.dpdk.org/api/patches/131903/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 676414263C;\n\tTue, 26 Sep 2023 04:51:05 +0200 (CEST)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 8FD2B402EC;\n\tTue, 26 Sep 2023 04:50:40 +0200 (CEST)", "from NAM10-DM6-obe.outbound.protection.outlook.com\n (mail-dm6nam10on2114.outbound.protection.outlook.com [40.107.93.114])\n by mails.dpdk.org (Postfix) with ESMTP id E6D69402E9\n for <dev@dpdk.org>; Tue, 26 Sep 2023 04:50:38 +0200 (CEST)", "from PH0PR13MB5568.namprd13.prod.outlook.com (2603:10b6:510:12b::16)\n by SA3PR13MB6516.namprd13.prod.outlook.com (2603:10b6:806:39c::8)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.27; Tue, 26 Sep\n 2023 02:50:37 +0000", "from PH0PR13MB5568.namprd13.prod.outlook.com\n ([fe80::b070:92e1:931e:fee7]) by PH0PR13MB5568.namprd13.prod.outlook.com\n ([fe80::b070:92e1:931e:fee7%4]) with mapi id 15.20.6792.026; Tue, 26 Sep 2023\n 02:50:36 +0000" ], "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;\n b=AuDYpJg29rPJn3+SKxqWxew7xbDkrIf09KGaHsYeHl62ezAZk6WCXNGbdThCOX8PEJ/R7Jhkn3v4m2yM2YXEJeS62wVKvwGwl+RQdleTOVcFzLAydM2VZR+nHBd3yk3DdJfIVaWqADz/7A0WXUPSwpAk50hsxjQNJgpET4k58NVy2XkpzIjItvIthL5QwG63bbINX/Eos3iBSsmmzv4CXowJ9pYeFaS0vY2WmuNALnYEY8m2ZmhMx3Vw90UuqSe7opDeU1HezNsFxxp8HZXZeVfGNOtQraAg7yQBAUQm4nglifjws1gCZ2+n2Vc7OHWToPJC2wc9hnpTzrr3eRY3SA==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector9901;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=iWA2F7C7kusNhmHvK3b/XNRW457s2UoMuyHpERYS0Eo=;\n b=AAYe2EjReVhXeiSDc34KcolpalU/Fyuf8uMFXRMp33Mq/DZEpuVd+gPqoKg3URyAUHD4hAbs4SjUi+1bD4Zg8QH9ZlGU4+1X5OeBGFV8Asb+95lvmHCuaU09V/Wa4m7LnqzWKU0/XjvdORcEQhC893uz+VYghz6ONAU1qTvlxk8LnjLZHuYsPbrJ5a+MY5E5HCAnurYIOgK2VQIbrpoX4LI/Egc4R7z4357v6ON6B3ZUHmgtgMigtk7Bi/WUIrsbq8BmABavt0wY288NXesDbp1utfo64cWClqCriSxnD356lXgWO3EqK+G3OAGb0m5e714mt0hNt/HU0JPPF1RxeQ==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=corigine.com; dmarc=pass action=none header.from=corigine.com;\n dkim=pass header.d=corigine.com; arc=none", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=corigine.onmicrosoft.com; s=selector2-corigine-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=iWA2F7C7kusNhmHvK3b/XNRW457s2UoMuyHpERYS0Eo=;\n b=QHhhiJ6C68ucVDg/ZpPAzWfodZwySWxVGlqGjjBTvn0QebYZUZGDZIQbKnZuR6kgW285My+R4to9U1gsf6+JALoBBKUC7hv0Y2w1z2Zmp43g196SnmN73PqgtK/iLV9+aoXD6Wg/v1a4X0S02CY8ih8RcBpLIX/ScEga5vdPgsg=", "Authentication-Results": "dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=corigine.com;", "From": "Chaoyong He <chaoyong.he@corigine.com>", "To": "dev@dpdk.org", "Cc": "oss-drivers@corigine.com, Chang Miao <chang.miao@corigine.com>,\n Shihong Wang <shihong.wang@corigine.com>,\n Chaoyong He <chaoyong.he@corigine.com>", "Subject": "[PATCH v2 04/10] net/nfp: initialize IPsec related content", "Date": "Tue, 26 Sep 2023 10:49:53 +0800", "Message-Id": "<20230926024959.207098-5-chaoyong.he@corigine.com>", "X-Mailer": "git-send-email 2.39.1", "In-Reply-To": "<20230926024959.207098-1-chaoyong.he@corigine.com>", "References": "<20230925060644.1458598-1-chaoyong.he@corigine.com>\n <20230926024959.207098-1-chaoyong.he@corigine.com>", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-ClientProxiedBy": "BYAPR05CA0020.namprd05.prod.outlook.com\n (2603:10b6:a03:c0::33) To PH0PR13MB5568.namprd13.prod.outlook.com\n (2603:10b6:510:12b::16)", "MIME-Version": "1.0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "PH0PR13MB5568:EE_|SA3PR13MB6516:EE_", "X-MS-Office365-Filtering-Correlation-Id": "d92ad502-6c86-4784-e081-08dbbe3b5c6c", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;", "X-Microsoft-Antispam-Message-Info": "\n OE49wEevO2mpb+OB5m/1pU0A9FkPhlfM3YjrqL41zkbW1/qwwFUD35zsxEvhr1QfZCFrLeMGLxqojbqHx48RLRAOpTk2sD01PAAhrC9mRUL0RyssVe93c7yUgQoeQ0n4/evzM8/ptov2Dormbl4BzDypW9J0D1B+aV7QfdpgEEIVhUEZxIAGXpIeX1un0pjj7JBPuBtdKQhGBXgqZAXgm4EpRO7LDKjks8gq1tOAK78/qYt4LyMfAcBL8CoKA3+5yOMf7Tl6dkN8OyKtluFUszbXZaUT2Sto1r2cKiVq9fhJ9JJiLDhXEawofYXOvXO3xM5zb+mPy76bjLVT7F7lAzgOfq/xxp1mQEH/Cn2fM0kNTuRoiHCagQxfGbHVkrInb869ef1uDZ4Qb8gKCsoCWve/67X+Ywkln3SV8bFJZ6uPAc9pBX6Qq+ktm+IO09XGFUwO4jB58qll9wnAV11dyeU43w7fserhmLx4qOLpwIJV95aOivluij7OfjZWinWHHgtZVav0B9rQJx5m8H8Ir6rj3WWl4RXmknTxaY6K8hcIH+Qvq17OtjC9NQ/QGCEbACmADabu6PBJ839T3ZwGkHZvDaz2PktdJrlg+F/jtrVT7JzFkZfaBsVNAU0Pm1xU/EiqMXDRlwe5Rl6xYnAbtPqSDUAnam0AqIN6A1y+CH4=", "X-Forefront-Antispam-Report": "CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:PH0PR13MB5568.namprd13.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230031)(39830400003)(136003)(366004)(346002)(396003)(376002)(230922051799003)(1800799009)(451199024)(186009)(4326008)(83380400001)(2616005)(6486002)(6506007)(52116002)(478600001)(6666004)(86362001)(36756003)(38100700002)(1076003)(30864003)(26005)(66476007)(8936002)(66556008)(6916009)(6512007)(2906002)(38350700002)(66946007)(41300700001)(107886003)(316002)(44832011)(8676002)(5660300002)(54906003);\n DIR:OUT; SFP:1102;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n dT3l+a0X+N2X2Kpo4FDzAMEkqbIzbUzBwl54P+l85yC9vVm9jTCXjXTueIr6tBJpnL8FiWFyw+wYx6TW8BaiLEycqUSu+JyPRlHUI7zeOuCr01cr26fXqO38ymwKEHDdLs43ZUYdnE1iZ5Bb+8sMVzylzOJQZBMedBc6s+WrxOmT8aP2q9VSJmsMeBY1pclTUIVJIzleP80PyQwb7wOPG0VaTLuanijXXgb23xBTwaetXVkqydor/8Fx1AgbE2H2E13Ajt4f8/23RwiBbEGp8fu3Gwx/exwr/RjPx+wCBkwPWECnTJ21k3CRdhRHPR7jvi/OTygB2vH8gv+iS1I6ZnmUw4oUQohzC2JcUV6hEeElrtLWwsLfnhrYb2gmn20ZxdZQ26IbA9WMucQ5cdKSbdCUo0toWyTVCz+Xog5OuQv8mljtBZiKqaZJATg7B4jvX/vvruX5F24OQdyufSZlRyZ412wzRRZdKA3SoCq4UTnwX7Ndrn9qWgoyBZUR7STbg0iMGYbUGRkz2g9KXmbo+XuBw7ZvXIdvvPRvGjEvCmOPw02Mkl2k8UT2PLUyG7pzfHCh3njyAHoMJzIq/qRPHs9Fv67MoUNdLo/rfXnmJPkdAI6Yhhu4OwqD620Yf9qHVIiP8UK2X6fQM4L5QMmcXqVJJ+LI1DPVi0ydI3Mx5e8B4KkVGAbE56XshmK7p1d/PYDqU+RM0GdYnDVyoxutmgs7JwXpZsgJIOFwvZRx2kaSk65o/izCP9hs8KkFLx1IX/Pc13YOdSEWJ2cnJT8U8m2QWy/9wHZq/X4lM8oycsMqAirTt4UfjuFxfgWbH1qZmXrsjc9QrZYdW2g3Ky022pWewn3kPYJJa/PYEdRlkyr4C7BFQTtDJXY9d9le18d/0T+GAiOtRRp0duW4vqUUg7otS01tHHJ9YSlAjoub90ots6/Xs+6p4zw/mVMk6a1M4R0gyn64xHcYm8qospbAGkmzEHsrjXgROFNCYNgm9UosiJ0cZoIGhO7NAvVfRqBl20Dx0sEJ7ChZqpyvP+ljbL4F3NEi+3VtU1Pe9QJHvm9YPWDxIrr7Z3fPdN5I1zBDAyL8qZikQkYdgoullTYEJ9MMrNweN3Wz4AWXyrzFvp+9Z9F50a6M2cAyPEBF6oGd1GVEejgwIACf9GyHxUGJSm4Uk8PWSafwmirkgTHXyvJJqhSWqHuKM/OT8tYsHuG+VNnebOHpvQJhTyxXMkEXjdKYS6hDCQH6IaCENx8VDKAqB0RIidwbjF6+v+DIF1DsOEQRMS2TbtQEc/fJGQCDpq4+ejaSNrhWSoeLlKKJ69k96c7sr5sEQimRUU3fusbVsYdLciKqvpozCWVVHtDATA74JnqBZ0A7tU83eTnZqgWNiuc8gv3gMfvoJYVF5cERahlSgzirIwiCTIN6AcTAEBcggWt9IsGfqaOdC+QPrZth6UDEJZsuGDsQ/PreZ9BEW7wLeydlB1n2b+gVk3wgbgI0I/xo1XXQT0lIeIObavL0jCEOmopNJVM8utOh6IMCWQX4l4bH0a0MTAgFGlWN6x2NYxijzuAjABZPzjIYTApUQoO5DaEzNlBMJpZevhhsfYSOfzudJFSKeeKIBm5WIg==", "X-OriginatorOrg": "corigine.com", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n d92ad502-6c86-4784-e081-08dbbe3b5c6c", "X-MS-Exchange-CrossTenant-AuthSource": "PH0PR13MB5568.namprd13.prod.outlook.com", "X-MS-Exchange-CrossTenant-AuthAs": "Internal", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "26 Sep 2023 02:50:36.9463 (UTC)", "X-MS-Exchange-CrossTenant-FromEntityHeader": "Hosted", "X-MS-Exchange-CrossTenant-Id": "fe128f2c-073b-4c20-818e-7246a585940c", "X-MS-Exchange-CrossTenant-MailboxType": "HOSTED", "X-MS-Exchange-CrossTenant-UserPrincipalName": "\n GgtA5h0kVMj0Dar18MBBbtM1U7HC3JD/48EjinDVDdQqruiT55AlKVs9cUU7TnTYuRrewnJO9SgIodQHyiE0T55GSK9Cgcr16aFivy3Cd/Y=", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "SA3PR13MB6516", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "From: Chang Miao <chang.miao@corigine.com>\n\nIf enable IPsec capability bit, driver need to Initialize IPsec.\nSet security context and security offload capabilities in datapath.\nDefine private session and add SA array for each PF to save all\nSA data in driver. Add internal mbuf dynamic flag and field to save\nIPsec related data to dynamic mbuf field.\n\nSigned-off-by: Chang Miao <chang.miao@corigine.com>\nSigned-off-by: Shihong Wang <shihong.wang@corigine.com>\nReviewed-by: Chaoyong He <chaoyong.he@corigine.com>\n---\n drivers/net/nfp/meson.build | 3 +-\n drivers/net/nfp/nfp_common.c | 7 ++\n drivers/net/nfp/nfp_common.h | 2 +\n drivers/net/nfp/nfp_ctrl.h | 3 +\n drivers/net/nfp/nfp_ethdev.c | 15 ++++\n drivers/net/nfp/nfp_ipsec.c | 131 +++++++++++++++++++++++++++\n drivers/net/nfp/nfp_ipsec.h | 169 +++++++++++++++++++++++++++++++++++\n drivers/net/nfp/nfp_rxtx.h | 12 +++\n 8 files changed, 341 insertions(+), 1 deletion(-)\n create mode 100644 drivers/net/nfp/nfp_ipsec.c\n create mode 100644 drivers/net/nfp/nfp_ipsec.h", "diff": "diff --git a/drivers/net/nfp/meson.build b/drivers/net/nfp/meson.build\nindex e78bcb8b75..3912566134 100644\n--- a/drivers/net/nfp/meson.build\n+++ b/drivers/net/nfp/meson.build\n@@ -33,8 +33,9 @@ sources = files(\n 'nfp_ethdev_vf.c',\n 'nfp_ethdev.c',\n 'nfp_flow.c',\n+ 'nfp_ipsec.c',\n 'nfp_logs.c',\n 'nfp_mtr.c',\n )\n \n-deps += ['hash']\n+deps += ['hash', 'security']\ndiff --git a/drivers/net/nfp/nfp_common.c b/drivers/net/nfp/nfp_common.c\nindex 31dab3ae9b..5683afc40a 100644\n--- a/drivers/net/nfp/nfp_common.c\n+++ b/drivers/net/nfp/nfp_common.c\n@@ -1200,6 +1200,7 @@ nfp_net_tx_desc_limits(struct nfp_net_hw *hw,\n int\n nfp_net_infos_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)\n {\n+\tuint32_t cap_extend;\n \tuint16_t min_rx_desc;\n \tuint16_t max_rx_desc;\n \tuint16_t min_tx_desc;\n@@ -1256,6 +1257,12 @@ nfp_net_infos_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)\n \tif (hw->cap & NFP_NET_CFG_CTRL_GATHER)\n \t\tdev_info->tx_offload_capa |= RTE_ETH_TX_OFFLOAD_MULTI_SEGS;\n \n+\tcap_extend = nn_cfg_readl(hw, NFP_NET_CFG_CAP_WORD1);\n+\tif ((cap_extend & NFP_NET_CFG_CTRL_IPSEC) != 0) {\n+\t\tdev_info->tx_offload_capa |= RTE_ETH_TX_OFFLOAD_SECURITY;\n+\t\tdev_info->rx_offload_capa |= RTE_ETH_RX_OFFLOAD_SECURITY;\n+\t}\n+\n \tdev_info->default_rxconf = (struct rte_eth_rxconf) {\n \t\t.rx_thresh = {\n \t\t\t.pthresh = DEFAULT_RX_PTHRESH,\ndiff --git a/drivers/net/nfp/nfp_common.h b/drivers/net/nfp/nfp_common.h\nindex 64f0af94c1..b434b031cc 100644\n--- a/drivers/net/nfp/nfp_common.h\n+++ b/drivers/net/nfp/nfp_common.h\n@@ -176,6 +176,8 @@ struct nfp_net_hw {\n \tuint8_t nfp_idx;\n \n \tstruct nfp_net_tlv_caps tlv_caps;\n+\n+\tstruct nfp_net_ipsec_data *ipsec_data;\n };\n \n struct nfp_net_adapter {\ndiff --git a/drivers/net/nfp/nfp_ctrl.h b/drivers/net/nfp/nfp_ctrl.h\nindex d539846d02..361739a4b9 100644\n--- a/drivers/net/nfp/nfp_ctrl.h\n+++ b/drivers/net/nfp/nfp_ctrl.h\n@@ -238,6 +238,9 @@ struct nfp_net_fw_ver {\n */\n #define NFP_NET_CFG_CTRL_WORD1 0x0098\n #define NFP_NET_CFG_CTRL_PKT_TYPE (0x1 << 0)\n+#define NFP_NET_CFG_CTRL_IPSEC (0x1 << 1) /**< IPsec offload */\n+#define NFP_NET_CFG_CTRL_IPSEC_SM_LOOKUP (0x1 << 3) /**< SA short match lookup */\n+#define NFP_NET_CFG_CTRL_IPSEC_LM_LOOKUP (0x1 << 4) /**< SA long match lookup */\n \n #define NFP_NET_CFG_CAP_WORD1 0x00a4\n \ndiff --git a/drivers/net/nfp/nfp_ethdev.c b/drivers/net/nfp/nfp_ethdev.c\nindex 7dc93f7c43..ebc5538291 100644\n--- a/drivers/net/nfp/nfp_ethdev.c\n+++ b/drivers/net/nfp/nfp_ethdev.c\n@@ -18,6 +18,7 @@\n #include \"nfpcore/nfp6000_pcie.h\"\n \n #include \"nfp_cpp_bridge.h\"\n+#include \"nfp_ipsec.h\"\n #include \"nfp_logs.h\"\n \n static int\n@@ -140,6 +141,10 @@ nfp_net_start(struct rte_eth_dev *dev)\n \tif ((cap_extend & NFP_NET_CFG_CTRL_PKT_TYPE) != 0)\n \t\tctrl_extend = NFP_NET_CFG_CTRL_PKT_TYPE;\n \n+\tif ((cap_extend & NFP_NET_CFG_CTRL_IPSEC) != 0)\n+\t\tctrl_extend |= NFP_NET_CFG_CTRL_IPSEC_SM_LOOKUP\n+\t\t\t\t| NFP_NET_CFG_CTRL_IPSEC_LM_LOOKUP;\n+\n \tupdate = NFP_NET_CFG_UPDATE_GEN;\n \tif (nfp_net_ext_reconfig(hw, ctrl_extend, update) < 0)\n \t\treturn -EIO;\n@@ -278,6 +283,9 @@ nfp_net_close(struct rte_eth_dev *dev)\n \n \tnfp_net_close_rx_queue(dev);\n \n+\t/* Clear ipsec */\n+\tnfp_ipsec_uninit(dev);\n+\n \t/* Cancel possible impending LSC work here before releasing the port*/\n \trte_eal_alarm_cancel(nfp_net_dev_interrupt_delayed_handler,\n \t\t\t (void *)dev);\n@@ -555,6 +563,12 @@ nfp_net_init(struct rte_eth_dev *eth_dev)\n \t\treturn err;\n \t}\n \n+\terr = nfp_ipsec_init(eth_dev);\n+\tif (err != 0) {\n+\t\tPMD_INIT_LOG(ERR, \"Failed to init IPsec module\");\n+\t\treturn err;\n+\t}\n+\n \tnfp_net_ethdev_ops_mount(hw, eth_dev);\n \n \thw->eth_xstats_base = rte_malloc(\"rte_eth_xstat\", sizeof(struct rte_eth_xstat) *\n@@ -867,6 +881,7 @@ nfp_init_app_fw_nic(struct nfp_pf_dev *pf_dev,\n \t\tif (app_fw_nic->ports[i] && app_fw_nic->ports[i]->eth_dev) {\n \t\t\tstruct rte_eth_dev *tmp_dev;\n \t\t\ttmp_dev = app_fw_nic->ports[i]->eth_dev;\n+\t\t\tnfp_ipsec_uninit(tmp_dev);\n \t\t\trte_eth_dev_release_port(tmp_dev);\n \t\t\tapp_fw_nic->ports[i] = NULL;\n \t\t}\ndiff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c\nnew file mode 100644\nindex 0000000000..f16ce97703\n--- /dev/null\n+++ b/drivers/net/nfp/nfp_ipsec.c\n@@ -0,0 +1,131 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright (c) 2023 Corigine Systems, Inc.\n+ * All rights reserved.\n+ */\n+\n+#include \"nfp_ipsec.h\"\n+\n+#include <rte_malloc.h>\n+#include <rte_security_driver.h>\n+\n+#include <ethdev_driver.h>\n+#include <ethdev_pci.h>\n+\n+#include \"nfp_common.h\"\n+#include \"nfp_ctrl.h\"\n+#include \"nfp_logs.h\"\n+#include \"nfp_rxtx.h\"\n+\n+static const struct rte_security_ops nfp_security_ops;\n+\n+static int\n+nfp_ipsec_ctx_create(struct rte_eth_dev *dev,\n+\t\tstruct nfp_net_ipsec_data *data)\n+{\n+\tstruct rte_security_ctx *ctx;\n+\tstatic const struct rte_mbuf_dynfield pkt_md_dynfield = {\n+\t\t.name = \"nfp_ipsec_crypto_pkt_metadata\",\n+\t\t.size = sizeof(struct nfp_tx_ipsec_desc_msg),\n+\t\t.align = __alignof__(struct nfp_tx_ipsec_desc_msg),\n+\t};\n+\n+\tctx = rte_zmalloc(\"security_ctx\",\n+\t\t\tsizeof(struct rte_security_ctx), 0);\n+\tif (ctx == NULL) {\n+\t\tPMD_INIT_LOG(ERR, \"Failed to malloc security_ctx\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tctx->device = dev;\n+\tctx->ops = &nfp_security_ops;\n+\tctx->sess_cnt = 0;\n+\tdev->security_ctx = ctx;\n+\n+\tdata->pkt_dynfield_offset = rte_mbuf_dynfield_register(&pkt_md_dynfield);\n+\tif (data->pkt_dynfield_offset < 0) {\n+\t\tPMD_INIT_LOG(ERR, \"Failed to register mbuf esn_dynfield\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+int\n+nfp_ipsec_init(struct rte_eth_dev *dev)\n+{\n+\tint ret;\n+\tuint32_t cap_extend;\n+\tstruct nfp_net_hw *hw;\n+\tstruct nfp_net_ipsec_data *data;\n+\n+\thw = NFP_NET_DEV_PRIVATE_TO_HW(dev->data->dev_private);\n+\n+\tcap_extend = nn_cfg_readl(hw, NFP_NET_CFG_CAP_WORD1);\n+\tif ((cap_extend & NFP_NET_CFG_CTRL_IPSEC) == 0) {\n+\t\tPMD_INIT_LOG(INFO, \"Unsupported IPsec extend capability\");\n+\t\treturn 0;\n+\t}\n+\n+\tdata = rte_zmalloc(\"ipsec_data\", sizeof(struct nfp_net_ipsec_data), 0);\n+\tif (data == NULL) {\n+\t\tPMD_INIT_LOG(ERR, \"Failed to malloc ipsec_data\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tdata->pkt_dynfield_offset = -1;\n+\tdata->sa_free_cnt = NFP_NET_IPSEC_MAX_SA_CNT;\n+\thw->ipsec_data = data;\n+\n+\tret = nfp_ipsec_ctx_create(dev, data);\n+\tif (ret != 0) {\n+\t\tPMD_INIT_LOG(ERR, \"Failed to create IPsec ctx\");\n+\t\tgoto ipsec_cleanup;\n+\t}\n+\n+\treturn 0;\n+\n+ipsec_cleanup:\n+\tnfp_ipsec_uninit(dev);\n+\n+\treturn ret;\n+}\n+\n+static void\n+nfp_ipsec_ctx_destroy(struct rte_eth_dev *dev)\n+{\n+\tif (dev->security_ctx != NULL)\n+\t\trte_free(dev->security_ctx);\n+}\n+\n+void\n+nfp_ipsec_uninit(struct rte_eth_dev *dev)\n+{\n+\tuint16_t i;\n+\tuint32_t cap_extend;\n+\tstruct nfp_net_hw *hw;\n+\tstruct nfp_ipsec_session *priv_session;\n+\n+\thw = NFP_NET_DEV_PRIVATE_TO_HW(dev->data->dev_private);\n+\n+\tcap_extend = nn_cfg_readl(hw, NFP_NET_CFG_CAP_WORD1);\n+\tif ((cap_extend & NFP_NET_CFG_CTRL_IPSEC) == 0) {\n+\t\tPMD_INIT_LOG(INFO, \"Unsupported IPsec extend capability\");\n+\t\treturn;\n+\t}\n+\n+\tnfp_ipsec_ctx_destroy(dev);\n+\n+\tif (hw->ipsec_data == NULL) {\n+\t\tPMD_INIT_LOG(INFO, \"IPsec data is NULL!\");\n+\t\treturn;\n+\t}\n+\n+\tfor (i = 0; i < NFP_NET_IPSEC_MAX_SA_CNT; i++) {\n+\t\tpriv_session = hw->ipsec_data->sa_entries[i];\n+\t\tif (priv_session != NULL)\n+\t\t\tmemset(priv_session, 0, sizeof(struct nfp_ipsec_session));\n+\t}\n+\n+\trte_free(hw->ipsec_data);\n+}\n+\ndiff --git a/drivers/net/nfp/nfp_ipsec.h b/drivers/net/nfp/nfp_ipsec.h\nnew file mode 100644\nindex 0000000000..531bc60c5a\n--- /dev/null\n+++ b/drivers/net/nfp/nfp_ipsec.h\n@@ -0,0 +1,169 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright (c) 2023 Corigine Systems, Inc.\n+ * All rights reserved.\n+ */\n+\n+#ifndef __NFP_IPSEC_H__\n+#define __NFP_IPSEC_H__\n+\n+#include <rte_security.h>\n+\n+#define NFP_NET_IPSEC_MAX_SA_CNT (16 * 1024)\n+\n+struct ipsec_aesgcm { /**< AES-GCM-ESP fields */\n+\tuint32_t salt; /**< Initialized with SA */\n+\tuint32_t iv[2]; /**< Firmware use only */\n+\tuint32_t cntrl;\n+\tuint32_t zeros[4]; /**< Init to 0 with SA */\n+\tuint32_t len_auth[2]; /**< Firmware use only */\n+\tuint32_t len_cipher[2];\n+\tuint32_t spare[4];\n+};\n+\n+struct sa_ctrl_word {\n+\tuint32_t hash :4; /**< From nfp_ipsec_hash_type */\n+\tuint32_t cimode :4; /**< From nfp_ipsec_cipher_mode */\n+\tuint32_t cipher :4; /**< From nfp_ipsec_cipher */\n+\tuint32_t mode :2; /**< From nfp_ipsec_mode */\n+\tuint32_t proto :2; /**< From nfp_ipsec_prot */\n+\tuint32_t spare :1; /**< Should be 0 */\n+\tuint32_t ena_arw:1; /**< Anti-Replay Window */\n+\tuint32_t ext_seq:1; /**< 64-bit Sequence Num */\n+\tuint32_t ext_arw:1; /**< 64b Anti-Replay Window */\n+\tuint32_t spare1 :9; /**< Must be set to 0 */\n+\tuint32_t encap_dsbl:1; /**< Encap/decap disable */\n+\tuint32_t gen_seq:1; /**< Firmware Generate Seq #'s */\n+\tuint32_t spare2 :1; /**< Must be set to 0 */\n+};\n+\n+struct ipsec_add_sa {\n+\tuint32_t cipher_key[8]; /**< Cipher Key */\n+\tunion {\n+\t\tuint32_t auth_key[16]; /**< Authentication Key */\n+\t\tstruct ipsec_aesgcm aesgcm_fields;\n+\t};\n+\tstruct sa_ctrl_word ctrl_word;\n+\tuint32_t spi; /**< SPI Value */\n+\tuint16_t pmtu_limit; /**< PMTU Limit */\n+\tuint32_t spare :1;\n+\tuint32_t frag_check :1; /**< Stateful fragment checking flag */\n+\tuint32_t bypass_DSCP:1; /**< Bypass DSCP Flag */\n+\tuint32_t df_ctrl :2; /**< DF Control bits */\n+\tuint32_t ipv6 :1; /**< Outbound IPv6 addr format */\n+\tuint32_t udp_enable :1; /**< Add/Remove UDP header for NAT */\n+\tuint32_t tfc_enable :1; /**< Traffic Flw Confidentiality */\n+\tuint8_t spare1;\n+\tuint32_t soft_byte_cnt; /**< Soft lifetime byte count */\n+\tuint32_t hard_byte_cnt; /**< Hard lifetime byte count */\n+\tuint32_t src_ip[4]; /**< Src IP addr */\n+\tuint32_t dst_ip[4]; /**< Dst IP addr */\n+\tuint16_t natt_dst_port; /**< NAT-T UDP Header dst port */\n+\tuint16_t natt_src_port; /**< NAT-T UDP Header src port */\n+\tuint32_t soft_lifetime_limit; /**< Soft lifetime time limit */\n+\tuint32_t hard_lifetime_limit; /**< Hard lifetime time limit */\n+\tuint32_t sa_time_lo; /**< SA creation time lower 32bits, Ucode fills this in */\n+\tuint32_t sa_time_hi; /**< SA creation time high 32bits, Ucode fills this in */\n+\tuint16_t spare2;\n+\tuint16_t tfc_padding; /**< Traffic Flow Confidential Pad */\n+};\n+\n+struct ipsec_inv_sa {\n+\tuint32_t spare;\n+};\n+\n+struct ipsec_discard_stats {\n+\tuint32_t discards_auth; /**< Auth failures */\n+\tuint32_t discards_unsupported; /**< Unsupported crypto mode */\n+\tuint32_t discards_alignment; /**< Alignment error */\n+\tuint32_t discards_hard_bytelimit; /**< Hard byte Count limit */\n+\tuint32_t discards_seq_num_wrap; /**< Sequ Number wrap */\n+\tuint32_t discards_pmtu_exceeded; /**< PMTU Limit exceeded*/\n+\tuint32_t discards_arw_old_seq; /**< Anti-Replay seq small */\n+\tuint32_t discards_arw_replay; /**< Anti-Replay seq rcvd */\n+\tuint32_t discards_ctrl_word; /**< Bad SA Control word */\n+\tuint32_t discards_ip_hdr_len; /**< Hdr offset from too high */\n+\tuint32_t discards_eop_buf; /**< No EOP buffer */\n+\tuint32_t ipv4_id_counter; /**< IPv4 ID field counter */\n+\tuint32_t discards_isl_fail; /**< Inbound SPD Lookup failure */\n+\tuint32_t discards_ext_unfound; /**< Ext header end */\n+\tuint32_t discards_max_ext_hdrs; /**< Max ext header */\n+\tuint32_t discards_non_ext_hdrs; /**< Non-extension headers */\n+\tuint32_t discards_ext_hdr_too_big; /**< Ext header chain */\n+\tuint32_t discards_hard_timelimit; /**< Time Limit */\n+};\n+\n+struct ipsec_get_sa_stats {\n+\tuint32_t seq_lo; /**< Sequence Number (low 32bits) */\n+\tuint32_t seq_high; /**< Sequence Number (high 32bits)*/\n+\tuint32_t arw_counter_lo; /**< Anti-replay wndw cntr */\n+\tuint32_t arw_counter_high; /**< Anti-replay wndw cntr */\n+\tuint32_t arw_bitmap_lo; /**< Anti-replay wndw bitmap */\n+\tuint32_t arw_bitmap_high; /**< Anti-replay wndw bitmap */\n+\tuint32_t spare:1;\n+\tuint32_t soft_byte_exceeded :1; /**< Soft lifetime byte cnt exceeded*/\n+\tuint32_t hard_byte_exceeded :1; /**< Hard lifetime byte cnt exceeded*/\n+\tuint32_t soft_time_exceeded :1; /**< Soft lifetime time limit exceeded*/\n+\tuint32_t hard_time_exceeded :1; /**< Hard lifetime time limit exceeded*/\n+\tuint32_t spare1:27;\n+\tuint32_t lifetime_byte_count;\n+\tuint32_t pkt_count;\n+\tstruct ipsec_discard_stats sa_discard_stats;\n+};\n+\n+struct ipsec_get_seq {\n+\tuint32_t seq_nums; /**< Sequence numbers to allocate */\n+\tuint32_t seq_num_low; /**< Return start seq num 31:00 */\n+\tuint32_t seq_num_hi; /**< Return start seq num 63:32 */\n+};\n+\n+struct nfp_ipsec_msg {\n+\tunion {\n+\t\tstruct {\n+\t\t\t/** NFP IPsec SA cmd message codes */\n+\t\t\tuint16_t cmd;\n+\t\t\t/** NFP IPsec SA response message */\n+\t\t\tuint16_t rsp;\n+\t\t\t/** NFP IPsec SA index in driver SA table */\n+\t\t\tuint16_t sa_idx;\n+\t\t\t/** Reserved */\n+\t\t\tuint16_t spare;\n+\t\t\tunion {\n+\t\t\t\t/** IPsec configure message for add SA */\n+\t\t\t\tstruct ipsec_add_sa cfg_add_sa;\n+\t\t\t\t/** IPsec configure message for del SA */\n+\t\t\t\tstruct ipsec_inv_sa cfg_inv_sa;\n+\t\t\t\t/** IPsec configure message for get SA stats */\n+\t\t\t\tstruct ipsec_get_sa_stats cfg_get_stats;\n+\t\t\t\t/** IPsec configure message for get SA seq numbers */\n+\t\t\t\tstruct ipsec_get_seq cfg_get_seq;\n+\t\t\t};\n+\t\t};\n+\t\tuint32_t raw[64];\n+\t};\n+};\n+\n+struct nfp_ipsec_session {\n+\t/** Opaque user defined data */\n+\tvoid *user_data;\n+\t/** NFP sa_entries database parameter index */\n+\tuint32_t sa_index;\n+\t/** Point to physical ports ethernet device */\n+\tstruct rte_eth_dev *dev;\n+\t/** SA related NPF configuration data */\n+\tstruct ipsec_add_sa msg;\n+\t/** Security association configuration data */\n+\tstruct rte_security_ipsec_xform ipsec;\n+\t/** Security session action type */\n+\tenum rte_security_session_action_type action;\n+} __rte_cache_aligned;\n+\n+struct nfp_net_ipsec_data {\n+\tint pkt_dynfield_offset;\n+\tuint32_t sa_free_cnt;\n+\tstruct nfp_ipsec_session *sa_entries[NFP_NET_IPSEC_MAX_SA_CNT];\n+};\n+\n+int nfp_ipsec_init(struct rte_eth_dev *dev);\n+void nfp_ipsec_uninit(struct rte_eth_dev *dev);\n+\n+#endif /* __NFP_IPSEC_H__ */\ndiff --git a/drivers/net/nfp/nfp_rxtx.h b/drivers/net/nfp/nfp_rxtx.h\nindex ddbf97e46c..4e8558074e 100644\n--- a/drivers/net/nfp/nfp_rxtx.h\n+++ b/drivers/net/nfp/nfp_rxtx.h\n@@ -43,6 +43,18 @@ struct nfp_net_dp_buf {\n \tstruct rte_mbuf *mbuf;\n };\n \n+struct nfp_tx_ipsec_desc_msg {\n+\tuint32_t sa_idx; /**< SA index in driver table */\n+\tuint32_t enc; /**< IPsec enable flag */\n+\tunion {\n+\t\tuint64_t value;\n+\t\tstruct {\n+\t\t\tuint32_t low;\n+\t\t\tuint32_t hi;\n+\t\t};\n+\t} esn; /**< Extended Sequence Number */\n+};\n+\n struct nfp_net_txq {\n \t/** Backpointer to nfp_net structure */\n \tstruct nfp_net_hw *hw;\n", "prefixes": [ "v2", "04/10" ] }