Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/131906/?format=api
{ "id": 131906, "url": "http://patches.dpdk.org/api/patches/131906/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20230926024959.207098-8-chaoyong.he@corigine.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20230926024959.207098-8-chaoyong.he@corigine.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20230926024959.207098-8-chaoyong.he@corigine.com", "date": "2023-09-26T02:49:56", "name": "[v2,07/10] net/nfp: create security session", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "2099afc2ee29a5be3c2b3cda2802ae29c0e92122", "submitter": { "id": 2554, "url": "http://patches.dpdk.org/api/people/2554/?format=api", "name": "Chaoyong He", "email": "chaoyong.he@corigine.com" }, "delegate": { "id": 319, "url": "http://patches.dpdk.org/api/users/319/?format=api", "username": "fyigit", "first_name": "Ferruh", "last_name": "Yigit", "email": "ferruh.yigit@amd.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20230926024959.207098-8-chaoyong.he@corigine.com/mbox/", "series": [ { "id": 29622, "url": "http://patches.dpdk.org/api/series/29622/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=29622", "date": "2023-09-26T02:49:49", "name": "add the support of ipsec offload", "version": 2, "mbox": "http://patches.dpdk.org/series/29622/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/131906/comments/", "check": "warning", "checks": "http://patches.dpdk.org/api/patches/131906/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 22C7B4263C;\n\tTue, 26 Sep 2023 04:51:30 +0200 (CEST)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id C5E44402EF;\n\tTue, 26 Sep 2023 04:50:46 +0200 (CEST)", "from NAM12-DM6-obe.outbound.protection.outlook.com\n (mail-dm6nam12on2134.outbound.protection.outlook.com [40.107.243.134])\n by mails.dpdk.org (Postfix) with ESMTP id 17CB24067B\n for <dev@dpdk.org>; Tue, 26 Sep 2023 04:50:45 +0200 (CEST)", "from PH0PR13MB5568.namprd13.prod.outlook.com (2603:10b6:510:12b::16)\n by SA3PR13MB6516.namprd13.prod.outlook.com (2603:10b6:806:39c::8)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.27; Tue, 26 Sep\n 2023 02:50:43 +0000", "from PH0PR13MB5568.namprd13.prod.outlook.com\n ([fe80::b070:92e1:931e:fee7]) by PH0PR13MB5568.namprd13.prod.outlook.com\n ([fe80::b070:92e1:931e:fee7%4]) with mapi id 15.20.6792.026; Tue, 26 Sep 2023\n 02:50:43 +0000" ], "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;\n b=mP/BmJ0t4RyhgcJhUpSVJ1MbcnRyiP5TUTEmLpSoRS1r41D7dOA7+2G1MFtrBY5KCqh/YUDBQXfhd5xdnymQokOJ45b50M784+E0oJrph59RxX0PUrjeumKpZLHNkicsIwnKVpD6/7zq4frroQLo8qpxOEAKMFqY4yjJA3m2nvrp9aiU1pCouMlJ9DeVYp+ZNjExQG3M5J2u9szRc04j18Dz1EQRnEKuGvzkgO0p764mWBo1d0BRFXhsivrI0x3VWta0uPRzoFecBlyhyQ05dPiw8C4RMw03zVtAQ98v1JLQwNjnmMuKBm0BIXy3AAczcSiziQT6sYnBnm4T9l73bw==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector9901;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=SU0fv+ibm0QDr3b/mmUeHi39p4ZRcbvpp3Wbs1oD/No=;\n b=fZJb1OQOZuRl7NOH5z3pccfEUI0DcL+NLgEA5HxMEpCu2momNU12kPTzAu1wWLdk9JtaZXRbb4tU8p0lmYYNUknoUaXvnW9+RD82mdwxxEMi/lNPiit4wxIcLl4b9k/GPZvDUNUGMe2zNSHy9MmvXPKfAjnamR+ra0gz+9fnLUYVe+/hIWCynfI/4qWhRT26F6YIQbhIw4tFBJGuuTjccjuFvNjQnwchC0UXSMPDZsrIzAdPulxrmRyITIr0vehx+3BVOlawHHmABSw56quNvrO4t2tqM53/UJq6BeLOts/Z1zUvYyyCt0Zksa5uwzSoGA556MEmKkQXSflxwASZSw==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=corigine.com; dmarc=pass action=none header.from=corigine.com;\n dkim=pass header.d=corigine.com; arc=none", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=corigine.onmicrosoft.com; s=selector2-corigine-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=SU0fv+ibm0QDr3b/mmUeHi39p4ZRcbvpp3Wbs1oD/No=;\n b=hsoFll0Ck2LQcU7tPqPzZLo2JffmCtKE6iu5reZeqn9njyYmmAhu9cWzw6yb7cvcTgkEJ2giiCFOgPfbveGIp6ltQRqTOBDnlKlhRtggk7e1PZIvUsHgn0MnvNfj8imBUiLW6agP2GHvEg/j9YCiBattDlOkQjdsr/leB+MO3fU=", "Authentication-Results": "dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=corigine.com;", "From": "Chaoyong He <chaoyong.he@corigine.com>", "To": "dev@dpdk.org", "Cc": "oss-drivers@corigine.com, Chang Miao <chang.miao@corigine.com>,\n Shihong Wang <shihong.wang@corigine.com>,\n Chaoyong He <chaoyong.he@corigine.com>", "Subject": "[PATCH v2 07/10] net/nfp: create security session", "Date": "Tue, 26 Sep 2023 10:49:56 +0800", "Message-Id": "<20230926024959.207098-8-chaoyong.he@corigine.com>", "X-Mailer": "git-send-email 2.39.1", "In-Reply-To": "<20230926024959.207098-1-chaoyong.he@corigine.com>", "References": "<20230925060644.1458598-1-chaoyong.he@corigine.com>\n <20230926024959.207098-1-chaoyong.he@corigine.com>", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-ClientProxiedBy": "BYAPR05CA0020.namprd05.prod.outlook.com\n (2603:10b6:a03:c0::33) To PH0PR13MB5568.namprd13.prod.outlook.com\n (2603:10b6:510:12b::16)", "MIME-Version": "1.0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "PH0PR13MB5568:EE_|SA3PR13MB6516:EE_", "X-MS-Office365-Filtering-Correlation-Id": "4d7f3c0a-9d99-48a8-c547-08dbbe3b6009", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;", "X-Microsoft-Antispam-Message-Info": "\n lWTBaQj3kibIdlKEJSZNZNA5Lo7ldafDAM/4lz+3KlgTbZ3eyA8FNvrsOfLEKYOwcWoRtFC8cIBPh6f0aL/x6b8HPNj/vGC0QlD28ElCXnrDz+8EVEyFBSerqM+gu7cjROevpOekOVjgFvNQckqHDCFCI21bZDrF9TIjT3CpU91+U8xnk8BF4AXF64VP5mtl6fpUeMfQ7ea1TS+mCZkdW56edj5wXtU5IFp+dSge3EmCEy6CI8BZcwueyB+gRKzee5dsV2TB0nx/JOesURhyZRSWUtpdoNPG23JmLfSpFT8Vn8DPU8oxVlVznscQb1pIEXY4TaCC6SmJ9JSGL1COwU7uTMIeN3K0LQgA2XgOy6ZAGKxH0U6V6YXFcaZ/fvsFTiSdK5oKQYpa+RcX8TzbwCik69w9kJNeeudddTjZy/OHGvk1mKqxClGW8NWohMsGebYC/lbjeZbMeUVszoexQdKNOqNH77OdItMwblEhshK/4MgfW2M3+VUNO+7zDpwy3eNyrmQaluEdSWNLJGDfcRczJd7xbYLtORZwiTdx158Ifz9nvtKdCxcqc60bugkJ+3SHgP6aNx7HKoytUmqQIh2G+z1sujRVgYSvOU3LP/nk37RpdjcsZCK5LmvbfvdGwV40DAVApBNOHQFmdAi/rgt4KiAe+OYeHQJZlAxjqDk=", "X-Forefront-Antispam-Report": "CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:PH0PR13MB5568.namprd13.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230031)(39830400003)(136003)(366004)(346002)(396003)(376002)(230922051799003)(1800799009)(451199024)(186009)(4326008)(83380400001)(2616005)(6486002)(6506007)(52116002)(478600001)(6666004)(86362001)(36756003)(38100700002)(1076003)(30864003)(26005)(66476007)(8936002)(66556008)(6916009)(6512007)(2906002)(15650500001)(38350700002)(66946007)(41300700001)(107886003)(316002)(44832011)(8676002)(5660300002)(54906003);\n DIR:OUT; SFP:1102;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n Haf7Ust64eDJqbV+5WoFd5w1HVfT/JS+gqbRcmdyGQCeyS3WDblBIoV83BB9ESwSx6VKx2jT4WeVofm6wKL14yi+dt6mmIQHCvGnkq2eVDGyive3UzUOgi9idRAzu7J3MKqtNQUCVDyVHkA0PyCklVcp6LqV7a1hxQ6fKYLXOktZNqQPEbqDrgLyUJ1Mv61CA8BDQZQSNaPGjh97uES7GeWxZHvsfBfkLaFiIBhyA32eOWn/1RMzJxlxOH1LMc8HMiR0zquHtmXiyrR2FP5xl0MFmE1gX7fGHM0+L8TlSfIAfsPqJv5Y85ZYn4kAIvQuNN3GHUcWgXQcqIOfI2GzOmCw2d/IFK4hLNAqlwMwP1EmmicHthbdxw+xRcVsuCF9E0RipttIvi2MXkCJro7GVcVBjXE37f2D0CZx3CU1jYTscgGBqJNEB5Ua7tTe9SZWKHgRWPZ94qPbNtwsBlk1t1u3PiDQRocFME651i7d0/rceYFhsHrKp3Js3TJYz84yLxM3so7kvtF9kZCQVzG5fQV36oc0Z/JHD5La1WsmPwHWgL3S+n0B/dxbdctEQRlr7QNMqPINmZANnKWCjgbfEAn74DF83QQl+Ev6LhbVApWVFnSOTNstFLpQwXnXo90sx68O8lYlnJTThqw47J6OAVb8TwqvDUHhnlz29OFEaCzVg+A35JrdY72X1Vpf/6EwN9xTU9wAJiU0oD1/Hdl38gb/QJ6ttMLt/KOLImEQWjOS2RVQkCZvZ9kmBgGom0ZrUmndMKK5C0RmGypykaWlSHEGoC8fs7wyycQsK5ZVpgcahjeRoke4CxaTchu9m64pgGpQficY0H2F0cZv+cFV9mI6ibsk1cuAJOSNWlg0mXI6906ENd54ZakkYTEvTpL+cK2aC26n679ftB/2Nru2+TeVQsTedWrLlvptwq9h/uNsFXwatwmy1s6VL+wJYNRq8ArcFaLVp6enwtOmhbmbFHd0Du+AUB6CuHanU+MnJoASYCVNxMkCVe6APmiqGifmNx7gl3aEQzy0WB/2apazk+uSTmilg0Mc0Z83bsuOKWz57DRSuU6nJjYZpi4WqgZ1lrb3ZQROb3uuqAkTNVsDjJn+chteARARFb1LdxzkiOr8wVzr9hlE84xQbGxE9lZOFgMUMKOs+wIKRd4JpowKtMcbWEYMdXR+A8ljo+qcMjZGOdld9e9uka7b2L3JiRvdp9wGdDoQriTD8/oBdP/BZbNWGFJ3tZ9jBW++7k++haZIIvHsw0UHV5GIyhVF/H4y1bvbQgA4n6GinzAHEiLiuu6TqNNpHYrky7O6Q1gx8bTHS23g7ODnW6ZivZBNJJUrLlsXDXw7wlWap83ZJ2i9ONtNuqc9+XkHN6myNpf0IzCC3ddAwmLzaL2L0utvVkaVZ4RyEJH88LKyg/g5RlTTY01bMIj58dFAV00hv1RXjOxf4sSvo5iNB+/jevw7DlpnGwOwFX3d8ecCuC/hUrzfUMeH4quMtWPTI5gfjnGMs1lGpypxLtZzRsGxu63jKfYANewIEt/C6U+MhWnx6MgpWUTYsCE0STLm2XhsvQJL7d94F0WUBg71G1CdLM8KicyjUdKXjhyuLHsikG8gqTKKMQ==", "X-OriginatorOrg": "corigine.com", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n 4d7f3c0a-9d99-48a8-c547-08dbbe3b6009", "X-MS-Exchange-CrossTenant-AuthSource": "PH0PR13MB5568.namprd13.prod.outlook.com", "X-MS-Exchange-CrossTenant-AuthAs": "Internal", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "26 Sep 2023 02:50:43.1854 (UTC)", "X-MS-Exchange-CrossTenant-FromEntityHeader": "Hosted", "X-MS-Exchange-CrossTenant-Id": "fe128f2c-073b-4c20-818e-7246a585940c", "X-MS-Exchange-CrossTenant-MailboxType": "HOSTED", "X-MS-Exchange-CrossTenant-UserPrincipalName": "\n /YEbR4DzYX1N7+CPk3JhumX12tBqXerh24Z1Qw6pk7RjKWwC50I/5WANSv+dKKBczRs69mSMdbRJwiMXRQO9SLVr2v8zEg9l1D1VwCpVjt4=", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "SA3PR13MB6516", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "From: Chang Miao <chang.miao@corigine.com>\n\nCreate security session to manage IPsec protocol specific message\nand crypto parameters. This session support full protocol offload\nand inline crypto operation with NIC devices.\n\nSigned-off-by: Chang Miao <chang.miao@corigine.com>\nSigned-off-by: Shihong Wang <shihong.wang@corigine.com>\nReviewed-by: Chaoyong He <chaoyong.he@corigine.com>\n---\n drivers/net/nfp/nfp_ipsec.c | 703 ++++++++++++++++++++++++++++++++++++\n 1 file changed, 703 insertions(+)", "diff": "diff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c\nindex d4292c3b90..5280180028 100644\n--- a/drivers/net/nfp/nfp_ipsec.c\n+++ b/drivers/net/nfp/nfp_ipsec.c\n@@ -17,6 +17,8 @@\n #include \"nfp_logs.h\"\n #include \"nfp_rxtx.h\"\n \n+#define NFP_UDP_ESP_PORT 4500\n+\n static const struct rte_cryptodev_capabilities nfp_crypto_caps[] = {\n \t{\n \t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n@@ -375,6 +377,62 @@ enum nfp_ipsec_cfg_msg_rsp_codes {\n \tNFP_IPSEC_CFG_MSG_SA_INVALID_CMD\n };\n \n+enum nfp_ipsec_mode {\n+\tNFP_IPSEC_MODE_TRANSPORT,\n+\tNFP_IPSEC_MODE_TUNNEL,\n+};\n+\n+enum nfp_ipsec_protocol {\n+\tNFP_IPSEC_PROTOCOL_AH,\n+\tNFP_IPSEC_PROTOCOL_ESP,\n+};\n+\n+/* Cipher modes */\n+enum nfp_ipsec_cimode {\n+\tNFP_IPSEC_CIMODE_ECB,\n+\tNFP_IPSEC_CIMODE_CBC,\n+\tNFP_IPSEC_CIMODE_CFB,\n+\tNFP_IPSEC_CIMODE_OFB,\n+\tNFP_IPSEC_CIMODE_CTR,\n+};\n+\n+/* Hash types */\n+enum nfp_ipsec_hash_type {\n+\tNFP_IPSEC_HASH_NONE,\n+\tNFP_IPSEC_HASH_MD5_96,\n+\tNFP_IPSEC_HASH_SHA1_96,\n+\tNFP_IPSEC_HASH_SHA256_96,\n+\tNFP_IPSEC_HASH_SHA384_96,\n+\tNFP_IPSEC_HASH_SHA512_96,\n+\tNFP_IPSEC_HASH_MD5_128,\n+\tNFP_IPSEC_HASH_SHA1_80,\n+\tNFP_IPSEC_HASH_SHA256_128,\n+\tNFP_IPSEC_HASH_SHA384_192,\n+\tNFP_IPSEC_HASH_SHA512_256,\n+\tNFP_IPSEC_HASH_GF128_128,\n+\tNFP_IPSEC_HASH_POLY1305_128,\n+};\n+\n+/* Cipher types */\n+enum nfp_ipsec_cipher_type {\n+\tNFP_IPSEC_CIPHER_NULL,\n+\tNFP_IPSEC_CIPHER_3DES,\n+\tNFP_IPSEC_CIPHER_AES128,\n+\tNFP_IPSEC_CIPHER_AES192,\n+\tNFP_IPSEC_CIPHER_AES256,\n+\tNFP_IPSEC_CIPHER_AES128_NULL,\n+\tNFP_IPSEC_CIPHER_AES192_NULL,\n+\tNFP_IPSEC_CIPHER_AES256_NULL,\n+\tNFP_IPSEC_CIPHER_CHACHA20,\n+};\n+\n+/* Don't Fragment types */\n+enum nfp_ipsec_df_type {\n+\tNFP_IPSEC_DF_CLEAR,\n+\tNFP_IPSEC_DF_SET,\n+\tNFP_IPSEC_DF_COPY,\n+};\n+\n static int\n nfp_ipsec_cfg_cmd_issue(struct nfp_net_hw *hw,\n \t\tstruct nfp_ipsec_msg *msg)\n@@ -427,6 +485,650 @@ nfp_ipsec_cfg_cmd_issue(struct nfp_net_hw *hw,\n \treturn ret;\n }\n \n+/**\n+ * Get valid SA index from SA table\n+ *\n+ * @param data\n+ * SA table pointer\n+ * @param sa_idx\n+ * SA table index pointer\n+ *\n+ * @return\n+ * Negative number on full or repeat, 0 on success\n+ *\n+ * Note: multiple sockets may create same SA session.\n+ */\n+static void\n+nfp_get_sa_entry(struct nfp_net_ipsec_data *data,\n+\t\tint *sa_idx)\n+{\n+\tuint32_t i;\n+\n+\tfor (i = 0; i < NFP_NET_IPSEC_MAX_SA_CNT; i++) {\n+\t\tif (data->sa_entries[i] == NULL) {\n+\t\t\t*sa_idx = i;\n+\t\t\tbreak;\n+\t\t}\n+\t}\n+}\n+\n+static void\n+nfp_aesgcm_iv_update(struct ipsec_add_sa *cfg,\n+\t\tuint16_t iv_len,\n+\t\tconst char *iv_string)\n+{\n+\tint i;\n+\tchar *save;\n+\tchar *iv_b;\n+\tchar *iv_str;\n+\tuint8_t *cfg_iv;\n+\n+\tiv_str = strdup(iv_string);\n+\tcfg_iv = (uint8_t *)cfg->aesgcm_fields.iv;\n+\n+\tfor (i = 0; i < iv_len; i++) {\n+\t\tiv_b = strtok_r(i ? NULL : iv_str, \",\", &save);\n+\t\tif (iv_b == NULL)\n+\t\t\tbreak;\n+\n+\t\tcfg_iv[i] = strtoul(iv_b, NULL, 0);\n+\t}\n+\n+\t*(uint32_t *)cfg_iv = rte_be_to_cpu_32(*(uint32_t *)cfg_iv);\n+\t*(uint32_t *)&cfg_iv[4] = rte_be_to_cpu_32(*(uint32_t *)&cfg_iv[4]);\n+\n+\tfree(iv_str);\n+}\n+\n+static int\n+set_aes_keylen(uint32_t key_length,\n+\t\tstruct ipsec_add_sa *cfg)\n+{\n+\tswitch (key_length << 3) {\n+\tcase 128:\n+\t\tcfg->ctrl_word.cipher = NFP_IPSEC_CIPHER_AES128;\n+\t\tbreak;\n+\tcase 192:\n+\t\tcfg->ctrl_word.cipher = NFP_IPSEC_CIPHER_AES192;\n+\t\tbreak;\n+\tcase 256:\n+\t\tcfg->ctrl_word.cipher = NFP_IPSEC_CIPHER_AES256;\n+\t\tbreak;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"AES cipher key length is illegal!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+/* Map rte_security_session_conf aead algo to NFP aead algo */\n+static int\n+nfp_aead_map(struct rte_eth_dev *eth_dev,\n+\t\tstruct rte_crypto_aead_xform *aead,\n+\t\tuint32_t key_length,\n+\t\tstruct ipsec_add_sa *cfg)\n+{\n+\tint ret;\n+\tuint32_t i;\n+\tuint32_t index;\n+\tuint16_t iv_len;\n+\tuint32_t offset;\n+\tuint32_t device_id;\n+\tconst char *iv_str;\n+\tconst uint32_t *key;\n+\tstruct nfp_net_hw *hw;\n+\n+\thw = NFP_NET_DEV_PRIVATE_TO_HW(eth_dev->data->dev_private);\n+\tdevice_id = hw->device_id;\n+\toffset = 0;\n+\n+\tswitch (aead->algo) {\n+\tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\t\tif (aead->digest_length != 16) {\n+\t\t\tPMD_DRV_LOG(ERR, \"ICV must be 128bit with RTE_CRYPTO_AEAD_AES_GCM!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tcfg->ctrl_word.cimode = NFP_IPSEC_CIMODE_CTR;\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_GF128_128;\n+\n+\t\tret = set_aes_keylen(key_length, cfg);\n+\t\tif (ret < 0) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Failed to set AES_GCM key length!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AEAD_CHACHA20_POLY1305:\n+\t\tif (device_id != PCI_DEVICE_ID_NFP3800_PF_NIC) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Unsupported aead CHACHA20_POLY1305 algorithm!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tif (aead->digest_length != 16) {\n+\t\t\tPMD_DRV_LOG(ERR, \"ICV must be 128bit with RTE_CRYPTO_AEAD_CHACHA20_POLY1305\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\t/* Aead->alg_key_len includes 32-bit salt */\n+\t\tif (key_length != 32) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Unsupported CHACHA20 key length\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\t/* The CHACHA20's mode is not configured */\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_POLY1305_128;\n+\t\tcfg->ctrl_word.cipher = NFP_IPSEC_CIPHER_CHACHA20;\n+\t\tbreak;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported aead algorithm!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tkey = (const uint32_t *)(aead->key.data);\n+\n+\t/*\n+\t * The CHACHA20's key order needs to be adjusted based on hardware design.\n+\t * Unadjusted order: {K0, K1, K2, K3, K4, K5, K6, K7}\n+\t * Adjusted order: {K4, K5, K6, K7, K0, K1, K2, K3}\n+\t */\n+\tif (aead->algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305)\n+\t\toffset = key_length / sizeof(cfg->cipher_key[0]) << 1;\n+\n+\tfor (i = 0; i < key_length / sizeof(cfg->cipher_key[0]); i++) {\n+\t\tindex = (i + offset) % (key_length / sizeof(cfg->cipher_key[0]));\n+\t\tcfg->cipher_key[index] = rte_cpu_to_be_32(*key++);\n+\t}\n+\n+\t/*\n+\t * The iv of the FW is equal to ESN by default. Reading the\n+\t * iv of the configuration information is not supported.\n+\t */\n+\tiv_str = getenv(\"ETH_SEC_IV_OVR\");\n+\tif (iv_str != NULL) {\n+\t\tiv_len = aead->iv.length;\n+\t\tnfp_aesgcm_iv_update(cfg, iv_len, iv_str);\n+\t}\n+\n+\treturn 0;\n+}\n+\n+/* Map rte_security_session_conf cipher algo to NFP cipher algo */\n+static int\n+nfp_cipher_map(struct rte_eth_dev *eth_dev,\n+\t\tstruct rte_crypto_cipher_xform *cipher,\n+\t\tuint32_t key_length,\n+\t\tstruct ipsec_add_sa *cfg)\n+{\n+\tint ret;\n+\tuint32_t i;\n+\tuint32_t device_id;\n+\tconst uint32_t *key;\n+\tstruct nfp_net_hw *hw;\n+\n+\thw = NFP_NET_DEV_PRIVATE_TO_HW(eth_dev->data->dev_private);\n+\tdevice_id = hw->device_id;\n+\n+\tswitch (cipher->algo) {\n+\tcase RTE_CRYPTO_CIPHER_NULL:\n+\t\tcfg->ctrl_word.cimode = NFP_IPSEC_CIMODE_CBC;\n+\t\tcfg->ctrl_word.cipher = NFP_IPSEC_CIPHER_NULL;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n+\t\tif (device_id == PCI_DEVICE_ID_NFP3800_PF_NIC) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Unsupported 3DESCBC encryption algorithm!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tcfg->ctrl_word.cimode = NFP_IPSEC_CIMODE_CBC;\n+\t\tcfg->ctrl_word.cipher = NFP_IPSEC_CIPHER_3DES;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\tcfg->ctrl_word.cimode = NFP_IPSEC_CIMODE_CBC;\n+\t\tret = set_aes_keylen(key_length, cfg);\n+\t\tif (ret < 0) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Failed to set cipher key length!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tbreak;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported cipher alg!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tkey = (const uint32_t *)(cipher->key.data);\n+\tif (key_length > sizeof(cfg->cipher_key)) {\n+\t\tPMD_DRV_LOG(ERR, \"Insufficient space for offloaded key\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tfor (i = 0; i < key_length / sizeof(cfg->cipher_key[0]); i++)\n+\t\tcfg->cipher_key[i] = rte_cpu_to_be_32(*key++);\n+\n+\treturn 0;\n+}\n+\n+static void\n+set_md5hmac(struct ipsec_add_sa *cfg,\n+\t\tuint32_t *digest_length)\n+{\n+\tswitch (*digest_length) {\n+\tcase 96:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_MD5_96;\n+\t\tbreak;\n+\tcase 128:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_MD5_128;\n+\t\tbreak;\n+\tdefault:\n+\t\t*digest_length = 0;\n+\t}\n+}\n+\n+static void\n+set_sha1hmac(struct ipsec_add_sa *cfg,\n+\t\tuint32_t *digest_length)\n+{\n+\tswitch (*digest_length) {\n+\tcase 96:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA1_96;\n+\t\tbreak;\n+\tcase 80:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA1_80;\n+\t\tbreak;\n+\tdefault:\n+\t\t*digest_length = 0;\n+\t}\n+}\n+\n+static void\n+set_sha2_256hmac(struct ipsec_add_sa *cfg,\n+\t\tuint32_t *digest_length)\n+{\n+\tswitch (*digest_length) {\n+\tcase 96:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA256_96;\n+\t\tbreak;\n+\tcase 128:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA256_128;\n+\t\tbreak;\n+\tdefault:\n+\t\t*digest_length = 0;\n+\t}\n+}\n+\n+static void\n+set_sha2_384hmac(struct ipsec_add_sa *cfg,\n+\t\tuint32_t *digest_length)\n+{\n+\tswitch (*digest_length) {\n+\tcase 96:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA384_96;\n+\t\tbreak;\n+\tcase 192:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA384_192;\n+\t\tbreak;\n+\tdefault:\n+\t\t*digest_length = 0;\n+\t}\n+}\n+\n+static void\n+set_sha2_512hmac(struct ipsec_add_sa *cfg,\n+\t\tuint32_t *digest_length)\n+{\n+\tswitch (*digest_length) {\n+\tcase 96:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA512_96;\n+\t\tbreak;\n+\tcase 256:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA512_256;\n+\t\tbreak;\n+\tdefault:\n+\t\t*digest_length = 0;\n+\t}\n+}\n+\n+/* Map rte_security_session_conf auth algo to NFP auth algo */\n+static int\n+nfp_auth_map(struct rte_eth_dev *eth_dev,\n+\t\tstruct rte_crypto_auth_xform *auth,\n+\t\tuint32_t digest_length,\n+\t\tstruct ipsec_add_sa *cfg)\n+{\n+\tuint32_t i;\n+\tuint8_t key_length;\n+\tuint32_t device_id;\n+\tconst uint32_t *key;\n+\tstruct nfp_net_hw *hw;\n+\n+\tif (digest_length == 0) {\n+\t\tPMD_DRV_LOG(ERR, \"Auth digest length is illegal!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\thw = NFP_NET_DEV_PRIVATE_TO_HW(eth_dev->data->dev_private);\n+\tdevice_id = hw->device_id;\n+\tdigest_length = digest_length << 3;\n+\n+\tswitch (auth->algo) {\n+\tcase RTE_CRYPTO_AUTH_NULL:\n+\t\tcfg->ctrl_word.hash = NFP_IPSEC_HASH_NONE;\n+\t\tdigest_length = 1;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_MD5_HMAC:\n+\t\tif (device_id == PCI_DEVICE_ID_NFP3800_PF_NIC) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Unsupported MD5HMAC authentication algorithm!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tset_md5hmac(cfg, &digest_length);\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\tset_sha1hmac(cfg, &digest_length);\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n+\t\tset_sha2_256hmac(cfg, &digest_length);\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA384_HMAC:\n+\t\tset_sha2_384hmac(cfg, &digest_length);\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n+\t\tset_sha2_512hmac(cfg, &digest_length);\n+\t\tbreak;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported auth alg!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (digest_length == 0) {\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported authentication algorithm digest length\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tkey = (const uint32_t *)(auth->key.data);\n+\tkey_length = auth->key.length;\n+\tif (key_length > sizeof(cfg->auth_key)) {\n+\t\tPMD_DRV_LOG(ERR, \"Insufficient space for offloaded auth key!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tfor (i = 0; i < key_length / sizeof(cfg->auth_key[0]); i++)\n+\t\tcfg->auth_key[i] = rte_cpu_to_be_32(*key++);\n+\n+\treturn 0;\n+}\n+\n+static int\n+nfp_crypto_msg_build(struct rte_eth_dev *eth_dev,\n+\t\tstruct rte_security_session_conf *conf,\n+\t\tstruct nfp_ipsec_msg *msg)\n+{\n+\tint ret;\n+\tstruct ipsec_add_sa *cfg;\n+\tstruct rte_crypto_sym_xform *cur;\n+\tstruct rte_crypto_sym_xform *next;\n+\tenum rte_security_ipsec_sa_direction direction;\n+\n+\tcur = conf->crypto_xform;\n+\tif (cur == NULL) {\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported crypto_xform is NULL!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tnext = cur->next;\n+\tdirection = conf->ipsec.direction;\n+\tcfg = &msg->cfg_add_sa;\n+\n+\tswitch (cur->type) {\n+\tcase RTE_CRYPTO_SYM_XFORM_AEAD:\n+\t\t/* Aead transforms can be used for either inbound/outbound IPsec SAs */\n+\t\tif (next != NULL) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Next crypto_xform type should be NULL!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tret = nfp_aead_map(eth_dev, &cur->aead, cur->aead.key.length, cfg);\n+\t\tif (ret < 0) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Failed to map aead alg!\");\n+\t\t\treturn ret;\n+\t\t}\n+\n+\t\tcfg->aesgcm_fields.salt = rte_cpu_to_be_32(conf->ipsec.salt);\n+\t\tbreak;\n+\tcase RTE_CRYPTO_SYM_XFORM_AUTH:\n+\t\t/* Only support Auth + Cipher for inbound */\n+\t\tif (direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Direction should be INGRESS, but it is not!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tif (next == NULL || next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Next crypto_xfrm should be cipher, but it is not!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tret = nfp_auth_map(eth_dev, &cur->auth, cur->auth.digest_length, cfg);\n+\t\tif (ret < 0) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Failed to map auth alg!\");\n+\t\t\treturn ret;\n+\t\t}\n+\n+\t\tret = nfp_cipher_map(eth_dev, &next->cipher, next->cipher.key.length, cfg);\n+\t\tif (ret < 0) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Failed to map cipher alg!\");\n+\t\t\treturn ret;\n+\t\t}\n+\n+\t\tbreak;\n+\tcase RTE_CRYPTO_SYM_XFORM_CIPHER:\n+\t\t/* Only support Cipher + Auth for outbound */\n+\t\tif (direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Direction should be EGRESS, but it is not!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tif (next == NULL || next->type != RTE_CRYPTO_SYM_XFORM_AUTH) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Next crypto_xfrm should be auth, but it is not!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tret = nfp_cipher_map(eth_dev, &cur->cipher, cur->cipher.key.length, cfg);\n+\t\tif (ret < 0) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Failed to map cipher alg!\");\n+\t\t\treturn ret;\n+\t\t}\n+\n+\t\tret = nfp_auth_map(eth_dev, &next->auth, next->auth.digest_length, cfg);\n+\t\tif (ret < 0) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Failed to map auth alg!\");\n+\t\t\treturn ret;\n+\t\t}\n+\n+\t\tbreak;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported crypto_xform type!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+static int\n+nfp_ipsec_msg_build(struct rte_eth_dev *eth_dev,\n+\t\tstruct rte_security_session_conf *conf,\n+\t\tstruct nfp_ipsec_msg *msg)\n+{\n+\tint ret;\n+\tuint32_t i;\n+\tstruct ipsec_add_sa *cfg;\n+\tenum rte_security_ipsec_tunnel_type type;\n+\n+\tcfg = &msg->cfg_add_sa;\n+\tcfg->spi = conf->ipsec.spi;\n+\tcfg->pmtu_limit = 0xffff;\n+\n+\t/*\n+\t * UDP encapsulation\n+\t *\n+\t * 1: Do UDP encapsulation/decapsulation\n+\t * 0: No UDP encapsulation\n+\t */\n+\tif (conf->ipsec.options.udp_encap == 1) {\n+\t\tcfg->udp_enable = 1;\n+\t\tcfg->natt_dst_port = NFP_UDP_ESP_PORT;\n+\t\tcfg->natt_src_port = NFP_UDP_ESP_PORT;\n+\t}\n+\n+\tif (conf->ipsec.options.copy_df == 1)\n+\t\tcfg->df_ctrl = NFP_IPSEC_DF_COPY;\n+\telse if (conf->ipsec.tunnel.ipv4.df != 0)\n+\t\tcfg->df_ctrl = NFP_IPSEC_DF_SET;\n+\telse\n+\t\tcfg->df_ctrl = NFP_IPSEC_DF_CLEAR;\n+\n+\tswitch (conf->action_type) {\n+\tcase RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:\n+\t\tcfg->ctrl_word.encap_dsbl = 1;\n+\t\tbreak;\n+\tcase RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:\n+\t\tcfg->ctrl_word.encap_dsbl = 0;\n+\t\tbreak;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported IPsec action for offload, action: %d\",\n+\t\t\t\tconf->action_type);\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tswitch (conf->ipsec.proto) {\n+\tcase RTE_SECURITY_IPSEC_SA_PROTO_ESP:\n+\t\tcfg->ctrl_word.proto = NFP_IPSEC_PROTOCOL_ESP;\n+\t\tbreak;\n+\tcase RTE_SECURITY_IPSEC_SA_PROTO_AH:\n+\t\tcfg->ctrl_word.proto = NFP_IPSEC_PROTOCOL_AH;\n+\t\tbreak;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported IPsec protocol for offload, protocol: %d\",\n+\t\t\t\tconf->ipsec.proto);\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tswitch (conf->ipsec.mode) {\n+\tcase RTE_SECURITY_IPSEC_SA_MODE_TUNNEL:\n+\t\ttype = conf->ipsec.tunnel.type;\n+\t\tcfg->ctrl_word.mode = NFP_IPSEC_MODE_TUNNEL;\n+\t\tif (type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {\n+\t\t\tcfg->src_ip[0] = conf->ipsec.tunnel.ipv4.src_ip.s_addr;\n+\t\t\tcfg->dst_ip[0] = conf->ipsec.tunnel.ipv4.dst_ip.s_addr;\n+\t\t\tcfg->ipv6 = 0;\n+\t\t} else if (type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) {\n+\t\t\tmemcpy(cfg->src_ip, conf->ipsec.tunnel.ipv6.src_addr.s6_addr, 16);\n+\t\t\tmemcpy(cfg->dst_ip, conf->ipsec.tunnel.ipv6.dst_addr.s6_addr, 16);\n+\t\t\tcfg->ipv6 = 1;\n+\t\t} else {\n+\t\t\tPMD_DRV_LOG(ERR, \"Unsupported address family!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tbreak;\n+\tcase RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT:\n+\t\ttype = conf->ipsec.tunnel.type;\n+\t\tcfg->ctrl_word.mode = NFP_IPSEC_MODE_TRANSPORT;\n+\t\tif (type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {\n+\t\t\tcfg->src_ip[0] = 0;\n+\t\t\tcfg->dst_ip[0] = 0;\n+\t\t\tcfg->ipv6 = 0;\n+\t\t} else if (type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) {\n+\t\t\tfor (i = 0; i < 4; i++) {\n+\t\t\t\tcfg->src_ip[i] = 0;\n+\t\t\t\tcfg->dst_ip[i] = 0;\n+\t\t\t}\n+\t\t\tcfg->ipv6 = 1;\n+\t\t} else {\n+\t\t\tPMD_DRV_LOG(ERR, \"Unsupported address family!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tbreak;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported IPsec mode for offload, mode: %d\",\n+\t\t\t\tconf->ipsec.mode);\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tret = nfp_crypto_msg_build(eth_dev, conf, msg);\n+\tif (ret < 0) {\n+\t\tPMD_DRV_LOG(ERR, \"Failed to build auth/crypto/aead msg!\");\n+\t\treturn ret;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+static int\n+nfp_crypto_create_session(void *device,\n+\t\tstruct rte_security_session_conf *conf,\n+\t\tstruct rte_security_session *session)\n+{\n+\tint ret;\n+\tint sa_idx;\n+\tstruct nfp_net_hw *hw;\n+\tstruct nfp_ipsec_msg msg;\n+\tstruct rte_eth_dev *eth_dev;\n+\tstruct nfp_ipsec_session *priv_session;\n+\n+\t/* Only support IPsec at present */\n+\tif (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {\n+\t\tPMD_DRV_LOG(ERR, \"Unsupported non-IPsec offload!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tsa_idx = -1;\n+\teth_dev = device;\n+\tpriv_session = SECURITY_GET_SESS_PRIV(session);\n+\thw = NFP_NET_DEV_PRIVATE_TO_HW(eth_dev->data->dev_private);\n+\n+\tif (hw->ipsec_data->sa_free_cnt == 0) {\n+\t\tPMD_DRV_LOG(ERR, \"No space in SA table, spi: %d\", conf->ipsec.spi);\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tnfp_get_sa_entry(hw->ipsec_data, &sa_idx);\n+\n+\tif (sa_idx < 0) {\n+\t\tPMD_DRV_LOG(ERR, \"Failed to get SA entry!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tmemset(&msg, 0, sizeof(msg));\n+\tret = nfp_ipsec_msg_build(eth_dev, conf, &msg);\n+\tif (ret < 0) {\n+\t\tPMD_DRV_LOG(ERR, \"Failed to build IPsec msg!\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tmsg.cmd = NFP_IPSEC_CFG_MSG_ADD_SA;\n+\tmsg.sa_idx = sa_idx;\n+\tret = nfp_ipsec_cfg_cmd_issue(hw, &msg);\n+\tif (ret < 0) {\n+\t\tPMD_DRV_LOG(ERR, \"Failed to add SA to nic\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tpriv_session->action = conf->action_type;\n+\tpriv_session->ipsec = conf->ipsec;\n+\tpriv_session->msg = msg.cfg_add_sa;\n+\tpriv_session->sa_index = sa_idx;\n+\tpriv_session->dev = eth_dev;\n+\tpriv_session->user_data = conf->userdata;\n+\n+\thw->ipsec_data->sa_free_cnt--;\n+\thw->ipsec_data->sa_entries[sa_idx] = priv_session;\n+\n+\treturn 0;\n+}\n+\n /**\n * Get discards packet statistics for each SA\n *\n@@ -517,6 +1219,7 @@ nfp_security_session_get_size(void *device __rte_unused)\n }\n \n static const struct rte_security_ops nfp_security_ops = {\n+\t.session_create = nfp_crypto_create_session,\n \t.session_get_size = nfp_security_session_get_size,\n \t.session_stats_get = nfp_security_session_get_stats,\n \t.capabilities_get = nfp_crypto_capabilities_get,\n", "prefixes": [ "v2", "07/10" ] }