Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/64861/?format=api
{ "id": 64861, "url": "http://patches.dpdk.org/api/patches/64861/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1579344553-11428-6-git-send-email-anoobj@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1579344553-11428-6-git-send-email-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1579344553-11428-6-git-send-email-anoobj@marvell.com", "date": "2020-01-18T10:49:03", "name": "[v2,05/15] crypto/octeontx2: add security in eth dev configure", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "6cf0b3de63f5e1427b4bda0039a788b7cb457638", "submitter": { "id": 1205, "url": "http://patches.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1579344553-11428-6-git-send-email-anoobj@marvell.com/mbox/", "series": [ { "id": 8203, "url": "http://patches.dpdk.org/api/series/8203/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=8203", "date": "2020-01-18T10:48:58", "name": "add OCTEONTX2 inline IPsec support", "version": 2, "mbox": "http://patches.dpdk.org/series/8203/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/64861/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/64861/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 873BFA051C;\n\tSat, 18 Jan 2020 11:50:19 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id B99123253;\n\tSat, 18 Jan 2020 11:50:13 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 2B71B29D6\n for <dev@dpdk.org>; Sat, 18 Jan 2020 11:50:12 +0100 (CET)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 00IAoB3B019397; Sat, 18 Jan 2020 02:50:11 -0800", "from sc-exch04.marvell.com ([199.233.58.184])\n by mx0a-0016f401.pphosted.com with ESMTP id 2xm08v01n7-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Sat, 18 Jan 2020 02:50:11 -0800", "from SC-EXCH01.marvell.com (10.93.176.81) by SC-EXCH04.marvell.com\n (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 18 Jan\n 2020 02:50:09 -0800", "from maili.marvell.com (10.93.176.43) by SC-EXCH01.marvell.com\n (10.93.176.81) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Sat, 18 Jan 2020 02:50:09 -0800", "from ajoseph83.caveonetworks.com (unknown [10.29.45.60])\n by maili.marvell.com (Postfix) with ESMTP id 928D83F7041;\n Sat, 18 Jan 2020 02:50:04 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0818;\n bh=mvtLZ1qjHKbREoKJAhYxvENJmFv5f+uuOrA5l1Vz9As=;\n b=kpXByhbzt6/4hl50pY8VPNlsRLcztgTAhe9mTdyFeMqKCOUXpwyBivP4Z2VQXI0xrogK\n dY/uZpNqebQnr3KgRhBvrm3zWpYbJjS1OJ3+2j4v8MLxMMHpFnruD9iSGrpTP0Yzn5kX\n jCE1wk/SWnTU5C6fsRNgAuLd61wJ65Kjxoy5UMrUjHI8iklMeS87q1poMYDPnz/jczV4\n Zk4SVXBxpCgbAah5jl8GK1z/N8uyH/myo7dYiDyTCO/c1DB81LFMzqMkIjJqPyHX3OdN\n yIPh5vcqdZPD8huX6iMlIIeFwv28DHxcq0ihuBzzoZ+m1ZeB5Gt42Jft+IDi12jPk/vh xg==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <akhil.goyal@nxp.com>, Declan Doherty\n <declan.doherty@intel.com>, Thomas Monjalon <thomas@monjalon.net>", "CC": "Tejasree Kondoj <ktejasree@marvell.com>, Jerin Jacob <jerinj@marvell.com>,\n Narayana Prasad <pathreya@marvell.com>, Kiran Kumar K\n <kirankumark@marvell.com>, Nithin Dabilpuram <ndabilpuram@marvell.com>,\n \"Pavan Nikhilesh\" <pbhagavatula@marvell.com>, Ankur Dwivedi\n <adwivedi@marvell.com>, Anoob Joseph <anoobj@marvell.com>,\n Archana Muniganti <marchana@marvell.com>,\n Vamsi Attunuru <vattunuru@marvell.com>, Lukasz\n Bartosik <lbartosik@marvell.com>, <dev@dpdk.org>", "Date": "Sat, 18 Jan 2020 16:19:03 +0530", "Message-ID": "<1579344553-11428-6-git-send-email-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1579344553-11428-1-git-send-email-anoobj@marvell.com>", "References": "<1575806094-28391-1-git-send-email-anoobj@marvell.com>\n <1579344553-11428-1-git-send-email-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572\n definitions=2020-01-18_02:2020-01-16,\n 2020-01-18 signatures=0", "Subject": "[dpdk-dev] [PATCH v2 05/15] crypto/octeontx2: add security in eth\n\tdev configure", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Tejasree Kondoj <ktejasree@marvell.com>\n\nAdding security in eth device configure.\n\nSigned-off-by: Ankur Dwivedi <adwivedi@marvell.com>\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\nSigned-off-by: Archana Muniganti <marchana@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\nSigned-off-by: Vamsi Attunuru <vattunuru@marvell.com>\n---\n doc/guides/nics/octeontx2.rst | 20 +++++\n doc/guides/rel_notes/release_20_02.rst | 9 ++\n drivers/common/octeontx2/otx2_common.h | 4 +\n drivers/crypto/octeontx2/Makefile | 2 +-\n drivers/crypto/octeontx2/meson.build | 1 +\n drivers/crypto/octeontx2/otx2_cryptodev.c | 2 +\n drivers/crypto/octeontx2/otx2_ipsec_fp.h | 55 +++++++++++++\n drivers/crypto/octeontx2/otx2_security.c | 122 ++++++++++++++++++++++++++++\n drivers/crypto/octeontx2/otx2_security.h | 4 +\n drivers/net/octeontx2/otx2_ethdev.c | 22 ++++-\n drivers/net/octeontx2/otx2_ethdev.h | 2 +\n drivers/net/octeontx2/otx2_ethdev_devargs.c | 19 +++++\n 12 files changed, 260 insertions(+), 2 deletions(-)\n create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_fp.h", "diff": "diff --git a/doc/guides/nics/octeontx2.rst b/doc/guides/nics/octeontx2.rst\nindex db62a45..fd4e455 100644\n--- a/doc/guides/nics/octeontx2.rst\n+++ b/doc/guides/nics/octeontx2.rst\n@@ -38,6 +38,7 @@ Features of the OCTEON TX2 Ethdev PMD are:\n - IEEE1588 timestamping\n - HW offloaded `ethdev Rx queue` to `eventdev event queue` packet injection\n - Support Rx interrupt\n+- Inline IPsec processing support\n \n Prerequisites\n -------------\n@@ -178,6 +179,17 @@ Runtime Config Options\n traffic on this port should be higig2 traffic only. Supported switch header\n types are \"higig2\" and \"dsa\".\n \n+- ``Max SPI for inbound inline IPsec`` (default ``1``)\n+\n+ Max SPI supported for inbound inline IPsec processing can be specified by\n+ ``ipsec_in_max_spi`` ``devargs`` parameter.\n+\n+ For example::\n+ -w 0002:02:00.0,ipsec_in_max_spi=128\n+\n+ With the above configuration, application can enable inline IPsec processing\n+ on 128 SAs (SPI 0-127).\n+\n .. note::\n \n Above devarg parameters are configurable per device, user needs to pass the\n@@ -211,6 +223,14 @@ SDP interface support\n ~~~~~~~~~~~~~~~~~~~~~\n OCTEON TX2 SDP interface support is limited to PF device, No VF support.\n \n+Inline Protocol Processing\n+~~~~~~~~~~~~~~~~~~~~~~~~~~\n+``net_octeontx2`` pmd doesn't support the following features for packets to be\n+inline protocol processed.\n+- TSO offload\n+- VLAN/QinQ offload\n+- Fragmentation\n+\n Debugging Options\n -----------------\n \ndiff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst\nindex 6cbe457..8e71fef 100644\n--- a/doc/guides/rel_notes/release_20_02.rst\n+++ b/doc/guides/rel_notes/release_20_02.rst\n@@ -82,6 +82,15 @@ New Features\n \n Added Chacha20-Poly1305 AEAD algorithm.\n \n+* **Added inline IPsec support to Marvell OCTEONTX2 PMD.**\n+\n+ Added inline IPsec support to Marvell OCTEONTX2 PMD. With the feature,\n+ applications would be able to offload entire IPsec offload to the hardware.\n+ For the configured sessions, hardware will do the lookup and perform\n+ decryption and IPsec transformation. For the outbound path, application\n+ can submit a plain packet to the PMD, and it would be sent out on wire\n+ after doing encryption and IPsec transformation of the packet.\n+\n \n Removed Items\n -------------\ndiff --git a/drivers/common/octeontx2/otx2_common.h b/drivers/common/octeontx2/otx2_common.h\nindex 4e8d0af..fbe7335 100644\n--- a/drivers/common/octeontx2/otx2_common.h\n+++ b/drivers/common/octeontx2/otx2_common.h\n@@ -79,10 +79,14 @@ int otx2_npa_lf_obj_ref(void);\n \n typedef int (*otx2_sec_eth_ctx_create_t)(struct rte_eth_dev *eth_dev);\n typedef void (*otx2_sec_eth_ctx_destroy_t)(struct rte_eth_dev *eth_dev);\n+typedef int (*otx2_sec_eth_init_t)(struct rte_eth_dev *eth_dev);\n+typedef void (*otx2_sec_eth_fini_t)(struct rte_eth_dev *eth_dev);\n \n struct otx2_sec_eth_crypto_idev_ops {\n \totx2_sec_eth_ctx_create_t ctx_create;\n \totx2_sec_eth_ctx_destroy_t ctx_destroy;\n+\totx2_sec_eth_init_t init;\n+\totx2_sec_eth_fini_t fini;\n };\n \n extern struct otx2_sec_eth_crypto_idev_ops otx2_sec_idev_ops;\ndiff --git a/drivers/crypto/octeontx2/Makefile b/drivers/crypto/octeontx2/Makefile\nindex d2e9b9f..5966ddc 100644\n--- a/drivers/crypto/octeontx2/Makefile\n+++ b/drivers/crypto/octeontx2/Makefile\n@@ -11,7 +11,7 @@ LIB = librte_pmd_octeontx2_crypto.a\n CFLAGS += $(WERROR_FLAGS)\n \n LDLIBS += -lrte_eal -lrte_ethdev -lrte_mbuf -lrte_mempool -lrte_ring\n-LDLIBS += -lrte_cryptodev -lrte_security\n+LDLIBS += -lrte_cryptodev -lrte_security -lrte_eventdev\n LDLIBS += -lrte_pci -lrte_bus_pci\n LDLIBS += -lrte_common_cpt -lrte_common_octeontx2\n \ndiff --git a/drivers/crypto/octeontx2/meson.build b/drivers/crypto/octeontx2/meson.build\nindex f7b2937..f0f5043 100644\n--- a/drivers/crypto/octeontx2/meson.build\n+++ b/drivers/crypto/octeontx2/meson.build\n@@ -9,6 +9,7 @@ deps += ['bus_pci']\n deps += ['common_cpt']\n deps += ['common_octeontx2']\n deps += ['ethdev']\n+deps += ['eventdev']\n deps += ['security']\n name = 'octeontx2_crypto'\n \ndiff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c\nindex 86c1188..34feb82 100644\n--- a/drivers/crypto/octeontx2/otx2_cryptodev.c\n+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c\n@@ -158,4 +158,6 @@ RTE_INIT(otx2_cpt_init_log)\n \n \totx2_sec_idev_ops.ctx_create = otx2_sec_eth_ctx_create;\n \totx2_sec_idev_ops.ctx_destroy = otx2_sec_eth_ctx_destroy;\n+\totx2_sec_idev_ops.init = otx2_sec_eth_init;\n+\totx2_sec_idev_ops.fini = otx2_sec_eth_fini;\n }\ndiff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\nnew file mode 100644\nindex 0000000..bf4181a\n--- /dev/null\n+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n@@ -0,0 +1,55 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2020 Marvell International Ltd.\n+ */\n+\n+#ifndef __OTX2_IPSEC_FP_H__\n+#define __OTX2_IPSEC_FP_H__\n+\n+struct otx2_ipsec_fp_sa_ctl {\n+\trte_be32_t spi : 32;\n+\tuint64_t exp_proto_inter_frag : 8;\n+\tuint64_t rsvd_42_40 : 3;\n+\tuint64_t esn_en : 1;\n+\tuint64_t rsvd_45_44 : 2;\n+\tuint64_t encap_type : 2;\n+\tuint64_t enc_type : 3;\n+\tuint64_t rsvd_48 : 1;\n+\tuint64_t auth_type : 4;\n+\tuint64_t valid : 1;\n+\tuint64_t direction : 1;\n+\tuint64_t outer_ip_ver : 1;\n+\tuint64_t inner_ip_ver : 1;\n+\tuint64_t ipsec_mode : 1;\n+\tuint64_t ipsec_proto : 1;\n+\tuint64_t aes_key_len : 2;\n+};\n+\n+struct otx2_ipsec_fp_in_sa {\n+\t/* w0 */\n+\tstruct otx2_ipsec_fp_sa_ctl ctl;\n+\n+\t/* w1 */\n+\tuint8_t nonce[4]; /* Only for AES-GCM */\n+\tuint32_t unused;\n+\n+\t/* w2 */\n+\tuint32_t esn_low;\n+\tuint32_t esn_hi;\n+\n+\t/* w3-w6 */\n+\tuint8_t cipher_key[32];\n+\n+\t/* w7-w12 */\n+\tuint8_t hmac_key[48];\n+\n+\tRTE_STD_C11\n+\tunion {\n+\t\tvoid *userdata;\n+\t\tuint64_t udata64;\n+\t};\n+\n+\tuint64_t reserved1;\n+\tuint64_t reserved2;\n+};\n+\n+#endif /* __OTX2_IPSEC_FP_H__ */\ndiff --git a/drivers/crypto/octeontx2/otx2_security.c b/drivers/crypto/octeontx2/otx2_security.c\nindex 531c78b..cdb7950 100644\n--- a/drivers/crypto/octeontx2/otx2_security.c\n+++ b/drivers/crypto/octeontx2/otx2_security.c\n@@ -3,11 +3,36 @@\n */\n \n #include <rte_ethdev.h>\n+#include <rte_eventdev.h>\n #include <rte_malloc.h>\n+#include <rte_memzone.h>\n #include <rte_security.h>\n \n+#include \"otx2_ethdev.h\"\n+#include \"otx2_ipsec_fp.h\"\n #include \"otx2_security.h\"\n \n+#define SEC_ETH_MAX_PKT_LEN\t1450\n+\n+struct sec_eth_tag_const {\n+\tRTE_STD_C11\n+\tunion {\n+\t\tstruct {\n+\t\t\tuint32_t rsvd_11_0 : 12;\n+\t\t\tuint32_t port : 8;\n+\t\t\tuint32_t event_type : 4;\n+\t\t\tuint32_t rsvd_31_24 : 8;\n+\t\t};\n+\t\tuint32_t u32;\n+\t};\n+};\n+\n+static inline void\n+in_sa_mz_name_get(char *name, int size, uint16_t port)\n+{\n+\tsnprintf(name, size, \"otx2_ipsec_in_sadb_%u\", port);\n+}\n+\n int\n otx2_sec_eth_ctx_create(struct rte_eth_dev *eth_dev)\n {\n@@ -33,3 +58,100 @@ otx2_sec_eth_ctx_destroy(struct rte_eth_dev *eth_dev)\n {\n \trte_free(eth_dev->security_ctx);\n }\n+\n+static int\n+sec_eth_ipsec_cfg(struct rte_eth_dev *eth_dev, uint8_t tt)\n+{\n+\tstruct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);\n+\tuint16_t port = eth_dev->data->port_id;\n+\tstruct nix_inline_ipsec_lf_cfg *req;\n+\tstruct otx2_mbox *mbox = dev->mbox;\n+\tstruct sec_eth_tag_const tag_const;\n+\tchar name[RTE_MEMZONE_NAMESIZE];\n+\tconst struct rte_memzone *mz;\n+\n+\tin_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);\n+\tmz = rte_memzone_lookup(name);\n+\tif (mz == NULL)\n+\t\treturn -EINVAL;\n+\n+\treq = otx2_mbox_alloc_msg_nix_inline_ipsec_lf_cfg(mbox);\n+\treq->enable = 1;\n+\treq->sa_base_addr = mz->iova;\n+\n+\treq->ipsec_cfg0.tt = tt;\n+\n+\ttag_const.u32 = 0;\n+\ttag_const.event_type = RTE_EVENT_TYPE_ETHDEV;\n+\ttag_const.port = port;\n+\treq->ipsec_cfg0.tag_const = tag_const.u32;\n+\n+\treq->ipsec_cfg0.sa_pow2_size =\n+\t\t\trte_log2_u32(sizeof(struct otx2_ipsec_fp_in_sa));\n+\treq->ipsec_cfg0.lenm1_max = SEC_ETH_MAX_PKT_LEN - 1;\n+\n+\treq->ipsec_cfg1.sa_idx_w = rte_log2_u32(dev->ipsec_in_max_spi);\n+\treq->ipsec_cfg1.sa_idx_max = dev->ipsec_in_max_spi - 1;\n+\n+\treturn otx2_mbox_process(mbox);\n+}\n+\n+int\n+otx2_sec_eth_init(struct rte_eth_dev *eth_dev)\n+{\n+\tconst size_t sa_width = sizeof(struct otx2_ipsec_fp_in_sa);\n+\tstruct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);\n+\tuint16_t port = eth_dev->data->port_id;\n+\tchar name[RTE_MEMZONE_NAMESIZE];\n+\tconst struct rte_memzone *mz;\n+\tint mz_sz, ret;\n+\tuint16_t nb_sa;\n+\n+\tRTE_BUILD_BUG_ON(sa_width < 32 || sa_width > 512 ||\n+\t\t\t !RTE_IS_POWER_OF_2(sa_width));\n+\n+\tif (!(dev->tx_offloads & DEV_TX_OFFLOAD_SECURITY) &&\n+\t !(dev->rx_offloads & DEV_RX_OFFLOAD_SECURITY))\n+\t\treturn 0;\n+\n+\tnb_sa = dev->ipsec_in_max_spi;\n+\tmz_sz = nb_sa * sa_width;\n+\tin_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);\n+\tmz = rte_memzone_reserve_aligned(name, mz_sz, rte_socket_id(),\n+\t\t\t\t\t RTE_MEMZONE_IOVA_CONTIG, OTX2_ALIGN);\n+\n+\tif (mz == NULL) {\n+\t\totx2_err(\"Could not allocate inbound SA DB\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tmemset(mz->addr, 0, mz_sz);\n+\n+\tret = sec_eth_ipsec_cfg(eth_dev, SSO_TT_ORDERED);\n+\tif (ret < 0) {\n+\t\totx2_err(\"Could not configure inline IPsec\");\n+\t\tgoto sec_fini;\n+\t}\n+\n+\treturn 0;\n+\n+sec_fini:\n+\totx2_err(\"Could not configure device for security\");\n+\totx2_sec_eth_fini(eth_dev);\n+\treturn ret;\n+}\n+\n+void\n+otx2_sec_eth_fini(struct rte_eth_dev *eth_dev)\n+{\n+\tstruct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);\n+\tuint16_t port = eth_dev->data->port_id;\n+\tchar name[RTE_MEMZONE_NAMESIZE];\n+\n+\tif (!(dev->tx_offloads & DEV_TX_OFFLOAD_SECURITY) &&\n+\t !(dev->rx_offloads & DEV_RX_OFFLOAD_SECURITY))\n+\t\treturn;\n+\n+\tin_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);\n+\trte_memzone_free(rte_memzone_lookup(name));\n+}\ndiff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h\nindex 21b7da4..023061d 100644\n--- a/drivers/crypto/octeontx2/otx2_security.h\n+++ b/drivers/crypto/octeontx2/otx2_security.h\n@@ -11,4 +11,8 @@ int otx2_sec_eth_ctx_create(struct rte_eth_dev *eth_dev);\n \n void otx2_sec_eth_ctx_destroy(struct rte_eth_dev *eth_dev);\n \n+int otx2_sec_eth_init(struct rte_eth_dev *eth_dev);\n+\n+void otx2_sec_eth_fini(struct rte_eth_dev *eth_dev);\n+\n #endif /* __OTX2_SECURITY_H__ */\ndiff --git a/drivers/net/octeontx2/otx2_ethdev.c b/drivers/net/octeontx2/otx2_ethdev.c\nindex 3e19ac2..131e883 100644\n--- a/drivers/net/octeontx2/otx2_ethdev.c\n+++ b/drivers/net/octeontx2/otx2_ethdev.c\n@@ -337,6 +337,10 @@ nix_cq_rq_init(struct rte_eth_dev *eth_dev, struct otx2_eth_dev *dev,\n \taq->op = NIX_AQ_INSTOP_INIT;\n \n \taq->rq.sso_ena = 0;\n+\n+\tif (rxq->offloads & DEV_RX_OFFLOAD_SECURITY)\n+\t\taq->rq.ipsech_ena = 1;\n+\n \taq->rq.cq = qid; /* RQ to CQ 1:1 mapped */\n \taq->rq.spb_ena = 0;\n \taq->rq.lpb_aura = npa_lf_aura_handle_to_aura(mp->pool_id);\n@@ -1610,6 +1614,8 @@ otx2_nix_configure(struct rte_eth_dev *eth_dev)\n \n \t/* Free the resources allocated from the previous configure */\n \tif (dev->configured == 1) {\n+\t\tif (otx2_sec_idev_ops.fini != NULL)\n+\t\t\totx2_sec_idev_ops.fini(eth_dev);\n \t\totx2_nix_rxchan_bpid_cfg(eth_dev, false);\n \t\totx2_nix_vlan_fini(eth_dev);\n \t\totx2_nix_mc_addr_list_uninstall(eth_dev);\n@@ -1714,10 +1720,17 @@ otx2_nix_configure(struct rte_eth_dev *eth_dev)\n \t\tgoto cq_fini;\n \t}\n \n+\t/* Enable security */\n+\tif (otx2_sec_idev_ops.init != NULL) {\n+\t\trc = otx2_sec_idev_ops.init(eth_dev);\n+\t\tif (rc)\n+\t\t\tgoto cq_fini;\n+\t}\n+\n \trc = otx2_nix_mc_addr_list_install(eth_dev);\n \tif (rc < 0) {\n \t\totx2_err(\"Failed to install mc address list rc=%d\", rc);\n-\t\tgoto cq_fini;\n+\t\tgoto sec_fini;\n \t}\n \n \t/*\n@@ -1753,6 +1766,9 @@ otx2_nix_configure(struct rte_eth_dev *eth_dev)\n \n uninstall_mc_list:\n \totx2_nix_mc_addr_list_uninstall(eth_dev);\n+sec_fini:\n+\tif (otx2_sec_idev_ops.fini != NULL)\n+\t\totx2_sec_idev_ops.fini(eth_dev);\n cq_fini:\n \toxt2_nix_unregister_cq_irqs(eth_dev);\n q_irq_fini:\n@@ -2345,6 +2361,10 @@ otx2_eth_dev_uninit(struct rte_eth_dev *eth_dev, bool mbox_close)\n \tif (rc)\n \t\totx2_err(\"Failed to cleanup npa lf, rc=%d\", rc);\n \n+\t/* Disable security */\n+\tif (otx2_sec_idev_ops.fini != NULL)\n+\t\totx2_sec_idev_ops.fini(eth_dev);\n+\n \t/* Destroy security ctx */\n \tif (otx2_sec_idev_ops.ctx_destroy != NULL)\n \t\totx2_sec_idev_ops.ctx_destroy(eth_dev);\ndiff --git a/drivers/net/octeontx2/otx2_ethdev.h b/drivers/net/octeontx2/otx2_ethdev.h\nindex 987e760..41fef6e 100644\n--- a/drivers/net/octeontx2/otx2_ethdev.h\n+++ b/drivers/net/octeontx2/otx2_ethdev.h\n@@ -324,6 +324,8 @@ struct otx2_eth_dev {\n \tbool mc_tbl_set;\n \tstruct otx2_nix_mc_filter_tbl mc_fltr_tbl;\n \tbool sdp_link; /* SDP flag */\n+\t/* Inline IPsec params */\n+\tuint16_t ipsec_in_max_spi;\n } __rte_cache_aligned;\n \n struct otx2_eth_txq {\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_devargs.c b/drivers/net/octeontx2/otx2_ethdev_devargs.c\nindex 04da1ab..a3f7598 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_devargs.c\n+++ b/drivers/net/octeontx2/otx2_ethdev_devargs.c\n@@ -64,6 +64,19 @@ parse_reta_size(const char *key, const char *value, void *extra_args)\n }\n \n static int\n+parse_ipsec_in_max_spi(const char *key, const char *value, void *extra_args)\n+{\n+\tRTE_SET_USED(key);\n+\tuint32_t val;\n+\n+\tval = atoi(value);\n+\n+\t*(uint16_t *)extra_args = val;\n+\n+\treturn 0;\n+}\n+\n+static int\n parse_flag(const char *key, const char *value, void *extra_args)\n {\n \tRTE_SET_USED(key);\n@@ -104,6 +117,7 @@ parse_switch_header_type(const char *key, const char *value, void *extra_args)\n }\n \n #define OTX2_RSS_RETA_SIZE \"reta_size\"\n+#define OTX2_IPSEC_IN_MAX_SPI \"ipsec_in_max_spi\"\n #define OTX2_SCL_ENABLE \"scalar_enable\"\n #define OTX2_MAX_SQB_COUNT \"max_sqb_count\"\n #define OTX2_FLOW_PREALLOC_SIZE \"flow_prealloc_size\"\n@@ -118,6 +132,7 @@ otx2_ethdev_parse_devargs(struct rte_devargs *devargs, struct otx2_eth_dev *dev)\n \tuint16_t flow_prealloc_size = 8;\n \tuint16_t switch_header_type = 0;\n \tuint16_t flow_max_priority = 3;\n+\tuint16_t ipsec_in_max_spi = 1;\n \tuint16_t scalar_enable = 0;\n \tstruct rte_kvargs *kvlist;\n \n@@ -130,6 +145,8 @@ otx2_ethdev_parse_devargs(struct rte_devargs *devargs, struct otx2_eth_dev *dev)\n \n \trte_kvargs_process(kvlist, OTX2_RSS_RETA_SIZE,\n \t\t\t &parse_reta_size, &rss_size);\n+\trte_kvargs_process(kvlist, OTX2_IPSEC_IN_MAX_SPI,\n+\t\t\t &parse_ipsec_in_max_spi, &ipsec_in_max_spi);\n \trte_kvargs_process(kvlist, OTX2_SCL_ENABLE,\n \t\t\t &parse_flag, &scalar_enable);\n \trte_kvargs_process(kvlist, OTX2_MAX_SQB_COUNT,\n@@ -143,6 +160,7 @@ otx2_ethdev_parse_devargs(struct rte_devargs *devargs, struct otx2_eth_dev *dev)\n \trte_kvargs_free(kvlist);\n \n null_devargs:\n+\tdev->ipsec_in_max_spi = ipsec_in_max_spi;\n \tdev->scalar_ena = scalar_enable;\n \tdev->max_sqb_count = sqb_count;\n \tdev->rss_info.rss_size = rss_size;\n@@ -157,6 +175,7 @@ otx2_ethdev_parse_devargs(struct rte_devargs *devargs, struct otx2_eth_dev *dev)\n \n RTE_PMD_REGISTER_PARAM_STRING(net_octeontx2,\n \t\t\t OTX2_RSS_RETA_SIZE \"=<64|128|256>\"\n+\t\t\t OTX2_IPSEC_IN_MAX_SPI \"=<1-65535>\"\n \t\t\t OTX2_SCL_ENABLE \"=1\"\n \t\t\t OTX2_MAX_SQB_COUNT \"=<8-512>\"\n \t\t\t OTX2_FLOW_PREALLOC_SIZE \"=<1-32>\"\n", "prefixes": [ "v2", "05/15" ] }