Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/64870/?format=api
{ "id": 64870, "url": "http://patches.dpdk.org/api/patches/64870/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1579344553-11428-15-git-send-email-anoobj@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1579344553-11428-15-git-send-email-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1579344553-11428-15-git-send-email-anoobj@marvell.com", "date": "2020-01-18T10:49:12", "name": "[v2,14/15] crypto/octeontx2: add inline tx path changes", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "e2bdfe286ee298d117cf503db2ea9fbb81fde7bb", "submitter": { "id": 1205, "url": "http://patches.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1579344553-11428-15-git-send-email-anoobj@marvell.com/mbox/", "series": [ { "id": 8203, "url": "http://patches.dpdk.org/api/series/8203/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=8203", "date": "2020-01-18T10:48:58", "name": "add OCTEONTX2 inline IPsec support", "version": 2, "mbox": "http://patches.dpdk.org/series/8203/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/64870/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/64870/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 53726A051C;\n\tSat, 18 Jan 2020 11:51:46 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 85C461BF9B;\n\tSat, 18 Jan 2020 11:51:13 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 7A7D81BF8E\n for <dev@dpdk.org>; Sat, 18 Jan 2020 11:51:11 +0100 (CET)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 00IAnc9q021837; Sat, 18 Jan 2020 02:51:10 -0800", "from sc-exch03.marvell.com ([199.233.58.183])\n by mx0b-0016f401.pphosted.com with ESMTP id 2xk0sn6ejr-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Sat, 18 Jan 2020 02:51:10 -0800", "from SC-EXCH01.marvell.com (10.93.176.81) by SC-EXCH03.marvell.com\n (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 18 Jan\n 2020 02:51:08 -0800", "from maili.marvell.com (10.93.176.43) by SC-EXCH01.marvell.com\n (10.93.176.81) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Sat, 18 Jan 2020 02:51:08 -0800", "from ajoseph83.caveonetworks.com (unknown [10.29.45.60])\n by maili.marvell.com (Postfix) with ESMTP id 1A90E3F7044;\n Sat, 18 Jan 2020 02:51:03 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0818;\n bh=ON+zhd9CkOqzknxkfeDPayCmlbS2Wt/2DshTbi64Wzs=;\n b=hqmvSS5UNicbHkeizdYKCP8hLCrHJR2kAsRRCdRCpTyh06HCkPXy3oAPEoCpxYBVg+0b\n HIVHZIVUTEwciqWWyior3+P50R1iV8JHL8RYkMYxrdq3iVAo2MG8F2QGpTQHzJjQtfZ1\n SDJPuszcU5G0ZzrUdrUt0xRtgrGdXT2cbBix6jC2ENqn3XF0i1MlNB21Ci0ZrNV252h0\n tw1eQTFrwhVKJicUgLQ1au15IGG4edUSvOFC7tB8siaeBeX2Coupc+rSKuP/PexfvKRa\n BZqqzGkaZZZCwxiJUGk47xLLugLtvG4l6BDYvm4Ei6lDYleKIOkrghrYCL21RVGFQkXr 9g==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <akhil.goyal@nxp.com>, Declan Doherty\n <declan.doherty@intel.com>, Thomas Monjalon <thomas@monjalon.net>", "CC": "Ankur Dwivedi <adwivedi@marvell.com>, Jerin Jacob <jerinj@marvell.com>,\n Narayana Prasad <pathreya@marvell.com>, Kiran Kumar K\n <kirankumark@marvell.com>, Nithin Dabilpuram <ndabilpuram@marvell.com>,\n \"Pavan Nikhilesh\" <pbhagavatula@marvell.com>, Anoob Joseph\n <anoobj@marvell.com>, Archana Muniganti <marchana@marvell.com>, Tejasree\n Kondoj <ktejasree@marvell.com>, Vamsi Attunuru <vattunuru@marvell.com>,\n \"Lukasz Bartosik\" <lbartosik@marvell.com>, <dev@dpdk.org>", "Date": "Sat, 18 Jan 2020 16:19:12 +0530", "Message-ID": "<1579344553-11428-15-git-send-email-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1579344553-11428-1-git-send-email-anoobj@marvell.com>", "References": "<1575806094-28391-1-git-send-email-anoobj@marvell.com>\n <1579344553-11428-1-git-send-email-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572\n definitions=2020-01-18_02:2020-01-16,\n 2020-01-18 signatures=0", "Subject": "[dpdk-dev] [PATCH v2 14/15] crypto/octeontx2: add inline tx path\n\tchanges", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Ankur Dwivedi <adwivedi@marvell.com>\n\nAdding pre-processing required for inline IPsec outbound packets.\n\nSigned-off-by: Ankur Dwivedi <adwivedi@marvell.com>\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\nSigned-off-by: Archana Muniganti <marchana@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\nSigned-off-by: Vamsi Attunuru <vattunuru@marvell.com>\n---\n drivers/crypto/octeontx2/otx2_security.c | 82 +++++++++++++\n drivers/crypto/octeontx2/otx2_security.h | 60 ++++++++++\n drivers/crypto/octeontx2/otx2_security_tx.h | 175 ++++++++++++++++++++++++++++\n drivers/event/octeontx2/meson.build | 3 +-\n drivers/event/octeontx2/otx2_worker.h | 6 +\n 5 files changed, 325 insertions(+), 1 deletion(-)\n create mode 100644 drivers/crypto/octeontx2/otx2_security_tx.h", "diff": "diff --git a/drivers/crypto/octeontx2/otx2_security.c b/drivers/crypto/octeontx2/otx2_security.c\nindex ab488a0..9a08849 100644\n--- a/drivers/crypto/octeontx2/otx2_security.c\n+++ b/drivers/crypto/octeontx2/otx2_security.c\n@@ -3,12 +3,15 @@\n */\n \n #include <rte_cryptodev.h>\n+#include <rte_esp.h>\n #include <rte_ethdev.h>\n #include <rte_eventdev.h>\n+#include <rte_ip.h>\n #include <rte_malloc.h>\n #include <rte_memzone.h>\n #include <rte_security.h>\n #include <rte_security_driver.h>\n+#include <rte_udp.h>\n \n #include \"otx2_common.h\"\n #include \"otx2_cryptodev_qp.h\"\n@@ -18,6 +21,15 @@\n \n #define SEC_ETH_MAX_PKT_LEN\t1450\n \n+#define AH_HDR_LEN\t12\n+#define AES_GCM_IV_LEN\t8\n+#define AES_GCM_MAC_LEN\t16\n+#define AES_CBC_IV_LEN\t16\n+#define SHA1_HMAC_LEN\t12\n+\n+#define AES_GCM_ROUNDUP_BYTE_LEN\t4\n+#define AES_CBC_ROUNDUP_BYTE_LEN\t16\n+\n struct sec_eth_tag_const {\n \tRTE_STD_C11\n \tunion {\n@@ -239,6 +251,60 @@ in_sa_get(uint16_t port, int sa_index)\n }\n \n static int\n+ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,\n+\t\t struct rte_crypto_sym_xform *xform,\n+\t\t struct otx2_sec_session_ipsec_ip *sess)\n+{\n+\tstruct rte_crypto_sym_xform *cipher_xform, *auth_xform;\n+\n+\tsess->partial_len = sizeof(struct rte_ipv4_hdr);\n+\n+\tif (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {\n+\t\tsess->partial_len += sizeof(struct rte_esp_hdr);\n+\t\tsess->roundup_len = sizeof(struct rte_esp_tail);\n+\t} else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) {\n+\t\tsess->partial_len += AH_HDR_LEN;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (ipsec->options.udp_encap)\n+\t\tsess->partial_len += sizeof(struct rte_udp_hdr);\n+\n+\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\t\tsess->partial_len += AES_GCM_IV_LEN;\n+\t\t\tsess->partial_len += AES_GCM_MAC_LEN;\n+\t\t\tsess->roundup_byte = AES_GCM_ROUNDUP_BYTE_LEN;\n+\t\t}\n+\t\treturn 0;\n+\t}\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\tcipher_xform = xform;\n+\t\tauth_xform = xform->next;\n+\t} else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\tauth_xform = xform;\n+\t\tcipher_xform = xform->next;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\tif (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tsess->partial_len += AES_CBC_IV_LEN;\n+\t\tsess->roundup_byte = AES_CBC_ROUNDUP_BYTE_LEN;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)\n+\t\tsess->partial_len += SHA1_HMAC_LEN;\n+\telse\n+\t\treturn -EINVAL;\n+\n+\treturn 0;\n+}\n+\n+static int\n sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n \t\t\t struct rte_security_ipsec_xform *ipsec,\n \t\t\t struct rte_crypto_sym_xform *crypto_xform,\n@@ -252,6 +318,7 @@ sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n \tstruct otx2_ipsec_fp_sa_ctl *ctl;\n \tstruct otx2_ipsec_fp_out_sa *sa;\n \tstruct otx2_sec_session *priv;\n+\tstruct otx2_cpt_inst_s inst;\n \tstruct otx2_cpt_qp *qp;\n \n \tpriv = get_sec_session_private_data(sec_sess);\n@@ -266,6 +333,12 @@ sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n \n \tmemset(sess, 0, sizeof(struct otx2_sec_session_ipsec_ip));\n \n+\tsess->seq = 1;\n+\n+\tret = ipsec_sa_const_set(ipsec, crypto_xform, sess);\n+\tif (ret < 0)\n+\t\treturn ret;\n+\n \tmemcpy(sa->nonce, &ipsec->salt, 4);\n \n \tif (ipsec->options.udp_encap == 1) {\n@@ -274,6 +347,9 @@ sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n \t}\n \n \tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {\n+\t\t/* Start ip id from 1 */\n+\t\tsess->ip_id = 1;\n+\n \t\tif (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {\n \t\t\tmemcpy(&sa->ip_src, &ipsec->tunnel.ipv4.src_ip,\n \t\t\t sizeof(struct in_addr));\n@@ -307,6 +383,12 @@ sec_eth_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n \telse\n \t\treturn -EINVAL;\n \n+\t/* Determine word 7 of CPT instruction */\n+\tinst.u64[7] = 0;\n+\tinst.egrp = OTX2_CPT_EGRP_INLINE_IPSEC;\n+\tinst.cptr = rte_mempool_virt2iova(sa);\n+\tsess->inst_w7 = inst.u64[7];\n+\n \t/* Use OPAD & IPAD */\n \tRTE_SET_USED(auth_key);\n \tRTE_SET_USED(auth_key_len);\ndiff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h\nindex 6ec321d..fe7c883 100644\n--- a/drivers/crypto/octeontx2/otx2_security.h\n+++ b/drivers/crypto/octeontx2/otx2_security.h\n@@ -14,6 +14,15 @@\n #define OTX2_MAX_CPT_QP_PER_PORT 64\n #define OTX2_MAX_INLINE_PORTS 64\n \n+#define OTX2_CPT_RES_ALIGN\t\t16\n+#define OTX2_NIX_SEND_DESC_ALIGN\t16\n+#define OTX2_CPT_INST_SIZE\t\t64\n+\n+#define OTX2_CPT_EGRP_INLINE_IPSEC\t1\n+\n+#define OTX2_CPT_OP_INLINE_IPSEC_OUTB\t(0x40 | 0x25)\n+#define OTX2_CPT_OP_INLINE_IPSEC_INB\t(0x40 | 0x26)\n+\n struct otx2_cpt_qp;\n \n struct otx2_sec_eth_cfg {\n@@ -45,6 +54,42 @@ struct otx2_cpt_res {\n \t};\n };\n \n+struct otx2_cpt_inst_s {\n+\tunion {\n+\t\tstruct {\n+\t\t\t/* W0 */\n+\t\t\tuint64_t nixtxl : 3;\n+\t\t\tuint64_t doneint : 1;\n+\t\t\tuint64_t nixtx_addr : 60;\n+\t\t\t/* W1 */\n+\t\t\tuint64_t res_addr : 64;\n+\t\t\t/* W2 */\n+\t\t\tuint64_t tag : 32;\n+\t\t\tuint64_t tt : 2;\n+\t\t\tuint64_t grp : 10;\n+\t\t\tuint64_t rsvd_175_172 : 4;\n+\t\t\tuint64_t rvu_pf_func : 16;\n+\t\t\t/* W3 */\n+\t\t\tuint64_t qord : 1;\n+\t\t\tuint64_t rsvd_194_193 : 2;\n+\t\t\tuint64_t wqe_ptr : 61;\n+\t\t\t/* W4 */\n+\t\t\tuint64_t dlen : 16;\n+\t\t\tuint64_t param2 : 16;\n+\t\t\tuint64_t param1 : 16;\n+\t\t\tuint64_t opcode : 16;\n+\t\t\t/* W5 */\n+\t\t\tuint64_t dptr : 64;\n+\t\t\t/* W6 */\n+\t\t\tuint64_t rptr : 64;\n+\t\t\t/* W7 */\n+\t\t\tuint64_t cptr : 61;\n+\t\t\tuint64_t egrp : 3;\n+\t\t};\n+\t\tuint64_t u64[8];\n+\t};\n+};\n+\n /*\n * Security session for inline IPsec protocol offload. This is private data of\n * inline capable PMD.\n@@ -68,6 +113,21 @@ struct otx2_sec_session_ipsec_ip {\n \t/* CPT LF enqueue register address */\n \trte_iova_t cpt_nq_reg;\n \n+\t/* Pre calculated lengths and data for a session */\n+\tuint8_t partial_len;\n+\tuint8_t roundup_len;\n+\tuint8_t roundup_byte;\n+\tuint16_t ip_id;\n+\tunion {\n+\t\tuint64_t esn;\n+\t\tstruct {\n+\t\t\tuint32_t seq;\n+\t\t\tuint32_t esn_hi;\n+\t\t};\n+\t};\n+\n+\tuint64_t inst_w7;\n+\n \t/* CPT QP used by SA */\n \tstruct otx2_cpt_qp *qp;\n };\ndiff --git a/drivers/crypto/octeontx2/otx2_security_tx.h b/drivers/crypto/octeontx2/otx2_security_tx.h\nnew file mode 100644\nindex 0000000..16b8c66\n--- /dev/null\n+++ b/drivers/crypto/octeontx2/otx2_security_tx.h\n@@ -0,0 +1,175 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2020 Marvell International Ltd.\n+ */\n+\n+#ifndef __OTX2_SECURITY_TX_H__\n+#define __OTX2_SECURITY_TX_H__\n+\n+#include <rte_security.h>\n+#include <rte_mbuf.h>\n+\n+#include \"otx2_security.h\"\n+\n+struct otx2_ipsec_fp_out_hdr {\n+\tuint32_t ip_id;\n+\tuint32_t seq;\n+\tuint8_t iv[16];\n+};\n+\n+static __rte_always_inline int32_t\n+otx2_ipsec_fp_out_rlen_get(struct otx2_sec_session_ipsec_ip *sess,\n+\t\t\t uint32_t plen)\n+{\n+\tuint32_t enc_payload_len;\n+\n+\tenc_payload_len = RTE_ALIGN_CEIL(plen + sess->roundup_len,\n+\t\t\tsess->roundup_byte);\n+\n+\treturn sess->partial_len + enc_payload_len;\n+}\n+\n+static __rte_always_inline void\n+otx2_ssogws_head_wait(struct otx2_ssogws *ws);\n+\n+static __rte_always_inline int\n+otx2_sec_event_tx(struct otx2_ssogws *ws, struct rte_event *ev,\n+\t\t struct rte_mbuf *m, const struct otx2_eth_txq *txq,\n+\t\t const uint32_t offload_flags)\n+{\n+\tuint32_t dlen, rlen, desc_headroom, extend_head, extend_tail;\n+\tstruct otx2_sec_session_ipsec_ip *sess;\n+\tstruct otx2_ipsec_fp_out_hdr *hdr;\n+\tstruct otx2_ipsec_fp_out_sa *sa;\n+\tuint64_t data_addr, desc_addr;\n+\tstruct otx2_sec_session *priv;\n+\tstruct otx2_cpt_inst_s inst;\n+\tuint64_t lmt_status;\n+\tchar *data;\n+\n+\tstruct desc {\n+\t\tstruct otx2_cpt_res cpt_res __rte_aligned(OTX2_CPT_RES_ALIGN);\n+\t\tstruct nix_send_hdr_s nix_hdr\n+\t\t\t\t__rte_aligned(OTX2_NIX_SEND_DESC_ALIGN);\n+\t\tunion nix_send_sg_s nix_sg;\n+\t\tstruct nix_iova_s nix_iova;\n+\t} *sd;\n+\n+\tpriv = get_sec_session_private_data((void *)(m->udata64));\n+\tsess = &priv->ipsec.ip;\n+\tsa = &sess->out_sa;\n+\n+\tRTE_ASSERT(sess->cpt_lmtline != NULL);\n+\tRTE_ASSERT(!(offload_flags & (NIX_TX_OFFLOAD_MBUF_NOFF_F |\n+\t\t\t\t NIX_TX_OFFLOAD_VLAN_QINQ)));\n+\n+\tdlen = rte_pktmbuf_pkt_len(m) + sizeof(*hdr) - RTE_ETHER_HDR_LEN;\n+\trlen = otx2_ipsec_fp_out_rlen_get(sess, dlen - sizeof(*hdr));\n+\n+\tRTE_BUILD_BUG_ON(OTX2_CPT_RES_ALIGN % OTX2_NIX_SEND_DESC_ALIGN);\n+\tRTE_BUILD_BUG_ON(sizeof(sd->cpt_res) % OTX2_NIX_SEND_DESC_ALIGN);\n+\n+\textend_head = sizeof(*hdr);\n+\textend_tail = rlen - dlen;\n+\n+\tdesc_headroom = (OTX2_CPT_RES_ALIGN - 1) + sizeof(*sd);\n+\n+\tif (unlikely(!rte_pktmbuf_is_contiguous(m)) ||\n+\t unlikely(rte_pktmbuf_headroom(m) < extend_head + desc_headroom) ||\n+\t unlikely(rte_pktmbuf_tailroom(m) < extend_tail)) {\n+\t\tgoto drop;\n+\t}\n+\n+\t/*\n+\t * Extend mbuf data to point to the expected packet buffer for NIX.\n+\t * This includes the Ethernet header followed by the encrypted IPsec\n+\t * payload\n+\t */\n+\trte_pktmbuf_append(m, extend_tail);\n+\tdata = rte_pktmbuf_prepend(m, extend_head);\n+\tdata_addr = rte_pktmbuf_mtophys(m);\n+\n+\t/*\n+\t * Move the Ethernet header, to insert otx2_ipsec_fp_out_hdr prior\n+\t * to the IP header\n+\t */\n+\tmemcpy(data, data + sizeof(*hdr), RTE_ETHER_HDR_LEN);\n+\n+\thdr = (struct otx2_ipsec_fp_out_hdr *)(data + RTE_ETHER_HDR_LEN);\n+\n+\tmemcpy(hdr->iv, &sa->nonce, 4);\n+\tmemset(hdr->iv + 4, 0, 12); //TODO: make it random\n+\n+\t/* Keep CPT result and NIX send descriptors in headroom */\n+\tsd = (void *)RTE_PTR_ALIGN(data - desc_headroom, OTX2_CPT_RES_ALIGN);\n+\tdesc_addr = data_addr - RTE_PTR_DIFF(data, sd);\n+\n+\t/* Prepare CPT instruction */\n+\n+\tinst.nixtx_addr = (desc_addr + offsetof(struct desc, nix_hdr)) >> 4;\n+\tinst.doneint = 0;\n+\tinst.nixtxl = 1;\n+\tinst.res_addr = desc_addr + offsetof(struct desc, cpt_res);\n+\tinst.u64[2] = 0;\n+\tinst.u64[3] = 0;\n+\tinst.wqe_ptr = desc_addr >> 3;\t/* FIXME: Handle errors */\n+\tinst.qord = 1;\n+\tinst.opcode = OTX2_CPT_OP_INLINE_IPSEC_OUTB;\n+\tinst.dlen = dlen;\n+\tinst.dptr = data_addr + RTE_ETHER_HDR_LEN;\n+\tinst.u64[7] = sess->inst_w7;\n+\n+\t/* First word contains 8 bit completion code & 8 bit uc comp code */\n+\tsd->cpt_res.u16[0] = 0;\n+\n+\t/* Prepare NIX send descriptors for output expected from CPT */\n+\n+\tsd->nix_hdr.w0.u = 0;\n+\tsd->nix_hdr.w1.u = 0;\n+\tsd->nix_hdr.w0.sq = txq->sq;\n+\tsd->nix_hdr.w0.sizem1 = 1;\n+\tsd->nix_hdr.w0.total = rte_pktmbuf_data_len(m);\n+\tsd->nix_hdr.w0.aura = npa_lf_aura_handle_to_aura(m->pool->pool_id);\n+\n+\tsd->nix_sg.u = 0;\n+\tsd->nix_sg.subdc = NIX_SUBDC_SG;\n+\tsd->nix_sg.ld_type = NIX_SENDLDTYPE_LDD;\n+\tsd->nix_sg.segs = 1;\n+\tsd->nix_sg.seg1_size = rte_pktmbuf_data_len(m);\n+\n+\tsd->nix_iova.addr = rte_mbuf_data_iova(m);\n+\n+\t/* Mark mempool object as \"put\" since it is freed by NIX */\n+\t__mempool_check_cookies(m->pool, (void **)&m, 1, 0);\n+\n+\tif (!ev->sched_type)\n+\t\totx2_ssogws_head_wait(ws);\n+\n+\tinst.param1 = sess->esn_hi >> 16;\n+\tinst.param2 = sess->esn_hi & 0xffff;\n+\n+\thdr->seq = rte_cpu_to_be_32(sess->seq);\n+\thdr->ip_id = rte_cpu_to_be_32(sess->ip_id);\n+\n+\tsess->ip_id++;\n+\tsess->esn++;\n+\n+\trte_cio_wmb();\n+\n+\tdo {\n+\t\totx2_lmt_mov(sess->cpt_lmtline, &inst, 2);\n+\t\tlmt_status = otx2_lmt_submit(sess->cpt_nq_reg);\n+\t} while (lmt_status == 0);\n+\n+\treturn 1;\n+\n+drop:\n+\tif (offload_flags & NIX_TX_OFFLOAD_MBUF_NOFF_F) {\n+\t\t/* Don't free if reference count > 1 */\n+\t\tif (rte_pktmbuf_prefree_seg(m) == NULL)\n+\t\t\treturn 0;\n+\t}\n+\trte_pktmbuf_free(m);\n+\treturn 0;\n+}\n+\n+#endif /* __OTX2_SECURITY_TX_H__ */\ndiff --git a/drivers/event/octeontx2/meson.build b/drivers/event/octeontx2/meson.build\nindex 56febb8..be4b47a 100644\n--- a/drivers/event/octeontx2/meson.build\n+++ b/drivers/event/octeontx2/meson.build\n@@ -31,6 +31,7 @@ foreach flag: extra_flags\n \tendif\n endforeach\n \n-deps += ['bus_pci', 'common_octeontx2', 'mempool_octeontx2', 'pmd_octeontx2']\n+deps += ['bus_pci', 'common_octeontx2', 'cryptodev', 'mempool_octeontx2', 'pmd_octeontx2',\n+ 'security']\n \n includes += include_directories('../../crypto/octeontx2')\ndiff --git a/drivers/event/octeontx2/otx2_worker.h b/drivers/event/octeontx2/otx2_worker.h\nindex 7d161c8..c5ea4dd 100644\n--- a/drivers/event/octeontx2/otx2_worker.h\n+++ b/drivers/event/octeontx2/otx2_worker.h\n@@ -10,6 +10,7 @@\n \n #include <otx2_common.h>\n #include \"otx2_evdev.h\"\n+#include \"otx2_security_tx.h\"\n \n /* SSO Operations */\n \n@@ -281,6 +282,11 @@ otx2_ssogws_event_tx(struct otx2_ssogws *ws, struct rte_event ev[],\n \tconst struct otx2_eth_txq *txq = otx2_ssogws_xtract_meta(m);\n \n \trte_prefetch_non_temporal(txq);\n+\n+\tif ((flags & NIX_TX_OFFLOAD_SECURITY_F) &&\n+\t (m->ol_flags & PKT_TX_SEC_OFFLOAD))\n+\t\treturn otx2_sec_event_tx(ws, ev, m, txq, flags);\n+\n \t/* Perform header writes before barrier for TSO */\n \totx2_nix_xmit_prepare_tso(m, flags);\n \totx2_ssogws_order(ws, !ev->sched_type);\n", "prefixes": [ "v2", "14/15" ] }