Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/65516/?format=api
{ "id": 65516, "url": "http://patches.dpdk.org/api/patches/65516/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1580815045-32132-6-git-send-email-anoobj@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1580815045-32132-6-git-send-email-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1580815045-32132-6-git-send-email-anoobj@marvell.com", "date": "2020-02-04T11:17:15", "name": "[v4,05/15] net/octeontx2: add security in eth dev configure", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "5a1c5dc81a5dbbd7540101f1b1ed0f98cd34e577", "submitter": { "id": 1205, "url": "http://patches.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1580815045-32132-6-git-send-email-anoobj@marvell.com/mbox/", "series": [ { "id": 8411, "url": "http://patches.dpdk.org/api/series/8411/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=8411", "date": "2020-02-04T11:17:10", "name": "add OCTEON TX2 inline IPsec support", "version": 4, "mbox": "http://patches.dpdk.org/series/8411/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/65516/comments/", "check": "fail", "checks": "http://patches.dpdk.org/api/patches/65516/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 30D35A0532;\n\tTue, 4 Feb 2020 12:19:00 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 3EF081C01B;\n\tTue, 4 Feb 2020 12:18:39 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id C7DD61BFAD\n for <dev@dpdk.org>; Tue, 4 Feb 2020 12:18:37 +0100 (CET)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 014BG0uD011421; Tue, 4 Feb 2020 03:18:37 -0800", "from sc-exch03.marvell.com ([199.233.58.183])\n by mx0b-0016f401.pphosted.com with ESMTP id 2xw9qukg1j-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Tue, 04 Feb 2020 03:18:37 -0800", "from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH03.marvell.com\n (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Tue, 4 Feb 2020 03:18:34 -0800", "from SC-EXCH01.marvell.com (10.93.176.81) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Tue, 4 Feb 2020 03:18:34 -0800", "from maili.marvell.com (10.93.176.43) by SC-EXCH01.marvell.com\n (10.93.176.81) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Tue, 4 Feb 2020 03:18:33 -0800", "from ajoseph83.caveonetworks.com (unknown [10.29.45.60])\n by maili.marvell.com (Postfix) with ESMTP id 76AEE3F7068;\n Tue, 4 Feb 2020 03:18:29 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0818;\n bh=g5WVfdwHQQf91wea9NT9qr16X2zOZrmC3rBjKpIH/pM=;\n b=N92qrPgbo6EY2obWWb+YAojGbyTLBMOcAwBGVZMqorkODO+RAMa6LMruhRytfZ5zCUd0\n MRYPlRe0GDp2keyKWBqzLvcBKTJzKOpxyXqSO70G0sv1nT4OhThLHsHkVQHP5eJRPJyW\n nvkCyeHzfWjv+sZSJo/D6IMFAyBEd8PVLUvL7IZiwAzHk9i2plM03XXuXpmBzdtCAPBQ\n U928GYZ4AGSjvG+kkA9rz5lIkL94mzqKOqTfN3CwrKeKpJE0yuQOF8GQ7xJ5ZK8Z1HtY\n hADdaK48CDVCEsdd8cfChE7PUFV9m0NjfDirIa4N7v8vm08EjFklpQSW5b+4QW56LN5P 2w==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <akhil.goyal@nxp.com>, Declan Doherty\n <declan.doherty@intel.com>, Thomas Monjalon <thomas@monjalon.net>", "CC": "Tejasree Kondoj <ktejasree@marvell.com>, Jerin Jacob <jerinj@marvell.com>,\n Narayana Prasad <pathreya@marvell.com>, Kiran Kumar K\n <kirankumark@marvell.com>, Nithin Dabilpuram <ndabilpuram@marvell.com>,\n \"Pavan Nikhilesh\" <pbhagavatula@marvell.com>, Ankur Dwivedi\n <adwivedi@marvell.com>, Anoob Joseph <anoobj@marvell.com>,\n Archana Muniganti <marchana@marvell.com>,\n Vamsi Attunuru <vattunuru@marvell.com>, Lukasz\n Bartosik <lbartosik@marvell.com>, <dev@dpdk.org>", "Date": "Tue, 4 Feb 2020 16:47:15 +0530", "Message-ID": "<1580815045-32132-6-git-send-email-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1580815045-32132-1-git-send-email-anoobj@marvell.com>", "References": "<1580465035-30455-1-git-send-email-anoobj@marvell.com>\n <1580815045-32132-1-git-send-email-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572\n definitions=2020-02-04_02:2020-02-04,\n 2020-02-04 signatures=0", "Subject": "[dpdk-dev] [PATCH v4 05/15] net/octeontx2: add security in eth dev\n\tconfigure", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Tejasree Kondoj <ktejasree@marvell.com>\n\nAdding security in eth device configure.\n\nSigned-off-by: Ankur Dwivedi <adwivedi@marvell.com>\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\nSigned-off-by: Archana Muniganti <marchana@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\nSigned-off-by: Vamsi Attunuru <vattunuru@marvell.com>\n---\n doc/guides/nics/octeontx2.rst | 20 +++++\n doc/guides/rel_notes/release_20_02.rst | 9 ++\n drivers/crypto/octeontx2/otx2_ipsec_fp.h | 55 +++++++++++++\n drivers/net/octeontx2/Makefile | 3 +\n drivers/net/octeontx2/meson.build | 5 +-\n drivers/net/octeontx2/otx2_ethdev.c | 17 +++-\n drivers/net/octeontx2/otx2_ethdev.h | 2 +\n drivers/net/octeontx2/otx2_ethdev_devargs.c | 19 +++++\n drivers/net/octeontx2/otx2_ethdev_sec.c | 122 ++++++++++++++++++++++++++++\n drivers/net/octeontx2/otx2_ethdev_sec.h | 4 +\n 10 files changed, 254 insertions(+), 2 deletions(-)\n create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_fp.h", "diff": "diff --git a/doc/guides/nics/octeontx2.rst b/doc/guides/nics/octeontx2.rst\nindex db62a45..fd4e455 100644\n--- a/doc/guides/nics/octeontx2.rst\n+++ b/doc/guides/nics/octeontx2.rst\n@@ -38,6 +38,7 @@ Features of the OCTEON TX2 Ethdev PMD are:\n - IEEE1588 timestamping\n - HW offloaded `ethdev Rx queue` to `eventdev event queue` packet injection\n - Support Rx interrupt\n+- Inline IPsec processing support\n \n Prerequisites\n -------------\n@@ -178,6 +179,17 @@ Runtime Config Options\n traffic on this port should be higig2 traffic only. Supported switch header\n types are \"higig2\" and \"dsa\".\n \n+- ``Max SPI for inbound inline IPsec`` (default ``1``)\n+\n+ Max SPI supported for inbound inline IPsec processing can be specified by\n+ ``ipsec_in_max_spi`` ``devargs`` parameter.\n+\n+ For example::\n+ -w 0002:02:00.0,ipsec_in_max_spi=128\n+\n+ With the above configuration, application can enable inline IPsec processing\n+ on 128 SAs (SPI 0-127).\n+\n .. note::\n \n Above devarg parameters are configurable per device, user needs to pass the\n@@ -211,6 +223,14 @@ SDP interface support\n ~~~~~~~~~~~~~~~~~~~~~\n OCTEON TX2 SDP interface support is limited to PF device, No VF support.\n \n+Inline Protocol Processing\n+~~~~~~~~~~~~~~~~~~~~~~~~~~\n+``net_octeontx2`` pmd doesn't support the following features for packets to be\n+inline protocol processed.\n+- TSO offload\n+- VLAN/QinQ offload\n+- Fragmentation\n+\n Debugging Options\n -----------------\n \ndiff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst\nindex d19a7f5..7b9139c 100644\n--- a/doc/guides/rel_notes/release_20_02.rst\n+++ b/doc/guides/rel_notes/release_20_02.rst\n@@ -166,6 +166,15 @@ New Features\n armv8 crypto library is not used anymore. Library name is changed\n from armv8_crypto to AArch64crypto.\n \n+* **Added inline IPsec support to Marvell OCTEON TX2 PMD.**\n+\n+ Added inline IPsec support to Marvell OCTEON TX2 PMD. With the feature,\n+ applications would be able to offload entire IPsec offload to the hardware.\n+ For the configured sessions, hardware will do the lookup and perform\n+ decryption and IPsec transformation. For the outbound path, application\n+ can submit a plain packet to the PMD, and it would be sent out on wire\n+ after doing encryption and IPsec transformation of the packet.\n+\n Removed Items\n -------------\n \ndiff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\nnew file mode 100644\nindex 0000000..bf4181a\n--- /dev/null\n+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n@@ -0,0 +1,55 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2020 Marvell International Ltd.\n+ */\n+\n+#ifndef __OTX2_IPSEC_FP_H__\n+#define __OTX2_IPSEC_FP_H__\n+\n+struct otx2_ipsec_fp_sa_ctl {\n+\trte_be32_t spi : 32;\n+\tuint64_t exp_proto_inter_frag : 8;\n+\tuint64_t rsvd_42_40 : 3;\n+\tuint64_t esn_en : 1;\n+\tuint64_t rsvd_45_44 : 2;\n+\tuint64_t encap_type : 2;\n+\tuint64_t enc_type : 3;\n+\tuint64_t rsvd_48 : 1;\n+\tuint64_t auth_type : 4;\n+\tuint64_t valid : 1;\n+\tuint64_t direction : 1;\n+\tuint64_t outer_ip_ver : 1;\n+\tuint64_t inner_ip_ver : 1;\n+\tuint64_t ipsec_mode : 1;\n+\tuint64_t ipsec_proto : 1;\n+\tuint64_t aes_key_len : 2;\n+};\n+\n+struct otx2_ipsec_fp_in_sa {\n+\t/* w0 */\n+\tstruct otx2_ipsec_fp_sa_ctl ctl;\n+\n+\t/* w1 */\n+\tuint8_t nonce[4]; /* Only for AES-GCM */\n+\tuint32_t unused;\n+\n+\t/* w2 */\n+\tuint32_t esn_low;\n+\tuint32_t esn_hi;\n+\n+\t/* w3-w6 */\n+\tuint8_t cipher_key[32];\n+\n+\t/* w7-w12 */\n+\tuint8_t hmac_key[48];\n+\n+\tRTE_STD_C11\n+\tunion {\n+\t\tvoid *userdata;\n+\t\tuint64_t udata64;\n+\t};\n+\n+\tuint64_t reserved1;\n+\tuint64_t reserved2;\n+};\n+\n+#endif /* __OTX2_IPSEC_FP_H__ */\ndiff --git a/drivers/net/octeontx2/Makefile b/drivers/net/octeontx2/Makefile\nindex 8649f89..0de43e3 100644\n--- a/drivers/net/octeontx2/Makefile\n+++ b/drivers/net/octeontx2/Makefile\n@@ -10,7 +10,9 @@ include $(RTE_SDK)/mk/rte.vars.mk\n LIB = librte_pmd_octeontx2.a\n \n CFLAGS += $(WERROR_FLAGS)\n+CFLAGS += -I$(RTE_SDK)/drivers/common/cpt\n CFLAGS += -I$(RTE_SDK)/drivers/common/octeontx2\n+CFLAGS += -I$(RTE_SDK)/drivers/crypto/octeontx2\n CFLAGS += -I$(RTE_SDK)/drivers/mempool/octeontx2\n CFLAGS += -I$(RTE_SDK)/drivers/net/octeontx2\n CFLAGS += -O3\n@@ -56,5 +58,6 @@ SRCS-$(CONFIG_RTE_LIBRTE_OCTEONTX2_PMD) += \\\n \n LDLIBS += -lrte_common_octeontx2 -lrte_mempool_octeontx2 -lrte_eal -lrte_net\n LDLIBS += -lrte_ethdev -lrte_bus_pci -lrte_kvargs -lrte_mbuf -lrte_mempool -lm\n+LDLIBS += -lrte_cryptodev -lrte_eventdev -lrte_security\n \n include $(RTE_SDK)/mk/rte.lib.mk\ndiff --git a/drivers/net/octeontx2/meson.build b/drivers/net/octeontx2/meson.build\nindex dfbf99a..04cf58f 100644\n--- a/drivers/net/octeontx2/meson.build\n+++ b/drivers/net/octeontx2/meson.build\n@@ -25,7 +25,7 @@ sources = files('otx2_rx.c',\n \t\t'otx2_ethdev_devargs.c'\n \t\t)\n \n-deps += ['bus_pci', 'cryptodev', 'security']\n+deps += ['bus_pci', 'cryptodev', 'eventdev', 'security']\n deps += ['common_octeontx2', 'mempool_octeontx2']\n \n cflags += ['-flax-vector-conversions']\n@@ -41,3 +41,6 @@ foreach flag: extra_flags\n \t\tcflags += flag\n \tendif\n endforeach\n+\n+includes += include_directories('../../common/cpt')\n+includes += include_directories('../../crypto/octeontx2')\ndiff --git a/drivers/net/octeontx2/otx2_ethdev.c b/drivers/net/octeontx2/otx2_ethdev.c\nindex 7fd5254..e8ae779 100644\n--- a/drivers/net/octeontx2/otx2_ethdev.c\n+++ b/drivers/net/octeontx2/otx2_ethdev.c\n@@ -339,6 +339,10 @@ nix_cq_rq_init(struct rte_eth_dev *eth_dev, struct otx2_eth_dev *dev,\n \taq->op = NIX_AQ_INSTOP_INIT;\n \n \taq->rq.sso_ena = 0;\n+\n+\tif (rxq->offloads & DEV_RX_OFFLOAD_SECURITY)\n+\t\taq->rq.ipsech_ena = 1;\n+\n \taq->rq.cq = qid; /* RQ to CQ 1:1 mapped */\n \taq->rq.spb_ena = 0;\n \taq->rq.lpb_aura = npa_lf_aura_handle_to_aura(mp->pool_id);\n@@ -1612,6 +1616,7 @@ otx2_nix_configure(struct rte_eth_dev *eth_dev)\n \n \t/* Free the resources allocated from the previous configure */\n \tif (dev->configured == 1) {\n+\t\totx2_eth_sec_fini(eth_dev);\n \t\totx2_nix_rxchan_bpid_cfg(eth_dev, false);\n \t\totx2_nix_vlan_fini(eth_dev);\n \t\totx2_nix_mc_addr_list_uninstall(eth_dev);\n@@ -1722,10 +1727,15 @@ otx2_nix_configure(struct rte_eth_dev *eth_dev)\n \t\tgoto cq_fini;\n \t}\n \n+\t/* Enable security */\n+\trc = otx2_eth_sec_init(eth_dev);\n+\tif (rc)\n+\t\tgoto cq_fini;\n+\n \trc = otx2_nix_mc_addr_list_install(eth_dev);\n \tif (rc < 0) {\n \t\totx2_err(\"Failed to install mc address list rc=%d\", rc);\n-\t\tgoto cq_fini;\n+\t\tgoto sec_fini;\n \t}\n \n \t/*\n@@ -1761,6 +1771,8 @@ otx2_nix_configure(struct rte_eth_dev *eth_dev)\n \n uninstall_mc_list:\n \totx2_nix_mc_addr_list_uninstall(eth_dev);\n+sec_fini:\n+\totx2_eth_sec_fini(eth_dev);\n cq_fini:\n \toxt2_nix_unregister_cq_irqs(eth_dev);\n q_irq_fini:\n@@ -2350,6 +2362,9 @@ otx2_eth_dev_uninit(struct rte_eth_dev *eth_dev, bool mbox_close)\n \tif (rc)\n \t\totx2_err(\"Failed to cleanup npa lf, rc=%d\", rc);\n \n+\t/* Disable security */\n+\totx2_eth_sec_fini(eth_dev);\n+\n \t/* Destroy security ctx */\n \totx2_eth_sec_ctx_destroy(eth_dev);\n \ndiff --git a/drivers/net/octeontx2/otx2_ethdev.h b/drivers/net/octeontx2/otx2_ethdev.h\nindex 3f3fdec..60b535a 100644\n--- a/drivers/net/octeontx2/otx2_ethdev.h\n+++ b/drivers/net/octeontx2/otx2_ethdev.h\n@@ -324,6 +324,8 @@ struct otx2_eth_dev {\n \tbool mc_tbl_set;\n \tstruct otx2_nix_mc_filter_tbl mc_fltr_tbl;\n \tbool sdp_link; /* SDP flag */\n+\t/* Inline IPsec params */\n+\tuint16_t ipsec_in_max_spi;\n } __rte_cache_aligned;\n \n struct otx2_eth_txq {\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_devargs.c b/drivers/net/octeontx2/otx2_ethdev_devargs.c\nindex 04da1ab..a3f7598 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_devargs.c\n+++ b/drivers/net/octeontx2/otx2_ethdev_devargs.c\n@@ -64,6 +64,19 @@ parse_reta_size(const char *key, const char *value, void *extra_args)\n }\n \n static int\n+parse_ipsec_in_max_spi(const char *key, const char *value, void *extra_args)\n+{\n+\tRTE_SET_USED(key);\n+\tuint32_t val;\n+\n+\tval = atoi(value);\n+\n+\t*(uint16_t *)extra_args = val;\n+\n+\treturn 0;\n+}\n+\n+static int\n parse_flag(const char *key, const char *value, void *extra_args)\n {\n \tRTE_SET_USED(key);\n@@ -104,6 +117,7 @@ parse_switch_header_type(const char *key, const char *value, void *extra_args)\n }\n \n #define OTX2_RSS_RETA_SIZE \"reta_size\"\n+#define OTX2_IPSEC_IN_MAX_SPI \"ipsec_in_max_spi\"\n #define OTX2_SCL_ENABLE \"scalar_enable\"\n #define OTX2_MAX_SQB_COUNT \"max_sqb_count\"\n #define OTX2_FLOW_PREALLOC_SIZE \"flow_prealloc_size\"\n@@ -118,6 +132,7 @@ otx2_ethdev_parse_devargs(struct rte_devargs *devargs, struct otx2_eth_dev *dev)\n \tuint16_t flow_prealloc_size = 8;\n \tuint16_t switch_header_type = 0;\n \tuint16_t flow_max_priority = 3;\n+\tuint16_t ipsec_in_max_spi = 1;\n \tuint16_t scalar_enable = 0;\n \tstruct rte_kvargs *kvlist;\n \n@@ -130,6 +145,8 @@ otx2_ethdev_parse_devargs(struct rte_devargs *devargs, struct otx2_eth_dev *dev)\n \n \trte_kvargs_process(kvlist, OTX2_RSS_RETA_SIZE,\n \t\t\t &parse_reta_size, &rss_size);\n+\trte_kvargs_process(kvlist, OTX2_IPSEC_IN_MAX_SPI,\n+\t\t\t &parse_ipsec_in_max_spi, &ipsec_in_max_spi);\n \trte_kvargs_process(kvlist, OTX2_SCL_ENABLE,\n \t\t\t &parse_flag, &scalar_enable);\n \trte_kvargs_process(kvlist, OTX2_MAX_SQB_COUNT,\n@@ -143,6 +160,7 @@ otx2_ethdev_parse_devargs(struct rte_devargs *devargs, struct otx2_eth_dev *dev)\n \trte_kvargs_free(kvlist);\n \n null_devargs:\n+\tdev->ipsec_in_max_spi = ipsec_in_max_spi;\n \tdev->scalar_ena = scalar_enable;\n \tdev->max_sqb_count = sqb_count;\n \tdev->rss_info.rss_size = rss_size;\n@@ -157,6 +175,7 @@ otx2_ethdev_parse_devargs(struct rte_devargs *devargs, struct otx2_eth_dev *dev)\n \n RTE_PMD_REGISTER_PARAM_STRING(net_octeontx2,\n \t\t\t OTX2_RSS_RETA_SIZE \"=<64|128|256>\"\n+\t\t\t OTX2_IPSEC_IN_MAX_SPI \"=<1-65535>\"\n \t\t\t OTX2_SCL_ENABLE \"=1\"\n \t\t\t OTX2_MAX_SQB_COUNT \"=<8-512>\"\n \t\t\t OTX2_FLOW_PREALLOC_SIZE \"=<1-32>\"\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c\nindex 80c5689..ed68152 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_sec.c\n+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c\n@@ -3,10 +3,35 @@\n */\n \n #include <rte_ethdev.h>\n+#include <rte_eventdev.h>\n #include <rte_malloc.h>\n+#include <rte_memzone.h>\n #include <rte_security.h>\n \n+#include \"otx2_ethdev.h\"\n #include \"otx2_ethdev_sec.h\"\n+#include \"otx2_ipsec_fp.h\"\n+\n+#define ETH_SEC_MAX_PKT_LEN\t1450\n+\n+struct eth_sec_tag_const {\n+\tRTE_STD_C11\n+\tunion {\n+\t\tstruct {\n+\t\t\tuint32_t rsvd_11_0 : 12;\n+\t\t\tuint32_t port : 8;\n+\t\t\tuint32_t event_type : 4;\n+\t\t\tuint32_t rsvd_31_24 : 8;\n+\t\t};\n+\t\tuint32_t u32;\n+\t};\n+};\n+\n+static inline void\n+in_sa_mz_name_get(char *name, int size, uint16_t port)\n+{\n+\tsnprintf(name, size, \"otx2_ipsec_in_sadb_%u\", port);\n+}\n \n int\n otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev)\n@@ -33,3 +58,100 @@ otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev)\n {\n \trte_free(eth_dev->security_ctx);\n }\n+\n+static int\n+eth_sec_ipsec_cfg(struct rte_eth_dev *eth_dev, uint8_t tt)\n+{\n+\tstruct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);\n+\tuint16_t port = eth_dev->data->port_id;\n+\tstruct nix_inline_ipsec_lf_cfg *req;\n+\tstruct otx2_mbox *mbox = dev->mbox;\n+\tstruct eth_sec_tag_const tag_const;\n+\tchar name[RTE_MEMZONE_NAMESIZE];\n+\tconst struct rte_memzone *mz;\n+\n+\tin_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);\n+\tmz = rte_memzone_lookup(name);\n+\tif (mz == NULL)\n+\t\treturn -EINVAL;\n+\n+\treq = otx2_mbox_alloc_msg_nix_inline_ipsec_lf_cfg(mbox);\n+\treq->enable = 1;\n+\treq->sa_base_addr = mz->iova;\n+\n+\treq->ipsec_cfg0.tt = tt;\n+\n+\ttag_const.u32 = 0;\n+\ttag_const.event_type = RTE_EVENT_TYPE_ETHDEV;\n+\ttag_const.port = port;\n+\treq->ipsec_cfg0.tag_const = tag_const.u32;\n+\n+\treq->ipsec_cfg0.sa_pow2_size =\n+\t\t\trte_log2_u32(sizeof(struct otx2_ipsec_fp_in_sa));\n+\treq->ipsec_cfg0.lenm1_max = ETH_SEC_MAX_PKT_LEN - 1;\n+\n+\treq->ipsec_cfg1.sa_idx_w = rte_log2_u32(dev->ipsec_in_max_spi);\n+\treq->ipsec_cfg1.sa_idx_max = dev->ipsec_in_max_spi - 1;\n+\n+\treturn otx2_mbox_process(mbox);\n+}\n+\n+int\n+otx2_eth_sec_init(struct rte_eth_dev *eth_dev)\n+{\n+\tconst size_t sa_width = sizeof(struct otx2_ipsec_fp_in_sa);\n+\tstruct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);\n+\tuint16_t port = eth_dev->data->port_id;\n+\tchar name[RTE_MEMZONE_NAMESIZE];\n+\tconst struct rte_memzone *mz;\n+\tint mz_sz, ret;\n+\tuint16_t nb_sa;\n+\n+\tRTE_BUILD_BUG_ON(sa_width < 32 || sa_width > 512 ||\n+\t\t\t !RTE_IS_POWER_OF_2(sa_width));\n+\n+\tif (!(dev->tx_offloads & DEV_TX_OFFLOAD_SECURITY) &&\n+\t !(dev->rx_offloads & DEV_RX_OFFLOAD_SECURITY))\n+\t\treturn 0;\n+\n+\tnb_sa = dev->ipsec_in_max_spi;\n+\tmz_sz = nb_sa * sa_width;\n+\tin_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);\n+\tmz = rte_memzone_reserve_aligned(name, mz_sz, rte_socket_id(),\n+\t\t\t\t\t RTE_MEMZONE_IOVA_CONTIG, OTX2_ALIGN);\n+\n+\tif (mz == NULL) {\n+\t\totx2_err(\"Could not allocate inbound SA DB\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tmemset(mz->addr, 0, mz_sz);\n+\n+\tret = eth_sec_ipsec_cfg(eth_dev, SSO_TT_ORDERED);\n+\tif (ret < 0) {\n+\t\totx2_err(\"Could not configure inline IPsec\");\n+\t\tgoto sec_fini;\n+\t}\n+\n+\treturn 0;\n+\n+sec_fini:\n+\totx2_err(\"Could not configure device for security\");\n+\totx2_eth_sec_fini(eth_dev);\n+\treturn ret;\n+}\n+\n+void\n+otx2_eth_sec_fini(struct rte_eth_dev *eth_dev)\n+{\n+\tstruct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);\n+\tuint16_t port = eth_dev->data->port_id;\n+\tchar name[RTE_MEMZONE_NAMESIZE];\n+\n+\tif (!(dev->tx_offloads & DEV_TX_OFFLOAD_SECURITY) &&\n+\t !(dev->rx_offloads & DEV_RX_OFFLOAD_SECURITY))\n+\t\treturn;\n+\n+\tin_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);\n+\trte_memzone_free(rte_memzone_lookup(name));\n+}\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h\nindex 4a925e9..60d4a29 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_sec.h\n+++ b/drivers/net/octeontx2/otx2_ethdev_sec.h\n@@ -11,4 +11,8 @@ int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev);\n \n void otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev);\n \n+int otx2_eth_sec_init(struct rte_eth_dev *eth_dev);\n+\n+void otx2_eth_sec_fini(struct rte_eth_dev *eth_dev);\n+\n #endif /* __OTX2_ETHDEV_SEC_H__ */\n", "prefixes": [ "v4", "05/15" ] }