Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/65519/?format=api
{ "id": 65519, "url": "http://patches.dpdk.org/api/patches/65519/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1580815045-32132-9-git-send-email-anoobj@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1580815045-32132-9-git-send-email-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1580815045-32132-9-git-send-email-anoobj@marvell.com", "date": "2020-02-04T11:17:18", "name": "[v4,08/15] net/octeontx2: add eth security session operations", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "f051eae7697cab88bcc9693352972c3283301f2e", "submitter": { "id": 1205, "url": "http://patches.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1580815045-32132-9-git-send-email-anoobj@marvell.com/mbox/", "series": [ { "id": 8411, "url": "http://patches.dpdk.org/api/series/8411/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=8411", "date": "2020-02-04T11:17:10", "name": "add OCTEON TX2 inline IPsec support", "version": 4, "mbox": "http://patches.dpdk.org/series/8411/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/65519/comments/", "check": "fail", "checks": "http://patches.dpdk.org/api/patches/65519/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 7BD9BA0530;\n\tTue, 4 Feb 2020 12:19:35 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id C29351C12D;\n\tTue, 4 Feb 2020 12:18:55 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 0EE681C136\n for <dev@dpdk.org>; Tue, 4 Feb 2020 12:18:53 +0100 (CET)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 014BF1DR022394; Tue, 4 Feb 2020 03:18:53 -0800", "from sc-exch03.marvell.com ([199.233.58.183])\n by mx0a-0016f401.pphosted.com with ESMTP id 2xw7jvm2q2-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Tue, 04 Feb 2020 03:18:53 -0800", "from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH03.marvell.com\n (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Tue, 4 Feb 2020 03:18:51 -0800", "from SC-EXCH01.marvell.com (10.93.176.81) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Tue, 4 Feb 2020 03:18:51 -0800", "from maili.marvell.com (10.93.176.43) by SC-EXCH01.marvell.com\n (10.93.176.81) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Tue, 4 Feb 2020 03:18:50 -0800", "from ajoseph83.caveonetworks.com (unknown [10.29.45.60])\n by maili.marvell.com (Postfix) with ESMTP id 89EBD3F7068;\n Tue, 4 Feb 2020 03:18:46 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0818;\n bh=tDy64Td1HK7seNQmBK5KIHf8dmP3p1rkKcTTJrUUISA=;\n b=YNAV/ghtuem3hhRUCubvaMwCpvc6Fp4G5mWILMoC6nk4Tt/cpITUXyJ6o23aOzV591Sh\n DeS/DHN2tfbt4+dWZ/WFRCXJrx32cKyYt2RK2jOrh9Jj1WPmwAGjOJFh0Ui+aWRV8KHb\n xC5qkNs2c3q+hbQjABLcx895PK/mWTaVauqAi46SAZ22o6jiJdQzw/2FL0cdRfm0hiW9\n NFtW0++GGsBfQuaaRFf9meYDEXKZcGfx+7fKCxXwb7WflmM0BTf1DPB43AnaKgmrfJI4\n n9BSmG/Tzo/dkoSYDGMcGBAonWcVqn4lQQ1tbeqk3r0WGKDO2LpUnPBk/Wy/W6qyeX/d TA==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <akhil.goyal@nxp.com>, Declan Doherty\n <declan.doherty@intel.com>, Thomas Monjalon <thomas@monjalon.net>", "CC": "Anoob Joseph <anoobj@marvell.com>, Jerin Jacob <jerinj@marvell.com>,\n Narayana Prasad <pathreya@marvell.com>, Kiran Kumar K\n <kirankumark@marvell.com>, Nithin Dabilpuram <ndabilpuram@marvell.com>,\n \"Pavan Nikhilesh\" <pbhagavatula@marvell.com>, Ankur Dwivedi\n <adwivedi@marvell.com>, Archana Muniganti <marchana@marvell.com>, Tejasree\n Kondoj <ktejasree@marvell.com>, Vamsi Attunuru <vattunuru@marvell.com>,\n \"Lukasz Bartosik\" <lbartosik@marvell.com>, <dev@dpdk.org>", "Date": "Tue, 4 Feb 2020 16:47:18 +0530", "Message-ID": "<1580815045-32132-9-git-send-email-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1580815045-32132-1-git-send-email-anoobj@marvell.com>", "References": "<1580465035-30455-1-git-send-email-anoobj@marvell.com>\n <1580815045-32132-1-git-send-email-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572\n definitions=2020-02-04_02:2020-02-04,\n 2020-02-04 signatures=0", "Subject": "[dpdk-dev] [PATCH v4 08/15] net/octeontx2: add eth security session\n\toperations", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Adding security session operations in eth security ctx.\n\nSigned-off-by: Ankur Dwivedi <adwivedi@marvell.com>\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\nSigned-off-by: Archana Muniganti <marchana@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\nSigned-off-by: Vamsi Attunuru <vattunuru@marvell.com>\n---\n drivers/common/octeontx2/otx2_sec_idev.c | 63 ++++\n drivers/common/octeontx2/otx2_sec_idev.h | 4 +\n .../octeontx2/rte_common_octeontx2_version.map | 2 +\n drivers/crypto/octeontx2/otx2_ipsec_fp.h | 295 +++++++++++++++++\n drivers/net/octeontx2/otx2_ethdev_sec.c | 362 +++++++++++++++++++++\n drivers/net/octeontx2/otx2_ethdev_sec.h | 84 ++++-\n 6 files changed, 809 insertions(+), 1 deletion(-)", "diff": "diff --git a/drivers/common/octeontx2/otx2_sec_idev.c b/drivers/common/octeontx2/otx2_sec_idev.c\nindex e924078..4e65ce2 100644\n--- a/drivers/common/octeontx2/otx2_sec_idev.c\n+++ b/drivers/common/octeontx2/otx2_sec_idev.c\n@@ -118,3 +118,66 @@ otx2_sec_idev_tx_cpt_qp_remove(struct otx2_cpt_qp *qp)\n \trte_spinlock_unlock(&cfg->tx_cpt_lock);\n \treturn ret;\n }\n+\n+int\n+otx2_sec_idev_tx_cpt_qp_get(uint16_t port_id, struct otx2_cpt_qp **qp)\n+{\n+\tstruct otx2_sec_idev_cfg *cfg;\n+\tuint16_t index;\n+\tint i, ret;\n+\n+\tif (port_id > OTX2_MAX_INLINE_PORTS || qp == NULL)\n+\t\treturn -EINVAL;\n+\n+\tcfg = &sec_cfg[port_id];\n+\n+\trte_spinlock_lock(&cfg->tx_cpt_lock);\n+\n+\tindex = cfg->tx_cpt_idx;\n+\n+\t/* Get the next index with valid data */\n+\tfor (i = 0; i < OTX2_MAX_CPT_QP_PER_PORT; i++) {\n+\t\tif (cfg->tx_cpt[index].qp != NULL)\n+\t\t\tbreak;\n+\t\tindex = (index + 1) % OTX2_MAX_CPT_QP_PER_PORT;\n+\t}\n+\n+\tif (i >= OTX2_MAX_CPT_QP_PER_PORT) {\n+\t\tret = -EINVAL;\n+\t\tgoto unlock;\n+\t}\n+\n+\t*qp = cfg->tx_cpt[index].qp;\n+\trte_atomic16_inc(&cfg->tx_cpt[index].ref_cnt);\n+\n+\tcfg->tx_cpt_idx = (index + 1) % OTX2_MAX_CPT_QP_PER_PORT;\n+\n+\tret = 0;\n+\n+unlock:\n+\trte_spinlock_unlock(&cfg->tx_cpt_lock);\n+\treturn ret;\n+}\n+\n+int\n+otx2_sec_idev_tx_cpt_qp_put(struct otx2_cpt_qp *qp)\n+{\n+\tstruct otx2_sec_idev_cfg *cfg;\n+\tuint16_t port_id;\n+\tint i;\n+\n+\tif (qp == NULL)\n+\t\treturn -EINVAL;\n+\n+\tfor (port_id = 0; port_id < OTX2_MAX_INLINE_PORTS; port_id++) {\n+\t\tcfg = &sec_cfg[port_id];\n+\t\tfor (i = 0; i < OTX2_MAX_CPT_QP_PER_PORT; i++) {\n+\t\t\tif (cfg->tx_cpt[i].qp == qp) {\n+\t\t\t\trte_atomic16_dec(&cfg->tx_cpt[i].ref_cnt);\n+\t\t\t\treturn 0;\n+\t\t\t}\n+\t\t}\n+\t}\n+\n+\treturn -EINVAL;\n+}\ndiff --git a/drivers/common/octeontx2/otx2_sec_idev.h b/drivers/common/octeontx2/otx2_sec_idev.h\nindex 20d71d0..c681f50 100644\n--- a/drivers/common/octeontx2/otx2_sec_idev.h\n+++ b/drivers/common/octeontx2/otx2_sec_idev.h\n@@ -30,4 +30,8 @@ int otx2_sec_idev_tx_cpt_qp_add(uint16_t port_id, struct otx2_cpt_qp *qp);\n \n int otx2_sec_idev_tx_cpt_qp_remove(struct otx2_cpt_qp *qp);\n \n+int otx2_sec_idev_tx_cpt_qp_put(struct otx2_cpt_qp *qp);\n+\n+int otx2_sec_idev_tx_cpt_qp_get(uint16_t port_id, struct otx2_cpt_qp **qp);\n+\n #endif /* _OTX2_SEC_IDEV_H_ */\ndiff --git a/drivers/common/octeontx2/rte_common_octeontx2_version.map b/drivers/common/octeontx2/rte_common_octeontx2_version.map\nindex 775aca8..19a7b19 100644\n--- a/drivers/common/octeontx2/rte_common_octeontx2_version.map\n+++ b/drivers/common/octeontx2/rte_common_octeontx2_version.map\n@@ -31,6 +31,8 @@ DPDK_20.0 {\n \totx2_sec_idev_cfg_init;\n \totx2_sec_idev_tx_cpt_qp_add;\n \totx2_sec_idev_tx_cpt_qp_remove;\n+\totx2_sec_idev_tx_cpt_qp_get;\n+\totx2_sec_idev_tx_cpt_qp_put;\n \totx2_sso_pf_func_get;\n \totx2_sso_pf_func_set;\n \totx2_unregister_irq;\ndiff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\nindex bf4181a..52b3b41 100644\n--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n@@ -5,6 +5,67 @@\n #ifndef __OTX2_IPSEC_FP_H__\n #define __OTX2_IPSEC_FP_H__\n \n+#include <rte_crypto_sym.h>\n+#include <rte_security.h>\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,\n+\tOTX2_IPSEC_FP_SA_DIRECTION_OUTBOUND = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_IP_VERSION_4 = 0,\n+\tOTX2_IPSEC_FP_SA_IP_VERSION_6 = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_MODE_TRANSPORT = 0,\n+\tOTX2_IPSEC_FP_SA_MODE_TUNNEL = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_PROTOCOL_AH = 0,\n+\tOTX2_IPSEC_FP_SA_PROTOCOL_ESP = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_AES_KEY_LEN_128 = 1,\n+\tOTX2_IPSEC_FP_SA_AES_KEY_LEN_192 = 2,\n+\tOTX2_IPSEC_FP_SA_AES_KEY_LEN_256 = 3,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_ENC_NULL = 0,\n+\tOTX2_IPSEC_FP_SA_ENC_DES_CBC = 1,\n+\tOTX2_IPSEC_FP_SA_ENC_3DES_CBC = 2,\n+\tOTX2_IPSEC_FP_SA_ENC_AES_CBC = 3,\n+\tOTX2_IPSEC_FP_SA_ENC_AES_CTR = 4,\n+\tOTX2_IPSEC_FP_SA_ENC_AES_GCM = 5,\n+\tOTX2_IPSEC_FP_SA_ENC_AES_CCM = 6,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_AUTH_NULL = 0,\n+\tOTX2_IPSEC_FP_SA_AUTH_MD5 = 1,\n+\tOTX2_IPSEC_FP_SA_AUTH_SHA1 = 2,\n+\tOTX2_IPSEC_FP_SA_AUTH_SHA2_224 = 3,\n+\tOTX2_IPSEC_FP_SA_AUTH_SHA2_256 = 4,\n+\tOTX2_IPSEC_FP_SA_AUTH_SHA2_384 = 5,\n+\tOTX2_IPSEC_FP_SA_AUTH_SHA2_512 = 6,\n+\tOTX2_IPSEC_FP_SA_AUTH_AES_GMAC = 7,\n+\tOTX2_IPSEC_FP_SA_AUTH_AES_XCBC_128 = 8,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_FRAG_POST = 0,\n+\tOTX2_IPSEC_FP_SA_FRAG_PRE = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_FP_SA_ENCAP_NONE = 0,\n+\tOTX2_IPSEC_FP_SA_ENCAP_UDP = 1,\n+};\n+\n struct otx2_ipsec_fp_sa_ctl {\n \trte_be32_t spi : 32;\n \tuint64_t exp_proto_inter_frag : 8;\n@@ -24,6 +85,26 @@ struct otx2_ipsec_fp_sa_ctl {\n \tuint64_t aes_key_len : 2;\n };\n \n+struct otx2_ipsec_fp_out_sa {\n+\t/* w0 */\n+\tstruct otx2_ipsec_fp_sa_ctl ctl;\n+\n+\t/* w1 */\n+\tuint8_t nonce[4];\n+\tuint16_t udp_src;\n+\tuint16_t udp_dst;\n+\n+\t/* w2 */\n+\tuint32_t ip_src;\n+\tuint32_t ip_dst;\n+\n+\t/* w3-w6 */\n+\tuint8_t cipher_key[32];\n+\n+\t/* w7-w12 */\n+\tuint8_t hmac_key[48];\n+};\n+\n struct otx2_ipsec_fp_in_sa {\n \t/* w0 */\n \tstruct otx2_ipsec_fp_sa_ctl ctl;\n@@ -52,4 +133,218 @@ struct otx2_ipsec_fp_in_sa {\n \tuint64_t reserved2;\n };\n \n+static inline int\n+ipsec_fp_xform_cipher_verify(struct rte_crypto_sym_xform *xform)\n+{\n+\tif (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tswitch (xform->cipher.key.length) {\n+\t\tcase 16:\n+\t\tcase 24:\n+\t\tcase 32:\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+static inline int\n+ipsec_fp_xform_auth_verify(struct rte_crypto_sym_xform *xform)\n+{\n+\tuint16_t keylen = xform->auth.key.length;\n+\n+\tif (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {\n+\t\tif (keylen >= 20 && keylen <= 64)\n+\t\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+static inline int\n+ipsec_fp_xform_aead_verify(struct rte_security_ipsec_xform *ipsec,\n+\t\t\t struct rte_crypto_sym_xform *xform)\n+{\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&\n+\t xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&\n+\t xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)\n+\t\treturn -EINVAL;\n+\n+\tif (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\tswitch (xform->aead.key.length) {\n+\t\tcase 16:\n+\t\tcase 24:\n+\t\tcase 32:\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+static inline int\n+ipsec_fp_xform_verify(struct rte_security_ipsec_xform *ipsec,\n+\t\t struct rte_crypto_sym_xform *xform)\n+{\n+\tstruct rte_crypto_sym_xform *auth_xform, *cipher_xform;\n+\tint ret;\n+\n+\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n+\t\treturn ipsec_fp_xform_aead_verify(ipsec, xform);\n+\n+\tif (xform->next == NULL)\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\t/* Ingress */\n+\t\tif (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH ||\n+\t\t xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)\n+\t\t\treturn -EINVAL;\n+\t\tauth_xform = xform;\n+\t\tcipher_xform = xform->next;\n+\t} else {\n+\t\t/* Egress */\n+\t\tif (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||\n+\t\t xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)\n+\t\t\treturn -EINVAL;\n+\t\tcipher_xform = xform;\n+\t\tauth_xform = xform->next;\n+\t}\n+\n+\tret = ipsec_fp_xform_cipher_verify(cipher_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tret = ipsec_fp_xform_auth_verify(auth_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\treturn 0;\n+}\n+\n+static inline int\n+ipsec_fp_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,\n+\t\t struct rte_crypto_sym_xform *xform,\n+\t\t struct otx2_ipsec_fp_sa_ctl *ctl)\n+{\n+\tstruct rte_crypto_sym_xform *cipher_xform, *auth_xform;\n+\tint aes_key_len;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\tctl->direction = OTX2_IPSEC_FP_SA_DIRECTION_OUTBOUND;\n+\t\tcipher_xform = xform;\n+\t\tauth_xform = xform->next;\n+\t} else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\tctl->direction = OTX2_IPSEC_FP_SA_DIRECTION_INBOUND;\n+\t\tauth_xform = xform;\n+\t\tcipher_xform = xform->next;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {\n+\t\tif (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)\n+\t\t\tctl->outer_ip_ver = OTX2_IPSEC_FP_SA_IP_VERSION_4;\n+\t\telse if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6)\n+\t\t\tctl->outer_ip_ver = OTX2_IPSEC_FP_SA_IP_VERSION_6;\n+\t\telse\n+\t\t\treturn -EINVAL;\n+\t}\n+\n+\tctl->inner_ip_ver = OTX2_IPSEC_FP_SA_IP_VERSION_4;\n+\n+\tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)\n+\t\tctl->ipsec_mode = OTX2_IPSEC_FP_SA_MODE_TRANSPORT;\n+\telse if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)\n+\t\tctl->ipsec_mode = OTX2_IPSEC_FP_SA_MODE_TUNNEL;\n+\telse\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH)\n+\t\tctl->ipsec_proto = OTX2_IPSEC_FP_SA_PROTOCOL_AH;\n+\telse if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP)\n+\t\tctl->ipsec_proto = OTX2_IPSEC_FP_SA_PROTOCOL_ESP;\n+\telse\n+\t\treturn -EINVAL;\n+\n+\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\t\tctl->enc_type = OTX2_IPSEC_FP_SA_ENC_AES_GCM;\n+\t\t\taes_key_len = xform->aead.key.length;\n+\t\t} else {\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tctl->enc_type = OTX2_IPSEC_FP_SA_ENC_AES_CBC;\n+\t\taes_key_len = cipher_xform->cipher.key.length;\n+\t} else {\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tswitch (aes_key_len) {\n+\tcase 16:\n+\t\tctl->aes_key_len = OTX2_IPSEC_FP_SA_AES_KEY_LEN_128;\n+\t\tbreak;\n+\tcase 24:\n+\t\tctl->aes_key_len = OTX2_IPSEC_FP_SA_AES_KEY_LEN_192;\n+\t\tbreak;\n+\tcase 32:\n+\t\tctl->aes_key_len = OTX2_IPSEC_FP_SA_AES_KEY_LEN_256;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tswitch (auth_xform->auth.algo) {\n+\t\tcase RTE_CRYPTO_AUTH_NULL:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_NULL;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_MD5_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_MD5;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_SHA1;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA224_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_SHA2_224;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_SHA2_256;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA384_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_SHA2_384;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_SHA2_512;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_GMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_AES_GMAC;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_FP_SA_AUTH_AES_XCBC_128;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t}\n+\n+\tif (ipsec->options.esn == 1)\n+\t\tctl->esn_en = 1;\n+\n+\tctl->spi = rte_cpu_to_be_32(ipsec->spi);\n+\tctl->valid = 1;\n+\n+\treturn 0;\n+}\n+\n #endif /* __OTX2_IPSEC_FP_H__ */\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c\nindex 8859042..2ec2598 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_sec.c\n+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c\n@@ -141,6 +141,366 @@ in_sa_mz_name_get(char *name, int size, uint16_t port)\n \tsnprintf(name, size, \"otx2_ipsec_in_sadb_%u\", port);\n }\n \n+static struct otx2_ipsec_fp_in_sa *\n+in_sa_get(uint16_t port, int sa_index)\n+{\n+\tchar name[RTE_MEMZONE_NAMESIZE];\n+\tstruct otx2_ipsec_fp_in_sa *sa;\n+\tconst struct rte_memzone *mz;\n+\n+\tin_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);\n+\tmz = rte_memzone_lookup(name);\n+\tif (mz == NULL) {\n+\t\totx2_err(\"Could not get the memzone reserved for IN SA DB\");\n+\t\treturn NULL;\n+\t}\n+\n+\tsa = mz->addr;\n+\n+\treturn sa + sa_index;\n+}\n+\n+static int\n+hmac_init(struct otx2_ipsec_fp_sa_ctl *ctl, struct otx2_cpt_qp *qp,\n+\t const uint8_t *auth_key, int len, uint8_t *hmac_key)\n+{\n+\tstruct inst_data {\n+\t\tstruct otx2_cpt_res cpt_res;\n+\t\tuint8_t buffer[64];\n+\t} *md;\n+\n+\tvolatile struct otx2_cpt_res *res;\n+\tuint64_t timeout, lmt_status;\n+\tstruct otx2_cpt_inst_s inst;\n+\trte_iova_t md_iova;\n+\tint ret;\n+\n+\tmemset(&inst, 0, sizeof(struct otx2_cpt_inst_s));\n+\n+\tmd = rte_zmalloc(NULL, sizeof(struct inst_data), OTX2_CPT_RES_ALIGN);\n+\tif (md == NULL)\n+\t\treturn -ENOMEM;\n+\n+\tmemcpy(md->buffer, auth_key, len);\n+\n+\tmd_iova = rte_malloc_virt2iova(md);\n+\tif (md_iova == RTE_BAD_IOVA) {\n+\t\tret = -EINVAL;\n+\t\tgoto free_md;\n+\t}\n+\n+\tinst.res_addr = md_iova + offsetof(struct inst_data, cpt_res);\n+\tinst.opcode = OTX2_CPT_OP_WRITE_HMAC_IPAD_OPAD;\n+\tinst.param2 = ctl->auth_type;\n+\tinst.dlen = len;\n+\tinst.dptr = md_iova + offsetof(struct inst_data, buffer);\n+\tinst.rptr = inst.dptr;\n+\tinst.egrp = OTX2_CPT_EGRP_INLINE_IPSEC;\n+\n+\tmd->cpt_res.compcode = 0;\n+\tmd->cpt_res.uc_compcode = 0xff;\n+\n+\ttimeout = rte_get_timer_cycles() + 5 * rte_get_timer_hz();\n+\n+\trte_cio_wmb();\n+\n+\tdo {\n+\t\totx2_lmt_mov(qp->lmtline, &inst, 2);\n+\t\tlmt_status = otx2_lmt_submit(qp->lf_nq_reg);\n+\t} while (lmt_status == 0);\n+\n+\tres = (volatile struct otx2_cpt_res *)&md->cpt_res;\n+\n+\t/* Wait until instruction completes or times out */\n+\twhile (res->uc_compcode == 0xff) {\n+\t\tif (rte_get_timer_cycles() > timeout)\n+\t\t\tbreak;\n+\t}\n+\n+\tif (res->u16[0] != OTX2_SEC_COMP_GOOD) {\n+\t\tret = -EIO;\n+\t\tgoto free_md;\n+\t}\n+\n+\t/* Retrieve the ipad and opad from rptr */\n+\tmemcpy(hmac_key, md->buffer, 48);\n+\n+\tret = 0;\n+\n+free_md:\n+\trte_free(md);\n+\treturn ret;\n+}\n+\n+static int\n+eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n+\t\t\t struct rte_security_ipsec_xform *ipsec,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t struct rte_security_session *sec_sess)\n+{\n+\tstruct rte_crypto_sym_xform *auth_xform, *cipher_xform;\n+\tstruct otx2_sec_session_ipsec_ip *sess;\n+\tuint16_t port = eth_dev->data->port_id;\n+\tint cipher_key_len, auth_key_len, ret;\n+\tconst uint8_t *cipher_key, *auth_key;\n+\tstruct otx2_ipsec_fp_sa_ctl *ctl;\n+\tstruct otx2_ipsec_fp_out_sa *sa;\n+\tstruct otx2_sec_session *priv;\n+\tstruct otx2_cpt_qp *qp;\n+\n+\tpriv = get_sec_session_private_data(sec_sess);\n+\tsess = &priv->ipsec.ip;\n+\n+\tsa = &sess->out_sa;\n+\tctl = &sa->ctl;\n+\tif (ctl->valid) {\n+\t\totx2_err(\"SA already registered\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tmemset(sess, 0, sizeof(struct otx2_sec_session_ipsec_ip));\n+\n+\tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n+\t\tmemcpy(sa->nonce, &ipsec->salt, 4);\n+\n+\tif (ipsec->options.udp_encap == 1) {\n+\t\tsa->udp_src = 4500;\n+\t\tsa->udp_dst = 4500;\n+\t}\n+\n+\tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {\n+\t\tif (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {\n+\t\t\tmemcpy(&sa->ip_src, &ipsec->tunnel.ipv4.src_ip,\n+\t\t\t sizeof(struct in_addr));\n+\t\t\tmemcpy(&sa->ip_dst, &ipsec->tunnel.ipv4.dst_ip,\n+\t\t\t sizeof(struct in_addr));\n+\t\t} else {\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tcipher_xform = crypto_xform;\n+\tauth_xform = crypto_xform->next;\n+\n+\tcipher_key_len = 0;\n+\tauth_key_len = 0;\n+\tauth_key = NULL;\n+\n+\tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tcipher_key = crypto_xform->aead.key.data;\n+\t\tcipher_key_len = crypto_xform->aead.key.length;\n+\t} else {\n+\t\tcipher_key = cipher_xform->cipher.key.data;\n+\t\tcipher_key_len = cipher_xform->cipher.key.length;\n+\t\tauth_key = auth_xform->auth.key.data;\n+\t\tauth_key_len = auth_xform->auth.key.length;\n+\t}\n+\n+\tif (cipher_key_len != 0)\n+\t\tmemcpy(sa->cipher_key, cipher_key, cipher_key_len);\n+\telse\n+\t\treturn -EINVAL;\n+\n+\t/* Get CPT QP to be used for this SA */\n+\tret = otx2_sec_idev_tx_cpt_qp_get(port, &qp);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tsess->qp = qp;\n+\n+\tsess->cpt_lmtline = qp->lmtline;\n+\tsess->cpt_nq_reg = qp->lf_nq_reg;\n+\n+\t/* Populate control word */\n+\tret = ipsec_fp_sa_ctl_set(ipsec, crypto_xform, ctl);\n+\tif (ret)\n+\t\tgoto cpt_put;\n+\n+\tif (auth_key_len && auth_key) {\n+\t\tret = hmac_init(ctl, qp, auth_key, auth_key_len, sa->hmac_key);\n+\t\tif (ret)\n+\t\t\tgoto cpt_put;\n+\t}\n+\n+\treturn 0;\n+cpt_put:\n+\totx2_sec_idev_tx_cpt_qp_put(sess->qp);\n+\treturn ret;\n+}\n+\n+static int\n+eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n+\t\t\t struct rte_security_ipsec_xform *ipsec,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t struct rte_security_session *sec_sess)\n+{\n+\tstruct rte_crypto_sym_xform *auth_xform, *cipher_xform;\n+\tstruct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);\n+\tstruct otx2_sec_session_ipsec_ip *sess;\n+\tuint16_t port = eth_dev->data->port_id;\n+\tint cipher_key_len, auth_key_len, ret;\n+\tconst uint8_t *cipher_key, *auth_key;\n+\tstruct otx2_ipsec_fp_sa_ctl *ctl;\n+\tstruct otx2_ipsec_fp_in_sa *sa;\n+\tstruct otx2_sec_session *priv;\n+\tstruct otx2_cpt_qp *qp;\n+\n+\tif (ipsec->spi >= dev->ipsec_in_max_spi) {\n+\t\totx2_err(\"SPI exceeds max supported\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tsa = in_sa_get(port, ipsec->spi);\n+\tctl = &sa->ctl;\n+\n+\tpriv = get_sec_session_private_data(sec_sess);\n+\tsess = &priv->ipsec.ip;\n+\n+\tif (ctl->valid) {\n+\t\totx2_err(\"SA already registered\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tmemset(sa, 0, sizeof(struct otx2_ipsec_fp_in_sa));\n+\n+\tauth_xform = crypto_xform;\n+\tcipher_xform = crypto_xform->next;\n+\n+\tcipher_key_len = 0;\n+\tauth_key_len = 0;\n+\tauth_key = NULL;\n+\n+\tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)\n+\t\t\tmemcpy(sa->nonce, &ipsec->salt, 4);\n+\t\tcipher_key = crypto_xform->aead.key.data;\n+\t\tcipher_key_len = crypto_xform->aead.key.length;\n+\t} else {\n+\t\tcipher_key = cipher_xform->cipher.key.data;\n+\t\tcipher_key_len = cipher_xform->cipher.key.length;\n+\t\tauth_key = auth_xform->auth.key.data;\n+\t\tauth_key_len = auth_xform->auth.key.length;\n+\t}\n+\n+\tif (cipher_key_len != 0)\n+\t\tmemcpy(sa->cipher_key, cipher_key, cipher_key_len);\n+\telse\n+\t\treturn -EINVAL;\n+\n+\tsess->in_sa = sa;\n+\n+\tsa->userdata = priv->userdata;\n+\n+\tret = ipsec_fp_sa_ctl_set(ipsec, crypto_xform, ctl);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tif (auth_key_len && auth_key) {\n+\t\t/* Get a queue pair for HMAC init */\n+\t\tret = otx2_sec_idev_tx_cpt_qp_get(port, &qp);\n+\t\tif (ret)\n+\t\t\treturn ret;\n+\t\tret = hmac_init(ctl, qp, auth_key, auth_key_len, sa->hmac_key);\n+\t\totx2_sec_idev_tx_cpt_qp_put(qp);\n+\t}\n+\treturn ret;\n+}\n+\n+static int\n+eth_sec_ipsec_sess_create(struct rte_eth_dev *eth_dev,\n+\t\t\t struct rte_security_ipsec_xform *ipsec,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t struct rte_security_session *sess)\n+{\n+\tint ret;\n+\n+\tret = ipsec_fp_xform_verify(ipsec, crypto_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)\n+\t\treturn eth_sec_ipsec_in_sess_create(eth_dev, ipsec,\n+\t\t\t\t\t\t crypto_xform, sess);\n+\telse\n+\t\treturn eth_sec_ipsec_out_sess_create(eth_dev, ipsec,\n+\t\t\t\t\t\t crypto_xform, sess);\n+}\n+\n+static int\n+otx2_eth_sec_session_create(void *device,\n+\t\t\t struct rte_security_session_conf *conf,\n+\t\t\t struct rte_security_session *sess,\n+\t\t\t struct rte_mempool *mempool)\n+{\n+\tstruct otx2_sec_session *priv;\n+\tint ret;\n+\n+\tif (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)\n+\t\treturn -ENOTSUP;\n+\n+\tif (rte_mempool_get(mempool, (void **)&priv)) {\n+\t\totx2_err(\"Could not allocate security session private data\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tset_sec_session_private_data(sess, priv);\n+\n+\t/*\n+\t * Save userdata provided by the application. For ingress packets, this\n+\t * could be used to identify the SA.\n+\t */\n+\tpriv->userdata = conf->userdata;\n+\n+\tif (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)\n+\t\tret = eth_sec_ipsec_sess_create(device, &conf->ipsec,\n+\t\t\t\t\t\tconf->crypto_xform,\n+\t\t\t\t\t\tsess);\n+\telse\n+\t\tret = -ENOTSUP;\n+\n+\tif (ret)\n+\t\tgoto mempool_put;\n+\n+\treturn 0;\n+\n+mempool_put:\n+\trte_mempool_put(mempool, priv);\n+\tset_sec_session_private_data(sess, NULL);\n+\treturn ret;\n+}\n+\n+static int\n+otx2_eth_sec_session_destroy(void *device __rte_unused,\n+\t\t\t struct rte_security_session *sess)\n+{\n+\tstruct otx2_sec_session_ipsec_ip *sess_ip;\n+\tstruct otx2_sec_session *priv;\n+\tstruct rte_mempool *sess_mp;\n+\tint ret;\n+\n+\tpriv = get_sec_session_private_data(sess);\n+\tif (priv == NULL)\n+\t\treturn -EINVAL;\n+\n+\tsess_ip = &priv->ipsec.ip;\n+\n+\t/* Release CPT LF used for this session */\n+\tif (sess_ip->qp != NULL) {\n+\t\tret = otx2_sec_idev_tx_cpt_qp_put(sess_ip->qp);\n+\t\tif (ret)\n+\t\t\treturn ret;\n+\t}\n+\n+\tsess_mp = rte_mempool_from_obj(priv);\n+\n+\tset_sec_session_private_data(sess, NULL);\n+\trte_mempool_put(sess_mp, priv);\n+\n+\treturn 0;\n+}\n+\n static unsigned int\n otx2_eth_sec_session_get_size(void *device __rte_unused)\n {\n@@ -154,6 +514,8 @@ otx2_eth_sec_capabilities_get(void *device __rte_unused)\n }\n \n static struct rte_security_ops otx2_eth_sec_ops = {\n+\t.session_create\t\t= otx2_eth_sec_session_create,\n+\t.session_destroy\t= otx2_eth_sec_session_destroy,\n \t.session_get_size\t= otx2_eth_sec_session_get_size,\n \t.capabilities_get\t= otx2_eth_sec_capabilities_get\n };\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h\nindex 8bdc9f0..87342ef 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_sec.h\n+++ b/drivers/net/octeontx2/otx2_ethdev_sec.h\n@@ -9,12 +9,92 @@\n \n #include \"otx2_ipsec_fp.h\"\n \n+#define OTX2_CPT_RES_ALIGN\t\t16\n+\n+#define OTX2_CPT_EGRP_INLINE_IPSEC\t1\n+\n+#define OTX2_CPT_OP_WRITE_HMAC_IPAD_OPAD\t(0x40 | 0x27)\n+\n+#define OTX2_SEC_CPT_COMP_GOOD\t0x1\n+#define OTX2_SEC_UC_COMP_GOOD\t0x0\n+#define OTX2_SEC_COMP_GOOD\t(OTX2_SEC_UC_COMP_GOOD << 8 | \\\n+\t\t\t\t OTX2_SEC_CPT_COMP_GOOD)\n+\n+/* CPT Result */\n+struct otx2_cpt_res {\n+\tunion {\n+\t\tstruct {\n+\t\t\tuint64_t compcode:8;\n+\t\t\tuint64_t uc_compcode:8;\n+\t\t\tuint64_t doneint:1;\n+\t\t\tuint64_t reserved_17_63:47;\n+\t\t\tuint64_t reserved_64_127;\n+\t\t};\n+\t\tuint16_t u16[8];\n+\t};\n+};\n+\n+struct otx2_cpt_inst_s {\n+\tunion {\n+\t\tstruct {\n+\t\t\t/* W0 */\n+\t\t\tuint64_t nixtxl : 3;\n+\t\t\tuint64_t doneint : 1;\n+\t\t\tuint64_t nixtx_addr : 60;\n+\t\t\t/* W1 */\n+\t\t\tuint64_t res_addr : 64;\n+\t\t\t/* W2 */\n+\t\t\tuint64_t tag : 32;\n+\t\t\tuint64_t tt : 2;\n+\t\t\tuint64_t grp : 10;\n+\t\t\tuint64_t rsvd_175_172 : 4;\n+\t\t\tuint64_t rvu_pf_func : 16;\n+\t\t\t/* W3 */\n+\t\t\tuint64_t qord : 1;\n+\t\t\tuint64_t rsvd_194_193 : 2;\n+\t\t\tuint64_t wqe_ptr : 61;\n+\t\t\t/* W4 */\n+\t\t\tuint64_t dlen : 16;\n+\t\t\tuint64_t param2 : 16;\n+\t\t\tuint64_t param1 : 16;\n+\t\t\tuint64_t opcode : 16;\n+\t\t\t/* W5 */\n+\t\t\tuint64_t dptr : 64;\n+\t\t\t/* W6 */\n+\t\t\tuint64_t rptr : 64;\n+\t\t\t/* W7 */\n+\t\t\tuint64_t cptr : 61;\n+\t\t\tuint64_t egrp : 3;\n+\t\t};\n+\t\tuint64_t u64[8];\n+\t};\n+};\n+\n /*\n * Security session for inline IPsec protocol offload. This is private data of\n * inline capable PMD.\n */\n struct otx2_sec_session_ipsec_ip {\n-\tint dummy;\n+\tRTE_STD_C11\n+\tunion {\n+\t\t/*\n+\t\t * Inbound SA would accessed by crypto block. And so the memory\n+\t\t * is allocated differently and shared with the h/w. Only\n+\t\t * holding a pointer to this memory in the session private\n+\t\t * space.\n+\t\t */\n+\t\tvoid *in_sa;\n+\t\t/* Outbound SA */\n+\t\tstruct otx2_ipsec_fp_out_sa out_sa;\n+\t};\n+\n+\t/* Address of CPT LMTLINE */\n+\tvoid *cpt_lmtline;\n+\t/* CPT LF enqueue register address */\n+\trte_iova_t cpt_nq_reg;\n+\n+\t/* CPT QP used by SA */\n+\tstruct otx2_cpt_qp *qp;\n };\n \n struct otx2_sec_session_ipsec {\n@@ -23,6 +103,8 @@ struct otx2_sec_session_ipsec {\n \n struct otx2_sec_session {\n \tstruct otx2_sec_session_ipsec ipsec;\n+\tvoid *userdata;\n+\t/**< Userdata registered by the application */\n } __rte_cache_aligned;\n \n int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev);\n", "prefixes": [ "v4", "08/15" ] }