Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/83979/?format=api
{ "id": 83979, "url": "http://patches.dpdk.org/api/patches/83979/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20201111064936.768604-34-jiawenwu@trustnetic.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20201111064936.768604-34-jiawenwu@trustnetic.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20201111064936.768604-34-jiawenwu@trustnetic.com", "date": "2020-11-11T06:49:32", "name": "[v2,33/37] net/txgbe: add IPsec context creation", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "14cdc7358805b5ef4368c20a2178066572ba1d35", "submitter": { "id": 1932, "url": "http://patches.dpdk.org/api/people/1932/?format=api", "name": "Jiawen Wu", "email": "jiawenwu@trustnetic.com" }, "delegate": { "id": 319, "url": "http://patches.dpdk.org/api/users/319/?format=api", "username": "fyigit", "first_name": "Ferruh", "last_name": "Yigit", "email": "ferruh.yigit@amd.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20201111064936.768604-34-jiawenwu@trustnetic.com/mbox/", "series": [ { "id": 13798, "url": "http://patches.dpdk.org/api/series/13798/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=13798", "date": "2020-11-11T06:49:00", "name": "net: add txgbe PMD part 2", "version": 2, "mbox": "http://patches.dpdk.org/series/13798/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/83979/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/83979/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 9FC51A09D2;\n\tWed, 11 Nov 2020 08:00:33 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 1429FC8BC;\n\tWed, 11 Nov 2020 07:48:34 +0100 (CET)", "from smtpbguseast2.qq.com (smtpbguseast2.qq.com [54.204.34.130])\n by dpdk.org (Postfix) with ESMTP id BC989C806\n for <dev@dpdk.org>; Wed, 11 Nov 2020 07:48:16 +0100 (CET)", "from localhost.localdomain.com (unknown [183.129.236.74])\n by esmtp10.qq.com (ESMTP) with\n id ; Wed, 11 Nov 2020 14:48:03 +0800 (CST)" ], "X-QQ-mid": "bizesmtp27t1605077283t5oyquey", "X-QQ-SSF": "01400000000000C0C000B00A0000000", "X-QQ-FEAT": "FjvBusSIvfhPsGTPC7kGrDxgGFKBbkeJqCb0dJhRtuWwFJc4g9KRaIPm1g+Iv\n GB/ccZmx5nnRsCb9TJPQNZsMuAgFs58i9fwynQEit8MhXvgx49UBIMTOpHqVH09uBnMP1P5\n NCZVkQM1h/9Tc2JQWKl7nGHHuLrqhD29VmDVlnpCpNaFbRX4jg/DBiRCVf47YI6DsEauo72\n 37Jkyqf1lqkvrr+Xn2Lht1dilShiKkoSIJOVg0g4AgAf8521//1DkixlXHhMuuzfd3tFnIi\n L2MIP4dmEl7htU/pHuVpRLW5o+fW3j7Wlq7+F+0GEjKHlqo7ELkqof3CYzZs+7NkqDxNXPr\n UpWe8r0JzX8kfIzddKfT4JPB0YkYUzRETC+JBfV", "X-QQ-GoodBg": "2", "From": "Jiawen Wu <jiawenwu@trustnetic.com>", "To": "dev@dpdk.org", "Cc": "Jiawen Wu <jiawenwu@trustnetic.com>", "Date": "Wed, 11 Nov 2020 14:49:32 +0800", "Message-Id": "<20201111064936.768604-34-jiawenwu@trustnetic.com>", "X-Mailer": "git-send-email 2.18.4", "In-Reply-To": "<20201111064936.768604-1-jiawenwu@trustnetic.com>", "References": "<20201111064936.768604-1-jiawenwu@trustnetic.com>", "X-QQ-SENDSIZE": "520", "Feedback-ID": "bizesmtp:trustnetic.com:qybgforeign:qybgforeign6", "X-QQ-Bgrelay": "1", "Subject": "[dpdk-dev] [PATCH v2 33/37] net/txgbe: add IPsec context creation", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Initialize securiry context, and add support to get\nsecurity capabilities.\n\nSigned-off-by: Jiawen Wu <jiawenwu@trustnetic.com>\n---\n doc/guides/nics/features/txgbe.ini | 1 +\n drivers/net/txgbe/meson.build | 3 +-\n drivers/net/txgbe/txgbe_ethdev.c | 13 +++\n drivers/net/txgbe/txgbe_ethdev.h | 3 +\n drivers/net/txgbe/txgbe_ipsec.c | 181 +++++++++++++++++++++++++++++\n drivers/net/txgbe/txgbe_ipsec.h | 13 +++\n 6 files changed, 213 insertions(+), 1 deletion(-)\n create mode 100644 drivers/net/txgbe/txgbe_ipsec.c\n create mode 100644 drivers/net/txgbe/txgbe_ipsec.h", "diff": "diff --git a/doc/guides/nics/features/txgbe.ini b/doc/guides/nics/features/txgbe.ini\nindex 6f721ff1c..3436563b1 100644\n--- a/doc/guides/nics/features/txgbe.ini\n+++ b/doc/guides/nics/features/txgbe.ini\n@@ -28,6 +28,7 @@ VLAN filter = Y\n Flow control = Y\n Flow API = Y\n Rate limitation = Y\n+Inline crypto = Y\n CRC offload = P\n VLAN offload = P\n QinQ offload = P\ndiff --git a/drivers/net/txgbe/meson.build b/drivers/net/txgbe/meson.build\nindex 352baad8b..f6a51a998 100644\n--- a/drivers/net/txgbe/meson.build\n+++ b/drivers/net/txgbe/meson.build\n@@ -8,13 +8,14 @@ sources = files(\n \t'txgbe_ethdev.c',\n \t'txgbe_fdir.c',\n \t'txgbe_flow.c',\n+\t'txgbe_ipsec.c',\n \t'txgbe_ptypes.c',\n \t'txgbe_pf.c',\n \t'txgbe_rxtx.c',\n \t'txgbe_tm.c',\n )\n \n-deps += ['hash']\n+deps += ['hash', 'security']\n \n includes += include_directories('base')\n \ndiff --git a/drivers/net/txgbe/txgbe_ethdev.c b/drivers/net/txgbe/txgbe_ethdev.c\nindex 5f7db6b7b..a10e13749 100644\n--- a/drivers/net/txgbe/txgbe_ethdev.c\n+++ b/drivers/net/txgbe/txgbe_ethdev.c\n@@ -16,6 +16,9 @@\n #include <rte_memory.h>\n #include <rte_eal.h>\n #include <rte_alarm.h>\n+#ifdef RTE_LIB_SECURITY\n+#include <rte_security_driver.h>\n+#endif\n \n #include \"txgbe_logs.h\"\n #include \"base/txgbe.h\"\n@@ -549,6 +552,12 @@ eth_txgbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)\n \t/* Unlock any pending hardware semaphore */\n \ttxgbe_swfw_lock_reset(hw);\n \n+#ifdef RTE_LIB_SECURITY\n+\t/* Initialize security_ctx only for primary process*/\n+\tif (txgbe_ipsec_ctx_create(eth_dev))\n+\t\treturn -ENOMEM;\n+#endif\n+\n \t/* Initialize DCB configuration*/\n \tmemset(dcb_config, 0, sizeof(struct txgbe_dcb_config));\n \ttxgbe_dcb_init(hw, dcb_config);\n@@ -1971,6 +1980,10 @@ txgbe_dev_close(struct rte_eth_dev *dev)\n \t/* Remove all Traffic Manager configuration */\n \ttxgbe_tm_conf_uninit(dev);\n \n+#ifdef RTE_LIB_SECURITY\n+\trte_free(dev->security_ctx);\n+#endif\n+\n \treturn ret;\n }\n \ndiff --git a/drivers/net/txgbe/txgbe_ethdev.h b/drivers/net/txgbe/txgbe_ethdev.h\nindex 73e3fe8da..db4b73e3e 100644\n--- a/drivers/net/txgbe/txgbe_ethdev.h\n+++ b/drivers/net/txgbe/txgbe_ethdev.h\n@@ -9,6 +9,9 @@\n \n #include \"base/txgbe.h\"\n #include \"txgbe_ptypes.h\"\n+#ifdef RTE_LIB_SECURITY\n+#include \"txgbe_ipsec.h\"\n+#endif\n #include <rte_flow.h>\n #include <rte_time.h>\n #include <rte_hash.h>\ndiff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c\nnew file mode 100644\nindex 000000000..b21bba237\n--- /dev/null\n+++ b/drivers/net/txgbe/txgbe_ipsec.c\n@@ -0,0 +1,181 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2015-2020\n+ */\n+\n+#include <rte_ethdev_pci.h>\n+#include <rte_ip.h>\n+#include <rte_jhash.h>\n+#include <rte_security_driver.h>\n+#include <rte_cryptodev.h>\n+#include <rte_flow.h>\n+\n+#include \"base/txgbe.h\"\n+#include \"txgbe_ethdev.h\"\n+#include \"txgbe_ipsec.h\"\n+\n+static const struct rte_security_capability *\n+txgbe_crypto_capabilities_get(void *device __rte_unused)\n+{\n+\tstatic const struct rte_cryptodev_capabilities\n+\taes_gcm_gmac_crypto_capabilities[] = {\n+\t\t{\t/* AES GMAC (128-bit) */\n+\t\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t\t{.sym = {\n+\t\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n+\t\t\t\t{.auth = {\n+\t\t\t\t\t.algo = RTE_CRYPTO_AUTH_AES_GMAC,\n+\t\t\t\t\t.block_size = 16,\n+\t\t\t\t\t.key_size = {\n+\t\t\t\t\t\t.min = 16,\n+\t\t\t\t\t\t.max = 16,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t},\n+\t\t\t\t\t.digest_size = {\n+\t\t\t\t\t\t.min = 16,\n+\t\t\t\t\t\t.max = 16,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t},\n+\t\t\t\t\t.iv_size = {\n+\t\t\t\t\t\t.min = 12,\n+\t\t\t\t\t\t.max = 12,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t}\n+\t\t\t\t}, }\n+\t\t\t}, }\n+\t\t},\n+\t\t{\t/* AES GCM (128-bit) */\n+\t\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t\t{.sym = {\n+\t\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t\t{.aead = {\n+\t\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t\t\t.block_size = 16,\n+\t\t\t\t\t.key_size = {\n+\t\t\t\t\t\t.min = 16,\n+\t\t\t\t\t\t.max = 16,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t},\n+\t\t\t\t\t.digest_size = {\n+\t\t\t\t\t\t.min = 16,\n+\t\t\t\t\t\t.max = 16,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t},\n+\t\t\t\t\t.aad_size = {\n+\t\t\t\t\t\t.min = 0,\n+\t\t\t\t\t\t.max = 65535,\n+\t\t\t\t\t\t.increment = 1\n+\t\t\t\t\t},\n+\t\t\t\t\t.iv_size = {\n+\t\t\t\t\t\t.min = 12,\n+\t\t\t\t\t\t.max = 12,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t}\n+\t\t\t\t}, }\n+\t\t\t}, }\n+\t\t},\n+\t\t{\n+\t\t\t.op = RTE_CRYPTO_OP_TYPE_UNDEFINED,\n+\t\t\t{.sym = {\n+\t\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED\n+\t\t\t}, }\n+\t\t},\n+\t};\n+\n+\tstatic const struct rte_security_capability\n+\ttxgbe_security_capabilities[] = {\n+\t\t{ /* IPsec Inline Crypto ESP Transport Egress */\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,\n+\t\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t\t{.ipsec = {\n+\t\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,\n+\t\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t\t\t.options = { 0 }\n+\t\t\t} },\n+\t\t\t.crypto_capabilities = aes_gcm_gmac_crypto_capabilities,\n+\t\t\t.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA\n+\t\t},\n+\t\t{ /* IPsec Inline Crypto ESP Transport Ingress */\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,\n+\t\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t\t{.ipsec = {\n+\t\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,\n+\t\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,\n+\t\t\t\t.options = { 0 }\n+\t\t\t} },\n+\t\t\t.crypto_capabilities = aes_gcm_gmac_crypto_capabilities,\n+\t\t\t.ol_flags = 0\n+\t\t},\n+\t\t{ /* IPsec Inline Crypto ESP Tunnel Egress */\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,\n+\t\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t\t{.ipsec = {\n+\t\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t\t\t.options = { 0 }\n+\t\t\t} },\n+\t\t\t.crypto_capabilities = aes_gcm_gmac_crypto_capabilities,\n+\t\t\t.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA\n+\t\t},\n+\t\t{ /* IPsec Inline Crypto ESP Tunnel Ingress */\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,\n+\t\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t\t{.ipsec = {\n+\t\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,\n+\t\t\t\t.options = { 0 }\n+\t\t\t} },\n+\t\t\t.crypto_capabilities = aes_gcm_gmac_crypto_capabilities,\n+\t\t\t.ol_flags = 0\n+\t\t},\n+\t\t{\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_NONE\n+\t\t}\n+\t};\n+\n+\treturn txgbe_security_capabilities;\n+}\n+\n+static struct rte_security_ops txgbe_security_ops = {\n+\t.capabilities_get = txgbe_crypto_capabilities_get\n+};\n+\n+static int\n+txgbe_crypto_capable(struct rte_eth_dev *dev)\n+{\n+\tstruct txgbe_hw *hw = TXGBE_DEV_HW(dev);\n+\tuint32_t reg_i, reg, capable = 1;\n+\t/* test if rx crypto can be enabled and then write back initial value*/\n+\treg_i = rd32(hw, TXGBE_SECRXCTL);\n+\twr32m(hw, TXGBE_SECRXCTL, TXGBE_SECRXCTL_ODSA, 0);\n+\treg = rd32m(hw, TXGBE_SECRXCTL, TXGBE_SECRXCTL_ODSA);\n+\tif (reg != 0)\n+\t\tcapable = 0;\n+\twr32(hw, TXGBE_SECRXCTL, reg_i);\n+\treturn capable;\n+}\n+\n+int\n+txgbe_ipsec_ctx_create(struct rte_eth_dev *dev)\n+{\n+\tstruct rte_security_ctx *ctx = NULL;\n+\n+\tif (txgbe_crypto_capable(dev)) {\n+\t\tctx = rte_malloc(\"rte_security_instances_ops\",\n+\t\t\t\t sizeof(struct rte_security_ctx), 0);\n+\t\tif (ctx) {\n+\t\t\tctx->device = (void *)dev;\n+\t\t\tctx->ops = &txgbe_security_ops;\n+\t\t\tctx->sess_cnt = 0;\n+\t\t\tdev->security_ctx = ctx;\n+\t\t} else {\n+\t\t\treturn -ENOMEM;\n+\t\t}\n+\t}\n+\tif (rte_security_dynfield_register() < 0)\n+\t\treturn -rte_errno;\n+\treturn 0;\n+}\ndiff --git a/drivers/net/txgbe/txgbe_ipsec.h b/drivers/net/txgbe/txgbe_ipsec.h\nnew file mode 100644\nindex 000000000..f58ebab3d\n--- /dev/null\n+++ b/drivers/net/txgbe/txgbe_ipsec.h\n@@ -0,0 +1,13 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2015-2020\n+ */\n+\n+#ifndef TXGBE_IPSEC_H_\n+#define TXGBE_IPSEC_H_\n+\n+#include <rte_ethdev_core.h>\n+#include <rte_security.h>\n+\n+int txgbe_ipsec_ctx_create(struct rte_eth_dev *dev);\n+\n+#endif /*TXGBE_IPSEC_H_*/\n", "prefixes": [ "v2", "33/37" ] }