[RFC,v2,6/7] app/testpmd: macsec on/off commands using rte_security interface
Checks
Commit Message
From: Pavel Belous <Pavel.Belous@aquantia.com>
Here we create/get security mempool, get sec_ctx, and then
request session creation with macsec specific session configuration.
encrypt and replay_protection parameters are really not a global macsec
attributes, they are related to tx and rx security connection properties.
But we keep testpmd commands structure the same for now and will redesign
it in later commits.
Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
app/test-pmd/Makefile | 1 +
app/test-pmd/cmdline.c | 9 ++----
app/test-pmd/macsec.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++
app/test-pmd/macsec.h | 12 +++++++
app/test-pmd/meson.build | 3 +-
5 files changed, 100 insertions(+), 7 deletions(-)
create mode 100644 app/test-pmd/macsec.c
create mode 100644 app/test-pmd/macsec.h
Comments
On Fri, 25 Oct 2019 17:54:08 +0000
Pavel Belous <Pavel.Belous@aquantia.com> wrote:
> +static struct rte_mempool *get_security_pool(struct rte_security_ctx *ctx)
> +{
> + struct rte_mempool *mp = rte_mempool_lookup(TESTPMD_MEMPOOL_NAME);
> +
> + if (!mp) {
> + unsigned int ssize = rte_security_session_get_size(ctx);
> +
> + if (ssize) {
> + mp = rte_mempool_create("testpmd_security_pool",
> + 1, /* One sesion */
spelling "session"
On Fri, 25 Oct 2019 17:54:08 +0000
Pavel Belous <Pavel.Belous@aquantia.com> wrote:
> +int set_macsec_on_off(portid_t port_id, int on, int en, int rp)
> +{
> + struct rte_security_session_conf macsec_conf;
> + struct rte_security_ctx *ctx;
> + struct rte_mempool *mp;
> + int err = 0;
> +
> + ctx = rte_eth_dev_get_sec_ctx(port_id);
> +
> + if (!ctx) {
blank line between assignment and the if() statement is not necessary.
@@ -37,6 +37,7 @@ SRCS-y += noisy_vnf.c
SRCS-$(CONFIG_RTE_LIBRTE_IEEE1588) += ieee1588fwd.c
SRCS-$(CONFIG_RTE_LIBRTE_BPF) += bpf_cmd.c
SRCS-y += util.c
+SRCS-y += macsec.c
ifeq ($(CONFIG_RTE_LIBRTE_PMD_SOFTNIC), y)
SRCS-y += softnicfwd.c
@@ -75,6 +75,7 @@
#include "cmdline_mtr.h"
#include "cmdline_tm.h"
#include "bpf_cmd.h"
+#include "macsec.h"
static struct cmdline *testpmd_cl;
@@ -14124,9 +14125,7 @@ cmd_set_macsec_offload_on_parsed(
return;
if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
- ret = rte_pmd_ixgbe_macsec_enable(port_id, en, rp);
-#endif
+ ret = set_macsec_on_off(port_id, 1, en, rp);
}
RTE_SET_USED(en);
RTE_SET_USED(rp);
@@ -14221,9 +14220,7 @@ cmd_set_macsec_offload_off_parsed(
return;
if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
- ret = rte_pmd_ixgbe_macsec_disable(port_id);
-#endif
+ ret = set_macsec_on_off(port_id, 0, 0, 0);
}
switch (ret) {
case 0:
new file mode 100644
@@ -0,0 +1,82 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2010-2016 Intel Corporation.
+ * Copyright(c) 2014 6WIND S.A.
+ */
+
+#include <rte_ethdev.h>
+#include <rte_flow.h>
+#include <rte_security.h>
+#include "macsec.h"
+
+#define TESTPMD_MEMPOOL_NAME "testpmd_security_pool"
+
+struct macsec_params {
+ struct rte_mempool *mp;
+ struct rte_security_session *session;
+ int replay_protection_enabled;
+ int encryption_enabled;
+};
+
+static struct macsec_params macsec_param;
+
+static struct rte_mempool *get_security_pool(struct rte_security_ctx *ctx)
+{
+ struct rte_mempool *mp = rte_mempool_lookup(TESTPMD_MEMPOOL_NAME);
+
+ if (!mp) {
+ unsigned int ssize = rte_security_session_get_size(ctx);
+
+ if (ssize) {
+ mp = rte_mempool_create("testpmd_security_pool",
+ 1, /* One sesion */
+ ssize,
+ 0, 0, NULL, NULL, NULL, NULL,
+ SOCKET_ID_ANY, 0);
+ }
+ }
+
+ return mp;
+}
+
+int set_macsec_on_off(portid_t port_id, int on, int en, int rp)
+{
+ struct rte_security_session_conf macsec_conf;
+ struct rte_security_ctx *ctx;
+ struct rte_mempool *mp;
+ int err = 0;
+
+ ctx = rte_eth_dev_get_sec_ctx(port_id);
+
+ if (!ctx) {
+ err = -ENOTSUP;
+ goto done;
+ }
+
+ mp = get_security_pool(ctx);
+
+ macsec_conf.action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+ macsec_conf.protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+ macsec_conf.macsec.op = RTE_SECURITY_MACSEC_OP_CONFIG;
+
+ if (on) {
+ macsec_param.session = rte_security_session_create(ctx, &macsec_conf, mp);
+
+ if (!macsec_param.session) {
+ err = -ENOTSUP;
+ goto done;
+ }
+
+ macsec_param.replay_protection_enabled = rp;
+ macsec_param.encryption_enabled = en;
+ } else {
+ if (macsec_param.session) {
+ err = rte_security_session_destroy(ctx, macsec_param.session);
+ } else {
+ err = -ENOTSUP;
+ }
+ }
+
+done:
+ return err;
+}
+
new file mode 100644
@@ -0,0 +1,12 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#ifndef _TESTPMD_MACSEC_H_
+#define _TESTPMD_MACSEC_H_
+
+#include "testpmd.h"
+
+int set_macsec_on_off(portid_t port_id, int on, int en, int rp);
+
+#endif
@@ -22,7 +22,8 @@ sources = files('cmdline.c',
'rxonly.c',
'testpmd.c',
'txonly.c',
- 'util.c')
+ 'util.c',
+ 'macsec.c')
deps += ['ethdev', 'gro', 'gso', 'cmdline', 'metrics', 'meter', 'bus_pci']
if dpdk_conf.has('RTE_LIBRTE_PDUMP')