diff mbox series

examples/ipsec-secgw: add security capabilities mapping

Message ID	20230720132123.3084969-1-gakhil@marvell.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <radu.nicolau@intel.com>, <anoobj@marvell.com>, <hemant.agrawal@nxp.com>, Akhil Goyal <gakhil@marvell.com> Subject: [PATCH] examples/ipsec-secgw: add security capabilities mapping Date: Thu, 20 Jul 2023 18:51:23 +0530 Message-ID: <20230720132123.3084969-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	examples/ipsec-secgw: add security capabilities mapping \| examples/ipsec-secgw: add security capabilities mapping

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/intel-Testing	success	Testing PASS
ci/github-robot: build	success	github build: passed
ci/intel-Functional	success	Functional PASS
ci/iol-unit-testing	fail	Testing issues
ci/iol-aarch-unit-testing	success	Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/iol-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS

Commit Message

Akhil Goyal July 20, 2023, 1:21 p.m. UTC

  Currently the cryptodev queue pair mapping was done only
on lookaside crypto capabilities.
But device capabilities for lookaside crypto and
lookaside proto may be different.
Hence, mappings are also added for rte_security_capabilities
of cryptodev.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 41 ++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

Comments

Akhil Goyal Sept. 19, 2023, 12:41 p.m. UTC | #1

Recheck-request: iol-unit-testing

Akhil Goyal Sept. 19, 2023, 7:19 p.m. UTC | #2

> Subject: [PATCH] examples/ipsec-secgw: add security capabilities mapping
> 
> Currently the cryptodev queue pair mapping was done only
> on lookaside crypto capabilities.
> But device capabilities for lookaside crypto and
> lookaside proto may be different.
> Hence, mappings are also added for rte_security_capabilities
> of cryptodev.
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Applied to dpdk-next-crypto

diff mbox series

Patch

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 72b3bfba9e..3ab7995fd5 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1555,6 +1555,8 @@  add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
 	struct lcore_conf *qconf;
 	struct ipsec_ctx *ipsec_ctx;
 	const char *str;
+	void *sec_ctx;
+	const struct rte_security_capability *sec_cap;
 
 	qconf = &lcore_conf[params->lcore_id];
 
@@ -1569,8 +1571,8 @@  add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
 	}
 
 	/* Required cryptodevs with operation chaining */
-	if (!(dev_info->feature_flags &
-				RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
+	if (!(dev_info->feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING) &&
+			!(dev_info->feature_flags & RTE_CRYPTODEV_FF_SECURITY))
 		return ret;
 
 	for (i = dev_info->capabilities;
@@ -1600,6 +1602,41 @@  add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
 		}
 	}
 
+	sec_ctx = rte_cryptodev_get_sec_ctx(cdev_id);
+	if (sec_ctx == NULL)
+		return ret;
+
+	sec_cap = rte_security_capabilities_get(sec_ctx);
+	if (sec_cap == NULL)
+		return ret;
+
+	for (i = sec_cap->crypto_capabilities;
+			i->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; i++) {
+		if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+			continue;
+
+		if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			ret |= add_mapping(str, cdev_id, qp, params,
+					ipsec_ctx, NULL, NULL, i);
+			continue;
+		}
+
+		if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+			continue;
+
+		for (j = sec_cap->crypto_capabilities;
+				j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
+			if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+				continue;
+
+			if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
+				continue;
+
+			ret |= add_mapping(str, cdev_id, qp, params,
+						ipsec_ctx, i, j, NULL);
+		}
+	}
+
 	return ret;
 }