Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/85437/?format=api
{ "id": 85437, "url": "https://patches.dpdk.org/api/patches/85437/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20201218093702.3651867-30-jiawenwu@trustnetic.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20201218093702.3651867-30-jiawenwu@trustnetic.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20201218093702.3651867-30-jiawenwu@trustnetic.com", "date": "2020-12-18T09:36:58", "name": "[v3,29/33] net/txgbe: add IPsec context creation", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "ce395b4ac4ad52cfdd5ae76aee9ee0e8eed2eb7a", "submitter": { "id": 1932, "url": "https://patches.dpdk.org/api/people/1932/?format=api", "name": "Jiawen Wu", "email": "jiawenwu@trustnetic.com" }, "delegate": { "id": 319, "url": "https://patches.dpdk.org/api/users/319/?format=api", "username": "fyigit", "first_name": "Ferruh", "last_name": "Yigit", "email": "ferruh.yigit@amd.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20201218093702.3651867-30-jiawenwu@trustnetic.com/mbox/", "series": [ { "id": 14363, "url": "https://patches.dpdk.org/api/series/14363/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=14363", "date": "2020-12-18T09:36:30", "name": "net: add txgbe PMD part 2", "version": 3, "mbox": "https://patches.dpdk.org/series/14363/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/85437/comments/", "check": "success", "checks": "https://patches.dpdk.org/api/patches/85437/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 89A3FA09F6;\n\tFri, 18 Dec 2020 10:44:15 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 52619CC69;\n\tFri, 18 Dec 2020 10:35:25 +0100 (CET)", "from smtpbgsg2.qq.com (smtpbgsg2.qq.com [54.254.200.128])\n by dpdk.org (Postfix) with ESMTP id 3CA24CBDC\n for <dev@dpdk.org>; Fri, 18 Dec 2020 10:35:15 +0100 (CET)", "from localhost.localdomain.com (unknown [183.129.236.74])\n by esmtp10.qq.com (ESMTP) with\n id ; Fri, 18 Dec 2020 17:35:10 +0800 (CST)" ], "X-QQ-mid": "bizesmtp28t1608284110tgfz4i7n", "X-QQ-SSF": "01400000002000C0D000B00A0000000", "X-QQ-FEAT": "fYJ0eR3mMJ3BjbfVx8VBVrApy/68uS2jizR47qHRS7QsJPHmM38pMk7eq1OFk\n Jz2hXI+MhSqF/9qjkNtz7M0cSjD2NvmKd/u2FcV033X7ZdgZFJjEQD6thxmF3TsmexhMb1Y\n LjUFeqYHZqDMs7qgJcosqE9NR0yS9IEi5GZy0AUwrTHqbQGlheUosKfhgxwLGlvEik9MQ9l\n fYvfuckstPZDz5tCbCtxKdRDM8LHChFUj7138prnz8srgLFkEGUJjFBXJNCGZEnyoa+nCb1\n RVAZDtWYkiZjr0M/JHU+KvZnkaE1CEJKMJ2Dqc8SJaJdmPwHDd8PnScTahXeSn4N0DW1Qmw\n bzSdhq8fzoq4+nQpN3mkEGrCfe1H0PupKJwEksM", "X-QQ-GoodBg": "2", "From": "Jiawen Wu <jiawenwu@trustnetic.com>", "To": "dev@dpdk.org", "Cc": "Jiawen Wu <jiawenwu@trustnetic.com>", "Date": "Fri, 18 Dec 2020 17:36:58 +0800", "Message-Id": "<20201218093702.3651867-30-jiawenwu@trustnetic.com>", "X-Mailer": "git-send-email 2.27.0", "In-Reply-To": "<20201218093702.3651867-1-jiawenwu@trustnetic.com>", "References": "<20201218093702.3651867-1-jiawenwu@trustnetic.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-QQ-SENDSIZE": "520", "Feedback-ID": "bizesmtp:trustnetic.com:qybgforeign:qybgforeign7", "X-QQ-Bgrelay": "1", "Subject": "[dpdk-dev] [PATCH v3 29/33] net/txgbe: add IPsec context creation", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Initialize securiry context, and add support to get\nsecurity capabilities.\n\nSigned-off-by: Jiawen Wu <jiawenwu@trustnetic.com>\n---\n doc/guides/nics/features/txgbe.ini | 1 +\n drivers/net/txgbe/meson.build | 3 +-\n drivers/net/txgbe/txgbe_ethdev.c | 10 ++\n drivers/net/txgbe/txgbe_ethdev.h | 4 +\n drivers/net/txgbe/txgbe_ipsec.c | 177 +++++++++++++++++++++++++++++\n 5 files changed, 194 insertions(+), 1 deletion(-)\n create mode 100644 drivers/net/txgbe/txgbe_ipsec.c", "diff": "diff --git a/doc/guides/nics/features/txgbe.ini b/doc/guides/nics/features/txgbe.ini\nindex 9db2ccde0..b8fb58b53 100644\n--- a/doc/guides/nics/features/txgbe.ini\n+++ b/doc/guides/nics/features/txgbe.ini\n@@ -29,6 +29,7 @@ Flow control = Y\n Flow API = Y\n Rate limitation = Y\n Traffic mirroring = Y\n+Inline crypto = Y\n CRC offload = P\n VLAN offload = P\n QinQ offload = P\ndiff --git a/drivers/net/txgbe/meson.build b/drivers/net/txgbe/meson.build\nindex 352baad8b..f6a51a998 100644\n--- a/drivers/net/txgbe/meson.build\n+++ b/drivers/net/txgbe/meson.build\n@@ -8,13 +8,14 @@ sources = files(\n \t'txgbe_ethdev.c',\n \t'txgbe_fdir.c',\n \t'txgbe_flow.c',\n+\t'txgbe_ipsec.c',\n \t'txgbe_ptypes.c',\n \t'txgbe_pf.c',\n \t'txgbe_rxtx.c',\n \t'txgbe_tm.c',\n )\n \n-deps += ['hash']\n+deps += ['hash', 'security']\n \n includes += include_directories('base')\n \ndiff --git a/drivers/net/txgbe/txgbe_ethdev.c b/drivers/net/txgbe/txgbe_ethdev.c\nindex fdeac4f7e..79135490e 100644\n--- a/drivers/net/txgbe/txgbe_ethdev.c\n+++ b/drivers/net/txgbe/txgbe_ethdev.c\n@@ -547,6 +547,12 @@ eth_txgbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)\n \t/* Unlock any pending hardware semaphore */\n \ttxgbe_swfw_lock_reset(hw);\n \n+#ifdef RTE_LIB_SECURITY\n+\t/* Initialize security_ctx only for primary process*/\n+\tif (txgbe_ipsec_ctx_create(eth_dev))\n+\t\treturn -ENOMEM;\n+#endif\n+\n \t/* Initialize DCB configuration*/\n \tmemset(dcb_config, 0, sizeof(struct txgbe_dcb_config));\n \ttxgbe_dcb_init(hw, dcb_config);\n@@ -1963,6 +1969,10 @@ txgbe_dev_close(struct rte_eth_dev *dev)\n \t/* Remove all Traffic Manager configuration */\n \ttxgbe_tm_conf_uninit(dev);\n \n+#ifdef RTE_LIB_SECURITY\n+\trte_free(dev->security_ctx);\n+#endif\n+\n \treturn ret;\n }\n \ndiff --git a/drivers/net/txgbe/txgbe_ethdev.h b/drivers/net/txgbe/txgbe_ethdev.h\nindex ecec49112..e6c60b03d 100644\n--- a/drivers/net/txgbe/txgbe_ethdev.h\n+++ b/drivers/net/txgbe/txgbe_ethdev.h\n@@ -633,6 +633,10 @@ txgbe_ethertype_filter_remove(struct txgbe_filter_info *filter_info,\n \treturn idx;\n }\n \n+#ifdef RTE_LIB_SECURITY\n+int txgbe_ipsec_ctx_create(struct rte_eth_dev *dev);\n+#endif\n+\n /* High threshold controlling when to start sending XOFF frames. */\n #define TXGBE_FC_XOFF_HITH 128 /*KB*/\n /* Low threshold controlling when to start sending XON frames. */\ndiff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c\nnew file mode 100644\nindex 000000000..9e400b630\n--- /dev/null\n+++ b/drivers/net/txgbe/txgbe_ipsec.c\n@@ -0,0 +1,177 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2015-2020\n+ */\n+\n+#include <rte_ethdev_pci.h>\n+#include <rte_security_driver.h>\n+#include <rte_cryptodev.h>\n+\n+#include \"base/txgbe.h\"\n+#include \"txgbe_ethdev.h\"\n+\n+static const struct rte_security_capability *\n+txgbe_crypto_capabilities_get(void *device __rte_unused)\n+{\n+\tstatic const struct rte_cryptodev_capabilities\n+\taes_gcm_gmac_crypto_capabilities[] = {\n+\t\t{\t/* AES GMAC (128-bit) */\n+\t\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t\t{.sym = {\n+\t\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n+\t\t\t\t{.auth = {\n+\t\t\t\t\t.algo = RTE_CRYPTO_AUTH_AES_GMAC,\n+\t\t\t\t\t.block_size = 16,\n+\t\t\t\t\t.key_size = {\n+\t\t\t\t\t\t.min = 16,\n+\t\t\t\t\t\t.max = 16,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t},\n+\t\t\t\t\t.digest_size = {\n+\t\t\t\t\t\t.min = 16,\n+\t\t\t\t\t\t.max = 16,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t},\n+\t\t\t\t\t.iv_size = {\n+\t\t\t\t\t\t.min = 12,\n+\t\t\t\t\t\t.max = 12,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t}\n+\t\t\t\t}, }\n+\t\t\t}, }\n+\t\t},\n+\t\t{\t/* AES GCM (128-bit) */\n+\t\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t\t{.sym = {\n+\t\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t\t{.aead = {\n+\t\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t\t\t.block_size = 16,\n+\t\t\t\t\t.key_size = {\n+\t\t\t\t\t\t.min = 16,\n+\t\t\t\t\t\t.max = 16,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t},\n+\t\t\t\t\t.digest_size = {\n+\t\t\t\t\t\t.min = 16,\n+\t\t\t\t\t\t.max = 16,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t},\n+\t\t\t\t\t.aad_size = {\n+\t\t\t\t\t\t.min = 0,\n+\t\t\t\t\t\t.max = 65535,\n+\t\t\t\t\t\t.increment = 1\n+\t\t\t\t\t},\n+\t\t\t\t\t.iv_size = {\n+\t\t\t\t\t\t.min = 12,\n+\t\t\t\t\t\t.max = 12,\n+\t\t\t\t\t\t.increment = 0\n+\t\t\t\t\t}\n+\t\t\t\t}, }\n+\t\t\t}, }\n+\t\t},\n+\t\t{\n+\t\t\t.op = RTE_CRYPTO_OP_TYPE_UNDEFINED,\n+\t\t\t{.sym = {\n+\t\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED\n+\t\t\t}, }\n+\t\t},\n+\t};\n+\n+\tstatic const struct rte_security_capability\n+\ttxgbe_security_capabilities[] = {\n+\t\t{ /* IPsec Inline Crypto ESP Transport Egress */\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,\n+\t\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t\t{.ipsec = {\n+\t\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,\n+\t\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t\t\t.options = { 0 }\n+\t\t\t} },\n+\t\t\t.crypto_capabilities = aes_gcm_gmac_crypto_capabilities,\n+\t\t\t.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA\n+\t\t},\n+\t\t{ /* IPsec Inline Crypto ESP Transport Ingress */\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,\n+\t\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t\t{.ipsec = {\n+\t\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,\n+\t\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,\n+\t\t\t\t.options = { 0 }\n+\t\t\t} },\n+\t\t\t.crypto_capabilities = aes_gcm_gmac_crypto_capabilities,\n+\t\t\t.ol_flags = 0\n+\t\t},\n+\t\t{ /* IPsec Inline Crypto ESP Tunnel Egress */\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,\n+\t\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t\t{.ipsec = {\n+\t\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t\t\t.options = { 0 }\n+\t\t\t} },\n+\t\t\t.crypto_capabilities = aes_gcm_gmac_crypto_capabilities,\n+\t\t\t.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA\n+\t\t},\n+\t\t{ /* IPsec Inline Crypto ESP Tunnel Ingress */\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,\n+\t\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t\t{.ipsec = {\n+\t\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,\n+\t\t\t\t.options = { 0 }\n+\t\t\t} },\n+\t\t\t.crypto_capabilities = aes_gcm_gmac_crypto_capabilities,\n+\t\t\t.ol_flags = 0\n+\t\t},\n+\t\t{\n+\t\t\t.action = RTE_SECURITY_ACTION_TYPE_NONE\n+\t\t}\n+\t};\n+\n+\treturn txgbe_security_capabilities;\n+}\n+\n+static struct rte_security_ops txgbe_security_ops = {\n+\t.capabilities_get = txgbe_crypto_capabilities_get\n+};\n+\n+static int\n+txgbe_crypto_capable(struct rte_eth_dev *dev)\n+{\n+\tstruct txgbe_hw *hw = TXGBE_DEV_HW(dev);\n+\tuint32_t reg_i, reg, capable = 1;\n+\t/* test if rx crypto can be enabled and then write back initial value*/\n+\treg_i = rd32(hw, TXGBE_SECRXCTL);\n+\twr32m(hw, TXGBE_SECRXCTL, TXGBE_SECRXCTL_ODSA, 0);\n+\treg = rd32m(hw, TXGBE_SECRXCTL, TXGBE_SECRXCTL_ODSA);\n+\tif (reg != 0)\n+\t\tcapable = 0;\n+\twr32(hw, TXGBE_SECRXCTL, reg_i);\n+\treturn capable;\n+}\n+\n+int\n+txgbe_ipsec_ctx_create(struct rte_eth_dev *dev)\n+{\n+\tstruct rte_security_ctx *ctx = NULL;\n+\n+\tif (txgbe_crypto_capable(dev)) {\n+\t\tctx = rte_malloc(\"rte_security_instances_ops\",\n+\t\t\t\t sizeof(struct rte_security_ctx), 0);\n+\t\tif (ctx) {\n+\t\t\tctx->device = (void *)dev;\n+\t\t\tctx->ops = &txgbe_security_ops;\n+\t\t\tctx->sess_cnt = 0;\n+\t\t\tdev->security_ctx = ctx;\n+\t\t} else {\n+\t\t\treturn -ENOMEM;\n+\t\t}\n+\t}\n+\tif (rte_security_dynfield_register() < 0)\n+\t\treturn -rte_errno;\n+\treturn 0;\n+}\n", "prefixes": [ "v3", "29/33" ] }