[28/32] net/ngbe: add IPsec context creation
Checks
Commit Message
Initialize securiry context, and support to get security
capabilities.
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
---
doc/guides/nics/features/ngbe.ini | 1 +
drivers/net/ngbe/meson.build | 3 +-
drivers/net/ngbe/ngbe_ethdev.c | 10 ++
drivers/net/ngbe/ngbe_ethdev.h | 4 +
drivers/net/ngbe/ngbe_ipsec.c | 178 ++++++++++++++++++++++++++++++
5 files changed, 195 insertions(+), 1 deletion(-)
create mode 100644 drivers/net/ngbe/ngbe_ipsec.c
Comments
On 9/8/2021 9:37 AM, Jiawen Wu wrote:
> Initialize securiry context, and support to get security
> capabilities.
>
> Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
<...>
> --- a/drivers/net/ngbe/ngbe_ethdev.c
> +++ b/drivers/net/ngbe/ngbe_ethdev.c
> @@ -430,6 +430,12 @@ eth_ngbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)
> /* Unlock any pending hardware semaphore */
> ngbe_swfw_lock_reset(hw);
>
> +#ifdef RTE_LIB_SECURITY
> + /* Initialize security_ctx only for primary process*/
> + if (ngbe_ipsec_ctx_create(eth_dev))
> + return -ENOMEM;
> +#endif
Hi Hemant,
I see 'RTE_LIB_SECURITY' is still used in some PMDs, as this new PMD also uses it?
Previously I assume this macro was to mark that security library is enabled, is
this macro still valid? Who should set this macro now?
Also can you please help reviewing this and next a few patches since they are
related to the security?
On 9/15/2021 10:28 PM, Ferruh Yigit wrote:
> On 9/8/2021 9:37 AM, Jiawen Wu wrote:
>> Initialize securiry context, and support to get security
>> capabilities.
>>
>> Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
> <...>
>
>> --- a/drivers/net/ngbe/ngbe_ethdev.c
>> +++ b/drivers/net/ngbe/ngbe_ethdev.c
>> @@ -430,6 +430,12 @@ eth_ngbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)
>> /* Unlock any pending hardware semaphore */
>> ngbe_swfw_lock_reset(hw);
>>
>> +#ifdef RTE_LIB_SECURITY
>> + /* Initialize security_ctx only for primary process*/
>> + if (ngbe_ipsec_ctx_create(eth_dev))
>> + return -ENOMEM;
>> +#endif
> Hi Hemant,
>
> I see 'RTE_LIB_SECURITY' is still used in some PMDs, as this new PMD also uses it?
> Previously I assume this macro was to mark that security library is enabled, is
> this macro still valid? Who should set this macro now?
>
> Also can you please help reviewing this and next a few patches since they are
> related to the security?
Hi Ferruh,
It indicate if the driver is using SECURITY library functions. In
Ethernet driver, it typically means the inline security offload.
Ok, I will try to review.
regards,
Hemant
>
On 9/8/2021 2:07 PM, Jiawen Wu wrote:
> Initialize securiry context, and support to get security
> capabilities.
>
> Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
> ---
> doc/guides/nics/features/ngbe.ini | 1 +
> drivers/net/ngbe/meson.build | 3 +-
> drivers/net/ngbe/ngbe_ethdev.c | 10 ++
> drivers/net/ngbe/ngbe_ethdev.h | 4 +
> drivers/net/ngbe/ngbe_ipsec.c | 178 ++++++++++++++++++++++++++++++
> 5 files changed, 195 insertions(+), 1 deletion(-)
> create mode 100644 drivers/net/ngbe/ngbe_ipsec.c
>
> diff --git a/doc/guides/nics/features/ngbe.ini b/doc/guides/nics/features/ngbe.ini
> index 56d5d71ea8..facdb5f006 100644
> --- a/doc/guides/nics/features/ngbe.ini
> +++ b/doc/guides/nics/features/ngbe.ini
> @@ -23,6 +23,7 @@ RSS reta update = Y
> SR-IOV = Y
> VLAN filter = Y
> Flow control = Y
> +Inline crypto = Y
> CRC offload = P
> VLAN offload = P
> QinQ offload = P
> diff --git a/drivers/net/ngbe/meson.build b/drivers/net/ngbe/meson.build
> index b276ec3341..f222595b19 100644
> --- a/drivers/net/ngbe/meson.build
> +++ b/drivers/net/ngbe/meson.build
> @@ -12,12 +12,13 @@ objs = [base_objs]
>
> sources = files(
> 'ngbe_ethdev.c',
> + 'ngbe_ipsec.c',
Ideally you shall be creating a crypto/security driver and have your
ipsec related functions there.
@akhil - what is your opinion here?
> 'ngbe_ptypes.c',
> 'ngbe_pf.c',
> 'ngbe_rxtx.c',
> )
>
> -deps += ['hash']
> +deps += ['hash', 'security']
>
> includes += include_directories('base')
>
> diff --git a/drivers/net/ngbe/ngbe_ethdev.c b/drivers/net/ngbe/ngbe_ethdev.c
> index 4eaf9b0724..b0e0f7411e 100644
> --- a/drivers/net/ngbe/ngbe_ethdev.c
> +++ b/drivers/net/ngbe/ngbe_ethdev.c
> @@ -430,6 +430,12 @@ eth_ngbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)
> /* Unlock any pending hardware semaphore */
> ngbe_swfw_lock_reset(hw);
>
> +#ifdef RTE_LIB_SECURITY
> + /* Initialize security_ctx only for primary process*/
> + if (ngbe_ipsec_ctx_create(eth_dev))
> + return -ENOMEM;
> +#endif
> +
> /* Get Hardware Flow Control setting */
> hw->fc.requested_mode = ngbe_fc_full;
> hw->fc.current_mode = ngbe_fc_full;
> @@ -1282,6 +1288,10 @@ ngbe_dev_close(struct rte_eth_dev *dev)
> rte_free(dev->data->hash_mac_addrs);
> dev->data->hash_mac_addrs = NULL;
>
> +#ifdef RTE_LIB_SECURITY
> + rte_free(dev->security_ctx);
> +#endif
> +
> return ret;
> }
>
> diff --git a/drivers/net/ngbe/ngbe_ethdev.h b/drivers/net/ngbe/ngbe_ethdev.h
> index aacc0b68b2..9eda024d65 100644
> --- a/drivers/net/ngbe/ngbe_ethdev.h
> +++ b/drivers/net/ngbe/ngbe_ethdev.h
> @@ -264,6 +264,10 @@ void ngbe_pf_mbx_process(struct rte_eth_dev *eth_dev);
>
> int ngbe_pf_host_configure(struct rte_eth_dev *eth_dev);
>
> +#ifdef RTE_LIB_SECURITY
> +int ngbe_ipsec_ctx_create(struct rte_eth_dev *dev);
> +#endif
> +
> /* High threshold controlling when to start sending XOFF frames. */
> #define NGBE_FC_XOFF_HITH 128 /*KB*/
> /* Low threshold controlling when to start sending XON frames. */
> diff --git a/drivers/net/ngbe/ngbe_ipsec.c b/drivers/net/ngbe/ngbe_ipsec.c
> new file mode 100644
> index 0000000000..5f8b0bab29
> --- /dev/null
> +++ b/drivers/net/ngbe/ngbe_ipsec.c
> @@ -0,0 +1,178 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2018-2021 Beijing WangXun Technology Co., Ltd.
> + * Copyright(c) 2010-2017 Intel Corporation
> + */
> +
> +#include <ethdev_pci.h>
> +#include <rte_security_driver.h>
> +#include <rte_cryptodev.h>
> +
> +#include "base/ngbe.h"
> +#include "ngbe_ethdev.h"
> +
> +static const struct rte_security_capability *
> +ngbe_crypto_capabilities_get(void *device __rte_unused)
> +{
> + static const struct rte_cryptodev_capabilities
> + aes_gcm_gmac_crypto_capabilities[] = {
> + { /* AES GMAC (128-bit) */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_AES_GMAC,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .digest_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 12,
> + .max = 12,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* AES GCM (128-bit) */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
> + {.aead = {
> + .algo = RTE_CRYPTO_AEAD_AES_GCM,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .digest_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .aad_size = {
> + .min = 0,
> + .max = 65535,
> + .increment = 1
> + },
> + .iv_size = {
> + .min = 12,
> + .max = 12,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + {
> + .op = RTE_CRYPTO_OP_TYPE_UNDEFINED,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED
> + }, }
> + },
> + };
> +
> + static const struct rte_security_capability
> + ngbe_security_capabilities[] = {
> + { /* IPsec Inline Crypto ESP Transport Egress */
> + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
> + .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
> + {.ipsec = {
> + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
> + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
> + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
> + .options = { 0 }
> + } },
> + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
> + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
> + },
> + { /* IPsec Inline Crypto ESP Transport Ingress */
> + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
> + .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
> + {.ipsec = {
> + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
> + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
> + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
> + .options = { 0 }
> + } },
> + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
> + .ol_flags = 0
> + },
> + { /* IPsec Inline Crypto ESP Tunnel Egress */
> + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
> + .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
> + {.ipsec = {
> + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
> + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
> + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
> + .options = { 0 }
> + } },
> + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
> + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
> + },
> + { /* IPsec Inline Crypto ESP Tunnel Ingress */
> + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
> + .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
> + {.ipsec = {
> + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
> + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
> + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
> + .options = { 0 }
> + } },
> + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
> + .ol_flags = 0
> + },
> + {
> + .action = RTE_SECURITY_ACTION_TYPE_NONE
> + }
> + };
> +
> + return ngbe_security_capabilities;
> +}
> +
> +static struct rte_security_ops ngbe_security_ops = {
> + .capabilities_get = ngbe_crypto_capabilities_get
> +};
> +
> +static int
> +ngbe_crypto_capable(struct rte_eth_dev *dev)
> +{
> + struct ngbe_hw *hw = ngbe_dev_hw(dev);
> + uint32_t reg_i, reg, capable = 1;
> + /* test if rx crypto can be enabled and then write back initial value*/
> + reg_i = rd32(hw, NGBE_SECRXCTL);
> + wr32m(hw, NGBE_SECRXCTL, NGBE_SECRXCTL_ODSA, 0);
> + reg = rd32m(hw, NGBE_SECRXCTL, NGBE_SECRXCTL_ODSA);
> + if (reg != 0)
> + capable = 0;
> + wr32(hw, NGBE_SECRXCTL, reg_i);
> + return capable;
> +}
> +
> +int
> +ngbe_ipsec_ctx_create(struct rte_eth_dev *dev)
> +{
> + struct rte_security_ctx *ctx = NULL;
> +
> + if (ngbe_crypto_capable(dev)) {
> + ctx = rte_malloc("rte_security_instances_ops",
> + sizeof(struct rte_security_ctx), 0);
> + if (ctx) {
> + ctx->device = (void *)dev;
> + ctx->ops = &ngbe_security_ops;
> + ctx->sess_cnt = 0;
> + dev->security_ctx = ctx;
> + } else {
> + return -ENOMEM;
> + }
> + }
> + if (rte_security_dynfield_register() < 0)
> + return -rte_errno;
> + return 0;
> +}
On 9/16/2021 10:00 AM, Hemant Agrawal wrote:
>
> On 9/15/2021 10:28 PM, Ferruh Yigit wrote:
>> On 9/8/2021 9:37 AM, Jiawen Wu wrote:
>>> Initialize securiry context, and support to get security
>>> capabilities.
>>>
>>> Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
>> <...>
>>
>>> --- a/drivers/net/ngbe/ngbe_ethdev.c
>>> +++ b/drivers/net/ngbe/ngbe_ethdev.c
>>> @@ -430,6 +430,12 @@ eth_ngbe_dev_init(struct rte_eth_dev *eth_dev, void
>>> *init_params __rte_unused)
>>> /* Unlock any pending hardware semaphore */
>>> ngbe_swfw_lock_reset(hw);
>>> +#ifdef RTE_LIB_SECURITY
>>> + /* Initialize security_ctx only for primary process*/
>>> + if (ngbe_ipsec_ctx_create(eth_dev))
>>> + return -ENOMEM;
>>> +#endif
>> Hi Hemant,
>>
>> I see 'RTE_LIB_SECURITY' is still used in some PMDs, as this new PMD also uses
>> it?
>> Previously I assume this macro was to mark that security library is enabled, is
>> this macro still valid? Who should set this macro now?
>>
>> Also can you please help reviewing this and next a few patches since they are
>> related to the security?
>
> Hi Ferruh,
>
> It indicate if the driver is using SECURITY library functions. In Ethernet
> driver, it typically means the inline security offload.
>
Got it, but right now who sets this macro? It isn't set automatically when
security library is enabled/compiled, right?
> Ok, I will try to review.
>
>
> regards,
>
> Hemant
>
>>
@@ -23,6 +23,7 @@ RSS reta update = Y
SR-IOV = Y
VLAN filter = Y
Flow control = Y
+Inline crypto = Y
CRC offload = P
VLAN offload = P
QinQ offload = P
@@ -12,12 +12,13 @@ objs = [base_objs]
sources = files(
'ngbe_ethdev.c',
+ 'ngbe_ipsec.c',
'ngbe_ptypes.c',
'ngbe_pf.c',
'ngbe_rxtx.c',
)
-deps += ['hash']
+deps += ['hash', 'security']
includes += include_directories('base')
@@ -430,6 +430,12 @@ eth_ngbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)
/* Unlock any pending hardware semaphore */
ngbe_swfw_lock_reset(hw);
+#ifdef RTE_LIB_SECURITY
+ /* Initialize security_ctx only for primary process*/
+ if (ngbe_ipsec_ctx_create(eth_dev))
+ return -ENOMEM;
+#endif
+
/* Get Hardware Flow Control setting */
hw->fc.requested_mode = ngbe_fc_full;
hw->fc.current_mode = ngbe_fc_full;
@@ -1282,6 +1288,10 @@ ngbe_dev_close(struct rte_eth_dev *dev)
rte_free(dev->data->hash_mac_addrs);
dev->data->hash_mac_addrs = NULL;
+#ifdef RTE_LIB_SECURITY
+ rte_free(dev->security_ctx);
+#endif
+
return ret;
}
@@ -264,6 +264,10 @@ void ngbe_pf_mbx_process(struct rte_eth_dev *eth_dev);
int ngbe_pf_host_configure(struct rte_eth_dev *eth_dev);
+#ifdef RTE_LIB_SECURITY
+int ngbe_ipsec_ctx_create(struct rte_eth_dev *dev);
+#endif
+
/* High threshold controlling when to start sending XOFF frames. */
#define NGBE_FC_XOFF_HITH 128 /*KB*/
/* Low threshold controlling when to start sending XON frames. */
new file mode 100644
@@ -0,0 +1,178 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018-2021 Beijing WangXun Technology Co., Ltd.
+ * Copyright(c) 2010-2017 Intel Corporation
+ */
+
+#include <ethdev_pci.h>
+#include <rte_security_driver.h>
+#include <rte_cryptodev.h>
+
+#include "base/ngbe.h"
+#include "ngbe_ethdev.h"
+
+static const struct rte_security_capability *
+ngbe_crypto_capabilities_get(void *device __rte_unused)
+{
+ static const struct rte_cryptodev_capabilities
+ aes_gcm_gmac_crypto_capabilities[] = {
+ { /* AES GMAC (128-bit) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* AES GCM (128-bit) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_UNDEFINED,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED
+ }, }
+ },
+ };
+
+ static const struct rte_security_capability
+ ngbe_security_capabilities[] = {
+ { /* IPsec Inline Crypto ESP Transport Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 }
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Crypto ESP Transport Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 }
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = 0
+ },
+ { /* IPsec Inline Crypto ESP Tunnel Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 }
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Crypto ESP Tunnel Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 }
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = 0
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+ };
+
+ return ngbe_security_capabilities;
+}
+
+static struct rte_security_ops ngbe_security_ops = {
+ .capabilities_get = ngbe_crypto_capabilities_get
+};
+
+static int
+ngbe_crypto_capable(struct rte_eth_dev *dev)
+{
+ struct ngbe_hw *hw = ngbe_dev_hw(dev);
+ uint32_t reg_i, reg, capable = 1;
+ /* test if rx crypto can be enabled and then write back initial value*/
+ reg_i = rd32(hw, NGBE_SECRXCTL);
+ wr32m(hw, NGBE_SECRXCTL, NGBE_SECRXCTL_ODSA, 0);
+ reg = rd32m(hw, NGBE_SECRXCTL, NGBE_SECRXCTL_ODSA);
+ if (reg != 0)
+ capable = 0;
+ wr32(hw, NGBE_SECRXCTL, reg_i);
+ return capable;
+}
+
+int
+ngbe_ipsec_ctx_create(struct rte_eth_dev *dev)
+{
+ struct rte_security_ctx *ctx = NULL;
+
+ if (ngbe_crypto_capable(dev)) {
+ ctx = rte_malloc("rte_security_instances_ops",
+ sizeof(struct rte_security_ctx), 0);
+ if (ctx) {
+ ctx->device = (void *)dev;
+ ctx->ops = &ngbe_security_ops;
+ ctx->sess_cnt = 0;
+ dev->security_ctx = ctx;
+ } else {
+ return -ENOMEM;
+ }
+ }
+ if (rte_security_dynfield_register() < 0)
+ return -rte_errno;
+ return 0;
+}