diff mbox series

[v2,32/37] net/txgbe: add macsec setting

Message ID	20201111064936.768604-33-jiawenwu@trustnetic.com (mailing list archive)
State	Changes Requested, archived
Delegated to:	Ferruh Yigit
Headers	From: Jiawen Wu <jiawenwu@trustnetic.com> To: dev@dpdk.org Cc: Jiawen Wu <jiawenwu@trustnetic.com> Date: Wed, 11 Nov 2020 14:49:31 +0800 Message-Id: <20201111064936.768604-33-jiawenwu@trustnetic.com> In-Reply-To: <20201111064936.768604-1-jiawenwu@trustnetic.com> References: <20201111064936.768604-1-jiawenwu@trustnetic.com> Feedback-ID: bizesmtp:trustnetic.com:qybgforeign:qybgforeign5 Subject: [dpdk-dev] [PATCH v2 32/37] net/txgbe: add macsec setting Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	net: add txgbe PMD part 2 \| [v2,00/37] net: add txgbe PMD part 2 [v2,01/37] net/txgbe: add ntuple filter init and uninit [v2,02/37] net/txgbe: support ntuple filter add and delete [v2,03/37] net/txgbe: add ntuple parse rule [v2,04/37] net/txgbe: support ntuple filter remove operaion [v2,05/37] net/txgbe: support ethertype filter add and delete [v2,06/37] net/txgbe: add ethertype parse rule [v2,07/37] net/txgbe: support syn filter add and delete [v2,08/37] net/txgbe: add syn filter parse rule [v2,09/37] net/txgbe: add L2 tunnel filter init and uninit [v2,10/37] net/txgbe: config L2 tunnel filter with e-tag [v2,11/37] net/txgbe: support L2 tunnel filter add and delete [v2,12/37] net/txgbe: add L2 tunnel filter parse rule [v2,13/37] net/txgbe: add FDIR filter init and uninit [v2,14/37] net/txgbe: configure FDIR filter [v2,15/37] net/txgbe: support FDIR add and delete operations [v2,16/37] net/txgbe: add FDIR parse normal rule [v2,17/37] net/txgbe: add FDIR parse tunnel rule [v2,18/37] net/txgbe: add FDIR restore operation [v2,19/37] net/txgbe: add RSS filter parse rule [v2,20/37] net/txgbe: add RSS filter restore operation [v2,21/37] net/txgbe: add filter list init and uninit [v2,22/37] net/txgbe: add generic flow API [v2,23/37] net/txgbe: add flow API create function [v2,24/37] net/txgbe: add flow API destroy function [v2,25/37] net/txgbe: add flow API flush function [v2,26/37] net/txgbe: support UDP tunnel port add and delete [v2,27/37] net/txgbe: add TM configuration init and uninit [v2,28/37] net/txgbe: add TM capabilities get operation [v2,29/37] net/txgbe: support TM shaper profile add and delete [v2,30/37] net/txgbe: support TM node add and delete [v2,31/37] net/txgbe: add TM hierarchy commit [v2,32/37] net/txgbe: add macsec setting [v2,33/37] net/txgbe: add IPsec context creation [v2,34/37] net/txgbe: add security session create operation [v2,35/37] net/txgbe: support security session destroy [v2,36/37] net/txgbe: add security offload in Rx and Tx process [v2,37/37] net/txgbe: add security type in flow action

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues

Commit Message

Jiawen Wu Nov. 11, 2020, 6:49 a.m. UTC

  Add macsec register enable and setting reset operations.
Add macsec offload suuport.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
---
 doc/guides/nics/features/txgbe.ini |  1 +
 drivers/net/txgbe/txgbe_ethdev.c   | 87 ++++++++++++++++++++++++++++++
 drivers/net/txgbe/txgbe_ethdev.h   | 17 ++++++
 drivers/net/txgbe/txgbe_rxtx.c     |  3 ++
 4 files changed, 108 insertions(+)

Comments

Ferruh Yigit Nov. 11, 2020, 4:13 p.m. UTC | #1

On 11/11/2020 6:49 AM, Jiawen Wu wrote:
> Add macsec register enable and setting reset operations.
> Add macsec offload suuport.
> 
> Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>

<...>

> @@ -1763,6 +1767,10 @@ txgbe_dev_start(struct rte_eth_dev *dev)
>   	 */
>   	txgbe_dev_link_update(dev, 0);
>   
> +	/* setup the macsec ctrl register */
> +	if (macsec_setting->offload_en)
> +		txgbe_dev_macsec_register_enable(dev, macsec_setting);
> +

Is there any piece of code that sets 'offload_en'? This looks like all new added 
code is dead code and not called at all...

<...>

> +++ b/drivers/net/txgbe/txgbe_rxtx.c
> @@ -56,6 +56,9 @@ static const u64 TXGBE_TX_OFFLOAD_MASK = (PKT_TX_IP_CKSUM |
>   		PKT_TX_L4_MASK |
>   		PKT_TX_TCP_SEG |
>   		PKT_TX_TUNNEL_MASK |
> +#ifdef RTE_LIBRTE_MACSEC
> +		PKT_TX_MACSEC |
> +#endif

Where this macro defined? Who enables it?

diff mbox series

Patch

diff --git a/doc/guides/nics/features/txgbe.ini b/doc/guides/nics/features/txgbe.ini
index ffeecfd20..6f721ff1c 100644
--- a/doc/guides/nics/features/txgbe.ini
+++ b/doc/guides/nics/features/txgbe.ini
@@ -33,6 +33,7 @@  VLAN offload         = P
 QinQ offload         = P
 L3 checksum offload  = P
 L4 checksum offload  = P
+MACsec offload       = P
 Inner L3 checksum    = P
 Inner L4 checksum    = P
 Packet type parsing  = Y
diff --git a/drivers/net/txgbe/txgbe_ethdev.c b/drivers/net/txgbe/txgbe_ethdev.c
index 22bc2c004..5f7db6b7b 100644
--- a/drivers/net/txgbe/txgbe_ethdev.c
+++ b/drivers/net/txgbe/txgbe_ethdev.c
@@ -487,6 +487,8 @@  eth_txgbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)
 
 	PMD_INIT_FUNC_TRACE();
 
+	txgbe_dev_macsec_setting_reset(eth_dev);
+
 	eth_dev->dev_ops = &txgbe_eth_dev_ops;
 	eth_dev->rx_queue_count       = txgbe_dev_rx_queue_count;
 	eth_dev->rx_descriptor_status = txgbe_dev_rx_descriptor_status;
@@ -1549,6 +1551,8 @@  txgbe_dev_start(struct rte_eth_dev *dev)
 	uint16_t vf, idx;
 	uint32_t *link_speeds;
 	struct txgbe_tm_conf *tm_conf = TXGBE_DEV_TM_CONF(dev);
+	struct txgbe_macsec_setting *macsec_setting =
+				TXGBE_DEV_MACSEC_SETTING(dev);
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -1763,6 +1767,10 @@  txgbe_dev_start(struct rte_eth_dev *dev)
 	 */
 	txgbe_dev_link_update(dev, 0);
 
+	/* setup the macsec ctrl register */
+	if (macsec_setting->offload_en)
+		txgbe_dev_macsec_register_enable(dev, macsec_setting);
+
 	wr32m(hw, TXGBE_LEDCTL, 0xFFFFFFFF, TXGBE_LEDCTL_ORD_MASK);
 
 	txgbe_read_stats_registers(hw, hw_stats);
@@ -5142,6 +5150,85 @@  txgbe_clear_all_l2_tn_filter(struct rte_eth_dev *dev)
 	return 0;
 }
 
+void
+txgbe_dev_macsec_setting_reset(struct rte_eth_dev *dev)
+{
+	struct txgbe_macsec_setting *macsec = TXGBE_DEV_MACSEC_SETTING(dev);
+
+	macsec->offload_en = 0;
+	macsec->encrypt_en = 0;
+	macsec->replayprotect_en = 0;
+}
+
+void
+txgbe_dev_macsec_register_enable(struct rte_eth_dev *dev,
+				struct txgbe_macsec_setting *macsec_setting)
+{
+	struct txgbe_hw *hw = TXGBE_DEV_HW(dev);
+	uint32_t ctrl;
+	uint8_t en = macsec_setting->encrypt_en;
+	uint8_t rp = macsec_setting->replayprotect_en;
+
+	/**
+	 * Workaround:
+	 * As no txgbe_disable_sec_rx_path equivalent is
+	 * implemented for tx in the base code, and we are
+	 * not allowed to modify the base code in DPDK, so
+	 * just call the hand-written one directly for now.
+	 * The hardware support has been checked by
+	 * txgbe_disable_sec_rx_path().
+	 */
+	txgbe_disable_sec_tx_path(hw);
+
+	/* Enable Ethernet CRC (required by MACsec offload) */
+	ctrl = rd32(hw, TXGBE_SECRXCTL);
+	ctrl |= TXGBE_SECRXCTL_CRCSTRIP;
+	wr32(hw, TXGBE_SECRXCTL, ctrl);
+
+	/* Enable the TX and RX crypto engines */
+	ctrl = rd32(hw, TXGBE_SECTXCTL);
+	ctrl &= ~TXGBE_SECTXCTL_XDSA;
+	wr32(hw, TXGBE_SECTXCTL, ctrl);
+
+	ctrl = rd32(hw, TXGBE_SECRXCTL);
+	ctrl &= ~TXGBE_SECRXCTL_XDSA;
+	wr32(hw, TXGBE_SECRXCTL, ctrl);
+
+	ctrl = rd32(hw, TXGBE_SECTXIFG);
+	ctrl &= ~TXGBE_SECTXIFG_MIN_MASK;
+	ctrl |= TXGBE_SECTXIFG_MIN(0x3);
+	wr32(hw, TXGBE_SECTXIFG, ctrl);
+
+	/* Enable SA lookup */
+	ctrl = rd32(hw, TXGBE_LSECTXCTL);
+	ctrl &= ~TXGBE_LSECTXCTL_MODE_MASK;
+	ctrl |= en ? TXGBE_LSECTXCTL_MODE_AENC : TXGBE_LSECTXCTL_MODE_AUTH;
+	ctrl &= ~TXGBE_LSECTXCTL_PNTRH_MASK;
+	ctrl |= TXGBE_LSECTXCTL_PNTRH(TXGBE_MACSEC_PNTHRSH);
+	wr32(hw, TXGBE_LSECTXCTL, ctrl);
+
+	ctrl = rd32(hw, TXGBE_LSECRXCTL);
+	ctrl &= ~TXGBE_LSECRXCTL_MODE_MASK;
+	ctrl |= TXGBE_LSECRXCTL_MODE_STRICT;
+	ctrl &= ~TXGBE_LSECRXCTL_POSTHDR;
+	if (rp)
+		ctrl |= TXGBE_LSECRXCTL_REPLAY;
+	else
+		ctrl &= ~TXGBE_LSECRXCTL_REPLAY;
+	wr32(hw, TXGBE_LSECRXCTL, ctrl);
+
+	/* Start the data paths */
+	txgbe_enable_sec_rx_path(hw);
+	/**
+	 * Workaround:
+	 * As no txgbe_enable_sec_rx_path equivalent is
+	 * implemented for tx in the base code, and we are
+	 * not allowed to modify the base code in DPDK, so
+	 * just call the hand-written one directly for now.
+	 */
+	txgbe_enable_sec_tx_path(hw);
+}
+
 static const struct eth_dev_ops txgbe_eth_dev_ops = {
 	.dev_configure              = txgbe_dev_configure,
 	.dev_infos_get              = txgbe_dev_info_get,
diff --git a/drivers/net/txgbe/txgbe_ethdev.h b/drivers/net/txgbe/txgbe_ethdev.h
index 5f988eead..73e3fe8da 100644
--- a/drivers/net/txgbe/txgbe_ethdev.h
+++ b/drivers/net/txgbe/txgbe_ethdev.h
@@ -62,6 +62,8 @@ 
 #define TXGBE_MISC_VEC_ID               RTE_INTR_VEC_ZERO_OFFSET
 #define TXGBE_RX_VEC_START              RTE_INTR_VEC_RXTX_OFFSET
 
+#define TXGBE_MACSEC_PNTHRSH            0xFFFFFE00
+
 #define TXGBE_MAX_FDIR_FILTER_NUM       (1024 * 32)
 #define TXGBE_MAX_L2_TN_FILTER_NUM      128
 
@@ -270,6 +272,12 @@  struct rte_flow {
 	void *rule;
 };
 
+struct txgbe_macsec_setting {
+	uint8_t offload_en;
+	uint8_t encrypt_en;
+	uint8_t replayprotect_en;
+};
+
 /* The configuration of bandwidth */
 struct txgbe_bw_conf {
 	uint8_t tc_num; /* Number of TCs. */
@@ -343,6 +351,7 @@  struct txgbe_tm_conf {
 struct txgbe_adapter {
 	struct txgbe_hw             hw;
 	struct txgbe_hw_stats       stats;
+	struct txgbe_macsec_setting macsec_setting;
 	struct txgbe_hw_fdir_info   fdir;
 	struct txgbe_interrupt      intr;
 	struct txgbe_stat_mappings  stat_mappings;
@@ -374,6 +383,9 @@  struct txgbe_adapter {
 #define TXGBE_DEV_STATS(dev) \
 	(&((struct txgbe_adapter *)(dev)->data->dev_private)->stats)
 
+#define TXGBE_DEV_MACSEC_SETTING(dev) \
+	(&((struct txgbe_adapter *)(dev)->data->dev_private)->macsec_setting)
+
 #define TXGBE_DEV_INTR(dev) \
 	(&((struct txgbe_adapter *)(dev)->data->dev_private)->intr)
 
@@ -578,6 +590,11 @@  int txgbe_action_rss_same(const struct rte_flow_action_rss *comp,
 int txgbe_config_rss_filter(struct rte_eth_dev *dev,
 		struct txgbe_rte_flow_rss_conf *conf, bool add);
 
+void txgbe_dev_macsec_register_enable(struct rte_eth_dev *dev,
+		struct txgbe_macsec_setting *macsec_setting);
+
+void txgbe_dev_macsec_setting_reset(struct rte_eth_dev *dev);
+
 static inline int
 txgbe_ethertype_filter_lookup(struct txgbe_filter_info *filter_info,
 			      uint16_t ethertype)
diff --git a/drivers/net/txgbe/txgbe_rxtx.c b/drivers/net/txgbe/txgbe_rxtx.c
index 209660656..857feba9b 100644
--- a/drivers/net/txgbe/txgbe_rxtx.c
+++ b/drivers/net/txgbe/txgbe_rxtx.c
@@ -56,6 +56,9 @@  static const u64 TXGBE_TX_OFFLOAD_MASK = (PKT_TX_IP_CKSUM |
 		PKT_TX_L4_MASK |
 		PKT_TX_TCP_SEG |
 		PKT_TX_TUNNEL_MASK |
+#ifdef RTE_LIBRTE_MACSEC
+		PKT_TX_MACSEC |
+#endif
 		PKT_TX_OUTER_IP_CKSUM |
 		TXGBE_TX_IEEE1588_TMST);