From: Igor Russkikh <Igor.Russkikh@aquantia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: Pavel Belous <Pavel.Belous@aquantia.com>,
Wenzhuo Lu <wenzhuo.lu@intel.com>,
Jingjing Wu <jingjing.wu@intel.com>,
Bernard Iremonger <bernard.iremonger@intel.com>,
John McNamara <john.mcnamara@intel.com>,
Marko Kovacevic <marko.kovacevic@intel.com>,
Konstantin Ananyev <konstantin.ananyev@intel.com>,
Thomas Monjalon <thomas@monjalon.net>,
Ferruh Yigit <ferruh.yigit@intel.com>,
Andrew Rybchenko <arybchenko@solarflare.com>,
Igor Russkikh <Igor.Russkikh@aquantia.com>
Subject: [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration
Date: Wed, 10 Apr 2019 11:18:53 +0000 [thread overview]
Message-ID: <478e2875b86b3b097d152ac6a72fca6bc49e4aff.1554894242.git.igor.russkikh@aquantia.com> (raw)
Message-ID: <20190410111853.U_5f7xuXlGKx2IA3f0XXh4kfAntKDT_zyWUc4x1_NyY@z> (raw)
In-Reply-To: <cover.1554894242.git.igor.russkikh@aquantia.com>
From: Pavel Belous <pavel.belous@aquantia.com>
Here we define hardware and software configuration structures
for macsec interface. MACSEC itself is implemented in Phy module,
but its configuration is done via firmware interface
Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
drivers/net/atlantic/atl_types.h | 37 ++++++
drivers/net/atlantic/hw_atl/hw_atl_utils.h | 148 +++++++++++++++++++++
2 files changed, 185 insertions(+)
diff --git a/drivers/net/atlantic/atl_types.h b/drivers/net/atlantic/atl_types.h
index 3edaf0c7c047..3cc9e96089e8 100644
--- a/drivers/net/atlantic/atl_types.h
+++ b/drivers/net/atlantic/atl_types.h
@@ -59,6 +59,39 @@ struct aq_rss_parameters {
u8 indirection_table[HW_ATL_B0_RSS_REDIRECTION_MAX];
};
+/* Macsec stuff */
+struct aq_macsec_config {
+ struct {
+ u32 macsec_enabled;
+ u32 encryption_enabled;
+ u32 replay_protection_enabled;
+ } common;
+
+ struct {
+ u32 idx;
+ u32 mac[2]; /* 6 bytes */
+ } txsc;
+
+ struct {
+ u32 idx;
+ u32 an; /* association number on the local side */
+ u32 pn; /* packet number on the local side */
+ u32 key[4]; /* 128 bit key */
+ } txsa;
+
+ struct {
+ u32 mac[2]; /* 6 bytes */
+ u32 pi;
+ } rxsc;
+
+ struct {
+ u32 idx;
+ u32 an; /* association number on the remote side */
+ u32 pn; /* packet number on the remote side */
+ u32 key[4]; /* 128 bit key */
+ } rxsa;
+};
+
struct aq_hw_cfg_s {
bool is_lro;
bool is_rss;
@@ -75,6 +108,7 @@ struct aq_hw_cfg_s {
uint32_t flow_control;
struct aq_rss_parameters aq_rss;
+ struct aq_macsec_config aq_macsec;
};
struct aq_hw_s {
@@ -143,6 +177,9 @@ struct aq_fw_ops {
int (*set_eeprom)(struct aq_hw_s *self, int dev_addr,
u32 *data, u32 len);
+ int (*send_macsec_req)(struct aq_hw_s *self,
+ struct macsec_msg_fw_request *req,
+ struct macsec_msg_fw_response *response);
};
struct atl_sw_stats {
diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils.h b/drivers/net/atlantic/hw_atl/hw_atl_utils.h
index f2a87826c0d1..b7c531573623 100644
--- a/drivers/net/atlantic/hw_atl/hw_atl_utils.h
+++ b/drivers/net/atlantic/hw_atl/hw_atl_utils.h
@@ -351,6 +351,154 @@ struct smbus_write_request {
u32 length;
} __attribute__((__packed__));
+enum macsec_msg_type {
+ macsec_cfg_msg = 0,
+ macsec_add_rx_sc_msg,
+ macsec_add_tx_sc_msg,
+ macsec_add_rx_sa_msg,
+ macsec_add_tx_sa_msg,
+ macsec_get_stats_msg,
+};
+
+struct macsec_cfg {
+ uint32_t enabled;
+ uint32_t egress_threshold;
+ uint32_t ingress_threshold;
+ uint32_t interrupts_enabled;
+} __attribute__((__packed__));
+
+struct add_rx_sc {
+ uint32_t index;
+ uint32_t pi; /* Port identifier */
+ uint32_t sci[2]; /* Secure Channel identifier */
+ uint32_t sci_mask; /* 1: enable comparison of SCI, 0: don't care */
+ uint32_t tci;
+ uint32_t tci_mask;
+ uint32_t mac_sa[2];
+ uint32_t sa_mask; /* 0: ignore mac_sa */
+ uint32_t mac_da[2];
+ uint32_t da_mask; /* 0: ignore mac_da */
+ uint32_t validate_frames; /* 0: strict, 1:check, 2:disabled */
+ uint32_t replay_protect; /* 1: enabled, 0:disabled */
+ uint32_t anti_replay_window; /* default 0 */
+ /* 1: auto_rollover enabled (when SA next_pn is saturated */
+ uint32_t an_rol;
+} __attribute__((__packed__));
+
+struct add_tx_sc {
+ uint32_t index;
+ uint32_t pi; /* Port identifier */
+ uint32_t sci[2]; /* Secure Channel identifier */
+ uint32_t sci_mask; /* 1: enable comparison of SCI, 0: don't care */
+ uint32_t tci; /* TCI value, used if packet is not explicitly tagged */
+ uint32_t tci_mask;
+ uint32_t mac_sa[2];
+ uint32_t sa_mask; /* 0: ignore mac_sa */
+ uint32_t mac_da[2];
+ uint32_t da_mask; /* 0: ignore mac_da */
+ uint32_t protect;
+ uint32_t curr_an; /* SA index which currently used */
+} __attribute__((__packed__));
+
+struct add_rx_sa {
+ uint32_t index;
+ uint32_t next_pn;
+ uint32_t key[4]; /* 128 bit key */
+} __attribute__((__packed__));
+
+struct add_tx_sa {
+ uint32_t index;
+ uint32_t next_pn;
+ uint32_t key[4]; /* 128 bit key */
+} __attribute__((__packed__));
+
+struct get_stats {
+ uint32_t version_only;
+ uint32_t ingress_sa_index;
+ uint32_t egress_sa_index;
+ uint32_t egress_sc_index;
+} __attribute__((__packed__));
+
+struct macsec_stats {
+ uint32_t api_version;
+ /* Ingress Common Counters */
+ uint64_t in_ctl_pkts;
+ uint64_t in_tagged_miss_pkts;
+ uint64_t in_untagged_miss_pkts;
+ uint64_t in_notag_pkts;
+ uint64_t in_untagged_pkts;
+ uint64_t in_bad_tag_pkts;
+ uint64_t in_no_sci_pkts;
+ uint64_t in_unknown_sci_pkts;
+ uint64_t in_ctrl_prt_pass_pkts;
+ uint64_t in_unctrl_prt_pass_pkts;
+ uint64_t in_ctrl_prt_fail_pkts;
+ uint64_t in_unctrl_prt_fail_pkts;
+ uint64_t in_too_long_pkts;
+ uint64_t in_igpoc_ctl_pkts;
+ uint64_t in_ecc_error_pkts;
+ uint64_t in_unctrl_hit_drop_redir;
+
+ /* Egress Common Counters */
+ uint64_t out_ctl_pkts;
+ uint64_t out_unknown_sa_pkts;
+ uint64_t out_untagged_pkts;
+ uint64_t out_too_long;
+ uint64_t out_ecc_error_pkts;
+ uint64_t out_unctrl_hit_drop_redir;
+
+ /* Ingress SA Counters */
+ uint64_t in_untagged_hit_pkts;
+ uint64_t in_ctrl_hit_drop_redir_pkts;
+ uint64_t in_not_using_sa;
+ uint64_t in_unused_sa;
+ uint64_t in_not_valid_pkts;
+ uint64_t in_invalid_pkts;
+ uint64_t in_ok_pkts;
+ uint64_t in_late_pkts;
+ uint64_t in_delayed_pkts;
+ uint64_t in_unchecked_pkts;
+ uint64_t in_validated_octets;
+ uint64_t in_decrypted_octets;
+
+ /* Egress SA Counters */
+ uint64_t out_sa_hit_drop_redirect;
+ uint64_t out_sa_protected2_pkts;
+ uint64_t out_sa_protected_pkts;
+ uint64_t out_sa_encrypted_pkts;
+
+ /* Egress SC Counters */
+ uint64_t out_sc_protected_pkts;
+ uint64_t out_sc_encrypted_pkts;
+ uint64_t out_sc_protected_octets;
+ uint64_t out_sc_encrypted_octets;
+
+ /* SA Counters expiration info */
+ uint32_t egress_threshold_expired;
+ uint32_t ingress_threshold_expired;
+ uint32_t egress_expired;
+ uint32_t ingress_expired;
+} __attribute__((__packed__));
+
+struct macsec_msg_fw_request {
+ uint32_t offset; /* not used */
+ uint32_t msg_type;
+
+ union {
+ struct macsec_cfg cfg;
+ struct add_rx_sc rxsc;
+ struct add_tx_sc txsc;
+ struct add_rx_sa rxsa;
+ struct add_tx_sa txsa;
+ struct get_stats stats;
+ };
+} __attribute__((__packed__));
+
+struct macsec_msg_fw_response {
+ uint32_t result;
+ struct macsec_stats stats;
+} __attribute__((__packed__));
+
#define HAL_ATLANTIC_UTILS_CHIP_MIPS 0x00000001U
#define HAL_ATLANTIC_UTILS_CHIP_TPO2 0x00000002U
#define HAL_ATLANTIC_UTILS_CHIP_RPF2 0x00000004U
--
2.17.1
next prev parent reply other threads:[~2019-04-10 11:19 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:46 ` Thomas Monjalon
2019-04-10 11:46 ` Thomas Monjalon
2019-04-11 12:37 ` Igor Russkikh
2019-04-11 12:37 ` Igor Russkikh
2019-04-11 21:15 ` Thomas Monjalon
2019-04-11 21:15 ` Thomas Monjalon
2019-04-12 8:50 ` Igor Russkikh
2019-04-12 8:50 ` Igor Russkikh
2019-04-12 11:22 ` Thomas Monjalon
2019-04-12 11:22 ` Thomas Monjalon
2019-04-12 18:26 ` Ferruh Yigit
2019-04-12 18:26 ` Ferruh Yigit
2019-04-13 7:24 ` Igor Russkikh
2019-04-13 7:24 ` Igor Russkikh
2019-04-16 9:43 ` Ferruh Yigit
2019-04-16 9:43 ` Ferruh Yigit
2019-04-16 9:58 ` Andrew Rybchenko
2019-04-16 9:58 ` Andrew Rybchenko
2019-04-16 10:11 ` Thomas Monjalon
2019-04-16 10:11 ` Thomas Monjalon
2019-04-16 10:19 ` Igor Russkikh
2019-04-16 10:19 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:50 ` Thomas Monjalon
2019-04-10 11:50 ` Thomas Monjalon
2019-04-10 11:18 ` [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh [this message]
2019-04-10 11:18 ` [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 06/10] net/atlantic: macsec firmware interface Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:47 ` Thomas Monjalon
2019-04-10 11:47 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=478e2875b86b3b097d152ac6a72fca6bc49e4aff.1554894242.git.igor.russkikh@aquantia.com \
--to=igor.russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=arybchenko@solarflare.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=jingjing.wu@intel.com \
--cc=john.mcnamara@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=marko.kovacevic@intel.com \
--cc=thomas@monjalon.net \
--cc=wenzhuo.lu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).