From: Igor Russkikh <Igor.Russkikh@aquantia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: Pavel Belous <Pavel.Belous@aquantia.com>,
Wenzhuo Lu <wenzhuo.lu@intel.com>,
Jingjing Wu <jingjing.wu@intel.com>,
Bernard Iremonger <bernard.iremonger@intel.com>,
John McNamara <john.mcnamara@intel.com>,
Marko Kovacevic <marko.kovacevic@intel.com>,
Konstantin Ananyev <konstantin.ananyev@intel.com>,
Thomas Monjalon <thomas@monjalon.net>,
Ferruh Yigit <ferruh.yigit@intel.com>,
Andrew Rybchenko <arybchenko@solarflare.com>,
Igor Russkikh <Igor.Russkikh@aquantia.com>
Subject: [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code
Date: Wed, 10 Apr 2019 11:18:57 +0000 [thread overview]
Message-ID: <9ac2dcf2607b5eafff3e08d54e5236b12900ed38.1554894242.git.igor.russkikh@aquantia.com> (raw)
Message-ID: <20190410111857.Rfq_IYLcNwGKWhAl2LPUmT6wto5-TJkEgi6n6LyY0V4@z> (raw)
In-Reply-To: <cover.1554894242.git.igor.russkikh@aquantia.com>
From: Pavel Belous <pavel.belous@aquantia.com>
This is a driver side of macsec configuration routines.
It fills in config structures and sends requests to FW
for configuration activities.
We also declare macsec offload bits in DPDK offload capabilities
Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
drivers/net/atlantic/atl_ethdev.c | 220 ++++++++++++++++++++++++++++++
1 file changed, 220 insertions(+)
diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 8327863cd9b6..502ef5308b4d 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -122,6 +122,18 @@ static int eth_atl_pci_remove(struct rte_pci_device *pci_dev);
static void atl_dev_info_get(struct rte_eth_dev *dev,
struct rte_eth_dev_info *dev_info);
+static int atl_macsec_enable(struct rte_eth_dev *dev, uint8_t encr,
+ uint8_t repl_prot);
+static int atl_macsec_disable(struct rte_eth_dev *dev);
+static int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+static int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi);
+static int atl_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+ uint8_t an, uint32_t pn, uint8_t *key);
+
+static int atl_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+ uint8_t an, uint32_t pn, uint8_t *key);
+
int atl_logtype_init;
int atl_logtype_driver;
@@ -167,6 +179,7 @@ static struct rte_pci_driver rte_atl_pmd = {
| DEV_RX_OFFLOAD_UDP_CKSUM \
| DEV_RX_OFFLOAD_TCP_CKSUM \
| DEV_RX_OFFLOAD_JUMBO_FRAME \
+ | DEV_RX_OFFLOAD_MACSEC_STRIP \
| DEV_RX_OFFLOAD_VLAN_FILTER)
#define ATL_TX_OFFLOADS (DEV_TX_OFFLOAD_VLAN_INSERT \
@@ -174,6 +187,7 @@ static struct rte_pci_driver rte_atl_pmd = {
| DEV_TX_OFFLOAD_UDP_CKSUM \
| DEV_TX_OFFLOAD_TCP_CKSUM \
| DEV_TX_OFFLOAD_TCP_TSO \
+ | DEV_TX_OFFLOAD_MACSEC_INSERT \
| DEV_TX_OFFLOAD_MULTI_SEGS)
static const struct rte_eth_desc_lim rx_desc_lim = {
@@ -295,6 +309,13 @@ static const struct eth_dev_ops atl_eth_dev_ops = {
.reta_query = atl_reta_query,
.rss_hash_update = atl_rss_hash_update,
.rss_hash_conf_get = atl_rss_hash_conf_get,
+
+ .macsec_enable = atl_macsec_enable,
+ .macsec_disable = atl_macsec_disable,
+ .macsec_config_rxsc = atl_macsec_config_rxsc,
+ .macsec_config_txsc = atl_macsec_config_txsc,
+ .macsec_select_rxsa = atl_macsec_select_rxsa,
+ .macsec_select_txsa = atl_macsec_select_txsa,
};
static inline int32_t
@@ -698,6 +719,205 @@ atl_dev_reset(struct rte_eth_dev *dev)
return ret;
}
+static int
+atl_dev_configure_macsec(struct rte_eth_dev *dev)
+{
+ struct aq_hw_s *hw = ATL_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct aq_hw_cfg_s *cf = ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+ struct aq_macsec_config *aqcfg = &cf->aq_macsec;
+ struct macsec_msg_fw_request msg_macsec;
+ struct macsec_msg_fw_response response;
+
+ if (!aqcfg->common.macsec_enabled ||
+ hw->aq_fw_ops->send_macsec_req == NULL)
+ return 0;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Creating set of sc/sa structures from parameters provided by DPDK */
+
+ /* Configure macsec */
+ msg_macsec.msg_type = macsec_cfg_msg;
+ msg_macsec.cfg.enabled = aqcfg->common.macsec_enabled;
+ msg_macsec.cfg.interrupts_enabled = 1;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure TX SC */
+
+ msg_macsec.msg_type = macsec_add_tx_sc_msg;
+ msg_macsec.txsc.index = 0; /* TXSC always one (??) */
+ msg_macsec.txsc.protect = aqcfg->common.encryption_enabled;
+
+ /* MAC addr for TX */
+ msg_macsec.txsc.mac_sa[0] = rte_bswap32(aqcfg->txsc.mac[1]);
+ msg_macsec.txsc.mac_sa[1] = rte_bswap32(aqcfg->txsc.mac[0]);
+ msg_macsec.txsc.sa_mask = 0x3f;
+
+ msg_macsec.txsc.da_mask = 0;
+ msg_macsec.txsc.tci = 0x0B;
+ msg_macsec.txsc.curr_an = 0; /* SA index which currently used */
+
+ /*
+ * Creating SCI (Secure Channel Identifier).
+ * SCI constructed from Source MAC and Port identifier
+ */
+ uint32_t sci_hi_part = (msg_macsec.txsc.mac_sa[1] << 16) |
+ (msg_macsec.txsc.mac_sa[0] >> 16);
+ uint32_t sci_low_part = (msg_macsec.txsc.mac_sa[0] << 16);
+
+ uint32_t port_identifier = 1;
+
+ msg_macsec.txsc.sci[1] = sci_hi_part;
+ msg_macsec.txsc.sci[0] = sci_low_part | port_identifier;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SC */
+
+ msg_macsec.msg_type = macsec_add_rx_sc_msg;
+ msg_macsec.rxsc.index = aqcfg->rxsc.pi;
+ msg_macsec.rxsc.replay_protect =
+ aqcfg->common.replay_protection_enabled;
+ msg_macsec.rxsc.anti_replay_window = 0;
+
+ /* MAC addr for RX */
+ msg_macsec.rxsc.mac_da[0] = rte_bswap32(aqcfg->rxsc.mac[1]);
+ msg_macsec.rxsc.mac_da[1] = rte_bswap32(aqcfg->rxsc.mac[0]);
+ msg_macsec.rxsc.da_mask = 0;//0x3f;
+
+ msg_macsec.rxsc.sa_mask = 0;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SC */
+
+ msg_macsec.msg_type = macsec_add_tx_sa_msg;
+ msg_macsec.txsa.index = aqcfg->txsa.idx;
+ msg_macsec.txsa.next_pn = aqcfg->txsa.pn;
+
+ msg_macsec.txsa.key[0] = rte_bswap32(aqcfg->txsa.key[3]);
+ msg_macsec.txsa.key[1] = rte_bswap32(aqcfg->txsa.key[2]);
+ msg_macsec.txsa.key[2] = rte_bswap32(aqcfg->txsa.key[1]);
+ msg_macsec.txsa.key[3] = rte_bswap32(aqcfg->txsa.key[0]);
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SA */
+
+ msg_macsec.msg_type = macsec_add_rx_sa_msg;
+ msg_macsec.rxsa.index = aqcfg->rxsa.idx;
+ msg_macsec.rxsa.next_pn = aqcfg->rxsa.pn;
+
+ msg_macsec.rxsa.key[0] = rte_bswap32(aqcfg->rxsa.key[3]);
+ msg_macsec.rxsa.key[1] = rte_bswap32(aqcfg->rxsa.key[2]);
+ msg_macsec.rxsa.key[2] = rte_bswap32(aqcfg->rxsa.key[1]);
+ msg_macsec.rxsa.key[3] = rte_bswap32(aqcfg->rxsa.key[0]);
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ return 0;
+}
+
+static int atl_macsec_enable(struct rte_eth_dev *dev,
+ uint8_t encr, uint8_t repl_prot)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.common.macsec_enabled = 1;
+ cfg->aq_macsec.common.encryption_enabled = encr;
+ cfg->aq_macsec.common.replay_protection_enabled = repl_prot;
+
+ return 0;
+}
+
+static int atl_macsec_disable(struct rte_eth_dev *dev)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.common.macsec_enabled = 0;
+
+ return 0;
+}
+
+static int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ memset(&cfg->aq_macsec.txsc.mac, 0, sizeof(cfg->aq_macsec.txsc.mac));
+ memcpy((uint8_t *)&cfg->aq_macsec.txsc.mac + 2, mac, ETHER_ADDR_LEN);
+
+ return 0;
+}
+
+static int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ memset(&cfg->aq_macsec.rxsc.mac, 0, sizeof(cfg->aq_macsec.rxsc.mac));
+ memcpy((uint8_t *)&cfg->aq_macsec.rxsc.mac + 2, mac, ETHER_ADDR_LEN);
+ cfg->aq_macsec.rxsc.pi = pi;
+
+ return 0;
+}
+
+static int atl_macsec_select_txsa(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.txsa.idx = idx;
+ cfg->aq_macsec.txsa.pn = pn;
+ cfg->aq_macsec.txsa.an = an;
+
+ memcpy(&cfg->aq_macsec.txsa.key, key, 16);
+ return 0;
+}
+
+static int atl_macsec_select_rxsa(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.rxsa.idx = idx;
+ cfg->aq_macsec.rxsa.pn = pn;
+ cfg->aq_macsec.rxsa.an = an;
+
+ memcpy(&cfg->aq_macsec.rxsa.key, key, 16);
+ return 0;
+}
static int
atl_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats *stats)
--
2.17.1
next prev parent reply other threads:[~2019-04-10 11:19 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:46 ` Thomas Monjalon
2019-04-10 11:46 ` Thomas Monjalon
2019-04-11 12:37 ` Igor Russkikh
2019-04-11 12:37 ` Igor Russkikh
2019-04-11 21:15 ` Thomas Monjalon
2019-04-11 21:15 ` Thomas Monjalon
2019-04-12 8:50 ` Igor Russkikh
2019-04-12 8:50 ` Igor Russkikh
2019-04-12 11:22 ` Thomas Monjalon
2019-04-12 11:22 ` Thomas Monjalon
2019-04-12 18:26 ` Ferruh Yigit
2019-04-12 18:26 ` Ferruh Yigit
2019-04-13 7:24 ` Igor Russkikh
2019-04-13 7:24 ` Igor Russkikh
2019-04-16 9:43 ` Ferruh Yigit
2019-04-16 9:43 ` Ferruh Yigit
2019-04-16 9:58 ` Andrew Rybchenko
2019-04-16 9:58 ` Andrew Rybchenko
2019-04-16 10:11 ` Thomas Monjalon
2019-04-16 10:11 ` Thomas Monjalon
2019-04-16 10:19 ` Igor Russkikh
2019-04-16 10:19 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:50 ` Thomas Monjalon
2019-04-10 11:50 ` Thomas Monjalon
2019-04-10 11:18 ` [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh [this message]
2019-04-10 11:18 ` [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 06/10] net/atlantic: macsec firmware interface Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:47 ` Thomas Monjalon
2019-04-10 11:47 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9ac2dcf2607b5eafff3e08d54e5236b12900ed38.1554894242.git.igor.russkikh@aquantia.com \
--to=igor.russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=arybchenko@solarflare.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=jingjing.wu@intel.com \
--cc=john.mcnamara@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=marko.kovacevic@intel.com \
--cc=thomas@monjalon.net \
--cc=wenzhuo.lu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).