From: Jiawen Wu <jiawenwu@trustnetic.com>
To: dev@dpdk.org
Cc: Jiawen Wu <jiawenwu@trustnetic.com>
Subject: [dpdk-dev] [PATCH v3 31/33] net/txgbe: destroy security session
Date: Fri, 18 Dec 2020 17:37:00 +0800 [thread overview]
Message-ID: <20201218093702.3651867-32-jiawenwu@trustnetic.com> (raw)
In-Reply-To: <20201218093702.3651867-1-jiawenwu@trustnetic.com>
Add support to clear a security session's private data,
get the size of a security session,
add update the mbuf with provided metadata.
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
---
drivers/net/txgbe/txgbe_ipsec.c | 167 ++++++++++++++++++++++++++++++++
drivers/net/txgbe/txgbe_ipsec.h | 15 +++
2 files changed, 182 insertions(+)
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index 24dd09191..ebf23493e 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -196,6 +196,106 @@ txgbe_crypto_add_sa(struct txgbe_crypto_session *ic_session)
return 0;
}
+static int
+txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
+ struct txgbe_crypto_session *ic_session)
+{
+ struct txgbe_hw *hw = TXGBE_DEV_HW(dev);
+ struct txgbe_ipsec *priv = TXGBE_DEV_IPSEC(dev);
+ uint32_t reg_val;
+ int sa_index = -1;
+
+ if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
+ int i, ip_index = -1;
+
+ /* Find a match in the IP table*/
+ for (i = 0; i < IPSEC_MAX_RX_IP_COUNT; i++) {
+ if (CMP_IP(priv->rx_ip_tbl[i].ip, ic_session->dst_ip)) {
+ ip_index = i;
+ break;
+ }
+ }
+
+ /* Fail if no match*/
+ if (ip_index < 0) {
+ PMD_DRV_LOG(ERR,
+ "Entry not found in the Rx IP table\n");
+ return -1;
+ }
+
+ /* Find a free entry in the SA table*/
+ for (i = 0; i < IPSEC_MAX_SA_COUNT; i++) {
+ if (priv->rx_sa_tbl[i].spi ==
+ rte_cpu_to_be_32(ic_session->spi)) {
+ sa_index = i;
+ break;
+ }
+ }
+ /* Fail if no match*/
+ if (sa_index < 0) {
+ PMD_DRV_LOG(ERR,
+ "Entry not found in the Rx SA table\n");
+ return -1;
+ }
+
+ /* Disable and clear Rx SPI and key table entryes*/
+ reg_val = TXGBE_IPSRXIDX_WRITE |
+ TXGBE_IPSRXIDX_TB_SPI | (sa_index << 3);
+ wr32(hw, TXGBE_IPSRXSPI, 0);
+ wr32(hw, TXGBE_IPSRXADDRIDX, 0);
+ wr32w(hw, TXGBE_IPSRXIDX, reg_val, TXGBE_IPSRXIDX_WRITE, 1000);
+ reg_val = TXGBE_IPSRXIDX_WRITE |
+ TXGBE_IPSRXIDX_TB_KEY | (sa_index << 3);
+ wr32(hw, TXGBE_IPSRXKEY(0), 0);
+ wr32(hw, TXGBE_IPSRXKEY(1), 0);
+ wr32(hw, TXGBE_IPSRXKEY(2), 0);
+ wr32(hw, TXGBE_IPSRXKEY(3), 0);
+ wr32(hw, TXGBE_IPSRXSALT, 0);
+ wr32(hw, TXGBE_IPSRXMODE, 0);
+ wr32w(hw, TXGBE_IPSRXIDX, reg_val, TXGBE_IPSRXIDX_WRITE, 1000);
+ priv->rx_sa_tbl[sa_index].used = 0;
+
+ /* If last used then clear the IP table entry*/
+ priv->rx_ip_tbl[ip_index].ref_count--;
+ if (priv->rx_ip_tbl[ip_index].ref_count == 0) {
+ reg_val = TXGBE_IPSRXIDX_WRITE | TXGBE_IPSRXIDX_TB_IP |
+ (ip_index << 3);
+ wr32(hw, TXGBE_IPSRXADDR(0), 0);
+ wr32(hw, TXGBE_IPSRXADDR(1), 0);
+ wr32(hw, TXGBE_IPSRXADDR(2), 0);
+ wr32(hw, TXGBE_IPSRXADDR(3), 0);
+ }
+ } else { /* session->dir == RTE_CRYPTO_OUTBOUND */
+ int i;
+
+ /* Find a match in the SA table*/
+ for (i = 0; i < IPSEC_MAX_SA_COUNT; i++) {
+ if (priv->tx_sa_tbl[i].spi ==
+ rte_cpu_to_be_32(ic_session->spi)) {
+ sa_index = i;
+ break;
+ }
+ }
+ /* Fail if no match entries*/
+ if (sa_index < 0) {
+ PMD_DRV_LOG(ERR,
+ "Entry not found in the Tx SA table\n");
+ return -1;
+ }
+ reg_val = TXGBE_IPSRXIDX_WRITE | (sa_index << 3);
+ wr32(hw, TXGBE_IPSTXKEY(0), 0);
+ wr32(hw, TXGBE_IPSTXKEY(1), 0);
+ wr32(hw, TXGBE_IPSTXKEY(2), 0);
+ wr32(hw, TXGBE_IPSTXKEY(3), 0);
+ wr32(hw, TXGBE_IPSTXSALT, 0);
+ wr32w(hw, TXGBE_IPSTXIDX, reg_val, TXGBE_IPSTXIDX_WRITE, 1000);
+
+ priv->tx_sa_tbl[sa_index].used = 0;
+ }
+
+ return 0;
+}
+
static int
txgbe_crypto_create_session(void *device,
struct rte_security_session_conf *conf,
@@ -259,6 +359,70 @@ txgbe_crypto_create_session(void *device,
return 0;
}
+static unsigned int
+txgbe_crypto_session_get_size(__rte_unused void *device)
+{
+ return sizeof(struct txgbe_crypto_session);
+}
+
+static int
+txgbe_crypto_remove_session(void *device,
+ struct rte_security_session *session)
+{
+ struct rte_eth_dev *eth_dev = device;
+ struct txgbe_crypto_session *ic_session =
+ (struct txgbe_crypto_session *)
+ get_sec_session_private_data(session);
+ struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+
+ if (eth_dev != ic_session->dev) {
+ PMD_DRV_LOG(ERR, "Session not bound to this device\n");
+ return -ENODEV;
+ }
+
+ if (txgbe_crypto_remove_sa(eth_dev, ic_session)) {
+ PMD_DRV_LOG(ERR, "Failed to remove session\n");
+ return -EFAULT;
+ }
+
+ rte_mempool_put(mempool, (void *)ic_session);
+
+ return 0;
+}
+
+static inline uint8_t
+txgbe_crypto_compute_pad_len(struct rte_mbuf *m)
+{
+ if (m->nb_segs == 1) {
+ /* 16 bytes ICV + 2 bytes ESP trailer + payload padding size
+ * payload padding size is stored at <pkt_len - 18>
+ */
+ uint8_t *esp_pad_len = rte_pktmbuf_mtod_offset(m, uint8_t *,
+ rte_pktmbuf_pkt_len(m) -
+ (ESP_TRAILER_SIZE + ESP_ICV_SIZE));
+ return *esp_pad_len + ESP_TRAILER_SIZE + ESP_ICV_SIZE;
+ }
+ return 0;
+}
+
+static int
+txgbe_crypto_update_mb(void *device __rte_unused,
+ struct rte_security_session *session,
+ struct rte_mbuf *m, void *params __rte_unused)
+{
+ struct txgbe_crypto_session *ic_session =
+ get_sec_session_private_data(session);
+ if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
+ union txgbe_crypto_tx_desc_md *mdata =
+ (union txgbe_crypto_tx_desc_md *)
+ rte_security_dynfield(m);
+ mdata->enc = 1;
+ mdata->sa_idx = ic_session->sa_index;
+ mdata->pad_len = txgbe_crypto_compute_pad_len(m);
+ }
+ return 0;
+}
+
static const struct rte_security_capability *
txgbe_crypto_capabilities_get(void *device __rte_unused)
{
@@ -387,6 +551,9 @@ txgbe_crypto_capabilities_get(void *device __rte_unused)
static struct rte_security_ops txgbe_security_ops = {
.session_create = txgbe_crypto_create_session,
+ .session_get_size = txgbe_crypto_session_get_size,
+ .session_destroy = txgbe_crypto_remove_session,
+ .set_pkt_metadata = txgbe_crypto_update_mb,
.capabilities_get = txgbe_crypto_capabilities_get
};
diff --git a/drivers/net/txgbe/txgbe_ipsec.h b/drivers/net/txgbe/txgbe_ipsec.h
index 2f0d813bc..9b88defbf 100644
--- a/drivers/net/txgbe/txgbe_ipsec.h
+++ b/drivers/net/txgbe/txgbe_ipsec.h
@@ -17,6 +17,9 @@
#define IPSEC_MAX_RX_IP_COUNT 128
#define IPSEC_MAX_SA_COUNT 1024
+#define ESP_ICV_SIZE 16
+#define ESP_TRAILER_SIZE 2
+
enum txgbe_operation {
TXGBE_OP_AUTHENTICATED_ENCRYPTION,
TXGBE_OP_AUTHENTICATED_DECRYPTION
@@ -68,6 +71,18 @@ struct txgbe_crypto_tx_sa_table {
uint8_t used;
};
+union txgbe_crypto_tx_desc_md {
+ uint64_t data;
+ struct {
+ /**< SA table index */
+ uint32_t sa_idx;
+ /**< ICV and ESP trailer length */
+ uint8_t pad_len;
+ /**< enable encryption */
+ uint8_t enc;
+ };
+};
+
struct txgbe_ipsec {
struct txgbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
struct txgbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
--
2.18.2
next prev parent reply other threads:[~2020-12-18 9:44 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-18 9:36 [dpdk-dev] [PATCH v3 00/33] net: add txgbe PMD part 2 Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 01/33] net/txgbe: add generic flow API Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 02/33] net/txgbe: add ntuple filter init and uninit Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 03/33] net/txgbe: support ntuple filter add and delete Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 04/33] net/txgbe: parse n-tuple filter Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 05/33] net/txgbe: support ethertype filter add and delete Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 06/33] net/txgbe: parse ethertype filter Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 07/33] net/txgbe: support syn filter add and delete Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 08/33] net/txgbe: parse syn filter Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 09/33] net/txgbe: add L2 tunnel filter init and uninit Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 10/33] net/txgbe: config L2 tunnel filter with e-tag Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 11/33] net/txgbe: support L2 tunnel filter add and delete Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 12/33] net/txgbe: parse L2 tunnel filter Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 13/33] net/txgbe: add flow director filter init and uninit Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 14/33] net/txgbe: configure flow director filter Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 15/33] net/txgbe: support flow director filter add and delete Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 16/33] net/txgbe: parse flow director filter Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 17/33] net/txgbe: restore RSS filter Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 18/33] net/txgbe: parse " Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 19/33] net/txgbe: support to create consistent filter Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 20/33] net/txgbe: support to destroy " Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 21/33] net/txgbe: flush all the filters Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 22/33] net/txgbe: support UDP tunnel port add and delete Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 23/33] net/txgbe: add TM configuration init and uninit Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 24/33] net/txgbe: add TM capabilities get operation Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 25/33] net/txgbe: support TM shaper profile add and delete Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 26/33] net/txgbe: support TM node " Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 27/33] net/txgbe: add TM hierarchy commit Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 28/33] net/txgbe: support to add traffic mirror rules Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 29/33] net/txgbe: add IPsec context creation Jiawen Wu
2020-12-18 9:36 ` [dpdk-dev] [PATCH v3 30/33] net/txgbe: add security session create operation Jiawen Wu
2020-12-18 9:37 ` Jiawen Wu [this message]
2020-12-18 9:37 ` [dpdk-dev] [PATCH v3 32/33] net/txgbe: add security offload in Rx and Tx process Jiawen Wu
2020-12-18 9:37 ` [dpdk-dev] [PATCH v3 33/33] net/txgbe: add security type in flow action Jiawen Wu
2021-01-13 6:15 ` [dpdk-dev] [PATCH v3 00/33] net: add txgbe PMD part 2 Jiawen Wu
2021-01-13 13:15 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201218093702.3651867-32-jiawenwu@trustnetic.com \
--to=jiawenwu@trustnetic.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).