* [dpdk-dev][PATCH 1/3] common/cnxk: add ROC support to parse cnxk custom sa action
@ 2022-04-22 4:38 kirankumark
2022-04-22 4:38 ` [dpdk-dev][PATCH 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: kirankumark @ 2022-04-22 4:38 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao; +Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding ROC Flow changes to parse custom SA action for cnxk device.
When custom sa action is enabled, VTAG actions are not allowed.
And custom SA index will be calculated based on SA_HI and SA_LO
values. This allows the potential for a MCAM entry to match
many SAs, rather than only match a single SA.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
drivers/common/cnxk/roc_nix.h | 1 +
drivers/common/cnxk/roc_nix_inl.c | 13 ++++---
drivers/common/cnxk/roc_npc.c | 58 +++++++++++++++++++++++++++++++
drivers/common/cnxk/roc_npc.h | 19 ++++++++++
4 files changed, 86 insertions(+), 5 deletions(-)
diff --git a/drivers/common/cnxk/roc_nix.h b/drivers/common/cnxk/roc_nix.h
index dbb816d961..7313cc4d36 100644
--- a/drivers/common/cnxk/roc_nix.h
+++ b/drivers/common/cnxk/roc_nix.h
@@ -405,6 +405,7 @@ struct roc_nix {
bool io_enabled;
bool rx_ptp_ena;
uint16_t cints;
+ bool custom_sa_action;
#define ROC_NIX_MEM_SZ (6 * 1024)
uint8_t reserved[ROC_NIX_MEM_SZ] __plt_cache_aligned;
diff --git a/drivers/common/cnxk/roc_nix_inl.c b/drivers/common/cnxk/roc_nix_inl.c
index 826c6e99c1..e14f8a1f32 100644
--- a/drivers/common/cnxk/roc_nix_inl.c
+++ b/drivers/common/cnxk/roc_nix_inl.c
@@ -217,6 +217,14 @@ roc_nix_inl_inb_sa_get(struct roc_nix *roc_nix, bool inb_inl_dev, uint32_t spi)
if (!sa_base)
return 0;
+ /* Get SA size */
+ sz = roc_nix_inl_inb_sa_sz(roc_nix, inb_inl_dev);
+ if (!sz)
+ return 0;
+
+ if (roc_nix->custom_sa_action)
+ return (sa_base + (spi * sz));
+
/* Check if SPI is in range */
mask = roc_nix_inl_inb_spi_range(roc_nix, inb_inl_dev, &min_spi,
&max_spi);
@@ -224,11 +232,6 @@ roc_nix_inl_inb_sa_get(struct roc_nix *roc_nix, bool inb_inl_dev, uint32_t spi)
plt_warn("Inbound SA SPI %u not in range (%u..%u)", spi,
min_spi, max_spi);
- /* Get SA size */
- sz = roc_nix_inl_inb_sa_sz(roc_nix, inb_inl_dev);
- if (!sz)
- return 0;
-
/* Basic logic of SPI->SA for now */
return (sa_base + ((spi & mask) * sz));
}
diff --git a/drivers/common/cnxk/roc_npc.c b/drivers/common/cnxk/roc_npc.c
index fc88fd58bc..784f63d92a 100644
--- a/drivers/common/cnxk/roc_npc.c
+++ b/drivers/common/cnxk/roc_npc.c
@@ -293,6 +293,48 @@ roc_npc_validate_portid_action(struct roc_npc *roc_npc_src,
return 0;
}
+static int
+npc_parse_msns_action(struct roc_npc *roc_npc, const struct roc_npc_action *act,
+ struct roc_npc_flow *flow, uint8_t *has_msns_action)
+{
+ const struct roc_npc_sec_action *sec_action;
+ union {
+ uint64_t reg;
+ union nix_rx_vtag_action_u act;
+ } vtag_act;
+
+ if (roc_npc->roc_nix->custom_sa_action == 0 ||
+ roc_model_is_cn9k() == 1 || act->conf == NULL)
+ return 0;
+
+ *has_msns_action = true;
+ sec_action = act->conf;
+
+ vtag_act.reg = 0;
+ vtag_act.act.sa_xor = sec_action->sa_xor;
+ vtag_act.act.sa_hi = sec_action->sa_hi;
+ vtag_act.act.sa_lo = sec_action->sa_lo;
+
+ switch (sec_action->alg) {
+ case ROC_NPC_SEC_ACTION_ALG0:
+ break;
+ case ROC_NPC_SEC_ACTION_ALG1:
+ vtag_act.act.vtag1_valid = false;
+ vtag_act.act.vtag1_lid = ROC_NPC_SEC_ACTION_ALG1;
+ break;
+ case ROC_NPC_SEC_ACTION_ALG2:
+ vtag_act.act.vtag1_valid = false;
+ vtag_act.act.vtag1_lid = ROC_NPC_SEC_ACTION_ALG2;
+ break;
+ default:
+ return -1;
+ }
+
+ flow->vtag_action = vtag_act.reg;
+
+ return 0;
+}
+
static int
npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
const struct roc_npc_action actions[],
@@ -305,11 +347,13 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
const struct roc_npc_action_queue *act_q;
const struct roc_npc_action_vf *vf_act;
bool vlan_insert_action = false;
+ uint8_t has_msns_act = 0;
int sel_act, req_act = 0;
uint16_t pf_func, vf_id;
int errcode = 0;
int mark = 0;
int rq = 0;
+ int rc = 0;
/* Initialize actions */
flow->ctr_id = NPC_COUNTER_NONE;
@@ -399,6 +443,12 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
rq = 0;
pf_func = nix_inl_dev_pffunc_get();
}
+ rc = npc_parse_msns_action(roc_npc, actions, flow,
+ &has_msns_act);
+ if (rc) {
+ errcode = NPC_ERR_ACTION_NOTSUP;
+ goto err_exit;
+ }
break;
case ROC_NPC_ACTION_TYPE_VLAN_STRIP:
req_act |= ROC_NPC_ACTION_TYPE_VLAN_STRIP;
@@ -438,6 +488,14 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
goto err_exit;
}
+ if (has_msns_act && (vlan_insert_action ||
+ (req_act & ROC_NPC_ACTION_TYPE_VLAN_STRIP))) {
+ plt_err("Both MSNS and VLAN insert/strip action can't be supported"
+ " together");
+ errcode = NPC_ERR_ACTION_NOTSUP;
+ goto err_exit;
+ }
+
/* Both STRIP and INSERT actions are not supported */
if (vlan_insert_action && (req_act & ROC_NPC_ACTION_TYPE_VLAN_STRIP)) {
errcode = NPC_ERR_ACTION_NOTSUP;
diff --git a/drivers/common/cnxk/roc_npc.h b/drivers/common/cnxk/roc_npc.h
index 6204139396..78cdf3a318 100644
--- a/drivers/common/cnxk/roc_npc.h
+++ b/drivers/common/cnxk/roc_npc.h
@@ -209,6 +209,25 @@ struct roc_npc_action_meter {
uint32_t mtr_id; /**< Meter id to be applied. > */
};
+enum roc_npc_sec_action_alg {
+ ROC_NPC_SEC_ACTION_ALG0,
+ ROC_NPC_SEC_ACTION_ALG1,
+ ROC_NPC_SEC_ACTION_ALG2,
+ ROC_NPC_SEC_ACTION_ALG3,
+};
+
+struct roc_npc_sec_action {
+ /* Used as lookup result for ALG3 */
+ uint32_t sa_index;
+ /* When true XOR initial SA_INDEX with SA_HI/SA_LO to get SA_MCAM */
+ bool sa_xor;
+ uint16_t sa_hi, sa_lo;
+ /* Determines alg to be applied post SA_MCAM computation with/without
+ * XOR
+ */
+ enum roc_npc_sec_action_alg alg;
+};
+
struct roc_npc_attr {
uint32_t priority; /**< Rule priority level within group. */
uint32_t ingress : 1; /**< Rule applies to ingress traffic. */
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev][PATCH 2/3] net/cnxk: add devargs support to parse custom SA action
2022-04-22 4:38 [dpdk-dev][PATCH 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
@ 2022-04-22 4:38 ` kirankumark
2022-04-22 4:38 ` [dpdk-dev][PATCH 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2 siblings, 0 replies; 12+ messages in thread
From: kirankumark @ 2022-04-22 4:38 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao; +Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding devargs support to parse custom sa action.
Devargs can be specified in the following way.
-a 0002:02:00.0,custom_sa_act=1
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
doc/guides/nics/cnxk.rst | 20 ++++++++++++++++++++
drivers/net/cnxk/cnxk_ethdev_devargs.c | 10 ++++++++--
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/doc/guides/nics/cnxk.rst b/doc/guides/nics/cnxk.rst
index 31c801fa04..e5087343ed 100644
--- a/doc/guides/nics/cnxk.rst
+++ b/doc/guides/nics/cnxk.rst
@@ -251,6 +251,26 @@ Runtime Config Options
With the above configuration, application can enable inline IPsec processing
for 128 outbound SAs.
+- ``Enable custom SA action`` (default ``0``)
+
+ Custom SA action can be enabled by specifying ``custom_sa_act`` ``devargs`` parameter.
+
+ For example::
+
+ -a 0002:02:00.0,custom_sa_act=1
+
+ With the above configuration, application can enable custom SA action. This
+ configuration allows the potential for a MCAM entry to match many SAs,
+ rather than only match a single SA.
+ For cnxk device sa_index will be calculated based on SPI value. So, it will
+ be 1 to 1 mapping. By enabling this devargs and setting a MCAM rule, will
+ allow application to configure the sa_index as part of session create. And
+ later original SPI value can be updated using session update.
+ For example, application can set sa_index as 0 using session create as SPI value
+ and later can update the original SPI value (for example 0x10000001) using
+ session update. And create a flow rule with security action and algorithm as
+ RTE_PMD_CNXK_SEC_ACTION_ALG0 and sa_hi as 0x1000 and sa_lo as 0x0001.
+
- ``Outbound CPT LF queue size`` (default ``8200``)
Size of Outbound CPT LF queue in number of descriptors can be specified by
diff --git a/drivers/net/cnxk/cnxk_ethdev_devargs.c b/drivers/net/cnxk/cnxk_ethdev_devargs.c
index 9b2beb6743..248582e1f6 100644
--- a/drivers/net/cnxk/cnxk_ethdev_devargs.c
+++ b/drivers/net/cnxk/cnxk_ethdev_devargs.c
@@ -245,6 +245,7 @@ parse_sdp_channel_mask(const char *key, const char *value, void *extra_args)
#define CNXK_OUTB_NB_CRYPTO_QS "outb_nb_crypto_qs"
#define CNXK_SDP_CHANNEL_MASK "sdp_channel_mask"
#define CNXK_FLOW_PRE_L2_INFO "flow_pre_l2_info"
+#define CNXK_CUSTOM_SA_ACT "custom_sa_act"
int
cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
@@ -263,9 +264,10 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
struct sdp_channel sdp_chan;
uint16_t rss_tag_as_xor = 0;
uint16_t scalar_enable = 0;
- uint8_t lock_rx_ctx = 0;
+ uint16_t custom_sa_act = 0;
struct rte_kvargs *kvlist;
uint16_t no_inl_dev = 0;
+ uint8_t lock_rx_ctx = 0;
memset(&sdp_chan, 0, sizeof(sdp_chan));
memset(&pre_l2_info, 0, sizeof(struct flow_pre_l2_size_info));
@@ -307,6 +309,8 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
&parse_sdp_channel_mask, &sdp_chan);
rte_kvargs_process(kvlist, CNXK_FLOW_PRE_L2_INFO,
&parse_pre_l2_hdr_info, &pre_l2_info);
+ rte_kvargs_process(kvlist, CNXK_CUSTOM_SA_ACT, &parse_flag,
+ &custom_sa_act);
rte_kvargs_free(kvlist);
null_devargs:
@@ -323,6 +327,7 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
dev->nix.max_sqb_count = sqb_count;
dev->nix.reta_sz = reta_sz;
dev->nix.lock_rx_ctx = lock_rx_ctx;
+ dev->nix.custom_sa_action = custom_sa_act;
dev->npc.flow_prealloc_size = flow_prealloc_size;
dev->npc.flow_max_priority = flow_max_priority;
dev->npc.switch_header_type = switch_header_type;
@@ -350,4 +355,5 @@ RTE_PMD_REGISTER_PARAM_STRING(net_cnxk,
CNXK_FLOW_PRE_L2_INFO "=<0-255>/<1-255>/<0-1>"
CNXK_OUTB_NB_CRYPTO_QS "=<1-64>"
CNXK_NO_INL_DEV "=0"
- CNXK_SDP_CHANNEL_MASK "=<1-4095>/<1-4095>");
+ CNXK_SDP_CHANNEL_MASK "=<1-4095>/<1-4095>"
+ CNXK_CUSTOM_SA_ACT "=1");
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev][PATCH 3/3] net/cnxk: adding cnxk support to configure custom sa index
2022-04-22 4:38 [dpdk-dev][PATCH 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2022-04-22 4:38 ` [dpdk-dev][PATCH 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
@ 2022-04-22 4:38 ` kirankumark
2022-04-26 10:14 ` Ray Kinsella
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2 siblings, 1 reply; 12+ messages in thread
From: kirankumark @ 2022-04-22 4:38 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao,
Ray Kinsella
Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding cnxk device driver support to configure custom sa index.
Custom sa index can be configured as part of the session create
as SPI, and later original SPI can be updated using session update.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
doc/api/doxy-api-index.md | 3 +-
doc/api/doxy-api.conf.in | 1 +
drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++++++-
drivers/net/cnxk/cn9k_ethdev.c | 6 ++
drivers/net/cnxk/cn9k_ethdev_sec.c | 2 +-
drivers/net/cnxk/cnxk_ethdev.h | 3 +-
drivers/net/cnxk/cnxk_ethdev_sec.c | 30 +++++---
drivers/net/cnxk/cnxk_flow.c | 1 +
drivers/net/cnxk/meson.build | 2 +
drivers/net/cnxk/rte_pmd_cnxk.h | 94 ++++++++++++++++++++++++
drivers/net/cnxk/version.map | 6 ++
11 files changed, 240 insertions(+), 15 deletions(-)
create mode 100644 drivers/net/cnxk/rte_pmd_cnxk.h
diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md
index 4245b9635c..8f9564ee84 100644
--- a/doc/api/doxy-api-index.md
+++ b/doc/api/doxy-api-index.md
@@ -56,7 +56,8 @@ The public API headers are grouped by topics:
[dpaa2_qdma] (@ref rte_pmd_dpaa2_qdma.h),
[crypto_scheduler] (@ref rte_cryptodev_scheduler.h),
[dlb2] (@ref rte_pmd_dlb2.h),
- [ifpga] (@ref rte_pmd_ifpga.h)
+ [ifpga] (@ref rte_pmd_ifpga.h),
+ [cnxk] (@ref rte_pmd_cnxk.h)
- **memory**:
[memseg] (@ref rte_memory.h),
diff --git a/doc/api/doxy-api.conf.in b/doc/api/doxy-api.conf.in
index db2ca9b6ed..b49942412d 100644
--- a/doc/api/doxy-api.conf.in
+++ b/doc/api/doxy-api.conf.in
@@ -12,6 +12,7 @@ INPUT = @TOPDIR@/doc/api/doxy-api-index.md \
@TOPDIR@/drivers/net/ark \
@TOPDIR@/drivers/net/bnxt \
@TOPDIR@/drivers/net/bonding \
+ @TOPDIR@/drivers/net/cnxk \
@TOPDIR@/drivers/net/dpaa \
@TOPDIR@/drivers/net/dpaa2 \
@TOPDIR@/drivers/net/i40e \
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 87bb691ab4..60ae5d7d99 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -6,6 +6,7 @@
#include <rte_eventdev.h>
#include <rte_security.h>
#include <rte_security_driver.h>
+#include <rte_pmd_cnxk.h>
#include <cn10k_ethdev.h>
#include <cnxk_security.h>
@@ -502,7 +503,7 @@ cn10k_eth_sec_session_create(void *device,
ROC_NIX_INL_OT_IPSEC_OUTB_SW_RSVD);
/* Alloc an sa index */
- rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
+ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi);
if (rc)
goto mempool_put;
@@ -657,6 +658,109 @@ cn10k_eth_sec_capabilities_get(void *device __rte_unused)
return cn10k_eth_sec_capabilities;
}
+static int
+cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct roc_ot_ipsec_inb_sa *inb_sa_dptr;
+ struct rte_security_ipsec_xform *ipsec;
+ struct rte_crypto_sym_xform *crypto;
+ struct cnxk_eth_sec_sess *eth_sec;
+ bool inbound;
+ int rc;
+
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
+ conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+ return -ENOENT;
+
+ ipsec = &conf->ipsec;
+ crypto = conf->crypto_xform;
+ inbound = !!(ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (!eth_sec)
+ return -ENOENT;
+
+ eth_sec->spi = conf->ipsec.spi;
+
+ if (inbound) {
+ inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr;
+ memset(inb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa));
+
+ rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto,
+ true);
+ if (rc)
+ return -EINVAL;
+
+ rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_inb_sa));
+ if (rc)
+ return -EINVAL;
+ } else {
+ struct roc_ot_ipsec_outb_sa *outb_sa_dptr;
+
+ outb_sa_dptr = (struct roc_ot_ipsec_outb_sa *)dev->outb.sa_dptr;
+ memset(outb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa));
+
+ rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
+ if (rc)
+ return -EINVAL;
+ rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_outb_sa));
+ if (rc)
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+int
+rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_eth_sec_sess *eth_sec;
+ int rc;
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (eth_sec == NULL)
+ return -EINVAL;
+
+ rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
+ ROC_NIX_INL_SA_OP_FLUSH);
+ if (rc)
+ return -EINVAL;
+ rte_delay_ms(1);
+ memcpy(data, eth_sec->sa, len);
+
+ return 0;
+}
+
+int
+rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_eth_sec_sess *eth_sec;
+ int rc = -EINVAL;
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (eth_sec == NULL)
+ return rc;
+ rc = roc_nix_inl_ctx_write(&dev->nix, data, eth_sec->sa, eth_sec->inb,
+ len);
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
void
cn10k_eth_sec_ops_override(void)
{
@@ -670,4 +774,5 @@ cn10k_eth_sec_ops_override(void)
cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
+ cnxk_eth_sec_ops.session_update = cn10k_eth_sec_session_update;
}
diff --git a/drivers/net/cnxk/cn9k_ethdev.c b/drivers/net/cnxk/cn9k_ethdev.c
index eda33dc8c5..d6d02c2cad 100644
--- a/drivers/net/cnxk/cn9k_ethdev.c
+++ b/drivers/net/cnxk/cn9k_ethdev.c
@@ -739,6 +739,12 @@ cn9k_nix_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
/* Update HW erratas */
if (roc_model_is_cn96_a0() || roc_model_is_cn95_a0())
dev->cq_min_4k = 1;
+
+ if (dev->nix.custom_sa_action) {
+ dev->nix.custom_sa_action = 0;
+ plt_info("WARNING: Custom SA action is enabled. It's not supported"
+ " on cn9k device. Disabling it");
+ }
return 0;
}
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index fa72424b4b..4dd0b6185e 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -262,7 +262,7 @@ cn9k_eth_sec_session_create(void *device,
ROC_NIX_INL_ONF_IPSEC_OUTB_SW_RSVD);
/* Alloc an sa index */
- rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
+ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, 0);
if (rc)
goto mempool_put;
diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
index ccdf496860..b21011a6d0 100644
--- a/drivers/net/cnxk/cnxk_ethdev.h
+++ b/drivers/net/cnxk/cnxk_ethdev.h
@@ -628,7 +628,8 @@ int cnxk_ethdev_parse_devargs(struct rte_devargs *devargs,
int cnxk_nix_dev_get_reg(struct rte_eth_dev *eth_dev,
struct rte_dev_reg_info *regs);
/* Security */
-int cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p);
+int cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
+ uint32_t spi);
int cnxk_eth_outb_sa_idx_put(struct cnxk_eth_dev *dev, uint32_t idx);
int cnxk_nix_lookup_mem_sa_base_set(struct cnxk_eth_dev *dev);
int cnxk_nix_lookup_mem_sa_base_clear(struct cnxk_eth_dev *dev);
diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c
index 7351ab0dc5..d01ebb4c96 100644
--- a/drivers/net/cnxk/cnxk_ethdev_sec.c
+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c
@@ -29,7 +29,8 @@ bitmap_ctzll(uint64_t slab)
}
int
-cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p)
+cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
+ uint32_t spi)
{
uint32_t pos, idx;
uint64_t slab;
@@ -42,17 +43,24 @@ cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p)
slab = 0;
/* Scan from the beginning */
plt_bitmap_scan_init(dev->outb.sa_bmap);
- /* Scan bitmap to get the free sa index */
- rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
- /* Empty bitmap */
- if (rc == 0) {
- plt_err("Outbound SA' exhausted, use 'ipsec_out_max_sa' "
- "devargs to increase");
- return -ERANGE;
- }
- /* Get free SA index */
- idx = pos + bitmap_ctzll(slab);
+ if (dev->nix.custom_sa_action) {
+ if (spi > dev->outb.max_sa)
+ return -ENOTSUP;
+ idx = spi;
+ } else {
+ /* Scan bitmap to get the free sa index */
+ rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
+ /* Empty bitmap */
+ if (rc == 0) {
+ plt_err("Outbound SA' exhausted, use 'ipsec_out_max_sa' "
+ "devargs to increase");
+ return -ERANGE;
+ }
+
+ /* Get free SA index */
+ idx = pos + bitmap_ctzll(slab);
+ }
plt_bitmap_clear(dev->outb.sa_bmap, idx);
*idx_p = idx;
return 0;
diff --git a/drivers/net/cnxk/cnxk_flow.c b/drivers/net/cnxk/cnxk_flow.c
index 8763ca63d6..2d902489e0 100644
--- a/drivers/net/cnxk/cnxk_flow.c
+++ b/drivers/net/cnxk/cnxk_flow.c
@@ -205,6 +205,7 @@ cnxk_map_actions(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr,
case RTE_FLOW_ACTION_TYPE_SECURITY:
in_actions[i].type = ROC_NPC_ACTION_TYPE_SEC;
+ in_actions[i].conf = actions->conf;
break;
case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
in_actions[i].type = ROC_NPC_ACTION_TYPE_VLAN_STRIP;
diff --git a/drivers/net/cnxk/meson.build b/drivers/net/cnxk/meson.build
index 016a79b2a8..f347e98fce 100644
--- a/drivers/net/cnxk/meson.build
+++ b/drivers/net/cnxk/meson.build
@@ -192,3 +192,5 @@ foreach flag: extra_flags
cflags += flag
endif
endforeach
+
+headers = files('rte_pmd_cnxk.h')
diff --git a/drivers/net/cnxk/rte_pmd_cnxk.h b/drivers/net/cnxk/rte_pmd_cnxk.h
new file mode 100644
index 0000000000..8770425dfb
--- /dev/null
+++ b/drivers/net/cnxk/rte_pmd_cnxk.h
@@ -0,0 +1,94 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2022 Marvell.
+ */
+
+/**
+ * @file rte_pmd_cnxk.h
+ * CNXK PMD specific functions.
+ *
+ **/
+
+#ifndef _PMD_CNXK_H_
+#define _PMD_CNXK_H_
+
+#include <rte_compat.h>
+#include <rte_ethdev.h>
+#include <rte_ether.h>
+#include <rte_security.h>
+
+/** Algorithm type to be used with security action to
+ * calculate SA_index
+ */
+enum rte_pmd_cnxk_sec_action_alg {
+ /** No swizzling of SPI bits into SA index.
+ * SA_index is from SA_XOR if enabled.
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG0,
+ /** SPI<31:28> has 4 upper bits which segment the sequence number space.
+ * Initial SA_index is from SA_XOR if enabled.
+ * SA_alg = { 4'b0, SA_mcam[27:0] + SPI[31:28]}
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG1,
+ /** SPI<27:25> segment the sequence number space.
+ * Initial SA_index is from SA_XOR if enabled.
+ * SA_alg = { 7'b0, SA_mcam[24:0] + SPI[27:25]}
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG2,
+ /** The inbound SPI maybe "random", therefore we want the MCAM to be
+ * capable of remapping the SPI to an arbitrary SA_index.
+ * SPI to SA is done using a lookup in NIX/NPC cam entry with key as
+ * SPI, MATCH_ID, LFID.
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG3,
+};
+
+struct rte_pmd_cnxk_sec_action {
+ /** Used as lookup result for ALG3 */
+ uint32_t sa_index;
+ /** When true XOR initial SA_INDEX with SA_HI/SA_LO to get SA_MCAM */
+ bool sa_xor;
+ /** SA_hi and SA_lo values for xor */
+ uint16_t sa_hi, sa_lo;
+ /** Determines alg to be applied post SA_MCAM computation with/without
+ * XOR.
+ */
+ enum rte_pmd_cnxk_sec_action_alg alg;
+};
+
+/**
+ * Read HW SA context from session.
+ *
+ * @param device
+ * Port identifier of Ethernet device.
+ * @param sess
+ * Handle of the security session.
+ * @param[out] data
+ * Destination pointer to copy SA context for application.
+ * @param len
+ * Length of SA context to copy into data parameter.
+ *
+ * @return
+ * 0 on success, a negative errno value otherwise.
+ */
+__rte_experimental
+int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len);
+/**
+ * Write HW SA context to session.
+ *
+ * @param device
+ * Port identifier of Ethernet device.
+ * @param sess
+ * Handle of the security session.
+ * @param[in] data
+ * Source data pointer from application to copy SA context into session.
+ * @param len
+ * Length of SA context to copy from data parameter.
+ *
+ * @return
+ * 0 on success, a negative errno value otherwise.
+ */
+__rte_experimental
+int rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len);
+#endif /* _PMD_CNXK_H_ */
diff --git a/drivers/net/cnxk/version.map b/drivers/net/cnxk/version.map
index b9da6b1506..2efd7f2b20 100644
--- a/drivers/net/cnxk/version.map
+++ b/drivers/net/cnxk/version.map
@@ -6,3 +6,9 @@ INTERNAL {
global:
cnxk_nix_inb_mode_set;
};
+
+EXPERIMENTAL {
+ global:
+ rte_pmd_cnxk_hw_sa_read;
+ rte_pmd_cnxk_hw_sa_write;
+};
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev][PATCH 3/3] net/cnxk: adding cnxk support to configure custom sa index
2022-04-22 4:38 ` [dpdk-dev][PATCH 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
@ 2022-04-26 10:14 ` Ray Kinsella
0 siblings, 0 replies; 12+ messages in thread
From: Ray Kinsella @ 2022-04-26 10:14 UTC (permalink / raw)
To: kirankumark; +Cc: Nithin Dabilpuram, Sunil Kumar Kori, Satha Rao, dev
kirankumark@marvell.com writes:
> From: Kiran Kumar K <kirankumark@marvell.com>
>
> Adding cnxk device driver support to configure custom sa index.
> Custom sa index can be configured as part of the session create
> as SPI, and later original SPI can be updated using session update.
>
> Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
> ---
> doc/api/doxy-api-index.md | 3 +-
> doc/api/doxy-api.conf.in | 1 +
> drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++++++-
> drivers/net/cnxk/cn9k_ethdev.c | 6 ++
> drivers/net/cnxk/cn9k_ethdev_sec.c | 2 +-
> drivers/net/cnxk/cnxk_ethdev.h | 3 +-
> drivers/net/cnxk/cnxk_ethdev_sec.c | 30 +++++---
> drivers/net/cnxk/cnxk_flow.c | 1 +
> drivers/net/cnxk/meson.build | 2 +
> drivers/net/cnxk/rte_pmd_cnxk.h | 94 ++++++++++++++++++++++++
> drivers/net/cnxk/version.map | 6 ++
> 11 files changed, 240 insertions(+), 15 deletions(-)
> create mode 100644 drivers/net/cnxk/rte_pmd_cnxk.h
>
> diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md
> index 4245b9635c..8f9564ee84 100644
> --- a/doc/api/doxy-api-index.md
> +++ b/doc/api/doxy-api-index.md
> @@ -56,7 +56,8 @@ The public API headers are grouped by topics:
> [dpaa2_qdma] (@ref rte_pmd_dpaa2_qdma.h),
> [crypto_scheduler] (@ref rte_cryptodev_scheduler.h),
> [dlb2] (@ref rte_pmd_dlb2.h),
> - [ifpga] (@ref rte_pmd_ifpga.h)
> + [ifpga] (@ref rte_pmd_ifpga.h),
> + [cnxk] (@ref rte_pmd_cnxk.h)
>
> - **memory**:
> [memseg] (@ref rte_memory.h),
> diff --git a/doc/api/doxy-api.conf.in b/doc/api/doxy-api.conf.in
> index db2ca9b6ed..b49942412d 100644
> --- a/doc/api/doxy-api.conf.in
> +++ b/doc/api/doxy-api.conf.in
> @@ -12,6 +12,7 @@ INPUT = @TOPDIR@/doc/api/doxy-api-index.md \
> @TOPDIR@/drivers/net/ark \
> @TOPDIR@/drivers/net/bnxt \
> @TOPDIR@/drivers/net/bonding \
> + @TOPDIR@/drivers/net/cnxk \
> @TOPDIR@/drivers/net/dpaa \
> @TOPDIR@/drivers/net/dpaa2 \
> @TOPDIR@/drivers/net/i40e \
> diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
> index 87bb691ab4..60ae5d7d99 100644
> --- a/drivers/net/cnxk/cn10k_ethdev_sec.c
> +++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
> @@ -6,6 +6,7 @@
> #include <rte_eventdev.h>
> #include <rte_security.h>
> #include <rte_security_driver.h>
> +#include <rte_pmd_cnxk.h>
>
> #include <cn10k_ethdev.h>
> #include <cnxk_security.h>
> @@ -502,7 +503,7 @@ cn10k_eth_sec_session_create(void *device,
> ROC_NIX_INL_OT_IPSEC_OUTB_SW_RSVD);
>
> /* Alloc an sa index */
> - rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
> + rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi);
> if (rc)
> goto mempool_put;
>
> @@ -657,6 +658,109 @@ cn10k_eth_sec_capabilities_get(void *device __rte_unused)
> return cn10k_eth_sec_capabilities;
> }
>
> +static int
> +cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
> + struct rte_security_session_conf *conf)
> +{
> + struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
> + struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
> + struct roc_ot_ipsec_inb_sa *inb_sa_dptr;
> + struct rte_security_ipsec_xform *ipsec;
> + struct rte_crypto_sym_xform *crypto;
> + struct cnxk_eth_sec_sess *eth_sec;
> + bool inbound;
> + int rc;
> +
> + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> + conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
> + return -ENOENT;
> +
> + ipsec = &conf->ipsec;
> + crypto = conf->crypto_xform;
> + inbound = !!(ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
> +
> + eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
> + if (!eth_sec)
> + return -ENOENT;
> +
> + eth_sec->spi = conf->ipsec.spi;
> +
> + if (inbound) {
> + inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr;
> + memset(inb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa));
> +
> + rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto,
> + true);
> + if (rc)
> + return -EINVAL;
> +
> + rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa,
> + eth_sec->inb,
> + sizeof(struct roc_ot_ipsec_inb_sa));
> + if (rc)
> + return -EINVAL;
> + } else {
> + struct roc_ot_ipsec_outb_sa *outb_sa_dptr;
> +
> + outb_sa_dptr = (struct roc_ot_ipsec_outb_sa *)dev->outb.sa_dptr;
> + memset(outb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa));
> +
> + rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
> + if (rc)
> + return -EINVAL;
> + rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa,
> + eth_sec->inb,
> + sizeof(struct roc_ot_ipsec_outb_sa));
> + if (rc)
> + return -EINVAL;
> + }
> +
> + return 0;
> +}
> +
> +int
> +rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
> + void *data, uint32_t len)
> +{
> + struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
> + struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
> + struct cnxk_eth_sec_sess *eth_sec;
> + int rc;
> +
> + eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
> + if (eth_sec == NULL)
> + return -EINVAL;
> +
> + rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
> + ROC_NIX_INL_SA_OP_FLUSH);
> + if (rc)
> + return -EINVAL;
> + rte_delay_ms(1);
> + memcpy(data, eth_sec->sa, len);
> +
> + return 0;
> +}
> +
> +int
> +rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
> + void *data, uint32_t len)
> +{
> + struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
> + struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
> + struct cnxk_eth_sec_sess *eth_sec;
> + int rc = -EINVAL;
> +
> + eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
> + if (eth_sec == NULL)
> + return rc;
> + rc = roc_nix_inl_ctx_write(&dev->nix, data, eth_sec->sa, eth_sec->inb,
> + len);
> + if (rc)
> + return rc;
> +
> + return 0;
> +}
> +
> void
> cn10k_eth_sec_ops_override(void)
> {
> @@ -670,4 +774,5 @@ cn10k_eth_sec_ops_override(void)
> cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
> cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
> cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
> + cnxk_eth_sec_ops.session_update = cn10k_eth_sec_session_update;
> }
> diff --git a/drivers/net/cnxk/cn9k_ethdev.c b/drivers/net/cnxk/cn9k_ethdev.c
> index eda33dc8c5..d6d02c2cad 100644
> --- a/drivers/net/cnxk/cn9k_ethdev.c
> +++ b/drivers/net/cnxk/cn9k_ethdev.c
> @@ -739,6 +739,12 @@ cn9k_nix_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
> /* Update HW erratas */
> if (roc_model_is_cn96_a0() || roc_model_is_cn95_a0())
> dev->cq_min_4k = 1;
> +
> + if (dev->nix.custom_sa_action) {
> + dev->nix.custom_sa_action = 0;
> + plt_info("WARNING: Custom SA action is enabled. It's not supported"
> + " on cn9k device. Disabling it");
> + }
> return 0;
> }
>
> diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
> index fa72424b4b..4dd0b6185e 100644
> --- a/drivers/net/cnxk/cn9k_ethdev_sec.c
> +++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
> @@ -262,7 +262,7 @@ cn9k_eth_sec_session_create(void *device,
> ROC_NIX_INL_ONF_IPSEC_OUTB_SW_RSVD);
>
> /* Alloc an sa index */
> - rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
> + rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, 0);
> if (rc)
> goto mempool_put;
>
> diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
> index ccdf496860..b21011a6d0 100644
> --- a/drivers/net/cnxk/cnxk_ethdev.h
> +++ b/drivers/net/cnxk/cnxk_ethdev.h
> @@ -628,7 +628,8 @@ int cnxk_ethdev_parse_devargs(struct rte_devargs *devargs,
> int cnxk_nix_dev_get_reg(struct rte_eth_dev *eth_dev,
> struct rte_dev_reg_info *regs);
> /* Security */
> -int cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p);
> +int cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
> + uint32_t spi);
> int cnxk_eth_outb_sa_idx_put(struct cnxk_eth_dev *dev, uint32_t idx);
> int cnxk_nix_lookup_mem_sa_base_set(struct cnxk_eth_dev *dev);
> int cnxk_nix_lookup_mem_sa_base_clear(struct cnxk_eth_dev *dev);
> diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c
> index 7351ab0dc5..d01ebb4c96 100644
> --- a/drivers/net/cnxk/cnxk_ethdev_sec.c
> +++ b/drivers/net/cnxk/cnxk_ethdev_sec.c
> @@ -29,7 +29,8 @@ bitmap_ctzll(uint64_t slab)
> }
>
> int
> -cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p)
> +cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
> + uint32_t spi)
> {
> uint32_t pos, idx;
> uint64_t slab;
> @@ -42,17 +43,24 @@ cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p)
> slab = 0;
> /* Scan from the beginning */
> plt_bitmap_scan_init(dev->outb.sa_bmap);
> - /* Scan bitmap to get the free sa index */
> - rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
> - /* Empty bitmap */
> - if (rc == 0) {
> - plt_err("Outbound SA' exhausted, use 'ipsec_out_max_sa' "
> - "devargs to increase");
> - return -ERANGE;
> - }
>
> - /* Get free SA index */
> - idx = pos + bitmap_ctzll(slab);
> + if (dev->nix.custom_sa_action) {
> + if (spi > dev->outb.max_sa)
> + return -ENOTSUP;
> + idx = spi;
> + } else {
> + /* Scan bitmap to get the free sa index */
> + rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
> + /* Empty bitmap */
> + if (rc == 0) {
> + plt_err("Outbound SA' exhausted, use 'ipsec_out_max_sa' "
> + "devargs to increase");
> + return -ERANGE;
> + }
> +
> + /* Get free SA index */
> + idx = pos + bitmap_ctzll(slab);
> + }
> plt_bitmap_clear(dev->outb.sa_bmap, idx);
> *idx_p = idx;
> return 0;
> diff --git a/drivers/net/cnxk/cnxk_flow.c b/drivers/net/cnxk/cnxk_flow.c
> index 8763ca63d6..2d902489e0 100644
> --- a/drivers/net/cnxk/cnxk_flow.c
> +++ b/drivers/net/cnxk/cnxk_flow.c
> @@ -205,6 +205,7 @@ cnxk_map_actions(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr,
>
> case RTE_FLOW_ACTION_TYPE_SECURITY:
> in_actions[i].type = ROC_NPC_ACTION_TYPE_SEC;
> + in_actions[i].conf = actions->conf;
> break;
> case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
> in_actions[i].type = ROC_NPC_ACTION_TYPE_VLAN_STRIP;
> diff --git a/drivers/net/cnxk/meson.build b/drivers/net/cnxk/meson.build
> index 016a79b2a8..f347e98fce 100644
> --- a/drivers/net/cnxk/meson.build
> +++ b/drivers/net/cnxk/meson.build
> @@ -192,3 +192,5 @@ foreach flag: extra_flags
> cflags += flag
> endif
> endforeach
> +
> +headers = files('rte_pmd_cnxk.h')
> diff --git a/drivers/net/cnxk/rte_pmd_cnxk.h b/drivers/net/cnxk/rte_pmd_cnxk.h
> new file mode 100644
> index 0000000000..8770425dfb
> --- /dev/null
> +++ b/drivers/net/cnxk/rte_pmd_cnxk.h
> @@ -0,0 +1,94 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(C) 2022 Marvell.
> + */
> +
> +/**
> + * @file rte_pmd_cnxk.h
> + * CNXK PMD specific functions.
> + *
> + **/
> +
> +#ifndef _PMD_CNXK_H_
> +#define _PMD_CNXK_H_
> +
> +#include <rte_compat.h>
> +#include <rte_ethdev.h>
> +#include <rte_ether.h>
> +#include <rte_security.h>
> +
> +/** Algorithm type to be used with security action to
> + * calculate SA_index
> + */
> +enum rte_pmd_cnxk_sec_action_alg {
> + /** No swizzling of SPI bits into SA index.
> + * SA_index is from SA_XOR if enabled.
> + */
> + RTE_PMD_CNXK_SEC_ACTION_ALG0,
> + /** SPI<31:28> has 4 upper bits which segment the sequence number space.
> + * Initial SA_index is from SA_XOR if enabled.
> + * SA_alg = { 4'b0, SA_mcam[27:0] + SPI[31:28]}
> + */
> + RTE_PMD_CNXK_SEC_ACTION_ALG1,
> + /** SPI<27:25> segment the sequence number space.
> + * Initial SA_index is from SA_XOR if enabled.
> + * SA_alg = { 7'b0, SA_mcam[24:0] + SPI[27:25]}
> + */
> + RTE_PMD_CNXK_SEC_ACTION_ALG2,
> + /** The inbound SPI maybe "random", therefore we want the MCAM to be
> + * capable of remapping the SPI to an arbitrary SA_index.
> + * SPI to SA is done using a lookup in NIX/NPC cam entry with key as
> + * SPI, MATCH_ID, LFID.
> + */
> + RTE_PMD_CNXK_SEC_ACTION_ALG3,
> +};
> +
> +struct rte_pmd_cnxk_sec_action {
> + /** Used as lookup result for ALG3 */
> + uint32_t sa_index;
> + /** When true XOR initial SA_INDEX with SA_HI/SA_LO to get SA_MCAM */
> + bool sa_xor;
> + /** SA_hi and SA_lo values for xor */
> + uint16_t sa_hi, sa_lo;
> + /** Determines alg to be applied post SA_MCAM computation with/without
> + * XOR.
> + */
> + enum rte_pmd_cnxk_sec_action_alg alg;
> +};
> +
> +/**
> + * Read HW SA context from session.
> + *
> + * @param device
> + * Port identifier of Ethernet device.
> + * @param sess
> + * Handle of the security session.
> + * @param[out] data
> + * Destination pointer to copy SA context for application.
> + * @param len
> + * Length of SA context to copy into data parameter.
> + *
> + * @return
> + * 0 on success, a negative errno value otherwise.
> + */
> +__rte_experimental
> +int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
> + void *data, uint32_t len);
> +/**
> + * Write HW SA context to session.
> + *
> + * @param device
> + * Port identifier of Ethernet device.
> + * @param sess
> + * Handle of the security session.
> + * @param[in] data
> + * Source data pointer from application to copy SA context into session.
> + * @param len
> + * Length of SA context to copy from data parameter.
> + *
> + * @return
> + * 0 on success, a negative errno value otherwise.
> + */
> +__rte_experimental
> +int rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
> + void *data, uint32_t len);
> +#endif /* _PMD_CNXK_H_ */
> diff --git a/drivers/net/cnxk/version.map b/drivers/net/cnxk/version.map
> index b9da6b1506..2efd7f2b20 100644
> --- a/drivers/net/cnxk/version.map
> +++ b/drivers/net/cnxk/version.map
> @@ -6,3 +6,9 @@ INTERNAL {
> global:
> cnxk_nix_inb_mode_set;
> };
> +
> +EXPERIMENTAL {
Please add a comment indicating the release the new symbols were are added in.
> + global:
> + rte_pmd_cnxk_hw_sa_read;
> + rte_pmd_cnxk_hw_sa_write;
> +};
--
Regards, Ray K
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action
2022-04-22 4:38 [dpdk-dev][PATCH 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2022-04-22 4:38 ` [dpdk-dev][PATCH 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
2022-04-22 4:38 ` [dpdk-dev][PATCH 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
@ 2022-05-04 5:11 ` kirankumark
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
` (2 more replies)
2 siblings, 3 replies; 12+ messages in thread
From: kirankumark @ 2022-05-04 5:11 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao; +Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding ROC Flow changes to parse custom SA action for cnxk device.
When custom sa action is enabled, VTAG actions are not allowed.
And custom SA index will be calculated based on SA_HI and SA_LO
values. This allows the potential for a MCAM entry to match
many SAs, rather than only match a single SA.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
drivers/common/cnxk/roc_nix.h | 1 +
drivers/common/cnxk/roc_nix_inl.c | 13 ++++---
drivers/common/cnxk/roc_npc.c | 58 +++++++++++++++++++++++++++++++
drivers/common/cnxk/roc_npc.h | 19 ++++++++++
4 files changed, 86 insertions(+), 5 deletions(-)
diff --git a/drivers/common/cnxk/roc_nix.h b/drivers/common/cnxk/roc_nix.h
index dbb816d961..7313cc4d36 100644
--- a/drivers/common/cnxk/roc_nix.h
+++ b/drivers/common/cnxk/roc_nix.h
@@ -405,6 +405,7 @@ struct roc_nix {
bool io_enabled;
bool rx_ptp_ena;
uint16_t cints;
+ bool custom_sa_action;
#define ROC_NIX_MEM_SZ (6 * 1024)
uint8_t reserved[ROC_NIX_MEM_SZ] __plt_cache_aligned;
diff --git a/drivers/common/cnxk/roc_nix_inl.c b/drivers/common/cnxk/roc_nix_inl.c
index 826c6e99c1..e14f8a1f32 100644
--- a/drivers/common/cnxk/roc_nix_inl.c
+++ b/drivers/common/cnxk/roc_nix_inl.c
@@ -217,6 +217,14 @@ roc_nix_inl_inb_sa_get(struct roc_nix *roc_nix, bool inb_inl_dev, uint32_t spi)
if (!sa_base)
return 0;
+ /* Get SA size */
+ sz = roc_nix_inl_inb_sa_sz(roc_nix, inb_inl_dev);
+ if (!sz)
+ return 0;
+
+ if (roc_nix->custom_sa_action)
+ return (sa_base + (spi * sz));
+
/* Check if SPI is in range */
mask = roc_nix_inl_inb_spi_range(roc_nix, inb_inl_dev, &min_spi,
&max_spi);
@@ -224,11 +232,6 @@ roc_nix_inl_inb_sa_get(struct roc_nix *roc_nix, bool inb_inl_dev, uint32_t spi)
plt_warn("Inbound SA SPI %u not in range (%u..%u)", spi,
min_spi, max_spi);
- /* Get SA size */
- sz = roc_nix_inl_inb_sa_sz(roc_nix, inb_inl_dev);
- if (!sz)
- return 0;
-
/* Basic logic of SPI->SA for now */
return (sa_base + ((spi & mask) * sz));
}
diff --git a/drivers/common/cnxk/roc_npc.c b/drivers/common/cnxk/roc_npc.c
index fc88fd58bc..784f63d92a 100644
--- a/drivers/common/cnxk/roc_npc.c
+++ b/drivers/common/cnxk/roc_npc.c
@@ -293,6 +293,48 @@ roc_npc_validate_portid_action(struct roc_npc *roc_npc_src,
return 0;
}
+static int
+npc_parse_msns_action(struct roc_npc *roc_npc, const struct roc_npc_action *act,
+ struct roc_npc_flow *flow, uint8_t *has_msns_action)
+{
+ const struct roc_npc_sec_action *sec_action;
+ union {
+ uint64_t reg;
+ union nix_rx_vtag_action_u act;
+ } vtag_act;
+
+ if (roc_npc->roc_nix->custom_sa_action == 0 ||
+ roc_model_is_cn9k() == 1 || act->conf == NULL)
+ return 0;
+
+ *has_msns_action = true;
+ sec_action = act->conf;
+
+ vtag_act.reg = 0;
+ vtag_act.act.sa_xor = sec_action->sa_xor;
+ vtag_act.act.sa_hi = sec_action->sa_hi;
+ vtag_act.act.sa_lo = sec_action->sa_lo;
+
+ switch (sec_action->alg) {
+ case ROC_NPC_SEC_ACTION_ALG0:
+ break;
+ case ROC_NPC_SEC_ACTION_ALG1:
+ vtag_act.act.vtag1_valid = false;
+ vtag_act.act.vtag1_lid = ROC_NPC_SEC_ACTION_ALG1;
+ break;
+ case ROC_NPC_SEC_ACTION_ALG2:
+ vtag_act.act.vtag1_valid = false;
+ vtag_act.act.vtag1_lid = ROC_NPC_SEC_ACTION_ALG2;
+ break;
+ default:
+ return -1;
+ }
+
+ flow->vtag_action = vtag_act.reg;
+
+ return 0;
+}
+
static int
npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
const struct roc_npc_action actions[],
@@ -305,11 +347,13 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
const struct roc_npc_action_queue *act_q;
const struct roc_npc_action_vf *vf_act;
bool vlan_insert_action = false;
+ uint8_t has_msns_act = 0;
int sel_act, req_act = 0;
uint16_t pf_func, vf_id;
int errcode = 0;
int mark = 0;
int rq = 0;
+ int rc = 0;
/* Initialize actions */
flow->ctr_id = NPC_COUNTER_NONE;
@@ -399,6 +443,12 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
rq = 0;
pf_func = nix_inl_dev_pffunc_get();
}
+ rc = npc_parse_msns_action(roc_npc, actions, flow,
+ &has_msns_act);
+ if (rc) {
+ errcode = NPC_ERR_ACTION_NOTSUP;
+ goto err_exit;
+ }
break;
case ROC_NPC_ACTION_TYPE_VLAN_STRIP:
req_act |= ROC_NPC_ACTION_TYPE_VLAN_STRIP;
@@ -438,6 +488,14 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
goto err_exit;
}
+ if (has_msns_act && (vlan_insert_action ||
+ (req_act & ROC_NPC_ACTION_TYPE_VLAN_STRIP))) {
+ plt_err("Both MSNS and VLAN insert/strip action can't be supported"
+ " together");
+ errcode = NPC_ERR_ACTION_NOTSUP;
+ goto err_exit;
+ }
+
/* Both STRIP and INSERT actions are not supported */
if (vlan_insert_action && (req_act & ROC_NPC_ACTION_TYPE_VLAN_STRIP)) {
errcode = NPC_ERR_ACTION_NOTSUP;
diff --git a/drivers/common/cnxk/roc_npc.h b/drivers/common/cnxk/roc_npc.h
index 6204139396..78cdf3a318 100644
--- a/drivers/common/cnxk/roc_npc.h
+++ b/drivers/common/cnxk/roc_npc.h
@@ -209,6 +209,25 @@ struct roc_npc_action_meter {
uint32_t mtr_id; /**< Meter id to be applied. > */
};
+enum roc_npc_sec_action_alg {
+ ROC_NPC_SEC_ACTION_ALG0,
+ ROC_NPC_SEC_ACTION_ALG1,
+ ROC_NPC_SEC_ACTION_ALG2,
+ ROC_NPC_SEC_ACTION_ALG3,
+};
+
+struct roc_npc_sec_action {
+ /* Used as lookup result for ALG3 */
+ uint32_t sa_index;
+ /* When true XOR initial SA_INDEX with SA_HI/SA_LO to get SA_MCAM */
+ bool sa_xor;
+ uint16_t sa_hi, sa_lo;
+ /* Determines alg to be applied post SA_MCAM computation with/without
+ * XOR
+ */
+ enum roc_npc_sec_action_alg alg;
+};
+
struct roc_npc_attr {
uint32_t priority; /**< Rule priority level within group. */
uint32_t ingress : 1; /**< Rule applies to ingress traffic. */
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
@ 2022-05-04 5:11 ` kirankumark
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2 siblings, 0 replies; 12+ messages in thread
From: kirankumark @ 2022-05-04 5:11 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao; +Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding devargs support to parse custom sa action.
Devargs can be specified in the following way.
-a 0002:02:00.0,custom_sa_act=1
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
doc/guides/nics/cnxk.rst | 20 ++++++++++++++++++++
drivers/net/cnxk/cnxk_ethdev_devargs.c | 10 ++++++++--
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/doc/guides/nics/cnxk.rst b/doc/guides/nics/cnxk.rst
index 31c801fa04..e5087343ed 100644
--- a/doc/guides/nics/cnxk.rst
+++ b/doc/guides/nics/cnxk.rst
@@ -251,6 +251,26 @@ Runtime Config Options
With the above configuration, application can enable inline IPsec processing
for 128 outbound SAs.
+- ``Enable custom SA action`` (default ``0``)
+
+ Custom SA action can be enabled by specifying ``custom_sa_act`` ``devargs`` parameter.
+
+ For example::
+
+ -a 0002:02:00.0,custom_sa_act=1
+
+ With the above configuration, application can enable custom SA action. This
+ configuration allows the potential for a MCAM entry to match many SAs,
+ rather than only match a single SA.
+ For cnxk device sa_index will be calculated based on SPI value. So, it will
+ be 1 to 1 mapping. By enabling this devargs and setting a MCAM rule, will
+ allow application to configure the sa_index as part of session create. And
+ later original SPI value can be updated using session update.
+ For example, application can set sa_index as 0 using session create as SPI value
+ and later can update the original SPI value (for example 0x10000001) using
+ session update. And create a flow rule with security action and algorithm as
+ RTE_PMD_CNXK_SEC_ACTION_ALG0 and sa_hi as 0x1000 and sa_lo as 0x0001.
+
- ``Outbound CPT LF queue size`` (default ``8200``)
Size of Outbound CPT LF queue in number of descriptors can be specified by
diff --git a/drivers/net/cnxk/cnxk_ethdev_devargs.c b/drivers/net/cnxk/cnxk_ethdev_devargs.c
index 9b2beb6743..248582e1f6 100644
--- a/drivers/net/cnxk/cnxk_ethdev_devargs.c
+++ b/drivers/net/cnxk/cnxk_ethdev_devargs.c
@@ -245,6 +245,7 @@ parse_sdp_channel_mask(const char *key, const char *value, void *extra_args)
#define CNXK_OUTB_NB_CRYPTO_QS "outb_nb_crypto_qs"
#define CNXK_SDP_CHANNEL_MASK "sdp_channel_mask"
#define CNXK_FLOW_PRE_L2_INFO "flow_pre_l2_info"
+#define CNXK_CUSTOM_SA_ACT "custom_sa_act"
int
cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
@@ -263,9 +264,10 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
struct sdp_channel sdp_chan;
uint16_t rss_tag_as_xor = 0;
uint16_t scalar_enable = 0;
- uint8_t lock_rx_ctx = 0;
+ uint16_t custom_sa_act = 0;
struct rte_kvargs *kvlist;
uint16_t no_inl_dev = 0;
+ uint8_t lock_rx_ctx = 0;
memset(&sdp_chan, 0, sizeof(sdp_chan));
memset(&pre_l2_info, 0, sizeof(struct flow_pre_l2_size_info));
@@ -307,6 +309,8 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
&parse_sdp_channel_mask, &sdp_chan);
rte_kvargs_process(kvlist, CNXK_FLOW_PRE_L2_INFO,
&parse_pre_l2_hdr_info, &pre_l2_info);
+ rte_kvargs_process(kvlist, CNXK_CUSTOM_SA_ACT, &parse_flag,
+ &custom_sa_act);
rte_kvargs_free(kvlist);
null_devargs:
@@ -323,6 +327,7 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
dev->nix.max_sqb_count = sqb_count;
dev->nix.reta_sz = reta_sz;
dev->nix.lock_rx_ctx = lock_rx_ctx;
+ dev->nix.custom_sa_action = custom_sa_act;
dev->npc.flow_prealloc_size = flow_prealloc_size;
dev->npc.flow_max_priority = flow_max_priority;
dev->npc.switch_header_type = switch_header_type;
@@ -350,4 +355,5 @@ RTE_PMD_REGISTER_PARAM_STRING(net_cnxk,
CNXK_FLOW_PRE_L2_INFO "=<0-255>/<1-255>/<0-1>"
CNXK_OUTB_NB_CRYPTO_QS "=<1-64>"
CNXK_NO_INL_DEV "=0"
- CNXK_SDP_CHANNEL_MASK "=<1-4095>/<1-4095>");
+ CNXK_SDP_CHANNEL_MASK "=<1-4095>/<1-4095>"
+ CNXK_CUSTOM_SA_ACT "=1");
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
@ 2022-05-04 5:11 ` kirankumark
2022-05-04 8:44 ` Ray Kinsella
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2 siblings, 1 reply; 12+ messages in thread
From: kirankumark @ 2022-05-04 5:11 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao,
Ray Kinsella
Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding cnxk device driver support to configure custom sa index.
Custom sa index can be configured as part of the session create
as SPI, and later original SPI can be updated using session update.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
doc/api/doxy-api-index.md | 3 +-
doc/api/doxy-api.conf.in | 1 +
drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++++++-
drivers/net/cnxk/cn9k_ethdev.c | 6 ++
drivers/net/cnxk/cn9k_ethdev_sec.c | 2 +-
drivers/net/cnxk/cnxk_ethdev.h | 3 +-
drivers/net/cnxk/cnxk_ethdev_sec.c | 30 +++++---
drivers/net/cnxk/cnxk_flow.c | 1 +
drivers/net/cnxk/meson.build | 2 +
drivers/net/cnxk/rte_pmd_cnxk.h | 94 ++++++++++++++++++++++++
drivers/net/cnxk/version.map | 7 ++
11 files changed, 241 insertions(+), 15 deletions(-)
create mode 100644 drivers/net/cnxk/rte_pmd_cnxk.h
diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md
index 4245b9635c..8f9564ee84 100644
--- a/doc/api/doxy-api-index.md
+++ b/doc/api/doxy-api-index.md
@@ -56,7 +56,8 @@ The public API headers are grouped by topics:
[dpaa2_qdma] (@ref rte_pmd_dpaa2_qdma.h),
[crypto_scheduler] (@ref rte_cryptodev_scheduler.h),
[dlb2] (@ref rte_pmd_dlb2.h),
- [ifpga] (@ref rte_pmd_ifpga.h)
+ [ifpga] (@ref rte_pmd_ifpga.h),
+ [cnxk] (@ref rte_pmd_cnxk.h)
- **memory**:
[memseg] (@ref rte_memory.h),
diff --git a/doc/api/doxy-api.conf.in b/doc/api/doxy-api.conf.in
index db2ca9b6ed..b49942412d 100644
--- a/doc/api/doxy-api.conf.in
+++ b/doc/api/doxy-api.conf.in
@@ -12,6 +12,7 @@ INPUT = @TOPDIR@/doc/api/doxy-api-index.md \
@TOPDIR@/drivers/net/ark \
@TOPDIR@/drivers/net/bnxt \
@TOPDIR@/drivers/net/bonding \
+ @TOPDIR@/drivers/net/cnxk \
@TOPDIR@/drivers/net/dpaa \
@TOPDIR@/drivers/net/dpaa2 \
@TOPDIR@/drivers/net/i40e \
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 87bb691ab4..60ae5d7d99 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -6,6 +6,7 @@
#include <rte_eventdev.h>
#include <rte_security.h>
#include <rte_security_driver.h>
+#include <rte_pmd_cnxk.h>
#include <cn10k_ethdev.h>
#include <cnxk_security.h>
@@ -502,7 +503,7 @@ cn10k_eth_sec_session_create(void *device,
ROC_NIX_INL_OT_IPSEC_OUTB_SW_RSVD);
/* Alloc an sa index */
- rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
+ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi);
if (rc)
goto mempool_put;
@@ -657,6 +658,109 @@ cn10k_eth_sec_capabilities_get(void *device __rte_unused)
return cn10k_eth_sec_capabilities;
}
+static int
+cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct roc_ot_ipsec_inb_sa *inb_sa_dptr;
+ struct rte_security_ipsec_xform *ipsec;
+ struct rte_crypto_sym_xform *crypto;
+ struct cnxk_eth_sec_sess *eth_sec;
+ bool inbound;
+ int rc;
+
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
+ conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+ return -ENOENT;
+
+ ipsec = &conf->ipsec;
+ crypto = conf->crypto_xform;
+ inbound = !!(ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (!eth_sec)
+ return -ENOENT;
+
+ eth_sec->spi = conf->ipsec.spi;
+
+ if (inbound) {
+ inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr;
+ memset(inb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa));
+
+ rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto,
+ true);
+ if (rc)
+ return -EINVAL;
+
+ rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_inb_sa));
+ if (rc)
+ return -EINVAL;
+ } else {
+ struct roc_ot_ipsec_outb_sa *outb_sa_dptr;
+
+ outb_sa_dptr = (struct roc_ot_ipsec_outb_sa *)dev->outb.sa_dptr;
+ memset(outb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa));
+
+ rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
+ if (rc)
+ return -EINVAL;
+ rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_outb_sa));
+ if (rc)
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+int
+rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_eth_sec_sess *eth_sec;
+ int rc;
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (eth_sec == NULL)
+ return -EINVAL;
+
+ rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
+ ROC_NIX_INL_SA_OP_FLUSH);
+ if (rc)
+ return -EINVAL;
+ rte_delay_ms(1);
+ memcpy(data, eth_sec->sa, len);
+
+ return 0;
+}
+
+int
+rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_eth_sec_sess *eth_sec;
+ int rc = -EINVAL;
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (eth_sec == NULL)
+ return rc;
+ rc = roc_nix_inl_ctx_write(&dev->nix, data, eth_sec->sa, eth_sec->inb,
+ len);
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
void
cn10k_eth_sec_ops_override(void)
{
@@ -670,4 +774,5 @@ cn10k_eth_sec_ops_override(void)
cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
+ cnxk_eth_sec_ops.session_update = cn10k_eth_sec_session_update;
}
diff --git a/drivers/net/cnxk/cn9k_ethdev.c b/drivers/net/cnxk/cn9k_ethdev.c
index eda33dc8c5..d6d02c2cad 100644
--- a/drivers/net/cnxk/cn9k_ethdev.c
+++ b/drivers/net/cnxk/cn9k_ethdev.c
@@ -739,6 +739,12 @@ cn9k_nix_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
/* Update HW erratas */
if (roc_model_is_cn96_a0() || roc_model_is_cn95_a0())
dev->cq_min_4k = 1;
+
+ if (dev->nix.custom_sa_action) {
+ dev->nix.custom_sa_action = 0;
+ plt_info("WARNING: Custom SA action is enabled. It's not supported"
+ " on cn9k device. Disabling it");
+ }
return 0;
}
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index fa72424b4b..4dd0b6185e 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -262,7 +262,7 @@ cn9k_eth_sec_session_create(void *device,
ROC_NIX_INL_ONF_IPSEC_OUTB_SW_RSVD);
/* Alloc an sa index */
- rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
+ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, 0);
if (rc)
goto mempool_put;
diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
index ccdf496860..b21011a6d0 100644
--- a/drivers/net/cnxk/cnxk_ethdev.h
+++ b/drivers/net/cnxk/cnxk_ethdev.h
@@ -628,7 +628,8 @@ int cnxk_ethdev_parse_devargs(struct rte_devargs *devargs,
int cnxk_nix_dev_get_reg(struct rte_eth_dev *eth_dev,
struct rte_dev_reg_info *regs);
/* Security */
-int cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p);
+int cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
+ uint32_t spi);
int cnxk_eth_outb_sa_idx_put(struct cnxk_eth_dev *dev, uint32_t idx);
int cnxk_nix_lookup_mem_sa_base_set(struct cnxk_eth_dev *dev);
int cnxk_nix_lookup_mem_sa_base_clear(struct cnxk_eth_dev *dev);
diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c
index 7351ab0dc5..d01ebb4c96 100644
--- a/drivers/net/cnxk/cnxk_ethdev_sec.c
+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c
@@ -29,7 +29,8 @@ bitmap_ctzll(uint64_t slab)
}
int
-cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p)
+cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
+ uint32_t spi)
{
uint32_t pos, idx;
uint64_t slab;
@@ -42,17 +43,24 @@ cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p)
slab = 0;
/* Scan from the beginning */
plt_bitmap_scan_init(dev->outb.sa_bmap);
- /* Scan bitmap to get the free sa index */
- rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
- /* Empty bitmap */
- if (rc == 0) {
- plt_err("Outbound SA' exhausted, use 'ipsec_out_max_sa' "
- "devargs to increase");
- return -ERANGE;
- }
- /* Get free SA index */
- idx = pos + bitmap_ctzll(slab);
+ if (dev->nix.custom_sa_action) {
+ if (spi > dev->outb.max_sa)
+ return -ENOTSUP;
+ idx = spi;
+ } else {
+ /* Scan bitmap to get the free sa index */
+ rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
+ /* Empty bitmap */
+ if (rc == 0) {
+ plt_err("Outbound SA' exhausted, use 'ipsec_out_max_sa' "
+ "devargs to increase");
+ return -ERANGE;
+ }
+
+ /* Get free SA index */
+ idx = pos + bitmap_ctzll(slab);
+ }
plt_bitmap_clear(dev->outb.sa_bmap, idx);
*idx_p = idx;
return 0;
diff --git a/drivers/net/cnxk/cnxk_flow.c b/drivers/net/cnxk/cnxk_flow.c
index 8763ca63d6..2d902489e0 100644
--- a/drivers/net/cnxk/cnxk_flow.c
+++ b/drivers/net/cnxk/cnxk_flow.c
@@ -205,6 +205,7 @@ cnxk_map_actions(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr,
case RTE_FLOW_ACTION_TYPE_SECURITY:
in_actions[i].type = ROC_NPC_ACTION_TYPE_SEC;
+ in_actions[i].conf = actions->conf;
break;
case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
in_actions[i].type = ROC_NPC_ACTION_TYPE_VLAN_STRIP;
diff --git a/drivers/net/cnxk/meson.build b/drivers/net/cnxk/meson.build
index 016a79b2a8..f347e98fce 100644
--- a/drivers/net/cnxk/meson.build
+++ b/drivers/net/cnxk/meson.build
@@ -192,3 +192,5 @@ foreach flag: extra_flags
cflags += flag
endif
endforeach
+
+headers = files('rte_pmd_cnxk.h')
diff --git a/drivers/net/cnxk/rte_pmd_cnxk.h b/drivers/net/cnxk/rte_pmd_cnxk.h
new file mode 100644
index 0000000000..8770425dfb
--- /dev/null
+++ b/drivers/net/cnxk/rte_pmd_cnxk.h
@@ -0,0 +1,94 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2022 Marvell.
+ */
+
+/**
+ * @file rte_pmd_cnxk.h
+ * CNXK PMD specific functions.
+ *
+ **/
+
+#ifndef _PMD_CNXK_H_
+#define _PMD_CNXK_H_
+
+#include <rte_compat.h>
+#include <rte_ethdev.h>
+#include <rte_ether.h>
+#include <rte_security.h>
+
+/** Algorithm type to be used with security action to
+ * calculate SA_index
+ */
+enum rte_pmd_cnxk_sec_action_alg {
+ /** No swizzling of SPI bits into SA index.
+ * SA_index is from SA_XOR if enabled.
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG0,
+ /** SPI<31:28> has 4 upper bits which segment the sequence number space.
+ * Initial SA_index is from SA_XOR if enabled.
+ * SA_alg = { 4'b0, SA_mcam[27:0] + SPI[31:28]}
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG1,
+ /** SPI<27:25> segment the sequence number space.
+ * Initial SA_index is from SA_XOR if enabled.
+ * SA_alg = { 7'b0, SA_mcam[24:0] + SPI[27:25]}
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG2,
+ /** The inbound SPI maybe "random", therefore we want the MCAM to be
+ * capable of remapping the SPI to an arbitrary SA_index.
+ * SPI to SA is done using a lookup in NIX/NPC cam entry with key as
+ * SPI, MATCH_ID, LFID.
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG3,
+};
+
+struct rte_pmd_cnxk_sec_action {
+ /** Used as lookup result for ALG3 */
+ uint32_t sa_index;
+ /** When true XOR initial SA_INDEX with SA_HI/SA_LO to get SA_MCAM */
+ bool sa_xor;
+ /** SA_hi and SA_lo values for xor */
+ uint16_t sa_hi, sa_lo;
+ /** Determines alg to be applied post SA_MCAM computation with/without
+ * XOR.
+ */
+ enum rte_pmd_cnxk_sec_action_alg alg;
+};
+
+/**
+ * Read HW SA context from session.
+ *
+ * @param device
+ * Port identifier of Ethernet device.
+ * @param sess
+ * Handle of the security session.
+ * @param[out] data
+ * Destination pointer to copy SA context for application.
+ * @param len
+ * Length of SA context to copy into data parameter.
+ *
+ * @return
+ * 0 on success, a negative errno value otherwise.
+ */
+__rte_experimental
+int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len);
+/**
+ * Write HW SA context to session.
+ *
+ * @param device
+ * Port identifier of Ethernet device.
+ * @param sess
+ * Handle of the security session.
+ * @param[in] data
+ * Source data pointer from application to copy SA context into session.
+ * @param len
+ * Length of SA context to copy from data parameter.
+ *
+ * @return
+ * 0 on success, a negative errno value otherwise.
+ */
+__rte_experimental
+int rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len);
+#endif /* _PMD_CNXK_H_ */
diff --git a/drivers/net/cnxk/version.map b/drivers/net/cnxk/version.map
index b9da6b1506..0bcc65fe6f 100644
--- a/drivers/net/cnxk/version.map
+++ b/drivers/net/cnxk/version.map
@@ -6,3 +6,10 @@ INTERNAL {
global:
cnxk_nix_inb_mode_set;
};
+
+EXPERIMENTAL {
+ # added in 22.07
+ global:
+ rte_pmd_cnxk_hw_sa_read;
+ rte_pmd_cnxk_hw_sa_write;
+};
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
@ 2022-05-04 5:12 ` kirankumark
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
2 siblings, 2 replies; 12+ messages in thread
From: kirankumark @ 2022-05-04 5:12 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao; +Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding ROC Flow changes to parse custom SA action for cnxk device.
When custom sa action is enabled, VTAG actions are not allowed.
And custom SA index will be calculated based on SA_HI and SA_LO
values. This allows the potential for a MCAM entry to match
many SAs, rather than only match a single SA.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
drivers/common/cnxk/roc_nix.h | 1 +
drivers/common/cnxk/roc_nix_inl.c | 13 ++++---
drivers/common/cnxk/roc_npc.c | 58 +++++++++++++++++++++++++++++++
drivers/common/cnxk/roc_npc.h | 19 ++++++++++
4 files changed, 86 insertions(+), 5 deletions(-)
diff --git a/drivers/common/cnxk/roc_nix.h b/drivers/common/cnxk/roc_nix.h
index dbb816d961..7313cc4d36 100644
--- a/drivers/common/cnxk/roc_nix.h
+++ b/drivers/common/cnxk/roc_nix.h
@@ -405,6 +405,7 @@ struct roc_nix {
bool io_enabled;
bool rx_ptp_ena;
uint16_t cints;
+ bool custom_sa_action;
#define ROC_NIX_MEM_SZ (6 * 1024)
uint8_t reserved[ROC_NIX_MEM_SZ] __plt_cache_aligned;
diff --git a/drivers/common/cnxk/roc_nix_inl.c b/drivers/common/cnxk/roc_nix_inl.c
index 826c6e99c1..e14f8a1f32 100644
--- a/drivers/common/cnxk/roc_nix_inl.c
+++ b/drivers/common/cnxk/roc_nix_inl.c
@@ -217,6 +217,14 @@ roc_nix_inl_inb_sa_get(struct roc_nix *roc_nix, bool inb_inl_dev, uint32_t spi)
if (!sa_base)
return 0;
+ /* Get SA size */
+ sz = roc_nix_inl_inb_sa_sz(roc_nix, inb_inl_dev);
+ if (!sz)
+ return 0;
+
+ if (roc_nix->custom_sa_action)
+ return (sa_base + (spi * sz));
+
/* Check if SPI is in range */
mask = roc_nix_inl_inb_spi_range(roc_nix, inb_inl_dev, &min_spi,
&max_spi);
@@ -224,11 +232,6 @@ roc_nix_inl_inb_sa_get(struct roc_nix *roc_nix, bool inb_inl_dev, uint32_t spi)
plt_warn("Inbound SA SPI %u not in range (%u..%u)", spi,
min_spi, max_spi);
- /* Get SA size */
- sz = roc_nix_inl_inb_sa_sz(roc_nix, inb_inl_dev);
- if (!sz)
- return 0;
-
/* Basic logic of SPI->SA for now */
return (sa_base + ((spi & mask) * sz));
}
diff --git a/drivers/common/cnxk/roc_npc.c b/drivers/common/cnxk/roc_npc.c
index fc88fd58bc..784f63d92a 100644
--- a/drivers/common/cnxk/roc_npc.c
+++ b/drivers/common/cnxk/roc_npc.c
@@ -293,6 +293,48 @@ roc_npc_validate_portid_action(struct roc_npc *roc_npc_src,
return 0;
}
+static int
+npc_parse_msns_action(struct roc_npc *roc_npc, const struct roc_npc_action *act,
+ struct roc_npc_flow *flow, uint8_t *has_msns_action)
+{
+ const struct roc_npc_sec_action *sec_action;
+ union {
+ uint64_t reg;
+ union nix_rx_vtag_action_u act;
+ } vtag_act;
+
+ if (roc_npc->roc_nix->custom_sa_action == 0 ||
+ roc_model_is_cn9k() == 1 || act->conf == NULL)
+ return 0;
+
+ *has_msns_action = true;
+ sec_action = act->conf;
+
+ vtag_act.reg = 0;
+ vtag_act.act.sa_xor = sec_action->sa_xor;
+ vtag_act.act.sa_hi = sec_action->sa_hi;
+ vtag_act.act.sa_lo = sec_action->sa_lo;
+
+ switch (sec_action->alg) {
+ case ROC_NPC_SEC_ACTION_ALG0:
+ break;
+ case ROC_NPC_SEC_ACTION_ALG1:
+ vtag_act.act.vtag1_valid = false;
+ vtag_act.act.vtag1_lid = ROC_NPC_SEC_ACTION_ALG1;
+ break;
+ case ROC_NPC_SEC_ACTION_ALG2:
+ vtag_act.act.vtag1_valid = false;
+ vtag_act.act.vtag1_lid = ROC_NPC_SEC_ACTION_ALG2;
+ break;
+ default:
+ return -1;
+ }
+
+ flow->vtag_action = vtag_act.reg;
+
+ return 0;
+}
+
static int
npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
const struct roc_npc_action actions[],
@@ -305,11 +347,13 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
const struct roc_npc_action_queue *act_q;
const struct roc_npc_action_vf *vf_act;
bool vlan_insert_action = false;
+ uint8_t has_msns_act = 0;
int sel_act, req_act = 0;
uint16_t pf_func, vf_id;
int errcode = 0;
int mark = 0;
int rq = 0;
+ int rc = 0;
/* Initialize actions */
flow->ctr_id = NPC_COUNTER_NONE;
@@ -399,6 +443,12 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
rq = 0;
pf_func = nix_inl_dev_pffunc_get();
}
+ rc = npc_parse_msns_action(roc_npc, actions, flow,
+ &has_msns_act);
+ if (rc) {
+ errcode = NPC_ERR_ACTION_NOTSUP;
+ goto err_exit;
+ }
break;
case ROC_NPC_ACTION_TYPE_VLAN_STRIP:
req_act |= ROC_NPC_ACTION_TYPE_VLAN_STRIP;
@@ -438,6 +488,14 @@ npc_parse_actions(struct roc_npc *roc_npc, const struct roc_npc_attr *attr,
goto err_exit;
}
+ if (has_msns_act && (vlan_insert_action ||
+ (req_act & ROC_NPC_ACTION_TYPE_VLAN_STRIP))) {
+ plt_err("Both MSNS and VLAN insert/strip action can't be supported"
+ " together");
+ errcode = NPC_ERR_ACTION_NOTSUP;
+ goto err_exit;
+ }
+
/* Both STRIP and INSERT actions are not supported */
if (vlan_insert_action && (req_act & ROC_NPC_ACTION_TYPE_VLAN_STRIP)) {
errcode = NPC_ERR_ACTION_NOTSUP;
diff --git a/drivers/common/cnxk/roc_npc.h b/drivers/common/cnxk/roc_npc.h
index 6204139396..78cdf3a318 100644
--- a/drivers/common/cnxk/roc_npc.h
+++ b/drivers/common/cnxk/roc_npc.h
@@ -209,6 +209,25 @@ struct roc_npc_action_meter {
uint32_t mtr_id; /**< Meter id to be applied. > */
};
+enum roc_npc_sec_action_alg {
+ ROC_NPC_SEC_ACTION_ALG0,
+ ROC_NPC_SEC_ACTION_ALG1,
+ ROC_NPC_SEC_ACTION_ALG2,
+ ROC_NPC_SEC_ACTION_ALG3,
+};
+
+struct roc_npc_sec_action {
+ /* Used as lookup result for ALG3 */
+ uint32_t sa_index;
+ /* When true XOR initial SA_INDEX with SA_HI/SA_LO to get SA_MCAM */
+ bool sa_xor;
+ uint16_t sa_hi, sa_lo;
+ /* Determines alg to be applied post SA_MCAM computation with/without
+ * XOR
+ */
+ enum roc_npc_sec_action_alg alg;
+};
+
struct roc_npc_attr {
uint32_t priority; /**< Rule priority level within group. */
uint32_t ingress : 1; /**< Rule applies to ingress traffic. */
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
@ 2022-05-04 5:12 ` kirankumark
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
1 sibling, 0 replies; 12+ messages in thread
From: kirankumark @ 2022-05-04 5:12 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao; +Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding devargs support to parse custom sa action.
Devargs can be specified in the following way.
-a 0002:02:00.0,custom_sa_act=1
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
doc/guides/nics/cnxk.rst | 20 ++++++++++++++++++++
drivers/net/cnxk/cnxk_ethdev_devargs.c | 10 ++++++++--
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/doc/guides/nics/cnxk.rst b/doc/guides/nics/cnxk.rst
index 31c801fa04..e5087343ed 100644
--- a/doc/guides/nics/cnxk.rst
+++ b/doc/guides/nics/cnxk.rst
@@ -251,6 +251,26 @@ Runtime Config Options
With the above configuration, application can enable inline IPsec processing
for 128 outbound SAs.
+- ``Enable custom SA action`` (default ``0``)
+
+ Custom SA action can be enabled by specifying ``custom_sa_act`` ``devargs`` parameter.
+
+ For example::
+
+ -a 0002:02:00.0,custom_sa_act=1
+
+ With the above configuration, application can enable custom SA action. This
+ configuration allows the potential for a MCAM entry to match many SAs,
+ rather than only match a single SA.
+ For cnxk device sa_index will be calculated based on SPI value. So, it will
+ be 1 to 1 mapping. By enabling this devargs and setting a MCAM rule, will
+ allow application to configure the sa_index as part of session create. And
+ later original SPI value can be updated using session update.
+ For example, application can set sa_index as 0 using session create as SPI value
+ and later can update the original SPI value (for example 0x10000001) using
+ session update. And create a flow rule with security action and algorithm as
+ RTE_PMD_CNXK_SEC_ACTION_ALG0 and sa_hi as 0x1000 and sa_lo as 0x0001.
+
- ``Outbound CPT LF queue size`` (default ``8200``)
Size of Outbound CPT LF queue in number of descriptors can be specified by
diff --git a/drivers/net/cnxk/cnxk_ethdev_devargs.c b/drivers/net/cnxk/cnxk_ethdev_devargs.c
index 9b2beb6743..248582e1f6 100644
--- a/drivers/net/cnxk/cnxk_ethdev_devargs.c
+++ b/drivers/net/cnxk/cnxk_ethdev_devargs.c
@@ -245,6 +245,7 @@ parse_sdp_channel_mask(const char *key, const char *value, void *extra_args)
#define CNXK_OUTB_NB_CRYPTO_QS "outb_nb_crypto_qs"
#define CNXK_SDP_CHANNEL_MASK "sdp_channel_mask"
#define CNXK_FLOW_PRE_L2_INFO "flow_pre_l2_info"
+#define CNXK_CUSTOM_SA_ACT "custom_sa_act"
int
cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
@@ -263,9 +264,10 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
struct sdp_channel sdp_chan;
uint16_t rss_tag_as_xor = 0;
uint16_t scalar_enable = 0;
- uint8_t lock_rx_ctx = 0;
+ uint16_t custom_sa_act = 0;
struct rte_kvargs *kvlist;
uint16_t no_inl_dev = 0;
+ uint8_t lock_rx_ctx = 0;
memset(&sdp_chan, 0, sizeof(sdp_chan));
memset(&pre_l2_info, 0, sizeof(struct flow_pre_l2_size_info));
@@ -307,6 +309,8 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
&parse_sdp_channel_mask, &sdp_chan);
rte_kvargs_process(kvlist, CNXK_FLOW_PRE_L2_INFO,
&parse_pre_l2_hdr_info, &pre_l2_info);
+ rte_kvargs_process(kvlist, CNXK_CUSTOM_SA_ACT, &parse_flag,
+ &custom_sa_act);
rte_kvargs_free(kvlist);
null_devargs:
@@ -323,6 +327,7 @@ cnxk_ethdev_parse_devargs(struct rte_devargs *devargs, struct cnxk_eth_dev *dev)
dev->nix.max_sqb_count = sqb_count;
dev->nix.reta_sz = reta_sz;
dev->nix.lock_rx_ctx = lock_rx_ctx;
+ dev->nix.custom_sa_action = custom_sa_act;
dev->npc.flow_prealloc_size = flow_prealloc_size;
dev->npc.flow_max_priority = flow_max_priority;
dev->npc.switch_header_type = switch_header_type;
@@ -350,4 +355,5 @@ RTE_PMD_REGISTER_PARAM_STRING(net_cnxk,
CNXK_FLOW_PRE_L2_INFO "=<0-255>/<1-255>/<0-1>"
CNXK_OUTB_NB_CRYPTO_QS "=<1-64>"
CNXK_NO_INL_DEV "=0"
- CNXK_SDP_CHANNEL_MASK "=<1-4095>/<1-4095>");
+ CNXK_SDP_CHANNEL_MASK "=<1-4095>/<1-4095>"
+ CNXK_CUSTOM_SA_ACT "=1");
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
@ 2022-05-04 5:12 ` kirankumark
1 sibling, 0 replies; 12+ messages in thread
From: kirankumark @ 2022-05-04 5:12 UTC (permalink / raw)
To: Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori, Satha Rao,
Ray Kinsella
Cc: dev
From: Kiran Kumar K <kirankumark@marvell.com>
Adding cnxk device driver support to configure custom sa index.
Custom sa index can be configured as part of the session create
as SPI, and later original SPI can be updated using session update.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
---
doc/api/doxy-api-index.md | 3 +-
doc/api/doxy-api.conf.in | 1 +
drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++++++-
drivers/net/cnxk/cn9k_ethdev.c | 6 ++
drivers/net/cnxk/cn9k_ethdev_sec.c | 2 +-
drivers/net/cnxk/cnxk_ethdev.h | 3 +-
drivers/net/cnxk/cnxk_ethdev_sec.c | 30 +++++---
drivers/net/cnxk/cnxk_flow.c | 1 +
drivers/net/cnxk/meson.build | 2 +
drivers/net/cnxk/rte_pmd_cnxk.h | 94 ++++++++++++++++++++++++
drivers/net/cnxk/version.map | 7 ++
11 files changed, 241 insertions(+), 15 deletions(-)
create mode 100644 drivers/net/cnxk/rte_pmd_cnxk.h
diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md
index 4245b9635c..8f9564ee84 100644
--- a/doc/api/doxy-api-index.md
+++ b/doc/api/doxy-api-index.md
@@ -56,7 +56,8 @@ The public API headers are grouped by topics:
[dpaa2_qdma] (@ref rte_pmd_dpaa2_qdma.h),
[crypto_scheduler] (@ref rte_cryptodev_scheduler.h),
[dlb2] (@ref rte_pmd_dlb2.h),
- [ifpga] (@ref rte_pmd_ifpga.h)
+ [ifpga] (@ref rte_pmd_ifpga.h),
+ [cnxk] (@ref rte_pmd_cnxk.h)
- **memory**:
[memseg] (@ref rte_memory.h),
diff --git a/doc/api/doxy-api.conf.in b/doc/api/doxy-api.conf.in
index db2ca9b6ed..b49942412d 100644
--- a/doc/api/doxy-api.conf.in
+++ b/doc/api/doxy-api.conf.in
@@ -12,6 +12,7 @@ INPUT = @TOPDIR@/doc/api/doxy-api-index.md \
@TOPDIR@/drivers/net/ark \
@TOPDIR@/drivers/net/bnxt \
@TOPDIR@/drivers/net/bonding \
+ @TOPDIR@/drivers/net/cnxk \
@TOPDIR@/drivers/net/dpaa \
@TOPDIR@/drivers/net/dpaa2 \
@TOPDIR@/drivers/net/i40e \
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 87bb691ab4..60ae5d7d99 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -6,6 +6,7 @@
#include <rte_eventdev.h>
#include <rte_security.h>
#include <rte_security_driver.h>
+#include <rte_pmd_cnxk.h>
#include <cn10k_ethdev.h>
#include <cnxk_security.h>
@@ -502,7 +503,7 @@ cn10k_eth_sec_session_create(void *device,
ROC_NIX_INL_OT_IPSEC_OUTB_SW_RSVD);
/* Alloc an sa index */
- rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
+ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi);
if (rc)
goto mempool_put;
@@ -657,6 +658,109 @@ cn10k_eth_sec_capabilities_get(void *device __rte_unused)
return cn10k_eth_sec_capabilities;
}
+static int
+cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct roc_ot_ipsec_inb_sa *inb_sa_dptr;
+ struct rte_security_ipsec_xform *ipsec;
+ struct rte_crypto_sym_xform *crypto;
+ struct cnxk_eth_sec_sess *eth_sec;
+ bool inbound;
+ int rc;
+
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
+ conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC)
+ return -ENOENT;
+
+ ipsec = &conf->ipsec;
+ crypto = conf->crypto_xform;
+ inbound = !!(ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (!eth_sec)
+ return -ENOENT;
+
+ eth_sec->spi = conf->ipsec.spi;
+
+ if (inbound) {
+ inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr;
+ memset(inb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa));
+
+ rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto,
+ true);
+ if (rc)
+ return -EINVAL;
+
+ rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_inb_sa));
+ if (rc)
+ return -EINVAL;
+ } else {
+ struct roc_ot_ipsec_outb_sa *outb_sa_dptr;
+
+ outb_sa_dptr = (struct roc_ot_ipsec_outb_sa *)dev->outb.sa_dptr;
+ memset(outb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa));
+
+ rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
+ if (rc)
+ return -EINVAL;
+ rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_outb_sa));
+ if (rc)
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+int
+rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_eth_sec_sess *eth_sec;
+ int rc;
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (eth_sec == NULL)
+ return -EINVAL;
+
+ rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
+ ROC_NIX_INL_SA_OP_FLUSH);
+ if (rc)
+ return -EINVAL;
+ rte_delay_ms(1);
+ memcpy(data, eth_sec->sa, len);
+
+ return 0;
+}
+
+int
+rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_eth_sec_sess *eth_sec;
+ int rc = -EINVAL;
+
+ eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
+ if (eth_sec == NULL)
+ return rc;
+ rc = roc_nix_inl_ctx_write(&dev->nix, data, eth_sec->sa, eth_sec->inb,
+ len);
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
void
cn10k_eth_sec_ops_override(void)
{
@@ -670,4 +774,5 @@ cn10k_eth_sec_ops_override(void)
cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
+ cnxk_eth_sec_ops.session_update = cn10k_eth_sec_session_update;
}
diff --git a/drivers/net/cnxk/cn9k_ethdev.c b/drivers/net/cnxk/cn9k_ethdev.c
index eda33dc8c5..d6d02c2cad 100644
--- a/drivers/net/cnxk/cn9k_ethdev.c
+++ b/drivers/net/cnxk/cn9k_ethdev.c
@@ -739,6 +739,12 @@ cn9k_nix_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
/* Update HW erratas */
if (roc_model_is_cn96_a0() || roc_model_is_cn95_a0())
dev->cq_min_4k = 1;
+
+ if (dev->nix.custom_sa_action) {
+ dev->nix.custom_sa_action = 0;
+ plt_info("WARNING: Custom SA action is enabled. It's not supported"
+ " on cn9k device. Disabling it");
+ }
return 0;
}
diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c
index fa72424b4b..4dd0b6185e 100644
--- a/drivers/net/cnxk/cn9k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn9k_ethdev_sec.c
@@ -262,7 +262,7 @@ cn9k_eth_sec_session_create(void *device,
ROC_NIX_INL_ONF_IPSEC_OUTB_SW_RSVD);
/* Alloc an sa index */
- rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx);
+ rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, 0);
if (rc)
goto mempool_put;
diff --git a/drivers/net/cnxk/cnxk_ethdev.h b/drivers/net/cnxk/cnxk_ethdev.h
index ccdf496860..b21011a6d0 100644
--- a/drivers/net/cnxk/cnxk_ethdev.h
+++ b/drivers/net/cnxk/cnxk_ethdev.h
@@ -628,7 +628,8 @@ int cnxk_ethdev_parse_devargs(struct rte_devargs *devargs,
int cnxk_nix_dev_get_reg(struct rte_eth_dev *eth_dev,
struct rte_dev_reg_info *regs);
/* Security */
-int cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p);
+int cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
+ uint32_t spi);
int cnxk_eth_outb_sa_idx_put(struct cnxk_eth_dev *dev, uint32_t idx);
int cnxk_nix_lookup_mem_sa_base_set(struct cnxk_eth_dev *dev);
int cnxk_nix_lookup_mem_sa_base_clear(struct cnxk_eth_dev *dev);
diff --git a/drivers/net/cnxk/cnxk_ethdev_sec.c b/drivers/net/cnxk/cnxk_ethdev_sec.c
index 7351ab0dc5..d01ebb4c96 100644
--- a/drivers/net/cnxk/cnxk_ethdev_sec.c
+++ b/drivers/net/cnxk/cnxk_ethdev_sec.c
@@ -29,7 +29,8 @@ bitmap_ctzll(uint64_t slab)
}
int
-cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p)
+cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p,
+ uint32_t spi)
{
uint32_t pos, idx;
uint64_t slab;
@@ -42,17 +43,24 @@ cnxk_eth_outb_sa_idx_get(struct cnxk_eth_dev *dev, uint32_t *idx_p)
slab = 0;
/* Scan from the beginning */
plt_bitmap_scan_init(dev->outb.sa_bmap);
- /* Scan bitmap to get the free sa index */
- rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
- /* Empty bitmap */
- if (rc == 0) {
- plt_err("Outbound SA' exhausted, use 'ipsec_out_max_sa' "
- "devargs to increase");
- return -ERANGE;
- }
- /* Get free SA index */
- idx = pos + bitmap_ctzll(slab);
+ if (dev->nix.custom_sa_action) {
+ if (spi > dev->outb.max_sa)
+ return -ENOTSUP;
+ idx = spi;
+ } else {
+ /* Scan bitmap to get the free sa index */
+ rc = plt_bitmap_scan(dev->outb.sa_bmap, &pos, &slab);
+ /* Empty bitmap */
+ if (rc == 0) {
+ plt_err("Outbound SA' exhausted, use 'ipsec_out_max_sa' "
+ "devargs to increase");
+ return -ERANGE;
+ }
+
+ /* Get free SA index */
+ idx = pos + bitmap_ctzll(slab);
+ }
plt_bitmap_clear(dev->outb.sa_bmap, idx);
*idx_p = idx;
return 0;
diff --git a/drivers/net/cnxk/cnxk_flow.c b/drivers/net/cnxk/cnxk_flow.c
index 8763ca63d6..2d902489e0 100644
--- a/drivers/net/cnxk/cnxk_flow.c
+++ b/drivers/net/cnxk/cnxk_flow.c
@@ -205,6 +205,7 @@ cnxk_map_actions(struct rte_eth_dev *eth_dev, const struct rte_flow_attr *attr,
case RTE_FLOW_ACTION_TYPE_SECURITY:
in_actions[i].type = ROC_NPC_ACTION_TYPE_SEC;
+ in_actions[i].conf = actions->conf;
break;
case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
in_actions[i].type = ROC_NPC_ACTION_TYPE_VLAN_STRIP;
diff --git a/drivers/net/cnxk/meson.build b/drivers/net/cnxk/meson.build
index 016a79b2a8..f347e98fce 100644
--- a/drivers/net/cnxk/meson.build
+++ b/drivers/net/cnxk/meson.build
@@ -192,3 +192,5 @@ foreach flag: extra_flags
cflags += flag
endif
endforeach
+
+headers = files('rte_pmd_cnxk.h')
diff --git a/drivers/net/cnxk/rte_pmd_cnxk.h b/drivers/net/cnxk/rte_pmd_cnxk.h
new file mode 100644
index 0000000000..8770425dfb
--- /dev/null
+++ b/drivers/net/cnxk/rte_pmd_cnxk.h
@@ -0,0 +1,94 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2022 Marvell.
+ */
+
+/**
+ * @file rte_pmd_cnxk.h
+ * CNXK PMD specific functions.
+ *
+ **/
+
+#ifndef _PMD_CNXK_H_
+#define _PMD_CNXK_H_
+
+#include <rte_compat.h>
+#include <rte_ethdev.h>
+#include <rte_ether.h>
+#include <rte_security.h>
+
+/** Algorithm type to be used with security action to
+ * calculate SA_index
+ */
+enum rte_pmd_cnxk_sec_action_alg {
+ /** No swizzling of SPI bits into SA index.
+ * SA_index is from SA_XOR if enabled.
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG0,
+ /** SPI<31:28> has 4 upper bits which segment the sequence number space.
+ * Initial SA_index is from SA_XOR if enabled.
+ * SA_alg = { 4'b0, SA_mcam[27:0] + SPI[31:28]}
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG1,
+ /** SPI<27:25> segment the sequence number space.
+ * Initial SA_index is from SA_XOR if enabled.
+ * SA_alg = { 7'b0, SA_mcam[24:0] + SPI[27:25]}
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG2,
+ /** The inbound SPI maybe "random", therefore we want the MCAM to be
+ * capable of remapping the SPI to an arbitrary SA_index.
+ * SPI to SA is done using a lookup in NIX/NPC cam entry with key as
+ * SPI, MATCH_ID, LFID.
+ */
+ RTE_PMD_CNXK_SEC_ACTION_ALG3,
+};
+
+struct rte_pmd_cnxk_sec_action {
+ /** Used as lookup result for ALG3 */
+ uint32_t sa_index;
+ /** When true XOR initial SA_INDEX with SA_HI/SA_LO to get SA_MCAM */
+ bool sa_xor;
+ /** SA_hi and SA_lo values for xor */
+ uint16_t sa_hi, sa_lo;
+ /** Determines alg to be applied post SA_MCAM computation with/without
+ * XOR.
+ */
+ enum rte_pmd_cnxk_sec_action_alg alg;
+};
+
+/**
+ * Read HW SA context from session.
+ *
+ * @param device
+ * Port identifier of Ethernet device.
+ * @param sess
+ * Handle of the security session.
+ * @param[out] data
+ * Destination pointer to copy SA context for application.
+ * @param len
+ * Length of SA context to copy into data parameter.
+ *
+ * @return
+ * 0 on success, a negative errno value otherwise.
+ */
+__rte_experimental
+int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len);
+/**
+ * Write HW SA context to session.
+ *
+ * @param device
+ * Port identifier of Ethernet device.
+ * @param sess
+ * Handle of the security session.
+ * @param[in] data
+ * Source data pointer from application to copy SA context into session.
+ * @param len
+ * Length of SA context to copy from data parameter.
+ *
+ * @return
+ * 0 on success, a negative errno value otherwise.
+ */
+__rte_experimental
+int rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
+ void *data, uint32_t len);
+#endif /* _PMD_CNXK_H_ */
diff --git a/drivers/net/cnxk/version.map b/drivers/net/cnxk/version.map
index b9da6b1506..0bcc65fe6f 100644
--- a/drivers/net/cnxk/version.map
+++ b/drivers/net/cnxk/version.map
@@ -6,3 +6,10 @@ INTERNAL {
global:
cnxk_nix_inb_mode_set;
};
+
+EXPERIMENTAL {
+ # added in 22.07
+ global:
+ rte_pmd_cnxk_hw_sa_read;
+ rte_pmd_cnxk_hw_sa_write;
+};
--
2.25.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
@ 2022-05-04 8:44 ` Ray Kinsella
2022-05-07 10:17 ` Jerin Jacob
0 siblings, 1 reply; 12+ messages in thread
From: Ray Kinsella @ 2022-05-04 8:44 UTC (permalink / raw)
To: kirankumark; +Cc: Nithin Dabilpuram, Sunil Kumar Kori, Satha Rao, dev
kirankumark@marvell.com writes:
> From: Kiran Kumar K <kirankumark@marvell.com>
>
> Adding cnxk device driver support to configure custom sa index.
> Custom sa index can be configured as part of the session create
> as SPI, and later original SPI can be updated using session update.
>
> Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
> ---
> doc/api/doxy-api-index.md | 3 +-
> doc/api/doxy-api.conf.in | 1 +
> drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++++++-
> drivers/net/cnxk/cn9k_ethdev.c | 6 ++
> drivers/net/cnxk/cn9k_ethdev_sec.c | 2 +-
> drivers/net/cnxk/cnxk_ethdev.h | 3 +-
> drivers/net/cnxk/cnxk_ethdev_sec.c | 30 +++++---
> drivers/net/cnxk/cnxk_flow.c | 1 +
> drivers/net/cnxk/meson.build | 2 +
> drivers/net/cnxk/rte_pmd_cnxk.h | 94 ++++++++++++++++++++++++
> drivers/net/cnxk/version.map | 7 ++
> 11 files changed, 241 insertions(+), 15 deletions(-)
> create mode 100644 drivers/net/cnxk/rte_pmd_cnxk.h
>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index
2022-05-04 8:44 ` Ray Kinsella
@ 2022-05-07 10:17 ` Jerin Jacob
0 siblings, 0 replies; 12+ messages in thread
From: Jerin Jacob @ 2022-05-07 10:17 UTC (permalink / raw)
To: Ray Kinsella
Cc: Kiran Kumar K, Nithin Dabilpuram, Sunil Kumar Kori, Satha Rao, dpdk-dev
On Wed, May 4, 2022 at 2:14 PM Ray Kinsella <mdr@ashroe.eu> wrote:
>
>
> kirankumark@marvell.com writes:
>
> > From: Kiran Kumar K <kirankumark@marvell.com>
> >
> > Adding cnxk device driver support to configure custom sa index.
> > Custom sa index can be configured as part of the session create
> > as SPI, and later original SPI can be updated using session update.
> >
> > Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
> > ---
> > doc/api/doxy-api-index.md | 3 +-
> > doc/api/doxy-api.conf.in | 1 +
> > drivers/net/cnxk/cn10k_ethdev_sec.c | 107 +++++++++++++++++++++++++++-
> > drivers/net/cnxk/cn9k_ethdev.c | 6 ++
> > drivers/net/cnxk/cn9k_ethdev_sec.c | 2 +-
> > drivers/net/cnxk/cnxk_ethdev.h | 3 +-
> > drivers/net/cnxk/cnxk_ethdev_sec.c | 30 +++++---
> > drivers/net/cnxk/cnxk_flow.c | 1 +
> > drivers/net/cnxk/meson.build | 2 +
> > drivers/net/cnxk/rte_pmd_cnxk.h | 94 ++++++++++++++++++++++++
> > drivers/net/cnxk/version.map | 7 ++
> > 11 files changed, 241 insertions(+), 15 deletions(-)
> > create mode 100644 drivers/net/cnxk/rte_pmd_cnxk.h
> >
>
> Acked-by: Ray Kinsella <mdr@ashroe.eu>
Series Acked-by: Jerin Jacob <jerinj@marvell.com>
Updated the git commit as follows and Series applied to
dpdk-next-net-mrvl/for-next-net. Thanks
commit 5aa4c7ec93062381cdd155b2a87962a7e0186451 (HEAD -> for-next-net,
origin/for-next-net)
Author: Kiran Kumar K <kirankumark@marvell.com>
Date: Wed May 4 10:41:18 2022 +0530
net/cnxk: support to configure custom SA index
Adding cnxk device driver support to configure custom SA index.
Custom SA index can be configured as part of the session create
as SPI, and later original SPI can be updated using session update.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Jerin Jacob <jerinj@marvell.com>
commit 1d63211bab5e87695d118b3b80e7b97c7eb18d99
Author: Kiran Kumar K <kirankumark@marvell.com>
Date: Wed May 4 10:41:17 2022 +0530
net/cnxk: devargs support to parse custom SA action
Adding devargs support to parse custom SA action.
Devargs can be specified in the following way.
-a 0002:02:00.0,custom_sa_act=1
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
commit 8f8ce5cce0f29308edca8c65520c52a2d45b9f45
Author: Kiran Kumar K <kirankumark@marvell.com>
Date: Wed May 4 10:41:16 2022 +0530
common/cnxk: support to parse custom SA action
Adding ROC Flow changes to parse custom SA action for cnxk device.
When custom sa action is enabled, VTAG actions are not allowed.
And custom SA index will be calculated based on SA_HI and SA_LO
values. This allows the potential for a MCAM entry to match
many SAs, rather than only match a single SA.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2022-05-07 10:17 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-22 4:38 [dpdk-dev][PATCH 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2022-04-22 4:38 ` [dpdk-dev][PATCH 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
2022-04-22 4:38 ` [dpdk-dev][PATCH 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
2022-04-26 10:14 ` Ray Kinsella
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
2022-05-04 5:11 ` [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
2022-05-04 8:44 ` Ray Kinsella
2022-05-07 10:17 ` Jerin Jacob
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 1/3] common/cnxk: add ROC support to parse cnxk custom sa action kirankumark
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 2/3] net/cnxk: add devargs support to parse custom SA action kirankumark
2022-05-04 5:12 ` [dpdk-dev][PATCH v2 3/3] net/cnxk: adding cnxk support to configure custom sa index kirankumark
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).