* [PATCH] examples/ipsec-secgw: add security capabilities mapping
@ 2023-07-20 13:21 Akhil Goyal
2023-09-19 12:41 ` Akhil Goyal
2023-09-19 19:19 ` Akhil Goyal
0 siblings, 2 replies; 3+ messages in thread
From: Akhil Goyal @ 2023-07-20 13:21 UTC (permalink / raw)
To: dev; +Cc: radu.nicolau, anoobj, hemant.agrawal, Akhil Goyal
Currently the cryptodev queue pair mapping was done only
on lookaside crypto capabilities.
But device capabilities for lookaside crypto and
lookaside proto may be different.
Hence, mappings are also added for rte_security_capabilities
of cryptodev.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 41 ++++++++++++++++++++++++++++--
1 file changed, 39 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 72b3bfba9e..3ab7995fd5 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1555,6 +1555,8 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
struct lcore_conf *qconf;
struct ipsec_ctx *ipsec_ctx;
const char *str;
+ void *sec_ctx;
+ const struct rte_security_capability *sec_cap;
qconf = &lcore_conf[params->lcore_id];
@@ -1569,8 +1571,8 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
}
/* Required cryptodevs with operation chaining */
- if (!(dev_info->feature_flags &
- RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
+ if (!(dev_info->feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING) &&
+ !(dev_info->feature_flags & RTE_CRYPTODEV_FF_SECURITY))
return ret;
for (i = dev_info->capabilities;
@@ -1600,6 +1602,41 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
}
}
+ sec_ctx = rte_cryptodev_get_sec_ctx(cdev_id);
+ if (sec_ctx == NULL)
+ return ret;
+
+ sec_cap = rte_security_capabilities_get(sec_ctx);
+ if (sec_cap == NULL)
+ return ret;
+
+ for (i = sec_cap->crypto_capabilities;
+ i->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; i++) {
+ if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ continue;
+
+ if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ ret |= add_mapping(str, cdev_id, qp, params,
+ ipsec_ctx, NULL, NULL, i);
+ continue;
+ }
+
+ if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+ continue;
+
+ for (j = sec_cap->crypto_capabilities;
+ j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
+ if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ continue;
+
+ if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
+ continue;
+
+ ret |= add_mapping(str, cdev_id, qp, params,
+ ipsec_ctx, i, j, NULL);
+ }
+ }
+
return ret;
}
--
2.25.1
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-19 19:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-20 13:21 [PATCH] examples/ipsec-secgw: add security capabilities mapping Akhil Goyal
2023-09-19 12:41 ` Akhil Goyal
2023-09-19 19:19 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).