DPDK patches and discussions
 help / color / mirror / Atom feed
From: Pavel Belous <Pavel.Belous@aquantia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: Ferruh Yigit <ferruh.yigit@intel.com>,
	Akhil Goyal <akhil.goyal@nxp.com>,
	 John McNamara <john.mcnamara@intel.com>,
	Declan Doherty <declan.doherty@intel.com>,
	Konstantin Ananyev <konstantin.ananyev@intel.com>,
	Thomas Monjalon <thomas@monjalon.net>,
	Igor Russkikh <Igor.Russkikh@aquantia.com>,
	Fenilkumar Patel <fenpatel@cisco.com>,
	 Hitesh K Maisheri <hmaisher@cisco.com>,
	Pavel Belous <Pavel.Belous@aquantia.com>,
	Pavel Belous <Pavel.Belous@aquantia.com>
Subject: [dpdk-dev] [RFC v2 6/7] app/testpmd: macsec on/off commands using rte_security interface
Date: Fri, 25 Oct 2019 17:54:08 +0000	[thread overview]
Message-ID: <357ff7d38cb313efe4278dc7cf175bb60bab398b.1571928488.git.Pavel.Belous@aquantia.com> (raw)
In-Reply-To: <cover.1571928488.git.Pavel.Belous@aquantia.com>

From: Pavel Belous <Pavel.Belous@aquantia.com>

Here we create/get security mempool, get sec_ctx, and then
request session creation with macsec specific session configuration.

encrypt and replay_protection parameters are really not a global macsec
attributes, they are related to tx and rx security connection properties.

But we keep testpmd commands structure the same for now and will redesign
it in later commits.

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 app/test-pmd/Makefile    |  1 +
 app/test-pmd/cmdline.c   |  9 ++----
 app/test-pmd/macsec.c    | 82 ++++++++++++++++++++++++++++++++++++++++++++++++
 app/test-pmd/macsec.h    | 12 +++++++
 app/test-pmd/meson.build |  3 +-
 5 files changed, 100 insertions(+), 7 deletions(-)
 create mode 100644 app/test-pmd/macsec.c
 create mode 100644 app/test-pmd/macsec.h

diff --git a/app/test-pmd/Makefile b/app/test-pmd/Makefile
index d5258ea..14cd7f0 100644
--- a/app/test-pmd/Makefile
+++ b/app/test-pmd/Makefile
@@ -37,6 +37,7 @@ SRCS-y += noisy_vnf.c
 SRCS-$(CONFIG_RTE_LIBRTE_IEEE1588) += ieee1588fwd.c
 SRCS-$(CONFIG_RTE_LIBRTE_BPF) += bpf_cmd.c
 SRCS-y += util.c
+SRCS-y += macsec.c
 
 ifeq ($(CONFIG_RTE_LIBRTE_PMD_SOFTNIC), y)
 SRCS-y += softnicfwd.c
diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
index ffc8b70..10f48f8 100644
--- a/app/test-pmd/cmdline.c
+++ b/app/test-pmd/cmdline.c
@@ -75,6 +75,7 @@
 #include "cmdline_mtr.h"
 #include "cmdline_tm.h"
 #include "bpf_cmd.h"
+#include "macsec.h"
 
 static struct cmdline *testpmd_cl;
 
@@ -14124,9 +14125,7 @@ cmd_set_macsec_offload_on_parsed(
 		return;
 
 	if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
-		ret = rte_pmd_ixgbe_macsec_enable(port_id, en, rp);
-#endif
+		ret = set_macsec_on_off(port_id, 1, en, rp);
 	}
 	RTE_SET_USED(en);
 	RTE_SET_USED(rp);
@@ -14221,9 +14220,7 @@ cmd_set_macsec_offload_off_parsed(
 		return;
 
 	if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
-		ret = rte_pmd_ixgbe_macsec_disable(port_id);
-#endif
+		ret = set_macsec_on_off(port_id, 0, 0, 0);
 	}
 	switch (ret) {
 	case 0:
diff --git a/app/test-pmd/macsec.c b/app/test-pmd/macsec.c
new file mode 100644
index 0000000..fc7976d
--- /dev/null
+++ b/app/test-pmd/macsec.c
@@ -0,0 +1,82 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2010-2016 Intel Corporation.
+ * Copyright(c) 2014 6WIND S.A.
+ */
+
+#include <rte_ethdev.h>
+#include <rte_flow.h>
+#include <rte_security.h>
+#include "macsec.h"
+
+#define TESTPMD_MEMPOOL_NAME "testpmd_security_pool"
+
+struct macsec_params {
+	struct rte_mempool *mp;
+	struct rte_security_session *session;
+	int replay_protection_enabled;
+	int encryption_enabled;
+};
+
+static struct macsec_params macsec_param;
+
+static struct rte_mempool *get_security_pool(struct rte_security_ctx *ctx)
+{
+	struct rte_mempool *mp = rte_mempool_lookup(TESTPMD_MEMPOOL_NAME);
+
+	if (!mp) {
+		unsigned int ssize = rte_security_session_get_size(ctx);
+
+		if (ssize) {
+			mp = rte_mempool_create("testpmd_security_pool",
+				1, /* One sesion */
+				ssize,
+				0, 0, NULL, NULL, NULL, NULL,
+				SOCKET_ID_ANY, 0);
+		}
+	}
+
+	return mp;
+}
+
+int set_macsec_on_off(portid_t port_id, int on, int en, int rp)
+{
+	struct rte_security_session_conf macsec_conf;
+	struct rte_security_ctx *ctx;
+	struct rte_mempool *mp;
+	int err = 0;
+
+	ctx = rte_eth_dev_get_sec_ctx(port_id);
+
+	if (!ctx) {
+		err = -ENOTSUP;
+		goto done;
+	}
+
+	mp = get_security_pool(ctx);
+
+	macsec_conf.action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+	macsec_conf.protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+	macsec_conf.macsec.op = RTE_SECURITY_MACSEC_OP_CONFIG;
+
+	if (on) {
+		macsec_param.session = rte_security_session_create(ctx, &macsec_conf, mp);
+
+		if (!macsec_param.session) {
+			err = -ENOTSUP;
+			goto done;
+		}
+
+		macsec_param.replay_protection_enabled = rp;
+		macsec_param.encryption_enabled = en;
+	} else {
+		if (macsec_param.session) {
+			err = rte_security_session_destroy(ctx, macsec_param.session);
+		} else {
+			err = -ENOTSUP;
+		}
+	}
+
+done:
+	return err;
+}
+
diff --git a/app/test-pmd/macsec.h b/app/test-pmd/macsec.h
new file mode 100644
index 0000000..42a534f
--- /dev/null
+++ b/app/test-pmd/macsec.h
@@ -0,0 +1,12 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#ifndef _TESTPMD_MACSEC_H_
+#define _TESTPMD_MACSEC_H_
+
+#include "testpmd.h"
+
+int set_macsec_on_off(portid_t port_id, int on, int en, int rp);
+
+#endif
diff --git a/app/test-pmd/meson.build b/app/test-pmd/meson.build
index 6006c60..755bab2 100644
--- a/app/test-pmd/meson.build
+++ b/app/test-pmd/meson.build
@@ -22,7 +22,8 @@ sources = files('cmdline.c',
 	'rxonly.c',
 	'testpmd.c',
 	'txonly.c',
-	'util.c')
+	'util.c',
+	'macsec.c')
 
 deps += ['ethdev', 'gro', 'gso', 'cmdline', 'metrics', 'meter', 'bus_pci']
 if dpdk_conf.has('RTE_LIBRTE_PDUMP')
-- 
2.7.4


  parent reply	other threads:[~2019-10-25 17:55 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-25 17:53 [dpdk-dev] [RFC v2 0/7] RFC: Support MACSEC offload in the RTE_SECURITY infrastructure Pavel Belous
2019-10-25 17:53 ` [dpdk-dev] [RFC v2 1/7] security: MACSEC infrastructure data declarations Pavel Belous
2019-10-25 17:53 ` [dpdk-dev] [RFC v2 2/7] security: Update rte_security documentation Pavel Belous
2019-10-25 17:53 ` [dpdk-dev] [RFC v2 3/7] net/atlantic: Add helper functions for PHY access Pavel Belous
2019-10-25 17:54 ` [dpdk-dev] [RFC v2 4/7] net/atlantic: add MACSEC internal HW data declaration and functions Pavel Belous
2019-10-25 17:54 ` [dpdk-dev] [RFC v2 5/7] net/atlantic: implementation of the MACSEC using rte_security interface Pavel Belous
2019-10-25 17:54 ` Pavel Belous [this message]
2019-10-25 19:01   ` [dpdk-dev] [RFC v2 6/7] app/testpmd: macsec on/off commands " Stephen Hemminger
2019-10-25 19:02   ` Stephen Hemminger
2019-10-25 17:54 ` [dpdk-dev] [RFC v2 7/7] app/testpmd: macsec adding RX/TX SC " Pavel Belous
2020-01-27 11:25 ` [dpdk-dev] [RFC v2 0/7] RFC: Support MACSEC offload in the RTE_SECURITY infrastructure Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=357ff7d38cb313efe4278dc7cf175bb60bab398b.1571928488.git.Pavel.Belous@aquantia.com \
    --to=pavel.belous@aquantia.com \
    --cc=Igor.Russkikh@aquantia.com \
    --cc=akhil.goyal@nxp.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=fenpatel@cisco.com \
    --cc=ferruh.yigit@intel.com \
    --cc=hmaisher@cisco.com \
    --cc=john.mcnamara@intel.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=thomas@monjalon.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).