From: Igor Russkikh <Igor.Russkikh@aquantia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: "ferruh.yigit@intel.com" <ferruh.yigit@intel.com>,
Pavel Belous <Pavel.Belous@aquantia.com>,
John McNamara <john.mcnamara@intel.com>,
Konstantin Ananyev <konstantin.ananyev@intel.com>,
Thomas Monjalon <thomas@monjalon.net>,
Akhil Goyal <akhil.goyal@nxp.com>,
Declan Doherty <declan.doherty@intel.com>,
Igor Russkikh <Igor.Russkikh@aquantia.com>
Subject: [dpdk-dev] [RFC 2/5] app/testpmd: macsec on command draft via security context
Date: Fri, 31 May 2019 16:14:48 +0000 [thread overview]
Message-ID: <a49e7420fe45b0308b9ccf98e0c74925b9d78a68.1559319237.git.igor.russkikh@aquantia.com> (raw)
In-Reply-To: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com>
Here we create/get security mempool, get sec_ctx, and then
request session creation with macsec specific session configuration.
encrypt and replay_protection parameters are really not a global macsec
attributes, they are related to tx and rx security connection properties.
But we keep testpmd commands structure the same for now and will redesign
it in later commits.
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
app/test-pmd/cmdline.c | 54 +++++++++++++++++++++++++++++++++++-------
1 file changed, 46 insertions(+), 8 deletions(-)
diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
index c1042dd98214..dbee3d958c2e 100644
--- a/app/test-pmd/cmdline.c
+++ b/app/test-pmd/cmdline.c
@@ -46,6 +46,7 @@
#include <rte_devargs.h>
#include <rte_flow.h>
#include <rte_gro.h>
+#include <rte_security.h>
#include <cmdline_rdline.h>
#include <cmdline_parse.h>
@@ -13991,6 +13992,12 @@ struct cmd_macsec_offload_on_result {
cmdline_fixed_string_t rp_on_off;
};
+/* Temporary static storage until testpmd macsec commands get reformatted */
+int macsec_encrypt;
+int macsec_replay_protection;
+struct rte_security_session_conf macsec_conf;
+struct rte_security_session *macsec_session;
+
/* Common CLI fields for MACsec offload disable */
cmdline_parse_token_string_t cmd_macsec_offload_on_set =
TOKEN_STRING_INITIALIZER
@@ -14029,6 +14036,23 @@ cmdline_parse_token_string_t cmd_macsec_offload_on_rp_on_off =
(struct cmd_macsec_offload_on_result,
rp_on_off, "on#off");
+static struct rte_mempool *get_security_pool()
+{
+ struct rte_mempool *pool = rte_mempool_lookup("testpmd_security_pool");
+ int session_size = 256;
+
+ if (!pool) {
+ pool = rte_mempool_create("testpmd_security_pool",
+ 256,
+ session_size,
+ 256,
+ 0, NULL, NULL, NULL,
+ NULL, SOCKET_ID_ANY,
+ 0);
+ }
+ return pool;
+}
+
static void
cmd_set_macsec_offload_on_parsed(
void *parsed_result,
@@ -14036,11 +14060,13 @@ cmd_set_macsec_offload_on_parsed(
__attribute__((unused)) void *data)
{
struct cmd_macsec_offload_on_result *res = parsed_result;
- int ret = -ENOTSUP;
+ int ret = 0;
+ struct rte_security_ctx *ctx;
portid_t port_id = res->port_id;
int en = (strcmp(res->en_on_off, "on") == 0) ? 1 : 0;
int rp = (strcmp(res->rp_on_off, "on") == 0) ? 1 : 0;
struct rte_eth_dev_info dev_info;
+ struct rte_security_session_conf macsec_conf;
if (port_id_is_invalid(port_id, ENABLED_WARN))
return;
@@ -14049,17 +14075,29 @@ cmd_set_macsec_offload_on_parsed(
return;
}
- rte_eth_dev_info_get(port_id, &dev_info);
- if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
- ret = rte_pmd_ixgbe_macsec_enable(port_id, en, rp);
-#endif
+ ctx = rte_eth_dev_get_sec_ctx(port_id);
+ if (!ctx) {
+ ret = ENOTSUP;
+ goto done;
+ }
+
+ macsec_conf.action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+ macsec_conf.protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+ /** should be moved to SC properties */
+ macsec_encrypt = en;
+ macsec_replay_protection = rp;
+
+ /* Use of the same mempool for session header and private data */
+ macsec_session = rte_security_session_create(ctx, &macsec_conf, get_security_pool());
+
+ if (macsec_session == NULL) {
+ ret = -ENOTSUP;
}
- RTE_SET_USED(en);
- RTE_SET_USED(rp);
+done:
switch (ret) {
case 0:
+ /* TBD: To delete? */
ports[port_id].dev_conf.txmode.offloads |=
DEV_TX_OFFLOAD_MACSEC_INSERT;
cmd_reconfig_device_queue(port_id, 1, 1);
--
2.17.1
next prev parent reply other threads:[~2019-05-31 16:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-31 16:14 [dpdk-dev] [RFC 1/5] security: MACSEC infrastructure data declarations Igor Russkikh
2019-05-31 16:14 ` Igor Russkikh [this message]
2019-05-31 16:14 ` [dpdk-dev] [RFC 3/5] app/testpmd: macsec off command Igor Russkikh
2019-05-31 16:14 ` [dpdk-dev] [RFC 4/5] app/testpmd: macsec: update set sc command with new interface Igor Russkikh
2019-05-31 16:15 ` [dpdk-dev] [RFC 5/5] net/atlantic: macsec security context draft Igor Russkikh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a49e7420fe45b0308b9ccf98e0c74925b9d78a68.1559319237.git.igor.russkikh@aquantia.com \
--to=igor.russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=john.mcnamara@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).