From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AD00AA0C41; Thu, 16 Sep 2021 11:04:59 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3AE414069E; Thu, 16 Sep 2021 11:04:59 +0200 (CEST) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80083.outbound.protection.outlook.com [40.107.8.83]) by mails.dpdk.org (Postfix) with ESMTP id E4E624003F for ; Thu, 16 Sep 2021 11:04:57 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SG2xvxg94J184lUsks3WXAghbCcUaNmkfhKBdZyZiQ5TxliXgjiM5viNEwVC7lkUL8Nedc6lby6rXcrnJc6W2zWos6y+Kt6Fe6LRdgaqGSvPJxi0qhz0ZN9CvkGUxh9DMl1oCHflOOKcPct4G6vSS1ACnxoQ36fsZ8m9jLHjS2DRg9aGMC7stJravfODSBVbbRKRQIMlbwQVYb0j7vrIl1PtCTF+SW57MhP8Pkbgz7rZ73mqM4ABvafJjs02GT4kAZpkIky7jaaiefLS6wM2e7s3xQQTi0Dqz/2ZDjpnX+cGXhLFakj2twADgL1UC/axgP0AohdGwDK1aCc07er1LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=mhU34aSfkwrHbMQXtSd+xjTL/2VFINOGpyFcrpyomeQ=; b=BWCVRt23ITZ1IxUtS0cA53DGjngIhqu+otkof9W6S9IWhNLHeRjXMnv2LIZa4NKRVS4Y4hkm/XDo4usWy4yCz+ShhX6zPYrm1xskx98kogsHb5mBI/VRMBnDZX0LaD7vvH+9W8U2Sywyq3GhLgI6kWwJZjVmK9P+xrlc2kDcnmJyxKpPK5NS3mQtSHx+hyel8q8Ne3vsR+6TiwqNYK6UJLIqceyBL8wI02y3wxaMl4F6tD++9X1O9+LnemuVK3zfs/4B07/8fF0oVOu5WnyzErkWA1tqXAkomJL5wf3Gd4vCu9ab4VwA3MdlYBM8u+wiLd+59Ot/BQCBF+Almj3NXQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oss.nxp.com; dmarc=pass action=none header.from=oss.nxp.com; dkim=pass header.d=oss.nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NXP1.onmicrosoft.com; s=selector2-NXP1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mhU34aSfkwrHbMQXtSd+xjTL/2VFINOGpyFcrpyomeQ=; b=ZB3b/y6uV2xIp70dglTG4htqVZbeyH6uMTk9e/t+YXEpBjx+zmsCUiEjI36l4dLWFGAoAxDWfiY/3MLhI4mfK2yzZmFVEZuCc4EMa62t7oO73VxVnqbRijFBD7SE63+7mCjobQENlEKRMIGv7fw4ZVuSvVUFPwD+HtPzzfRod0M= Authentication-Results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=oss.nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by DU2PR04MB8726.eurprd04.prod.outlook.com (2603:10a6:10:2dd::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Thu, 16 Sep 2021 09:04:56 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::945d:e362:712d:1b80]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::945d:e362:712d:1b80%3]) with mapi id 15.20.4523.016; Thu, 16 Sep 2021 09:04:56 +0000 To: Jiawen Wu , dev@dpdk.org, "gakhil@marvell.com" References: <20210908083758.312055-1-jiawenwu@trustnetic.com> <20210908083758.312055-29-jiawenwu@trustnetic.com> From: Hemant Agrawal Message-ID: Date: Thu, 16 Sep 2021 14:34:48 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: <20210908083758.312055-29-jiawenwu@trustnetic.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-ClientProxiedBy: SG2PR06CA0112.apcprd06.prod.outlook.com (2603:1096:1:1d::14) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.1.5] (122.161.79.209) by SG2PR06CA0112.apcprd06.prod.outlook.com (2603:1096:1:1d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Thu, 16 Sep 2021 09:04:54 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 800f75e4-641c-4479-1f08-08d978f10d73 X-MS-TrafficTypeDiagnostic: DU2PR04MB8726: X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:268; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hBjYvS1Pfj4DkkYfUV7+Rt4Kp7Bc8EmPX0y8Z1fOo+6TMkpG/M0pcA6El5ULTLQWbnWP/Vkx+b4w6Bp/Y5IFOPhJBPuMonsZqU0N3NdbWFwkAqs+90/7EHiAwJIT3gIY/x2i39q/+jtCpufkSlghjlQBLL9nVSaBsXLlxyF9yyBRUU20G3jTGYarmknpou5pH1DKbt20QL9if4KGfF32e7DOzWwn3GC7Mka+bPRaO5MrMfmxA40ED+EFeY8I7btLtT+l30AQDffaT3uSUmk02erLSTftjbjiulCDQwcnutOeeHGzpiN/xoSpaIz2KojldZ7IUwdqmUrDM+S8NAG6OJw/zVBKISwtUKhZXvNETDqQrkYpOU4Rm8qS4kDkF6SgtWqaHtaMLj3WAVG9QS6ljUaF+Gg9iaWslWi0uZoWe/0WZ0IgwBRk9h8THXbQZUMZM3UK7tG7cplUoGm7w9oKQdU6OlzKETCuH4TunATf8NTZzf9qLwUxw51US/HY4pL07jV0cxaqhX3pXeOUDqriX2HP+5LZ2Y/W4PUbpJcLK+QaXGVW7lGT7qUYF4ngP2BGDXM1cgo/wIyFQTAcxHQHSS9qQ3ieFuOYy/mxS3HpV7BF2ipNyh5VS19gUrbWNih+Svtb4+zJuVoX3Z7r5AP02O9OrsUoCUKaCgc1ugwambiLekzL3iuC2tYa8eY3t+6IIDIBQTzkD6w2lQPGeDGC7h1WMc0WbtCTOcYXVa4yOHVWhXEyWj+JT06Euy6lHjfnj9POOyYHKe3tuYTpmDob4w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2PR04MB8630.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(39860400002)(396003)(346002)(136003)(366004)(478600001)(44832011)(956004)(8676002)(38100700002)(110136005)(86362001)(2906002)(38350700002)(52116002)(5660300002)(31696002)(186003)(26005)(66946007)(66556008)(2616005)(66476007)(53546011)(16576012)(55236004)(316002)(6486002)(83380400001)(8936002)(6666004)(31686004)(45980500001)(43740500002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?SGJzRldLclVYayt2N285N1JwQWwxNGt0cExZb1hjbXZBazI0SXY4a1VleERI?= =?utf-8?B?WHRramRYeE1VMy9IcUwwK1JwT01CdmY4RDJwdEg5eFNqWG5DdmFUTFNhQWNL?= =?utf-8?B?WXNqdm9yazNSNjYrMmQwRTExTndnd3p0dFBDdENzSzdhNk1JY3JLZkRHN1RT?= =?utf-8?B?enlXTmZNZis1Rm1xWEV1NWs1Y25xWVgwQndXdWNreUgxM1BGam1lRkpWKyt6?= =?utf-8?B?UGNYcThqOXhuZXVMTnFFNVdwUUEzSnNSZnUxcnRRY1d1UkFDUTBsakJ1c1dh?= =?utf-8?B?cEtWYUJYRkR4U3lKTmJIU2dXZzF4dXFqaFJFUysrK0ZQNFFGWldmQit3aml6?= =?utf-8?B?L1pacVJnUW1sbXBzNE1xUVN6VzBQMG9pUGp5NmNXMXZhS2l2NXdWdm5wVE11?= =?utf-8?B?U0xEMjdFbnVxUXZzT2VjYjhic3dJcTJvZDVCY0U1OUlpT05Xb09DSk1rc3hi?= =?utf-8?B?WCt4dzNhbE1nekxSOTI1aHZnUExZMEpPOHJmdUVKeWtMUzBVekk0dTN2UmhJ?= =?utf-8?B?ZWZYRU9uWk9BMTNhalNFbXdzYUpsSk9QdnBjVkpzUUtJalRKcnBnRzg1WFF6?= =?utf-8?B?QmJ1ZG1UL1VyMUZxdml3MWJYL1JTKytIbUFJQWRoMU1PTUFFVy9FNEtreDk1?= =?utf-8?B?YzJjQitEaFk1M0NqeXVNay9TMVVCUmtmMllZUmF0c25LSElZQWhiWFgxd3Bk?= =?utf-8?B?eFRyTjd6R1B6cXFTRHc4QkdWVlllZTcyTjIwcUhISGNNekJ6Yk94S0dMRkpU?= =?utf-8?B?TTlCTEpNakRYajNvNFFRMDlMVmpwWTd5cXhKQnd6U0FFdFpmUms0cDVMdGlv?= =?utf-8?B?c1RTL2ZBQWttSGdYdGVyM0lrME5IUXdBaS9EZHI2S0ttWE80ZG1JM3B4Z3BR?= =?utf-8?B?eXd0M0UxUUtsQjVrL0d2eldBOHlhRVJ2NmpzWmNReWhSSklqQ0ZXYlQ0Snlv?= =?utf-8?B?VjZRVGtlL3l3ZHo2MmI5MXlvc2tGOHRzWW0yNkIvNDJjTkc3d0NKSlJoYnNL?= =?utf-8?B?VTNQNzd4OFBWQzRuMytEZDYxT3QwWnNJcno4L3VpTVNoVVhOYnJJeXgrNkkx?= =?utf-8?B?L3JiVGRGUmpkN0d1LzFkMCs5NkhjTzhKOHA2dVR3Nnk3cUgwVmVyWXFjZXJq?= =?utf-8?B?QzNTUHVLZDlVYVJSU1JheS9SejFMSm0wSjR2b041SFVneVNtTDRUWE02bGRi?= =?utf-8?B?dW1HdDZTM2tVU2pmNFZ0ZTF6V0VBUjg5UjlzT0szeGd0cm1UNUlCTzdLMWhX?= =?utf-8?B?aEhuNlNKR1hZVjV6cDJ5QTFIc2R1ZHZ1Z25La04xR3hLZ0NsL1BidlFhZUVR?= =?utf-8?B?eHkyMW9Zd2NmRFJ4NFFmbyswY0YvaUwxbnI4UXdPTWh1RHgwVlI1NnhNTXQr?= =?utf-8?B?N1F3NW9NZmtkajg0MVR0MkxOeVBSYVBXY1ZneVZqRTRqMkJsSzVRZGdIcWQx?= =?utf-8?B?b3NBblFQREUwRHhGU2p5OVNXSjg2Q29xQkN6cUNPTmlET1BTSVN0b3RRb0hK?= =?utf-8?B?NzJEcjR0ME50UHZEZTVSdFRnVnZPc3BrT3BOU0xhamIxLzVTMmpQd1NNZHBN?= =?utf-8?B?b3M4NDkxQkJpZFFDRXY5VytTZ1pkTVFuMlhTTGh6ZWlSOFpjS013NWs3SkU3?= =?utf-8?B?ZkNCYTdZSU9ZQkt1UEs1MzFrYUNjV3E4K3hoaDlFUmttV0J6NWdEbk5Nb1ph?= =?utf-8?B?NVlsS3c2TWZJeWNydUpkUmM2MGt2NTRJSXRXMTFJRWxkRDRxSFpqSXBTK0R4?= =?utf-8?B?MHRsbDNRcVd0ZW9xRWVSM1hZZkNFMy85N3lWQm1RVis3ZjVHWCtLblNtR2pq?= =?utf-8?B?VFltNEFtWUQ5Yk8rWlpzdz09?= X-OriginatorOrg: oss.nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 800f75e4-641c-4479-1f08-08d978f10d73 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2021 09:04:56.1439 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ptHR7RGZ/7asCG5gRJJsYzol7+WhASuTIfy60Lbp2xC5vHmHxmuZqgq1I8La4aRqYzFCIH7LuawuJLDghCcW2g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2PR04MB8726 Subject: Re: [dpdk-dev] [PATCH 28/32] net/ngbe: add IPsec context creation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: hemant.agrawal@nxp.com Errors-To: dev-bounces@dpdk.org Sender: "dev" On 9/8/2021 2:07 PM, Jiawen Wu wrote: > Initialize securiry context, and support to get security > capabilities. > > Signed-off-by: Jiawen Wu > --- > doc/guides/nics/features/ngbe.ini | 1 + > drivers/net/ngbe/meson.build | 3 +- > drivers/net/ngbe/ngbe_ethdev.c | 10 ++ > drivers/net/ngbe/ngbe_ethdev.h | 4 + > drivers/net/ngbe/ngbe_ipsec.c | 178 ++++++++++++++++++++++++++++++ > 5 files changed, 195 insertions(+), 1 deletion(-) > create mode 100644 drivers/net/ngbe/ngbe_ipsec.c > > diff --git a/doc/guides/nics/features/ngbe.ini b/doc/guides/nics/features/ngbe.ini > index 56d5d71ea8..facdb5f006 100644 > --- a/doc/guides/nics/features/ngbe.ini > +++ b/doc/guides/nics/features/ngbe.ini > @@ -23,6 +23,7 @@ RSS reta update = Y > SR-IOV = Y > VLAN filter = Y > Flow control = Y > +Inline crypto = Y > CRC offload = P > VLAN offload = P > QinQ offload = P > diff --git a/drivers/net/ngbe/meson.build b/drivers/net/ngbe/meson.build > index b276ec3341..f222595b19 100644 > --- a/drivers/net/ngbe/meson.build > +++ b/drivers/net/ngbe/meson.build > @@ -12,12 +12,13 @@ objs = [base_objs] > > sources = files( > 'ngbe_ethdev.c', > + 'ngbe_ipsec.c', Ideally you shall be creating a crypto/security driver and have your ipsec related functions there. @akhil - what is your opinion here? > 'ngbe_ptypes.c', > 'ngbe_pf.c', > 'ngbe_rxtx.c', > ) > > -deps += ['hash'] > +deps += ['hash', 'security'] > > includes += include_directories('base') > > diff --git a/drivers/net/ngbe/ngbe_ethdev.c b/drivers/net/ngbe/ngbe_ethdev.c > index 4eaf9b0724..b0e0f7411e 100644 > --- a/drivers/net/ngbe/ngbe_ethdev.c > +++ b/drivers/net/ngbe/ngbe_ethdev.c > @@ -430,6 +430,12 @@ eth_ngbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused) > /* Unlock any pending hardware semaphore */ > ngbe_swfw_lock_reset(hw); > > +#ifdef RTE_LIB_SECURITY > + /* Initialize security_ctx only for primary process*/ > + if (ngbe_ipsec_ctx_create(eth_dev)) > + return -ENOMEM; > +#endif > + > /* Get Hardware Flow Control setting */ > hw->fc.requested_mode = ngbe_fc_full; > hw->fc.current_mode = ngbe_fc_full; > @@ -1282,6 +1288,10 @@ ngbe_dev_close(struct rte_eth_dev *dev) > rte_free(dev->data->hash_mac_addrs); > dev->data->hash_mac_addrs = NULL; > > +#ifdef RTE_LIB_SECURITY > + rte_free(dev->security_ctx); > +#endif > + > return ret; > } > > diff --git a/drivers/net/ngbe/ngbe_ethdev.h b/drivers/net/ngbe/ngbe_ethdev.h > index aacc0b68b2..9eda024d65 100644 > --- a/drivers/net/ngbe/ngbe_ethdev.h > +++ b/drivers/net/ngbe/ngbe_ethdev.h > @@ -264,6 +264,10 @@ void ngbe_pf_mbx_process(struct rte_eth_dev *eth_dev); > > int ngbe_pf_host_configure(struct rte_eth_dev *eth_dev); > > +#ifdef RTE_LIB_SECURITY > +int ngbe_ipsec_ctx_create(struct rte_eth_dev *dev); > +#endif > + > /* High threshold controlling when to start sending XOFF frames. */ > #define NGBE_FC_XOFF_HITH 128 /*KB*/ > /* Low threshold controlling when to start sending XON frames. */ > diff --git a/drivers/net/ngbe/ngbe_ipsec.c b/drivers/net/ngbe/ngbe_ipsec.c > new file mode 100644 > index 0000000000..5f8b0bab29 > --- /dev/null > +++ b/drivers/net/ngbe/ngbe_ipsec.c > @@ -0,0 +1,178 @@ > +/* SPDX-License-Identifier: BSD-3-Clause > + * Copyright(c) 2018-2021 Beijing WangXun Technology Co., Ltd. > + * Copyright(c) 2010-2017 Intel Corporation > + */ > + > +#include > +#include > +#include > + > +#include "base/ngbe.h" > +#include "ngbe_ethdev.h" > + > +static const struct rte_security_capability * > +ngbe_crypto_capabilities_get(void *device __rte_unused) > +{ > + static const struct rte_cryptodev_capabilities > + aes_gcm_gmac_crypto_capabilities[] = { > + { /* AES GMAC (128-bit) */ > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > + {.sym = { > + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, > + {.auth = { > + .algo = RTE_CRYPTO_AUTH_AES_GMAC, > + .block_size = 16, > + .key_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + }, > + .digest_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + }, > + .iv_size = { > + .min = 12, > + .max = 12, > + .increment = 0 > + } > + }, } > + }, } > + }, > + { /* AES GCM (128-bit) */ > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, > + {.sym = { > + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, > + {.aead = { > + .algo = RTE_CRYPTO_AEAD_AES_GCM, > + .block_size = 16, > + .key_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + }, > + .digest_size = { > + .min = 16, > + .max = 16, > + .increment = 0 > + }, > + .aad_size = { > + .min = 0, > + .max = 65535, > + .increment = 1 > + }, > + .iv_size = { > + .min = 12, > + .max = 12, > + .increment = 0 > + } > + }, } > + }, } > + }, > + { > + .op = RTE_CRYPTO_OP_TYPE_UNDEFINED, > + {.sym = { > + .xform_type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED > + }, } > + }, > + }; > + > + static const struct rte_security_capability > + ngbe_security_capabilities[] = { > + { /* IPsec Inline Crypto ESP Transport Egress */ > + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, > + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, > + {.ipsec = { > + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, > + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, > + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, > + .options = { 0 } > + } }, > + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, > + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA > + }, > + { /* IPsec Inline Crypto ESP Transport Ingress */ > + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, > + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, > + {.ipsec = { > + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, > + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, > + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, > + .options = { 0 } > + } }, > + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, > + .ol_flags = 0 > + }, > + { /* IPsec Inline Crypto ESP Tunnel Egress */ > + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, > + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, > + {.ipsec = { > + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, > + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, > + .options = { 0 } > + } }, > + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, > + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA > + }, > + { /* IPsec Inline Crypto ESP Tunnel Ingress */ > + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, > + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, > + {.ipsec = { > + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, > + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, > + .options = { 0 } > + } }, > + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, > + .ol_flags = 0 > + }, > + { > + .action = RTE_SECURITY_ACTION_TYPE_NONE > + } > + }; > + > + return ngbe_security_capabilities; > +} > + > +static struct rte_security_ops ngbe_security_ops = { > + .capabilities_get = ngbe_crypto_capabilities_get > +}; > + > +static int > +ngbe_crypto_capable(struct rte_eth_dev *dev) > +{ > + struct ngbe_hw *hw = ngbe_dev_hw(dev); > + uint32_t reg_i, reg, capable = 1; > + /* test if rx crypto can be enabled and then write back initial value*/ > + reg_i = rd32(hw, NGBE_SECRXCTL); > + wr32m(hw, NGBE_SECRXCTL, NGBE_SECRXCTL_ODSA, 0); > + reg = rd32m(hw, NGBE_SECRXCTL, NGBE_SECRXCTL_ODSA); > + if (reg != 0) > + capable = 0; > + wr32(hw, NGBE_SECRXCTL, reg_i); > + return capable; > +} > + > +int > +ngbe_ipsec_ctx_create(struct rte_eth_dev *dev) > +{ > + struct rte_security_ctx *ctx = NULL; > + > + if (ngbe_crypto_capable(dev)) { > + ctx = rte_malloc("rte_security_instances_ops", > + sizeof(struct rte_security_ctx), 0); > + if (ctx) { > + ctx->device = (void *)dev; > + ctx->ops = &ngbe_security_ops; > + ctx->sess_cnt = 0; > + dev->security_ctx = ctx; > + } else { > + return -ENOMEM; > + } > + } > + if (rte_security_dynfield_register() < 0) > + return -rte_errno; > + return 0; > +}