DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH  00/10] add MACSEC hw offload to atlantic PMD
@ 2019-04-10 11:18 Igor Russkikh
  2019-04-10 11:18 ` Igor Russkikh
                   ` (10 more replies)
  0 siblings, 11 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

This patchset implements MACSEC hardware offload configuration in
Atlantic PMD. To do this we also propose global ethdev ops
for macsec offload and move testpmd from direct usage of ixgbe
to generic API.

ixgbe changes were only sanity/build verified, would be glad if
somebody could test these out. 

Igor Russkikh (3):
  ethdev: introduce MACSEC device ops
  app/testpmd: use generic MACSEC API calls
  net/ixgbe: macsec callbacks implementation

Pavel Belous (7):
  net/atlantic: macsec hardware structures declaration
  net/atlantic: macsec configuration code
  net/atlantic: macsec firmware interface
  net/atlantic: interrupt handling of macsec events
  net/atlantic: implement macsec statistics
  net/atlantic: bump internal driver version
  net/atlantic: indicate macsec in NIC docs

 app/test-pmd/cmdline.c                        |  20 +-
 doc/guides/nics/atlantic.rst                  |   1 +
 doc/guides/nics/features/atlantic.ini         |   1 +
 drivers/net/atlantic/atl_common.h             |   2 +-
 drivers/net/atlantic/atl_ethdev.c             | 368 +++++++++++++++++-
 drivers/net/atlantic/atl_ethdev.h             |   2 +-
 drivers/net/atlantic/atl_types.h              |  39 ++
 drivers/net/atlantic/hw_atl/hw_atl_utils.h    | 148 +++++++
 .../net/atlantic/hw_atl/hw_atl_utils_fw2x.c   |  51 +++
 drivers/net/ixgbe/ixgbe_ethdev.c              |  55 +++
 lib/librte_ethdev/rte_ethdev.c                |  87 +++++
 lib/librte_ethdev/rte_ethdev.h                | 115 ++++++
 lib/librte_ethdev/rte_ethdev_core.h           |  23 ++
 13 files changed, 881 insertions(+), 31 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH  00/10] add MACSEC hw offload to atlantic PMD
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
@ 2019-04-10 11:18 ` Igor Russkikh
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
                   ` (9 subsequent siblings)
  10 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

This patchset implements MACSEC hardware offload configuration in
Atlantic PMD. To do this we also propose global ethdev ops
for macsec offload and move testpmd from direct usage of ixgbe
to generic API.

ixgbe changes were only sanity/build verified, would be glad if
somebody could test these out. 

Igor Russkikh (3):
  ethdev: introduce MACSEC device ops
  app/testpmd: use generic MACSEC API calls
  net/ixgbe: macsec callbacks implementation

Pavel Belous (7):
  net/atlantic: macsec hardware structures declaration
  net/atlantic: macsec configuration code
  net/atlantic: macsec firmware interface
  net/atlantic: interrupt handling of macsec events
  net/atlantic: implement macsec statistics
  net/atlantic: bump internal driver version
  net/atlantic: indicate macsec in NIC docs

 app/test-pmd/cmdline.c                        |  20 +-
 doc/guides/nics/atlantic.rst                  |   1 +
 doc/guides/nics/features/atlantic.ini         |   1 +
 drivers/net/atlantic/atl_common.h             |   2 +-
 drivers/net/atlantic/atl_ethdev.c             | 368 +++++++++++++++++-
 drivers/net/atlantic/atl_ethdev.h             |   2 +-
 drivers/net/atlantic/atl_types.h              |  39 ++
 drivers/net/atlantic/hw_atl/hw_atl_utils.h    | 148 +++++++
 .../net/atlantic/hw_atl/hw_atl_utils_fw2x.c   |  51 +++
 drivers/net/ixgbe/ixgbe_ethdev.c              |  55 +++
 lib/librte_ethdev/rte_ethdev.c                |  87 +++++
 lib/librte_ethdev/rte_ethdev.h                | 115 ++++++
 lib/librte_ethdev/rte_ethdev_core.h           |  23 ++
 13 files changed, 881 insertions(+), 31 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH  01/10] ethdev: introduce MACSEC device ops
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
  2019-04-10 11:18 ` Igor Russkikh
@ 2019-04-10 11:18 ` Igor Russkikh
  2019-04-10 11:18   ` Igor Russkikh
                     ` (2 more replies)
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
                   ` (8 subsequent siblings)
  10 siblings, 3 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

MACSEC related device ops, API and parameters are taken from the
existing ixgbe PMD ops

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 lib/librte_ethdev/rte_ethdev.c      |  87 +++++++++++++++++++++
 lib/librte_ethdev/rte_ethdev.h      | 115 ++++++++++++++++++++++++++++
 lib/librte_ethdev/rte_ethdev_core.h |  23 ++++++
 3 files changed, 225 insertions(+)

diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
index 243beb4dd5ef..315c31dc667d 100644
--- a/lib/librte_ethdev/rte_ethdev.c
+++ b/lib/librte_ethdev/rte_ethdev.c
@@ -4367,6 +4367,93 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool)
 	return (*dev->dev_ops->pool_ops_supported)(dev, pool);
 }
 
+int
+rte_eth_macsec_enable(uint16_t port_id,
+		      uint8_t encr, uint8_t repl_prot)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_enable, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_enable)
+				(dev, encr, repl_prot));
+}
+
+int
+rte_eth_macsec_disable(uint16_t port_id)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_disable, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_disable)
+				(dev));
+}
+
+int
+rte_eth_macsec_config_rxsc(uint16_t port_id,
+			   uint8_t *mac, uint16_t pi)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_config_rxsc, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_config_rxsc)
+				(dev, mac, pi));
+}
+
+int
+rte_eth_macsec_config_txsc(uint16_t port_id,
+			   uint8_t *mac)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_config_txsc, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_config_txsc)
+				(dev, mac));
+}
+
+int
+rte_eth_macsec_select_rxsa(uint16_t port_id,
+					uint8_t idx, uint8_t an,
+					uint32_t pn, uint8_t *key)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_select_rxsa, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_select_rxsa)
+				(dev, idx, an, pn, key));
+}
+
+int
+rte_eth_macsec_select_txsa(uint16_t port_id,
+					uint8_t idx, uint8_t an,
+					uint32_t pn, uint8_t *key)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_select_txsa, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_select_txsa)
+				(dev, idx, an, pn, key));
+}
+
+
+
 /**
  * A set of values to describe the possible states of a switch domain.
  */
diff --git a/lib/librte_ethdev/rte_ethdev.h b/lib/librte_ethdev/rte_ethdev.h
index 40a068fe8337..0e4e889653ad 100644
--- a/lib/librte_ethdev/rte_ethdev.h
+++ b/lib/librte_ethdev/rte_ethdev.h
@@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool);
 void *
 rte_eth_dev_get_sec_ctx(uint16_t port_id);
 
+/**
+ * Enable MACsec offload.
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param encr
+ *    1 - Enable encryption (encrypt and add integrity signature).
+ *    0 - Disable encryption (only add integrity signature).
+ * @param repl_prot
+ *    1 - Enable replay protection.
+ *    0 - Disable replay protection.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_enable(uint16_t port_id,
+		      uint8_t encr, uint8_t repl_prot);
+
+/**
+ * Disable MACsec offload.
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_disable(uint16_t port_id);
+
+/**
+ * Configure Rx SC (Secure Connection).
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param mac
+ *   The MAC address on the remote side.
+ * @param pi
+ *   The PI (port identifier) on the remote side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_config_rxsc(uint16_t port_id,
+			   uint8_t *mac, uint16_t pi);
+
+/**
+ * Configure Tx SC (Secure Connection).
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param mac
+ *   The MAC address on the local side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_config_txsc(uint16_t port_id,
+			   uint8_t *mac);
+
+/**
+ * Enable Rx SA (Secure Association).
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param idx
+ *   The SA to be enabled (0 or 1)
+ * @param an
+ *   The association number on the remote side.
+ * @param pn
+ *   The packet number on the remote side.
+ * @param key
+ *   The key on the remote side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ *   - (-EINVAL) if bad parameter.
+ */
+int
+rte_eth_macsec_select_rxsa(uint16_t port_id,
+			   uint8_t idx, uint8_t an,
+			   uint32_t pn, uint8_t *key);
+
+/**
+ * Enable Tx SA (Secure Association).
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param idx
+ *   The SA to be enabled (0 or 1).
+ * @param an
+ *   The association number on the local side.
+ * @param pn
+ *   The packet number on the local side.
+ * @param key
+ *   The key on the local side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ *   - (-EINVAL) if bad parameter.
+ */
+int
+rte_eth_macsec_select_txsa(uint16_t port_id,
+			   uint8_t idx, uint8_t an,
+			   uint32_t pn, uint8_t *key);
+
 
 #include <rte_ethdev_core.h>
 
diff --git a/lib/librte_ethdev/rte_ethdev_core.h b/lib/librte_ethdev/rte_ethdev_core.h
index 8f03f83f62cf..6434a9065756 100644
--- a/lib/librte_ethdev/rte_ethdev_core.h
+++ b/lib/librte_ethdev/rte_ethdev_core.h
@@ -377,6 +377,20 @@ typedef int (*eth_pool_ops_supported_t)(struct rte_eth_dev *dev,
 						const char *pool);
 /**< @internal Test if a port supports specific mempool ops */
 
+typedef int (*eth_macsec_enable_t)(struct rte_eth_dev *dev,
+				   uint8_t encr, uint8_t repl_prot);
+typedef int (*eth_macsec_disable_t)(struct rte_eth_dev *dev);
+typedef int (*eth_macsec_config_rxsc_t)(struct rte_eth_dev *dev,
+					uint8_t *mac, uint16_t pi);
+typedef int (*eth_macsec_config_txsc_t)(struct rte_eth_dev *dev,
+					uint8_t *mac);
+typedef int (*eth_macsec_select_rxsa_t)(struct rte_eth_dev *dev,
+					uint8_t idx, uint8_t an,
+					uint32_t pn, uint8_t *key);
+typedef int (*eth_macsec_select_txsa_t)(struct rte_eth_dev *dev,
+					uint8_t idx, uint8_t an,
+					uint32_t pn, uint8_t *key);
+
 /**
  * @internal A structure containing the functions exported by an Ethernet driver.
  */
@@ -509,6 +523,15 @@ struct eth_dev_ops {
 
 	eth_pool_ops_supported_t pool_ops_supported;
 	/**< Test if a port supports specific mempool ops */
+
+	eth_macsec_enable_t macsec_enable; /** macsec function enable */
+	eth_macsec_disable_t macsec_disable; /** macsec function disable */
+	eth_macsec_config_rxsc_t macsec_config_rxsc; /** macsec configure rx */
+	eth_macsec_config_txsc_t macsec_config_txsc; /** macsec configure tx */
+	eth_macsec_select_rxsa_t macsec_select_rxsa;
+	/** macsec select rx security association */
+	eth_macsec_select_txsa_t macsec_select_txsa;
+	/** macsec select tx security association */
 };
 
 /**
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH  01/10] ethdev: introduce MACSEC device ops
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
@ 2019-04-10 11:18   ` Igor Russkikh
  2019-04-10 11:46   ` Thomas Monjalon
  2019-04-12 18:26   ` Ferruh Yigit
  2 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

MACSEC related device ops, API and parameters are taken from the
existing ixgbe PMD ops

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 lib/librte_ethdev/rte_ethdev.c      |  87 +++++++++++++++++++++
 lib/librte_ethdev/rte_ethdev.h      | 115 ++++++++++++++++++++++++++++
 lib/librte_ethdev/rte_ethdev_core.h |  23 ++++++
 3 files changed, 225 insertions(+)

diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
index 243beb4dd5ef..315c31dc667d 100644
--- a/lib/librte_ethdev/rte_ethdev.c
+++ b/lib/librte_ethdev/rte_ethdev.c
@@ -4367,6 +4367,93 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool)
 	return (*dev->dev_ops->pool_ops_supported)(dev, pool);
 }
 
+int
+rte_eth_macsec_enable(uint16_t port_id,
+		      uint8_t encr, uint8_t repl_prot)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_enable, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_enable)
+				(dev, encr, repl_prot));
+}
+
+int
+rte_eth_macsec_disable(uint16_t port_id)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_disable, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_disable)
+				(dev));
+}
+
+int
+rte_eth_macsec_config_rxsc(uint16_t port_id,
+			   uint8_t *mac, uint16_t pi)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_config_rxsc, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_config_rxsc)
+				(dev, mac, pi));
+}
+
+int
+rte_eth_macsec_config_txsc(uint16_t port_id,
+			   uint8_t *mac)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_config_txsc, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_config_txsc)
+				(dev, mac));
+}
+
+int
+rte_eth_macsec_select_rxsa(uint16_t port_id,
+					uint8_t idx, uint8_t an,
+					uint32_t pn, uint8_t *key)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_select_rxsa, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_select_rxsa)
+				(dev, idx, an, pn, key));
+}
+
+int
+rte_eth_macsec_select_txsa(uint16_t port_id,
+					uint8_t idx, uint8_t an,
+					uint32_t pn, uint8_t *key)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+	dev = &rte_eth_devices[port_id];
+
+	RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_select_txsa, -ENOTSUP);
+	return eth_err(port_id, (*dev->dev_ops->macsec_select_txsa)
+				(dev, idx, an, pn, key));
+}
+
+
+
 /**
  * A set of values to describe the possible states of a switch domain.
  */
diff --git a/lib/librte_ethdev/rte_ethdev.h b/lib/librte_ethdev/rte_ethdev.h
index 40a068fe8337..0e4e889653ad 100644
--- a/lib/librte_ethdev/rte_ethdev.h
+++ b/lib/librte_ethdev/rte_ethdev.h
@@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool);
 void *
 rte_eth_dev_get_sec_ctx(uint16_t port_id);
 
+/**
+ * Enable MACsec offload.
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param encr
+ *    1 - Enable encryption (encrypt and add integrity signature).
+ *    0 - Disable encryption (only add integrity signature).
+ * @param repl_prot
+ *    1 - Enable replay protection.
+ *    0 - Disable replay protection.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_enable(uint16_t port_id,
+		      uint8_t encr, uint8_t repl_prot);
+
+/**
+ * Disable MACsec offload.
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_disable(uint16_t port_id);
+
+/**
+ * Configure Rx SC (Secure Connection).
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param mac
+ *   The MAC address on the remote side.
+ * @param pi
+ *   The PI (port identifier) on the remote side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_config_rxsc(uint16_t port_id,
+			   uint8_t *mac, uint16_t pi);
+
+/**
+ * Configure Tx SC (Secure Connection).
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param mac
+ *   The MAC address on the local side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_config_txsc(uint16_t port_id,
+			   uint8_t *mac);
+
+/**
+ * Enable Rx SA (Secure Association).
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param idx
+ *   The SA to be enabled (0 or 1)
+ * @param an
+ *   The association number on the remote side.
+ * @param pn
+ *   The packet number on the remote side.
+ * @param key
+ *   The key on the remote side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ *   - (-EINVAL) if bad parameter.
+ */
+int
+rte_eth_macsec_select_rxsa(uint16_t port_id,
+			   uint8_t idx, uint8_t an,
+			   uint32_t pn, uint8_t *key);
+
+/**
+ * Enable Tx SA (Secure Association).
+ *
+ * @param port_id
+ *   The port identifier of the Ethernet device.
+ * @param idx
+ *   The SA to be enabled (0 or 1).
+ * @param an
+ *   The association number on the local side.
+ * @param pn
+ *   The packet number on the local side.
+ * @param key
+ *   The key on the local side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ *   - (-EINVAL) if bad parameter.
+ */
+int
+rte_eth_macsec_select_txsa(uint16_t port_id,
+			   uint8_t idx, uint8_t an,
+			   uint32_t pn, uint8_t *key);
+
 
 #include <rte_ethdev_core.h>
 
diff --git a/lib/librte_ethdev/rte_ethdev_core.h b/lib/librte_ethdev/rte_ethdev_core.h
index 8f03f83f62cf..6434a9065756 100644
--- a/lib/librte_ethdev/rte_ethdev_core.h
+++ b/lib/librte_ethdev/rte_ethdev_core.h
@@ -377,6 +377,20 @@ typedef int (*eth_pool_ops_supported_t)(struct rte_eth_dev *dev,
 						const char *pool);
 /**< @internal Test if a port supports specific mempool ops */
 
+typedef int (*eth_macsec_enable_t)(struct rte_eth_dev *dev,
+				   uint8_t encr, uint8_t repl_prot);
+typedef int (*eth_macsec_disable_t)(struct rte_eth_dev *dev);
+typedef int (*eth_macsec_config_rxsc_t)(struct rte_eth_dev *dev,
+					uint8_t *mac, uint16_t pi);
+typedef int (*eth_macsec_config_txsc_t)(struct rte_eth_dev *dev,
+					uint8_t *mac);
+typedef int (*eth_macsec_select_rxsa_t)(struct rte_eth_dev *dev,
+					uint8_t idx, uint8_t an,
+					uint32_t pn, uint8_t *key);
+typedef int (*eth_macsec_select_txsa_t)(struct rte_eth_dev *dev,
+					uint8_t idx, uint8_t an,
+					uint32_t pn, uint8_t *key);
+
 /**
  * @internal A structure containing the functions exported by an Ethernet driver.
  */
@@ -509,6 +523,15 @@ struct eth_dev_ops {
 
 	eth_pool_ops_supported_t pool_ops_supported;
 	/**< Test if a port supports specific mempool ops */
+
+	eth_macsec_enable_t macsec_enable; /** macsec function enable */
+	eth_macsec_disable_t macsec_disable; /** macsec function disable */
+	eth_macsec_config_rxsc_t macsec_config_rxsc; /** macsec configure rx */
+	eth_macsec_config_txsc_t macsec_config_txsc; /** macsec configure tx */
+	eth_macsec_select_rxsa_t macsec_select_rxsa;
+	/** macsec select rx security association */
+	eth_macsec_select_txsa_t macsec_select_txsa;
+	/** macsec select tx security association */
 };
 
 /**
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
  2019-04-10 11:18 ` Igor Russkikh
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
@ 2019-04-10 11:18 ` Igor Russkikh
  2019-04-10 11:18   ` Igor Russkikh
  2019-04-10 11:50   ` Thomas Monjalon
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation Igor Russkikh
                   ` (7 subsequent siblings)
  10 siblings, 2 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

Here we do repace testpmd direct usage of IXGBE driver calls
with generic ethdev macsec API calls

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 app/test-pmd/cmdline.c | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
index 2ab03c111316..1730c76fe65c 100644
--- a/app/test-pmd/cmdline.c
+++ b/app/test-pmd/cmdline.c
@@ -13958,9 +13958,7 @@ cmd_set_macsec_offload_on_parsed(
 
 	rte_eth_dev_info_get(port_id, &dev_info);
 	if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
-		ret = rte_pmd_ixgbe_macsec_enable(port_id, en, rp);
-#endif
+		ret = rte_eth_macsec_enable(port_id, en, rp);
 	}
 	RTE_SET_USED(en);
 	RTE_SET_USED(rp);
@@ -14052,9 +14050,7 @@ cmd_set_macsec_offload_off_parsed(
 
 	rte_eth_dev_info_get(port_id, &dev_info);
 	if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
-		ret = rte_pmd_ixgbe_macsec_disable(port_id);
-#endif
+		ret = rte_eth_macsec_disable(port_id);
 	}
 	switch (ret) {
 	case 0:
@@ -14138,13 +14134,11 @@ cmd_set_macsec_sc_parsed(
 	int ret = -ENOTSUP;
 	int is_tx = (strcmp(res->tx_rx, "tx") == 0) ? 1 : 0;
 
-#ifdef RTE_LIBRTE_IXGBE_PMD
 	ret = is_tx ?
-		rte_pmd_ixgbe_macsec_config_txsc(res->port_id,
+		rte_eth_macsec_config_txsc(res->port_id,
 				res->mac.addr_bytes) :
-		rte_pmd_ixgbe_macsec_config_rxsc(res->port_id,
+		rte_eth_macsec_config_rxsc(res->port_id,
 				res->mac.addr_bytes, res->pi);
-#endif
 	RTE_SET_USED(is_tx);
 
 	switch (ret) {
@@ -14257,13 +14251,11 @@ cmd_set_macsec_sa_parsed(
 		key[i] = (uint8_t) ((xdgt0 * 16) + xdgt1);
 	}
 
-#ifdef RTE_LIBRTE_IXGBE_PMD
 	ret = is_tx ?
-		rte_pmd_ixgbe_macsec_select_txsa(res->port_id,
+		rte_eth_macsec_select_txsa(res->port_id,
 			res->idx, res->an, res->pn, key) :
-		rte_pmd_ixgbe_macsec_select_rxsa(res->port_id,
+		rte_eth_macsec_select_rxsa(res->port_id,
 			res->idx, res->an, res->pn, key);
-#endif
 	RTE_SET_USED(is_tx);
 	RTE_SET_USED(key);
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
@ 2019-04-10 11:18   ` Igor Russkikh
  2019-04-10 11:50   ` Thomas Monjalon
  1 sibling, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

Here we do repace testpmd direct usage of IXGBE driver calls
with generic ethdev macsec API calls

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 app/test-pmd/cmdline.c | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
index 2ab03c111316..1730c76fe65c 100644
--- a/app/test-pmd/cmdline.c
+++ b/app/test-pmd/cmdline.c
@@ -13958,9 +13958,7 @@ cmd_set_macsec_offload_on_parsed(
 
 	rte_eth_dev_info_get(port_id, &dev_info);
 	if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
-		ret = rte_pmd_ixgbe_macsec_enable(port_id, en, rp);
-#endif
+		ret = rte_eth_macsec_enable(port_id, en, rp);
 	}
 	RTE_SET_USED(en);
 	RTE_SET_USED(rp);
@@ -14052,9 +14050,7 @@ cmd_set_macsec_offload_off_parsed(
 
 	rte_eth_dev_info_get(port_id, &dev_info);
 	if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
-		ret = rte_pmd_ixgbe_macsec_disable(port_id);
-#endif
+		ret = rte_eth_macsec_disable(port_id);
 	}
 	switch (ret) {
 	case 0:
@@ -14138,13 +14134,11 @@ cmd_set_macsec_sc_parsed(
 	int ret = -ENOTSUP;
 	int is_tx = (strcmp(res->tx_rx, "tx") == 0) ? 1 : 0;
 
-#ifdef RTE_LIBRTE_IXGBE_PMD
 	ret = is_tx ?
-		rte_pmd_ixgbe_macsec_config_txsc(res->port_id,
+		rte_eth_macsec_config_txsc(res->port_id,
 				res->mac.addr_bytes) :
-		rte_pmd_ixgbe_macsec_config_rxsc(res->port_id,
+		rte_eth_macsec_config_rxsc(res->port_id,
 				res->mac.addr_bytes, res->pi);
-#endif
 	RTE_SET_USED(is_tx);
 
 	switch (ret) {
@@ -14257,13 +14251,11 @@ cmd_set_macsec_sa_parsed(
 		key[i] = (uint8_t) ((xdgt0 * 16) + xdgt1);
 	}
 
-#ifdef RTE_LIBRTE_IXGBE_PMD
 	ret = is_tx ?
-		rte_pmd_ixgbe_macsec_select_txsa(res->port_id,
+		rte_eth_macsec_select_txsa(res->port_id,
 			res->idx, res->an, res->pn, key) :
-		rte_pmd_ixgbe_macsec_select_rxsa(res->port_id,
+		rte_eth_macsec_select_rxsa(res->port_id,
 			res->idx, res->an, res->pn, key);
-#endif
 	RTE_SET_USED(is_tx);
 	RTE_SET_USED(key);
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
                   ` (2 preceding siblings ...)
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
@ 2019-04-10 11:18 ` Igor Russkikh
  2019-04-10 11:18   ` Igor Russkikh
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration Igor Russkikh
                   ` (6 subsequent siblings)
  10 siblings, 1 reply; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

Add new macsec generic callbacks to ixgbe driver.
Reuse existing rte_pmd_ driver API, keeping it to preserve
backward API compatibility

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/ixgbe/ixgbe_ethdev.c | 55 ++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
index 975fa474ce83..e2123062c185 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
@@ -46,6 +46,7 @@
 #include "base/ixgbe_type.h"
 #include "base/ixgbe_phy.h"
 #include "ixgbe_regs.h"
+#include "rte_pmd_ixgbe.h"
 
 /*
  * High threshold controlling when to start sending XOFF frames. Must be at
@@ -370,6 +371,17 @@ static int ixgbe_dev_udp_tunnel_port_del(struct rte_eth_dev *dev,
 static int ixgbe_filter_restore(struct rte_eth_dev *dev);
 static void ixgbe_l2_tunnel_conf(struct rte_eth_dev *dev);
 
+static int ixgbe_macsec_enable(struct rte_eth_dev *dev,
+			       uint8_t encr, uint8_t repl_prot);
+static int ixgbe_macsec_disable(struct rte_eth_dev *dev);
+static int ixgbe_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+static int ixgbe_macsec_config_rxsc(struct rte_eth_dev *dev,
+				    uint8_t *mac, uint16_t pi);
+static int ixgbe_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+				    uint8_t an, uint32_t pn, uint8_t *key);
+static int ixgbe_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+				    uint8_t an, uint32_t pn, uint8_t *key);
+
 /*
  * Define VF Stats MACRO for Non "cleared on read" register
  */
@@ -581,6 +593,12 @@ static const struct eth_dev_ops ixgbe_eth_dev_ops = {
 	.udp_tunnel_port_add  = ixgbe_dev_udp_tunnel_port_add,
 	.udp_tunnel_port_del  = ixgbe_dev_udp_tunnel_port_del,
 	.tm_ops_get           = ixgbe_tm_ops_get,
+	.macsec_enable        = ixgbe_macsec_enable,
+	.macsec_disable       = ixgbe_macsec_disable,
+	.macsec_config_rxsc   = ixgbe_macsec_config_rxsc,
+	.macsec_config_txsc   = ixgbe_macsec_config_txsc,
+	.macsec_select_rxsa   = ixgbe_macsec_select_rxsa,
+	.macsec_select_txsa   = ixgbe_macsec_select_txsa,
 };
 
 /*
@@ -8652,6 +8670,43 @@ ixgbe_clear_all_l2_tn_filter(struct rte_eth_dev *dev)
 	return 0;
 }
 
+static int ixgbe_macsec_enable(struct rte_eth_dev *dev,
+			       uint8_t encr, uint8_t repl_prot)
+{
+	return rte_pmd_ixgbe_macsec_enable(dev->data->port_id,
+						   encr, repl_prot);
+}
+
+static int ixgbe_macsec_disable(struct rte_eth_dev *dev)
+{
+	return rte_pmd_ixgbe_macsec_disable(dev->data->port_id);
+}
+
+static int ixgbe_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+	return rte_pmd_ixgbe_macsec_config_txsc(dev->data->port_id, mac);
+}
+
+static int ixgbe_macsec_config_rxsc(struct rte_eth_dev *dev,
+				    uint8_t *mac, uint16_t pi)
+{
+	return rte_pmd_ixgbe_macsec_config_rxsc(dev->data->port_id, mac, pi);
+}
+
+static int ixgbe_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+				    uint8_t an, uint32_t pn, uint8_t *key)
+{
+	return rte_pmd_ixgbe_macsec_select_txsa(dev->data->port_id, idx, an,
+						pn, key);
+}
+
+static int ixgbe_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+				    uint8_t an, uint32_t pn, uint8_t *key)
+{
+	return rte_pmd_ixgbe_macsec_select_txsa(dev->data->port_id, idx, an,
+						pn, key);
+}
+
 RTE_PMD_REGISTER_PCI(net_ixgbe, rte_ixgbe_pmd);
 RTE_PMD_REGISTER_PCI_TABLE(net_ixgbe, pci_id_ixgbe_map);
 RTE_PMD_REGISTER_KMOD_DEP(net_ixgbe, "* igb_uio | uio_pci_generic | vfio-pci");
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation Igor Russkikh
@ 2019-04-10 11:18   ` Igor Russkikh
  0 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

Add new macsec generic callbacks to ixgbe driver.
Reuse existing rte_pmd_ driver API, keeping it to preserve
backward API compatibility

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/ixgbe/ixgbe_ethdev.c | 55 ++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c
index 975fa474ce83..e2123062c185 100644
--- a/drivers/net/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/ixgbe/ixgbe_ethdev.c
@@ -46,6 +46,7 @@
 #include "base/ixgbe_type.h"
 #include "base/ixgbe_phy.h"
 #include "ixgbe_regs.h"
+#include "rte_pmd_ixgbe.h"
 
 /*
  * High threshold controlling when to start sending XOFF frames. Must be at
@@ -370,6 +371,17 @@ static int ixgbe_dev_udp_tunnel_port_del(struct rte_eth_dev *dev,
 static int ixgbe_filter_restore(struct rte_eth_dev *dev);
 static void ixgbe_l2_tunnel_conf(struct rte_eth_dev *dev);
 
+static int ixgbe_macsec_enable(struct rte_eth_dev *dev,
+			       uint8_t encr, uint8_t repl_prot);
+static int ixgbe_macsec_disable(struct rte_eth_dev *dev);
+static int ixgbe_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+static int ixgbe_macsec_config_rxsc(struct rte_eth_dev *dev,
+				    uint8_t *mac, uint16_t pi);
+static int ixgbe_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+				    uint8_t an, uint32_t pn, uint8_t *key);
+static int ixgbe_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+				    uint8_t an, uint32_t pn, uint8_t *key);
+
 /*
  * Define VF Stats MACRO for Non "cleared on read" register
  */
@@ -581,6 +593,12 @@ static const struct eth_dev_ops ixgbe_eth_dev_ops = {
 	.udp_tunnel_port_add  = ixgbe_dev_udp_tunnel_port_add,
 	.udp_tunnel_port_del  = ixgbe_dev_udp_tunnel_port_del,
 	.tm_ops_get           = ixgbe_tm_ops_get,
+	.macsec_enable        = ixgbe_macsec_enable,
+	.macsec_disable       = ixgbe_macsec_disable,
+	.macsec_config_rxsc   = ixgbe_macsec_config_rxsc,
+	.macsec_config_txsc   = ixgbe_macsec_config_txsc,
+	.macsec_select_rxsa   = ixgbe_macsec_select_rxsa,
+	.macsec_select_txsa   = ixgbe_macsec_select_txsa,
 };
 
 /*
@@ -8652,6 +8670,43 @@ ixgbe_clear_all_l2_tn_filter(struct rte_eth_dev *dev)
 	return 0;
 }
 
+static int ixgbe_macsec_enable(struct rte_eth_dev *dev,
+			       uint8_t encr, uint8_t repl_prot)
+{
+	return rte_pmd_ixgbe_macsec_enable(dev->data->port_id,
+						   encr, repl_prot);
+}
+
+static int ixgbe_macsec_disable(struct rte_eth_dev *dev)
+{
+	return rte_pmd_ixgbe_macsec_disable(dev->data->port_id);
+}
+
+static int ixgbe_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+	return rte_pmd_ixgbe_macsec_config_txsc(dev->data->port_id, mac);
+}
+
+static int ixgbe_macsec_config_rxsc(struct rte_eth_dev *dev,
+				    uint8_t *mac, uint16_t pi)
+{
+	return rte_pmd_ixgbe_macsec_config_rxsc(dev->data->port_id, mac, pi);
+}
+
+static int ixgbe_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+				    uint8_t an, uint32_t pn, uint8_t *key)
+{
+	return rte_pmd_ixgbe_macsec_select_txsa(dev->data->port_id, idx, an,
+						pn, key);
+}
+
+static int ixgbe_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+				    uint8_t an, uint32_t pn, uint8_t *key)
+{
+	return rte_pmd_ixgbe_macsec_select_txsa(dev->data->port_id, idx, an,
+						pn, key);
+}
+
 RTE_PMD_REGISTER_PCI(net_ixgbe, rte_ixgbe_pmd);
 RTE_PMD_REGISTER_PCI_TABLE(net_ixgbe, pci_id_ixgbe_map);
 RTE_PMD_REGISTER_KMOD_DEP(net_ixgbe, "* igb_uio | uio_pci_generic | vfio-pci");
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
                   ` (3 preceding siblings ...)
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation Igor Russkikh
@ 2019-04-10 11:18 ` Igor Russkikh
  2019-04-10 11:18   ` Igor Russkikh
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code Igor Russkikh
                   ` (5 subsequent siblings)
  10 siblings, 1 reply; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

Here we define hardware and software configuration structures
for macsec interface. MACSEC itself is implemented in Phy module,
but its configuration is done via firmware interface

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_types.h           |  37 ++++++
 drivers/net/atlantic/hw_atl/hw_atl_utils.h | 148 +++++++++++++++++++++
 2 files changed, 185 insertions(+)

diff --git a/drivers/net/atlantic/atl_types.h b/drivers/net/atlantic/atl_types.h
index 3edaf0c7c047..3cc9e96089e8 100644
--- a/drivers/net/atlantic/atl_types.h
+++ b/drivers/net/atlantic/atl_types.h
@@ -59,6 +59,39 @@ struct aq_rss_parameters {
 	u8 indirection_table[HW_ATL_B0_RSS_REDIRECTION_MAX];
 };
 
+/* Macsec stuff */
+struct aq_macsec_config {
+	struct {
+		u32 macsec_enabled;
+		u32 encryption_enabled;
+		u32 replay_protection_enabled;
+	} common;
+
+	struct {
+		u32 idx;
+		u32 mac[2]; /* 6 bytes */
+	} txsc;
+
+	struct {
+		u32 idx;
+		u32 an; /* association number on the local side */
+		u32 pn; /* packet number on the local side */
+		u32 key[4]; /* 128 bit key */
+	} txsa;
+
+	struct {
+		u32 mac[2]; /* 6 bytes */
+		u32 pi;
+	} rxsc;
+
+	struct {
+		u32 idx;
+		u32 an; /* association number on the remote side */
+		u32 pn; /* packet number on the remote side */
+		u32 key[4]; /* 128 bit key */
+	} rxsa;
+};
+
 struct aq_hw_cfg_s {
 	bool is_lro;
 	bool is_rss;
@@ -75,6 +108,7 @@ struct aq_hw_cfg_s {
 	uint32_t flow_control;
 
 	struct aq_rss_parameters aq_rss;
+	struct aq_macsec_config aq_macsec;
 };
 
 struct aq_hw_s {
@@ -143,6 +177,9 @@ struct aq_fw_ops {
 	int (*set_eeprom)(struct aq_hw_s *self, int dev_addr,
 			  u32 *data, u32 len);
 
+	int (*send_macsec_req)(struct aq_hw_s *self,
+			       struct macsec_msg_fw_request *req,
+			       struct macsec_msg_fw_response *response);
 };
 
 struct atl_sw_stats {
diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils.h b/drivers/net/atlantic/hw_atl/hw_atl_utils.h
index f2a87826c0d1..b7c531573623 100644
--- a/drivers/net/atlantic/hw_atl/hw_atl_utils.h
+++ b/drivers/net/atlantic/hw_atl/hw_atl_utils.h
@@ -351,6 +351,154 @@ struct smbus_write_request {
 	u32 length;
 } __attribute__((__packed__));
 
+enum macsec_msg_type {
+	macsec_cfg_msg = 0,
+	macsec_add_rx_sc_msg,
+	macsec_add_tx_sc_msg,
+	macsec_add_rx_sa_msg,
+	macsec_add_tx_sa_msg,
+	macsec_get_stats_msg,
+};
+
+struct macsec_cfg {
+	uint32_t enabled;
+	uint32_t egress_threshold;
+	uint32_t ingress_threshold;
+	uint32_t interrupts_enabled;
+} __attribute__((__packed__));
+
+struct add_rx_sc {
+	uint32_t index;
+	uint32_t pi; /* Port identifier */
+	uint32_t sci[2]; /* Secure Channel identifier */
+	uint32_t sci_mask; /* 1: enable comparison of SCI, 0: don't care */
+	uint32_t tci;
+	uint32_t tci_mask;
+	uint32_t mac_sa[2];
+	uint32_t sa_mask; /* 0: ignore mac_sa */
+	uint32_t mac_da[2];
+	uint32_t da_mask; /* 0: ignore mac_da */
+	uint32_t validate_frames; /* 0: strict, 1:check, 2:disabled */
+	uint32_t replay_protect; /* 1: enabled, 0:disabled */
+	uint32_t anti_replay_window; /* default 0 */
+	/* 1: auto_rollover enabled (when SA next_pn is saturated */
+	uint32_t an_rol;
+} __attribute__((__packed__));
+
+struct add_tx_sc {
+	uint32_t index;
+	uint32_t pi; /* Port identifier */
+	uint32_t sci[2]; /* Secure Channel identifier */
+	uint32_t sci_mask; /* 1: enable comparison of SCI, 0: don't care */
+	uint32_t tci; /* TCI value, used if packet is not explicitly tagged */
+	uint32_t tci_mask;
+	uint32_t mac_sa[2];
+	uint32_t sa_mask; /* 0: ignore mac_sa */
+	uint32_t mac_da[2];
+	uint32_t da_mask; /* 0: ignore mac_da */
+	uint32_t protect;
+	uint32_t curr_an; /* SA index which currently used */
+} __attribute__((__packed__));
+
+struct add_rx_sa {
+	uint32_t index;
+	uint32_t next_pn;
+	uint32_t key[4]; /* 128 bit key */
+} __attribute__((__packed__));
+
+struct add_tx_sa {
+	uint32_t index;
+	uint32_t next_pn;
+	uint32_t key[4]; /* 128 bit key */
+} __attribute__((__packed__));
+
+struct get_stats {
+	uint32_t version_only;
+	uint32_t ingress_sa_index;
+	uint32_t egress_sa_index;
+	uint32_t egress_sc_index;
+} __attribute__((__packed__));
+
+struct macsec_stats {
+	uint32_t api_version;
+	/* Ingress Common Counters */
+	uint64_t in_ctl_pkts;
+	uint64_t in_tagged_miss_pkts;
+	uint64_t in_untagged_miss_pkts;
+	uint64_t in_notag_pkts;
+	uint64_t in_untagged_pkts;
+	uint64_t in_bad_tag_pkts;
+	uint64_t in_no_sci_pkts;
+	uint64_t in_unknown_sci_pkts;
+	uint64_t in_ctrl_prt_pass_pkts;
+	uint64_t in_unctrl_prt_pass_pkts;
+	uint64_t in_ctrl_prt_fail_pkts;
+	uint64_t in_unctrl_prt_fail_pkts;
+	uint64_t in_too_long_pkts;
+	uint64_t in_igpoc_ctl_pkts;
+	uint64_t in_ecc_error_pkts;
+	uint64_t in_unctrl_hit_drop_redir;
+
+	/* Egress Common Counters */
+	uint64_t out_ctl_pkts;
+	uint64_t out_unknown_sa_pkts;
+	uint64_t out_untagged_pkts;
+	uint64_t out_too_long;
+	uint64_t out_ecc_error_pkts;
+	uint64_t out_unctrl_hit_drop_redir;
+
+	/* Ingress SA Counters */
+	uint64_t in_untagged_hit_pkts;
+	uint64_t in_ctrl_hit_drop_redir_pkts;
+	uint64_t in_not_using_sa;
+	uint64_t in_unused_sa;
+	uint64_t in_not_valid_pkts;
+	uint64_t in_invalid_pkts;
+	uint64_t in_ok_pkts;
+	uint64_t in_late_pkts;
+	uint64_t in_delayed_pkts;
+	uint64_t in_unchecked_pkts;
+	uint64_t in_validated_octets;
+	uint64_t in_decrypted_octets;
+
+	/* Egress SA Counters */
+	uint64_t out_sa_hit_drop_redirect;
+	uint64_t out_sa_protected2_pkts;
+	uint64_t out_sa_protected_pkts;
+	uint64_t out_sa_encrypted_pkts;
+
+	/* Egress SC Counters */
+	uint64_t out_sc_protected_pkts;
+	uint64_t out_sc_encrypted_pkts;
+	uint64_t out_sc_protected_octets;
+	uint64_t out_sc_encrypted_octets;
+
+	/* SA Counters expiration info */
+	uint32_t egress_threshold_expired;
+	uint32_t ingress_threshold_expired;
+	uint32_t egress_expired;
+	uint32_t ingress_expired;
+} __attribute__((__packed__));
+
+struct macsec_msg_fw_request {
+	uint32_t offset; /* not used */
+	uint32_t msg_type;
+
+	union {
+		struct macsec_cfg cfg;
+		struct add_rx_sc rxsc;
+		struct add_tx_sc txsc;
+		struct add_rx_sa rxsa;
+		struct add_tx_sa txsa;
+		struct get_stats stats;
+	};
+} __attribute__((__packed__));
+
+struct macsec_msg_fw_response {
+	uint32_t result;
+	struct macsec_stats stats;
+} __attribute__((__packed__));
+
 #define HAL_ATLANTIC_UTILS_CHIP_MIPS         0x00000001U
 #define HAL_ATLANTIC_UTILS_CHIP_TPO2         0x00000002U
 #define HAL_ATLANTIC_UTILS_CHIP_RPF2         0x00000004U
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration Igor Russkikh
@ 2019-04-10 11:18   ` Igor Russkikh
  0 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

Here we define hardware and software configuration structures
for macsec interface. MACSEC itself is implemented in Phy module,
but its configuration is done via firmware interface

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_types.h           |  37 ++++++
 drivers/net/atlantic/hw_atl/hw_atl_utils.h | 148 +++++++++++++++++++++
 2 files changed, 185 insertions(+)

diff --git a/drivers/net/atlantic/atl_types.h b/drivers/net/atlantic/atl_types.h
index 3edaf0c7c047..3cc9e96089e8 100644
--- a/drivers/net/atlantic/atl_types.h
+++ b/drivers/net/atlantic/atl_types.h
@@ -59,6 +59,39 @@ struct aq_rss_parameters {
 	u8 indirection_table[HW_ATL_B0_RSS_REDIRECTION_MAX];
 };
 
+/* Macsec stuff */
+struct aq_macsec_config {
+	struct {
+		u32 macsec_enabled;
+		u32 encryption_enabled;
+		u32 replay_protection_enabled;
+	} common;
+
+	struct {
+		u32 idx;
+		u32 mac[2]; /* 6 bytes */
+	} txsc;
+
+	struct {
+		u32 idx;
+		u32 an; /* association number on the local side */
+		u32 pn; /* packet number on the local side */
+		u32 key[4]; /* 128 bit key */
+	} txsa;
+
+	struct {
+		u32 mac[2]; /* 6 bytes */
+		u32 pi;
+	} rxsc;
+
+	struct {
+		u32 idx;
+		u32 an; /* association number on the remote side */
+		u32 pn; /* packet number on the remote side */
+		u32 key[4]; /* 128 bit key */
+	} rxsa;
+};
+
 struct aq_hw_cfg_s {
 	bool is_lro;
 	bool is_rss;
@@ -75,6 +108,7 @@ struct aq_hw_cfg_s {
 	uint32_t flow_control;
 
 	struct aq_rss_parameters aq_rss;
+	struct aq_macsec_config aq_macsec;
 };
 
 struct aq_hw_s {
@@ -143,6 +177,9 @@ struct aq_fw_ops {
 	int (*set_eeprom)(struct aq_hw_s *self, int dev_addr,
 			  u32 *data, u32 len);
 
+	int (*send_macsec_req)(struct aq_hw_s *self,
+			       struct macsec_msg_fw_request *req,
+			       struct macsec_msg_fw_response *response);
 };
 
 struct atl_sw_stats {
diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils.h b/drivers/net/atlantic/hw_atl/hw_atl_utils.h
index f2a87826c0d1..b7c531573623 100644
--- a/drivers/net/atlantic/hw_atl/hw_atl_utils.h
+++ b/drivers/net/atlantic/hw_atl/hw_atl_utils.h
@@ -351,6 +351,154 @@ struct smbus_write_request {
 	u32 length;
 } __attribute__((__packed__));
 
+enum macsec_msg_type {
+	macsec_cfg_msg = 0,
+	macsec_add_rx_sc_msg,
+	macsec_add_tx_sc_msg,
+	macsec_add_rx_sa_msg,
+	macsec_add_tx_sa_msg,
+	macsec_get_stats_msg,
+};
+
+struct macsec_cfg {
+	uint32_t enabled;
+	uint32_t egress_threshold;
+	uint32_t ingress_threshold;
+	uint32_t interrupts_enabled;
+} __attribute__((__packed__));
+
+struct add_rx_sc {
+	uint32_t index;
+	uint32_t pi; /* Port identifier */
+	uint32_t sci[2]; /* Secure Channel identifier */
+	uint32_t sci_mask; /* 1: enable comparison of SCI, 0: don't care */
+	uint32_t tci;
+	uint32_t tci_mask;
+	uint32_t mac_sa[2];
+	uint32_t sa_mask; /* 0: ignore mac_sa */
+	uint32_t mac_da[2];
+	uint32_t da_mask; /* 0: ignore mac_da */
+	uint32_t validate_frames; /* 0: strict, 1:check, 2:disabled */
+	uint32_t replay_protect; /* 1: enabled, 0:disabled */
+	uint32_t anti_replay_window; /* default 0 */
+	/* 1: auto_rollover enabled (when SA next_pn is saturated */
+	uint32_t an_rol;
+} __attribute__((__packed__));
+
+struct add_tx_sc {
+	uint32_t index;
+	uint32_t pi; /* Port identifier */
+	uint32_t sci[2]; /* Secure Channel identifier */
+	uint32_t sci_mask; /* 1: enable comparison of SCI, 0: don't care */
+	uint32_t tci; /* TCI value, used if packet is not explicitly tagged */
+	uint32_t tci_mask;
+	uint32_t mac_sa[2];
+	uint32_t sa_mask; /* 0: ignore mac_sa */
+	uint32_t mac_da[2];
+	uint32_t da_mask; /* 0: ignore mac_da */
+	uint32_t protect;
+	uint32_t curr_an; /* SA index which currently used */
+} __attribute__((__packed__));
+
+struct add_rx_sa {
+	uint32_t index;
+	uint32_t next_pn;
+	uint32_t key[4]; /* 128 bit key */
+} __attribute__((__packed__));
+
+struct add_tx_sa {
+	uint32_t index;
+	uint32_t next_pn;
+	uint32_t key[4]; /* 128 bit key */
+} __attribute__((__packed__));
+
+struct get_stats {
+	uint32_t version_only;
+	uint32_t ingress_sa_index;
+	uint32_t egress_sa_index;
+	uint32_t egress_sc_index;
+} __attribute__((__packed__));
+
+struct macsec_stats {
+	uint32_t api_version;
+	/* Ingress Common Counters */
+	uint64_t in_ctl_pkts;
+	uint64_t in_tagged_miss_pkts;
+	uint64_t in_untagged_miss_pkts;
+	uint64_t in_notag_pkts;
+	uint64_t in_untagged_pkts;
+	uint64_t in_bad_tag_pkts;
+	uint64_t in_no_sci_pkts;
+	uint64_t in_unknown_sci_pkts;
+	uint64_t in_ctrl_prt_pass_pkts;
+	uint64_t in_unctrl_prt_pass_pkts;
+	uint64_t in_ctrl_prt_fail_pkts;
+	uint64_t in_unctrl_prt_fail_pkts;
+	uint64_t in_too_long_pkts;
+	uint64_t in_igpoc_ctl_pkts;
+	uint64_t in_ecc_error_pkts;
+	uint64_t in_unctrl_hit_drop_redir;
+
+	/* Egress Common Counters */
+	uint64_t out_ctl_pkts;
+	uint64_t out_unknown_sa_pkts;
+	uint64_t out_untagged_pkts;
+	uint64_t out_too_long;
+	uint64_t out_ecc_error_pkts;
+	uint64_t out_unctrl_hit_drop_redir;
+
+	/* Ingress SA Counters */
+	uint64_t in_untagged_hit_pkts;
+	uint64_t in_ctrl_hit_drop_redir_pkts;
+	uint64_t in_not_using_sa;
+	uint64_t in_unused_sa;
+	uint64_t in_not_valid_pkts;
+	uint64_t in_invalid_pkts;
+	uint64_t in_ok_pkts;
+	uint64_t in_late_pkts;
+	uint64_t in_delayed_pkts;
+	uint64_t in_unchecked_pkts;
+	uint64_t in_validated_octets;
+	uint64_t in_decrypted_octets;
+
+	/* Egress SA Counters */
+	uint64_t out_sa_hit_drop_redirect;
+	uint64_t out_sa_protected2_pkts;
+	uint64_t out_sa_protected_pkts;
+	uint64_t out_sa_encrypted_pkts;
+
+	/* Egress SC Counters */
+	uint64_t out_sc_protected_pkts;
+	uint64_t out_sc_encrypted_pkts;
+	uint64_t out_sc_protected_octets;
+	uint64_t out_sc_encrypted_octets;
+
+	/* SA Counters expiration info */
+	uint32_t egress_threshold_expired;
+	uint32_t ingress_threshold_expired;
+	uint32_t egress_expired;
+	uint32_t ingress_expired;
+} __attribute__((__packed__));
+
+struct macsec_msg_fw_request {
+	uint32_t offset; /* not used */
+	uint32_t msg_type;
+
+	union {
+		struct macsec_cfg cfg;
+		struct add_rx_sc rxsc;
+		struct add_tx_sc txsc;
+		struct add_rx_sa rxsa;
+		struct add_tx_sa txsa;
+		struct get_stats stats;
+	};
+} __attribute__((__packed__));
+
+struct macsec_msg_fw_response {
+	uint32_t result;
+	struct macsec_stats stats;
+} __attribute__((__packed__));
+
 #define HAL_ATLANTIC_UTILS_CHIP_MIPS         0x00000001U
 #define HAL_ATLANTIC_UTILS_CHIP_TPO2         0x00000002U
 #define HAL_ATLANTIC_UTILS_CHIP_RPF2         0x00000004U
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH  05/10] net/atlantic: macsec configuration code
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
                   ` (4 preceding siblings ...)
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration Igor Russkikh
@ 2019-04-10 11:18 ` Igor Russkikh
  2019-04-10 11:18   ` Igor Russkikh
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 06/10] net/atlantic: macsec firmware interface Igor Russkikh
                   ` (4 subsequent siblings)
  10 siblings, 1 reply; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

This is a driver side of macsec configuration routines.
It fills in config structures and sends requests to FW
for configuration activities.

We also declare macsec offload bits in DPDK offload capabilities

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_ethdev.c | 220 ++++++++++++++++++++++++++++++
 1 file changed, 220 insertions(+)

diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 8327863cd9b6..502ef5308b4d 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -122,6 +122,18 @@ static int eth_atl_pci_remove(struct rte_pci_device *pci_dev);
 static void atl_dev_info_get(struct rte_eth_dev *dev,
 				struct rte_eth_dev_info *dev_info);
 
+static int atl_macsec_enable(struct rte_eth_dev *dev, uint8_t encr,
+			     uint8_t repl_prot);
+static int atl_macsec_disable(struct rte_eth_dev *dev);
+static int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+static int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+				  uint8_t *mac, uint16_t pi);
+static int atl_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+				  uint8_t an, uint32_t pn, uint8_t *key);
+
+static int atl_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+				  uint8_t an, uint32_t pn, uint8_t *key);
+
 int atl_logtype_init;
 int atl_logtype_driver;
 
@@ -167,6 +179,7 @@ static struct rte_pci_driver rte_atl_pmd = {
 			| DEV_RX_OFFLOAD_UDP_CKSUM \
 			| DEV_RX_OFFLOAD_TCP_CKSUM \
 			| DEV_RX_OFFLOAD_JUMBO_FRAME \
+			| DEV_RX_OFFLOAD_MACSEC_STRIP \
 			| DEV_RX_OFFLOAD_VLAN_FILTER)
 
 #define ATL_TX_OFFLOADS (DEV_TX_OFFLOAD_VLAN_INSERT \
@@ -174,6 +187,7 @@ static struct rte_pci_driver rte_atl_pmd = {
 			| DEV_TX_OFFLOAD_UDP_CKSUM \
 			| DEV_TX_OFFLOAD_TCP_CKSUM \
 			| DEV_TX_OFFLOAD_TCP_TSO \
+			| DEV_TX_OFFLOAD_MACSEC_INSERT \
 			| DEV_TX_OFFLOAD_MULTI_SEGS)
 
 static const struct rte_eth_desc_lim rx_desc_lim = {
@@ -295,6 +309,13 @@ static const struct eth_dev_ops atl_eth_dev_ops = {
 	.reta_query           = atl_reta_query,
 	.rss_hash_update      = atl_rss_hash_update,
 	.rss_hash_conf_get    = atl_rss_hash_conf_get,
+
+	.macsec_enable        = atl_macsec_enable,
+	.macsec_disable       = atl_macsec_disable,
+	.macsec_config_rxsc   = atl_macsec_config_rxsc,
+	.macsec_config_txsc   = atl_macsec_config_txsc,
+	.macsec_select_rxsa   = atl_macsec_select_rxsa,
+	.macsec_select_txsa   = atl_macsec_select_txsa,
 };
 
 static inline int32_t
@@ -698,6 +719,205 @@ atl_dev_reset(struct rte_eth_dev *dev)
 	return ret;
 }
 
+static int
+atl_dev_configure_macsec(struct rte_eth_dev *dev)
+{
+	struct aq_hw_s *hw = ATL_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+	struct aq_hw_cfg_s *cf = ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+	struct aq_macsec_config *aqcfg = &cf->aq_macsec;
+	struct macsec_msg_fw_request msg_macsec;
+	struct macsec_msg_fw_response response;
+
+	if (!aqcfg->common.macsec_enabled ||
+	    hw->aq_fw_ops->send_macsec_req == NULL)
+		return 0;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Creating set of sc/sa structures from parameters provided by DPDK */
+
+	/* Configure macsec */
+	msg_macsec.msg_type = macsec_cfg_msg;
+	msg_macsec.cfg.enabled = aqcfg->common.macsec_enabled;
+	msg_macsec.cfg.interrupts_enabled = 1;
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Configure TX SC */
+
+	msg_macsec.msg_type = macsec_add_tx_sc_msg;
+	msg_macsec.txsc.index = 0; /* TXSC always one (??) */
+	msg_macsec.txsc.protect = aqcfg->common.encryption_enabled;
+
+	/* MAC addr for TX */
+	msg_macsec.txsc.mac_sa[0] = rte_bswap32(aqcfg->txsc.mac[1]);
+	msg_macsec.txsc.mac_sa[1] = rte_bswap32(aqcfg->txsc.mac[0]);
+	msg_macsec.txsc.sa_mask = 0x3f;
+
+	msg_macsec.txsc.da_mask = 0;
+	msg_macsec.txsc.tci = 0x0B;
+	msg_macsec.txsc.curr_an = 0; /* SA index which currently used */
+
+	/*
+	 * Creating SCI (Secure Channel Identifier).
+	 * SCI constructed from Source MAC and Port identifier
+	 */
+	uint32_t sci_hi_part = (msg_macsec.txsc.mac_sa[1] << 16) |
+			       (msg_macsec.txsc.mac_sa[0] >> 16);
+	uint32_t sci_low_part = (msg_macsec.txsc.mac_sa[0] << 16);
+
+	uint32_t port_identifier = 1;
+
+	msg_macsec.txsc.sci[1] = sci_hi_part;
+	msg_macsec.txsc.sci[0] = sci_low_part | port_identifier;
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Configure RX SC */
+
+	msg_macsec.msg_type = macsec_add_rx_sc_msg;
+	msg_macsec.rxsc.index = aqcfg->rxsc.pi;
+	msg_macsec.rxsc.replay_protect =
+		aqcfg->common.replay_protection_enabled;
+	msg_macsec.rxsc.anti_replay_window = 0;
+
+	/* MAC addr for RX */
+	msg_macsec.rxsc.mac_da[0] = rte_bswap32(aqcfg->rxsc.mac[1]);
+	msg_macsec.rxsc.mac_da[1] = rte_bswap32(aqcfg->rxsc.mac[0]);
+	msg_macsec.rxsc.da_mask = 0;//0x3f;
+
+	msg_macsec.rxsc.sa_mask = 0;
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Configure RX SC */
+
+	msg_macsec.msg_type = macsec_add_tx_sa_msg;
+	msg_macsec.txsa.index = aqcfg->txsa.idx;
+	msg_macsec.txsa.next_pn = aqcfg->txsa.pn;
+
+	msg_macsec.txsa.key[0] = rte_bswap32(aqcfg->txsa.key[3]);
+	msg_macsec.txsa.key[1] = rte_bswap32(aqcfg->txsa.key[2]);
+	msg_macsec.txsa.key[2] = rte_bswap32(aqcfg->txsa.key[1]);
+	msg_macsec.txsa.key[3] = rte_bswap32(aqcfg->txsa.key[0]);
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Configure RX SA */
+
+	msg_macsec.msg_type = macsec_add_rx_sa_msg;
+	msg_macsec.rxsa.index = aqcfg->rxsa.idx;
+	msg_macsec.rxsa.next_pn = aqcfg->rxsa.pn;
+
+	msg_macsec.rxsa.key[0] = rte_bswap32(aqcfg->rxsa.key[3]);
+	msg_macsec.rxsa.key[1] = rte_bswap32(aqcfg->rxsa.key[2]);
+	msg_macsec.rxsa.key[2] = rte_bswap32(aqcfg->rxsa.key[1]);
+	msg_macsec.rxsa.key[3] = rte_bswap32(aqcfg->rxsa.key[0]);
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	return 0;
+}
+
+static int atl_macsec_enable(struct rte_eth_dev *dev,
+			     uint8_t encr, uint8_t repl_prot)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.common.macsec_enabled = 1;
+	cfg->aq_macsec.common.encryption_enabled = encr;
+	cfg->aq_macsec.common.replay_protection_enabled = repl_prot;
+
+	return 0;
+}
+
+static int atl_macsec_disable(struct rte_eth_dev *dev)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.common.macsec_enabled = 0;
+
+	return 0;
+}
+
+static int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	memset(&cfg->aq_macsec.txsc.mac, 0, sizeof(cfg->aq_macsec.txsc.mac));
+	memcpy((uint8_t *)&cfg->aq_macsec.txsc.mac + 2, mac, ETHER_ADDR_LEN);
+
+	return 0;
+}
+
+static int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+				  uint8_t *mac, uint16_t pi)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	memset(&cfg->aq_macsec.rxsc.mac, 0, sizeof(cfg->aq_macsec.rxsc.mac));
+	memcpy((uint8_t *)&cfg->aq_macsec.rxsc.mac + 2, mac, ETHER_ADDR_LEN);
+	cfg->aq_macsec.rxsc.pi = pi;
+
+	return 0;
+}
+
+static int atl_macsec_select_txsa(struct rte_eth_dev *dev,
+				  uint8_t idx, uint8_t an,
+				  uint32_t pn, uint8_t *key)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.txsa.idx = idx;
+	cfg->aq_macsec.txsa.pn = pn;
+	cfg->aq_macsec.txsa.an = an;
+
+	memcpy(&cfg->aq_macsec.txsa.key, key, 16);
+	return 0;
+}
+
+static int atl_macsec_select_rxsa(struct rte_eth_dev *dev,
+				  uint8_t idx, uint8_t an,
+				  uint32_t pn, uint8_t *key)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.rxsa.idx = idx;
+	cfg->aq_macsec.rxsa.pn = pn;
+	cfg->aq_macsec.rxsa.an = an;
+
+	memcpy(&cfg->aq_macsec.rxsa.key, key, 16);
+	return 0;
+}
 
 static int
 atl_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats *stats)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH  05/10] net/atlantic: macsec configuration code
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code Igor Russkikh
@ 2019-04-10 11:18   ` Igor Russkikh
  0 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:18 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

This is a driver side of macsec configuration routines.
It fills in config structures and sends requests to FW
for configuration activities.

We also declare macsec offload bits in DPDK offload capabilities

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_ethdev.c | 220 ++++++++++++++++++++++++++++++
 1 file changed, 220 insertions(+)

diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 8327863cd9b6..502ef5308b4d 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -122,6 +122,18 @@ static int eth_atl_pci_remove(struct rte_pci_device *pci_dev);
 static void atl_dev_info_get(struct rte_eth_dev *dev,
 				struct rte_eth_dev_info *dev_info);
 
+static int atl_macsec_enable(struct rte_eth_dev *dev, uint8_t encr,
+			     uint8_t repl_prot);
+static int atl_macsec_disable(struct rte_eth_dev *dev);
+static int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+static int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+				  uint8_t *mac, uint16_t pi);
+static int atl_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+				  uint8_t an, uint32_t pn, uint8_t *key);
+
+static int atl_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+				  uint8_t an, uint32_t pn, uint8_t *key);
+
 int atl_logtype_init;
 int atl_logtype_driver;
 
@@ -167,6 +179,7 @@ static struct rte_pci_driver rte_atl_pmd = {
 			| DEV_RX_OFFLOAD_UDP_CKSUM \
 			| DEV_RX_OFFLOAD_TCP_CKSUM \
 			| DEV_RX_OFFLOAD_JUMBO_FRAME \
+			| DEV_RX_OFFLOAD_MACSEC_STRIP \
 			| DEV_RX_OFFLOAD_VLAN_FILTER)
 
 #define ATL_TX_OFFLOADS (DEV_TX_OFFLOAD_VLAN_INSERT \
@@ -174,6 +187,7 @@ static struct rte_pci_driver rte_atl_pmd = {
 			| DEV_TX_OFFLOAD_UDP_CKSUM \
 			| DEV_TX_OFFLOAD_TCP_CKSUM \
 			| DEV_TX_OFFLOAD_TCP_TSO \
+			| DEV_TX_OFFLOAD_MACSEC_INSERT \
 			| DEV_TX_OFFLOAD_MULTI_SEGS)
 
 static const struct rte_eth_desc_lim rx_desc_lim = {
@@ -295,6 +309,13 @@ static const struct eth_dev_ops atl_eth_dev_ops = {
 	.reta_query           = atl_reta_query,
 	.rss_hash_update      = atl_rss_hash_update,
 	.rss_hash_conf_get    = atl_rss_hash_conf_get,
+
+	.macsec_enable        = atl_macsec_enable,
+	.macsec_disable       = atl_macsec_disable,
+	.macsec_config_rxsc   = atl_macsec_config_rxsc,
+	.macsec_config_txsc   = atl_macsec_config_txsc,
+	.macsec_select_rxsa   = atl_macsec_select_rxsa,
+	.macsec_select_txsa   = atl_macsec_select_txsa,
 };
 
 static inline int32_t
@@ -698,6 +719,205 @@ atl_dev_reset(struct rte_eth_dev *dev)
 	return ret;
 }
 
+static int
+atl_dev_configure_macsec(struct rte_eth_dev *dev)
+{
+	struct aq_hw_s *hw = ATL_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+	struct aq_hw_cfg_s *cf = ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+	struct aq_macsec_config *aqcfg = &cf->aq_macsec;
+	struct macsec_msg_fw_request msg_macsec;
+	struct macsec_msg_fw_response response;
+
+	if (!aqcfg->common.macsec_enabled ||
+	    hw->aq_fw_ops->send_macsec_req == NULL)
+		return 0;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Creating set of sc/sa structures from parameters provided by DPDK */
+
+	/* Configure macsec */
+	msg_macsec.msg_type = macsec_cfg_msg;
+	msg_macsec.cfg.enabled = aqcfg->common.macsec_enabled;
+	msg_macsec.cfg.interrupts_enabled = 1;
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Configure TX SC */
+
+	msg_macsec.msg_type = macsec_add_tx_sc_msg;
+	msg_macsec.txsc.index = 0; /* TXSC always one (??) */
+	msg_macsec.txsc.protect = aqcfg->common.encryption_enabled;
+
+	/* MAC addr for TX */
+	msg_macsec.txsc.mac_sa[0] = rte_bswap32(aqcfg->txsc.mac[1]);
+	msg_macsec.txsc.mac_sa[1] = rte_bswap32(aqcfg->txsc.mac[0]);
+	msg_macsec.txsc.sa_mask = 0x3f;
+
+	msg_macsec.txsc.da_mask = 0;
+	msg_macsec.txsc.tci = 0x0B;
+	msg_macsec.txsc.curr_an = 0; /* SA index which currently used */
+
+	/*
+	 * Creating SCI (Secure Channel Identifier).
+	 * SCI constructed from Source MAC and Port identifier
+	 */
+	uint32_t sci_hi_part = (msg_macsec.txsc.mac_sa[1] << 16) |
+			       (msg_macsec.txsc.mac_sa[0] >> 16);
+	uint32_t sci_low_part = (msg_macsec.txsc.mac_sa[0] << 16);
+
+	uint32_t port_identifier = 1;
+
+	msg_macsec.txsc.sci[1] = sci_hi_part;
+	msg_macsec.txsc.sci[0] = sci_low_part | port_identifier;
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Configure RX SC */
+
+	msg_macsec.msg_type = macsec_add_rx_sc_msg;
+	msg_macsec.rxsc.index = aqcfg->rxsc.pi;
+	msg_macsec.rxsc.replay_protect =
+		aqcfg->common.replay_protection_enabled;
+	msg_macsec.rxsc.anti_replay_window = 0;
+
+	/* MAC addr for RX */
+	msg_macsec.rxsc.mac_da[0] = rte_bswap32(aqcfg->rxsc.mac[1]);
+	msg_macsec.rxsc.mac_da[1] = rte_bswap32(aqcfg->rxsc.mac[0]);
+	msg_macsec.rxsc.da_mask = 0;//0x3f;
+
+	msg_macsec.rxsc.sa_mask = 0;
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Configure RX SC */
+
+	msg_macsec.msg_type = macsec_add_tx_sa_msg;
+	msg_macsec.txsa.index = aqcfg->txsa.idx;
+	msg_macsec.txsa.next_pn = aqcfg->txsa.pn;
+
+	msg_macsec.txsa.key[0] = rte_bswap32(aqcfg->txsa.key[3]);
+	msg_macsec.txsa.key[1] = rte_bswap32(aqcfg->txsa.key[2]);
+	msg_macsec.txsa.key[2] = rte_bswap32(aqcfg->txsa.key[1]);
+	msg_macsec.txsa.key[3] = rte_bswap32(aqcfg->txsa.key[0]);
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+	/* Configure RX SA */
+
+	msg_macsec.msg_type = macsec_add_rx_sa_msg;
+	msg_macsec.rxsa.index = aqcfg->rxsa.idx;
+	msg_macsec.rxsa.next_pn = aqcfg->rxsa.pn;
+
+	msg_macsec.rxsa.key[0] = rte_bswap32(aqcfg->rxsa.key[3]);
+	msg_macsec.rxsa.key[1] = rte_bswap32(aqcfg->rxsa.key[2]);
+	msg_macsec.rxsa.key[2] = rte_bswap32(aqcfg->rxsa.key[1]);
+	msg_macsec.rxsa.key[3] = rte_bswap32(aqcfg->rxsa.key[0]);
+
+	hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+	if (response.result)
+		return -1;
+
+	return 0;
+}
+
+static int atl_macsec_enable(struct rte_eth_dev *dev,
+			     uint8_t encr, uint8_t repl_prot)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.common.macsec_enabled = 1;
+	cfg->aq_macsec.common.encryption_enabled = encr;
+	cfg->aq_macsec.common.replay_protection_enabled = repl_prot;
+
+	return 0;
+}
+
+static int atl_macsec_disable(struct rte_eth_dev *dev)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.common.macsec_enabled = 0;
+
+	return 0;
+}
+
+static int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	memset(&cfg->aq_macsec.txsc.mac, 0, sizeof(cfg->aq_macsec.txsc.mac));
+	memcpy((uint8_t *)&cfg->aq_macsec.txsc.mac + 2, mac, ETHER_ADDR_LEN);
+
+	return 0;
+}
+
+static int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+				  uint8_t *mac, uint16_t pi)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	memset(&cfg->aq_macsec.rxsc.mac, 0, sizeof(cfg->aq_macsec.rxsc.mac));
+	memcpy((uint8_t *)&cfg->aq_macsec.rxsc.mac + 2, mac, ETHER_ADDR_LEN);
+	cfg->aq_macsec.rxsc.pi = pi;
+
+	return 0;
+}
+
+static int atl_macsec_select_txsa(struct rte_eth_dev *dev,
+				  uint8_t idx, uint8_t an,
+				  uint32_t pn, uint8_t *key)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.txsa.idx = idx;
+	cfg->aq_macsec.txsa.pn = pn;
+	cfg->aq_macsec.txsa.an = an;
+
+	memcpy(&cfg->aq_macsec.txsa.key, key, 16);
+	return 0;
+}
+
+static int atl_macsec_select_rxsa(struct rte_eth_dev *dev,
+				  uint8_t idx, uint8_t an,
+				  uint32_t pn, uint8_t *key)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.rxsa.idx = idx;
+	cfg->aq_macsec.rxsa.pn = pn;
+	cfg->aq_macsec.rxsa.an = an;
+
+	memcpy(&cfg->aq_macsec.rxsa.key, key, 16);
+	return 0;
+}
 
 static int
 atl_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats *stats)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH  06/10] net/atlantic: macsec firmware interface
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
                   ` (5 preceding siblings ...)
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code Igor Russkikh
@ 2019-04-10 11:19 ` Igor Russkikh
  2019-04-10 11:19   ` Igor Russkikh
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events Igor Russkikh
                   ` (3 subsequent siblings)
  10 siblings, 1 reply; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

Implementation of firmware interface for macsec configuration.
Structure with config data is written into FW memory, then we trigger
FW to execute the request and wait for result.

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_types.h              |  2 +
 .../net/atlantic/hw_atl/hw_atl_utils_fw2x.c   | 51 +++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/drivers/net/atlantic/atl_types.h b/drivers/net/atlantic/atl_types.h
index 3cc9e96089e8..dbaf2c635f50 100644
--- a/drivers/net/atlantic/atl_types.h
+++ b/drivers/net/atlantic/atl_types.h
@@ -128,6 +128,8 @@ struct aq_hw_s {
 	struct hw_atl_stats_s last_stats;
 	struct aq_stats_s curr_stats;
 
+	u32 caps_lo;
+
 	u64 speed;
 	unsigned int chip_features;
 	u32 fw_ver_actual;
diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
index f215ceb70435..89a3759b89b4 100644
--- a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
+++ b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
@@ -62,6 +62,7 @@ static int aq_fw2x_set_state(struct aq_hw_s *self,
 static int aq_fw2x_init(struct aq_hw_s *self)
 {
 	int err = 0;
+	struct hw_aq_atl_utils_mbox mbox;
 
 	/* check 10 times by 1ms */
 	AQ_HW_WAIT_FOR(0U != (self->mbox_addr =
@@ -70,6 +71,12 @@ static int aq_fw2x_init(struct aq_hw_s *self)
 	AQ_HW_WAIT_FOR(0U != (self->rpc_addr =
 		       aq_hw_read_reg(self, HW_ATL_FW2X_MPI_RPC_ADDR)),
 		       1000U, 100U);
+
+	/* Read caps */
+	hw_atl_utils_mpi_read_stats(self, &mbox);
+
+	self->caps_lo = mbox.info.caps_lo;
+
 	return err;
 }
 
@@ -623,6 +630,49 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, int dev_addr,
 	return 0;
 }
 
+static int aq_fw2x_send_macsec_request(struct aq_hw_s *self,
+				struct macsec_msg_fw_request *req,
+				struct macsec_msg_fw_response *response)
+{
+	int err = 0;
+	u32 mpi_opts = 0;
+
+	if (!response || !response)
+		return 0;
+
+	if ((self->caps_lo & BIT(CAPS_LO_MACSEC)) == 0)
+		return -EOPNOTSUPP;
+
+	/* Write macsec request to cfg memory */
+	err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr,
+		(u32 *)(void *)req,
+		RTE_ALIGN(sizeof(*req) / sizeof(u32), sizeof(u32)));
+
+	if (err < 0)
+		return err;
+
+	/* Toggle 0x368.CAPS_LO_MACSEC bit */
+	mpi_opts = aq_hw_read_reg(self, HW_ATL_FW2X_MPI_CONTROL_ADDR);
+	mpi_opts ^= BIT(CAPS_LO_MACSEC);
+
+	aq_hw_write_reg(self, HW_ATL_FW2X_MPI_CONTROL_ADDR, mpi_opts);
+
+	/* Wait until REQUEST_BIT matched in 0x370 */
+	AQ_HW_WAIT_FOR((aq_hw_read_reg(self, HW_ATL_FW2X_MPI_STATE_ADDR) &
+		BIT(CAPS_LO_MACSEC)) == (mpi_opts & BIT(CAPS_LO_MACSEC)),
+		1000U, 10000U);
+
+	if (err < 0)
+		return err;
+
+	/* Read status of write operation */
+	err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32),
+		(u32 *)(void *)response,
+		RTE_ALIGN(sizeof(*response) / sizeof(u32), sizeof(u32)));
+
+	return err;
+}
+
 const struct aq_fw_ops aq_fw_2x_ops = {
 	.init = aq_fw2x_init,
 	.deinit = aq_fw2x_deinit,
@@ -641,4 +691,5 @@ const struct aq_fw_ops aq_fw_2x_ops = {
 	.led_control = aq_fw2x_led_control,
 	.get_eeprom = aq_fw2x_get_eeprom,
 	.set_eeprom = aq_fw2x_set_eeprom,
+	.send_macsec_req = aq_fw2x_send_macsec_request,
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH  06/10] net/atlantic: macsec firmware interface
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 06/10] net/atlantic: macsec firmware interface Igor Russkikh
@ 2019-04-10 11:19   ` Igor Russkikh
  0 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

Implementation of firmware interface for macsec configuration.
Structure with config data is written into FW memory, then we trigger
FW to execute the request and wait for result.

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_types.h              |  2 +
 .../net/atlantic/hw_atl/hw_atl_utils_fw2x.c   | 51 +++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/drivers/net/atlantic/atl_types.h b/drivers/net/atlantic/atl_types.h
index 3cc9e96089e8..dbaf2c635f50 100644
--- a/drivers/net/atlantic/atl_types.h
+++ b/drivers/net/atlantic/atl_types.h
@@ -128,6 +128,8 @@ struct aq_hw_s {
 	struct hw_atl_stats_s last_stats;
 	struct aq_stats_s curr_stats;
 
+	u32 caps_lo;
+
 	u64 speed;
 	unsigned int chip_features;
 	u32 fw_ver_actual;
diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
index f215ceb70435..89a3759b89b4 100644
--- a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
+++ b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
@@ -62,6 +62,7 @@ static int aq_fw2x_set_state(struct aq_hw_s *self,
 static int aq_fw2x_init(struct aq_hw_s *self)
 {
 	int err = 0;
+	struct hw_aq_atl_utils_mbox mbox;
 
 	/* check 10 times by 1ms */
 	AQ_HW_WAIT_FOR(0U != (self->mbox_addr =
@@ -70,6 +71,12 @@ static int aq_fw2x_init(struct aq_hw_s *self)
 	AQ_HW_WAIT_FOR(0U != (self->rpc_addr =
 		       aq_hw_read_reg(self, HW_ATL_FW2X_MPI_RPC_ADDR)),
 		       1000U, 100U);
+
+	/* Read caps */
+	hw_atl_utils_mpi_read_stats(self, &mbox);
+
+	self->caps_lo = mbox.info.caps_lo;
+
 	return err;
 }
 
@@ -623,6 +630,49 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, int dev_addr,
 	return 0;
 }
 
+static int aq_fw2x_send_macsec_request(struct aq_hw_s *self,
+				struct macsec_msg_fw_request *req,
+				struct macsec_msg_fw_response *response)
+{
+	int err = 0;
+	u32 mpi_opts = 0;
+
+	if (!response || !response)
+		return 0;
+
+	if ((self->caps_lo & BIT(CAPS_LO_MACSEC)) == 0)
+		return -EOPNOTSUPP;
+
+	/* Write macsec request to cfg memory */
+	err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr,
+		(u32 *)(void *)req,
+		RTE_ALIGN(sizeof(*req) / sizeof(u32), sizeof(u32)));
+
+	if (err < 0)
+		return err;
+
+	/* Toggle 0x368.CAPS_LO_MACSEC bit */
+	mpi_opts = aq_hw_read_reg(self, HW_ATL_FW2X_MPI_CONTROL_ADDR);
+	mpi_opts ^= BIT(CAPS_LO_MACSEC);
+
+	aq_hw_write_reg(self, HW_ATL_FW2X_MPI_CONTROL_ADDR, mpi_opts);
+
+	/* Wait until REQUEST_BIT matched in 0x370 */
+	AQ_HW_WAIT_FOR((aq_hw_read_reg(self, HW_ATL_FW2X_MPI_STATE_ADDR) &
+		BIT(CAPS_LO_MACSEC)) == (mpi_opts & BIT(CAPS_LO_MACSEC)),
+		1000U, 10000U);
+
+	if (err < 0)
+		return err;
+
+	/* Read status of write operation */
+	err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32),
+		(u32 *)(void *)response,
+		RTE_ALIGN(sizeof(*response) / sizeof(u32), sizeof(u32)));
+
+	return err;
+}
+
 const struct aq_fw_ops aq_fw_2x_ops = {
 	.init = aq_fw2x_init,
 	.deinit = aq_fw2x_deinit,
@@ -641,4 +691,5 @@ const struct aq_fw_ops aq_fw_2x_ops = {
 	.led_control = aq_fw2x_led_control,
 	.get_eeprom = aq_fw2x_get_eeprom,
 	.set_eeprom = aq_fw2x_set_eeprom,
+	.send_macsec_req = aq_fw2x_send_macsec_request,
 };
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
                   ` (6 preceding siblings ...)
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 06/10] net/atlantic: macsec firmware interface Igor Russkikh
@ 2019-04-10 11:19 ` Igor Russkikh
  2019-04-10 11:19   ` Igor Russkikh
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics Igor Russkikh
                   ` (2 subsequent siblings)
  10 siblings, 1 reply; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

MACSEC should be configured only after link up event, thus we use
link interrupt to file an alarm for configuration.

FW also uses link interrupt line to indicate incoming events from
MACSEC. These may include key expiration, packet counter wrap, etc.
We pass these events to the upper layers.

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_ethdev.c | 66 ++++++++++++++++++++++++++-----
 drivers/net/atlantic/atl_ethdev.h |  2 +-
 2 files changed, 57 insertions(+), 11 deletions(-)

diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 502ef5308b4d..4a6975dcf104 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -4,6 +4,7 @@
 
 #include <rte_string_fns.h>
 #include <rte_ethdev_pci.h>
+#include <rte_alarm.h>
 
 #include "atl_ethdev.h"
 #include "atl_common.h"
@@ -1089,13 +1090,20 @@ atl_dev_supported_ptypes_get(struct rte_eth_dev *dev)
 	return NULL;
 }
 
+static void
+atl_dev_delayed_handler(void *param)
+{
+	struct rte_eth_dev *dev = (struct rte_eth_dev *)param;
+
+	atl_dev_configure_macsec(dev);
+}
+
+
 /* return 0 means link status changed, -1 means not changed */
 static int
 atl_dev_link_update(struct rte_eth_dev *dev, int wait __rte_unused)
 {
 	struct aq_hw_s *hw = ATL_DEV_PRIVATE_TO_HW(dev->data->dev_private);
-	struct atl_interrupt *intr =
-		ATL_DEV_PRIVATE_TO_INTR(dev->data->dev_private);
 	struct rte_eth_link link, old;
 	int err = 0;
 
@@ -1122,8 +1130,6 @@ atl_dev_link_update(struct rte_eth_dev *dev, int wait __rte_unused)
 		return 0;
 	}
 
-	intr->flags &= ~ATL_FLAG_NEED_LINK_CONFIG;
-
 	link.link_status = ETH_LINK_UP;
 	link.link_duplex = ETH_LINK_FULL_DUPLEX;
 	link.link_speed = hw->aq_link_status.mbps;
@@ -1133,6 +1139,10 @@ atl_dev_link_update(struct rte_eth_dev *dev, int wait __rte_unused)
 	if (link.link_status == old.link_status)
 		return -1;
 
+	if (rte_eal_alarm_set(1000 * 1000,
+			      atl_dev_delayed_handler, (void *)dev) < 0)
+		PMD_DRV_LOG(ERR, "rte_eal_alarm_set fail");
+
 	return 0;
 }
 
@@ -1210,8 +1220,9 @@ atl_dev_interrupt_get_status(struct rte_eth_dev *dev)
 	hw_atl_b0_hw_irq_read(hw, &cause);
 
 	atl_disable_intr(hw);
-	intr->flags = cause & BIT(ATL_IRQ_CAUSE_LINK) ?
-			ATL_FLAG_NEED_LINK_UPDATE : 0;
+
+	if (cause & BIT(ATL_IRQ_CAUSE_LINK))
+		intr->flags |= ATL_FLAG_NEED_LINK_UPDATE;
 
 	return 0;
 }
@@ -1276,15 +1287,50 @@ atl_dev_interrupt_action(struct rte_eth_dev *dev,
 {
 	struct atl_interrupt *intr =
 		ATL_DEV_PRIVATE_TO_INTR(dev->data->dev_private);
+	struct atl_adapter *adapter =
+		(struct atl_adapter *)dev->data->dev_private;
+	struct aq_hw_s *hw = &adapter->hw;
+
+	if (!(intr->flags & ATL_FLAG_NEED_LINK_UPDATE))
+		goto done;
 
-	if (intr->flags & ATL_FLAG_NEED_LINK_UPDATE) {
-		atl_dev_link_update(dev, 0);
-		intr->flags &= ~ATL_FLAG_NEED_LINK_UPDATE;
+	intr->flags &= ~ATL_FLAG_NEED_LINK_UPDATE;
+
+	/* Notify userapp if link status changed */
+	if (!atl_dev_link_update(dev, 0)) {
 		atl_dev_link_status_print(dev);
 		_rte_eth_dev_callback_process(dev,
 			RTE_ETH_EVENT_INTR_LSC, NULL);
+	} else {
+		if (hw->aq_fw_ops->send_macsec_req == NULL)
+			goto done;
+
+		/* Check macsec Keys expired */
+		struct get_stats req = { 0 };
+		struct macsec_msg_fw_request msg = { 0 };
+		struct macsec_msg_fw_response resp = { 0 };
+
+		req.ingress_sa_index = 0x0;
+		req.egress_sc_index = 0x0;
+		req.egress_sa_index = 0x0;
+		msg.msg_type = macsec_get_stats_msg;
+		msg.stats = req;
+
+		int err = hw->aq_fw_ops->send_macsec_req(hw, &msg, &resp);
+		if (err) {
+			PMD_DRV_LOG(ERR, "send_macsec_req fail");
+			goto done;
+		}
+		if (resp.stats.egress_threshold_expired ||
+		    resp.stats.ingress_threshold_expired ||
+		    resp.stats.egress_expired ||
+		    resp.stats.ingress_expired) {
+			PMD_DRV_LOG(INFO, "RTE_ETH_EVENT_MACSEC");
+			_rte_eth_dev_callback_process(dev,
+				RTE_ETH_EVENT_MACSEC, NULL);
+		}
 	}
-
+done:
 	atl_enable_intr(dev);
 	rte_intr_enable(intr_handle);
 
diff --git a/drivers/net/atlantic/atl_ethdev.h b/drivers/net/atlantic/atl_ethdev.h
index 1e29999b539c..cdb48e79472d 100644
--- a/drivers/net/atlantic/atl_ethdev.h
+++ b/drivers/net/atlantic/atl_ethdev.h
@@ -34,7 +34,7 @@
 	(&((struct atl_adapter *)adapter)->hw_cfg)
 
 #define ATL_FLAG_NEED_LINK_UPDATE (uint32_t)(1 << 0)
-#define ATL_FLAG_NEED_LINK_CONFIG (uint32_t)(4 << 0)
+#define ATL_FLAG_MACSEC (uint32_t)(4 << 0)
 
 struct atl_interrupt {
 	uint32_t flags;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events Igor Russkikh
@ 2019-04-10 11:19   ` Igor Russkikh
  0 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

MACSEC should be configured only after link up event, thus we use
link interrupt to file an alarm for configuration.

FW also uses link interrupt line to indicate incoming events from
MACSEC. These may include key expiration, packet counter wrap, etc.
We pass these events to the upper layers.

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_ethdev.c | 66 ++++++++++++++++++++++++++-----
 drivers/net/atlantic/atl_ethdev.h |  2 +-
 2 files changed, 57 insertions(+), 11 deletions(-)

diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 502ef5308b4d..4a6975dcf104 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -4,6 +4,7 @@
 
 #include <rte_string_fns.h>
 #include <rte_ethdev_pci.h>
+#include <rte_alarm.h>
 
 #include "atl_ethdev.h"
 #include "atl_common.h"
@@ -1089,13 +1090,20 @@ atl_dev_supported_ptypes_get(struct rte_eth_dev *dev)
 	return NULL;
 }
 
+static void
+atl_dev_delayed_handler(void *param)
+{
+	struct rte_eth_dev *dev = (struct rte_eth_dev *)param;
+
+	atl_dev_configure_macsec(dev);
+}
+
+
 /* return 0 means link status changed, -1 means not changed */
 static int
 atl_dev_link_update(struct rte_eth_dev *dev, int wait __rte_unused)
 {
 	struct aq_hw_s *hw = ATL_DEV_PRIVATE_TO_HW(dev->data->dev_private);
-	struct atl_interrupt *intr =
-		ATL_DEV_PRIVATE_TO_INTR(dev->data->dev_private);
 	struct rte_eth_link link, old;
 	int err = 0;
 
@@ -1122,8 +1130,6 @@ atl_dev_link_update(struct rte_eth_dev *dev, int wait __rte_unused)
 		return 0;
 	}
 
-	intr->flags &= ~ATL_FLAG_NEED_LINK_CONFIG;
-
 	link.link_status = ETH_LINK_UP;
 	link.link_duplex = ETH_LINK_FULL_DUPLEX;
 	link.link_speed = hw->aq_link_status.mbps;
@@ -1133,6 +1139,10 @@ atl_dev_link_update(struct rte_eth_dev *dev, int wait __rte_unused)
 	if (link.link_status == old.link_status)
 		return -1;
 
+	if (rte_eal_alarm_set(1000 * 1000,
+			      atl_dev_delayed_handler, (void *)dev) < 0)
+		PMD_DRV_LOG(ERR, "rte_eal_alarm_set fail");
+
 	return 0;
 }
 
@@ -1210,8 +1220,9 @@ atl_dev_interrupt_get_status(struct rte_eth_dev *dev)
 	hw_atl_b0_hw_irq_read(hw, &cause);
 
 	atl_disable_intr(hw);
-	intr->flags = cause & BIT(ATL_IRQ_CAUSE_LINK) ?
-			ATL_FLAG_NEED_LINK_UPDATE : 0;
+
+	if (cause & BIT(ATL_IRQ_CAUSE_LINK))
+		intr->flags |= ATL_FLAG_NEED_LINK_UPDATE;
 
 	return 0;
 }
@@ -1276,15 +1287,50 @@ atl_dev_interrupt_action(struct rte_eth_dev *dev,
 {
 	struct atl_interrupt *intr =
 		ATL_DEV_PRIVATE_TO_INTR(dev->data->dev_private);
+	struct atl_adapter *adapter =
+		(struct atl_adapter *)dev->data->dev_private;
+	struct aq_hw_s *hw = &adapter->hw;
+
+	if (!(intr->flags & ATL_FLAG_NEED_LINK_UPDATE))
+		goto done;
 
-	if (intr->flags & ATL_FLAG_NEED_LINK_UPDATE) {
-		atl_dev_link_update(dev, 0);
-		intr->flags &= ~ATL_FLAG_NEED_LINK_UPDATE;
+	intr->flags &= ~ATL_FLAG_NEED_LINK_UPDATE;
+
+	/* Notify userapp if link status changed */
+	if (!atl_dev_link_update(dev, 0)) {
 		atl_dev_link_status_print(dev);
 		_rte_eth_dev_callback_process(dev,
 			RTE_ETH_EVENT_INTR_LSC, NULL);
+	} else {
+		if (hw->aq_fw_ops->send_macsec_req == NULL)
+			goto done;
+
+		/* Check macsec Keys expired */
+		struct get_stats req = { 0 };
+		struct macsec_msg_fw_request msg = { 0 };
+		struct macsec_msg_fw_response resp = { 0 };
+
+		req.ingress_sa_index = 0x0;
+		req.egress_sc_index = 0x0;
+		req.egress_sa_index = 0x0;
+		msg.msg_type = macsec_get_stats_msg;
+		msg.stats = req;
+
+		int err = hw->aq_fw_ops->send_macsec_req(hw, &msg, &resp);
+		if (err) {
+			PMD_DRV_LOG(ERR, "send_macsec_req fail");
+			goto done;
+		}
+		if (resp.stats.egress_threshold_expired ||
+		    resp.stats.ingress_threshold_expired ||
+		    resp.stats.egress_expired ||
+		    resp.stats.ingress_expired) {
+			PMD_DRV_LOG(INFO, "RTE_ETH_EVENT_MACSEC");
+			_rte_eth_dev_callback_process(dev,
+				RTE_ETH_EVENT_MACSEC, NULL);
+		}
 	}
-
+done:
 	atl_enable_intr(dev);
 	rte_intr_enable(intr_handle);
 
diff --git a/drivers/net/atlantic/atl_ethdev.h b/drivers/net/atlantic/atl_ethdev.h
index 1e29999b539c..cdb48e79472d 100644
--- a/drivers/net/atlantic/atl_ethdev.h
+++ b/drivers/net/atlantic/atl_ethdev.h
@@ -34,7 +34,7 @@
 	(&((struct atl_adapter *)adapter)->hw_cfg)
 
 #define ATL_FLAG_NEED_LINK_UPDATE (uint32_t)(1 << 0)
-#define ATL_FLAG_NEED_LINK_CONFIG (uint32_t)(4 << 0)
+#define ATL_FLAG_MACSEC (uint32_t)(4 << 0)
 
 struct atl_interrupt {
 	uint32_t flags;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
                   ` (7 preceding siblings ...)
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events Igor Russkikh
@ 2019-04-10 11:19 ` Igor Russkikh
  2019-04-10 11:19   ` Igor Russkikh
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version Igor Russkikh
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
  10 siblings, 1 reply; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

We add extra xstat fields to include macsec counters and stats

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_ethdev.c | 82 +++++++++++++++++++++++++++++--
 1 file changed, 77 insertions(+), 5 deletions(-)

diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 4a6975dcf104..439a165664af 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -205,14 +205,27 @@ static const struct rte_eth_desc_lim tx_desc_lim = {
 	.nb_mtu_seg_max = ATL_TX_MAX_SEG,
 };
 
+enum atl_xstats_type {
+	XSTATS_TYPE_MSM = 0,
+	XSTATS_TYPE_MACSEC,
+};
+
 #define ATL_XSTATS_FIELD(name) { \
 	#name, \
-	offsetof(struct aq_stats_s, name) \
+	offsetof(struct aq_stats_s, name), \
+	XSTATS_TYPE_MSM \
+}
+
+#define ATL_MACSEC_XSTATS_FIELD(name) { \
+	#name, \
+	offsetof(struct macsec_stats, name), \
+	XSTATS_TYPE_MACSEC \
 }
 
 struct atl_xstats_tbl_s {
 	const char *name;
 	unsigned int offset;
+	enum atl_xstats_type type;
 };
 
 static struct atl_xstats_tbl_s atl_xstats_tbl[] = {
@@ -230,6 +243,38 @@ static struct atl_xstats_tbl_s atl_xstats_tbl[] = {
 	ATL_XSTATS_FIELD(mbtc),
 	ATL_XSTATS_FIELD(bbrc),
 	ATL_XSTATS_FIELD(bbtc),
+	/* Ingress Common Counters */
+	ATL_MACSEC_XSTATS_FIELD(in_ctl_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_tagged_miss_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_untagged_miss_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_notag_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_untagged_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_bad_tag_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_no_sci_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_unknown_sci_pkts),
+	/* Ingress SA Counters */
+	ATL_MACSEC_XSTATS_FIELD(in_untagged_hit_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_not_using_sa),
+	ATL_MACSEC_XSTATS_FIELD(in_unused_sa),
+	ATL_MACSEC_XSTATS_FIELD(in_not_valid_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_invalid_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_ok_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_unchecked_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_validated_octets),
+	ATL_MACSEC_XSTATS_FIELD(in_decrypted_octets),
+	/* Egress Common Counters */
+	ATL_MACSEC_XSTATS_FIELD(out_ctl_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_unknown_sa_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_untagged_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_too_long),
+	/* Egress SC Counters */
+	ATL_MACSEC_XSTATS_FIELD(out_sc_protected_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_sc_encrypted_pkts),
+	/* Egress SA Counters */
+	ATL_MACSEC_XSTATS_FIELD(out_sa_hit_drop_redirect),
+	ATL_MACSEC_XSTATS_FIELD(out_sa_protected2_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_sa_protected_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_sa_encrypted_pkts),
 };
 
 static const struct eth_dev_ops atl_eth_dev_ops = {
@@ -987,19 +1032,46 @@ static int
 atl_dev_xstats_get(struct rte_eth_dev *dev, struct rte_eth_xstat *stats,
 		   unsigned int n)
 {
-	struct atl_adapter *adapter = ATL_DEV_TO_ADAPTER(dev);
+	struct atl_adapter *adapter =
+	(struct atl_adapter *)dev->data->dev_private;
 	struct aq_hw_s *hw = &adapter->hw;
+	struct get_stats req = { 0 };
+	struct macsec_msg_fw_request msg = { 0 };
+	struct macsec_msg_fw_response resp = { 0 };
+	int err = -1;
 	unsigned int i;
 
 	if (!stats)
 		return 0;
 
+	if (hw->aq_fw_ops->send_macsec_req != NULL) {
+		req.ingress_sa_index = 0xff;
+		req.egress_sc_index = 0xff;
+		req.egress_sa_index = 0xff;
+
+		msg.msg_type = macsec_get_stats_msg;
+		msg.stats = req;
+
+		err = hw->aq_fw_ops->send_macsec_req(hw, &msg, &resp);
+	}
+
 	for (i = 0; i < n && i < RTE_DIM(atl_xstats_tbl); i++) {
 		stats[i].id = i;
-		stats[i].value = *(u64 *)((uint8_t *)&hw->curr_stats +
-					atl_xstats_tbl[i].offset);
-	}
 
+		switch (atl_xstats_tbl[i].type) {
+		case XSTATS_TYPE_MSM:
+			stats[i].value = *(u64 *)((uint8_t *)&hw->curr_stats +
+					 atl_xstats_tbl[i].offset);
+			break;
+		case XSTATS_TYPE_MACSEC:
+			if (err)
+				goto done;
+			stats[i].value = *(u64 *)((uint8_t *)&resp.stats +
+					 atl_xstats_tbl[i].offset);
+			break;
+		}
+	}
+done:
 	return i;
 }
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics Igor Russkikh
@ 2019-04-10 11:19   ` Igor Russkikh
  0 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

We add extra xstat fields to include macsec counters and stats

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_ethdev.c | 82 +++++++++++++++++++++++++++++--
 1 file changed, 77 insertions(+), 5 deletions(-)

diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 4a6975dcf104..439a165664af 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -205,14 +205,27 @@ static const struct rte_eth_desc_lim tx_desc_lim = {
 	.nb_mtu_seg_max = ATL_TX_MAX_SEG,
 };
 
+enum atl_xstats_type {
+	XSTATS_TYPE_MSM = 0,
+	XSTATS_TYPE_MACSEC,
+};
+
 #define ATL_XSTATS_FIELD(name) { \
 	#name, \
-	offsetof(struct aq_stats_s, name) \
+	offsetof(struct aq_stats_s, name), \
+	XSTATS_TYPE_MSM \
+}
+
+#define ATL_MACSEC_XSTATS_FIELD(name) { \
+	#name, \
+	offsetof(struct macsec_stats, name), \
+	XSTATS_TYPE_MACSEC \
 }
 
 struct atl_xstats_tbl_s {
 	const char *name;
 	unsigned int offset;
+	enum atl_xstats_type type;
 };
 
 static struct atl_xstats_tbl_s atl_xstats_tbl[] = {
@@ -230,6 +243,38 @@ static struct atl_xstats_tbl_s atl_xstats_tbl[] = {
 	ATL_XSTATS_FIELD(mbtc),
 	ATL_XSTATS_FIELD(bbrc),
 	ATL_XSTATS_FIELD(bbtc),
+	/* Ingress Common Counters */
+	ATL_MACSEC_XSTATS_FIELD(in_ctl_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_tagged_miss_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_untagged_miss_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_notag_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_untagged_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_bad_tag_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_no_sci_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_unknown_sci_pkts),
+	/* Ingress SA Counters */
+	ATL_MACSEC_XSTATS_FIELD(in_untagged_hit_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_not_using_sa),
+	ATL_MACSEC_XSTATS_FIELD(in_unused_sa),
+	ATL_MACSEC_XSTATS_FIELD(in_not_valid_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_invalid_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_ok_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_unchecked_pkts),
+	ATL_MACSEC_XSTATS_FIELD(in_validated_octets),
+	ATL_MACSEC_XSTATS_FIELD(in_decrypted_octets),
+	/* Egress Common Counters */
+	ATL_MACSEC_XSTATS_FIELD(out_ctl_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_unknown_sa_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_untagged_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_too_long),
+	/* Egress SC Counters */
+	ATL_MACSEC_XSTATS_FIELD(out_sc_protected_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_sc_encrypted_pkts),
+	/* Egress SA Counters */
+	ATL_MACSEC_XSTATS_FIELD(out_sa_hit_drop_redirect),
+	ATL_MACSEC_XSTATS_FIELD(out_sa_protected2_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_sa_protected_pkts),
+	ATL_MACSEC_XSTATS_FIELD(out_sa_encrypted_pkts),
 };
 
 static const struct eth_dev_ops atl_eth_dev_ops = {
@@ -987,19 +1032,46 @@ static int
 atl_dev_xstats_get(struct rte_eth_dev *dev, struct rte_eth_xstat *stats,
 		   unsigned int n)
 {
-	struct atl_adapter *adapter = ATL_DEV_TO_ADAPTER(dev);
+	struct atl_adapter *adapter =
+	(struct atl_adapter *)dev->data->dev_private;
 	struct aq_hw_s *hw = &adapter->hw;
+	struct get_stats req = { 0 };
+	struct macsec_msg_fw_request msg = { 0 };
+	struct macsec_msg_fw_response resp = { 0 };
+	int err = -1;
 	unsigned int i;
 
 	if (!stats)
 		return 0;
 
+	if (hw->aq_fw_ops->send_macsec_req != NULL) {
+		req.ingress_sa_index = 0xff;
+		req.egress_sc_index = 0xff;
+		req.egress_sa_index = 0xff;
+
+		msg.msg_type = macsec_get_stats_msg;
+		msg.stats = req;
+
+		err = hw->aq_fw_ops->send_macsec_req(hw, &msg, &resp);
+	}
+
 	for (i = 0; i < n && i < RTE_DIM(atl_xstats_tbl); i++) {
 		stats[i].id = i;
-		stats[i].value = *(u64 *)((uint8_t *)&hw->curr_stats +
-					atl_xstats_tbl[i].offset);
-	}
 
+		switch (atl_xstats_tbl[i].type) {
+		case XSTATS_TYPE_MSM:
+			stats[i].value = *(u64 *)((uint8_t *)&hw->curr_stats +
+					 atl_xstats_tbl[i].offset);
+			break;
+		case XSTATS_TYPE_MACSEC:
+			if (err)
+				goto done;
+			stats[i].value = *(u64 *)((uint8_t *)&resp.stats +
+					 atl_xstats_tbl[i].offset);
+			break;
+		}
+	}
+done:
 	return i;
 }
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
                   ` (8 preceding siblings ...)
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics Igor Russkikh
@ 2019-04-10 11:19 ` Igor Russkikh
  2019-04-10 11:19   ` Igor Russkikh
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
  10 siblings, 1 reply; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

Version is synced with internal Aquantia's driver versioning

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_common.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/atlantic/atl_common.h b/drivers/net/atlantic/atl_common.h
index b3a0aa5cd212..54b3a3934044 100644
--- a/drivers/net/atlantic/atl_common.h
+++ b/drivers/net/atlantic/atl_common.h
@@ -5,7 +5,7 @@
 #ifndef AQ_COMMON_H
 #define AQ_COMMON_H
 
-#define ATL_PMD_DRIVER_VERSION "0.4.1"
+#define ATL_PMD_DRIVER_VERSION "0.6.7"
 
 #define PCI_VENDOR_ID_AQUANTIA  0x1D6A
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version Igor Russkikh
@ 2019-04-10 11:19   ` Igor Russkikh
  0 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

Version is synced with internal Aquantia's driver versioning

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 drivers/net/atlantic/atl_common.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/atlantic/atl_common.h b/drivers/net/atlantic/atl_common.h
index b3a0aa5cd212..54b3a3934044 100644
--- a/drivers/net/atlantic/atl_common.h
+++ b/drivers/net/atlantic/atl_common.h
@@ -5,7 +5,7 @@
 #ifndef AQ_COMMON_H
 #define AQ_COMMON_H
 
-#define ATL_PMD_DRIVER_VERSION "0.4.1"
+#define ATL_PMD_DRIVER_VERSION "0.6.7"
 
 #define PCI_VENDOR_ID_AQUANTIA  0x1D6A
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs
  2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
                   ` (9 preceding siblings ...)
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version Igor Russkikh
@ 2019-04-10 11:19 ` Igor Russkikh
  2019-04-10 11:19   ` Igor Russkikh
  2019-04-10 11:47   ` Thomas Monjalon
  10 siblings, 2 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

Features matrix updated, RST doc is updated with macsec

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 doc/guides/nics/atlantic.rst          | 1 +
 doc/guides/nics/features/atlantic.ini | 1 +
 2 files changed, 2 insertions(+)

diff --git a/doc/guides/nics/atlantic.rst b/doc/guides/nics/atlantic.rst
index 80591b13c185..bb7e9525c93b 100644
--- a/doc/guides/nics/atlantic.rst
+++ b/doc/guides/nics/atlantic.rst
@@ -19,6 +19,7 @@ Supported features
 - RSS (Receive Side Scaling)
 - Checksum offload
 - Jumbo Frame upto 16K
+- MACSEC offload
 
 Configuration Information
 ^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/guides/nics/features/atlantic.ini b/doc/guides/nics/features/atlantic.ini
index 5ed095b14323..2bb8ecc01789 100644
--- a/doc/guides/nics/features/atlantic.ini
+++ b/doc/guides/nics/features/atlantic.ini
@@ -20,6 +20,7 @@ VLAN filter          = Y
 Flow control         = Y
 CRC offload          = Y
 VLAN offload         = Y
+MACsec offload       = Y
 L3 checksum offload  = Y
 L4 checksum offload  = Y
 Packet type parsing  = Y
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
@ 2019-04-10 11:19   ` Igor Russkikh
  2019-04-10 11:47   ` Thomas Monjalon
  1 sibling, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-10 11:19 UTC (permalink / raw)
  To: dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Igor Russkikh

From: Pavel Belous <pavel.belous@aquantia.com>

Features matrix updated, RST doc is updated with macsec

Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 doc/guides/nics/atlantic.rst          | 1 +
 doc/guides/nics/features/atlantic.ini | 1 +
 2 files changed, 2 insertions(+)

diff --git a/doc/guides/nics/atlantic.rst b/doc/guides/nics/atlantic.rst
index 80591b13c185..bb7e9525c93b 100644
--- a/doc/guides/nics/atlantic.rst
+++ b/doc/guides/nics/atlantic.rst
@@ -19,6 +19,7 @@ Supported features
 - RSS (Receive Side Scaling)
 - Checksum offload
 - Jumbo Frame upto 16K
+- MACSEC offload
 
 Configuration Information
 ^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/guides/nics/features/atlantic.ini b/doc/guides/nics/features/atlantic.ini
index 5ed095b14323..2bb8ecc01789 100644
--- a/doc/guides/nics/features/atlantic.ini
+++ b/doc/guides/nics/features/atlantic.ini
@@ -20,6 +20,7 @@ VLAN filter          = Y
 Flow control         = Y
 CRC offload          = Y
 VLAN offload         = Y
+MACsec offload       = Y
 L3 checksum offload  = Y
 L4 checksum offload  = Y
 Packet type parsing  = Y
-- 
2.17.1


^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH  01/10] ethdev: introduce MACSEC device ops
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
  2019-04-10 11:18   ` Igor Russkikh
@ 2019-04-10 11:46   ` Thomas Monjalon
  2019-04-10 11:46     ` Thomas Monjalon
  2019-04-11 12:37     ` Igor Russkikh
  2019-04-12 18:26   ` Ferruh Yigit
  2 siblings, 2 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-10 11:46 UTC (permalink / raw)
  To: Igor Russkikh
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

10/04/2019 13:18, Igor Russkikh:
> MACSEC related device ops, API and parameters are taken from the
> existing ixgbe PMD ops

Please can you explain how it is related to rte_security?

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH  01/10] ethdev: introduce MACSEC device ops
  2019-04-10 11:46   ` Thomas Monjalon
@ 2019-04-10 11:46     ` Thomas Monjalon
  2019-04-11 12:37     ` Igor Russkikh
  1 sibling, 0 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-10 11:46 UTC (permalink / raw)
  To: Igor Russkikh
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

10/04/2019 13:18, Igor Russkikh:
> MACSEC related device ops, API and parameters are taken from the
> existing ixgbe PMD ops

Please can you explain how it is related to rte_security?




^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs
  2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
  2019-04-10 11:19   ` Igor Russkikh
@ 2019-04-10 11:47   ` Thomas Monjalon
  2019-04-10 11:47     ` Thomas Monjalon
  1 sibling, 1 reply; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-10 11:47 UTC (permalink / raw)
  To: Igor Russkikh
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

10/04/2019 13:19, Igor Russkikh:
> From: Pavel Belous <pavel.belous@aquantia.com>
> 
> Features matrix updated, RST doc is updated with macsec

Please merge such doc update in the patch enabling the feature.

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs
  2019-04-10 11:47   ` Thomas Monjalon
@ 2019-04-10 11:47     ` Thomas Monjalon
  0 siblings, 0 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-10 11:47 UTC (permalink / raw)
  To: Igor Russkikh
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

10/04/2019 13:19, Igor Russkikh:
> From: Pavel Belous <pavel.belous@aquantia.com>
> 
> Features matrix updated, RST doc is updated with macsec

Please merge such doc update in the patch enabling the feature.




^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
  2019-04-10 11:18   ` Igor Russkikh
@ 2019-04-10 11:50   ` Thomas Monjalon
  2019-04-10 11:50     ` Thomas Monjalon
  1 sibling, 1 reply; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-10 11:50 UTC (permalink / raw)
  To: Igor Russkikh
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

10/04/2019 13:18, Igor Russkikh:
> Here we do repace testpmd direct usage of IXGBE driver calls
> with generic ethdev macsec API calls

The generic API is implemented in ixgbe in next patch.
You should reverse them, or completely move this patch at the end.

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls
  2019-04-10 11:50   ` Thomas Monjalon
@ 2019-04-10 11:50     ` Thomas Monjalon
  0 siblings, 0 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-10 11:50 UTC (permalink / raw)
  To: Igor Russkikh
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

10/04/2019 13:18, Igor Russkikh:
> Here we do repace testpmd direct usage of IXGBE driver calls
> with generic ethdev macsec API calls

The generic API is implemented in ixgbe in next patch.
You should reverse them, or completely move this patch at the end.




^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-10 11:46   ` Thomas Monjalon
  2019-04-10 11:46     ` Thomas Monjalon
@ 2019-04-11 12:37     ` Igor Russkikh
  2019-04-11 12:37       ` Igor Russkikh
  2019-04-11 21:15       ` Thomas Monjalon
  1 sibling, 2 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-11 12:37 UTC (permalink / raw)
  To: Thomas Monjalon
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

Hello Thomas,

Thanks for the review!

On 10.04.2019 14:46, Thomas Monjalon wrote:
> 10/04/2019 13:18, Igor Russkikh:
>> MACSEC related device ops, API and parameters are taken from the
>> existing ixgbe PMD ops
> 
> Please can you explain how it is related to rte_security?

It is not.
Do you mean macsec control API could be moved and logically be a part of rte_security api?
I can't comment now on how feasible is this. Moreover this depends on how Intel considers
and uses the existing macsec offload in ixgbe.

> The generic API is implemented in ixgbe in next patch.
> You should reverse them, or completely move this patch at the end.

You are right, I'll swap them.

> Please merge such doc update in the patch enabling the feature.

Ok,

Thanks,
  Igor

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-11 12:37     ` Igor Russkikh
@ 2019-04-11 12:37       ` Igor Russkikh
  2019-04-11 21:15       ` Thomas Monjalon
  1 sibling, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-11 12:37 UTC (permalink / raw)
  To: Thomas Monjalon
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

Hello Thomas,

Thanks for the review!

On 10.04.2019 14:46, Thomas Monjalon wrote:
> 10/04/2019 13:18, Igor Russkikh:
>> MACSEC related device ops, API and parameters are taken from the
>> existing ixgbe PMD ops
> 
> Please can you explain how it is related to rte_security?

It is not.
Do you mean macsec control API could be moved and logically be a part of rte_security api?
I can't comment now on how feasible is this. Moreover this depends on how Intel considers
and uses the existing macsec offload in ixgbe.

> The generic API is implemented in ixgbe in next patch.
> You should reverse them, or completely move this patch at the end.

You are right, I'll swap them.

> Please merge such doc update in the patch enabling the feature.

Ok,

Thanks,
  Igor

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-11 12:37     ` Igor Russkikh
  2019-04-11 12:37       ` Igor Russkikh
@ 2019-04-11 21:15       ` Thomas Monjalon
  2019-04-11 21:15         ` Thomas Monjalon
  2019-04-12  8:50         ` Igor Russkikh
  1 sibling, 2 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-11 21:15 UTC (permalink / raw)
  To: Igor Russkikh
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko, akhil.goyal

11/04/2019 14:37, Igor Russkikh:
> On 10.04.2019 14:46, Thomas Monjalon wrote:
> > 10/04/2019 13:18, Igor Russkikh:
> >> MACSEC related device ops, API and parameters are taken from the
> >> existing ixgbe PMD ops
> > 
> > Please can you explain how it is related to rte_security?
> 
> It is not.
> Do you mean macsec control API could be moved and logically be a part of rte_security api?
> I can't comment now on how feasible is this. Moreover this depends on how Intel considers
> and uses the existing macsec offload in ixgbe.

There are RTE_SECURITY_PROTOCOL_MACSEC and rte_security_macsec_* structs
in librte_security.
Please check how it can be used while defining an ethdev API.

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-11 21:15       ` Thomas Monjalon
@ 2019-04-11 21:15         ` Thomas Monjalon
  2019-04-12  8:50         ` Igor Russkikh
  1 sibling, 0 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-11 21:15 UTC (permalink / raw)
  To: Igor Russkikh
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko, akhil.goyal

11/04/2019 14:37, Igor Russkikh:
> On 10.04.2019 14:46, Thomas Monjalon wrote:
> > 10/04/2019 13:18, Igor Russkikh:
> >> MACSEC related device ops, API and parameters are taken from the
> >> existing ixgbe PMD ops
> > 
> > Please can you explain how it is related to rte_security?
> 
> It is not.
> Do you mean macsec control API could be moved and logically be a part of rte_security api?
> I can't comment now on how feasible is this. Moreover this depends on how Intel considers
> and uses the existing macsec offload in ixgbe.

There are RTE_SECURITY_PROTOCOL_MACSEC and rte_security_macsec_* structs
in librte_security.
Please check how it can be used while defining an ethdev API.




^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-11 21:15       ` Thomas Monjalon
  2019-04-11 21:15         ` Thomas Monjalon
@ 2019-04-12  8:50         ` Igor Russkikh
  2019-04-12  8:50           ` Igor Russkikh
  2019-04-12 11:22           ` Thomas Monjalon
  1 sibling, 2 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-12  8:50 UTC (permalink / raw)
  To: Thomas Monjalon
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko, akhil.goyal


>>> Please can you explain how it is related to rte_security?
>>
>> It is not.
>> Do you mean macsec control API could be moved and logically be a part of rte_security api?
>> I can't comment now on how feasible is this. Moreover this depends on how Intel considers
>> and uses the existing macsec offload in ixgbe.
> 
> There are RTE_SECURITY_PROTOCOL_MACSEC and rte_security_macsec_* structs
> in librte_security.
> Please check how it can be used while defining an ethdev API.

There is nothing in rte_security defined explicitly for macsec except that enum item.
All the macsec structures are dummy. Was there any intent to implement this?

I can writeup the generic macsec structures for rte_security, do you think that's feasible?

Regards,
  Igor

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-12  8:50         ` Igor Russkikh
@ 2019-04-12  8:50           ` Igor Russkikh
  2019-04-12 11:22           ` Thomas Monjalon
  1 sibling, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-12  8:50 UTC (permalink / raw)
  To: Thomas Monjalon
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko, akhil.goyal


>>> Please can you explain how it is related to rte_security?
>>
>> It is not.
>> Do you mean macsec control API could be moved and logically be a part of rte_security api?
>> I can't comment now on how feasible is this. Moreover this depends on how Intel considers
>> and uses the existing macsec offload in ixgbe.
> 
> There are RTE_SECURITY_PROTOCOL_MACSEC and rte_security_macsec_* structs
> in librte_security.
> Please check how it can be used while defining an ethdev API.

There is nothing in rte_security defined explicitly for macsec except that enum item.
All the macsec structures are dummy. Was there any intent to implement this?

I can writeup the generic macsec structures for rte_security, do you think that's feasible?

Regards,
  Igor

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-12  8:50         ` Igor Russkikh
  2019-04-12  8:50           ` Igor Russkikh
@ 2019-04-12 11:22           ` Thomas Monjalon
  2019-04-12 11:22             ` Thomas Monjalon
  1 sibling, 1 reply; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-12 11:22 UTC (permalink / raw)
  To: Igor Russkikh, akhil.goyal
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

12/04/2019 10:50, Igor Russkikh:
> 
> >>> Please can you explain how it is related to rte_security?
> >>
> >> It is not.
> >> Do you mean macsec control API could be moved and logically be a part of rte_security api?
> >> I can't comment now on how feasible is this. Moreover this depends on how Intel considers
> >> and uses the existing macsec offload in ixgbe.
> > 
> > There are RTE_SECURITY_PROTOCOL_MACSEC and rte_security_macsec_* structs
> > in librte_security.
> > Please check how it can be used while defining an ethdev API.
> 
> There is nothing in rte_security defined explicitly for macsec except that enum item.
> All the macsec structures are dummy. Was there any intent to implement this?
> 
> I can writeup the generic macsec structures for rte_security, do you think that's feasible?

I don't know. We are in front of a case of dead code
written well too far in advance.
Akhil, any suggestion?

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-12 11:22           ` Thomas Monjalon
@ 2019-04-12 11:22             ` Thomas Monjalon
  0 siblings, 0 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-12 11:22 UTC (permalink / raw)
  To: Igor Russkikh, akhil.goyal
  Cc: dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev, Ferruh Yigit,
	Andrew Rybchenko

12/04/2019 10:50, Igor Russkikh:
> 
> >>> Please can you explain how it is related to rte_security?
> >>
> >> It is not.
> >> Do you mean macsec control API could be moved and logically be a part of rte_security api?
> >> I can't comment now on how feasible is this. Moreover this depends on how Intel considers
> >> and uses the existing macsec offload in ixgbe.
> > 
> > There are RTE_SECURITY_PROTOCOL_MACSEC and rte_security_macsec_* structs
> > in librte_security.
> > Please check how it can be used while defining an ethdev API.
> 
> There is nothing in rte_security defined explicitly for macsec except that enum item.
> All the macsec structures are dummy. Was there any intent to implement this?
> 
> I can writeup the generic macsec structures for rte_security, do you think that's feasible?

I don't know. We are in front of a case of dead code
written well too far in advance.
Akhil, any suggestion?



^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
  2019-04-10 11:18   ` Igor Russkikh
  2019-04-10 11:46   ` Thomas Monjalon
@ 2019-04-12 18:26   ` Ferruh Yigit
  2019-04-12 18:26     ` Ferruh Yigit
  2019-04-13  7:24     ` Igor Russkikh
  2 siblings, 2 replies; 48+ messages in thread
From: Ferruh Yigit @ 2019-04-12 18:26 UTC (permalink / raw)
  To: Igor Russkikh, dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Andrew Rybchenko

On 4/10/2019 12:18 PM, Igor Russkikh wrote:
> MACSEC related device ops, API and parameters are taken from the
> existing ixgbe PMD ops
> 
> Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>

<...>

> @@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool);
>  void *
>  rte_eth_dev_get_sec_ctx(uint16_t port_id);
>  
> +/**
> + * Enable MACsec offload.
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param encr
> + *    1 - Enable encryption (encrypt and add integrity signature).
> + *    0 - Disable encryption (only add integrity signature).
> + * @param repl_prot
> + *    1 - Enable replay protection.
> + *    0 - Disable replay protection.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_enable(uint16_t port_id,
> +		      uint8_t encr, uint8_t repl_prot);
> +
> +/**
> + * Disable MACsec offload.
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_disable(uint16_t port_id);
> +
> +/**
> + * Configure Rx SC (Secure Connection).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param mac
> + *   The MAC address on the remote side.
> + * @param pi
> + *   The PI (port identifier) on the remote side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_config_rxsc(uint16_t port_id,
> +			   uint8_t *mac, uint16_t pi);
> +
> +/**
> + * Configure Tx SC (Secure Connection).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param mac
> + *   The MAC address on the local side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_config_txsc(uint16_t port_id,
> +			   uint8_t *mac);
> +
> +/**
> + * Enable Rx SA (Secure Association).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param idx
> + *   The SA to be enabled (0 or 1)
> + * @param an
> + *   The association number on the remote side.
> + * @param pn
> + *   The packet number on the remote side.
> + * @param key
> + *   The key on the remote side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + *   - (-EINVAL) if bad parameter.
> + */
> +int
> +rte_eth_macsec_select_rxsa(uint16_t port_id,
> +			   uint8_t idx, uint8_t an,
> +			   uint32_t pn, uint8_t *key);
> +
> +/**
> + * Enable Tx SA (Secure Association).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param idx
> + *   The SA to be enabled (0 or 1).
> + * @param an
> + *   The association number on the local side.
> + * @param pn
> + *   The packet number on the local side.
> + * @param key
> + *   The key on the local side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + *   - (-EINVAL) if bad parameter.
> + */
> +int
> +rte_eth_macsec_select_txsa(uint16_t port_id,
> +			   uint8_t idx, uint8_t an,
> +			   uint32_t pn, uint8_t *key);
> +
>  
>  #include <rte_ethdev_core.h>
>  

These are new ethdev APIs, not driver code, that have been sent after rc1, so
these didn't go through a proper review cycle, we didn't get any comment on any
other possible driver can use it, I am for postponing the series to next release.

Also there are some mechanical issues [1] but main thing is adding a set of API
to late in release cycle without proper review.
Thomas, Andrew, what do you think?


[1]
- New APIs must be experimental
- Apis should be exported via linker file (.map)

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-12 18:26   ` Ferruh Yigit
@ 2019-04-12 18:26     ` Ferruh Yigit
  2019-04-13  7:24     ` Igor Russkikh
  1 sibling, 0 replies; 48+ messages in thread
From: Ferruh Yigit @ 2019-04-12 18:26 UTC (permalink / raw)
  To: Igor Russkikh, dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Andrew Rybchenko

On 4/10/2019 12:18 PM, Igor Russkikh wrote:
> MACSEC related device ops, API and parameters are taken from the
> existing ixgbe PMD ops
> 
> Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>

<...>

> @@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool);
>  void *
>  rte_eth_dev_get_sec_ctx(uint16_t port_id);
>  
> +/**
> + * Enable MACsec offload.
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param encr
> + *    1 - Enable encryption (encrypt and add integrity signature).
> + *    0 - Disable encryption (only add integrity signature).
> + * @param repl_prot
> + *    1 - Enable replay protection.
> + *    0 - Disable replay protection.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_enable(uint16_t port_id,
> +		      uint8_t encr, uint8_t repl_prot);
> +
> +/**
> + * Disable MACsec offload.
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_disable(uint16_t port_id);
> +
> +/**
> + * Configure Rx SC (Secure Connection).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param mac
> + *   The MAC address on the remote side.
> + * @param pi
> + *   The PI (port identifier) on the remote side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_config_rxsc(uint16_t port_id,
> +			   uint8_t *mac, uint16_t pi);
> +
> +/**
> + * Configure Tx SC (Secure Connection).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param mac
> + *   The MAC address on the local side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_config_txsc(uint16_t port_id,
> +			   uint8_t *mac);
> +
> +/**
> + * Enable Rx SA (Secure Association).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param idx
> + *   The SA to be enabled (0 or 1)
> + * @param an
> + *   The association number on the remote side.
> + * @param pn
> + *   The packet number on the remote side.
> + * @param key
> + *   The key on the remote side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + *   - (-EINVAL) if bad parameter.
> + */
> +int
> +rte_eth_macsec_select_rxsa(uint16_t port_id,
> +			   uint8_t idx, uint8_t an,
> +			   uint32_t pn, uint8_t *key);
> +
> +/**
> + * Enable Tx SA (Secure Association).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param idx
> + *   The SA to be enabled (0 or 1).
> + * @param an
> + *   The association number on the local side.
> + * @param pn
> + *   The packet number on the local side.
> + * @param key
> + *   The key on the local side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + *   - (-EINVAL) if bad parameter.
> + */
> +int
> +rte_eth_macsec_select_txsa(uint16_t port_id,
> +			   uint8_t idx, uint8_t an,
> +			   uint32_t pn, uint8_t *key);
> +
>  
>  #include <rte_ethdev_core.h>
>  

These are new ethdev APIs, not driver code, that have been sent after rc1, so
these didn't go through a proper review cycle, we didn't get any comment on any
other possible driver can use it, I am for postponing the series to next release.

Also there are some mechanical issues [1] but main thing is adding a set of API
to late in release cycle without proper review.
Thomas, Andrew, what do you think?


[1]
- New APIs must be experimental
- Apis should be exported via linker file (.map)


^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-12 18:26   ` Ferruh Yigit
  2019-04-12 18:26     ` Ferruh Yigit
@ 2019-04-13  7:24     ` Igor Russkikh
  2019-04-13  7:24       ` Igor Russkikh
  2019-04-16  9:43       ` Ferruh Yigit
  1 sibling, 2 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-13  7:24 UTC (permalink / raw)
  To: Ferruh Yigit, dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Andrew Rybchenko

Hi Ferruh,

>> +int
>> +rte_eth_macsec_select_txsa(uint16_t port_id,
>> +			   uint8_t idx, uint8_t an,
>> +			   uint32_t pn, uint8_t *key);
>> +
>>  
>>  #include <rte_ethdev_core.h>
>>  
> 
> These are new ethdev APIs, not driver code, that have been sent after rc1, so
> these didn't go through a proper review cycle, we didn't get any comment on any
> other possible driver can use it, I am for postponing the series to next release.
> 
> Also there are some mechanical issues [1] but main thing is adding a set of API
> to late in release cycle without proper review.

I see, that's reasonable.

May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
Two points here:

1) Thomas raised a reasonable question whether all the macsec control in general should happen
through the rte_security set of APIs. This obviously could be done, but with proper design
of rte_security structures and ops.

2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
of private driver API as it runs in ixgbe now. This code is functional and will not be
changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.

Thanks for the review,

Regards,
  Igor


^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-13  7:24     ` Igor Russkikh
@ 2019-04-13  7:24       ` Igor Russkikh
  2019-04-16  9:43       ` Ferruh Yigit
  1 sibling, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-13  7:24 UTC (permalink / raw)
  To: Ferruh Yigit, dev
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev,
	Thomas Monjalon, Andrew Rybchenko

Hi Ferruh,

>> +int
>> +rte_eth_macsec_select_txsa(uint16_t port_id,
>> +			   uint8_t idx, uint8_t an,
>> +			   uint32_t pn, uint8_t *key);
>> +
>>  
>>  #include <rte_ethdev_core.h>
>>  
> 
> These are new ethdev APIs, not driver code, that have been sent after rc1, so
> these didn't go through a proper review cycle, we didn't get any comment on any
> other possible driver can use it, I am for postponing the series to next release.
> 
> Also there are some mechanical issues [1] but main thing is adding a set of API
> to late in release cycle without proper review.

I see, that's reasonable.

May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
Two points here:

1) Thomas raised a reasonable question whether all the macsec control in general should happen
through the rte_security set of APIs. This obviously could be done, but with proper design
of rte_security structures and ops.

2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
of private driver API as it runs in ixgbe now. This code is functional and will not be
changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.

Thanks for the review,

Regards,
  Igor


^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-13  7:24     ` Igor Russkikh
  2019-04-13  7:24       ` Igor Russkikh
@ 2019-04-16  9:43       ` Ferruh Yigit
  2019-04-16  9:43         ` Ferruh Yigit
  2019-04-16  9:58         ` Andrew Rybchenko
  1 sibling, 2 replies; 48+ messages in thread
From: Ferruh Yigit @ 2019-04-16  9:43 UTC (permalink / raw)
  To: Igor Russkikh, dev, Thomas Monjalon, Andrew Rybchenko
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev

On 4/13/2019 8:24 AM, Igor Russkikh wrote:
> Hi Ferruh,
> 
>>> +int
>>> +rte_eth_macsec_select_txsa(uint16_t port_id,
>>> +			   uint8_t idx, uint8_t an,
>>> +			   uint32_t pn, uint8_t *key);
>>> +
>>>  
>>>  #include <rte_ethdev_core.h>
>>>  
>>
>> These are new ethdev APIs, not driver code, that have been sent after rc1, so
>> these didn't go through a proper review cycle, we didn't get any comment on any
>> other possible driver can use it, I am for postponing the series to next release.
>>
>> Also there are some mechanical issues [1] but main thing is adding a set of API
>> to late in release cycle without proper review.
> 
> I see, that's reasonable.
> 
> May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
> Two points here:
> 
> 1) Thomas raised a reasonable question whether all the macsec control in general should happen
> through the rte_security set of APIs. This obviously could be done, but with proper design
> of rte_security structures and ops.
> 
> 2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
> of private driver API as it runs in ixgbe now. This code is functional and will not be
> changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.
> 

If there is a commitment to work on a generic solution for 19.08, involving
other users too, I would be OK to get the support as PMD API for this release.

If that is accepted, please bu sure too add experimental tag to new PMD APIs and
even add to release notes about intention and that the PMD specific APIs are
temporary. And if ABI breakage required, put any necessary deprecation notice
withing this release scope so that the development is not blocked for next release.

Thomas, Andrew, what do you think?

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-16  9:43       ` Ferruh Yigit
@ 2019-04-16  9:43         ` Ferruh Yigit
  2019-04-16  9:58         ` Andrew Rybchenko
  1 sibling, 0 replies; 48+ messages in thread
From: Ferruh Yigit @ 2019-04-16  9:43 UTC (permalink / raw)
  To: Igor Russkikh, dev, Thomas Monjalon, Andrew Rybchenko
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev

On 4/13/2019 8:24 AM, Igor Russkikh wrote:
> Hi Ferruh,
> 
>>> +int
>>> +rte_eth_macsec_select_txsa(uint16_t port_id,
>>> +			   uint8_t idx, uint8_t an,
>>> +			   uint32_t pn, uint8_t *key);
>>> +
>>>  
>>>  #include <rte_ethdev_core.h>
>>>  
>>
>> These are new ethdev APIs, not driver code, that have been sent after rc1, so
>> these didn't go through a proper review cycle, we didn't get any comment on any
>> other possible driver can use it, I am for postponing the series to next release.
>>
>> Also there are some mechanical issues [1] but main thing is adding a set of API
>> to late in release cycle without proper review.
> 
> I see, that's reasonable.
> 
> May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
> Two points here:
> 
> 1) Thomas raised a reasonable question whether all the macsec control in general should happen
> through the rte_security set of APIs. This obviously could be done, but with proper design
> of rte_security structures and ops.
> 
> 2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
> of private driver API as it runs in ixgbe now. This code is functional and will not be
> changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.
> 

If there is a commitment to work on a generic solution for 19.08, involving
other users too, I would be OK to get the support as PMD API for this release.

If that is accepted, please bu sure too add experimental tag to new PMD APIs and
even add to release notes about intention and that the PMD specific APIs are
temporary. And if ABI breakage required, put any necessary deprecation notice
withing this release scope so that the development is not blocked for next release.

Thomas, Andrew, what do you think?

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-16  9:43       ` Ferruh Yigit
  2019-04-16  9:43         ` Ferruh Yigit
@ 2019-04-16  9:58         ` Andrew Rybchenko
  2019-04-16  9:58           ` Andrew Rybchenko
  2019-04-16 10:11           ` Thomas Monjalon
  1 sibling, 2 replies; 48+ messages in thread
From: Andrew Rybchenko @ 2019-04-16  9:58 UTC (permalink / raw)
  To: Ferruh Yigit, Igor Russkikh, dev, Thomas Monjalon
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev

On 4/16/19 12:43 PM, Ferruh Yigit wrote:
> On 4/13/2019 8:24 AM, Igor Russkikh wrote:
>> Hi Ferruh,
>>
>>>> +int
>>>> +rte_eth_macsec_select_txsa(uint16_t port_id,
>>>> +			   uint8_t idx, uint8_t an,
>>>> +			   uint32_t pn, uint8_t *key);
>>>> +
>>>>   
>>>>   #include <rte_ethdev_core.h>
>>>>   
>>> These are new ethdev APIs, not driver code, that have been sent after rc1, so
>>> these didn't go through a proper review cycle, we didn't get any comment on any
>>> other possible driver can use it, I am for postponing the series to next release.
>>>
>>> Also there are some mechanical issues [1] but main thing is adding a set of API
>>> to late in release cycle without proper review.
>> I see, that's reasonable.
>>
>> May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
>> Two points here:
>>
>> 1) Thomas raised a reasonable question whether all the macsec control in general should happen
>> through the rte_security set of APIs. This obviously could be done, but with proper design
>> of rte_security structures and ops.
>>
>> 2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
>> of private driver API as it runs in ixgbe now. This code is functional and will not be
>> changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.
>>
> If there is a commitment to work on a generic solution for 19.08, involving
> other users too, I would be OK to get the support as PMD API for this release.
>
> If that is accepted, please bu sure too add experimental tag to new PMD APIs and
> even add to release notes about intention and that the PMD specific APIs are
> temporary. And if ABI breakage required, put any necessary deprecation notice
> withing this release scope so that the development is not blocked for next release.
>
> Thomas, Andrew, what do you think?

I agree.

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-16  9:58         ` Andrew Rybchenko
@ 2019-04-16  9:58           ` Andrew Rybchenko
  2019-04-16 10:11           ` Thomas Monjalon
  1 sibling, 0 replies; 48+ messages in thread
From: Andrew Rybchenko @ 2019-04-16  9:58 UTC (permalink / raw)
  To: Ferruh Yigit, Igor Russkikh, dev, Thomas Monjalon
  Cc: Pavel Belous, Wenzhuo Lu, Jingjing Wu, Bernard Iremonger,
	John McNamara, Marko Kovacevic, Konstantin Ananyev

On 4/16/19 12:43 PM, Ferruh Yigit wrote:
> On 4/13/2019 8:24 AM, Igor Russkikh wrote:
>> Hi Ferruh,
>>
>>>> +int
>>>> +rte_eth_macsec_select_txsa(uint16_t port_id,
>>>> +			   uint8_t idx, uint8_t an,
>>>> +			   uint32_t pn, uint8_t *key);
>>>> +
>>>>   
>>>>   #include <rte_ethdev_core.h>
>>>>   
>>> These are new ethdev APIs, not driver code, that have been sent after rc1, so
>>> these didn't go through a proper review cycle, we didn't get any comment on any
>>> other possible driver can use it, I am for postponing the series to next release.
>>>
>>> Also there are some mechanical issues [1] but main thing is adding a set of API
>>> to late in release cycle without proper review.
>> I see, that's reasonable.
>>
>> May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
>> Two points here:
>>
>> 1) Thomas raised a reasonable question whether all the macsec control in general should happen
>> through the rte_security set of APIs. This obviously could be done, but with proper design
>> of rte_security structures and ops.
>>
>> 2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
>> of private driver API as it runs in ixgbe now. This code is functional and will not be
>> changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.
>>
> If there is a commitment to work on a generic solution for 19.08, involving
> other users too, I would be OK to get the support as PMD API for this release.
>
> If that is accepted, please bu sure too add experimental tag to new PMD APIs and
> even add to release notes about intention and that the PMD specific APIs are
> temporary. And if ABI breakage required, put any necessary deprecation notice
> withing this release scope so that the development is not blocked for next release.
>
> Thomas, Andrew, what do you think?

I agree.


^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-16  9:58         ` Andrew Rybchenko
  2019-04-16  9:58           ` Andrew Rybchenko
@ 2019-04-16 10:11           ` Thomas Monjalon
  2019-04-16 10:11             ` Thomas Monjalon
  2019-04-16 10:19             ` Igor Russkikh
  1 sibling, 2 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-16 10:11 UTC (permalink / raw)
  To: Andrew Rybchenko
  Cc: Ferruh Yigit, Igor Russkikh, dev, Pavel Belous, Wenzhuo Lu,
	Jingjing Wu, Bernard Iremonger, John McNamara, Marko Kovacevic,
	Konstantin Ananyev

16/04/2019 11:58, Andrew Rybchenko:
> On 4/16/19 12:43 PM, Ferruh Yigit wrote:
> > On 4/13/2019 8:24 AM, Igor Russkikh wrote:
> >> Hi Ferruh,
> >>
> >>>> +int
> >>>> +rte_eth_macsec_select_txsa(uint16_t port_id,
> >>>> +			   uint8_t idx, uint8_t an,
> >>>> +			   uint32_t pn, uint8_t *key);
> >>>> +
> >>>>   
> >>>>   #include <rte_ethdev_core.h>
> >>>>   
> >>> These are new ethdev APIs, not driver code, that have been sent after rc1, so
> >>> these didn't go through a proper review cycle, we didn't get any comment on any
> >>> other possible driver can use it, I am for postponing the series to next release.
> >>>
> >>> Also there are some mechanical issues [1] but main thing is adding a set of API
> >>> to late in release cycle without proper review.
> >> I see, that's reasonable.
> >>
> >> May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
> >> Two points here:
> >>
> >> 1) Thomas raised a reasonable question whether all the macsec control in general should happen
> >> through the rte_security set of APIs. This obviously could be done, but with proper design
> >> of rte_security structures and ops.
> >>
> >> 2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
> >> of private driver API as it runs in ixgbe now. This code is functional and will not be
> >> changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.
> >>
> > If there is a commitment to work on a generic solution for 19.08, involving
> > other users too, I would be OK to get the support as PMD API for this release.
> >
> > If that is accepted, please bu sure too add experimental tag to new PMD APIs and
> > even add to release notes about intention and that the PMD specific APIs are
> > temporary. And if ABI breakage required, put any necessary deprecation notice
> > withing this release scope so that the development is not blocked for next release.
> >
> > Thomas, Andrew, what do you think?
> 
> I agree.

+1

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-16 10:11           ` Thomas Monjalon
@ 2019-04-16 10:11             ` Thomas Monjalon
  2019-04-16 10:19             ` Igor Russkikh
  1 sibling, 0 replies; 48+ messages in thread
From: Thomas Monjalon @ 2019-04-16 10:11 UTC (permalink / raw)
  To: Andrew Rybchenko
  Cc: Ferruh Yigit, Igor Russkikh, dev, Pavel Belous, Wenzhuo Lu,
	Jingjing Wu, Bernard Iremonger, John McNamara, Marko Kovacevic,
	Konstantin Ananyev

16/04/2019 11:58, Andrew Rybchenko:
> On 4/16/19 12:43 PM, Ferruh Yigit wrote:
> > On 4/13/2019 8:24 AM, Igor Russkikh wrote:
> >> Hi Ferruh,
> >>
> >>>> +int
> >>>> +rte_eth_macsec_select_txsa(uint16_t port_id,
> >>>> +			   uint8_t idx, uint8_t an,
> >>>> +			   uint32_t pn, uint8_t *key);
> >>>> +
> >>>>   
> >>>>   #include <rte_ethdev_core.h>
> >>>>   
> >>> These are new ethdev APIs, not driver code, that have been sent after rc1, so
> >>> these didn't go through a proper review cycle, we didn't get any comment on any
> >>> other possible driver can use it, I am for postponing the series to next release.
> >>>
> >>> Also there are some mechanical issues [1] but main thing is adding a set of API
> >>> to late in release cycle without proper review.
> >> I see, that's reasonable.
> >>
> >> May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
> >> Two points here:
> >>
> >> 1) Thomas raised a reasonable question whether all the macsec control in general should happen
> >> through the rte_security set of APIs. This obviously could be done, but with proper design
> >> of rte_security structures and ops.
> >>
> >> 2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
> >> of private driver API as it runs in ixgbe now. This code is functional and will not be
> >> changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.
> >>
> > If there is a commitment to work on a generic solution for 19.08, involving
> > other users too, I would be OK to get the support as PMD API for this release.
> >
> > If that is accepted, please bu sure too add experimental tag to new PMD APIs and
> > even add to release notes about intention and that the PMD specific APIs are
> > temporary. And if ABI breakage required, put any necessary deprecation notice
> > withing this release scope so that the development is not blocked for next release.
> >
> > Thomas, Andrew, what do you think?
> 
> I agree.

+1



^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-16 10:11           ` Thomas Monjalon
  2019-04-16 10:11             ` Thomas Monjalon
@ 2019-04-16 10:19             ` Igor Russkikh
  2019-04-16 10:19               ` Igor Russkikh
  1 sibling, 1 reply; 48+ messages in thread
From: Igor Russkikh @ 2019-04-16 10:19 UTC (permalink / raw)
  To: Thomas Monjalon, Andrew Rybchenko
  Cc: Ferruh Yigit, dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu,
	Bernard Iremonger, John McNamara, Marko Kovacevic,
	Konstantin Ananyev


>>>>> These are new ethdev APIs, not driver code, that have been sent after rc1, so
>>>>> these didn't go through a proper review cycle, we didn't get any comment on any
>>>>> other possible driver can use it, I am for postponing the series to next release.
>>>>>
>>>>> Also there are some mechanical issues [1] but main thing is adding a set of API
>>>>> to late in release cycle without proper review.
>>>> I see, that's reasonable.
>>>>
>>>> May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
>>>> Two points here:
>>>>
>>>> 1) Thomas raised a reasonable question whether all the macsec control in general should happen
>>>> through the rte_security set of APIs. This obviously could be done, but with proper design
>>>> of rte_security structures and ops.
>>>>
>>>> 2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
>>>> of private driver API as it runs in ixgbe now. This code is functional and will not be
>>>> changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.
>>>>
>>> If there is a commitment to work on a generic solution for 19.08, involving
>>> other users too, I would be OK to get the support as PMD API for this release.
>>>
>>> If that is accepted, please bu sure too add experimental tag to new PMD APIs and
>>> even add to release notes about intention and that the PMD specific APIs are
>>> temporary. And if ABI breakage required, put any necessary deprecation notice
>>> withing this release scope so that the development is not blocked for next release.
>>>
>>> Thomas, Andrew, what do you think?
>>
>> I agree.
> 
> +1

Great, I'll prepare v2 patchset then. Will also start on prototyping possible
rte_security macsec API.

Regards,
  Igor

^ permalink raw reply	[flat|nested] 48+ messages in thread

* Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
  2019-04-16 10:19             ` Igor Russkikh
@ 2019-04-16 10:19               ` Igor Russkikh
  0 siblings, 0 replies; 48+ messages in thread
From: Igor Russkikh @ 2019-04-16 10:19 UTC (permalink / raw)
  To: Thomas Monjalon, Andrew Rybchenko
  Cc: Ferruh Yigit, dev, Pavel Belous, Wenzhuo Lu, Jingjing Wu,
	Bernard Iremonger, John McNamara, Marko Kovacevic,
	Konstantin Ananyev


>>>>> These are new ethdev APIs, not driver code, that have been sent after rc1, so
>>>>> these didn't go through a proper review cycle, we didn't get any comment on any
>>>>> other possible driver can use it, I am for postponing the series to next release.
>>>>>
>>>>> Also there are some mechanical issues [1] but main thing is adding a set of API
>>>>> to late in release cycle without proper review.
>>>> I see, that's reasonable.
>>>>
>>>> May I suggest another option then: can we do driver only API (almost like ixgbe providing now)?
>>>> Two points here:
>>>>
>>>> 1) Thomas raised a reasonable question whether all the macsec control in general should happen
>>>> through the rte_security set of APIs. This obviously could be done, but with proper design
>>>> of rte_security structures and ops.
>>>>
>>>> 2) Aquantia is interested in having macsec control code in driver within 19.05, even in form
>>>> of private driver API as it runs in ixgbe now. This code is functional and will not be
>>>> changed alot anyway. It could be easily adopted later when point (1) gets a conclusion.
>>>>
>>> If there is a commitment to work on a generic solution for 19.08, involving
>>> other users too, I would be OK to get the support as PMD API for this release.
>>>
>>> If that is accepted, please bu sure too add experimental tag to new PMD APIs and
>>> even add to release notes about intention and that the PMD specific APIs are
>>> temporary. And if ABI breakage required, put any necessary deprecation notice
>>> withing this release scope so that the development is not blocked for next release.
>>>
>>> Thomas, Andrew, what do you think?
>>
>> I agree.
> 
> +1

Great, I'll prepare v2 patchset then. Will also start on prototyping possible
rte_security macsec API.

Regards,
  Igor

^ permalink raw reply	[flat|nested] 48+ messages in thread

end of thread, other threads:[~2019-04-16 10:19 UTC | newest]

Thread overview: 48+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
2019-04-10 11:18   ` Igor Russkikh
2019-04-10 11:46   ` Thomas Monjalon
2019-04-10 11:46     ` Thomas Monjalon
2019-04-11 12:37     ` Igor Russkikh
2019-04-11 12:37       ` Igor Russkikh
2019-04-11 21:15       ` Thomas Monjalon
2019-04-11 21:15         ` Thomas Monjalon
2019-04-12  8:50         ` Igor Russkikh
2019-04-12  8:50           ` Igor Russkikh
2019-04-12 11:22           ` Thomas Monjalon
2019-04-12 11:22             ` Thomas Monjalon
2019-04-12 18:26   ` Ferruh Yigit
2019-04-12 18:26     ` Ferruh Yigit
2019-04-13  7:24     ` Igor Russkikh
2019-04-13  7:24       ` Igor Russkikh
2019-04-16  9:43       ` Ferruh Yigit
2019-04-16  9:43         ` Ferruh Yigit
2019-04-16  9:58         ` Andrew Rybchenko
2019-04-16  9:58           ` Andrew Rybchenko
2019-04-16 10:11           ` Thomas Monjalon
2019-04-16 10:11             ` Thomas Monjalon
2019-04-16 10:19             ` Igor Russkikh
2019-04-16 10:19               ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
2019-04-10 11:18   ` Igor Russkikh
2019-04-10 11:50   ` Thomas Monjalon
2019-04-10 11:50     ` Thomas Monjalon
2019-04-10 11:18 ` [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation Igor Russkikh
2019-04-10 11:18   ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration Igor Russkikh
2019-04-10 11:18   ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code Igor Russkikh
2019-04-10 11:18   ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 06/10] net/atlantic: macsec firmware interface Igor Russkikh
2019-04-10 11:19   ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events Igor Russkikh
2019-04-10 11:19   ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics Igor Russkikh
2019-04-10 11:19   ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version Igor Russkikh
2019-04-10 11:19   ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
2019-04-10 11:19   ` Igor Russkikh
2019-04-10 11:47   ` Thomas Monjalon
2019-04-10 11:47     ` Thomas Monjalon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).