From: Jiawen Wu <jiawenwu@trustnetic.com>
To: dev@dpdk.org
Cc: Jiawen Wu <jiawenwu@trustnetic.com>
Subject: [dpdk-dev] [PATCH 33/37] net/txgbe: add IPsec context creation
Date: Tue, 3 Nov 2020 18:08:14 +0800 [thread overview]
Message-ID: <20201103100818.311881-34-jiawenwu@trustnetic.com> (raw)
In-Reply-To: <20201103100818.311881-1-jiawenwu@trustnetic.com>
Initialize securiry context, and add support to get
security capabilities.
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
---
doc/guides/nics/features/txgbe.ini | 1 +
drivers/net/txgbe/meson.build | 3 +-
drivers/net/txgbe/txgbe_ethdev.c | 13 +++
drivers/net/txgbe/txgbe_ethdev.h | 3 +
drivers/net/txgbe/txgbe_ipsec.c | 181 +++++++++++++++++++++++++++++
drivers/net/txgbe/txgbe_ipsec.h | 13 +++
6 files changed, 213 insertions(+), 1 deletion(-)
create mode 100644 drivers/net/txgbe/txgbe_ipsec.c
create mode 100644 drivers/net/txgbe/txgbe_ipsec.h
diff --git a/doc/guides/nics/features/txgbe.ini b/doc/guides/nics/features/txgbe.ini
index d6705f7aa..54daa382a 100644
--- a/doc/guides/nics/features/txgbe.ini
+++ b/doc/guides/nics/features/txgbe.ini
@@ -29,6 +29,7 @@ Flow control = Y
Flow API = Y
Rate limitation = Y
Traffic mirroring = Y
+Inline crypto = Y
CRC offload = P
VLAN offload = P
QinQ offload = P
diff --git a/drivers/net/txgbe/meson.build b/drivers/net/txgbe/meson.build
index 352baad8b..f6a51a998 100644
--- a/drivers/net/txgbe/meson.build
+++ b/drivers/net/txgbe/meson.build
@@ -8,13 +8,14 @@ sources = files(
'txgbe_ethdev.c',
'txgbe_fdir.c',
'txgbe_flow.c',
+ 'txgbe_ipsec.c',
'txgbe_ptypes.c',
'txgbe_pf.c',
'txgbe_rxtx.c',
'txgbe_tm.c',
)
-deps += ['hash']
+deps += ['hash', 'security']
includes += include_directories('base')
diff --git a/drivers/net/txgbe/txgbe_ethdev.c b/drivers/net/txgbe/txgbe_ethdev.c
index c92a4aa5f..c0582e264 100644
--- a/drivers/net/txgbe/txgbe_ethdev.c
+++ b/drivers/net/txgbe/txgbe_ethdev.c
@@ -16,6 +16,9 @@
#include <rte_memory.h>
#include <rte_eal.h>
#include <rte_alarm.h>
+#ifdef RTE_LIB_SECURITY
+#include <rte_security_driver.h>
+#endif
#include "txgbe_logs.h"
#include "base/txgbe.h"
@@ -549,6 +552,12 @@ eth_txgbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)
/* Unlock any pending hardware semaphore */
txgbe_swfw_lock_reset(hw);
+#ifdef RTE_LIB_SECURITY
+ /* Initialize security_ctx only for primary process*/
+ if (txgbe_ipsec_ctx_create(eth_dev))
+ return -ENOMEM;
+#endif
+
/* Initialize DCB configuration*/
memset(dcb_config, 0, sizeof(struct txgbe_dcb_config));
txgbe_dcb_init(hw, dcb_config);
@@ -1971,6 +1980,10 @@ txgbe_dev_close(struct rte_eth_dev *dev)
/* Remove all Traffic Manager configuration */
txgbe_tm_conf_uninit(dev);
+#ifdef RTE_LIB_SECURITY
+ rte_free(dev->security_ctx);
+#endif
+
return ret;
}
diff --git a/drivers/net/txgbe/txgbe_ethdev.h b/drivers/net/txgbe/txgbe_ethdev.h
index 2d15e1ac3..1e7fa1f87 100644
--- a/drivers/net/txgbe/txgbe_ethdev.h
+++ b/drivers/net/txgbe/txgbe_ethdev.h
@@ -9,6 +9,9 @@
#include "base/txgbe.h"
#include "txgbe_ptypes.h"
+#ifdef RTE_LIB_SECURITY
+#include "txgbe_ipsec.h"
+#endif
#include <rte_flow.h>
#include <rte_time.h>
#include <rte_hash.h>
diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
new file mode 100644
index 000000000..b21bba237
--- /dev/null
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -0,0 +1,181 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2015-2020
+ */
+
+#include <rte_ethdev_pci.h>
+#include <rte_ip.h>
+#include <rte_jhash.h>
+#include <rte_security_driver.h>
+#include <rte_cryptodev.h>
+#include <rte_flow.h>
+
+#include "base/txgbe.h"
+#include "txgbe_ethdev.h"
+#include "txgbe_ipsec.h"
+
+static const struct rte_security_capability *
+txgbe_crypto_capabilities_get(void *device __rte_unused)
+{
+ static const struct rte_cryptodev_capabilities
+ aes_gcm_gmac_crypto_capabilities[] = {
+ { /* AES GMAC (128-bit) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* AES GCM (128-bit) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_UNDEFINED,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED
+ }, }
+ },
+ };
+
+ static const struct rte_security_capability
+ txgbe_security_capabilities[] = {
+ { /* IPsec Inline Crypto ESP Transport Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 }
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Crypto ESP Transport Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 }
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = 0
+ },
+ { /* IPsec Inline Crypto ESP Tunnel Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 }
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Crypto ESP Tunnel Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 }
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = 0
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+ };
+
+ return txgbe_security_capabilities;
+}
+
+static struct rte_security_ops txgbe_security_ops = {
+ .capabilities_get = txgbe_crypto_capabilities_get
+};
+
+static int
+txgbe_crypto_capable(struct rte_eth_dev *dev)
+{
+ struct txgbe_hw *hw = TXGBE_DEV_HW(dev);
+ uint32_t reg_i, reg, capable = 1;
+ /* test if rx crypto can be enabled and then write back initial value*/
+ reg_i = rd32(hw, TXGBE_SECRXCTL);
+ wr32m(hw, TXGBE_SECRXCTL, TXGBE_SECRXCTL_ODSA, 0);
+ reg = rd32m(hw, TXGBE_SECRXCTL, TXGBE_SECRXCTL_ODSA);
+ if (reg != 0)
+ capable = 0;
+ wr32(hw, TXGBE_SECRXCTL, reg_i);
+ return capable;
+}
+
+int
+txgbe_ipsec_ctx_create(struct rte_eth_dev *dev)
+{
+ struct rte_security_ctx *ctx = NULL;
+
+ if (txgbe_crypto_capable(dev)) {
+ ctx = rte_malloc("rte_security_instances_ops",
+ sizeof(struct rte_security_ctx), 0);
+ if (ctx) {
+ ctx->device = (void *)dev;
+ ctx->ops = &txgbe_security_ops;
+ ctx->sess_cnt = 0;
+ dev->security_ctx = ctx;
+ } else {
+ return -ENOMEM;
+ }
+ }
+ if (rte_security_dynfield_register() < 0)
+ return -rte_errno;
+ return 0;
+}
diff --git a/drivers/net/txgbe/txgbe_ipsec.h b/drivers/net/txgbe/txgbe_ipsec.h
new file mode 100644
index 000000000..f58ebab3d
--- /dev/null
+++ b/drivers/net/txgbe/txgbe_ipsec.h
@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2015-2020
+ */
+
+#ifndef TXGBE_IPSEC_H_
+#define TXGBE_IPSEC_H_
+
+#include <rte_ethdev_core.h>
+#include <rte_security.h>
+
+int txgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
+
+#endif /*TXGBE_IPSEC_H_*/
--
2.18.4
next prev parent reply other threads:[~2020-11-03 10:18 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-03 10:07 [dpdk-dev] [PATCH 00/37] net: add txgbe PMD part 2 Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 01/37] net/txgbe: add ntuple filter init and uninit Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 02/37] net/txgbe: support ntuple filter add and delete Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 03/37] net/txgbe: add ntuple parse rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 04/37] net/txgbe: support ntuple filter remove operaion Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 05/37] net/txgbe: support ethertype filter add and delete Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 06/37] net/txgbe: add ethertype parse rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 07/37] net/txgbe: support syn filter add and delete Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 08/37] net/txgbe: add syn filter parse rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 09/37] net/txgbe: add L2 tunnel filter init and uninit Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 10/37] net/txgbe: config L2 tunnel filter with e-tag Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 11/37] net/txgbe: support L2 tunnel filter add and delete Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 12/37] net/txgbe: add L2 tunnel filter parse rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 13/37] net/txgbe: add FDIR filter init and uninit Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 14/37] net/txgbe: configure FDIR filter Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 15/37] net/txgbe: support FDIR add and delete operations Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 16/37] net/txgbe: add FDIR parse normal rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 17/37] net/txgbe: add FDIR parse tunnel rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 18/37] net/txgbe: add FDIR restore operation Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 19/37] net/txgbe: add RSS filter parse rule Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 20/37] net/txgbe: add RSS filter restore operation Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 21/37] net/txgbe: add filter list init and uninit Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 22/37] net/txgbe: add flow API Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 23/37] net/txgbe: add flow API create function Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 24/37] net/txgbe: add flow API destroy function Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 25/37] net/txgbe: add flow API flush function Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 26/37] net/txgbe: support UDP tunnel port add and delete Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 27/37] net/txgbe: add TM configuration init and uninit Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 28/37] net/txgbe: add TM capabilities get operation Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 29/37] net/txgbe: support TM shaper profile add and delete Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 30/37] net/txgbe: support TM node " Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 31/37] net/txgbe: add TM hierarchy commit Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 32/37] net/txgbe: add macsec setting Jiawen Wu
2020-11-03 10:08 ` Jiawen Wu [this message]
2020-11-03 10:08 ` [dpdk-dev] [PATCH 34/37] net/txgbe: add security session create operation Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 35/37] net/txgbe: support security session destroy Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 36/37] net/txgbe: add security offload in Rx and Tx process Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 37/37] net/txgbe: add security type in flow action Jiawen Wu
2020-11-09 19:21 ` [dpdk-dev] [PATCH 00/37] net: add txgbe PMD part 2 Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201103100818.311881-34-jiawenwu@trustnetic.com \
--to=jiawenwu@trustnetic.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).