DPDK patches and discussions
 help / color / mirror / Atom feed
From: Jiawen Wu <jiawenwu@trustnetic.com>
To: dev@dpdk.org
Cc: Jiawen Wu <jiawenwu@trustnetic.com>
Subject: [dpdk-dev] [PATCH 35/37] net/txgbe: support security session destroy
Date: Tue,  3 Nov 2020 18:08:16 +0800	[thread overview]
Message-ID: <20201103100818.311881-36-jiawenwu@trustnetic.com> (raw)
In-Reply-To: <20201103100818.311881-1-jiawenwu@trustnetic.com>

Add support to clear a security session's private data,
get the size of a security session,
add update the mbuf with provided metadata.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
---
 drivers/net/txgbe/txgbe_ipsec.c | 167 ++++++++++++++++++++++++++++++++
 drivers/net/txgbe/txgbe_ipsec.h |  15 +++
 2 files changed, 182 insertions(+)

diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c
index 7501e25af..0bdd1c061 100644
--- a/drivers/net/txgbe/txgbe_ipsec.c
+++ b/drivers/net/txgbe/txgbe_ipsec.c
@@ -199,6 +199,106 @@ txgbe_crypto_add_sa(struct txgbe_crypto_session *ic_session)
 	return 0;
 }
 
+static int
+txgbe_crypto_remove_sa(struct rte_eth_dev *dev,
+		       struct txgbe_crypto_session *ic_session)
+{
+	struct txgbe_hw *hw = TXGBE_DEV_HW(dev);
+	struct txgbe_ipsec *priv = TXGBE_DEV_IPSEC(dev);
+	uint32_t reg_val;
+	int sa_index = -1;
+
+	if (ic_session->op == TXGBE_OP_AUTHENTICATED_DECRYPTION) {
+		int i, ip_index = -1;
+
+		/* Find a match in the IP table*/
+		for (i = 0; i < IPSEC_MAX_RX_IP_COUNT; i++) {
+			if (CMP_IP(priv->rx_ip_tbl[i].ip, ic_session->dst_ip)) {
+				ip_index = i;
+				break;
+			}
+		}
+
+		/* Fail if no match*/
+		if (ip_index < 0) {
+			PMD_DRV_LOG(ERR,
+				    "Entry not found in the Rx IP table\n");
+			return -1;
+		}
+
+		/* Find a free entry in the SA table*/
+		for (i = 0; i < IPSEC_MAX_SA_COUNT; i++) {
+			if (priv->rx_sa_tbl[i].spi ==
+				  rte_cpu_to_be_32(ic_session->spi)) {
+				sa_index = i;
+				break;
+			}
+		}
+		/* Fail if no match*/
+		if (sa_index < 0) {
+			PMD_DRV_LOG(ERR,
+				    "Entry not found in the Rx SA table\n");
+			return -1;
+		}
+
+		/* Disable and clear Rx SPI and key table table entryes*/
+		reg_val = TXGBE_IPSRXIDX_WRITE |
+			TXGBE_IPSRXIDX_TB_SPI | (sa_index << 3);
+		wr32(hw, TXGBE_IPSRXSPI, 0);
+		wr32(hw, TXGBE_IPSRXADDRIDX, 0);
+		wr32w(hw, TXGBE_IPSRXIDX, reg_val, TXGBE_IPSRXIDX_WRITE, 1000);
+		reg_val = TXGBE_IPSRXIDX_WRITE |
+			TXGBE_IPSRXIDX_TB_KEY | (sa_index << 3);
+		wr32(hw, TXGBE_IPSRXKEY(0), 0);
+		wr32(hw, TXGBE_IPSRXKEY(1), 0);
+		wr32(hw, TXGBE_IPSRXKEY(2), 0);
+		wr32(hw, TXGBE_IPSRXKEY(3), 0);
+		wr32(hw, TXGBE_IPSRXSALT, 0);
+		wr32(hw, TXGBE_IPSRXMODE, 0);
+		wr32w(hw, TXGBE_IPSRXIDX, reg_val, TXGBE_IPSRXIDX_WRITE, 1000);
+		priv->rx_sa_tbl[sa_index].used = 0;
+
+		/* If last used then clear the IP table entry*/
+		priv->rx_ip_tbl[ip_index].ref_count--;
+		if (priv->rx_ip_tbl[ip_index].ref_count == 0) {
+			reg_val = TXGBE_IPSRXIDX_WRITE | TXGBE_IPSRXIDX_TB_IP |
+					(ip_index << 3);
+			wr32(hw, TXGBE_IPSRXADDR(0), 0);
+			wr32(hw, TXGBE_IPSRXADDR(1), 0);
+			wr32(hw, TXGBE_IPSRXADDR(2), 0);
+			wr32(hw, TXGBE_IPSRXADDR(3), 0);
+		}
+	} else { /* session->dir == RTE_CRYPTO_OUTBOUND */
+		int i;
+
+		/* Find a match in the SA table*/
+		for (i = 0; i < IPSEC_MAX_SA_COUNT; i++) {
+			if (priv->tx_sa_tbl[i].spi ==
+				    rte_cpu_to_be_32(ic_session->spi)) {
+				sa_index = i;
+				break;
+			}
+		}
+		/* Fail if no match entries*/
+		if (sa_index < 0) {
+			PMD_DRV_LOG(ERR,
+				    "Entry not found in the Tx SA table\n");
+			return -1;
+		}
+		reg_val = TXGBE_IPSRXIDX_WRITE | (sa_index << 3);
+		wr32(hw, TXGBE_IPSTXKEY(0), 0);
+		wr32(hw, TXGBE_IPSTXKEY(1), 0);
+		wr32(hw, TXGBE_IPSTXKEY(2), 0);
+		wr32(hw, TXGBE_IPSTXKEY(3), 0);
+		wr32(hw, TXGBE_IPSTXSALT, 0);
+		wr32w(hw, TXGBE_IPSTXIDX, reg_val, TXGBE_IPSTXIDX_WRITE, 1000);
+
+		priv->tx_sa_tbl[sa_index].used = 0;
+	}
+
+	return 0;
+}
+
 static int
 txgbe_crypto_create_session(void *device,
 		struct rte_security_session_conf *conf,
@@ -262,6 +362,70 @@ txgbe_crypto_create_session(void *device,
 	return 0;
 }
 
+static unsigned int
+txgbe_crypto_session_get_size(__rte_unused void *device)
+{
+	return sizeof(struct txgbe_crypto_session);
+}
+
+static int
+txgbe_crypto_remove_session(void *device,
+		struct rte_security_session *session)
+{
+	struct rte_eth_dev *eth_dev = device;
+	struct txgbe_crypto_session *ic_session =
+		(struct txgbe_crypto_session *)
+		get_sec_session_private_data(session);
+	struct rte_mempool *mempool = rte_mempool_from_obj(ic_session);
+
+	if (eth_dev != ic_session->dev) {
+		PMD_DRV_LOG(ERR, "Session not bound to this device\n");
+		return -ENODEV;
+	}
+
+	if (txgbe_crypto_remove_sa(eth_dev, ic_session)) {
+		PMD_DRV_LOG(ERR, "Failed to remove session\n");
+		return -EFAULT;
+	}
+
+	rte_mempool_put(mempool, (void *)ic_session);
+
+	return 0;
+}
+
+static inline uint8_t
+txgbe_crypto_compute_pad_len(struct rte_mbuf *m)
+{
+	if (m->nb_segs == 1) {
+		/* 16 bytes ICV + 2 bytes ESP trailer + payload padding size
+		 * payload padding size is stored at <pkt_len - 18>
+		 */
+		uint8_t *esp_pad_len = rte_pktmbuf_mtod_offset(m, uint8_t *,
+					rte_pktmbuf_pkt_len(m) -
+					(ESP_TRAILER_SIZE + ESP_ICV_SIZE));
+		return *esp_pad_len + ESP_TRAILER_SIZE + ESP_ICV_SIZE;
+	}
+	return 0;
+}
+
+static int
+txgbe_crypto_update_mb(void *device __rte_unused,
+		struct rte_security_session *session,
+		       struct rte_mbuf *m, void *params __rte_unused)
+{
+	struct txgbe_crypto_session *ic_session =
+			get_sec_session_private_data(session);
+	if (ic_session->op == TXGBE_OP_AUTHENTICATED_ENCRYPTION) {
+		union txgbe_crypto_tx_desc_md *mdata =
+			(union txgbe_crypto_tx_desc_md *)
+				rte_security_dynfield(m);
+		mdata->enc = 1;
+		mdata->sa_idx = ic_session->sa_index;
+		mdata->pad_len = txgbe_crypto_compute_pad_len(m);
+	}
+	return 0;
+}
+
 static const struct rte_security_capability *
 txgbe_crypto_capabilities_get(void *device __rte_unused)
 {
@@ -390,6 +554,9 @@ txgbe_crypto_capabilities_get(void *device __rte_unused)
 
 static struct rte_security_ops txgbe_security_ops = {
 	.session_create = txgbe_crypto_create_session,
+	.session_get_size = txgbe_crypto_session_get_size,
+	.session_destroy = txgbe_crypto_remove_session,
+	.set_pkt_metadata = txgbe_crypto_update_mb,
 	.capabilities_get = txgbe_crypto_capabilities_get
 };
 
diff --git a/drivers/net/txgbe/txgbe_ipsec.h b/drivers/net/txgbe/txgbe_ipsec.h
index c94775636..d022a255f 100644
--- a/drivers/net/txgbe/txgbe_ipsec.h
+++ b/drivers/net/txgbe/txgbe_ipsec.h
@@ -17,6 +17,9 @@
 #define IPSEC_MAX_RX_IP_COUNT           128
 #define IPSEC_MAX_SA_COUNT              1024
 
+#define ESP_ICV_SIZE 16
+#define ESP_TRAILER_SIZE 2
+
 enum txgbe_operation {
 	TXGBE_OP_AUTHENTICATED_ENCRYPTION,
 	TXGBE_OP_AUTHENTICATED_DECRYPTION
@@ -68,6 +71,18 @@ struct txgbe_crypto_tx_sa_table {
 	uint8_t  used;
 };
 
+union txgbe_crypto_tx_desc_md {
+	uint64_t data;
+	struct {
+		/**< SA table index */
+		uint32_t sa_idx;
+		/**< ICV and ESP trailer length */
+		uint8_t pad_len;
+		/**< enable encryption */
+		uint8_t enc;
+	};
+};
+
 struct txgbe_ipsec {
 	struct txgbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
 	struct txgbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
-- 
2.18.4




  parent reply	other threads:[~2020-11-03 10:19 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-03 10:07 [dpdk-dev] [PATCH 00/37] net: add txgbe PMD part 2 Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 01/37] net/txgbe: add ntuple filter init and uninit Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 02/37] net/txgbe: support ntuple filter add and delete Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 03/37] net/txgbe: add ntuple parse rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 04/37] net/txgbe: support ntuple filter remove operaion Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 05/37] net/txgbe: support ethertype filter add and delete Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 06/37] net/txgbe: add ethertype parse rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 07/37] net/txgbe: support syn filter add and delete Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 08/37] net/txgbe: add syn filter parse rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 09/37] net/txgbe: add L2 tunnel filter init and uninit Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 10/37] net/txgbe: config L2 tunnel filter with e-tag Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 11/37] net/txgbe: support L2 tunnel filter add and delete Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 12/37] net/txgbe: add L2 tunnel filter parse rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 13/37] net/txgbe: add FDIR filter init and uninit Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 14/37] net/txgbe: configure FDIR filter Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 15/37] net/txgbe: support FDIR add and delete operations Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 16/37] net/txgbe: add FDIR parse normal rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 17/37] net/txgbe: add FDIR parse tunnel rule Jiawen Wu
2020-11-03 10:07 ` [dpdk-dev] [PATCH 18/37] net/txgbe: add FDIR restore operation Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 19/37] net/txgbe: add RSS filter parse rule Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 20/37] net/txgbe: add RSS filter restore operation Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 21/37] net/txgbe: add filter list init and uninit Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 22/37] net/txgbe: add flow API Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 23/37] net/txgbe: add flow API create function Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 24/37] net/txgbe: add flow API destroy function Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 25/37] net/txgbe: add flow API flush function Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 26/37] net/txgbe: support UDP tunnel port add and delete Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 27/37] net/txgbe: add TM configuration init and uninit Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 28/37] net/txgbe: add TM capabilities get operation Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 29/37] net/txgbe: support TM shaper profile add and delete Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 30/37] net/txgbe: support TM node " Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 31/37] net/txgbe: add TM hierarchy commit Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 32/37] net/txgbe: add macsec setting Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 33/37] net/txgbe: add IPsec context creation Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 34/37] net/txgbe: add security session create operation Jiawen Wu
2020-11-03 10:08 ` Jiawen Wu [this message]
2020-11-03 10:08 ` [dpdk-dev] [PATCH 36/37] net/txgbe: add security offload in Rx and Tx process Jiawen Wu
2020-11-03 10:08 ` [dpdk-dev] [PATCH 37/37] net/txgbe: add security type in flow action Jiawen Wu
2020-11-09 19:21 ` [dpdk-dev] [PATCH 00/37] net: add txgbe PMD part 2 Ferruh Yigit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201103100818.311881-36-jiawenwu@trustnetic.com \
    --to=jiawenwu@trustnetic.com \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).