From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
Cc: <radu.nicolau@intel.com>, <anoobj@marvell.com>,
<hemant.agrawal@nxp.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH] examples/ipsec-secgw: add security capabilities mapping
Date: Thu, 20 Jul 2023 18:51:23 +0530 [thread overview]
Message-ID: <20230720132123.3084969-1-gakhil@marvell.com> (raw)
Currently the cryptodev queue pair mapping was done only
on lookaside crypto capabilities.
But device capabilities for lookaside crypto and
lookaside proto may be different.
Hence, mappings are also added for rte_security_capabilities
of cryptodev.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 41 ++++++++++++++++++++++++++++--
1 file changed, 39 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 72b3bfba9e..3ab7995fd5 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1555,6 +1555,8 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
struct lcore_conf *qconf;
struct ipsec_ctx *ipsec_ctx;
const char *str;
+ void *sec_ctx;
+ const struct rte_security_capability *sec_cap;
qconf = &lcore_conf[params->lcore_id];
@@ -1569,8 +1571,8 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
}
/* Required cryptodevs with operation chaining */
- if (!(dev_info->feature_flags &
- RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
+ if (!(dev_info->feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING) &&
+ !(dev_info->feature_flags & RTE_CRYPTODEV_FF_SECURITY))
return ret;
for (i = dev_info->capabilities;
@@ -1600,6 +1602,41 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
}
}
+ sec_ctx = rte_cryptodev_get_sec_ctx(cdev_id);
+ if (sec_ctx == NULL)
+ return ret;
+
+ sec_cap = rte_security_capabilities_get(sec_ctx);
+ if (sec_cap == NULL)
+ return ret;
+
+ for (i = sec_cap->crypto_capabilities;
+ i->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; i++) {
+ if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ continue;
+
+ if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ ret |= add_mapping(str, cdev_id, qp, params,
+ ipsec_ctx, NULL, NULL, i);
+ continue;
+ }
+
+ if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+ continue;
+
+ for (j = sec_cap->crypto_capabilities;
+ j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
+ if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ continue;
+
+ if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
+ continue;
+
+ ret |= add_mapping(str, cdev_id, qp, params,
+ ipsec_ctx, i, j, NULL);
+ }
+ }
+
return ret;
}
--
2.25.1
next reply other threads:[~2023-07-20 13:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-20 13:21 Akhil Goyal [this message]
2023-09-19 12:41 ` Akhil Goyal
2023-09-19 19:19 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230720132123.3084969-1-gakhil@marvell.com \
--to=gakhil@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
--cc=radu.nicolau@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).