From: Chaoyong He <chaoyong.he@corigine.com>
To: dev@dpdk.org
Cc: oss-drivers@corigine.com,
Shihong Wang <shihong.wang@corigine.com>,
Chaoyong He <chaoyong.he@corigine.com>
Subject: [PATCH 10/10] net/nfp: destroy security session
Date: Mon, 25 Sep 2023 14:06:44 +0800 [thread overview]
Message-ID: <20230925060644.1458598-11-chaoyong.he@corigine.com> (raw)
In-Reply-To: <20230925060644.1458598-1-chaoyong.he@corigine.com>
From: Shihong Wang <shihong.wang@corigine.com>
Delete SA from NIC and destroy security session.
Signed-off-by: Shihong Wang <shihong.wang@corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
---
drivers/net/nfp/nfp_ipsec.c | 53 +++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c
index b11b1c9df3..a5b5a4fe42 100644
--- a/drivers/net/nfp/nfp_ipsec.c
+++ b/drivers/net/nfp/nfp_ipsec.c
@@ -1291,11 +1291,64 @@ nfp_security_session_get_size(void *device __rte_unused)
return sizeof(struct nfp_ipsec_session);
}
+static int
+nfp_crypto_remove_sa(struct rte_eth_dev *eth_dev,
+ struct nfp_ipsec_session *priv_session)
+{
+ int ret;
+ uint32_t sa_index;
+ struct nfp_net_hw *hw;
+ struct nfp_ipsec_msg cfg;
+
+ sa_index = priv_session->sa_index;
+ hw = NFP_NET_DEV_PRIVATE_TO_HW(eth_dev->data->dev_private);
+
+ cfg.cmd = NFP_IPSEC_CFG_MSG_INV_SA;
+ cfg.sa_idx = sa_index;
+ ret = nfp_ipsec_cfg_cmd_issue(hw, &cfg);
+ if (ret < 0) {
+ PMD_DRV_LOG(ERR, "Failed to remove SA!");
+ return -EINVAL;
+ }
+
+ hw->ipsec_data->sa_free_cnt++;
+ hw->ipsec_data->sa_entries[sa_index] = NULL;
+
+ return 0;
+}
+
+static int
+nfp_crypto_remove_session(void *device,
+ struct rte_security_session *session)
+{
+ int ret;
+ struct rte_eth_dev *eth_dev;
+ struct nfp_ipsec_session *priv_session;
+
+ eth_dev = device;
+ priv_session = SECURITY_GET_SESS_PRIV(session);
+ if (eth_dev != priv_session->dev) {
+ PMD_DRV_LOG(ERR, "Session not bound to this device");
+ return -ENODEV;
+ }
+
+ ret = nfp_crypto_remove_sa(eth_dev, priv_session);
+ if (ret < 0) {
+ PMD_DRV_LOG(ERR, "Failed to remove session");
+ return -EFAULT;
+ }
+
+ memset(priv_session, 0, sizeof(struct nfp_ipsec_session));
+
+ return 0;
+}
+
static const struct rte_security_ops nfp_security_ops = {
.session_create = nfp_crypto_create_session,
.session_update = nfp_crypto_update_session,
.session_get_size = nfp_security_session_get_size,
.session_stats_get = nfp_security_session_get_stats,
+ .session_destroy = nfp_crypto_remove_session,
.set_pkt_metadata = nfp_security_set_pkt_metadata,
.capabilities_get = nfp_crypto_capabilities_get,
};
--
2.39.1
next prev parent reply other threads:[~2023-09-25 6:08 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-25 6:06 [PATCH 00/10] add the support of ipsec offload Chaoyong He
2023-09-25 6:06 ` [PATCH 01/10] mailmap: update contributor entry Chaoyong He
2023-09-27 14:19 ` Ferruh Yigit
2023-09-28 1:50 ` Chaoyong He
2023-09-25 6:06 ` [PATCH 02/10] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-27 14:19 ` Ferruh Yigit
2023-09-28 2:02 ` Chaoyong He
2023-09-28 9:30 ` Ferruh Yigit
2023-09-25 6:06 ` [PATCH 03/10] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-25 6:06 ` [PATCH 04/10] net/nfp: initialize IPsec related content Chaoyong He
2023-09-25 6:06 ` [PATCH 05/10] net/nfp: get security capabilities and session size Chaoyong He
2023-09-25 6:06 ` [PATCH 06/10] net/nfp: get IPsec Rx/Tx packet statistics Chaoyong He
2023-09-25 6:06 ` [PATCH 07/10] net/nfp: create security session Chaoyong He
2023-09-25 6:06 ` [PATCH 08/10] net/nfp: update " Chaoyong He
2023-09-25 6:06 ` [PATCH 09/10] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-25 6:06 ` Chaoyong He [this message]
2023-09-26 2:49 ` [PATCH v2 00/10] add the support of ipsec offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 01/10] mailmap: update contributor entry Chaoyong He
2023-09-26 2:49 ` [PATCH v2 02/10] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-26 2:49 ` [PATCH v2 03/10] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 04/10] net/nfp: initialize IPsec related content Chaoyong He
2023-09-26 2:49 ` [PATCH v2 05/10] net/nfp: get security capabilities and session size Chaoyong He
2023-09-26 2:49 ` [PATCH v2 06/10] net/nfp: get IPsec Rx/Tx packet statistics Chaoyong He
2023-09-26 2:49 ` [PATCH v2 07/10] net/nfp: create security session Chaoyong He
2023-09-26 2:49 ` [PATCH v2 08/10] net/nfp: update " Chaoyong He
2023-09-26 2:49 ` [PATCH v2 09/10] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 10/10] net/nfp: destroy security session Chaoyong He
2023-09-27 14:20 ` [PATCH v2 00/10] add the support of ipsec offload Ferruh Yigit
2023-09-28 2:05 ` Chaoyong He
2023-09-28 9:33 ` Ferruh Yigit
2023-09-29 2:08 ` [PATCH v3 0/9] " Chaoyong He
2023-09-29 2:08 ` [PATCH v3 1/9] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-29 2:08 ` [PATCH v3 2/9] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-29 2:08 ` [PATCH v3 3/9] net/nfp: initialize IPsec related content Chaoyong He
2023-09-29 10:00 ` Ferruh Yigit
2023-09-29 2:08 ` [PATCH v3 4/9] net/nfp: get security capabilities and session size Chaoyong He
2023-09-29 2:08 ` [PATCH v3 5/9] net/nfp: get IPsec Rx/Tx packet statistics Chaoyong He
2023-09-29 2:08 ` [PATCH v3 6/9] net/nfp: create security session Chaoyong He
2023-09-29 2:08 ` [PATCH v3 7/9] net/nfp: update " Chaoyong He
2023-09-29 2:08 ` [PATCH v3 8/9] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-29 2:08 ` [PATCH v3 9/9] net/nfp: destroy security session Chaoyong He
2023-09-29 10:05 ` [PATCH v3 0/9] add the support of ipsec offload Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230925060644.1458598-11-chaoyong.he@corigine.com \
--to=chaoyong.he@corigine.com \
--cc=dev@dpdk.org \
--cc=oss-drivers@corigine.com \
--cc=shihong.wang@corigine.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).