From: Igor Russkikh <Igor.Russkikh@aquantia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: "ferruh.yigit@intel.com" <ferruh.yigit@intel.com>,
"thomas@monjalon.net" <thomas@monjalon.net>,
"arybchenko@solarflare.com" <arybchenko@solarflare.com>,
"konstantin.ananyev@intel.com" <konstantin.ananyev@intel.com>,
Igor Russkikh <Igor.Russkikh@aquantia.com>,
Pavel Belous <Pavel.Belous@aquantia.com>
Subject: [dpdk-dev] [PATCH v2 2/7] net/atlantic: enable macsec configuration
Date: Wed, 17 Apr 2019 15:45:30 +0000 [thread overview]
Message-ID: <75675c055efff4b0ea26bf32049cabd98c252c8f.1555515863.git.igor.russkikh@aquantia.com> (raw)
In-Reply-To: <cover.1555515863.git.igor.russkikh@aquantia.com>
From: Pavel Belous <pavel.belous@aquantia.com>
This is a driver side of macsec configuration routines.
It fills in config structures and sends requests to FW
for configuration activities.
We declare macsec offload bits in DPDK offload capabilities.
Also update documentation with feature matrix for the
enabled feature.
Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
doc/guides/nics/atlantic.rst | 6 +
doc/guides/nics/features/atlantic.ini | 1 +
drivers/net/atlantic/atl_ethdev.c | 216 ++++++++++++++++++++++++++
drivers/net/atlantic/atl_ethdev.h | 12 ++
4 files changed, 235 insertions(+)
diff --git a/doc/guides/nics/atlantic.rst b/doc/guides/nics/atlantic.rst
index 80591b13c185..22f2410d0e9a 100644
--- a/doc/guides/nics/atlantic.rst
+++ b/doc/guides/nics/atlantic.rst
@@ -19,6 +19,12 @@ Supported features
- RSS (Receive Side Scaling)
- Checksum offload
- Jumbo Frame upto 16K
+- MACSEC offload
+
+Experimental API features
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- MACSEC PMD API is considered as experimental and is subject to change/removal in next DPDK releases.
Configuration Information
^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/guides/nics/features/atlantic.ini b/doc/guides/nics/features/atlantic.ini
index 5ed095b14323..2bb8ecc01789 100644
--- a/doc/guides/nics/features/atlantic.ini
+++ b/doc/guides/nics/features/atlantic.ini
@@ -20,6 +20,7 @@ VLAN filter = Y
Flow control = Y
CRC offload = Y
VLAN offload = Y
+MACsec offload = Y
L3 checksum offload = Y
L4 checksum offload = Y
Packet type parsing = Y
diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 8327863cd9b6..1e91f162f6c2 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -167,6 +167,7 @@ static struct rte_pci_driver rte_atl_pmd = {
| DEV_RX_OFFLOAD_UDP_CKSUM \
| DEV_RX_OFFLOAD_TCP_CKSUM \
| DEV_RX_OFFLOAD_JUMBO_FRAME \
+ | DEV_RX_OFFLOAD_MACSEC_STRIP \
| DEV_RX_OFFLOAD_VLAN_FILTER)
#define ATL_TX_OFFLOADS (DEV_TX_OFFLOAD_VLAN_INSERT \
@@ -174,6 +175,7 @@ static struct rte_pci_driver rte_atl_pmd = {
| DEV_TX_OFFLOAD_UDP_CKSUM \
| DEV_TX_OFFLOAD_TCP_CKSUM \
| DEV_TX_OFFLOAD_TCP_TSO \
+ | DEV_TX_OFFLOAD_MACSEC_INSERT \
| DEV_TX_OFFLOAD_MULTI_SEGS)
static const struct rte_eth_desc_lim rx_desc_lim = {
@@ -698,6 +700,205 @@ atl_dev_reset(struct rte_eth_dev *dev)
return ret;
}
+static int
+atl_dev_configure_macsec(struct rte_eth_dev *dev)
+{
+ struct aq_hw_s *hw = ATL_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct aq_hw_cfg_s *cf = ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+ struct aq_macsec_config *aqcfg = &cf->aq_macsec;
+ struct macsec_msg_fw_request msg_macsec;
+ struct macsec_msg_fw_response response;
+
+ if (!aqcfg->common.macsec_enabled ||
+ hw->aq_fw_ops->send_macsec_req == NULL)
+ return 0;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Creating set of sc/sa structures from parameters provided by DPDK */
+
+ /* Configure macsec */
+ msg_macsec.msg_type = macsec_cfg_msg;
+ msg_macsec.cfg.enabled = aqcfg->common.macsec_enabled;
+ msg_macsec.cfg.interrupts_enabled = 1;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure TX SC */
+
+ msg_macsec.msg_type = macsec_add_tx_sc_msg;
+ msg_macsec.txsc.index = 0; /* TXSC always one (??) */
+ msg_macsec.txsc.protect = aqcfg->common.encryption_enabled;
+
+ /* MAC addr for TX */
+ msg_macsec.txsc.mac_sa[0] = rte_bswap32(aqcfg->txsc.mac[1]);
+ msg_macsec.txsc.mac_sa[1] = rte_bswap32(aqcfg->txsc.mac[0]);
+ msg_macsec.txsc.sa_mask = 0x3f;
+
+ msg_macsec.txsc.da_mask = 0;
+ msg_macsec.txsc.tci = 0x0B;
+ msg_macsec.txsc.curr_an = 0; /* SA index which currently used */
+
+ /*
+ * Creating SCI (Secure Channel Identifier).
+ * SCI constructed from Source MAC and Port identifier
+ */
+ uint32_t sci_hi_part = (msg_macsec.txsc.mac_sa[1] << 16) |
+ (msg_macsec.txsc.mac_sa[0] >> 16);
+ uint32_t sci_low_part = (msg_macsec.txsc.mac_sa[0] << 16);
+
+ uint32_t port_identifier = 1;
+
+ msg_macsec.txsc.sci[1] = sci_hi_part;
+ msg_macsec.txsc.sci[0] = sci_low_part | port_identifier;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SC */
+
+ msg_macsec.msg_type = macsec_add_rx_sc_msg;
+ msg_macsec.rxsc.index = aqcfg->rxsc.pi;
+ msg_macsec.rxsc.replay_protect =
+ aqcfg->common.replay_protection_enabled;
+ msg_macsec.rxsc.anti_replay_window = 0;
+
+ /* MAC addr for RX */
+ msg_macsec.rxsc.mac_da[0] = rte_bswap32(aqcfg->rxsc.mac[1]);
+ msg_macsec.rxsc.mac_da[1] = rte_bswap32(aqcfg->rxsc.mac[0]);
+ msg_macsec.rxsc.da_mask = 0;//0x3f;
+
+ msg_macsec.rxsc.sa_mask = 0;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SC */
+
+ msg_macsec.msg_type = macsec_add_tx_sa_msg;
+ msg_macsec.txsa.index = aqcfg->txsa.idx;
+ msg_macsec.txsa.next_pn = aqcfg->txsa.pn;
+
+ msg_macsec.txsa.key[0] = rte_bswap32(aqcfg->txsa.key[3]);
+ msg_macsec.txsa.key[1] = rte_bswap32(aqcfg->txsa.key[2]);
+ msg_macsec.txsa.key[2] = rte_bswap32(aqcfg->txsa.key[1]);
+ msg_macsec.txsa.key[3] = rte_bswap32(aqcfg->txsa.key[0]);
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SA */
+
+ msg_macsec.msg_type = macsec_add_rx_sa_msg;
+ msg_macsec.rxsa.index = aqcfg->rxsa.idx;
+ msg_macsec.rxsa.next_pn = aqcfg->rxsa.pn;
+
+ msg_macsec.rxsa.key[0] = rte_bswap32(aqcfg->rxsa.key[3]);
+ msg_macsec.rxsa.key[1] = rte_bswap32(aqcfg->rxsa.key[2]);
+ msg_macsec.rxsa.key[2] = rte_bswap32(aqcfg->rxsa.key[1]);
+ msg_macsec.rxsa.key[3] = rte_bswap32(aqcfg->rxsa.key[0]);
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ return 0;
+}
+
+int atl_macsec_enable(struct rte_eth_dev *dev,
+ uint8_t encr, uint8_t repl_prot)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.common.macsec_enabled = 1;
+ cfg->aq_macsec.common.encryption_enabled = encr;
+ cfg->aq_macsec.common.replay_protection_enabled = repl_prot;
+
+ return 0;
+}
+
+int atl_macsec_disable(struct rte_eth_dev *dev)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.common.macsec_enabled = 0;
+
+ return 0;
+}
+
+int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ memset(&cfg->aq_macsec.txsc.mac, 0, sizeof(cfg->aq_macsec.txsc.mac));
+ memcpy((uint8_t *)&cfg->aq_macsec.txsc.mac + 2, mac, ETHER_ADDR_LEN);
+
+ return 0;
+}
+
+int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ memset(&cfg->aq_macsec.rxsc.mac, 0, sizeof(cfg->aq_macsec.rxsc.mac));
+ memcpy((uint8_t *)&cfg->aq_macsec.rxsc.mac + 2, mac, ETHER_ADDR_LEN);
+ cfg->aq_macsec.rxsc.pi = pi;
+
+ return 0;
+}
+
+int atl_macsec_select_txsa(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.txsa.idx = idx;
+ cfg->aq_macsec.txsa.pn = pn;
+ cfg->aq_macsec.txsa.an = an;
+
+ memcpy(&cfg->aq_macsec.txsa.key, key, 16);
+ return 0;
+}
+
+int atl_macsec_select_rxsa(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.rxsa.idx = idx;
+ cfg->aq_macsec.rxsa.pn = pn;
+ cfg->aq_macsec.rxsa.an = an;
+
+ memcpy(&cfg->aq_macsec.rxsa.key, key, 16);
+ return 0;
+}
static int
atl_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats *stats)
@@ -1532,6 +1733,21 @@ atl_rss_hash_conf_get(struct rte_eth_dev *dev,
return 0;
}
+static bool
+is_device_supported(struct rte_eth_dev *dev, struct rte_pci_driver *drv)
+{
+ if (strcmp(dev->device->driver->name, drv->driver.name))
+ return false;
+
+ return true;
+}
+
+bool
+is_atlantic_supported(struct rte_eth_dev *dev)
+{
+ return is_device_supported(dev, &rte_atl_pmd);
+}
+
RTE_PMD_REGISTER_PCI(net_atlantic, rte_atl_pmd);
RTE_PMD_REGISTER_PCI_TABLE(net_atlantic, pci_id_atl_map);
RTE_PMD_REGISTER_KMOD_DEP(net_atlantic, "* igb_uio | uio_pci_generic");
diff --git a/drivers/net/atlantic/atl_ethdev.h b/drivers/net/atlantic/atl_ethdev.h
index 1e29999b539c..b162138c59d3 100644
--- a/drivers/net/atlantic/atl_ethdev.h
+++ b/drivers/net/atlantic/atl_ethdev.h
@@ -104,4 +104,16 @@ uint16_t atl_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts,
uint16_t atl_prep_pkts(void *tx_queue, struct rte_mbuf **tx_pkts,
uint16_t nb_pkts);
+int atl_macsec_enable(struct rte_eth_dev *dev, uint8_t encr, uint8_t repl_prot);
+int atl_macsec_disable(struct rte_eth_dev *dev);
+int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi);
+int atl_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+ uint8_t an, uint32_t pn, uint8_t *key);
+int atl_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+ uint8_t an, uint32_t pn, uint8_t *key);
+
+bool is_atlantic_supported(struct rte_eth_dev *dev);
+
#endif /* _ATLANTIC_ETHDEV_H_ */
--
2.17.1
next prev parent reply other threads:[~2019-04-17 15:45 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-17 15:45 [dpdk-dev] [PATCH v2 0/7] add MACSEC hw offload to atlantic PMD Igor Russkikh
2019-04-17 15:45 ` Igor Russkikh
2019-04-17 15:45 ` [dpdk-dev] [PATCH v2 1/7] net/atlantic: macsec hardware structures declaration Igor Russkikh
2019-04-17 15:45 ` Igor Russkikh
2019-04-17 15:45 ` Igor Russkikh [this message]
2019-04-17 15:45 ` [dpdk-dev] [PATCH v2 2/7] net/atlantic: enable macsec configuration Igor Russkikh
2019-04-17 17:14 ` Ferruh Yigit
2019-04-17 17:14 ` Ferruh Yigit
2019-04-17 15:45 ` [dpdk-dev] [PATCH v2 3/7] net/atlantic: macsec firmware interface Igor Russkikh
2019-04-17 15:45 ` Igor Russkikh
2019-04-17 15:45 ` [dpdk-dev] [PATCH v2 4/7] net/atlantic: interrupt handling of macsec events Igor Russkikh
2019-04-17 15:45 ` Igor Russkikh
2019-04-17 15:45 ` [dpdk-dev] [PATCH v2 5/7] net/atlantic: implement macsec statistics Igor Russkikh
2019-04-17 15:45 ` Igor Russkikh
2019-04-17 15:45 ` [dpdk-dev] [PATCH v2 6/7] net/atlantic: bump internal driver version Igor Russkikh
2019-04-17 15:45 ` Igor Russkikh
2019-04-17 15:45 ` [dpdk-dev] [PATCH v2 7/7] net/atlantic: public experimental macsec API Igor Russkikh
2019-04-17 15:45 ` Igor Russkikh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=75675c055efff4b0ea26bf32049cabd98c252c8f.1555515863.git.igor.russkikh@aquantia.com \
--to=igor.russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=arybchenko@solarflare.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).