DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support
@ 2020-06-23 12:12 Tejasree Kondoj
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 1/8] net/octeontx2: move otx2_sec_session struct to otx2_security.h Tejasree Kondoj
                   ` (8 more replies)
  0 siblings, 9 replies; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev

This series adds lookaside IPsec support in OCTEON TX2 PMD.

Features supported:
* IPv4
* ESP
* Tunnel mode
* AES-128/192/256-GCM

This series is on top of http://patches.dpdk.org/patch/71638/

Tejasree Kondoj (4):
  net/octeontx2: move otx2_sec_session struct to otx2_security.h
  crypto/octeontx2: add lookaside SA context definitions
  crypto/octeontx2: add cryptodev sec registration
  crypto/octeontx2: add cryptodev sec capabilities

Vamsi Attunuru (4):
  crypto/octeontx2: add cryptodev sec misc callbacks
  crypto/octeontx2: add cryptodev sec session create
  crypto/octeontx2: add cryptodev sec enqueue routine
  crypto/octeontx2: add cryptodev sec dequeue routine

 drivers/crypto/octeontx2/Makefile             |   1 +
 drivers/crypto/octeontx2/meson.build          |   3 +-
 drivers/crypto/octeontx2/otx2_cryptodev.c     |  12 +-
 drivers/crypto/octeontx2/otx2_cryptodev.h     |   8 +
 .../octeontx2/otx2_cryptodev_capabilities.c   | 108 ++++
 .../octeontx2/otx2_cryptodev_capabilities.h   |   3 +
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  73 ++-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 538 ++++++++++++++++++
 drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  58 ++
 drivers/crypto/octeontx2/otx2_ipsec_po.h      | 450 +++++++++++++++
 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h  | 179 ++++++
 drivers/crypto/octeontx2/otx2_security.h      |  32 ++
 drivers/net/octeontx2/otx2_ethdev_sec.c       |  10 +-
 drivers/net/octeontx2/otx2_ethdev_sec.h       |  11 +-
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   1 +
 15 files changed, 1465 insertions(+), 22 deletions(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.c
 create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.h
 create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po.h
 create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
 create mode 100644 drivers/crypto/octeontx2/otx2_security.h

-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 1/8] net/octeontx2: move otx2_sec_session struct to otx2_security.h
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
@ 2020-06-23 12:12 ` Tejasree Kondoj
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions Tejasree Kondoj
                   ` (7 subsequent siblings)
  8 siblings, 0 replies; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev

This patch moves otx2_sec_session structure to otx2_security.h
to make it common for inline and lookaside protocol

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_security.h   | 21 +++++++++++++++++++++
 drivers/net/octeontx2/otx2_ethdev_sec.c    |  1 +
 drivers/net/octeontx2/otx2_ethdev_sec.h    | 10 ----------
 drivers/net/octeontx2/otx2_ethdev_sec_tx.h |  1 +
 4 files changed, 23 insertions(+), 10 deletions(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_security.h

diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h
new file mode 100644
index 0000000000..275d69b6a5
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#ifndef __OTX2_SECURITY_H__
+#define __OTX2_SECURITY_H__
+
+#include "otx2_ethdev_sec.h"
+#include "otx2_ipsec_fp.h"
+
+union otx2_sec_session_ipsec {
+	struct otx2_sec_session_ipsec_ip ip;
+};
+
+struct otx2_sec_session {
+	union otx2_sec_session_ipsec ipsec;
+	void *userdata;
+	/**< Userdata registered by the application */
+} __rte_cache_aligned;
+
+#endif /* __OTX2_SECURITY_H__ */
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index 5f6140f70b..c2ad32cf0c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -19,6 +19,7 @@
 #include "otx2_ethdev_sec.h"
 #include "otx2_ipsec_fp.h"
 #include "otx2_sec_idev.h"
+#include "otx2_security.h"
 
 #define AH_HDR_LEN	12
 #define AES_GCM_IV_LEN	8
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h
index e24358a05a..22025d0d0c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.h
@@ -116,16 +116,6 @@ struct otx2_sec_session_ipsec_ip {
 	struct otx2_cpt_qp *qp;
 };
 
-struct otx2_sec_session_ipsec {
-	struct otx2_sec_session_ipsec_ip ip;
-};
-
-struct otx2_sec_session {
-	struct otx2_sec_session_ipsec ipsec;
-	void *userdata;
-	/**< Userdata registered by the application */
-} __rte_cache_aligned;
-
 int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev);
 
 void otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev);
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
index 2e35a8c773..f8130ca624 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
@@ -9,6 +9,7 @@
 #include <rte_mbuf.h>
 
 #include "otx2_ethdev_sec.h"
+#include "otx2_security.h"
 
 struct otx2_ipsec_fp_out_hdr {
 	uint32_t ip_id;
-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 1/8] net/octeontx2: move otx2_sec_session struct to otx2_security.h Tejasree Kondoj
@ 2020-06-23 12:12 ` Tejasree Kondoj
  2020-07-01 20:46   ` Akhil Goyal
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 3/8] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
                   ` (6 subsequent siblings)
  8 siblings, 1 reply; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  52 ++++++++
 drivers/crypto/octeontx2/otx2_ipsec_po.h      | 119 ++++++++++++++++++
 drivers/crypto/octeontx2/otx2_security.h      |   2 +
 drivers/net/octeontx2/otx2_ethdev_sec.h       |   1 +
 4 files changed, 174 insertions(+)
 create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.h
 create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po.h

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
new file mode 100644
index 0000000000..af62207d07
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
@@ -0,0 +1,52 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#ifndef __OTX2_CRYPTODEV_SEC_H__
+#define __OTX2_CRYPTODEV_SEC_H__
+
+#include "otx2_ipsec_po.h"
+
+struct otx2_sec_session_ipsec_lp {
+	RTE_STD_C11
+	union {
+		/* Inbound SA */
+		struct otx2_ipsec_po_in_sa in_sa;
+		/* Outbound SA */
+		struct otx2_ipsec_po_out_sa out_sa;
+	};
+
+	uint64_t ucmd_w3;
+	uint16_t ucmd_opcode;
+	uint16_t ucmd_param1;
+	uint16_t ucmd_param2;
+
+	uint8_t partial_len;
+	uint8_t roundup_len;
+	uint8_t roundup_byte;
+	uint16_t ip_id;
+	union {
+		uint64_t esn;
+		struct {
+			uint32_t seq_lo;
+			uint32_t seq_hi;
+		};
+	};
+
+	/** Context length in 8-byte words */
+	size_t ctx_len;
+	/** Auth IV offset in bytes */
+	uint16_t auth_iv_offset;
+	/** IV offset in bytes */
+	uint16_t iv_offset;
+	/** AAD length */
+	uint16_t aad_length;
+	/** MAC len in bytes */
+	uint8_t mac_len;
+	/** IV length in bytes */
+	uint8_t iv_length;
+	/** Auth IV length in bytes */
+	uint8_t auth_iv_length;
+};
+
+#endif /* __OTX2_CRYPTODEV_SEC_H__ */
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
new file mode 100644
index 0000000000..602b9d10e2
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -0,0 +1,119 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2020 Marvell International Ltd.
+ */
+
+#ifndef __OTX2_IPSEC_PO_H__
+#define __OTX2_IPSEC_PO_H__
+
+#include <rte_crypto_sym.h>
+#include <rte_ip.h>
+#include <rte_security.h>
+
+union bit_perfect_iv {
+	uint8_t aes_iv[16];
+	uint8_t des_iv[8];
+	struct {
+		uint8_t nonce[4];
+		uint8_t iv[8];
+		uint8_t counter[4];
+	} misc; /* For GCM/GMAC/CTR/CCM */
+};
+
+struct ip_selector {
+	uint8_t src_port[4];
+	uint8_t dest_port[4];
+	RTE_STD_C11
+	union {
+		struct {
+			uint8_t src_addr[8];
+			uint8_t dest_addr[8];
+		} ipv4;
+		struct {
+			uint8_t src_addr[32];
+			uint8_t dest_addr[32];
+		} ipv6;
+	};
+};
+
+struct otx2_ipsec_po_sa_ctl {
+	rte_be32_t spi          : 32;
+	uint64_t exp_proto_inter_frag : 8;
+	uint64_t rsvd_42_40   : 3;
+	uint64_t esn_en       : 1;
+	uint64_t rsvd_45_44   : 2;
+	uint64_t encap_type   : 2;
+	uint64_t enc_type     : 3;
+	uint64_t rsvd_48      : 1;
+	uint64_t auth_type    : 4;
+	uint64_t valid        : 1;
+	uint64_t direction    : 1;
+	uint64_t outer_ip_ver : 1;
+	uint64_t inner_ip_ver : 1;
+	uint64_t ipsec_mode   : 1;
+	uint64_t ipsec_proto  : 1;
+	uint64_t aes_key_len  : 2;
+};
+
+struct otx2_ipsec_po_in_sa {
+	/* w0 */
+	struct otx2_ipsec_po_sa_ctl ctl;
+
+	/* w1-w4 */
+	uint8_t cipher_key[32];
+
+	/* w5-w6 */
+	union bit_perfect_iv iv;
+
+	/* w7 */
+	uint32_t esn_hi;
+	uint32_t esn_low;
+
+	/* w8 */
+	uint8_t udp_encap[8];
+
+	/* w9-w23 */
+	RTE_STD_C11
+	struct {
+		uint8_t hmac_key[48];
+		struct ip_selector sel_checks;
+	} aes_gcm;
+};
+
+struct ip_template {
+	union {
+		RTE_STD_C11
+		uint8_t raw[252];
+		struct {
+			struct rte_ipv4_hdr hdr;
+			uint8_t unused[40];
+		} ipv4;
+
+		struct {
+			struct rte_ipv6_hdr hdr;
+			uint8_t unused[208];
+		} ipv6;
+	};
+};
+
+struct otx2_ipsec_po_out_sa {
+	/* w0 */
+	struct otx2_ipsec_po_sa_ctl ctl;
+
+	/* w1-w4 */
+	uint8_t cipher_key[32];
+
+	/* w5-w6 */
+	union bit_perfect_iv iv;
+
+	/* w7 */
+	uint32_t esn_hi;
+	uint32_t esn_low;
+
+	/* w8-w39 */
+	RTE_STD_C11
+	struct ip_template templt;
+	uint16_t udp_src;
+	uint16_t udp_dst;
+};
+
+#endif /* __OTX2_IPSEC_PO_H__ */
diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h
index 275d69b6a5..e76cd843c7 100644
--- a/drivers/crypto/octeontx2/otx2_security.h
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -5,11 +5,13 @@
 #ifndef __OTX2_SECURITY_H__
 #define __OTX2_SECURITY_H__
 
+#include "otx2_cryptodev_sec.h"
 #include "otx2_ethdev_sec.h"
 #include "otx2_ipsec_fp.h"
 
 union otx2_sec_session_ipsec {
 	struct otx2_sec_session_ipsec_ip ip;
+	struct otx2_sec_session_ipsec_lp lp;
 };
 
 struct otx2_sec_session {
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h
index 22025d0d0c..298b00bf89 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.h
@@ -8,6 +8,7 @@
 #include <rte_ethdev.h>
 
 #include "otx2_ipsec_fp.h"
+#include "otx2_ipsec_po.h"
 
 #define OTX2_CPT_RES_ALIGN		16
 #define OTX2_NIX_SEND_DESC_ALIGN	16
-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 3/8] crypto/octeontx2: add cryptodev sec registration
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 1/8] net/octeontx2: move otx2_sec_session struct to otx2_security.h Tejasree Kondoj
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions Tejasree Kondoj
@ 2020-06-23 12:12 ` Tejasree Kondoj
  2020-07-01 20:59   ` Akhil Goyal
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities Tejasree Kondoj
                   ` (5 subsequent siblings)
  8 siblings, 1 reply; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/Makefile             |  1 +
 drivers/crypto/octeontx2/meson.build          |  3 +-
 drivers/crypto/octeontx2/otx2_cryptodev.c     | 12 ++++-
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 46 +++++++++++++++++++
 drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  8 +++-
 5 files changed, 67 insertions(+), 3 deletions(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.c

diff --git a/drivers/crypto/octeontx2/Makefile b/drivers/crypto/octeontx2/Makefile
index 5f9a6a0e3f..14152c6117 100644
--- a/drivers/crypto/octeontx2/Makefile
+++ b/drivers/crypto/octeontx2/Makefile
@@ -38,6 +38,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_capabilities.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_hw_access.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_mbox.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_ops.c
+SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_sec.c
 
 # export include files
 SYMLINK-y-include +=
diff --git a/drivers/crypto/octeontx2/meson.build b/drivers/crypto/octeontx2/meson.build
index a28c700b9f..2bea53c47b 100644
--- a/drivers/crypto/octeontx2/meson.build
+++ b/drivers/crypto/octeontx2/meson.build
@@ -16,7 +16,8 @@ sources = files('otx2_cryptodev.c',
 		'otx2_cryptodev_capabilities.c',
 		'otx2_cryptodev_hw_access.c',
 		'otx2_cryptodev_mbox.c',
-		'otx2_cryptodev_ops.c')
+		'otx2_cryptodev_ops.c',
+		'otx2_cryptodev_sec.c')
 
 extra_flags = []
 # This integrated controller runs only on a arm64 machine, remove 32bit warnings
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c
index 77aa315dc0..f11773f107 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -17,6 +17,7 @@
 #include "otx2_cryptodev_capabilities.h"
 #include "otx2_cryptodev_mbox.h"
 #include "otx2_cryptodev_ops.h"
+#include "otx2_cryptodev_sec.h"
 #include "otx2_dev.h"
 
 /* CPT common headers */
@@ -103,6 +104,11 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
 		goto otx2_dev_fini;
 	}
 
+	/* Create security ctx */
+	ret = otx2_crypto_sec_ctx_create(dev);
+	if (ret < 0)
+		goto otx2_dev_fini;
+
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
 			     RTE_CRYPTODEV_FF_HW_ACCELERATED |
 			     RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
@@ -112,7 +118,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
 			     RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
 			     RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
 			     RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA |
-			     RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
+			     RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
+			     RTE_CRYPTODEV_FF_SECURITY;
 
 	return 0;
 
@@ -141,6 +148,9 @@ otx2_cpt_pci_remove(struct rte_pci_device *pci_dev)
 	if (dev == NULL)
 		return -ENODEV;
 
+	/* Destroy security ctx */
+	otx2_crypto_sec_ctx_destroy(dev);
+
 	return rte_cryptodev_pmd_destroy(dev);
 }
 
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
new file mode 100644
index 0000000000..d937e6f37a
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -0,0 +1,46 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#include <rte_cryptodev.h>
+#include <rte_malloc.h>
+#include <rte_security.h>
+#include <rte_security_driver.h>
+
+#include "otx2_cryptodev_sec.h"
+
+static struct rte_security_ops otx2_crypto_sec_ops = {
+	.session_create		= NULL,
+	.session_destroy	= NULL,
+	.session_get_size	= NULL,
+	.set_pkt_metadata	= NULL,
+	.get_userdata		= NULL,
+	.capabilities_get	= NULL
+};
+
+int
+otx2_crypto_sec_ctx_create(struct rte_cryptodev *cdev)
+{
+	struct rte_security_ctx *ctx;
+
+	ctx = rte_malloc("otx2_cpt_dev_sec_ctx",
+			 sizeof(struct rte_security_ctx), 0);
+
+	if (ctx == NULL)
+		return -ENOMEM;
+
+	/* Populate ctx */
+	ctx->device = cdev;
+	ctx->ops = &otx2_crypto_sec_ops;
+	ctx->sess_cnt = 0;
+
+	cdev->security_ctx = ctx;
+
+	return 0;
+}
+
+void
+otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *cdev)
+{
+	rte_free(cdev->security_ctx);
+}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
index af62207d07..209baf35f4 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
@@ -5,6 +5,8 @@
 #ifndef __OTX2_CRYPTODEV_SEC_H__
 #define __OTX2_CRYPTODEV_SEC_H__
 
+#include <rte_cryptodev.h>
+
 #include "otx2_ipsec_po.h"
 
 struct otx2_sec_session_ipsec_lp {
@@ -49,4 +51,8 @@ struct otx2_sec_session_ipsec_lp {
 	uint8_t auth_iv_length;
 };
 
-#endif /* __OTX2_CRYPTODEV_SEC_H__ */
+int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
+
+void otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *crypto_dev);
+
+#endif /* __OTX2_CRYPTODEEV_SEC_H__ */
-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
                   ` (2 preceding siblings ...)
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 3/8] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
@ 2020-06-23 12:12 ` Tejasree Kondoj
  2020-07-01 21:07   ` Akhil Goyal
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 5/8] crypto/octeontx2: add cryptodev sec misc callbacks Tejasree Kondoj
                   ` (4 subsequent siblings)
  8 siblings, 1 reply; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 .../octeontx2/otx2_cryptodev_capabilities.c   | 108 ++++++++++++++++++
 .../octeontx2/otx2_cryptodev_capabilities.h   |   3 +
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |   4 +-
 3 files changed, 114 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
index f6f4dee6cf..88bf1faef7 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
@@ -3,7 +3,9 @@
  */
 
 #include <rte_cryptodev.h>
+#include <rte_security.h>
 
+#include "otx2_cryptodev.h"
 #include "otx2_cryptodev_capabilities.h"
 #include "otx2_mbox.h"
 
@@ -26,9 +28,18 @@
 		cpt_caps_add(caps_##name, RTE_DIM(caps_##name));	\
 } while (0)
 
+#define SEC_CAPS_ADD(hw_caps, name) do {				\
+	enum otx2_cpt_egrp egrp;					\
+	CPT_EGRP_GET(hw_caps, name, &egrp);				\
+	if (egrp < OTX2_CPT_EGRP_MAX)					\
+		sec_caps_add(sec_caps_##name, RTE_DIM(sec_caps_##name));\
+} while (0)
+
 #define OTX2_CPT_MAX_CAPS 34
+#define OTX2_SEC_MAX_CAPS 4
 
 static struct rte_cryptodev_capabilities otx2_cpt_caps[OTX2_CPT_MAX_CAPS];
+static struct rte_cryptodev_capabilities otx2_cpt_sec_caps[OTX2_SEC_MAX_CAPS];
 
 static const struct rte_cryptodev_capabilities caps_mul[] = {
 	{	/* RSA */
@@ -725,6 +736,70 @@ static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
+static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
+	{	/* AES GCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.aad_size = {
+					.min = 8,
+					.max = 12,
+					.increment = 4
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+};
+
+static const struct rte_security_capability
+otx2_crypto_sec_capabilities[] = {
+	{	/* IPsec Lookaside Protocol ESP Tunnel Ingress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = otx2_cpt_sec_caps,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{	/* IPsec Lookaside Protocol ESP Tunnel Egress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = otx2_cpt_sec_caps,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{
+		.action = RTE_SECURITY_ACTION_TYPE_NONE
+	}
+};
+
 static void
 cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
 {
@@ -754,3 +829,36 @@ otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps)
 
 	return otx2_cpt_caps;
 }
+
+static void
+sec_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
+{
+	static int cur_pos;
+
+	if (cur_pos + nb_caps > OTX2_SEC_MAX_CAPS)
+		return;
+
+	memcpy(&otx2_cpt_sec_caps[cur_pos], caps, nb_caps * sizeof(caps[0]));
+	cur_pos += nb_caps;
+}
+
+static const struct rte_cryptodev_capabilities *
+otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps)
+{
+	SEC_CAPS_ADD(hw_caps, aes);
+
+	sec_caps_add(caps_end, RTE_DIM(caps_end));
+
+	return otx2_cpt_sec_caps;
+}
+
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device)
+{
+	struct rte_cryptodev *dev = (struct rte_cryptodev *)device;
+	struct otx2_cpt_vf *vf = dev->data->dev_private;
+
+	otx2_cpt_sec_caps_get(vf->hw_caps);
+
+	return otx2_crypto_sec_capabilities;
+}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
index e07a2a8c92..b1ae0d2e54 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
@@ -23,4 +23,7 @@ enum otx2_cpt_egrp {
 const struct rte_cryptodev_capabilities *
 otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps);
 
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device);
+
 #endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index d937e6f37a..906a87b9e5 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -7,6 +7,8 @@
 #include <rte_security.h>
 #include <rte_security_driver.h>
 
+#include "otx2_cryptodev.h"
+#include "otx2_cryptodev_capabilities.h"
 #include "otx2_cryptodev_sec.h"
 
 static struct rte_security_ops otx2_crypto_sec_ops = {
@@ -15,7 +17,7 @@ static struct rte_security_ops otx2_crypto_sec_ops = {
 	.session_get_size	= NULL,
 	.set_pkt_metadata	= NULL,
 	.get_userdata		= NULL,
-	.capabilities_get	= NULL
+	.capabilities_get	= otx2_crypto_sec_capabilities_get
 };
 
 int
-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 5/8] crypto/octeontx2: add cryptodev sec misc callbacks
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
                   ` (3 preceding siblings ...)
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities Tejasree Kondoj
@ 2020-06-23 12:12 ` Tejasree Kondoj
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 6/8] crypto/octeontx2: add cryptodev sec session create Tejasree Kondoj
                   ` (3 subsequent siblings)
  8 siblings, 0 replies; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, Tejasree Kondoj, dev

From: Vamsi Attunuru <vattunuru@marvell.com>

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 34 +++++++++++++++++--
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 906a87b9e5..6e14b37a68 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -10,13 +10,41 @@
 #include "otx2_cryptodev.h"
 #include "otx2_cryptodev_capabilities.h"
 #include "otx2_cryptodev_sec.h"
+#include "otx2_security.h"
+
+static unsigned int
+otx2_crypto_sec_session_get_size(void *device __rte_unused)
+{
+	return sizeof(struct otx2_sec_session);
+}
+
+static int
+otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused,
+			      struct rte_security_session *session,
+			      struct rte_mbuf *m, void *params __rte_unused)
+{
+	/* Set security session as the pkt metadata */
+	m->udata64 = (uint64_t)session;
+
+	return 0;
+}
+
+static int
+otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md,
+			     void **userdata)
+{
+	/* Retrieve userdata  */
+	*userdata = (void *)md;
+
+	return 0;
+}
 
 static struct rte_security_ops otx2_crypto_sec_ops = {
 	.session_create		= NULL,
 	.session_destroy	= NULL,
-	.session_get_size	= NULL,
-	.set_pkt_metadata	= NULL,
-	.get_userdata		= NULL,
+	.session_get_size	= otx2_crypto_sec_session_get_size,
+	.set_pkt_metadata	= otx2_crypto_sec_set_pkt_mdata,
+	.get_userdata		= otx2_crypto_sec_get_userdata,
 	.capabilities_get	= otx2_crypto_sec_capabilities_get
 };
 
-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 6/8] crypto/octeontx2: add cryptodev sec session create
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
                   ` (4 preceding siblings ...)
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 5/8] crypto/octeontx2: add cryptodev sec misc callbacks Tejasree Kondoj
@ 2020-06-23 12:12 ` Tejasree Kondoj
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 7/8] crypto/octeontx2: add cryptodev sec enqueue routine Tejasree Kondoj
                   ` (2 subsequent siblings)
  8 siblings, 0 replies; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, Tejasree Kondoj, dev

From: Vamsi Attunuru <vattunuru@marvell.com>

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 466 +++++++++++++++++-
 drivers/crypto/octeontx2/otx2_ipsec_po.h      | 295 +++++++++++
 drivers/crypto/octeontx2/otx2_security.h      |   9 +
 drivers/net/octeontx2/otx2_ethdev_sec.c       |   9 -
 4 files changed, 768 insertions(+), 11 deletions(-)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 6e14b37a68..0172bf6aae 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -3,15 +3,477 @@
  */
 
 #include <rte_cryptodev.h>
+#include <rte_esp.h>
+#include <rte_ethdev.h>
+#include <rte_eventdev.h>
+#include <rte_ip.h>
 #include <rte_malloc.h>
 #include <rte_security.h>
 #include <rte_security_driver.h>
+#include <rte_udp.h>
 
 #include "otx2_cryptodev.h"
 #include "otx2_cryptodev_capabilities.h"
+#include "otx2_cryptodev_hw_access.h"
+#include "otx2_cryptodev_ops.h"
 #include "otx2_cryptodev_sec.h"
 #include "otx2_security.h"
 
+static int
+ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec,
+		struct rte_crypto_sym_xform *xform,
+		struct otx2_sec_session_ipsec_lp *priv_lp)
+{
+	struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
+
+	priv_lp->partial_len += sizeof(struct rte_ipv4_hdr);
+
+	if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {
+		priv_lp->partial_len += sizeof(struct rte_esp_hdr);
+		priv_lp->roundup_len = sizeof(struct rte_esp_tail);
+	} else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) {
+		priv_lp->partial_len += AH_HDR_LEN;
+	} else {
+		return -EINVAL;
+	}
+
+	if (ipsec->options.udp_encap)
+		priv_lp->partial_len += sizeof(struct rte_udp_hdr);
+
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+			priv_lp->partial_len += AES_GCM_IV_LEN;
+			priv_lp->partial_len += AES_GCM_MAC_LEN;
+			priv_lp->roundup_byte = AES_GCM_ROUNDUP_BYTE_LEN;
+			return 0;
+		} else {
+			return -EINVAL;
+		}
+	}
+
+	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+		cipher_xform = xform;
+		auth_xform = xform->next;
+	} else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+		auth_xform = xform;
+		cipher_xform = xform->next;
+	} else {
+		return -EINVAL;
+	}
+
+	if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+		priv_lp->partial_len += AES_CBC_IV_LEN;
+		priv_lp->roundup_byte = AES_CBC_ROUNDUP_BYTE_LEN;
+	} else {
+		return -EINVAL;
+	}
+
+	if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
+		priv_lp->partial_len += SHA1_HMAC_LEN;
+	else
+		return -EINVAL;
+
+	return 0;
+}
+
+static int
+otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,
+		      struct otx2_cpt_qp *qptr, uint8_t opcode)
+{
+	uint64_t lmt_status, time_out;
+	void *lmtline = qptr->lmtline;
+	struct cpt_res_s_9s *res;
+	union cpt_inst_s inst;
+	cpt_vq_cmd_t uc_inst;
+	uint64_t *mdata;
+	int ret = 0;
+
+	if (unlikely(rte_mempool_get(qptr->meta_info.pool,
+				     (void **)&mdata) < 0))
+		return -ENOMEM;
+
+	res = (struct cpt_res_s_9s *)RTE_PTR_ALIGN(mdata, 16);
+	res->compcode = CPT_9X_COMP_E_NOTDONE;
+
+	uc_inst.cmd.s.opcode = opcode | (lp->ctx_len << 8);
+	uc_inst.cmd.s.param1 = 0;
+	uc_inst.cmd.s.param2 = 0;
+	uc_inst.cmd.s.dlen = lp->ctx_len << 3;
+	uc_inst.dptr = rte_mempool_virt2iova(lp);
+	uc_inst.rptr = 0;
+	uc_inst.cptr.s.cptr = rte_mempool_virt2iova(lp);
+	uc_inst.cptr.s.grp  = OTX2_CPT_EGRP_SE;
+
+	memset(&inst, 0, sizeof(union cpt_inst_s));
+	inst.s9x.res_addr = rte_mempool_virt2iova(res);
+
+	rte_memcpy(&inst.s9x.ei0, &uc_inst, sizeof(cpt_vq_cmd_t));
+	rte_cio_wmb();
+
+	do {
+		/* Copy CPT command to LMTLINE */
+		otx2_lmt_mov(lmtline, &inst, 2);
+		lmt_status = otx2_lmt_submit(qptr->lf_nq_reg);
+	} while (lmt_status == 0);
+
+	time_out = rte_get_timer_cycles() +
+			DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();
+
+	while (res->compcode == CPT_9X_COMP_E_NOTDONE) {
+		if (rte_get_timer_cycles() > time_out) {
+			rte_mempool_put(qptr->meta_info.pool, mdata);
+			otx2_err("Request timed out");
+			ret = -ETIMEDOUT;
+			goto exit;
+		}
+	    rte_cio_rmb();
+	}
+
+	if (likely(res->compcode == CPT_9X_COMP_E_GOOD)) {
+		if (unlikely(res->uc_compcode)) {
+			ret = res->uc_compcode;
+			otx2_err("Request failed with microcode error");
+			otx2_err("MC completion code 0x%x", res->uc_compcode);
+			ret = res->uc_compcode;
+			switch (res->uc_compcode) {
+			case OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED:
+				otx2_err("Auth type unsupported");
+				break;
+			case OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED:
+				otx2_err("Encrypt type unsupported");
+			}
+		}
+	} else {
+		otx2_err("HW completion code 0x%x", res->compcode);
+		ret = res->compcode;
+		switch (res->compcode) {
+		case CPT_9X_COMP_E_INSTERR:
+			otx2_err("Request failed with instruction error");
+			break;
+		case CPT_9X_COMP_E_FAULT:
+			otx2_err("Request failed with DMA fault");
+		}
+	}
+
+	rte_mempool_put(qptr->meta_info.pool, mdata);
+
+exit:
+	return ret;
+}
+
+static void
+set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess,
+			    struct rte_crypto_sym_xform *crypto_xform,
+			    struct rte_crypto_sym_xform *auth_xform,
+			    struct rte_crypto_sym_xform *cipher_xform)
+{
+	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		sess->iv_offset = crypto_xform->aead.iv.offset;
+		sess->iv_length = crypto_xform->aead.iv.length;
+		sess->aad_length = crypto_xform->aead.aad_length;
+		sess->mac_len = crypto_xform->aead.digest_length;
+	} else {
+		sess->iv_offset = cipher_xform->cipher.iv.offset;
+		sess->iv_length = cipher_xform->cipher.iv.length;
+		sess->auth_iv_offset = auth_xform->auth.iv.offset;
+		sess->auth_iv_length = auth_xform->auth.iv.length;
+		sess->mac_len = auth_xform->auth.digest_length;
+	}
+
+	sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV;
+	sess->ucmd_param2 = 0;
+}
+
+static int
+crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
+				     struct rte_security_ipsec_xform *ipsec,
+				     struct rte_crypto_sym_xform *crypto_xform,
+				     struct rte_security_session *sec_sess)
+{
+	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+	struct otx2_sec_session_ipsec_lp *sess;
+	struct otx2_ipsec_po_sa_ctl *ctl_wrd;
+	const uint8_t *cipher_key, *auth_key;
+	int cipher_key_len, auth_key_len;
+	struct otx2_ipsec_po_out_sa *sa;
+	struct otx2_sec_session *priv;
+	struct otx2_cpt_inst_s inst;
+	int ret;
+
+	priv = get_sec_session_private_data(sec_sess);
+	sess = &priv->ipsec.lp;
+
+	sa = &sess->out_sa;
+	ctl_wrd = &sa->ctl;
+	if (ctl_wrd->valid) {
+		otx2_err("SA already registered");
+		return -EINVAL;
+	}
+
+	memset(sa, 0, sizeof(struct otx2_ipsec_po_out_sa));
+
+	/* Initialize inline ipsec private data */
+	sess->ip_id = 0;
+	sess->seq_lo = 1;
+	sess->seq_hi = 0;
+	sess->partial_len = 0;
+	sess->roundup_len = 0;
+	sess->roundup_byte = 0;
+
+	ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl_wrd);
+	if (ret)
+		return ret;
+
+	ret = ipsec_lp_len_precalc(ipsec, crypto_xform, sess);
+	if (ret < 0)
+		return ret;
+
+	memcpy(sa->iv.misc.nonce, &ipsec->salt, 4);
+
+	if (ipsec->options.udp_encap == 1) {
+		sa->udp_src = 4500;
+		sa->udp_dst = 4500;
+	}
+
+	if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+		/* Start ip id from 1 */
+		sess->ip_id = 1;
+
+		if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+			struct rte_ipv4_hdr *ip = &sa->templt.ipv4.hdr;
+
+			ip->version_ihl = RTE_IPV4_VHL_DEF;
+			ip->next_proto_id = IPPROTO_ESP;
+			ip->time_to_live = ipsec->tunnel.ipv4.ttl;
+			ip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2);
+			if (ipsec->tunnel.ipv4.df)
+				ip->fragment_offset = BIT(14);
+			memcpy(&ip->src_addr, &ipsec->tunnel.ipv4.src_ip,
+				sizeof(struct in_addr));
+			memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip,
+				sizeof(struct in_addr));
+		} else {
+			return -EINVAL;
+		}
+	} else {
+		return -EINVAL;
+	}
+
+	cipher_xform = crypto_xform;
+	auth_xform = crypto_xform->next;
+
+	cipher_key_len = 0;
+	auth_key_len = 0;
+
+	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		cipher_key = crypto_xform->aead.key.data;
+		cipher_key_len = crypto_xform->aead.key.length;
+
+		sess->ctx_len = sizeof(struct otx2_ipsec_po_out_sa);
+		sess->ctx_len >>= 3;
+		RTE_ASSERT(sess->ctx_len == OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN);
+	} else {
+		cipher_key = cipher_xform->cipher.key.data;
+		cipher_key_len = cipher_xform->cipher.key.length;
+		auth_key = auth_xform->auth.key.data;
+		auth_key_len = auth_xform->auth.key.length;
+
+		/* TODO: check the ctx len for supporting ALGO */
+		sess->ctx_len = sizeof(struct otx2_ipsec_po_out_sa) >> 3;
+		RTE_ASSERT(sess->ctx_len == OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN);
+	}
+
+	if (cipher_key_len != 0)
+		memcpy(sa->cipher_key, cipher_key, cipher_key_len);
+	else
+		return -EINVAL;
+
+	/* Use OPAD & IPAD */
+	RTE_SET_USED(auth_key);
+	RTE_SET_USED(auth_key_len);
+
+	inst.u64[7] = 0;
+	inst.egrp = OTX2_CPT_EGRP_SE;
+	inst.cptr = rte_mempool_virt2iova(sa);
+
+	sess->ucmd_w3 = inst.u64[7];
+	sess->ucmd_opcode = (sess->ctx_len << 8) |
+				(OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB);
+
+	set_session_misc_attributes(sess, crypto_xform,
+				    auth_xform, cipher_xform);
+
+	return otx2_cpt_enq_sa_write(sess, crypto_dev->data->queue_pairs[0],
+				     OTX2_IPSEC_PO_WRITE_IPSEC_OUTB);
+}
+
+static int
+crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
+				    struct rte_security_ipsec_xform *ipsec,
+				    struct rte_crypto_sym_xform *crypto_xform,
+				    struct rte_security_session *sec_sess)
+{
+	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+	struct otx2_sec_session_ipsec_lp *sess;
+	struct otx2_ipsec_po_sa_ctl *ctl_wrd;
+	const uint8_t *cipher_key, *auth_key;
+	int cipher_key_len, auth_key_len;
+	struct otx2_ipsec_po_in_sa *sa;
+	struct otx2_sec_session *priv;
+	struct otx2_cpt_inst_s inst;
+	int ret;
+
+	priv = get_sec_session_private_data(sec_sess);
+	sess = &priv->ipsec.lp;
+
+	sa = &sess->in_sa;
+	ctl_wrd = &sa->ctl;
+
+	if (ctl_wrd->valid) {
+		otx2_err("SA already registered");
+		return -EINVAL;
+	}
+
+	memset(sa, 0, sizeof(struct otx2_ipsec_po_in_sa));
+
+	ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl_wrd);
+	if (ret)
+		return ret;
+
+	auth_xform = crypto_xform;
+	cipher_xform = crypto_xform->next;
+
+	cipher_key_len = 0;
+	auth_key_len = 0;
+
+	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
+			memcpy(sa->iv.misc.nonce, &ipsec->salt, 4);
+		cipher_key = crypto_xform->aead.key.data;
+		cipher_key_len = crypto_xform->aead.key.length;
+
+		sess->ctx_len = offsetof(struct otx2_ipsec_po_in_sa,
+					    aes_gcm.hmac_key[0]) >> 3;
+		RTE_ASSERT(sess->ctx_len == OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN);
+	} else {
+		cipher_key = cipher_xform->cipher.key.data;
+		cipher_key_len = cipher_xform->cipher.key.length;
+		auth_key = auth_xform->auth.key.data;
+		auth_key_len = auth_xform->auth.key.length;
+
+		/* TODO: check the ctx len for supporting ALGO */
+		sess->ctx_len = sizeof(struct otx2_ipsec_po_in_sa) >> 2;
+		RTE_ASSERT(sess->ctx_len == OTX2_IPSEC_PO_MAX_INB_CTX_LEN);
+	}
+
+	if (cipher_key_len != 0)
+		memcpy(sa->cipher_key, cipher_key, cipher_key_len);
+	else
+		return -EINVAL;
+
+	/* Use OPAD & IPAD */
+	RTE_SET_USED(auth_key);
+	RTE_SET_USED(auth_key_len);
+
+	inst.u64[7] = 0;
+	inst.egrp = OTX2_CPT_EGRP_SE;
+	inst.cptr = rte_mempool_virt2iova(sa);
+
+	sess->ucmd_w3 = inst.u64[7];
+	sess->ucmd_opcode = (sess->ctx_len << 8) |
+				(OTX2_IPSEC_PO_PROCESS_IPSEC_INB);
+
+	set_session_misc_attributes(sess, crypto_xform,
+				    auth_xform, cipher_xform);
+
+	return otx2_cpt_enq_sa_write(sess, crypto_dev->data->queue_pairs[0],
+				     OTX2_IPSEC_PO_WRITE_IPSEC_INB);
+}
+
+static int
+crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
+				struct rte_security_ipsec_xform *ipsec,
+				struct rte_crypto_sym_xform *crypto_xform,
+				struct rte_security_session *sess)
+{
+	int ret;
+
+	if (crypto_dev->data->queue_pairs[0] == NULL) {
+		otx2_err("Setup cpt queue pair before creating sec session");
+		return -EPERM;
+	}
+
+	ret = ipsec_po_xform_verify(ipsec, crypto_xform);
+	if (ret)
+		return ret;
+
+	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+		return crypto_sec_ipsec_inb_session_create(crypto_dev, ipsec,
+							   crypto_xform, sess);
+	else
+		return crypto_sec_ipsec_outb_session_create(crypto_dev, ipsec,
+							    crypto_xform, sess);
+}
+
+static int
+otx2_crypto_sec_session_create(void *device,
+			       struct rte_security_session_conf *conf,
+			       struct rte_security_session *sess,
+			       struct rte_mempool *mempool)
+{
+	struct otx2_sec_session *priv;
+	int ret;
+
+	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
+		return -ENOTSUP;
+
+	if (rte_mempool_get(mempool, (void **)&priv)) {
+		otx2_err("Could not allocate security session private data");
+		return -ENOMEM;
+	}
+
+	set_sec_session_private_data(sess, priv);
+
+	priv->userdata = conf->userdata;
+
+	if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
+		ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
+						      conf->crypto_xform,
+						      sess);
+	else
+		ret = -ENOTSUP;
+
+	if (ret)
+		goto mempool_put;
+
+	return 0;
+
+mempool_put:
+	rte_mempool_put(mempool, priv);
+	set_sec_session_private_data(sess, NULL);
+	return ret;
+}
+
+static int
+otx2_crypto_sec_session_destroy(void *device __rte_unused,
+				struct rte_security_session *sess)
+{
+	struct otx2_sec_session *priv;
+	struct rte_mempool *sess_mp;
+
+	priv = get_sec_session_private_data(sess);
+
+	if (priv == NULL)
+		return 0;
+
+	sess_mp = rte_mempool_from_obj(priv);
+
+	set_sec_session_private_data(sess, NULL);
+	rte_mempool_put(sess_mp, priv);
+
+	return 0;
+}
+
 static unsigned int
 otx2_crypto_sec_session_get_size(void *device __rte_unused)
 {
@@ -40,8 +502,8 @@ otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md,
 }
 
 static struct rte_security_ops otx2_crypto_sec_ops = {
-	.session_create		= NULL,
-	.session_destroy	= NULL,
+	.session_create		= otx2_crypto_sec_session_create,
+	.session_destroy	= otx2_crypto_sec_session_destroy,
 	.session_get_size	= otx2_crypto_sec_session_get_size,
 	.set_pkt_metadata	= otx2_crypto_sec_set_pkt_mdata,
 	.get_userdata		= otx2_crypto_sec_get_userdata,
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index 602b9d10e2..5d9f1393e2 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -9,6 +9,83 @@
 #include <rte_ip.h>
 #include <rte_security.h>
 
+#define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN    0x09
+#define OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN   0x28
+
+#define OTX2_IPSEC_PO_MAX_INB_CTX_LEN    0x22
+#define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN   0x38
+
+#define OTX2_IPSEC_PO_PER_PKT_IV  BIT(11)
+
+#define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB     0x20
+#define OTX2_IPSEC_PO_WRITE_IPSEC_INB      0x21
+#define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB   0x23
+#define OTX2_IPSEC_PO_PROCESS_IPSEC_INB    0x24
+
+enum otx2_ipsec_po_comp_e {
+	OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
+	OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
+	OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_DIRECTION_INBOUND = 0,
+	OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND = 1,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_IP_VERSION_4 = 0,
+	OTX2_IPSEC_PO_SA_IP_VERSION_6 = 1,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_MODE_TRANSPORT = 0,
+	OTX2_IPSEC_PO_SA_MODE_TUNNEL = 1,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_PROTOCOL_AH = 0,
+	OTX2_IPSEC_PO_SA_PROTOCOL_ESP = 1,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_AES_KEY_LEN_128 = 1,
+	OTX2_IPSEC_PO_SA_AES_KEY_LEN_192 = 2,
+	OTX2_IPSEC_PO_SA_AES_KEY_LEN_256 = 3,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_ENC_NULL = 0,
+	OTX2_IPSEC_PO_SA_ENC_DES_CBC = 1,
+	OTX2_IPSEC_PO_SA_ENC_3DES_CBC = 2,
+	OTX2_IPSEC_PO_SA_ENC_AES_CBC = 3,
+	OTX2_IPSEC_PO_SA_ENC_AES_CTR = 4,
+	OTX2_IPSEC_PO_SA_ENC_AES_GCM = 5,
+	OTX2_IPSEC_PO_SA_ENC_AES_CCM = 6,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_AUTH_NULL = 0,
+	OTX2_IPSEC_PO_SA_AUTH_MD5 = 1,
+	OTX2_IPSEC_PO_SA_AUTH_SHA1 = 2,
+	OTX2_IPSEC_PO_SA_AUTH_SHA2_224 = 3,
+	OTX2_IPSEC_PO_SA_AUTH_SHA2_256 = 4,
+	OTX2_IPSEC_PO_SA_AUTH_SHA2_384 = 5,
+	OTX2_IPSEC_PO_SA_AUTH_SHA2_512 = 6,
+	OTX2_IPSEC_PO_SA_AUTH_AES_GMAC = 7,
+	OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128 = 8,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_FRAG_POST = 0,
+	OTX2_IPSEC_PO_SA_FRAG_PRE = 1,
+};
+
+enum {
+	OTX2_IPSEC_PO_SA_ENCAP_NONE = 0,
+	OTX2_IPSEC_PO_SA_ENCAP_UDP = 1,
+};
+
 union bit_perfect_iv {
 	uint8_t aes_iv[16];
 	uint8_t des_iv[8];
@@ -116,4 +193,222 @@ struct otx2_ipsec_po_out_sa {
 	uint16_t udp_dst;
 };
 
+static inline int
+ipsec_po_xform_cipher_verify(struct rte_crypto_sym_xform *xform)
+{
+	if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+		switch (xform->cipher.key.length) {
+		case 16:
+		case 24:
+		case 32:
+			break;
+		default:
+			return -ENOTSUP;
+		}
+		return 0;
+	}
+
+	return -ENOTSUP;
+}
+
+static inline int
+ipsec_po_xform_auth_verify(struct rte_crypto_sym_xform *xform)
+{
+	uint16_t keylen = xform->auth.key.length;
+
+	if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
+		if (keylen >= 20 && keylen <= 64)
+			return 0;
+	}
+
+	return -ENOTSUP;
+}
+
+static inline int
+ipsec_po_xform_aead_verify(struct rte_security_ipsec_xform *ipsec,
+			   struct rte_crypto_sym_xform *xform)
+{
+	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+	    xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)
+		return -EINVAL;
+
+	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
+	    xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)
+		return -EINVAL;
+
+	if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		switch (xform->aead.key.length) {
+		case 16:
+		case 24:
+		case 32:
+			break;
+		default:
+			return -EINVAL;
+		}
+		return 0;
+	}
+
+	return -ENOTSUP;
+}
+
+static inline int
+ipsec_po_xform_verify(struct rte_security_ipsec_xform *ipsec,
+		      struct rte_crypto_sym_xform *xform)
+{
+	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+	int ret;
+
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+		return ipsec_po_xform_aead_verify(ipsec, xform);
+
+	if (xform->next == NULL)
+		return -EINVAL;
+
+	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+		/* Ingress */
+		if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH ||
+		    xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+			return -EINVAL;
+		auth_xform = xform;
+		cipher_xform = xform->next;
+	} else {
+		/* Egress */
+		if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||
+		    xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)
+			return -EINVAL;
+		cipher_xform = xform;
+		auth_xform = xform->next;
+	}
+
+	ret = ipsec_po_xform_cipher_verify(cipher_xform);
+	if (ret)
+		return ret;
+
+	ret = ipsec_po_xform_auth_verify(auth_xform);
+	if (ret)
+		return ret;
+
+	return 0;
+}
+
+static inline int
+ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
+		    struct rte_crypto_sym_xform *xform,
+		    struct otx2_ipsec_po_sa_ctl *ctl)
+{
+	struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
+	int aes_key_len;
+
+	if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+		ctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND;
+		cipher_xform = xform;
+		auth_xform = xform->next;
+	} else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+		ctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_INBOUND;
+		auth_xform = xform;
+		cipher_xform = xform->next;
+	} else {
+		return -EINVAL;
+	}
+
+	if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+		if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)
+			ctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;
+		else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6)
+			ctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_6;
+		else
+			return -EINVAL;
+	}
+
+	ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;
+
+	if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
+		ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT;
+	else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
+		ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TUNNEL;
+	else
+		return -EINVAL;
+
+	if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH)
+		ctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_AH;
+	else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP)
+		ctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_ESP;
+	else
+		return -EINVAL;
+
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+			ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_GCM;
+			aes_key_len = xform->aead.key.length;
+		} else {
+			return -ENOTSUP;
+		}
+	} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+		ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CCM;
+		aes_key_len = xform->cipher.key.length;
+	} else {
+		return -ENOTSUP;
+	}
+
+
+	switch (aes_key_len) {
+	case 16:
+		ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_128;
+		break;
+	case 24:
+		ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_192;
+		break;
+	case 32:
+		ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_256;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	if (xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
+		switch (auth_xform->auth.algo) {
+		case RTE_CRYPTO_AUTH_NULL:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_NULL;
+			break;
+		case RTE_CRYPTO_AUTH_MD5_HMAC:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_MD5;
+			break;
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA1;
+			break;
+		case RTE_CRYPTO_AUTH_SHA224_HMAC:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_224;
+			break;
+		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_256;
+			break;
+		case RTE_CRYPTO_AUTH_SHA384_HMAC:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_384;
+			break;
+		case RTE_CRYPTO_AUTH_SHA512_HMAC:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_512;
+			break;
+		case RTE_CRYPTO_AUTH_AES_GMAC:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_GMAC;
+			break;
+		case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+			ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128;
+			break;
+		default:
+			return -ENOTSUP;
+		}
+	}
+
+	if (ipsec->options.esn == 1)
+		ctl->esn_en = 1;
+
+	if (ipsec->options.udp_encap == 1)
+		ctl->encap_type = OTX2_IPSEC_PO_SA_ENCAP_UDP;
+
+	ctl->spi = rte_cpu_to_be_32(ipsec->spi);
+	ctl->valid = 1;
+
+	return 0;
+}
+
 #endif /* __OTX2_IPSEC_PO_H__ */
diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h
index e76cd843c7..da7b33ab0d 100644
--- a/drivers/crypto/octeontx2/otx2_security.h
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -9,6 +9,15 @@
 #include "otx2_ethdev_sec.h"
 #include "otx2_ipsec_fp.h"
 
+#define AH_HDR_LEN	12
+#define AES_GCM_IV_LEN	8
+#define AES_GCM_MAC_LEN	16
+#define AES_CBC_IV_LEN	16
+#define SHA1_HMAC_LEN	12
+
+#define AES_GCM_ROUNDUP_BYTE_LEN	4
+#define AES_CBC_ROUNDUP_BYTE_LEN	16
+
 union otx2_sec_session_ipsec {
 	struct otx2_sec_session_ipsec_ip ip;
 	struct otx2_sec_session_ipsec_lp lp;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index c2ad32cf0c..daff86cd5c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -21,15 +21,6 @@
 #include "otx2_sec_idev.h"
 #include "otx2_security.h"
 
-#define AH_HDR_LEN	12
-#define AES_GCM_IV_LEN	8
-#define AES_GCM_MAC_LEN	16
-#define AES_CBC_IV_LEN	16
-#define SHA1_HMAC_LEN	12
-
-#define AES_GCM_ROUNDUP_BYTE_LEN	4
-#define AES_CBC_ROUNDUP_BYTE_LEN	16
-
 struct eth_sec_tag_const {
 	RTE_STD_C11
 	union {
-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 7/8] crypto/octeontx2: add cryptodev sec enqueue routine
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
                   ` (5 preceding siblings ...)
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 6/8] crypto/octeontx2: add cryptodev sec session create Tejasree Kondoj
@ 2020-06-23 12:12 ` Tejasree Kondoj
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 8/8] crypto/octeontx2: add cryptodev sec dequeue routine Tejasree Kondoj
  2020-07-01 20:54 ` [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Akhil Goyal
  8 siblings, 0 replies; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, Tejasree Kondoj, dev

From: Vamsi Attunuru <vattunuru@marvell.com>

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev.h     |   8 +
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  36 +++-
 drivers/crypto/octeontx2/otx2_ipsec_po.h      |   6 +
 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h  | 179 ++++++++++++++++++
 4 files changed, 228 insertions(+), 1 deletion(-)
 create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.h b/drivers/crypto/octeontx2/otx2_cryptodev.h
index e7a1730b22..f329741b38 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.h
@@ -6,6 +6,7 @@
 #define _OTX2_CRYPTODEV_H_
 
 #include "cpt_common.h"
+#include "cpt_hw_types.h"
 
 #include "otx2_dev.h"
 
@@ -33,6 +34,13 @@ struct otx2_cpt_vf {
 	/**< CPT device capabilities */
 };
 
+struct cpt_meta_info {
+	uint64_t deq_op_info[4];
+	uint64_t comp_code_sz;
+	union cpt_res_s cpt_res __rte_aligned(16);
+	struct cpt_request_info cpt_req __rte_aligned(8);
+};
+
 #define CPT_LOGTYPE otx2_cpt_logtype
 
 extern int otx2_cpt_logtype;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 08254062e9..d796488def 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -13,8 +13,10 @@
 #include "otx2_cryptodev_hw_access.h"
 #include "otx2_cryptodev_mbox.h"
 #include "otx2_cryptodev_ops.h"
+#include "otx2_ipsec_po_ops.h"
 #include "otx2_mbox.h"
 #include "otx2_sec_idev.h"
+#include "otx2_security.h"
 
 #include "cpt_hw_types.h"
 #include "cpt_pmd_logs.h"
@@ -603,6 +605,36 @@ otx2_cpt_enqueue_sym(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 	return ret;
 }
 
+static __rte_always_inline int __rte_hot
+otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
+		     struct pending_queue *pend_q)
+{
+	struct otx2_sec_session_ipsec_lp *sess;
+	struct otx2_ipsec_po_sa_ctl *ctl_wrd;
+	struct otx2_sec_session *priv;
+	struct cpt_request_info *req;
+	int ret;
+
+	priv = get_sec_session_private_data(op->sym->sec_session);
+	sess = &priv->ipsec.lp;
+
+	ctl_wrd = &sess->in_sa.ctl;
+
+	if (ctl_wrd->direction == OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND)
+		ret = process_outb_sa(op, sess, &qp->meta_info, (void **)&req);
+	else
+		ret = process_inb_sa(op, sess, &qp->meta_info, (void **)&req);
+
+	if (unlikely(ret)) {
+		otx2_err("Crypto req : op %p, ret 0x%x", op, ret);
+		return ret;
+	}
+
+	ret = otx2_cpt_enqueue_req(qp, pend_q, req);
+
+	return ret;
+}
+
 static __rte_always_inline int __rte_hot
 otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
 			      struct pending_queue *pend_q)
@@ -656,7 +688,9 @@ otx2_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
 	for (count = 0; count < nb_ops; count++) {
 		op = ops[count];
 		if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
-			if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+			if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
+				ret = otx2_cpt_enqueue_sec(qp, op, pend_q);
+			else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
 				ret = otx2_cpt_enqueue_sym(qp, op, pend_q);
 			else
 				ret = otx2_cpt_enqueue_sym_sessless(qp, op,
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index 5d9f1393e2..d127f310b7 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -86,6 +86,12 @@ enum {
 	OTX2_IPSEC_PO_SA_ENCAP_UDP = 1,
 };
 
+struct otx2_ipsec_po_out_hdr {
+	uint32_t ip_id;
+	uint32_t seq;
+	uint8_t iv[16];
+};
+
 union bit_perfect_iv {
 	uint8_t aes_iv[16];
 	uint8_t des_iv[8];
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
new file mode 100644
index 0000000000..1bfcbbe75b
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
@@ -0,0 +1,179 @@
+
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2019 Marvell International Ltd.
+ */
+
+#ifndef __OTX2_IPSEC_PO_OPS_H__
+#define __OTX2_IPSEC_PO_OPS_H__
+
+#include <rte_crypto_sym.h>
+#include <rte_security.h>
+
+#include "otx2_cryptodev.h"
+#include "otx2_security.h"
+
+static __rte_always_inline int32_t
+otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess,
+			   uint32_t plen)
+{
+	uint32_t enc_payload_len;
+
+	enc_payload_len = RTE_ALIGN_CEIL(plen + sess->roundup_len,
+			sess->roundup_byte);
+
+	return sess->partial_len + enc_payload_len;
+}
+
+static __rte_always_inline struct cpt_request_info *
+alloc_request_struct(char *maddr, void *cop, int mdata_len)
+{
+	struct cpt_request_info *req;
+	struct cpt_meta_info *meta;
+	uint8_t *resp_addr;
+	uintptr_t *op;
+
+	meta = (void *)RTE_PTR_ALIGN((uint8_t *)maddr, 16);
+
+	op = meta->deq_op_info;
+	req = &meta->cpt_req;
+	resp_addr = (uint8_t *)&meta->cpt_res;
+
+	req->completion_addr = (uint64_t *)((uint8_t *)resp_addr);
+	*req->completion_addr = COMPLETION_CODE_INIT;
+	req->comp_baddr = rte_mem_virt2iova(resp_addr);
+	req->op = op;
+
+	op[0] = (uintptr_t)((uint64_t)meta | 1ull);
+	op[1] = (uintptr_t)cop;
+	op[2] = (uintptr_t)req;
+	op[3] = mdata_len;
+
+	return req;
+}
+
+static __rte_always_inline int
+process_outb_sa(struct rte_crypto_op *cop,
+	       struct otx2_sec_session_ipsec_lp *sess,
+	       struct cpt_qp_meta_info *m_info, void **prep_req)
+{
+	uint32_t dlen, rlen, extend_head, extend_tail;
+	struct rte_crypto_sym_op *sym_op = cop->sym;
+	struct rte_mbuf *m_src = sym_op->m_src;
+	struct otx2_ipsec_po_sa_ctl *ctl_wrd;
+	struct cpt_request_info *req = NULL;
+	struct otx2_ipsec_po_out_hdr *hdr;
+	struct otx2_ipsec_po_out_sa *sa;
+	int hdr_len, mdata_len, ret = 0;
+	vq_cmd_word0_t word0;
+	char *mdata, *data;
+
+	sa = &sess->out_sa;
+	ctl_wrd = &sa->ctl;
+	hdr_len = sizeof(*hdr);
+
+	dlen = rte_pktmbuf_pkt_len(m_src) + hdr_len;
+	rlen = otx2_ipsec_po_out_rlen_get(sess, dlen - hdr_len);
+
+	extend_head = hdr_len + RTE_ETHER_HDR_LEN;
+	extend_tail = rlen - dlen;
+	mdata_len = m_info->lb_mlen + 8;
+
+	mdata = rte_pktmbuf_append(m_src, extend_tail + mdata_len);
+	if (unlikely(mdata == NULL)) {
+		otx2_err("Not enough tail room\n");
+		ret = -ENOMEM;
+		goto exit;
+	}
+
+	mdata += extend_tail; /* mdata follows encrypted data */
+	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
+
+	data = rte_pktmbuf_prepend(m_src, extend_head);
+	if (unlikely(data == NULL)) {
+		otx2_err("Not enough head room\n");
+		ret = -ENOMEM;
+		goto exit;
+	}
+
+	/*
+	 * Move the Ethernet header, to insert otx2_ipsec_po_out_hdr prior
+	 * to the IP header
+	 */
+	memcpy(data, data + hdr_len, RTE_ETHER_HDR_LEN);
+
+	hdr = (struct otx2_ipsec_po_out_hdr *)rte_pktmbuf_adj(m_src,
+							RTE_ETHER_HDR_LEN);
+
+	if (ctl_wrd->enc_type == OTX2_IPSEC_FP_SA_ENC_AES_GCM) {
+		memcpy(&hdr->iv[0], &sa->iv.misc.nonce, 4);
+		memcpy(&hdr->iv[4], rte_crypto_op_ctod_offset(cop, uint8_t *,
+			sess->iv_offset), sess->iv_length);
+	} else if (ctl_wrd->auth_type == OTX2_IPSEC_FP_SA_ENC_AES_CBC) {
+		memcpy(&hdr->iv[0], rte_crypto_op_ctod_offset(cop, uint8_t *,
+			sess->iv_offset), sess->iv_length);
+	}
+
+	/* Prepare CPT instruction */
+	word0.s.opcode = sess->ucmd_opcode;
+	word0.s.param1 = sess->ucmd_param1;
+	word0.s.param2 = sess->ucmd_param2;
+	word0.s.dlen   = dlen;
+
+	req->ist.ei0 = word0.u64;
+	req->ist.ei1 = rte_pktmbuf_iova(m_src);
+	req->ist.ei2 = req->ist.ei1;
+	req->ist.ei3 = sess->ucmd_w3;
+
+	hdr->seq = rte_cpu_to_be_32(sess->seq_lo);
+	hdr->ip_id = rte_cpu_to_be_32(sess->ip_id);
+
+	sess->ip_id++;
+	sess->esn++;
+
+exit:
+	*prep_req = req;
+
+	return ret;
+}
+
+static __rte_always_inline int
+process_inb_sa(struct rte_crypto_op *cop,
+	      struct otx2_sec_session_ipsec_lp *sess,
+	      struct cpt_qp_meta_info *m_info, void **prep_req)
+{
+	struct rte_crypto_sym_op *sym_op = cop->sym;
+	struct rte_mbuf *m_src = sym_op->m_src;
+	struct cpt_request_info *req = NULL;
+	int mdata_len, ret = 0;
+	vq_cmd_word0_t word0;
+	uint32_t dlen;
+	char *mdata;
+
+	dlen = rte_pktmbuf_pkt_len(m_src);
+	mdata_len = m_info->lb_mlen + 8;
+
+	mdata = rte_pktmbuf_append(m_src, mdata_len);
+	if (unlikely(mdata == NULL)) {
+		otx2_err("Not enough tail room\n");
+		ret = -ENOMEM;
+		goto exit;
+	}
+
+	req = alloc_request_struct(mdata, (void *)cop, mdata_len);
+
+	/* Prepare CPT instruction */
+	word0.s.opcode = sess->ucmd_opcode;
+	word0.s.param1 = sess->ucmd_param1;
+	word0.s.param2 = sess->ucmd_param2;
+	word0.s.dlen   = dlen;
+
+	req->ist.ei0 = word0.u64;
+	req->ist.ei1 = rte_pktmbuf_iova(m_src);
+	req->ist.ei2 = req->ist.ei1;
+	req->ist.ei3 = sess->ucmd_w3;
+
+exit:
+	*prep_req = req;
+	return ret;
+}
+#endif /* __OTX2_IPSEC_PO_OPS_H__ */
-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 8/8] crypto/octeontx2: add cryptodev sec dequeue routine
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
                   ` (6 preceding siblings ...)
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 7/8] crypto/octeontx2: add cryptodev sec enqueue routine Tejasree Kondoj
@ 2020-06-23 12:12 ` Tejasree Kondoj
  2020-07-01 20:54 ` [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Akhil Goyal
  8 siblings, 0 replies; 21+ messages in thread
From: Tejasree Kondoj @ 2020-06-23 12:12 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, Tejasree Kondoj, dev

From: Vamsi Attunuru <vattunuru@marvell.com>

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37 +++++++++++++++++++
 drivers/crypto/octeontx2/otx2_ipsec_po.h      | 30 +++++++++++++++
 2 files changed, 67 insertions(+)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index d796488def..43bb9a5fdf 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -832,11 +832,48 @@ otx2_cpt_asym_post_process(struct rte_crypto_op *cop,
 	}
 }
 
+static void
+otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
+{
+	struct cpt_request_info *req = (struct cpt_request_info *)rsp[2];
+	vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
+	struct rte_crypto_sym_op *sym_op = cop->sym;
+	struct rte_mbuf *m = sym_op->m_src;
+	struct rte_ipv4_hdr *ip;
+	uint16_t m_len;
+	int mdata_len;
+	char *data;
+
+	mdata_len = (int)rsp[3];
+	rte_pktmbuf_trim(m, mdata_len);
+
+	if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
+		data = rte_pktmbuf_mtod(m, char *);
+		ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR);
+
+		m_len = rte_be_to_cpu_16(ip->total_length);
+
+		m->data_len = m_len;
+		m->pkt_len = m_len;
+		m->data_off += OTX2_IPSEC_PO_INB_RPTR_HDR;
+	}
+}
+
 static inline void
 otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop,
 			      uintptr_t *rsp, uint8_t cc)
 {
 	if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+		if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+			if (likely(cc == OTX2_IPSEC_PO_CC_SUCCESS)) {
+				otx2_cpt_sec_post_process(cop, rsp);
+				cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+			} else
+				cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+			return;
+		}
+
 		if (likely(cc == NO_ERR)) {
 			/* Verify authentication data if required */
 			if (unlikely(rsp[2]))
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index d127f310b7..f74ae2e598 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -22,10 +22,40 @@
 #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB   0x23
 #define OTX2_IPSEC_PO_PROCESS_IPSEC_INB    0x24
 
+#define OTX2_IPSEC_PO_INB_RPTR_HDR         0x8
+
 enum otx2_ipsec_po_comp_e {
 	OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
 	OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
 	OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
+	OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2,
+	OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3,
+	OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4,
+	OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5,
+	OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6,
+	OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7,
+	OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8,
+	OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9,
+	OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA,
+	OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB,
+	OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC,
+	OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD,
+	OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE,
+	OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF,
+	OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0,
+	OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1,
+	OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2,
+	OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3,
+	OTX2_IPSEC_PO_CC_PADDING = 0xC4,
+	OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5,
+	OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6,
+	OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7,
+	OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8,
+	OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9,
+	OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA,
+	OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB,
+	OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC,
+	OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE,
 };
 
 enum {
-- 
2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions Tejasree Kondoj
@ 2020-07-01 20:46   ` Akhil Goyal
  2020-07-02  9:29     ` Anoob Joseph
  0 siblings, 1 reply; 21+ messages in thread
From: Akhil Goyal @ 2020-07-01 20:46 UTC (permalink / raw)
  To: Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev


> Subject: [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions
> 
> Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
Please add appropriate description in all the patches. 

>  drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  52 ++++++++
>  drivers/crypto/octeontx2/otx2_ipsec_po.h      | 119 ++++++++++++++++++
>  drivers/crypto/octeontx2/otx2_security.h      |   2 +
>  drivers/net/octeontx2/otx2_ethdev_sec.h       |   1 +
>  4 files changed, 174 insertions(+)
>  create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.h
>  create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po.h
> 
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> new file mode 100644
> index 0000000000..af62207d07
> --- /dev/null
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> @@ -0,0 +1,52 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright (C) 2020 Marvell International Ltd.
> + */
> +
> +#ifndef __OTX2_CRYPTODEV_SEC_H__
> +#define __OTX2_CRYPTODEV_SEC_H__
> +
> +#include "otx2_ipsec_po.h"
Why is it named like this? What is 'po' ?


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support
  2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
                   ` (7 preceding siblings ...)
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 8/8] crypto/octeontx2: add cryptodev sec dequeue routine Tejasree Kondoj
@ 2020-07-01 20:54 ` Akhil Goyal
  2020-07-02 10:23   ` Tejasree Kondoj
  8 siblings, 1 reply; 21+ messages in thread
From: Akhil Goyal @ 2020-07-01 20:54 UTC (permalink / raw)
  To: Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev

Hi Tejasree,

> Subject: [PATCH 0/8] add OCTEON TX2 lookaside IPsec support
> 
> This series adds lookaside IPsec support in OCTEON TX2 PMD.
> 
> Features supported:
> * IPv4
> * ESP
> * Tunnel mode
> * AES-128/192/256-GCM
> 
> This series is on top of
> http://patches.dpdk.org/patch/71638/
> 

I believe this may need update in the documentation of the PMD.
features/octeontx2.ini should also be updated.
Also a release note entry should be added as this is a new feature added.

Is there any test case addition in the test or test-crypto-perf? Or is it only
Tested via ipsec-secgw?

Regards,
Akhil

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 3/8] crypto/octeontx2: add cryptodev sec registration
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 3/8] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
@ 2020-07-01 20:59   ` Akhil Goyal
  2020-07-02 10:26     ` Tejasree Kondoj
  0 siblings, 1 reply; 21+ messages in thread
From: Akhil Goyal @ 2020-07-01 20:59 UTC (permalink / raw)
  To: Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev


> 
> Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---

Patch description?

> -#endif /* __OTX2_CRYPTODEV_SEC_H__ */
> +int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
> +
> +void otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *crypto_dev);
> +
> +#endif /* __OTX2_CRYPTODEEV_SEC_H__ */
Unnecessary and wrong change.

> --
> 2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities
  2020-06-23 12:12 ` [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities Tejasree Kondoj
@ 2020-07-01 21:07   ` Akhil Goyal
  2020-07-02 10:32     ` Tejasree Kondoj
  0 siblings, 1 reply; 21+ messages in thread
From: Akhil Goyal @ 2020-07-01 21:07 UTC (permalink / raw)
  To: Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev

> +static const struct rte_cryptodev_capabilities *
> +otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps)
> +{
> +	SEC_CAPS_ADD(hw_caps, aes);
> +
> +	sec_caps_add(caps_end, RTE_DIM(caps_end));
> +
> +	return otx2_cpt_sec_caps;
> +}
SEC_CAPS_ADD should be called earlier when the security context is created
Or where all other capabilities of the PMD are initialized.
It should not be added when capabilities need to be retrieved.
As of now you are supporting only AES-GCM, but in future if you add more algos,
Then it would be difficult to manage.


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions
  2020-07-01 20:46   ` Akhil Goyal
@ 2020-07-02  9:29     ` Anoob Joseph
  2020-07-02  9:38       ` Akhil Goyal
  0 siblings, 1 reply; 21+ messages in thread
From: Anoob Joseph @ 2020-07-02  9:29 UTC (permalink / raw)
  To: Akhil Goyal, Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad Raju Athreya, Vamsi Krishna Attunuru, dev

Hi Akhil,

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Thursday, July 2, 2020 2:17 AM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; Vamsi Krishna Attunuru <vattunuru@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] RE: [PATCH 2/8] crypto/octeontx2: add lookaside SA context
> definitions
> 
> External Email
> 
> ----------------------------------------------------------------------
> 
> > Subject: [PATCH 2/8] crypto/octeontx2: add lookaside SA context
> definitions
> >
> > Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
> Please add appropriate description in all the patches.
> 
> >  drivers/crypto/octeontx2/otx2_cryptodev_sec.h |  52 ++++++++
> >  drivers/crypto/octeontx2/otx2_ipsec_po.h      | 119
> ++++++++++++++++++
> >  drivers/crypto/octeontx2/otx2_security.h      |   2 +
> >  drivers/net/octeontx2/otx2_ethdev_sec.h       |   1 +
> >  4 files changed, 174 insertions(+)
> >  create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> >  create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po.h
> >
> > diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> > b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> > new file mode 100644
> > index 0000000000..af62207d07
> > --- /dev/null
> > +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
> > @@ -0,0 +1,52 @@
> > +/* SPDX-License-Identifier: BSD-3-Clause
> > + * Copyright (C) 2020 Marvell International Ltd.
> > + */
> > +
> > +#ifndef __OTX2_CRYPTODEV_SEC_H__
> > +#define __OTX2_CRYPTODEV_SEC_H__
> > +
> > +#include "otx2_ipsec_po.h"
> Why is it named like this? What is 'po' ?

[Anoob] OCTEON TX2 firmware supports two opcodes. One specific for inline and one for lookaside. The one for inline is FP and the one for lookaside is PO (Protocol Offload).
 



^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions
  2020-07-02  9:29     ` Anoob Joseph
@ 2020-07-02  9:38       ` Akhil Goyal
  2020-07-02 10:00         ` Anoob Joseph
  0 siblings, 1 reply; 21+ messages in thread
From: Akhil Goyal @ 2020-07-02  9:38 UTC (permalink / raw)
  To: Anoob Joseph, Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad Raju Athreya, Vamsi Krishna Attunuru, dev

> > > +#include "otx2_ipsec_po.h"
> > Why is it named like this? What is 'po' ?
> 
> [Anoob] OCTEON TX2 firmware supports two opcodes. One specific for inline
> and one for lookaside. The one for inline is FP and the one for lookaside is PO
> (Protocol Offload).
> 
Isn't it better to write "inline" in place of "fp" and "offload" in place of "po"?

Fp and po looks very cryptic.


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions
  2020-07-02  9:38       ` Akhil Goyal
@ 2020-07-02 10:00         ` Anoob Joseph
  2020-07-02 10:40           ` Akhil Goyal
  0 siblings, 1 reply; 21+ messages in thread
From: Anoob Joseph @ 2020-07-02 10:00 UTC (permalink / raw)
  To: Akhil Goyal, Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad Raju Athreya, Vamsi Krishna Attunuru, dev

Hi Akhil,

> 
> ----------------------------------------------------------------------
> > > > +#include "otx2_ipsec_po.h"
> > > Why is it named like this? What is 'po' ?
> >
> > [Anoob] OCTEON TX2 firmware supports two opcodes. One specific for
> > inline and one for lookaside. The one for inline is FP and the one for
> > lookaside is PO (Protocol Offload).
> >
> Isn't it better to write "inline" in place of "fp" and "offload" in place of "po"?
> 
> Fp and po looks very cryptic.

[Anoob] Yes. But since it is firmware specific, these need to be added for all structures etc. And these opcodes can be used interchangeably as well (as in PO opcode can be used for inline and FP opcodes can be used for lookaside, but both with certain limitations). Hence we have tried to separate it out this way. Larger names would mean longer function names and structure names etc. We tried few other names as well, but then it was conflicting with other opcodes. I do agree that it is slightly cryptic, but we have tried to use the names consistently to avoid confusions. 

Thanks,
Anoob 

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support
  2020-07-01 20:54 ` [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Akhil Goyal
@ 2020-07-02 10:23   ` Tejasree Kondoj
  0 siblings, 0 replies; 21+ messages in thread
From: Tejasree Kondoj @ 2020-07-02 10:23 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Narayana Prasad Raju Athreya, Anoob Joseph, Vamsi Krishna Attunuru, dev

Hi Akhil,

Please see inline

Thanks,
Tejasree

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Thursday, July 2, 2020 2:24 AM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; Vamsi Krishna Attunuru <vattunuru@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] RE: [PATCH 0/8] add OCTEON TX2 lookaside IPsec support
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Tejasree,
> 
> > Subject: [PATCH 0/8] add OCTEON TX2 lookaside IPsec support
> >
> > This series adds lookaside IPsec support in OCTEON TX2 PMD.
> >
> > Features supported:
> > * IPv4
> > * ESP
> > * Tunnel mode
> > * AES-128/192/256-GCM
> >
> > This series is on top of
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__patches.dpdk.org_p
> >
> atch_71638_&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=NjpqGUAf6Xc0ZLz
> xCvv4id
> > f8zRFeSJHioNlG1Wif1Gs&m=J9K0I-
> ZOYq6Mz9vdXTB5uFFJYMPfG7uJs70jHFHUPAM&s=
> > kJTL1Q2_FkUjVFuiLY0imNjDEFKT8oONrMrtCydYdtI&e=
> >
> 
> I believe this may need update in the documentation of the PMD.
> features/octeontx2.ini should also be updated.
> Also a release note entry should be added as this is a new feature added.
> 
[Tejasree] Sure. Will update documentation and release notes.

> Is there any test case addition in the test or test-crypto-perf? Or is it only
> Tested via ipsec-secgw?
> 
[Tejasree] It is tested only via ipsec-secgw.

> Regards,
> Akhil

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 3/8] crypto/octeontx2: add cryptodev sec registration
  2020-07-01 20:59   ` Akhil Goyal
@ 2020-07-02 10:26     ` Tejasree Kondoj
  0 siblings, 0 replies; 21+ messages in thread
From: Tejasree Kondoj @ 2020-07-02 10:26 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Narayana Prasad Raju Athreya, Anoob Joseph, Vamsi Krishna Attunuru, dev



> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Thursday, July 2, 2020 2:29 AM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; Vamsi Krishna Attunuru <vattunuru@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] RE: [PATCH 3/8] crypto/octeontx2: add cryptodev sec
> registration
> 
> External Email
> 
> ----------------------------------------------------------------------
> 
> >
> > Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
> 
> Patch description?
> 
[Tejasree] Will add it.

> > -#endif /* __OTX2_CRYPTODEV_SEC_H__ */
> > +int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
> > +
> > +void otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *crypto_dev);
> > +
> > +#endif /* __OTX2_CRYPTODEEV_SEC_H__ */
> Unnecessary and wrong change.
> 
[Tejasree] Will correct it.

> > --
> > 2.27.0


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities
  2020-07-01 21:07   ` Akhil Goyal
@ 2020-07-02 10:32     ` Tejasree Kondoj
  2020-07-02 10:36       ` Akhil Goyal
  0 siblings, 1 reply; 21+ messages in thread
From: Tejasree Kondoj @ 2020-07-02 10:32 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Narayana Prasad Raju Athreya, Anoob Joseph, Vamsi Krishna Attunuru, dev

Hi Akhil,

Please see inline.

Thanks
Tejasree

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Thursday, July 2, 2020 2:37 AM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; Vamsi Krishna Attunuru <vattunuru@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] RE: [PATCH 4/8] crypto/octeontx2: add cryptodev sec
> capabilities
> 
> External Email
> 
> ----------------------------------------------------------------------
> > +static const struct rte_cryptodev_capabilities *
> > +otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps) {
> > +	SEC_CAPS_ADD(hw_caps, aes);
> > +
> > +	sec_caps_add(caps_end, RTE_DIM(caps_end));
> > +
> > +	return otx2_cpt_sec_caps;
> > +}
> SEC_CAPS_ADD should be called earlier when the security context is created
> Or where all other capabilities of the PMD are initialized.
> It should not be added when capabilities need to be retrieved.
> As of now you are supporting only AES-GCM, but in future if you add more
> algos, Then it would be difficult to manage.
[Tejasree]  We will initialize capabilities during probe and capabilities_get() would return pointer. Would that work?


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities
  2020-07-02 10:32     ` Tejasree Kondoj
@ 2020-07-02 10:36       ` Akhil Goyal
  0 siblings, 0 replies; 21+ messages in thread
From: Akhil Goyal @ 2020-07-02 10:36 UTC (permalink / raw)
  To: Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad Raju Athreya, Anoob Joseph, Vamsi Krishna Attunuru, dev

> > > +static const struct rte_cryptodev_capabilities *
> > > +otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps) {
> > > +	SEC_CAPS_ADD(hw_caps, aes);
> > > +
> > > +	sec_caps_add(caps_end, RTE_DIM(caps_end));
> > > +
> > > +	return otx2_cpt_sec_caps;
> > > +}
> > SEC_CAPS_ADD should be called earlier when the security context is created
> > Or where all other capabilities of the PMD are initialized.
> > It should not be added when capabilities need to be retrieved.
> > As of now you are supporting only AES-GCM, but in future if you add more
> > algos, Then it would be difficult to manage.
> [Tejasree]  We will initialize capabilities during probe and capabilities_get()
> would return pointer. Would that work?
Yes, I think so.

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions
  2020-07-02 10:00         ` Anoob Joseph
@ 2020-07-02 10:40           ` Akhil Goyal
  0 siblings, 0 replies; 21+ messages in thread
From: Akhil Goyal @ 2020-07-02 10:40 UTC (permalink / raw)
  To: Anoob Joseph, Tejasree Kondoj, Radu Nicolau
  Cc: Narayana Prasad Raju Athreya, Vamsi Krishna Attunuru, dev

> > ----------------------------------------------------------------------
> > > > > +#include "otx2_ipsec_po.h"
> > > > Why is it named like this? What is 'po' ?
> > >
> > > [Anoob] OCTEON TX2 firmware supports two opcodes. One specific for
> > > inline and one for lookaside. The one for inline is FP and the one for
> > > lookaside is PO (Protocol Offload).
> > >
> > Isn't it better to write "inline" in place of "fp" and "offload" in place of "po"?
> >
> > Fp and po looks very cryptic.
> 
> [Anoob] Yes. But since it is firmware specific, these need to be added for all
> structures etc. And these opcodes can be used interchangeably as well (as in PO
> opcode can be used for inline and FP opcodes can be used for lookaside, but
> both with certain limitations). Hence we have tried to separate it out this way.
> Larger names would mean longer function names and structure names etc. We
> tried few other names as well, but then it was conflicting with other opcodes. I
> do agree that it is slightly cryptic, but we have tried to use the names
> consistently to avoid confusions.
> 
I think you can use the opcode as fp and po but the function/file names should be readable.
However, it is internal to PMD, I don't have a strong opinion on this but it would be good if
Names can be made readable.

Regards,
Akhil


^ permalink raw reply	[flat|nested] 21+ messages in thread

end of thread, other threads:[~2020-07-02 10:41 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-23 12:12 [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
2020-06-23 12:12 ` [dpdk-dev] [PATCH 1/8] net/octeontx2: move otx2_sec_session struct to otx2_security.h Tejasree Kondoj
2020-06-23 12:12 ` [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions Tejasree Kondoj
2020-07-01 20:46   ` Akhil Goyal
2020-07-02  9:29     ` Anoob Joseph
2020-07-02  9:38       ` Akhil Goyal
2020-07-02 10:00         ` Anoob Joseph
2020-07-02 10:40           ` Akhil Goyal
2020-06-23 12:12 ` [dpdk-dev] [PATCH 3/8] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
2020-07-01 20:59   ` Akhil Goyal
2020-07-02 10:26     ` Tejasree Kondoj
2020-06-23 12:12 ` [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities Tejasree Kondoj
2020-07-01 21:07   ` Akhil Goyal
2020-07-02 10:32     ` Tejasree Kondoj
2020-07-02 10:36       ` Akhil Goyal
2020-06-23 12:12 ` [dpdk-dev] [PATCH 5/8] crypto/octeontx2: add cryptodev sec misc callbacks Tejasree Kondoj
2020-06-23 12:12 ` [dpdk-dev] [PATCH 6/8] crypto/octeontx2: add cryptodev sec session create Tejasree Kondoj
2020-06-23 12:12 ` [dpdk-dev] [PATCH 7/8] crypto/octeontx2: add cryptodev sec enqueue routine Tejasree Kondoj
2020-06-23 12:12 ` [dpdk-dev] [PATCH 8/8] crypto/octeontx2: add cryptodev sec dequeue routine Tejasree Kondoj
2020-07-01 20:54 ` [dpdk-dev] [PATCH 0/8] add OCTEON TX2 lookaside IPsec support Akhil Goyal
2020-07-02 10:23   ` Tejasree Kondoj

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).