[dpdk-dev] [RFC 2/5] app/testpmd: macsec on command draft via security context

[Igor Russkikh <Igor.Russkikh@aquantia.com>]

Here we create/get security mempool, get sec_ctx, and then
request session creation with macsec specific session configuration.

encrypt and replay_protection parameters are really not a global macsec
attributes, they are related to tx and rx security connection properties.

But we keep testpmd commands structure the same for now and will redesign
it in later commits.

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
 app/test-pmd/cmdline.c | 54 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 46 insertions(+), 8 deletions(-)

diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
index c1042dd98214..dbee3d958c2e 100644
--- a/app/test-pmd/cmdline.c
+++ b/app/test-pmd/cmdline.c
@@ -46,6 +46,7 @@
 #include <rte_devargs.h>
 #include <rte_flow.h>
 #include <rte_gro.h>
+#include <rte_security.h>
 
 #include <cmdline_rdline.h>
 #include <cmdline_parse.h>
@@ -13991,6 +13992,12 @@ struct cmd_macsec_offload_on_result {
 	cmdline_fixed_string_t rp_on_off;
 };
 
+/* Temporary static storage until testpmd macsec commands get reformatted */
+int macsec_encrypt;
+int macsec_replay_protection;
+struct rte_security_session_conf macsec_conf;
+struct rte_security_session *macsec_session;
+
 /* Common CLI fields for MACsec offload disable */
 cmdline_parse_token_string_t cmd_macsec_offload_on_set =
 	TOKEN_STRING_INITIALIZER
@@ -14029,6 +14036,23 @@ cmdline_parse_token_string_t cmd_macsec_offload_on_rp_on_off =
 		(struct cmd_macsec_offload_on_result,
 		 rp_on_off, "on#off");
 
+static struct rte_mempool *get_security_pool()
+{
+	struct rte_mempool *pool = rte_mempool_lookup("testpmd_security_pool");
+	int session_size = 256;
+
+	if (!pool) {
+		pool = rte_mempool_create("testpmd_security_pool",
+				256,
+				session_size,
+				256,
+				0, NULL, NULL, NULL,
+				NULL, SOCKET_ID_ANY,
+				0);
+	}
+	return pool;
+}
+
 static void
 cmd_set_macsec_offload_on_parsed(
 	void *parsed_result,
@@ -14036,11 +14060,13 @@ cmd_set_macsec_offload_on_parsed(
 	__attribute__((unused)) void *data)
 {
 	struct cmd_macsec_offload_on_result *res = parsed_result;
-	int ret = -ENOTSUP;
+	int ret = 0;
+	struct rte_security_ctx *ctx;
 	portid_t port_id = res->port_id;
 	int en = (strcmp(res->en_on_off, "on") == 0) ? 1 : 0;
 	int rp = (strcmp(res->rp_on_off, "on") == 0) ? 1 : 0;
 	struct rte_eth_dev_info dev_info;
+	struct rte_security_session_conf macsec_conf;
 
 	if (port_id_is_invalid(port_id, ENABLED_WARN))
 		return;
@@ -14049,17 +14075,29 @@ cmd_set_macsec_offload_on_parsed(
 		return;
 	}
 
-	rte_eth_dev_info_get(port_id, &dev_info);
-	if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) {
-#ifdef RTE_LIBRTE_IXGBE_PMD
-		ret = rte_pmd_ixgbe_macsec_enable(port_id, en, rp);
-#endif
+	ctx = rte_eth_dev_get_sec_ctx(port_id);
+	if (!ctx) {
+		ret = ENOTSUP;
+		goto done;
+	}
+
+	macsec_conf.action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+	macsec_conf.protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+	/** should be moved to SC properties */
+	macsec_encrypt = en;
+	macsec_replay_protection = rp;
+
+	/* Use of the same mempool for session header and private data */
+	macsec_session = rte_security_session_create(ctx, &macsec_conf, get_security_pool());
+
+	if (macsec_session == NULL) {
+		ret = -ENOTSUP;
 	}
-	RTE_SET_USED(en);
-	RTE_SET_USED(rp);
 
+done:
 	switch (ret) {
 	case 0:
+		/* TBD: To delete? */
 		ports[port_id].dev_conf.txmode.offloads |=
 						DEV_TX_OFFLOAD_MACSEC_INSERT;
 		cmd_reconfig_device_queue(port_id, 1, 1);
-- 
2.17.1