From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <akhil.goyal@nxp.com>,
Declan Doherty <declan.doherty@intel.com>,
Thomas Monjalon <thomas@monjalon.net>
Cc: Ankur Dwivedi <adwivedi@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Narayana Prasad <pathreya@marvell.com>,
Kiran Kumar K <kirankumark@marvell.com>,
Nithin Dabilpuram <ndabilpuram@marvell.com>,
"Pavan Nikhilesh" <pbhagavatula@marvell.com>,
Anoob Joseph <anoobj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
Vamsi Attunuru <vattunuru@marvell.com>,
"Lukasz Bartosik" <lbartosik@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v3 06/15] net/octeontx2: add eth security capabilities
Date: Fri, 31 Jan 2020 15:33:46 +0530 [thread overview]
Message-ID: <1580465035-30455-7-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1580465035-30455-1-git-send-email-anoobj@marvell.com>
From: Ankur Dwivedi <adwivedi@marvell.com>
Adding security capabilities supported by the eth PMD.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
---
drivers/net/octeontx2/otx2_ethdev_sec.c | 124 ++++++++++++++++++++++++++++++++
drivers/net/octeontx2/otx2_ethdev_sec.h | 18 +++++
2 files changed, 142 insertions(+)
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index ed68152..d0b2dba 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -2,11 +2,13 @@
* Copyright (C) 2020 Marvell International Ltd.
*/
+#include <rte_cryptodev.h>
#include <rte_ethdev.h>
#include <rte_eventdev.h>
#include <rte_malloc.h>
#include <rte_memzone.h>
#include <rte_security.h>
+#include <rte_security_driver.h>
#include "otx2_ethdev.h"
#include "otx2_ethdev_sec.h"
@@ -27,12 +29,133 @@ struct eth_sec_tag_const {
};
};
+static struct rte_cryptodev_capabilities otx2_eth_sec_crypto_caps[] = {
+ { /* AES GCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 8,
+ .max = 12,
+ .increment = 4
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* AES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SHA1 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 20,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
+ RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+static const struct rte_security_capability otx2_eth_sec_capabilities[] = {
+ { /* IPsec Inline Protocol ESP Tunnel Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 }
+ },
+ .crypto_capabilities = otx2_eth_sec_crypto_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Protocol ESP Tunnel Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 }
+ },
+ .crypto_capabilities = otx2_eth_sec_crypto_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+};
+
static inline void
in_sa_mz_name_get(char *name, int size, uint16_t port)
{
snprintf(name, size, "otx2_ipsec_in_sadb_%u", port);
}
+static unsigned int
+otx2_eth_sec_session_get_size(void *device __rte_unused)
+{
+ return sizeof(struct otx2_sec_session);
+}
+
+static const struct rte_security_capability *
+otx2_eth_sec_capabilities_get(void *device __rte_unused)
+{
+ return otx2_eth_sec_capabilities;
+}
+
+static struct rte_security_ops otx2_eth_sec_ops = {
+ .session_get_size = otx2_eth_sec_session_get_size,
+ .capabilities_get = otx2_eth_sec_capabilities_get
+};
+
int
otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev)
{
@@ -46,6 +169,7 @@ otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev)
/* Populate ctx */
ctx->device = eth_dev;
+ ctx->ops = &otx2_eth_sec_ops;
ctx->sess_cnt = 0;
eth_dev->security_ctx = ctx;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h
index 60d4a29..8bdc9f0 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.h
@@ -7,6 +7,24 @@
#include <rte_ethdev.h>
+#include "otx2_ipsec_fp.h"
+
+/*
+ * Security session for inline IPsec protocol offload. This is private data of
+ * inline capable PMD.
+ */
+struct otx2_sec_session_ipsec_ip {
+ int dummy;
+};
+
+struct otx2_sec_session_ipsec {
+ struct otx2_sec_session_ipsec_ip ip;
+};
+
+struct otx2_sec_session {
+ struct otx2_sec_session_ipsec ipsec;
+} __rte_cache_aligned;
+
int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev);
void otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev);
--
2.7.4
next prev parent reply other threads:[~2020-01-31 10:05 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-08 11:54 [dpdk-dev] [PATCH 00/15] add OCTEONTX2 inline IPsec support Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 01/15] common/octeontx2: add CPT LF mbox for inline inbound Anoob Joseph
2019-12-09 7:38 ` Jerin Jacob
2019-12-08 11:54 ` [dpdk-dev] [PATCH 02/15] common/octeontx2: add routine to check if rte_eth_dev belongs to otx2 Anoob Joseph
2019-12-09 7:42 ` Jerin Jacob
2019-12-08 11:54 ` [dpdk-dev] [PATCH 03/15] crypto/octeontx2: configure for inline IPsec Anoob Joseph
2019-12-09 7:46 ` Jerin Jacob
2019-12-09 7:52 ` [dpdk-dev] [EXT] " Anoob Joseph
2019-12-09 7:53 ` Jerin Jacob
2019-12-08 11:54 ` [dpdk-dev] [PATCH 04/15] crypto/octeontx2: create eth security ctx Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 05/15] crypto/octeontx2: add security in eth dev configure Anoob Joseph
2019-12-09 7:51 ` Jerin Jacob
2019-12-09 8:03 ` Anoob Joseph
2019-12-09 8:04 ` Jerin Jacob
2019-12-08 11:54 ` [dpdk-dev] [PATCH 06/15] crypto/octeontx2: add eth security capabilities Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 07/15] crypto/octeontx2: enable CPT to share QP with ethdev Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 08/15] crypto/octeontx2: add eth security session operations Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 09/15] crypto/octeontx2: add datapath ops in eth security ctx Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 10/15] crypto/octeontx2: add lookup mem changes to hold sa indices Anoob Joseph
2019-12-09 8:02 ` Jerin Jacob
2019-12-13 7:12 ` [dpdk-dev] [EXT] " Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 11/15] net/octeontx2: add inline ipsec rx path changes Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 12/15] drivers/octeontx2: add sec in compiler optimized RX fastpath framework Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 13/15] drivers/octeontx2: add sec in compiler optimized TX " Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 14/15] crypto/octeontx2: add inline tx path changes Anoob Joseph
2019-12-14 15:42 ` Gavin Hu (Arm Technology China)
2019-12-08 11:54 ` [dpdk-dev] [PATCH 15/15] crypto/octeontx2: sync inline tag type cfg with Rx adapter configuration Anoob Joseph
2019-12-09 8:06 ` [dpdk-dev] [PATCH 00/15] add OCTEONTX2 inline IPsec support Jerin Jacob
2019-12-10 22:54 ` Thomas Monjalon
2019-12-13 7:41 ` [dpdk-dev] [EXT] " Anoob Joseph
2019-12-13 10:18 ` Thomas Monjalon
2020-01-18 10:48 ` [dpdk-dev] [PATCH v2 " Anoob Joseph
2020-01-18 10:48 ` [dpdk-dev] [PATCH v2 01/15] common/octeontx2: add CPT LF mbox for inline inbound Anoob Joseph
2020-01-18 14:34 ` Jerin Jacob
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 02/15] common/octeontx2: add routine to check if sec capable otx2 Anoob Joseph
2020-01-18 14:35 ` Jerin Jacob
2020-01-27 7:01 ` Akhil Goyal
2020-01-27 8:02 ` Anoob Joseph
2020-01-27 8:12 ` Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 03/15] crypto/octeontx2: configure for inline IPsec Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 04/15] crypto/octeontx2: create eth security ctx Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 05/15] crypto/octeontx2: add security in eth dev configure Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 06/15] crypto/octeontx2: add eth security capabilities Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 07/15] crypto/octeontx2: enable CPT to share QP with ethdev Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 08/15] crypto/octeontx2: add eth security session operations Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 09/15] crypto/octeontx2: add datapath ops in eth security ctx Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 10/15] crypto/octeontx2: add lookup mem changes to hold sa indices Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 11/15] net/octeontx2: add inline ipsec rx path changes Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 12/15] drivers/octeontx2: add sec in compiler optimized RX fastpath framework Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 13/15] drivers/octeontx2: add sec in compiler optimized TX " Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 14/15] crypto/octeontx2: add inline tx path changes Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 15/15] crypto/octeontx2: sync inline tag type cfg with Rx adapter configuration Anoob Joseph
2020-01-18 14:38 ` [dpdk-dev] [PATCH v2 00/15] add OCTEONTX2 inline IPsec support Jerin Jacob
2020-01-19 10:43 ` Anoob Joseph
2020-01-19 10:53 ` Thomas Monjalon
2020-01-19 10:57 ` [dpdk-dev] [EXT] " Anoob Joseph
2020-01-22 10:16 ` [dpdk-dev] " Akhil Goyal
2020-01-22 10:55 ` Anoob Joseph
2020-01-22 12:56 ` Akhil Goyal
2020-01-22 14:18 ` Jerin Jacob
2020-01-27 2:55 ` [dpdk-dev] [EXT] " Anoob Joseph
2020-01-27 10:40 ` [dpdk-dev] " Akhil Goyal
2020-01-27 11:25 ` Jerin Jacob
2020-01-27 11:47 ` Akhil Goyal
2020-01-27 14:54 ` Anoob Joseph
2020-01-28 8:29 ` Jerin Jacob
2020-01-28 8:38 ` Akhil Goyal
2020-01-28 8:56 ` Jerin Jacob
2020-01-28 17:28 ` Ferruh Yigit
2020-01-29 4:01 ` [dpdk-dev] [EXT] " Anoob Joseph
2020-01-28 17:27 ` [dpdk-dev] " Ferruh Yigit
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 00/15] add OCTEON TX2 " Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 01/15] common/octeontx2: add CPT LF mbox for inline inbound Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 02/15] common/octeontx2: add routine to check if sec capable otx2 Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 03/15] crypto/octeontx2: configure for inline IPsec Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 04/15] net/octeontx2: create eth security ctx Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 05/15] net/octeontx2: add security in eth dev configure Anoob Joseph
2020-01-31 10:03 ` Anoob Joseph [this message]
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 07/15] crypto/octeontx2: enable CPT to share QP with ethdev Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 08/15] net/octeontx2: add eth security session operations Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 09/15] net/octeontx2: add datapath ops in eth security ctx Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 10/15] net/octeontx2: add lookup mem changes to hold sa indices Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 11/15] net/octeontx2: add inline ipsec Rx path changes Anoob Joseph
2020-01-31 13:39 ` Akhil Goyal
2020-01-31 15:05 ` Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 12/15] drivers/octeontx2: add sec in Rx fastpath framework Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 13/15] drivers/octeontx2: add sec in Tx " Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 14/15] net/octeontx2: add inline Tx path changes Anoob Joseph
2020-01-31 13:36 ` Akhil Goyal
2020-01-31 15:33 ` Anoob Joseph
2020-02-01 9:35 ` Anoob Joseph
2020-02-03 13:25 ` Akhil Goyal
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 15/15] net/octeontx2: sync inline tag type Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 00/15] add OCTEON TX2 inline IPsec support Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 01/15] common/octeontx2: add CPT LF mbox for inline inbound Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 02/15] common/octeontx2: add routine to check if sec capable otx2 Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 03/15] crypto/octeontx2: configure for inline IPsec Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 04/15] net/octeontx2: create eth security ctx Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 05/15] net/octeontx2: add security in eth dev configure Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 06/15] net/octeontx2: add eth security capabilities Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 07/15] crypto/octeontx2: enable CPT to share QP with ethdev Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 08/15] net/octeontx2: add eth security session operations Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 09/15] net/octeontx2: add datapath ops in eth security ctx Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 10/15] net/octeontx2: add lookup mem changes to hold sa indices Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 11/15] net/octeontx2: add inline ipsec Rx path changes Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 12/15] drivers/octeontx2: add sec in Rx fastpath framework Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 13/15] drivers/octeontx2: add sec in Tx " Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 14/15] net/octeontx2: add inline Tx path changes Anoob Joseph
2020-02-05 23:19 ` Thomas Monjalon
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 15/15] net/octeontx2: sync inline tag type Anoob Joseph
2020-02-04 16:10 ` [dpdk-dev] [PATCH v4 00/15] add OCTEON TX2 inline IPsec support Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1580465035-30455-7-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=adwivedi@marvell.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=jerinj@marvell.com \
--cc=kirankumark@marvell.com \
--cc=ktejasree@marvell.com \
--cc=lbartosik@marvell.com \
--cc=marchana@marvell.com \
--cc=ndabilpuram@marvell.com \
--cc=pathreya@marvell.com \
--cc=pbhagavatula@marvell.com \
--cc=thomas@monjalon.net \
--cc=vattunuru@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.