if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
sa->iv_offset = crypto_xfrm->aead.iv.offset;
sa->iv_length = crypto_xfrm->aead.iv.length;
- } else {
+ } else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
sa->iv_offset = crypto_xfrm->cipher.iv.offset;
sa->iv_length = crypto_xfrm->cipher.iv.length;
+ } else {
+ sa->iv_offset = crypto_xfrm->auth.iv.offset;
+ sa->iv_length = crypto_xfrm->auth.iv.length;
}
}
#else
param1.u16 = 0;
+ param1.s.ttl_or_hop_limit = ipsec_xfrm->options.dec_ttl;
+
/* Disable IP checksum computation by default */
param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE;
sa->inst.w4 = inst_w4.u64;
+ if (ipsec_xfrm->options.stats == 1) {
+ /* Enable mib counters */
+ sa_dptr->w0.s.count_mib_bytes = 1;
+ sa_dptr->w0.s.count_mib_pkts = 1;
+ }
+
memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
/* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */
}
/* Translate security parameters to SA */
- ret = cnxk_ot_ipsec_inb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm);
+ ret = cnxk_ot_ipsec_inb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm,
+ false);
if (ret) {
plt_err("Could not fill inbound session parameters");
goto sa_dptr_free;
if (ipsec_xfrm->options.ip_csum_enable) {
param1.s.ip_csum_disable =
ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE;
- sa->ip_csum_enable = true;
}
/* Disable L4 checksum verification by default */
sa->inst.w4 = inst_w4.u64;
+ if (ipsec_xfrm->options.stats == 1) {
+ /* Enable mib counters */
+ sa_dptr->w0.s.count_mib_bytes = 1;
+ sa_dptr->w0.s.count_mib_pkts = 1;
+ }
+
memset(in_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
/* Copy word0 from sa_dptr to populate ctx_push_sz ctx_size fields */
}
/* Trigger CTX flush so that data is written back to DRAM */
- roc_cpt_lf_ctx_flush(lf, in_sa, false);
+ roc_cpt_lf_ctx_flush(lf, in_sa, true);
plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
struct cn10k_ipsec_sa *sa;
struct cnxk_cpt_qp *qp;
struct roc_cpt_lf *lf;
+ void *sa_dptr = NULL;
+ int ret;
sess = get_sec_session_private_data(sec_sess);
if (sess == NULL)
/* Trigger CTX flush to write dirty data back to DRAM */
roc_cpt_lf_ctx_flush(lf, &sa->in_sa, false);
- /* Wait for 1 ms so that flush is complete */
- rte_delay_ms(1);
+ ret = -1;
- w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2;
- w2->s.valid = 0;
+ if (sa->is_outbound) {
+ sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_outb_sa), 8);
+ if (sa_dptr != NULL) {
+ roc_ot_ipsec_outb_sa_init(sa_dptr);
- plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
+ ret = roc_cpt_ctx_write(
+ lf, sa_dptr, &sa->out_sa,
+ sizeof(struct roc_ot_ipsec_outb_sa));
+ }
+ } else {
+ sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_inb_sa), 8);
+ if (sa_dptr != NULL) {
+ roc_ot_ipsec_inb_sa_init(sa_dptr, false);
+
+ ret = roc_cpt_ctx_write(
+ lf, sa_dptr, &sa->in_sa,
+ sizeof(struct roc_ot_ipsec_inb_sa));
+ }
+ }
+
+ plt_free(sa_dptr);
+
+ if (ret) {
+ /* MC write_ctx failed. Attempt reload of CTX */
+
+ /* Wait for 1 ms so that flush is complete */
+ rte_delay_ms(1);
+
+ w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2;
+ w2->s.valid = 0;
- /* Trigger CTX reload to fetch new data from DRAM */
- roc_cpt_lf_ctx_reload(lf, &sa->in_sa);
+ plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
+
+ /* Trigger CTX reload to fetch new data from DRAM */
+ roc_cpt_lf_ctx_reload(lf, &sa->in_sa);
+ }
sess_mp = rte_mempool_from_obj(sess);
return sizeof(struct cn10k_sec_session);
}
+static int
+cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
+ struct rte_security_stats *stats)
+{
+ struct rte_cryptodev *crypto_dev = device;
+ struct roc_ot_ipsec_outb_sa *out_sa;
+ struct roc_ot_ipsec_inb_sa *in_sa;
+ union roc_ot_ipsec_sa_word2 *w2;
+ struct cn10k_sec_session *priv;
+ struct cn10k_ipsec_sa *sa;
+ struct cnxk_cpt_qp *qp;
+
+ priv = get_sec_session_private_data(sess);
+ if (priv == NULL)
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (qp == NULL)
+ return -EINVAL;
+
+ sa = &priv->sa;
+ w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2;
+
+ stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
+
+ if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND) {
+ out_sa = &sa->out_sa;
+ roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false);
+ rte_delay_ms(1);
+ stats->ipsec.opackets = out_sa->ctx.mib_pkts;
+ stats->ipsec.obytes = out_sa->ctx.mib_octs;
+ } else {
+ in_sa = &sa->in_sa;
+ roc_cpt_lf_ctx_flush(&qp->lf, in_sa, false);
+ rte_delay_ms(1);
+ stats->ipsec.ipackets = in_sa->ctx.mib_pkts;
+ stats->ipsec.ibytes = in_sa->ctx.mib_octs;
+ }
+
+ return 0;
+}
+
+static int
+cn10k_sec_session_update(void *device, struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+ struct rte_cryptodev *crypto_dev = device;
+ struct cn10k_sec_session *priv;
+ struct roc_cpt *roc_cpt;
+ struct cnxk_cpt_qp *qp;
+ struct cnxk_cpt_vf *vf;
+ int ret;
+
+ priv = get_sec_session_private_data(sess);
+ if (priv == NULL)
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (qp == NULL)
+ return -EINVAL;
+
+ if (conf->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+ return -ENOTSUP;
+
+ ret = cnxk_ipsec_xform_verify(&conf->ipsec, conf->crypto_xform);
+ if (ret)
+ return ret;
+
+ vf = crypto_dev->data->dev_private;
+ roc_cpt = &vf->cpt;
+
+ return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec,
+ conf->crypto_xform, sess);
+}
+
/* Update platform specific security ops */
void
cn10k_sec_ops_override(void)
cnxk_sec_ops.session_create = cn10k_sec_session_create;
cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy;
cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size;
+ cnxk_sec_ops.session_stats_get = cn10k_sec_session_stats_get;
+ cnxk_sec_ops.session_update = cn10k_sec_session_update;
}
git.droids-corp.org / dpdk.git / blobdiff