}, }
}, }
},
+ { /* AES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SHA1 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 20,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
struct rte_crypto_sym_xform *crypto;
struct cnxk_eth_sec_sess *eth_sec;
bool inbound, inl_dev;
+ rte_spinlock_t *lock;
+ char tbuf[128] = {0};
int rc = 0;
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess));
sess_priv.u64 = 0;
+ lock = inbound ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
/* Acquire lock on inline dev for inbound */
if (inbound && inl_dev)
roc_nix_inl_dev_lock();
if (inbound) {
+ struct roc_ot_ipsec_inb_sa *inb_sa, *inb_sa_dptr;
struct cn10k_inb_priv_data *inb_priv;
- struct roc_ot_ipsec_inb_sa *inb_sa;
uintptr_t sa;
PLT_STATIC_ASSERT(sizeof(struct cn10k_inb_priv_data) <
/* Get Inbound SA from NIX_RX_IPSEC_SA_BASE */
sa = roc_nix_inl_inb_sa_get(&dev->nix, inl_dev, ipsec->spi);
if (!sa && dev->inb.inl_dev) {
- plt_err("Failed to create ingress sa, inline dev "
- "not found or spi not in range");
+ snprintf(tbuf, sizeof(tbuf),
+ "Failed to create ingress sa, inline dev "
+ "not found or spi not in range");
rc = -ENOTSUP;
goto mempool_put;
} else if (!sa) {
- plt_err("Failed to create ingress sa");
+ snprintf(tbuf, sizeof(tbuf),
+ "Failed to create ingress sa");
rc = -EFAULT;
goto mempool_put;
}
/* Check if SA is already in use */
if (inb_sa->w2.s.valid) {
- plt_err("Inbound SA with SPI %u already in use",
- ipsec->spi);
+ snprintf(tbuf, sizeof(tbuf),
+ "Inbound SA with SPI %u already in use",
+ ipsec->spi);
rc = -EBUSY;
goto mempool_put;
}
- memset(inb_sa, 0, sizeof(struct roc_ot_ipsec_inb_sa));
+ inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr;
+ memset(inb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa));
/* Fill inbound sa params */
- rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa, ipsec, crypto);
+ rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto);
if (rc) {
- plt_err("Failed to init inbound sa, rc=%d", rc);
+ snprintf(tbuf, sizeof(tbuf),
+ "Failed to init inbound sa, rc=%d", rc);
goto mempool_put;
}
inb_priv->userdata = conf->userdata;
/* Save SA index/SPI in cookie for now */
- inb_sa->w1.s.cookie = rte_cpu_to_be_32(ipsec->spi);
+ inb_sa_dptr->w1.s.cookie = rte_cpu_to_be_32(ipsec->spi);
/* Prepare session priv */
sess_priv.inb_sa = 1;
TAILQ_INSERT_TAIL(&dev->inb.list, eth_sec, entry);
dev->inb.nb_sess++;
+ /* Sync session in context cache */
+ rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_inb_sa));
+ if (rc)
+ goto mempool_put;
} else {
+ struct roc_ot_ipsec_outb_sa *outb_sa, *outb_sa_dptr;
struct cn10k_outb_priv_data *outb_priv;
- struct roc_ot_ipsec_outb_sa *outb_sa;
struct cnxk_ipsec_outb_rlens *rlens;
uint64_t sa_base = dev->outb.sa_base;
uint32_t sa_idx;
outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa);
rlens = &outb_priv->rlens;
- memset(outb_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
+ outb_sa_dptr = (struct roc_ot_ipsec_outb_sa *)dev->outb.sa_dptr;
+ memset(outb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa));
/* Fill outbound sa params */
- rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa, ipsec, crypto);
+ rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto);
if (rc) {
- plt_err("Failed to init outbound sa, rc=%d", rc);
+ snprintf(tbuf, sizeof(tbuf),
+ "Failed to init outbound sa, rc=%d", rc);
rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx);
goto mempool_put;
}
sess_priv.roundup_byte = rlens->roundup_byte;
sess_priv.roundup_len = rlens->roundup_len;
sess_priv.partial_len = rlens->partial_len;
- sess_priv.mode = outb_sa->w2.s.ipsec_mode;
- sess_priv.outer_ip_ver = outb_sa->w2.s.outer_ip_ver;
+ sess_priv.mode = outb_sa_dptr->w2.s.ipsec_mode;
+ sess_priv.outer_ip_ver = outb_sa_dptr->w2.s.outer_ip_ver;
/* Pointer from eth_sec -> outb_sa */
eth_sec->sa = outb_sa;
TAILQ_INSERT_TAIL(&dev->outb.list, eth_sec, entry);
dev->outb.nb_sess++;
+ /* Sync session in context cache */
+ rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_outb_sa));
+ if (rc)
+ goto mempool_put;
}
-
- /* Sync session in context cache */
- roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
- ROC_NIX_INL_SA_OP_RELOAD);
-
if (inbound && inl_dev)
roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u",
inbound ? "inbound" : "outbound", eth_sec->spi,
mempool_put:
if (inbound && inl_dev)
roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
rte_mempool_put(mempool, eth_sec);
+ if (rc)
+ plt_err("%s", tbuf);
return rc;
}
{
struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
- struct roc_ot_ipsec_inb_sa *inb_sa;
- struct roc_ot_ipsec_outb_sa *outb_sa;
struct cnxk_eth_sec_sess *eth_sec;
struct rte_mempool *mp;
+ rte_spinlock_t *lock;
+ void *sa_dptr;
eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess);
if (!eth_sec)
return -ENOENT;
+ lock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock;
+ rte_spinlock_lock(lock);
+
if (eth_sec->inl_dev)
roc_nix_inl_dev_lock();
if (eth_sec->inb) {
- inb_sa = eth_sec->sa;
/* Disable SA */
- inb_sa->w2.s.valid = 0;
+ sa_dptr = dev->inb.sa_dptr;
+ roc_nix_inl_inb_sa_init(sa_dptr);
+ roc_nix_inl_ctx_write(&dev->nix, sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_inb_sa));
TAILQ_REMOVE(&dev->inb.list, eth_sec, entry);
dev->inb.nb_sess--;
} else {
- outb_sa = eth_sec->sa;
/* Disable SA */
- outb_sa->w2.s.valid = 0;
+ sa_dptr = dev->outb.sa_dptr;
+ roc_nix_inl_outb_sa_init(sa_dptr);
+ roc_nix_inl_ctx_write(&dev->nix, sa_dptr, eth_sec->sa,
+ eth_sec->inb,
+ sizeof(struct roc_ot_ipsec_outb_sa));
/* Release Outbound SA index */
cnxk_eth_outb_sa_idx_put(dev, eth_sec->sa_idx);
TAILQ_REMOVE(&dev->outb.list, eth_sec, entry);
dev->outb.nb_sess--;
}
-
- /* Sync session in context cache */
- roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb,
- ROC_NIX_INL_SA_OP_RELOAD);
-
if (eth_sec->inl_dev)
roc_nix_inl_dev_unlock();
+ rte_spinlock_unlock(lock);
+
plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u",
eth_sec->inb ? "inbound" : "outbound", eth_sec->spi,
eth_sec->sa_idx, eth_sec->inl_dev);
git.droids-corp.org / dpdk.git / blobdiff