These are driver MACsec configuration routines.
They fill in config structures and prepare these
to be send to FW. Actual configuration will happen in
link interrupt handler.
We declare MACsec offload bits in DPDK offload capabilities
and provide external experimental MACsec API wrappers.
Also update documentation with feature matrix for the
enabled feature.
Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
- RSS (Receive Side Scaling)
- Checksum offload
- Jumbo Frame upto 16K
+- MACSEC offload
+
+Experimental API features
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- MACSEC PMD API is considered as experimental and is subject to change/removal in next DPDK releases.
Configuration Information
^^^^^^^^^^^^^^^^^^^^^^^^^
Flow control = Y
CRC offload = Y
VLAN offload = Y
+MACsec offload = Y
L3 checksum offload = Y
L4 checksum offload = Y
Packet type parsing = Y
* Added CRC offload support
* Added Rx checksum offload validation support
+* **Updated the atlantic PMD.**
+
+ Added MACSEC hardware offload experimental API.
+
* **Updated the QuickAssist Technology PMD.**
Added support for AES-XTS with 128 and 256 bit AES keys.
SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_llh.c
SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_utils_fw2x.c
SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_b0.c
+SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += rte_pmd_atlantic.c
include $(RTE_SDK)/mk/rte.lib.mk
| DEV_RX_OFFLOAD_UDP_CKSUM \
| DEV_RX_OFFLOAD_TCP_CKSUM \
| DEV_RX_OFFLOAD_JUMBO_FRAME \
+ | DEV_RX_OFFLOAD_MACSEC_STRIP \
| DEV_RX_OFFLOAD_VLAN_FILTER)
#define ATL_TX_OFFLOADS (DEV_TX_OFFLOAD_VLAN_INSERT \
| DEV_TX_OFFLOAD_UDP_CKSUM \
| DEV_TX_OFFLOAD_TCP_CKSUM \
| DEV_TX_OFFLOAD_TCP_TSO \
+ | DEV_TX_OFFLOAD_MACSEC_INSERT \
| DEV_TX_OFFLOAD_MULTI_SEGS)
static const struct rte_eth_desc_lim rx_desc_lim = {
return ret;
}
+int atl_macsec_enable(struct rte_eth_dev *dev,
+ uint8_t encr, uint8_t repl_prot)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.common.macsec_enabled = 1;
+ cfg->aq_macsec.common.encryption_enabled = encr;
+ cfg->aq_macsec.common.replay_protection_enabled = repl_prot;
+
+ return 0;
+}
+
+int atl_macsec_disable(struct rte_eth_dev *dev)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.common.macsec_enabled = 0;
+
+ return 0;
+}
+
+int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ memset(&cfg->aq_macsec.txsc.mac, 0, sizeof(cfg->aq_macsec.txsc.mac));
+ memcpy((uint8_t *)&cfg->aq_macsec.txsc.mac + 2, mac, ETHER_ADDR_LEN);
+
+ return 0;
+}
+
+int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ memset(&cfg->aq_macsec.rxsc.mac, 0, sizeof(cfg->aq_macsec.rxsc.mac));
+ memcpy((uint8_t *)&cfg->aq_macsec.rxsc.mac + 2, mac, ETHER_ADDR_LEN);
+ cfg->aq_macsec.rxsc.pi = pi;
+
+ return 0;
+}
+
+int atl_macsec_select_txsa(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.txsa.idx = idx;
+ cfg->aq_macsec.txsa.pn = pn;
+ cfg->aq_macsec.txsa.an = an;
+
+ memcpy(&cfg->aq_macsec.txsa.key, key, 16);
+ return 0;
+}
+
+int atl_macsec_select_rxsa(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.rxsa.idx = idx;
+ cfg->aq_macsec.rxsa.pn = pn;
+ cfg->aq_macsec.rxsa.an = an;
+
+ memcpy(&cfg->aq_macsec.rxsa.key, key, 16);
+ return 0;
+}
static int
atl_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats *stats)
return 0;
}
+static bool
+is_device_supported(struct rte_eth_dev *dev, struct rte_pci_driver *drv)
+{
+ if (strcmp(dev->device->driver->name, drv->driver.name))
+ return false;
+
+ return true;
+}
+
+bool
+is_atlantic_supported(struct rte_eth_dev *dev)
+{
+ return is_device_supported(dev, &rte_atl_pmd);
+}
+
RTE_PMD_REGISTER_PCI(net_atlantic, rte_atl_pmd);
RTE_PMD_REGISTER_PCI_TABLE(net_atlantic, pci_id_atl_map);
RTE_PMD_REGISTER_KMOD_DEP(net_atlantic, "* igb_uio | uio_pci_generic");
uint16_t atl_prep_pkts(void *tx_queue, struct rte_mbuf **tx_pkts,
uint16_t nb_pkts);
+int atl_macsec_enable(struct rte_eth_dev *dev, uint8_t encr, uint8_t repl_prot);
+int atl_macsec_disable(struct rte_eth_dev *dev);
+int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi);
+int atl_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+ uint8_t an, uint32_t pn, uint8_t *key);
+int atl_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+ uint8_t an, uint32_t pn, uint8_t *key);
+
+bool is_atlantic_supported(struct rte_eth_dev *dev);
+
#endif /* _ATLANTIC_ETHDEV_H_ */
'hw_atl/hw_atl_llh.c',
'hw_atl/hw_atl_utils_fw2x.c',
'hw_atl/hw_atl_utils.c',
+ 'rte_pmd_atlantic.c',
)
--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Aquantia Corporation
+ */
+
+#include <rte_ethdev_driver.h>
+
+#include "rte_pmd_atlantic.h"
+#include "atl_ethdev.h"
+
+
+__rte_experimental int
+rte_pmd_atl_macsec_enable(uint16_t port,
+ uint8_t encr, uint8_t repl_prot)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+ dev = &rte_eth_devices[port];
+
+ if (!is_atlantic_supported(dev))
+ return -ENOTSUP;
+
+ return atl_macsec_enable(dev, encr, repl_prot);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_disable(uint16_t port)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+ dev = &rte_eth_devices[port];
+
+ if (!is_atlantic_supported(dev))
+ return -ENOTSUP;
+
+ return atl_macsec_disable(dev);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_config_txsc(uint16_t port, uint8_t *mac)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+ dev = &rte_eth_devices[port];
+
+ if (!is_atlantic_supported(dev))
+ return -ENOTSUP;
+
+ return atl_macsec_config_txsc(dev, mac);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_config_rxsc(uint16_t port, uint8_t *mac, uint16_t pi)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+ dev = &rte_eth_devices[port];
+
+ if (!is_atlantic_supported(dev))
+ return -ENOTSUP;
+
+ return atl_macsec_config_rxsc(dev, mac, pi);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_select_txsa(uint16_t port, uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+ dev = &rte_eth_devices[port];
+
+ if (!is_atlantic_supported(dev))
+ return -ENOTSUP;
+
+ return atl_macsec_select_txsa(dev, idx, an, pn, key);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_select_rxsa(uint16_t port, uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+ dev = &rte_eth_devices[port];
+
+ if (!is_atlantic_supported(dev))
+ return -ENOTSUP;
+
+ return atl_macsec_select_rxsa(dev, idx, an, pn, key);
+}
--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Aquantia Corporation
+ */
+
+/**
+ * @file rte_pmd_atlantic.h
+ * atlantic PMD specific functions.
+ *
+ **/
+
+#ifndef _PMD_ATLANTIC_H_
+#define _PMD_ATLANTIC_H_
+
+#include <rte_ethdev_driver.h>
+
+/**
+ * Enable MACsec offload.
+ *
+ * @param port
+ * The port identifier of the Ethernet device.
+ * @param encr
+ * 1 - Enable encryption (encrypt and add integrity signature).
+ * 0 - Disable encryption (only add integrity signature).
+ * @param repl_prot
+ * 1 - Enable replay protection.
+ * 0 - Disable replay protection.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int rte_pmd_atl_macsec_enable(uint16_t port, uint8_t encr, uint8_t repl_prot);
+
+/**
+ * Disable MACsec offload.
+ *
+ * @param port
+ * The port identifier of the Ethernet device.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int rte_pmd_atl_macsec_disable(uint16_t port);
+
+/**
+ * Configure Tx SC (Secure Connection).
+ *
+ * @param port
+ * The port identifier of the Ethernet device.
+ * @param mac
+ * The MAC address on the local side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int rte_pmd_atl_macsec_config_txsc(uint16_t port, uint8_t *mac);
+
+/**
+ * Configure Rx SC (Secure Connection).
+ *
+ * @param port
+ * The port identifier of the Ethernet device.
+ * @param mac
+ * The MAC address on the remote side.
+ * @param pi
+ * The PI (port identifier) on the remote side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int rte_pmd_atl_macsec_config_rxsc(uint16_t port, uint8_t *mac, uint16_t pi);
+
+/**
+ * Enable Tx SA (Secure Association).
+ *
+ * @param port
+ * The port identifier of the Ethernet device.
+ * @param idx
+ * The SA to be enabled (0 or 1).
+ * @param an
+ * The association number on the local side.
+ * @param pn
+ * The packet number on the local side.
+ * @param key
+ * The key on the local side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ * - (-EINVAL) if bad parameter.
+ */
+int rte_pmd_atl_macsec_select_txsa(uint16_t port, uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+
+/**
+ * Enable Rx SA (Secure Association).
+ *
+ * @param port
+ * The port identifier of the Ethernet device.
+ * @param idx
+ * The SA to be enabled (0 or 1)
+ * @param an
+ * The association number on the remote side.
+ * @param pn
+ * The packet number on the remote side.
+ * @param key
+ * The key on the remote side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ * - (-EINVAL) if bad parameter.
+ */
+int rte_pmd_atl_macsec_select_rxsa(uint16_t port, uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+
+#endif /* _PMD_ATLANTIC_H_ */
local: *;
};
+
+EXPERIMENTAL {
+ global:
+
+ rte_pmd_atl_macsec_enable;
+ rte_pmd_atl_macsec_disable;
+ rte_pmd_atl_macsec_config_txsc;
+ rte_pmd_atl_macsec_config_rxsc;
+ rte_pmd_atl_macsec_select_txsa;
+ rte_pmd_atl_macsec_select_rxsa;
+};
+