From: Pavel Belous Date: Thu, 18 Apr 2019 11:39:51 +0000 (+0000) Subject: net/atlantic: enable MACsec configuration X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=ec0dec44ecb9;p=dpdk.git net/atlantic: enable MACsec configuration These are driver MACsec configuration routines. They fill in config structures and prepare these to be send to FW. Actual configuration will happen in link interrupt handler. We declare MACsec offload bits in DPDK offload capabilities and provide external experimental MACsec API wrappers. Also update documentation with feature matrix for the enabled feature. Signed-off-by: Pavel Belous Signed-off-by: Igor Russkikh --- diff --git a/doc/guides/nics/atlantic.rst b/doc/guides/nics/atlantic.rst index 80591b13c1..22f2410d0e 100644 --- a/doc/guides/nics/atlantic.rst +++ b/doc/guides/nics/atlantic.rst @@ -19,6 +19,12 @@ Supported features - RSS (Receive Side Scaling) - Checksum offload - Jumbo Frame upto 16K +- MACSEC offload + +Experimental API features +^^^^^^^^^^^^^^^^^^^^^^^^^ + +- MACSEC PMD API is considered as experimental and is subject to change/removal in next DPDK releases. Configuration Information ^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/doc/guides/nics/features/atlantic.ini b/doc/guides/nics/features/atlantic.ini index 5ed095b143..2bb8ecc017 100644 --- a/doc/guides/nics/features/atlantic.ini +++ b/doc/guides/nics/features/atlantic.ini @@ -20,6 +20,7 @@ VLAN filter = Y Flow control = Y CRC offload = Y VLAN offload = Y +MACsec offload = Y L3 checksum offload = Y L4 checksum offload = Y Packet type parsing = Y diff --git a/doc/guides/rel_notes/release_19_05.rst b/doc/guides/rel_notes/release_19_05.rst index 36064692aa..3c388da665 100644 --- a/doc/guides/rel_notes/release_19_05.rst +++ b/doc/guides/rel_notes/release_19_05.rst @@ -165,6 +165,10 @@ New Features * Added CRC offload support * Added Rx checksum offload validation support +* **Updated the atlantic PMD.** + + Added MACSEC hardware offload experimental API. + * **Updated the QuickAssist Technology PMD.** Added support for AES-XTS with 128 and 256 bit AES keys. diff --git a/drivers/net/atlantic/Makefile b/drivers/net/atlantic/Makefile index 62dcdbffa6..263f12b557 100644 --- a/drivers/net/atlantic/Makefile +++ b/drivers/net/atlantic/Makefile @@ -31,5 +31,6 @@ SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_utils.c SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_llh.c SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_utils_fw2x.c SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_b0.c +SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += rte_pmd_atlantic.c include $(RTE_SDK)/mk/rte.lib.mk diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c index 8327863cd9..7ea6919ff1 100644 --- a/drivers/net/atlantic/atl_ethdev.c +++ b/drivers/net/atlantic/atl_ethdev.c @@ -167,6 +167,7 @@ static struct rte_pci_driver rte_atl_pmd = { | DEV_RX_OFFLOAD_UDP_CKSUM \ | DEV_RX_OFFLOAD_TCP_CKSUM \ | DEV_RX_OFFLOAD_JUMBO_FRAME \ + | DEV_RX_OFFLOAD_MACSEC_STRIP \ | DEV_RX_OFFLOAD_VLAN_FILTER) #define ATL_TX_OFFLOADS (DEV_TX_OFFLOAD_VLAN_INSERT \ @@ -174,6 +175,7 @@ static struct rte_pci_driver rte_atl_pmd = { | DEV_TX_OFFLOAD_UDP_CKSUM \ | DEV_TX_OFFLOAD_TCP_CKSUM \ | DEV_TX_OFFLOAD_TCP_TSO \ + | DEV_TX_OFFLOAD_MACSEC_INSERT \ | DEV_TX_OFFLOAD_MULTI_SEGS) static const struct rte_eth_desc_lim rx_desc_lim = { @@ -698,6 +700,82 @@ atl_dev_reset(struct rte_eth_dev *dev) return ret; } +int atl_macsec_enable(struct rte_eth_dev *dev, + uint8_t encr, uint8_t repl_prot) +{ + struct aq_hw_cfg_s *cfg = + ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private); + + cfg->aq_macsec.common.macsec_enabled = 1; + cfg->aq_macsec.common.encryption_enabled = encr; + cfg->aq_macsec.common.replay_protection_enabled = repl_prot; + + return 0; +} + +int atl_macsec_disable(struct rte_eth_dev *dev) +{ + struct aq_hw_cfg_s *cfg = + ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private); + + cfg->aq_macsec.common.macsec_enabled = 0; + + return 0; +} + +int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac) +{ + struct aq_hw_cfg_s *cfg = + ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private); + + memset(&cfg->aq_macsec.txsc.mac, 0, sizeof(cfg->aq_macsec.txsc.mac)); + memcpy((uint8_t *)&cfg->aq_macsec.txsc.mac + 2, mac, ETHER_ADDR_LEN); + + return 0; +} + +int atl_macsec_config_rxsc(struct rte_eth_dev *dev, + uint8_t *mac, uint16_t pi) +{ + struct aq_hw_cfg_s *cfg = + ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private); + + memset(&cfg->aq_macsec.rxsc.mac, 0, sizeof(cfg->aq_macsec.rxsc.mac)); + memcpy((uint8_t *)&cfg->aq_macsec.rxsc.mac + 2, mac, ETHER_ADDR_LEN); + cfg->aq_macsec.rxsc.pi = pi; + + return 0; +} + +int atl_macsec_select_txsa(struct rte_eth_dev *dev, + uint8_t idx, uint8_t an, + uint32_t pn, uint8_t *key) +{ + struct aq_hw_cfg_s *cfg = + ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private); + + cfg->aq_macsec.txsa.idx = idx; + cfg->aq_macsec.txsa.pn = pn; + cfg->aq_macsec.txsa.an = an; + + memcpy(&cfg->aq_macsec.txsa.key, key, 16); + return 0; +} + +int atl_macsec_select_rxsa(struct rte_eth_dev *dev, + uint8_t idx, uint8_t an, + uint32_t pn, uint8_t *key) +{ + struct aq_hw_cfg_s *cfg = + ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private); + + cfg->aq_macsec.rxsa.idx = idx; + cfg->aq_macsec.rxsa.pn = pn; + cfg->aq_macsec.rxsa.an = an; + + memcpy(&cfg->aq_macsec.rxsa.key, key, 16); + return 0; +} static int atl_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats *stats) @@ -1532,6 +1610,21 @@ atl_rss_hash_conf_get(struct rte_eth_dev *dev, return 0; } +static bool +is_device_supported(struct rte_eth_dev *dev, struct rte_pci_driver *drv) +{ + if (strcmp(dev->device->driver->name, drv->driver.name)) + return false; + + return true; +} + +bool +is_atlantic_supported(struct rte_eth_dev *dev) +{ + return is_device_supported(dev, &rte_atl_pmd); +} + RTE_PMD_REGISTER_PCI(net_atlantic, rte_atl_pmd); RTE_PMD_REGISTER_PCI_TABLE(net_atlantic, pci_id_atl_map); RTE_PMD_REGISTER_KMOD_DEP(net_atlantic, "* igb_uio | uio_pci_generic"); diff --git a/drivers/net/atlantic/atl_ethdev.h b/drivers/net/atlantic/atl_ethdev.h index 1e29999b53..b162138c59 100644 --- a/drivers/net/atlantic/atl_ethdev.h +++ b/drivers/net/atlantic/atl_ethdev.h @@ -104,4 +104,16 @@ uint16_t atl_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, uint16_t atl_prep_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, uint16_t nb_pkts); +int atl_macsec_enable(struct rte_eth_dev *dev, uint8_t encr, uint8_t repl_prot); +int atl_macsec_disable(struct rte_eth_dev *dev); +int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac); +int atl_macsec_config_rxsc(struct rte_eth_dev *dev, + uint8_t *mac, uint16_t pi); +int atl_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx, + uint8_t an, uint32_t pn, uint8_t *key); +int atl_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx, + uint8_t an, uint32_t pn, uint8_t *key); + +bool is_atlantic_supported(struct rte_eth_dev *dev); + #endif /* _ATLANTIC_ETHDEV_H_ */ diff --git a/drivers/net/atlantic/meson.build b/drivers/net/atlantic/meson.build index 28fb97cace..60b84684ec 100644 --- a/drivers/net/atlantic/meson.build +++ b/drivers/net/atlantic/meson.build @@ -9,4 +9,5 @@ sources = files( 'hw_atl/hw_atl_llh.c', 'hw_atl/hw_atl_utils_fw2x.c', 'hw_atl/hw_atl_utils.c', + 'rte_pmd_atlantic.c', ) diff --git a/drivers/net/atlantic/rte_pmd_atlantic.c b/drivers/net/atlantic/rte_pmd_atlantic.c new file mode 100644 index 0000000000..5bf4da27fd --- /dev/null +++ b/drivers/net/atlantic/rte_pmd_atlantic.c @@ -0,0 +1,102 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Aquantia Corporation + */ + +#include + +#include "rte_pmd_atlantic.h" +#include "atl_ethdev.h" + + +__rte_experimental int +rte_pmd_atl_macsec_enable(uint16_t port, + uint8_t encr, uint8_t repl_prot) +{ + struct rte_eth_dev *dev; + + RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV); + + dev = &rte_eth_devices[port]; + + if (!is_atlantic_supported(dev)) + return -ENOTSUP; + + return atl_macsec_enable(dev, encr, repl_prot); +} + +__rte_experimental int +rte_pmd_atl_macsec_disable(uint16_t port) +{ + struct rte_eth_dev *dev; + + RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV); + + dev = &rte_eth_devices[port]; + + if (!is_atlantic_supported(dev)) + return -ENOTSUP; + + return atl_macsec_disable(dev); +} + +__rte_experimental int +rte_pmd_atl_macsec_config_txsc(uint16_t port, uint8_t *mac) +{ + struct rte_eth_dev *dev; + + RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV); + + dev = &rte_eth_devices[port]; + + if (!is_atlantic_supported(dev)) + return -ENOTSUP; + + return atl_macsec_config_txsc(dev, mac); +} + +__rte_experimental int +rte_pmd_atl_macsec_config_rxsc(uint16_t port, uint8_t *mac, uint16_t pi) +{ + struct rte_eth_dev *dev; + + RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV); + + dev = &rte_eth_devices[port]; + + if (!is_atlantic_supported(dev)) + return -ENOTSUP; + + return atl_macsec_config_rxsc(dev, mac, pi); +} + +__rte_experimental int +rte_pmd_atl_macsec_select_txsa(uint16_t port, uint8_t idx, uint8_t an, + uint32_t pn, uint8_t *key) +{ + struct rte_eth_dev *dev; + + RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV); + + dev = &rte_eth_devices[port]; + + if (!is_atlantic_supported(dev)) + return -ENOTSUP; + + return atl_macsec_select_txsa(dev, idx, an, pn, key); +} + +__rte_experimental int +rte_pmd_atl_macsec_select_rxsa(uint16_t port, uint8_t idx, uint8_t an, + uint32_t pn, uint8_t *key) +{ + struct rte_eth_dev *dev; + + RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV); + + dev = &rte_eth_devices[port]; + + if (!is_atlantic_supported(dev)) + return -ENOTSUP; + + return atl_macsec_select_rxsa(dev, idx, an, pn, key); +} diff --git a/drivers/net/atlantic/rte_pmd_atlantic.h b/drivers/net/atlantic/rte_pmd_atlantic.h new file mode 100644 index 0000000000..e4db7c6c27 --- /dev/null +++ b/drivers/net/atlantic/rte_pmd_atlantic.h @@ -0,0 +1,120 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Aquantia Corporation + */ + +/** + * @file rte_pmd_atlantic.h + * atlantic PMD specific functions. + * + **/ + +#ifndef _PMD_ATLANTIC_H_ +#define _PMD_ATLANTIC_H_ + +#include + +/** + * Enable MACsec offload. + * + * @param port + * The port identifier of the Ethernet device. + * @param encr + * 1 - Enable encryption (encrypt and add integrity signature). + * 0 - Disable encryption (only add integrity signature). + * @param repl_prot + * 1 - Enable replay protection. + * 0 - Disable replay protection. + * @return + * - (0) if successful. + * - (-ENODEV) if *port* invalid. + * - (-ENOTSUP) if hardware doesn't support this feature. + */ +int rte_pmd_atl_macsec_enable(uint16_t port, uint8_t encr, uint8_t repl_prot); + +/** + * Disable MACsec offload. + * + * @param port + * The port identifier of the Ethernet device. + * @return + * - (0) if successful. + * - (-ENODEV) if *port* invalid. + * - (-ENOTSUP) if hardware doesn't support this feature. + */ +int rte_pmd_atl_macsec_disable(uint16_t port); + +/** + * Configure Tx SC (Secure Connection). + * + * @param port + * The port identifier of the Ethernet device. + * @param mac + * The MAC address on the local side. + * @return + * - (0) if successful. + * - (-ENODEV) if *port* invalid. + * - (-ENOTSUP) if hardware doesn't support this feature. + */ +int rte_pmd_atl_macsec_config_txsc(uint16_t port, uint8_t *mac); + +/** + * Configure Rx SC (Secure Connection). + * + * @param port + * The port identifier of the Ethernet device. + * @param mac + * The MAC address on the remote side. + * @param pi + * The PI (port identifier) on the remote side. + * @return + * - (0) if successful. + * - (-ENODEV) if *port* invalid. + * - (-ENOTSUP) if hardware doesn't support this feature. + */ +int rte_pmd_atl_macsec_config_rxsc(uint16_t port, uint8_t *mac, uint16_t pi); + +/** + * Enable Tx SA (Secure Association). + * + * @param port + * The port identifier of the Ethernet device. + * @param idx + * The SA to be enabled (0 or 1). + * @param an + * The association number on the local side. + * @param pn + * The packet number on the local side. + * @param key + * The key on the local side. + * @return + * - (0) if successful. + * - (-ENODEV) if *port* invalid. + * - (-ENOTSUP) if hardware doesn't support this feature. + * - (-EINVAL) if bad parameter. + */ +int rte_pmd_atl_macsec_select_txsa(uint16_t port, uint8_t idx, uint8_t an, + uint32_t pn, uint8_t *key); + +/** + * Enable Rx SA (Secure Association). + * + * @param port + * The port identifier of the Ethernet device. + * @param idx + * The SA to be enabled (0 or 1) + * @param an + * The association number on the remote side. + * @param pn + * The packet number on the remote side. + * @param key + * The key on the remote side. + * @return + * - (0) if successful. + * - (-ENODEV) if *port* invalid. + * - (-ENOTSUP) if hardware doesn't support this feature. + * - (-EINVAL) if bad parameter. + */ +int rte_pmd_atl_macsec_select_rxsa(uint16_t port, uint8_t idx, uint8_t an, + uint32_t pn, uint8_t *key); + +#endif /* _PMD_ATLANTIC_H_ */ diff --git a/drivers/net/atlantic/rte_pmd_atlantic_version.map b/drivers/net/atlantic/rte_pmd_atlantic_version.map index 521e51f411..b16faa999f 100644 --- a/drivers/net/atlantic/rte_pmd_atlantic_version.map +++ b/drivers/net/atlantic/rte_pmd_atlantic_version.map @@ -2,3 +2,15 @@ DPDK_18.11 { local: *; }; + +EXPERIMENTAL { + global: + + rte_pmd_atl_macsec_enable; + rte_pmd_atl_macsec_disable; + rte_pmd_atl_macsec_config_txsc; + rte_pmd_atl_macsec_config_rxsc; + rte_pmd_atl_macsec_select_txsa; + rte_pmd_atl_macsec_select_rxsa; +}; +