From: Pavel Belous <pavel.bel...@aquantia.com>
This is a driver side of macsec configuration routines.
It fills in config structures and sends requests to FW
for configuration activities.
We also declare macsec offload bits in DPDK offload capabilities
Signed-off-by: Pavel Belous <pavel.bel...@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russk...@aquantia.com>
---
drivers/net/atlantic/atl_ethdev.c | 220 ++++++++++++++++++++++++++++++
1 file changed, 220 insertions(+)
diff --git a/drivers/net/atlantic/atl_ethdev.c
b/drivers/net/atlantic/atl_ethdev.c
index 8327863cd9b6..502ef5308b4d 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -122,6 +122,18 @@ static int eth_atl_pci_remove(struct rte_pci_device
*pci_dev);
static void atl_dev_info_get(struct rte_eth_dev *dev,
struct rte_eth_dev_info *dev_info);
+static int atl_macsec_enable(struct rte_eth_dev *dev, uint8_t encr,
+ uint8_t repl_prot);
+static int atl_macsec_disable(struct rte_eth_dev *dev);
+static int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+static int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi);
+static int atl_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+ uint8_t an, uint32_t pn, uint8_t *key);
+
+static int atl_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+ uint8_t an, uint32_t pn, uint8_t *key);
+
int atl_logtype_init;
int atl_logtype_driver;
@@ -167,6 +179,7 @@ static struct rte_pci_driver rte_atl_pmd = {
| DEV_RX_OFFLOAD_UDP_CKSUM \
| DEV_RX_OFFLOAD_TCP_CKSUM \
| DEV_RX_OFFLOAD_JUMBO_FRAME \
+ | DEV_RX_OFFLOAD_MACSEC_STRIP \
| DEV_RX_OFFLOAD_VLAN_FILTER)
#define ATL_TX_OFFLOADS (DEV_TX_OFFLOAD_VLAN_INSERT \
@@ -174,6 +187,7 @@ static struct rte_pci_driver rte_atl_pmd = {
| DEV_TX_OFFLOAD_UDP_CKSUM \
| DEV_TX_OFFLOAD_TCP_CKSUM \
| DEV_TX_OFFLOAD_TCP_TSO \
+ | DEV_TX_OFFLOAD_MACSEC_INSERT \
| DEV_TX_OFFLOAD_MULTI_SEGS)
static const struct rte_eth_desc_lim rx_desc_lim = {
@@ -295,6 +309,13 @@ static const struct eth_dev_ops atl_eth_dev_ops = {
.reta_query = atl_reta_query,
.rss_hash_update = atl_rss_hash_update,
.rss_hash_conf_get = atl_rss_hash_conf_get,
+
+ .macsec_enable = atl_macsec_enable,
+ .macsec_disable = atl_macsec_disable,
+ .macsec_config_rxsc = atl_macsec_config_rxsc,
+ .macsec_config_txsc = atl_macsec_config_txsc,
+ .macsec_select_rxsa = atl_macsec_select_rxsa,
+ .macsec_select_txsa = atl_macsec_select_txsa,
};
static inline int32_t
@@ -698,6 +719,205 @@ atl_dev_reset(struct rte_eth_dev *dev)
return ret;
}
+static int
+atl_dev_configure_macsec(struct rte_eth_dev *dev)
+{
+ struct aq_hw_s *hw = ATL_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct aq_hw_cfg_s *cf = ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+ struct aq_macsec_config *aqcfg = &cf->aq_macsec;
+ struct macsec_msg_fw_request msg_macsec;
+ struct macsec_msg_fw_response response;
+
+ if (!aqcfg->common.macsec_enabled ||
+ hw->aq_fw_ops->send_macsec_req == NULL)
+ return 0;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Creating set of sc/sa structures from parameters provided by DPDK */
+
+ /* Configure macsec */
+ msg_macsec.msg_type = macsec_cfg_msg;
+ msg_macsec.cfg.enabled = aqcfg->common.macsec_enabled;
+ msg_macsec.cfg.interrupts_enabled = 1;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure TX SC */
+
+ msg_macsec.msg_type = macsec_add_tx_sc_msg;
+ msg_macsec.txsc.index = 0; /* TXSC always one (??) */
+ msg_macsec.txsc.protect = aqcfg->common.encryption_enabled;
+
+ /* MAC addr for TX */
+ msg_macsec.txsc.mac_sa[0] = rte_bswap32(aqcfg->txsc.mac[1]);
+ msg_macsec.txsc.mac_sa[1] = rte_bswap32(aqcfg->txsc.mac[0]);
+ msg_macsec.txsc.sa_mask = 0x3f;
+
+ msg_macsec.txsc.da_mask = 0;
+ msg_macsec.txsc.tci = 0x0B;
+ msg_macsec.txsc.curr_an = 0; /* SA index which currently used */
+
+ /*
+ * Creating SCI (Secure Channel Identifier).
+ * SCI constructed from Source MAC and Port identifier
+ */
+ uint32_t sci_hi_part = (msg_macsec.txsc.mac_sa[1] << 16) |
+ (msg_macsec.txsc.mac_sa[0] >> 16);
+ uint32_t sci_low_part = (msg_macsec.txsc.mac_sa[0] << 16);
+
+ uint32_t port_identifier = 1;
+
+ msg_macsec.txsc.sci[1] = sci_hi_part;
+ msg_macsec.txsc.sci[0] = sci_low_part | port_identifier;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SC */
+
+ msg_macsec.msg_type = macsec_add_rx_sc_msg;
+ msg_macsec.rxsc.index = aqcfg->rxsc.pi;
+ msg_macsec.rxsc.replay_protect =
+ aqcfg->common.replay_protection_enabled;
+ msg_macsec.rxsc.anti_replay_window = 0;
+
+ /* MAC addr for RX */
+ msg_macsec.rxsc.mac_da[0] = rte_bswap32(aqcfg->rxsc.mac[1]);
+ msg_macsec.rxsc.mac_da[1] = rte_bswap32(aqcfg->rxsc.mac[0]);
+ msg_macsec.rxsc.da_mask = 0;//0x3f;
+
+ msg_macsec.rxsc.sa_mask = 0;
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SC */
+
+ msg_macsec.msg_type = macsec_add_tx_sa_msg;
+ msg_macsec.txsa.index = aqcfg->txsa.idx;
+ msg_macsec.txsa.next_pn = aqcfg->txsa.pn;
+
+ msg_macsec.txsa.key[0] = rte_bswap32(aqcfg->txsa.key[3]);
+ msg_macsec.txsa.key[1] = rte_bswap32(aqcfg->txsa.key[2]);
+ msg_macsec.txsa.key[2] = rte_bswap32(aqcfg->txsa.key[1]);
+ msg_macsec.txsa.key[3] = rte_bswap32(aqcfg->txsa.key[0]);
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ memset(&msg_macsec, 0, sizeof(msg_macsec));
+
+ /* Configure RX SA */
+
+ msg_macsec.msg_type = macsec_add_rx_sa_msg;
+ msg_macsec.rxsa.index = aqcfg->rxsa.idx;
+ msg_macsec.rxsa.next_pn = aqcfg->rxsa.pn;
+
+ msg_macsec.rxsa.key[0] = rte_bswap32(aqcfg->rxsa.key[3]);
+ msg_macsec.rxsa.key[1] = rte_bswap32(aqcfg->rxsa.key[2]);
+ msg_macsec.rxsa.key[2] = rte_bswap32(aqcfg->rxsa.key[1]);
+ msg_macsec.rxsa.key[3] = rte_bswap32(aqcfg->rxsa.key[0]);
+
+ hw->aq_fw_ops->send_macsec_req(hw, &msg_macsec, &response);
+
+ if (response.result)
+ return -1;
+
+ return 0;
+}
+
+static int atl_macsec_enable(struct rte_eth_dev *dev,
+ uint8_t encr, uint8_t repl_prot)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.common.macsec_enabled = 1;
+ cfg->aq_macsec.common.encryption_enabled = encr;
+ cfg->aq_macsec.common.replay_protection_enabled = repl_prot;
+
+ return 0;
+}
+
+static int atl_macsec_disable(struct rte_eth_dev *dev)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.common.macsec_enabled = 0;
+
+ return 0;
+}
+
+static int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ memset(&cfg->aq_macsec.txsc.mac, 0, sizeof(cfg->aq_macsec.txsc.mac));
+ memcpy((uint8_t *)&cfg->aq_macsec.txsc.mac + 2, mac, ETHER_ADDR_LEN);
+
+ return 0;
+}
+
+static int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ memset(&cfg->aq_macsec.rxsc.mac, 0, sizeof(cfg->aq_macsec.rxsc.mac));
+ memcpy((uint8_t *)&cfg->aq_macsec.rxsc.mac + 2, mac, ETHER_ADDR_LEN);
+ cfg->aq_macsec.rxsc.pi = pi;
+
+ return 0;
+}
+
+static int atl_macsec_select_txsa(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.txsa.idx = idx;
+ cfg->aq_macsec.txsa.pn = pn;
+ cfg->aq_macsec.txsa.an = an;
+
+ memcpy(&cfg->aq_macsec.txsa.key, key, 16);
+ return 0;
+}
+
+static int atl_macsec_select_rxsa(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct aq_hw_cfg_s *cfg =
+ ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+ cfg->aq_macsec.rxsa.idx = idx;
+ cfg->aq_macsec.rxsa.pn = pn;
+ cfg->aq_macsec.rxsa.an = an;
+
+ memcpy(&cfg->aq_macsec.rxsa.key, key, 16);
+ return 0;
+}
static int
atl_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats *stats)
--
2.17.1
