[dpdk-dev] [PATCH 30/32] net/ngbe: support security operations

Wed, 08 Sep 2021 01:39:52 -0700 

Support to update a security session and clear a security session
statistics.

Signed-off-by: Jiawen Wu <jiawe...@trustnetic.com>
---
 drivers/net/ngbe/ngbe_ipsec.c | 41 +++++++++++++++++++++++++++++++++++
 drivers/net/ngbe/ngbe_ipsec.h | 15 +++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/drivers/net/ngbe/ngbe_ipsec.c b/drivers/net/ngbe/ngbe_ipsec.c
index 80151d45dc..cc79d7d88f 100644
--- a/drivers/net/ngbe/ngbe_ipsec.c
+++ b/drivers/net/ngbe/ngbe_ipsec.c
@@ -360,6 +360,12 @@ ngbe_crypto_create_session(void *device,
        return 0;
 }
 
+static unsigned int
+ngbe_crypto_session_get_size(__rte_unused void *device)
+{
+       return sizeof(struct ngbe_crypto_session);
+}
+
 static int
 ngbe_crypto_remove_session(void *device,
                struct rte_security_session *session)
@@ -385,6 +391,39 @@ ngbe_crypto_remove_session(void *device,
        return 0;
 }
 
+static inline uint8_t
+ngbe_crypto_compute_pad_len(struct rte_mbuf *m)
+{
+       if (m->nb_segs == 1) {
+               /* 16 bytes ICV + 2 bytes ESP trailer + payload padding size
+                * payload padding size is stored at <pkt_len - 18>
+                */
+               uint8_t *esp_pad_len = rte_pktmbuf_mtod_offset(m, uint8_t *,
+                                       rte_pktmbuf_pkt_len(m) -
+                                       (ESP_TRAILER_SIZE + ESP_ICV_SIZE));
+               return *esp_pad_len + ESP_TRAILER_SIZE + ESP_ICV_SIZE;
+       }
+       return 0;
+}
+
+static int
+ngbe_crypto_update_mb(void *device __rte_unused,
+               struct rte_security_session *session,
+                      struct rte_mbuf *m, void *params __rte_unused)
+{
+       struct ngbe_crypto_session *ic_session =
+                       get_sec_session_private_data(session);
+       if (ic_session->op == NGBE_OP_AUTHENTICATED_ENCRYPTION) {
+               union ngbe_crypto_tx_desc_md *mdata =
+                       (union ngbe_crypto_tx_desc_md *)
+                               rte_security_dynfield(m);
+               mdata->enc = 1;
+               mdata->sa_idx = ic_session->sa_index;
+               mdata->pad_len = ngbe_crypto_compute_pad_len(m);
+       }
+       return 0;
+}
+
 static const struct rte_security_capability *
 ngbe_crypto_capabilities_get(void *device __rte_unused)
 {
@@ -513,7 +552,9 @@ ngbe_crypto_capabilities_get(void *device __rte_unused)
 
 static struct rte_security_ops ngbe_security_ops = {
        .session_create = ngbe_crypto_create_session,
+       .session_get_size = ngbe_crypto_session_get_size,
        .session_destroy = ngbe_crypto_remove_session,
+       .set_pkt_metadata = ngbe_crypto_update_mb,
        .capabilities_get = ngbe_crypto_capabilities_get
 };
 
diff --git a/drivers/net/ngbe/ngbe_ipsec.h b/drivers/net/ngbe/ngbe_ipsec.h
index 8442bb2157..fa5f21027b 100644
--- a/drivers/net/ngbe/ngbe_ipsec.h
+++ b/drivers/net/ngbe/ngbe_ipsec.h
@@ -18,6 +18,9 @@
 #define IPSEC_MAX_RX_IP_COUNT           16
 #define IPSEC_MAX_SA_COUNT              16
 
+#define ESP_ICV_SIZE 16
+#define ESP_TRAILER_SIZE 2
+
 enum ngbe_operation {
        NGBE_OP_AUTHENTICATED_ENCRYPTION,
        NGBE_OP_AUTHENTICATED_DECRYPTION
@@ -69,6 +72,18 @@ struct ngbe_crypto_tx_sa_table {
        uint8_t  used;
 };
 
+union ngbe_crypto_tx_desc_md {
+       uint64_t data;
+       struct {
+               /**< SA table index */
+               uint32_t sa_idx;
+               /**< ICV and ESP trailer length */
+               uint8_t pad_len;
+               /**< enable encryption */
+               uint8_t enc;
+       };
+};
+
 struct ngbe_ipsec {
        struct ngbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
        struct ngbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
-- 
2.21.0.windows.1

Reply via email to