rte_security_ctx is used by all security APIs to identify which device security_op it need to call and hence it should be opaque to the application. Hence, it is now moved to internal header file and all APIs will now take an opaque pointer for it. The fast path inline APIs like set metadata need to get flags from security_ctx. The flags are now retrieved using inline APIs which use macros to get the offset of flags in security_ctx.
Signed-off-by: Akhil Goyal <gak...@marvell.com> --- app/test-crypto-perf/cperf_ops.c | 9 +-- app/test-crypto-perf/cperf_test_latency.c | 3 +- .../cperf_test_pmd_cyclecount.c | 8 +- app/test-crypto-perf/cperf_test_throughput.c | 9 +-- app/test-crypto-perf/cperf_test_verify.c | 4 +- app/test-security-perf/test_security_perf.c | 2 +- app/test/test_cryptodev.c | 22 ++---- app/test/test_cryptodev_security_ipsec.c | 2 +- app/test/test_cryptodev_security_ipsec.h | 2 +- app/test/test_security_inline_macsec.c | 10 +-- app/test/test_security_inline_proto.c | 14 ++-- examples/ipsec-secgw/ipsec-secgw.c | 2 +- examples/ipsec-secgw/ipsec.c | 15 ++-- examples/ipsec-secgw/ipsec.h | 2 +- examples/ipsec-secgw/ipsec_worker.c | 2 +- examples/ipsec-secgw/ipsec_worker.h | 4 +- examples/l2fwd-macsec/main.c | 2 +- lib/security/rte_security.c | 57 ++++++++------ lib/security/rte_security.h | 77 +++++++++---------- lib/security/rte_security_driver.h | 24 ++++++ 20 files changed, 139 insertions(+), 131 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 93b9bfb240..84945d1313 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -749,8 +749,7 @@ create_ipsec_session(struct rte_mempool *sess_mp, else sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(dev_id); + void *ctx = rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); @@ -853,8 +852,7 @@ cperf_create_session(struct rte_mempool *sess_mp, .crypto_xform = &cipher_xform }; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(dev_id); + void *ctx = rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); @@ -901,8 +899,7 @@ cperf_create_session(struct rte_mempool *sess_mp, } }, .crypto_xform = &cipher_xform }; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(dev_id); + void *ctx = rte_cryptodev_get_sec_ctx(dev_id); /* Create security session */ return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c index f1676a9aa9..484bc9eb4e 100644 --- a/app/test-crypto-perf/cperf_test_latency.c +++ b/app/test-crypto-perf/cperf_test_latency.c @@ -53,8 +53,7 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx) else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { - struct rte_security_ctx *sec_ctx = - rte_cryptodev_get_sec_ctx(ctx->dev_id); + void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, ctx->sess); } #endif diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c index 0307e82996..4a60f6d558 100644 --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c @@ -67,11 +67,9 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx) #ifdef RTE_LIB_SECURITY if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS) { - struct rte_security_ctx *sec_ctx = - (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(ctx->dev_id); - rte_security_session_destroy(sec_ctx, - (void *)ctx->sess); + void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); + + rte_security_session_destroy(sec_ctx, (void *)ctx->sess); } else #endif rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess); diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c index e892a70699..f8f8bd717f 100644 --- a/app/test-crypto-perf/cperf_test_throughput.c +++ b/app/test-crypto-perf/cperf_test_throughput.c @@ -44,12 +44,9 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx) else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { - struct rte_security_ctx *sec_ctx = - (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx(ctx->dev_id); - rte_security_session_destroy( - sec_ctx, - (void *)ctx->sess); + void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); + + rte_security_session_destroy(sec_ctx, (void *)ctx->sess); } #endif else diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c index 8042c94e04..a6c0ffe813 100644 --- a/app/test-crypto-perf/cperf_test_verify.c +++ b/app/test-crypto-perf/cperf_test_verify.c @@ -48,8 +48,8 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx) else if (ctx->options->op_type == CPERF_PDCP || ctx->options->op_type == CPERF_DOCSIS || ctx->options->op_type == CPERF_IPSEC) { - struct rte_security_ctx *sec_ctx = - rte_cryptodev_get_sec_ctx(ctx->dev_id); + void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id); + rte_security_session_destroy(sec_ctx, ctx->sess); } #endif diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c index 9bb50689e3..4dfaca4800 100644 --- a/app/test-security-perf/test_security_perf.c +++ b/app/test-security-perf/test_security_perf.c @@ -344,7 +344,7 @@ test_security_session_perf(void *arg) struct rte_security_session_conf sess_conf; int i, ret, nb_sessions, nb_sess_total; struct rte_security_session **sess; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; double setup_rate, destroy_rate; uint64_t setup_ms, destroy_ms; struct lcore_conf *conf = arg; diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fb2af40b99..48a7f2e1c8 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8925,9 +8925,7 @@ security_proto_supported(enum rte_security_session_action_type action, const struct rte_security_capability *capability; uint16_t i = 0; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); capabilities = rte_security_capabilities_get(ctx); @@ -8967,9 +8965,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc, struct crypto_unittest_params *ut_params = &unittest_params; uint8_t *plaintext; int ret = TEST_SUCCESS; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); struct rte_cryptodev_info dev_info; uint64_t feat_flags; @@ -9174,9 +9170,7 @@ test_pdcp_proto_SGL(int i, int oop, unsigned int trn_data = 0; struct rte_cryptodev_info dev_info; uint64_t feat_flags; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); struct rte_mbuf *temp_mbuf; rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); @@ -9772,7 +9766,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], struct ipsec_test_data *res_d_tmp = NULL; uint8_t input_text[IPSEC_TEXT_MAX_LEN]; int salt_len, i, ret = TEST_SUCCESS; - struct rte_security_ctx *ctx; + void *ctx; uint32_t src, dst; uint32_t verify; @@ -10905,9 +10899,7 @@ test_docsis_proto_uplink(const void *data) uint32_t crc_data_len; int ret = TEST_SUCCESS; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; @@ -11089,9 +11081,7 @@ test_docsis_proto_downlink(const void *data) int32_t cipher_len, crc_len; int ret = TEST_SUCCESS; - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - ts_params->valid_devs[0]); + void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]); /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 7a8688c692..aa9b8e543d 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -1241,7 +1241,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td, } int -test_ipsec_stats_verify(struct rte_security_ctx *ctx, +test_ipsec_stats_verify(void *ctx, void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir) diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 92e641ba0b..bbebd05ec1 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -300,7 +300,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td, enum rte_security_ipsec_sa_direction dir, int pkt_num); -int test_ipsec_stats_verify(struct rte_security_ctx *ctx, +int test_ipsec_stats_verify(void *ctx, void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index bfb9e09752..20670fe5d2 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -136,7 +136,7 @@ init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len) static int init_mempools(unsigned int nb_mbuf) { - struct rte_security_ctx *sec_ctx; + void *sec_ctx; uint16_t nb_sess = 512; uint32_t sess_sz; char s[64]; @@ -482,7 +482,7 @@ test_macsec_post_process(struct rte_mbuf *m, const struct mcs_test_vector *td, } static void -mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, +mcs_stats_dump(void *ctx, enum mcs_op op, void *rx_sess, void *tx_sess, uint8_t rx_sc_id, uint8_t tx_sc_id, uint16_t rx_sa_id[], uint16_t tx_sa_id[]) @@ -667,7 +667,7 @@ mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, } static int -mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op, +mcs_stats_check(void *ctx, enum mcs_op op, const struct mcs_test_opts *opts, const struct mcs_test_vector *td, void *rx_sess, void *tx_sess, @@ -850,7 +850,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs struct rte_security_macsec_sa sa_conf = {0}; struct rte_security_macsec_sc sc_conf = {0}; struct mcs_err_vector err_vector = {0}; - struct rte_security_ctx *ctx; + void *ctx; int nb_rx = 0, nb_sent; int i, j = 0, ret, id, an = 0; uint8_t tci_off; @@ -858,7 +858,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td); - ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id); + ctx = rte_eth_dev_get_sec_ctx(port_id); if (ctx == NULL) { printf("Ethernet device doesn't support security features.\n"); return TEST_SKIPPED; diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 45aa742c6b..243aba6015 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -136,7 +136,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS]; /* Create Inline IPsec session */ static int create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, - void **sess, struct rte_security_ctx **ctx, + void **sess, void **ctx, uint32_t *ol_flags, const struct ipsec_test_flags *flags, struct rte_security_session_conf *sess_conf) { @@ -149,7 +149,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, struct rte_security_capability_idx sec_cap_idx; const struct rte_security_capability *sec_cap; enum rte_security_ipsec_sa_direction dir; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; uint32_t verify; sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; @@ -221,7 +221,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, sess_conf->userdata = (void *) sa; - sec_ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(portid); + sec_ctx = rte_eth_dev_get_sec_ctx(portid); if (sec_ctx == NULL) { printf("Ethernet device doesn't support security features.\n"); return TEST_SKIPPED; @@ -503,7 +503,7 @@ init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len, bool static int init_mempools(unsigned int nb_mbuf) { - struct rte_security_ctx *sec_ctx; + void *sec_ctx; uint16_t nb_sess = 512; uint32_t sess_sz; char s[64]; @@ -801,7 +801,7 @@ test_ipsec_with_reassembly(struct reassembly_vector *vector, struct rte_crypto_sym_xform auth_in = {0}; struct rte_crypto_sym_xform aead_in = {0}; struct ipsec_test_data sa_data; - struct rte_security_ctx *ctx; + void *ctx; unsigned int i, nb_rx = 0, j; uint32_t ol_flags; bool outer_ipv4; @@ -1068,7 +1068,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, struct rte_crypto_sym_xform auth = {0}; struct rte_crypto_sym_xform aead = {0}; struct sa_expiry_vector vector = {0}; - struct rte_security_ctx *ctx; + void *ctx; int nb_rx = 0, nb_sent; uint32_t ol_flags; int i, j = 0, ret; @@ -1338,7 +1338,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[], struct rte_mbuf *tx_pkt = NULL; int nb_rx, nb_sent; void *ses; - struct rte_security_ctx *ctx; + void *ctx; uint32_t ol_flags; bool outer_ipv4; int i, ret; diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 3ab7995fd5..bf98d2618b 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -568,7 +568,7 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, static inline void process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts, - uint8_t nb_pkts, uint16_t portid, struct rte_security_ctx *ctx) + uint8_t nb_pkts, uint16_t portid, void *ctx) { struct ipsec_traffic traffic; diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index a5706bed24..f5cec4a928 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -205,7 +205,7 @@ verify_ipsec_capabilities(struct rte_security_ipsec_xform *ipsec_xform, static inline int -verify_security_capabilities(struct rte_security_ctx *ctx, +verify_security_capabilities(void *ctx, struct rte_security_session_conf *sess_conf, uint32_t *ol_flags) { @@ -327,9 +327,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[], }; if (ips->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) { - struct rte_security_ctx *ctx = (struct rte_security_ctx *) - rte_cryptodev_get_sec_ctx( - cdev_id); + void *ctx = rte_cryptodev_get_sec_ctx(cdev_id); /* Set IPsec parameters in conf */ set_ipsec_conf(sa, &(sess_conf.ipsec)); @@ -411,7 +409,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, struct rte_ipsec_session *ips) { int32_t ret = 0; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; struct rte_security_session_conf sess_conf = { .action_type = ips->type, .protocol = RTE_SECURITY_PROTOCOL_IPSEC, @@ -490,9 +488,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, struct rte_flow_error err; int ret = 0; - sec_ctx = (struct rte_security_ctx *) - rte_eth_dev_get_sec_ctx( - sa->portid); + sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid); if (sec_ctx == NULL) { RTE_LOG(ERR, IPSEC, " rte_eth_dev_get_sec_ctx failed\n"); @@ -657,8 +653,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, return -1; } } else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { - sec_ctx = (struct rte_security_ctx *) - rte_eth_dev_get_sec_ctx(sa->portid); + sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid); if (sec_ctx == NULL) { RTE_LOG(ERR, IPSEC, diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 6bef2a7285..5059418456 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -279,7 +279,7 @@ struct cnt_blk { struct lcore_rx_queue { uint16_t port_id; uint8_t queue_id; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; } __rte_cache_aligned; struct buffer { diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c index 58c80c73f0..8d122e8519 100644 --- a/examples/ipsec-secgw/ipsec_worker.c +++ b/examples/ipsec-secgw/ipsec_worker.c @@ -20,7 +20,7 @@ struct port_drv_mode_data { void *sess; - struct rte_security_ctx *ctx; + void *ctx; }; typedef void (*ipsec_worker_fn_t)(void); diff --git a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec-secgw/ipsec_worker.h index cf59b9b5ab..ac980b8bcf 100644 --- a/examples/ipsec-secgw/ipsec_worker.h +++ b/examples/ipsec-secgw/ipsec_worker.h @@ -119,7 +119,7 @@ adjust_ipv6_pktlen(struct rte_mbuf *m, const struct rte_ipv6_hdr *iph, } static __rte_always_inline void -prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt, +prepare_one_packet(void *ctx, struct rte_mbuf *pkt, struct ipsec_traffic *t) { uint32_t ptype = pkt->packet_type; @@ -230,7 +230,7 @@ prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt, } static __rte_always_inline void -prepare_traffic(struct rte_security_ctx *ctx, struct rte_mbuf **pkts, +prepare_traffic(void *ctx, struct rte_mbuf **pkts, struct ipsec_traffic *t, uint16_t nb_pkts) { int32_t i; diff --git a/examples/l2fwd-macsec/main.c b/examples/l2fwd-macsec/main.c index dfc567e36e..ae05b1b475 100644 --- a/examples/l2fwd-macsec/main.c +++ b/examples/l2fwd-macsec/main.c @@ -139,7 +139,7 @@ struct l2fwd_macsec_options { struct l2fwd_macsec_port_params { uint8_t dev_id; uint8_t qp_id; - struct rte_security_ctx *sec_ctx; + void *sec_ctx; struct rte_mempool *sess_pool; void *sess; diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index c4d64bb8e9..8a7c725eff 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -43,11 +43,12 @@ rte_security_dynfield_register(void) } void * -rte_security_session_create(struct rte_security_ctx *instance, +rte_security_session_create(void *ctx, struct rte_security_session_conf *conf, struct rte_mempool *mp) { struct rte_security_session *sess = NULL; + struct rte_security_ctx *instance = ctx; uint32_t sess_priv_size; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); @@ -76,10 +77,10 @@ rte_security_session_create(struct rte_security_ctx *instance, } int -rte_security_session_update(struct rte_security_ctx *instance, - void *sess, - struct rte_security_session_conf *conf) +rte_security_session_update(void *ctx, void *sess, struct rte_security_session_conf *conf) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(sess, -EINVAL); @@ -89,8 +90,10 @@ rte_security_session_update(struct rte_security_ctx *instance, } unsigned int -rte_security_session_get_size(struct rte_security_ctx *instance) +rte_security_session_get_size(void *ctx) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0); return (sizeof(struct rte_security_session) + @@ -98,10 +101,10 @@ rte_security_session_get_size(struct rte_security_ctx *instance) } int -rte_security_session_stats_get(struct rte_security_ctx *instance, - void *sess, - struct rte_security_stats *stats) +rte_security_session_stats_get(void *ctx, void *sess, struct rte_security_stats *stats) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, -ENOTSUP); /* Parameter sess can be NULL in case of getting global statistics. */ @@ -111,8 +114,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, } int -rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) +rte_security_session_destroy(void *ctx, void *sess) { + struct rte_security_ctx *instance = ctx; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, @@ -132,9 +136,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) } int -rte_security_macsec_sc_create(struct rte_security_ctx *instance, - struct rte_security_macsec_sc *conf) +rte_security_macsec_sc_create(void *ctx, struct rte_security_macsec_sc *conf) { + struct rte_security_ctx *instance = ctx; int sc_id; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_create, -EINVAL, -ENOTSUP); @@ -148,9 +152,9 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance, } int -rte_security_macsec_sa_create(struct rte_security_ctx *instance, - struct rte_security_macsec_sa *conf) +rte_security_macsec_sa_create(void *ctx, struct rte_security_macsec_sa *conf) { + struct rte_security_ctx *instance = ctx; int sa_id; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_create, -EINVAL, -ENOTSUP); @@ -164,9 +168,10 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance, } int -rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id, +rte_security_macsec_sc_destroy(void *ctx, uint16_t sc_id, enum rte_security_macsec_direction dir) { + struct rte_security_ctx *instance = ctx; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_destroy, -EINVAL, -ENOTSUP); @@ -182,9 +187,10 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id } int -rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id, +rte_security_macsec_sa_destroy(void *ctx, uint16_t sa_id, enum rte_security_macsec_direction dir) { + struct rte_security_ctx *instance = ctx; int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_destroy, -EINVAL, -ENOTSUP); @@ -200,10 +206,12 @@ rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id } int -rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id, +rte_security_macsec_sc_stats_get(void *ctx, uint16_t sc_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_stats_get, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(stats, -EINVAL); @@ -211,10 +219,12 @@ rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_ } int -rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id, +rte_security_macsec_sa_stats_get(void *ctx, uint16_t sa_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_stats_get, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(stats, -EINVAL); @@ -222,10 +232,9 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_ } int -__rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - void *sess, - struct rte_mbuf *m, void *params) +__rte_security_set_pkt_metadata(void *ctx, void *sess, struct rte_mbuf *m, void *params) { + struct rte_security_ctx *instance = ctx; #ifdef RTE_DEBUG RTE_PTR_OR_ERR_RET(sess, -EINVAL); RTE_PTR_OR_ERR_RET(instance, -EINVAL); @@ -238,19 +247,21 @@ __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, } const struct rte_security_capability * -rte_security_capabilities_get(struct rte_security_ctx *instance) +rte_security_capabilities_get(void *ctx) { + struct rte_security_ctx *instance = ctx; + RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); return instance->ops->capabilities_get(instance->device); } const struct rte_security_capability * -rte_security_capability_get(struct rte_security_ctx *instance, - struct rte_security_capability_idx *idx) +rte_security_capability_get(void *ctx, struct rte_security_capability_idx *idx) { const struct rte_security_capability *capabilities; const struct rte_security_capability *capability; + struct rte_security_ctx *instance = ctx; uint16_t i = 0; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 3b2df526ba..1ec7938cfa 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -56,30 +56,6 @@ enum rte_security_ipsec_tunnel_type { #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2 -/** - * Security context for crypto/eth devices - * - * Security instance for each driver to register security operations. - * The application can get the security context from the crypto/eth device id - * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx() - * This structure is used to identify the device(crypto/eth) for which the - * security operations need to be performed. - */ -struct rte_security_ctx { - void *device; - /**< Crypto/ethernet device attached */ - const struct rte_security_ops *ops; - /**< Pointer to security ops for the device */ - uint16_t sess_cnt; - /**< Number of sessions attached to this context */ - uint16_t macsec_sc_cnt; - /**< Number of MACsec SC attached to this context */ - uint16_t macsec_sa_cnt; - /**< Number of MACsec SA attached to this context */ - uint32_t flags; - /**< Flags for security context */ -}; - #define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 /**< Driver uses fast metadata update without using driver specific callback. * For fast mdata, mbuf dynamic field would be registered by driver @@ -689,7 +665,7 @@ struct rte_security_session_conf { * - On failure, NULL */ void * -rte_security_session_create(struct rte_security_ctx *instance, +rte_security_session_create(void *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp); @@ -705,7 +681,7 @@ rte_security_session_create(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_session_update(struct rte_security_ctx *instance, +rte_security_session_update(void *instance, void *sess, struct rte_security_session_conf *conf); @@ -719,7 +695,7 @@ rte_security_session_update(struct rte_security_ctx *instance, * - 0 if device is invalid or does not support the operation. */ unsigned int -rte_security_session_get_size(struct rte_security_ctx *instance); +rte_security_session_get_size(void *instance); /** * Free security session header and the session private data and @@ -736,7 +712,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance); * - other negative values in case of freeing private data errors. */ int -rte_security_session_destroy(struct rte_security_ctx *instance, void *sess); +rte_security_session_destroy(void *instance, void *sess); /** * @warning @@ -755,7 +731,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance, void *sess); */ __rte_experimental int -rte_security_macsec_sc_create(struct rte_security_ctx *instance, +rte_security_macsec_sc_create(void *instance, struct rte_security_macsec_sc *conf); /** @@ -774,7 +750,7 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id, +rte_security_macsec_sc_destroy(void *instance, uint16_t sc_id, enum rte_security_macsec_direction dir); /** @@ -794,7 +770,7 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id */ __rte_experimental int -rte_security_macsec_sa_create(struct rte_security_ctx *instance, +rte_security_macsec_sa_create(void *instance, struct rte_security_macsec_sa *conf); /** @@ -813,7 +789,7 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id, +rte_security_macsec_sa_destroy(void *instance, uint16_t sa_id, enum rte_security_macsec_direction dir); /** Device-specific metadata field type */ @@ -857,6 +833,27 @@ static inline bool rte_security_dynfield_is_registered(void) return rte_security_dynfield_offset >= 0; } +#define RTE_SECURITY_CTX_FLAGS_OFF 4 +/** + * Get security flags from security instance. + */ +static inline uint32_t +rte_security_ctx_flags_get(void *ctx) +{ + return *((uint32_t *)ctx + RTE_SECURITY_CTX_FLAGS_OFF); +} + +/** + * Set security flags in security instance. + */ +static inline void +rte_security_ctx_flags_set(void *ctx, uint32_t flags) +{ + uint32_t *data; + data = (((uint32_t *)ctx) + RTE_SECURITY_CTX_FLAGS_OFF); + *data = flags; +} + #define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0 #define RTE_SECURITY_SESS_FAST_MDATA_OFF 1 /** @@ -901,7 +898,7 @@ rte_security_session_fast_mdata_set(void *sess, uint64_t fdata) /** Function to call PMD specific function pointer set_pkt_metadata() */ __rte_experimental -int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, +int __rte_security_set_pkt_metadata(void *instance, void *sess, struct rte_mbuf *m, void *params); @@ -919,12 +916,12 @@ int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, * - On failure, a negative value. */ static inline int -rte_security_set_pkt_metadata(struct rte_security_ctx *instance, +rte_security_set_pkt_metadata(void *instance, void *sess, struct rte_mbuf *mb, void *params) { /* Fast Path */ - if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { + if (rte_security_ctx_flags_get(instance) & RTE_SEC_CTX_F_FAST_SET_MDATA) { *rte_security_dynfield(mb) = (rte_security_dynfield_t) rte_security_session_fast_mdata_get(sess); return 0; @@ -1074,7 +1071,7 @@ struct rte_security_stats { */ __rte_experimental int -rte_security_session_stats_get(struct rte_security_ctx *instance, +rte_security_session_stats_get(void *instance, void *sess, struct rte_security_stats *stats); @@ -1094,7 +1091,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, +rte_security_macsec_sa_stats_get(void *instance, uint16_t sa_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats); @@ -1114,7 +1111,7 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, +rte_security_macsec_sc_stats_get(void *instance, uint16_t sc_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats); @@ -1264,7 +1261,7 @@ struct rte_security_capability_idx { * - Return NULL if no capabilities available. */ const struct rte_security_capability * -rte_security_capabilities_get(struct rte_security_ctx *instance); +rte_security_capabilities_get(void *instance); /** * Query if a specific capability is available on security instance @@ -1278,7 +1275,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance); * - Return NULL if the capability not matched on security instance. */ const struct rte_security_capability * -rte_security_capability_get(struct rte_security_ctx *instance, +rte_security_capability_get(void *instance, struct rte_security_capability_idx *idx); #ifdef __cplusplus diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h index 31444a05d3..60e05f083f 100644 --- a/lib/security/rte_security_driver.h +++ b/lib/security/rte_security_driver.h @@ -37,6 +37,30 @@ struct rte_security_session { /**< Private session material, variable size (depends on driver) */ }; +/** + * Security context for crypto/eth devices + * + * Security instance for each driver to register security operations. + * The application can get the security context from the crypto/eth device id + * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx() + * This structure is used to identify the device(crypto/eth) for which the + * security operations need to be performed. + */ +struct rte_security_ctx { + void *device; + /**< Crypto/ethernet device attached */ + const struct rte_security_ops *ops; + /**< Pointer to security ops for the device */ + uint32_t flags; + /**< Flags for security context */ + uint16_t sess_cnt; + /**< Number of sessions attached to this context */ + uint16_t macsec_sc_cnt; + /**< Number of MACsec SC attached to this context */ + uint16_t macsec_sa_cnt; + /**< Number of MACsec SA attached to this context */ +}; + /** * Helper macro to get driver private data */ -- 2.25.1