169daa9e5SNithin Dabilpuram /* SPDX-License-Identifier: BSD-3-Clause 269daa9e5SNithin Dabilpuram * Copyright(C) 2021 Marvell. 369daa9e5SNithin Dabilpuram */ 469daa9e5SNithin Dabilpuram 569daa9e5SNithin Dabilpuram #include <rte_cryptodev.h> 669daa9e5SNithin Dabilpuram #include <rte_eventdev.h> 769daa9e5SNithin Dabilpuram #include <rte_security.h> 869daa9e5SNithin Dabilpuram #include <rte_security_driver.h> 98efa348eSKiran Kumar K #include <rte_pmd_cnxk.h> 1069daa9e5SNithin Dabilpuram 1169daa9e5SNithin Dabilpuram #include <cn10k_ethdev.h> 125e9e008dSNithin Dabilpuram #include <cn10k_rx.h> 13ec0931b3SAkhil Goyal #include <cnxk_ethdev_mcs.h> 1469daa9e5SNithin Dabilpuram #include <cnxk_security.h> 15bea5d990SVamsi Attunuru #include <roc_priv.h> 1669daa9e5SNithin Dabilpuram 1738114a1eSNithin Dabilpuram PLT_STATIC_ASSERT(offsetof(struct rte_pmd_cnxk_ipsec_inb_sa, ctx.ar_winbits) == 1838114a1eSNithin Dabilpuram offsetof(struct roc_ot_ipsec_inb_sa, ctx.ar_winbits)); 1938114a1eSNithin Dabilpuram 2038114a1eSNithin Dabilpuram PLT_STATIC_ASSERT(offsetof(struct rte_pmd_cnxk_ipsec_outb_sa, ctx.mib_pkts) == 2138114a1eSNithin Dabilpuram offsetof(struct roc_ot_ipsec_outb_sa, ctx.mib_pkts)); 2238114a1eSNithin Dabilpuram 2338114a1eSNithin Dabilpuram PLT_STATIC_ASSERT(RTE_PMD_CNXK_CTX_MAX_CKEY_LEN == ROC_CTX_MAX_CKEY_LEN); 2438114a1eSNithin Dabilpuram PLT_STATIC_ASSERT(RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN == RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN); 2538114a1eSNithin Dabilpuram 2638114a1eSNithin Dabilpuram PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WIN_SIZE_MIN == ROC_AR_WIN_SIZE_MIN); 2738114a1eSNithin Dabilpuram PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WIN_SIZE_MAX == ROC_AR_WIN_SIZE_MAX); 2838114a1eSNithin Dabilpuram PLT_STATIC_ASSERT(RTE_PMD_CNXK_LOG_MIN_AR_WIN_SIZE_M1 == ROC_LOG_MIN_AR_WIN_SIZE_M1); 2938114a1eSNithin Dabilpuram PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WINBITS_SZ == ROC_AR_WINBITS_SZ); 3038114a1eSNithin Dabilpuram 31*d524a552SRakesh Kudurumalla cnxk_ethdev_rx_offload_cb_t cnxk_ethdev_rx_offload_cb; 32*d524a552SRakesh Kudurumalla void 33*d524a552SRakesh Kudurumalla cnxk_ethdev_rx_offload_cb_register(cnxk_ethdev_rx_offload_cb_t cb) 34*d524a552SRakesh Kudurumalla { 35*d524a552SRakesh Kudurumalla cnxk_ethdev_rx_offload_cb = cb; 36*d524a552SRakesh Kudurumalla } 37*d524a552SRakesh Kudurumalla 3869daa9e5SNithin Dabilpuram static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = { 3969daa9e5SNithin Dabilpuram { /* AES GCM */ 4069daa9e5SNithin Dabilpuram .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 4169daa9e5SNithin Dabilpuram {.sym = { 4269daa9e5SNithin Dabilpuram .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 4369daa9e5SNithin Dabilpuram {.aead = { 4469daa9e5SNithin Dabilpuram .algo = RTE_CRYPTO_AEAD_AES_GCM, 4569daa9e5SNithin Dabilpuram .block_size = 16, 4669daa9e5SNithin Dabilpuram .key_size = { 4769daa9e5SNithin Dabilpuram .min = 16, 4869daa9e5SNithin Dabilpuram .max = 32, 4969daa9e5SNithin Dabilpuram .increment = 8 5069daa9e5SNithin Dabilpuram }, 5169daa9e5SNithin Dabilpuram .digest_size = { 5269daa9e5SNithin Dabilpuram .min = 16, 5369daa9e5SNithin Dabilpuram .max = 16, 5469daa9e5SNithin Dabilpuram .increment = 0 5569daa9e5SNithin Dabilpuram }, 5669daa9e5SNithin Dabilpuram .aad_size = { 5769daa9e5SNithin Dabilpuram .min = 8, 5869daa9e5SNithin Dabilpuram .max = 12, 5969daa9e5SNithin Dabilpuram .increment = 4 6069daa9e5SNithin Dabilpuram }, 6169daa9e5SNithin Dabilpuram .iv_size = { 6269daa9e5SNithin Dabilpuram .min = 12, 6369daa9e5SNithin Dabilpuram .max = 12, 6469daa9e5SNithin Dabilpuram .increment = 0 6569daa9e5SNithin Dabilpuram } 6669daa9e5SNithin Dabilpuram }, } 6769daa9e5SNithin Dabilpuram }, } 6869daa9e5SNithin Dabilpuram }, 69161fee38SSrujana Challa { /* AES CBC */ 70161fee38SSrujana Challa .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 71161fee38SSrujana Challa {.sym = { 72161fee38SSrujana Challa .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 73161fee38SSrujana Challa {.cipher = { 74161fee38SSrujana Challa .algo = RTE_CRYPTO_CIPHER_AES_CBC, 75161fee38SSrujana Challa .block_size = 16, 76161fee38SSrujana Challa .key_size = { 77161fee38SSrujana Challa .min = 16, 78161fee38SSrujana Challa .max = 32, 79161fee38SSrujana Challa .increment = 8 80161fee38SSrujana Challa }, 81161fee38SSrujana Challa .iv_size = { 82161fee38SSrujana Challa .min = 16, 83161fee38SSrujana Challa .max = 16, 84161fee38SSrujana Challa .increment = 0 85161fee38SSrujana Challa } 86161fee38SSrujana Challa }, } 87161fee38SSrujana Challa }, } 88161fee38SSrujana Challa }, 893790ab9bSAkhil Goyal { /* AES CTR */ 903790ab9bSAkhil Goyal .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 913790ab9bSAkhil Goyal {.sym = { 923790ab9bSAkhil Goyal .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 933790ab9bSAkhil Goyal {.cipher = { 943790ab9bSAkhil Goyal .algo = RTE_CRYPTO_CIPHER_AES_CTR, 953790ab9bSAkhil Goyal .block_size = 16, 963790ab9bSAkhil Goyal .key_size = { 973790ab9bSAkhil Goyal .min = 16, 983790ab9bSAkhil Goyal .max = 32, 993790ab9bSAkhil Goyal .increment = 8 1003790ab9bSAkhil Goyal }, 1013790ab9bSAkhil Goyal .iv_size = { 1023790ab9bSAkhil Goyal .min = 12, 1033790ab9bSAkhil Goyal .max = 16, 1043790ab9bSAkhil Goyal .increment = 4 1053790ab9bSAkhil Goyal } 1063790ab9bSAkhil Goyal }, } 1073790ab9bSAkhil Goyal }, } 1083790ab9bSAkhil Goyal }, 109b934e65bSVamsi Attunuru { /* 3DES CBC */ 110b934e65bSVamsi Attunuru .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 111b934e65bSVamsi Attunuru {.sym = { 112b934e65bSVamsi Attunuru .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 113b934e65bSVamsi Attunuru {.cipher = { 114b934e65bSVamsi Attunuru .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 115b934e65bSVamsi Attunuru .block_size = 8, 116b934e65bSVamsi Attunuru .key_size = { 117b934e65bSVamsi Attunuru .min = 24, 118b934e65bSVamsi Attunuru .max = 24, 119b934e65bSVamsi Attunuru .increment = 0 120b934e65bSVamsi Attunuru }, 121b934e65bSVamsi Attunuru .iv_size = { 122b934e65bSVamsi Attunuru .min = 8, 123b934e65bSVamsi Attunuru .max = 16, 124b934e65bSVamsi Attunuru .increment = 8 125b934e65bSVamsi Attunuru } 126b934e65bSVamsi Attunuru }, } 127b934e65bSVamsi Attunuru }, } 128b934e65bSVamsi Attunuru }, 1293790ab9bSAkhil Goyal { /* AES-XCBC */ 1303790ab9bSAkhil Goyal .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 1313790ab9bSAkhil Goyal { .sym = { 1323790ab9bSAkhil Goyal .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 1333790ab9bSAkhil Goyal {.auth = { 1343790ab9bSAkhil Goyal .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 1353790ab9bSAkhil Goyal .block_size = 16, 1363790ab9bSAkhil Goyal .key_size = { 1373790ab9bSAkhil Goyal .min = 16, 1383790ab9bSAkhil Goyal .max = 16, 1393790ab9bSAkhil Goyal .increment = 0 1403790ab9bSAkhil Goyal }, 1413790ab9bSAkhil Goyal .digest_size = { 1423790ab9bSAkhil Goyal .min = 12, 1433790ab9bSAkhil Goyal .max = 12, 1443790ab9bSAkhil Goyal .increment = 0, 1453790ab9bSAkhil Goyal }, 1463790ab9bSAkhil Goyal }, } 1473790ab9bSAkhil Goyal }, } 1483790ab9bSAkhil Goyal }, 149161fee38SSrujana Challa { /* SHA1 HMAC */ 150161fee38SSrujana Challa .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 151161fee38SSrujana Challa {.sym = { 152161fee38SSrujana Challa .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 153161fee38SSrujana Challa {.auth = { 154161fee38SSrujana Challa .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 155161fee38SSrujana Challa .block_size = 64, 156161fee38SSrujana Challa .key_size = { 157161fee38SSrujana Challa .min = 20, 158161fee38SSrujana Challa .max = 64, 159161fee38SSrujana Challa .increment = 1 160161fee38SSrujana Challa }, 161161fee38SSrujana Challa .digest_size = { 162161fee38SSrujana Challa .min = 12, 163161fee38SSrujana Challa .max = 12, 164161fee38SSrujana Challa .increment = 0 165161fee38SSrujana Challa }, 166161fee38SSrujana Challa }, } 167161fee38SSrujana Challa }, } 168161fee38SSrujana Challa }, 1693790ab9bSAkhil Goyal { /* SHA256 HMAC */ 1703790ab9bSAkhil Goyal .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 1713790ab9bSAkhil Goyal {.sym = { 1723790ab9bSAkhil Goyal .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 1733790ab9bSAkhil Goyal {.auth = { 1743790ab9bSAkhil Goyal .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 1753790ab9bSAkhil Goyal .block_size = 64, 1763790ab9bSAkhil Goyal .key_size = { 1773790ab9bSAkhil Goyal .min = 1, 1783790ab9bSAkhil Goyal .max = 1024, 1793790ab9bSAkhil Goyal .increment = 1 1803790ab9bSAkhil Goyal }, 1813790ab9bSAkhil Goyal .digest_size = { 1823790ab9bSAkhil Goyal .min = 16, 1833790ab9bSAkhil Goyal .max = 32, 1843790ab9bSAkhil Goyal .increment = 16 1853790ab9bSAkhil Goyal }, 1863790ab9bSAkhil Goyal }, } 1873790ab9bSAkhil Goyal }, } 1883790ab9bSAkhil Goyal }, 1893790ab9bSAkhil Goyal { /* SHA384 HMAC */ 1903790ab9bSAkhil Goyal .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 1913790ab9bSAkhil Goyal {.sym = { 1923790ab9bSAkhil Goyal .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 1933790ab9bSAkhil Goyal {.auth = { 1943790ab9bSAkhil Goyal .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 1953790ab9bSAkhil Goyal .block_size = 64, 1963790ab9bSAkhil Goyal .key_size = { 1973790ab9bSAkhil Goyal .min = 1, 1983790ab9bSAkhil Goyal .max = 1024, 1993790ab9bSAkhil Goyal .increment = 1 2003790ab9bSAkhil Goyal }, 2013790ab9bSAkhil Goyal .digest_size = { 2023790ab9bSAkhil Goyal .min = 24, 2033790ab9bSAkhil Goyal .max = 48, 2043790ab9bSAkhil Goyal .increment = 24 2053790ab9bSAkhil Goyal }, 2063790ab9bSAkhil Goyal }, } 2073790ab9bSAkhil Goyal }, } 2083790ab9bSAkhil Goyal }, 2093790ab9bSAkhil Goyal { /* SHA512 HMAC */ 2103790ab9bSAkhil Goyal .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 2113790ab9bSAkhil Goyal {.sym = { 2123790ab9bSAkhil Goyal .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 2133790ab9bSAkhil Goyal {.auth = { 2143790ab9bSAkhil Goyal .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 2153790ab9bSAkhil Goyal .block_size = 128, 2163790ab9bSAkhil Goyal .key_size = { 2173790ab9bSAkhil Goyal .min = 1, 2183790ab9bSAkhil Goyal .max = 1024, 2193790ab9bSAkhil Goyal .increment = 1 2203790ab9bSAkhil Goyal }, 2213790ab9bSAkhil Goyal .digest_size = { 2223790ab9bSAkhil Goyal .min = 32, 2233790ab9bSAkhil Goyal .max = 64, 2243790ab9bSAkhil Goyal .increment = 32 2253790ab9bSAkhil Goyal }, 2263790ab9bSAkhil Goyal }, } 2273790ab9bSAkhil Goyal }, } 2283790ab9bSAkhil Goyal }, 2293790ab9bSAkhil Goyal { /* AES GMAC (AUTH) */ 2303790ab9bSAkhil Goyal .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 2313790ab9bSAkhil Goyal {.sym = { 2323790ab9bSAkhil Goyal .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 2333790ab9bSAkhil Goyal {.auth = { 2343790ab9bSAkhil Goyal .algo = RTE_CRYPTO_AUTH_AES_GMAC, 2353790ab9bSAkhil Goyal .block_size = 16, 2363790ab9bSAkhil Goyal .key_size = { 2373790ab9bSAkhil Goyal .min = 16, 2383790ab9bSAkhil Goyal .max = 32, 2393790ab9bSAkhil Goyal .increment = 8 2403790ab9bSAkhil Goyal }, 2413790ab9bSAkhil Goyal .digest_size = { 2423790ab9bSAkhil Goyal .min = 8, 2433790ab9bSAkhil Goyal .max = 16, 2443790ab9bSAkhil Goyal .increment = 4 2453790ab9bSAkhil Goyal }, 2463790ab9bSAkhil Goyal .iv_size = { 2473790ab9bSAkhil Goyal .min = 12, 2483790ab9bSAkhil Goyal .max = 12, 2493790ab9bSAkhil Goyal .increment = 0 2503790ab9bSAkhil Goyal } 2513790ab9bSAkhil Goyal }, } 2523790ab9bSAkhil Goyal }, } 2533790ab9bSAkhil Goyal }, 2545ec23e08SSrujana Challa { /* AES CCM */ 2555ec23e08SSrujana Challa .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 2565ec23e08SSrujana Challa {.sym = { 2575ec23e08SSrujana Challa .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 2585ec23e08SSrujana Challa {.aead = { 2595ec23e08SSrujana Challa .algo = RTE_CRYPTO_AEAD_AES_CCM, 2605ec23e08SSrujana Challa .block_size = 16, 2615ec23e08SSrujana Challa .key_size = { 2625ec23e08SSrujana Challa .min = 16, 2635ec23e08SSrujana Challa .max = 32, 2645ec23e08SSrujana Challa .increment = 8 2655ec23e08SSrujana Challa }, 2665ec23e08SSrujana Challa .digest_size = { 2675ec23e08SSrujana Challa .min = 16, 2685ec23e08SSrujana Challa .max = 16, 2695ec23e08SSrujana Challa .increment = 0 2705ec23e08SSrujana Challa }, 2715ec23e08SSrujana Challa .aad_size = { 2725ec23e08SSrujana Challa .min = 8, 2735ec23e08SSrujana Challa .max = 12, 2745ec23e08SSrujana Challa .increment = 4 2755ec23e08SSrujana Challa }, 2765ec23e08SSrujana Challa .iv_size = { 2775ec23e08SSrujana Challa .min = 11, 2785ec23e08SSrujana Challa .max = 13, 2795ec23e08SSrujana Challa .increment = 1 2805ec23e08SSrujana Challa } 2815ec23e08SSrujana Challa }, } 2825ec23e08SSrujana Challa }, } 2835ec23e08SSrujana Challa }, 2843790ab9bSAkhil Goyal { /* NULL (AUTH) */ 2853790ab9bSAkhil Goyal .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 2863790ab9bSAkhil Goyal {.sym = { 2873790ab9bSAkhil Goyal .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 2883790ab9bSAkhil Goyal {.auth = { 2893790ab9bSAkhil Goyal .algo = RTE_CRYPTO_AUTH_NULL, 2903790ab9bSAkhil Goyal .block_size = 1, 2913790ab9bSAkhil Goyal .key_size = { 2923790ab9bSAkhil Goyal .min = 0, 2933790ab9bSAkhil Goyal .max = 0, 2943790ab9bSAkhil Goyal .increment = 0 2953790ab9bSAkhil Goyal }, 2963790ab9bSAkhil Goyal .digest_size = { 2973790ab9bSAkhil Goyal .min = 0, 2983790ab9bSAkhil Goyal .max = 0, 2993790ab9bSAkhil Goyal .increment = 0 3003790ab9bSAkhil Goyal }, 3013790ab9bSAkhil Goyal }, }, 3023790ab9bSAkhil Goyal }, }, 3033790ab9bSAkhil Goyal }, 3043790ab9bSAkhil Goyal { /* NULL (CIPHER) */ 3053790ab9bSAkhil Goyal .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 3063790ab9bSAkhil Goyal {.sym = { 3073790ab9bSAkhil Goyal .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 3083790ab9bSAkhil Goyal {.cipher = { 3093790ab9bSAkhil Goyal .algo = RTE_CRYPTO_CIPHER_NULL, 3103790ab9bSAkhil Goyal .block_size = 1, 3113790ab9bSAkhil Goyal .key_size = { 3123790ab9bSAkhil Goyal .min = 0, 3133790ab9bSAkhil Goyal .max = 0, 3143790ab9bSAkhil Goyal .increment = 0 3153790ab9bSAkhil Goyal }, 3163790ab9bSAkhil Goyal .iv_size = { 3173790ab9bSAkhil Goyal .min = 0, 3183790ab9bSAkhil Goyal .max = 0, 3193790ab9bSAkhil Goyal .increment = 0 3203790ab9bSAkhil Goyal } 3213790ab9bSAkhil Goyal }, }, 3223790ab9bSAkhil Goyal }, } 3233790ab9bSAkhil Goyal }, 3243790ab9bSAkhil Goyal 32569daa9e5SNithin Dabilpuram RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 32669daa9e5SNithin Dabilpuram }; 32769daa9e5SNithin Dabilpuram 328e410eb58SAnkur Dwivedi static const struct rte_security_capability cn10k_eth_sec_ipsec_capabilities[] = { 32969daa9e5SNithin Dabilpuram { /* IPsec Inline Protocol ESP Tunnel Ingress */ 33069daa9e5SNithin Dabilpuram .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, 33169daa9e5SNithin Dabilpuram .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 33269daa9e5SNithin Dabilpuram .ipsec = { 33369daa9e5SNithin Dabilpuram .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 33469daa9e5SNithin Dabilpuram .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 33569daa9e5SNithin Dabilpuram .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 336a86e5f56SAkhil Goyal .replay_win_sz_max = ROC_AR_WIN_SIZE_MAX, 337a86e5f56SAkhil Goyal .options = { 338a86e5f56SAkhil Goyal .udp_encap = 1, 339a86e5f56SAkhil Goyal .udp_ports_verify = 1, 340a86e5f56SAkhil Goyal .copy_df = 1, 341a86e5f56SAkhil Goyal .copy_dscp = 1, 342a86e5f56SAkhil Goyal .copy_flabel = 1, 343a86e5f56SAkhil Goyal .tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR, 344a86e5f56SAkhil Goyal .dec_ttl = 1, 345a86e5f56SAkhil Goyal .ip_csum_enable = 1, 346a86e5f56SAkhil Goyal .l4_csum_enable = 1, 347d6e6bc5dSAkhil Goyal .stats = 1, 348a86e5f56SAkhil Goyal .esn = 1, 3495e9e008dSNithin Dabilpuram .ingress_oop = 1, 350a86e5f56SAkhil Goyal }, 35169daa9e5SNithin Dabilpuram }, 35269daa9e5SNithin Dabilpuram .crypto_capabilities = cn10k_eth_sec_crypto_caps, 35369daa9e5SNithin Dabilpuram .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA 35469daa9e5SNithin Dabilpuram }, 35569daa9e5SNithin Dabilpuram { /* IPsec Inline Protocol ESP Tunnel Egress */ 35669daa9e5SNithin Dabilpuram .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, 35769daa9e5SNithin Dabilpuram .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 35869daa9e5SNithin Dabilpuram .ipsec = { 35969daa9e5SNithin Dabilpuram .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 36069daa9e5SNithin Dabilpuram .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 36169daa9e5SNithin Dabilpuram .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 362a86e5f56SAkhil Goyal .replay_win_sz_max = ROC_AR_WIN_SIZE_MAX, 363a86e5f56SAkhil Goyal .options = { 364a86e5f56SAkhil Goyal .iv_gen_disable = 1, 365a86e5f56SAkhil Goyal .udp_encap = 1, 366a86e5f56SAkhil Goyal .udp_ports_verify = 1, 367a86e5f56SAkhil Goyal .copy_df = 1, 368a86e5f56SAkhil Goyal .copy_dscp = 1, 369a86e5f56SAkhil Goyal .copy_flabel = 1, 370a86e5f56SAkhil Goyal .dec_ttl = 1, 371a86e5f56SAkhil Goyal .ip_csum_enable = 1, 372a86e5f56SAkhil Goyal .l4_csum_enable = 1, 373d6e6bc5dSAkhil Goyal .stats = 1, 374a86e5f56SAkhil Goyal .esn = 1, 375a86e5f56SAkhil Goyal }, 37669daa9e5SNithin Dabilpuram }, 37769daa9e5SNithin Dabilpuram .crypto_capabilities = cn10k_eth_sec_crypto_caps, 37869daa9e5SNithin Dabilpuram .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA 37969daa9e5SNithin Dabilpuram }, 38034639f30SSrujana Challa { /* IPsec Inline Protocol ESP Transport Egress */ 38134639f30SSrujana Challa .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, 38234639f30SSrujana Challa .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 38334639f30SSrujana Challa .ipsec = { 38434639f30SSrujana Challa .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 38534639f30SSrujana Challa .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, 38634639f30SSrujana Challa .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 387a86e5f56SAkhil Goyal .replay_win_sz_max = ROC_AR_WIN_SIZE_MAX, 388a86e5f56SAkhil Goyal .options = { 389a86e5f56SAkhil Goyal .iv_gen_disable = 1, 390a86e5f56SAkhil Goyal .udp_encap = 1, 391a86e5f56SAkhil Goyal .udp_ports_verify = 1, 392a86e5f56SAkhil Goyal .copy_df = 1, 393a86e5f56SAkhil Goyal .copy_dscp = 1, 394a86e5f56SAkhil Goyal .dec_ttl = 1, 395a86e5f56SAkhil Goyal .ip_csum_enable = 1, 396a86e5f56SAkhil Goyal .l4_csum_enable = 1, 397d6e6bc5dSAkhil Goyal .stats = 1, 398a86e5f56SAkhil Goyal .esn = 1, 3995e9e008dSNithin Dabilpuram .ingress_oop = 1, 400a86e5f56SAkhil Goyal }, 40134639f30SSrujana Challa }, 40234639f30SSrujana Challa .crypto_capabilities = cn10k_eth_sec_crypto_caps, 40334639f30SSrujana Challa .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA 40434639f30SSrujana Challa }, 40534639f30SSrujana Challa { /* IPsec Inline Protocol ESP Transport Ingress */ 40634639f30SSrujana Challa .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, 40734639f30SSrujana Challa .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 40834639f30SSrujana Challa .ipsec = { 40934639f30SSrujana Challa .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 41034639f30SSrujana Challa .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, 41134639f30SSrujana Challa .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 412a86e5f56SAkhil Goyal .replay_win_sz_max = ROC_AR_WIN_SIZE_MAX, 413a86e5f56SAkhil Goyal .options = { 414a86e5f56SAkhil Goyal .udp_encap = 1, 415a86e5f56SAkhil Goyal .udp_ports_verify = 1, 416a86e5f56SAkhil Goyal .copy_df = 1, 417a86e5f56SAkhil Goyal .copy_dscp = 1, 418a86e5f56SAkhil Goyal .dec_ttl = 1, 419a86e5f56SAkhil Goyal .ip_csum_enable = 1, 420a86e5f56SAkhil Goyal .l4_csum_enable = 1, 421d6e6bc5dSAkhil Goyal .stats = 1, 422a86e5f56SAkhil Goyal .esn = 1, 4235e9e008dSNithin Dabilpuram .ingress_oop = 1, 424a86e5f56SAkhil Goyal }, 42534639f30SSrujana Challa }, 42634639f30SSrujana Challa .crypto_capabilities = cn10k_eth_sec_crypto_caps, 42734639f30SSrujana Challa .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA 42834639f30SSrujana Challa }, 42969daa9e5SNithin Dabilpuram }; 43069daa9e5SNithin Dabilpuram 431e410eb58SAnkur Dwivedi static const struct rte_security_capability cn10k_eth_sec_macsec_capabilities[] = { 432e410eb58SAnkur Dwivedi { /* MACsec Inline Protocol, AES-GCM-128 algo */ 433e410eb58SAnkur Dwivedi .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, 434e410eb58SAnkur Dwivedi .protocol = RTE_SECURITY_PROTOCOL_MACSEC, 435e410eb58SAnkur Dwivedi .macsec = { 436e410eb58SAnkur Dwivedi .mtu = ROC_MCS_MAX_MTU, 437e410eb58SAnkur Dwivedi .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, 438e410eb58SAnkur Dwivedi .max_nb_sc = 128, 439e410eb58SAnkur Dwivedi .max_nb_sa = 256, 440e410eb58SAnkur Dwivedi .max_nb_sess = 256, 441e410eb58SAnkur Dwivedi .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, 442e410eb58SAnkur Dwivedi .relative_sectag_insert = 1, 443e410eb58SAnkur Dwivedi .fixed_sectag_insert = 1, 444e410eb58SAnkur Dwivedi .icv_include_da_sa = 1, 445e410eb58SAnkur Dwivedi .ctrl_port_enable = 1, 446e410eb58SAnkur Dwivedi .preserve_sectag = 1, 447e410eb58SAnkur Dwivedi .preserve_icv = 1, 448e410eb58SAnkur Dwivedi .validate_frames = 1, 449e410eb58SAnkur Dwivedi .re_key = 1, 450e410eb58SAnkur Dwivedi .anti_replay = 1, 451e410eb58SAnkur Dwivedi }, 452e410eb58SAnkur Dwivedi }, 453e410eb58SAnkur Dwivedi { /* MACsec Inline Protocol, AES-GCM-256 algo */ 454e410eb58SAnkur Dwivedi .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, 455e410eb58SAnkur Dwivedi .protocol = RTE_SECURITY_PROTOCOL_MACSEC, 456e410eb58SAnkur Dwivedi .macsec = { 457e410eb58SAnkur Dwivedi .mtu = ROC_MCS_MAX_MTU, 458e410eb58SAnkur Dwivedi .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, 459e410eb58SAnkur Dwivedi .max_nb_sc = 128, 460e410eb58SAnkur Dwivedi .max_nb_sa = 256, 461e410eb58SAnkur Dwivedi .max_nb_sess = 256, 462e410eb58SAnkur Dwivedi .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, 463e410eb58SAnkur Dwivedi .relative_sectag_insert = 1, 464e410eb58SAnkur Dwivedi .fixed_sectag_insert = 1, 465e410eb58SAnkur Dwivedi .icv_include_da_sa = 1, 466e410eb58SAnkur Dwivedi .ctrl_port_enable = 1, 467e410eb58SAnkur Dwivedi .preserve_sectag = 1, 468e410eb58SAnkur Dwivedi .preserve_icv = 1, 469e410eb58SAnkur Dwivedi .validate_frames = 1, 470e410eb58SAnkur Dwivedi .re_key = 1, 471e410eb58SAnkur Dwivedi .anti_replay = 1, 472e410eb58SAnkur Dwivedi }, 473e410eb58SAnkur Dwivedi }, 474e410eb58SAnkur Dwivedi { /* MACsec Inline Protocol, AES-GCM-XPN-128 algo */ 475e410eb58SAnkur Dwivedi .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, 476e410eb58SAnkur Dwivedi .protocol = RTE_SECURITY_PROTOCOL_MACSEC, 477e410eb58SAnkur Dwivedi .macsec = { 478e410eb58SAnkur Dwivedi .mtu = ROC_MCS_MAX_MTU, 479e410eb58SAnkur Dwivedi .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, 480e410eb58SAnkur Dwivedi .max_nb_sc = 128, 481e410eb58SAnkur Dwivedi .max_nb_sa = 256, 482e410eb58SAnkur Dwivedi .max_nb_sess = 256, 483e410eb58SAnkur Dwivedi .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, 484e410eb58SAnkur Dwivedi .relative_sectag_insert = 1, 485e410eb58SAnkur Dwivedi .fixed_sectag_insert = 1, 486e410eb58SAnkur Dwivedi .icv_include_da_sa = 1, 487e410eb58SAnkur Dwivedi .ctrl_port_enable = 1, 488e410eb58SAnkur Dwivedi .preserve_sectag = 1, 489e410eb58SAnkur Dwivedi .preserve_icv = 1, 490e410eb58SAnkur Dwivedi .validate_frames = 1, 491e410eb58SAnkur Dwivedi .re_key = 1, 492e410eb58SAnkur Dwivedi .anti_replay = 1, 493e410eb58SAnkur Dwivedi }, 494e410eb58SAnkur Dwivedi }, 495e410eb58SAnkur Dwivedi { /* MACsec Inline Protocol, AES-GCM-XPN-256 algo */ 496e410eb58SAnkur Dwivedi .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, 497e410eb58SAnkur Dwivedi .protocol = RTE_SECURITY_PROTOCOL_MACSEC, 498e410eb58SAnkur Dwivedi .macsec = { 499e410eb58SAnkur Dwivedi .mtu = ROC_MCS_MAX_MTU, 500e410eb58SAnkur Dwivedi .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, 501e410eb58SAnkur Dwivedi .max_nb_sc = 128, 502e410eb58SAnkur Dwivedi .max_nb_sa = 256, 503e410eb58SAnkur Dwivedi .max_nb_sess = 256, 504e410eb58SAnkur Dwivedi .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, 505e410eb58SAnkur Dwivedi .relative_sectag_insert = 1, 506e410eb58SAnkur Dwivedi .fixed_sectag_insert = 1, 507e410eb58SAnkur Dwivedi .icv_include_da_sa = 1, 508e410eb58SAnkur Dwivedi .ctrl_port_enable = 1, 509e410eb58SAnkur Dwivedi .preserve_sectag = 1, 510e410eb58SAnkur Dwivedi .preserve_icv = 1, 511e410eb58SAnkur Dwivedi .validate_frames = 1, 512e410eb58SAnkur Dwivedi .re_key = 1, 513e410eb58SAnkur Dwivedi .anti_replay = 1, 514e410eb58SAnkur Dwivedi }, 515e410eb58SAnkur Dwivedi }, 516e410eb58SAnkur Dwivedi }; 517e410eb58SAnkur Dwivedi 518e410eb58SAnkur Dwivedi #define SEC_CAPS_LEN (RTE_DIM(cn10k_eth_sec_ipsec_capabilities) + \ 519e410eb58SAnkur Dwivedi RTE_DIM(cn10k_eth_sec_macsec_capabilities) + 1) 520e410eb58SAnkur Dwivedi 521e410eb58SAnkur Dwivedi static struct rte_security_capability cn10k_eth_sec_capabilities[SEC_CAPS_LEN]; 522e410eb58SAnkur Dwivedi 523ea695031SNithin Dabilpuram static inline void 524ea695031SNithin Dabilpuram cnxk_pktmbuf_free_no_cache(struct rte_mbuf *mbuf) 525ea695031SNithin Dabilpuram { 526ea695031SNithin Dabilpuram struct rte_mbuf *next; 527ea695031SNithin Dabilpuram 528ea695031SNithin Dabilpuram if (!mbuf) 529ea695031SNithin Dabilpuram return; 530ea695031SNithin Dabilpuram do { 531ea695031SNithin Dabilpuram next = mbuf->next; 532ea695031SNithin Dabilpuram roc_npa_aura_op_free(mbuf->pool->pool_id, 1, (rte_iova_t)mbuf); 533ea695031SNithin Dabilpuram mbuf = next; 534ea695031SNithin Dabilpuram } while (mbuf != NULL); 535ea695031SNithin Dabilpuram } 536ea695031SNithin Dabilpuram 537fb35a2c7SNithin Dabilpuram void 538bea5d990SVamsi Attunuru cn10k_eth_sec_sso_work_cb(uint64_t *gw, void *args, uint32_t soft_exp_event) 53969daa9e5SNithin Dabilpuram { 54069daa9e5SNithin Dabilpuram struct rte_eth_event_ipsec_desc desc; 54169daa9e5SNithin Dabilpuram struct cn10k_sec_sess_priv sess_priv; 54269daa9e5SNithin Dabilpuram struct cn10k_outb_priv_data *priv; 54369daa9e5SNithin Dabilpuram struct roc_ot_ipsec_outb_sa *sa; 54469daa9e5SNithin Dabilpuram struct cpt_cn10k_res_s *res; 54569daa9e5SNithin Dabilpuram struct rte_eth_dev *eth_dev; 54669daa9e5SNithin Dabilpuram struct cnxk_eth_dev *dev; 547ea695031SNithin Dabilpuram static uint64_t warn_cnt; 54869daa9e5SNithin Dabilpuram uint16_t dlen_adj, rlen; 54969daa9e5SNithin Dabilpuram struct rte_mbuf *mbuf; 55069daa9e5SNithin Dabilpuram uintptr_t sa_base; 55169daa9e5SNithin Dabilpuram uintptr_t nixtx; 55269daa9e5SNithin Dabilpuram uint8_t port; 55369daa9e5SNithin Dabilpuram 55469daa9e5SNithin Dabilpuram RTE_SET_USED(args); 55569daa9e5SNithin Dabilpuram 55669daa9e5SNithin Dabilpuram switch ((gw[0] >> 28) & 0xF) { 55769daa9e5SNithin Dabilpuram case RTE_EVENT_TYPE_ETHDEV: 55869daa9e5SNithin Dabilpuram /* Event from inbound inline dev due to IPSEC packet bad L4 */ 55969daa9e5SNithin Dabilpuram mbuf = (struct rte_mbuf *)(gw[1] - sizeof(struct rte_mbuf)); 56069daa9e5SNithin Dabilpuram plt_nix_dbg("Received mbuf %p from inline dev inbound", mbuf); 561ea695031SNithin Dabilpuram cnxk_pktmbuf_free_no_cache(mbuf); 56269daa9e5SNithin Dabilpuram return; 56369daa9e5SNithin Dabilpuram case RTE_EVENT_TYPE_CPU: 56469daa9e5SNithin Dabilpuram /* Check for subtype */ 56569daa9e5SNithin Dabilpuram if (((gw[0] >> 20) & 0xFF) == CNXK_ETHDEV_SEC_OUTB_EV_SUB) { 56669daa9e5SNithin Dabilpuram /* Event from outbound inline error */ 56769daa9e5SNithin Dabilpuram mbuf = (struct rte_mbuf *)gw[1]; 56869daa9e5SNithin Dabilpuram break; 56969daa9e5SNithin Dabilpuram } 57069daa9e5SNithin Dabilpuram /* Fall through */ 57169daa9e5SNithin Dabilpuram default: 572bea5d990SVamsi Attunuru if (soft_exp_event & 0x1) { 573bea5d990SVamsi Attunuru sa = (struct roc_ot_ipsec_outb_sa *)args; 574bea5d990SVamsi Attunuru priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(sa); 575bea5d990SVamsi Attunuru desc.metadata = (uint64_t)priv->userdata; 5763d7a5844SVamsi Attunuru if (sa->w2.s.life_unit == ROC_IE_OT_SA_LIFE_UNIT_PKTS) 5773d7a5844SVamsi Attunuru desc.subtype = 5783d7a5844SVamsi Attunuru RTE_ETH_EVENT_IPSEC_SA_PKT_EXPIRY; 5793d7a5844SVamsi Attunuru else 5803d7a5844SVamsi Attunuru desc.subtype = 5813d7a5844SVamsi Attunuru RTE_ETH_EVENT_IPSEC_SA_BYTE_EXPIRY; 582bea5d990SVamsi Attunuru eth_dev = &rte_eth_devices[soft_exp_event >> 8]; 583bea5d990SVamsi Attunuru rte_eth_dev_callback_process(eth_dev, 584bea5d990SVamsi Attunuru RTE_ETH_EVENT_IPSEC, &desc); 585bea5d990SVamsi Attunuru } else { 58669daa9e5SNithin Dabilpuram plt_err("Unknown event gw[0] = 0x%016lx, gw[1] = 0x%016lx", 58769daa9e5SNithin Dabilpuram gw[0], gw[1]); 588bea5d990SVamsi Attunuru } 58969daa9e5SNithin Dabilpuram return; 59069daa9e5SNithin Dabilpuram } 59169daa9e5SNithin Dabilpuram 59269daa9e5SNithin Dabilpuram /* Get ethdev port from tag */ 59369daa9e5SNithin Dabilpuram port = gw[0] & 0xFF; 59469daa9e5SNithin Dabilpuram eth_dev = &rte_eth_devices[port]; 59569daa9e5SNithin Dabilpuram dev = cnxk_eth_pmd_priv(eth_dev); 59669daa9e5SNithin Dabilpuram 59769daa9e5SNithin Dabilpuram sess_priv.u64 = *rte_security_dynfield(mbuf); 59869daa9e5SNithin Dabilpuram /* Calculate dlen adj */ 59969daa9e5SNithin Dabilpuram dlen_adj = mbuf->pkt_len - mbuf->l2_len; 60069daa9e5SNithin Dabilpuram rlen = (dlen_adj + sess_priv.roundup_len) + 60169daa9e5SNithin Dabilpuram (sess_priv.roundup_byte - 1); 60269daa9e5SNithin Dabilpuram rlen &= ~(uint64_t)(sess_priv.roundup_byte - 1); 60369daa9e5SNithin Dabilpuram rlen += sess_priv.partial_len; 60469daa9e5SNithin Dabilpuram dlen_adj = rlen - dlen_adj; 60569daa9e5SNithin Dabilpuram 60669daa9e5SNithin Dabilpuram /* Find the res area residing on next cacheline after end of data */ 60769daa9e5SNithin Dabilpuram nixtx = rte_pktmbuf_mtod(mbuf, uintptr_t) + mbuf->pkt_len + dlen_adj; 60869daa9e5SNithin Dabilpuram nixtx += BIT_ULL(7); 60969daa9e5SNithin Dabilpuram nixtx = (nixtx - 1) & ~(BIT_ULL(7) - 1); 61069daa9e5SNithin Dabilpuram res = (struct cpt_cn10k_res_s *)nixtx; 61169daa9e5SNithin Dabilpuram 61269daa9e5SNithin Dabilpuram plt_nix_dbg("Outbound error, mbuf %p, sa_index %u, compcode %x uc %x", 61369daa9e5SNithin Dabilpuram mbuf, sess_priv.sa_idx, res->compcode, res->uc_compcode); 61469daa9e5SNithin Dabilpuram 61569daa9e5SNithin Dabilpuram sess_priv.u64 = *rte_security_dynfield(mbuf); 61669daa9e5SNithin Dabilpuram 61769daa9e5SNithin Dabilpuram sa_base = dev->outb.sa_base; 61869daa9e5SNithin Dabilpuram sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sess_priv.sa_idx); 61969daa9e5SNithin Dabilpuram priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(sa); 62069daa9e5SNithin Dabilpuram 62169daa9e5SNithin Dabilpuram memset(&desc, 0, sizeof(desc)); 62269daa9e5SNithin Dabilpuram 62369daa9e5SNithin Dabilpuram switch (res->uc_compcode) { 62469daa9e5SNithin Dabilpuram case ROC_IE_OT_UCC_ERR_SA_OVERFLOW: 62569daa9e5SNithin Dabilpuram desc.subtype = RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW; 62669daa9e5SNithin Dabilpuram break; 627f496b865SVamsi Attunuru case ROC_IE_OT_UCC_ERR_SA_EXPIRED: 628f496b865SVamsi Attunuru if (sa->w2.s.life_unit == ROC_IE_OT_SA_LIFE_UNIT_PKTS) 629f496b865SVamsi Attunuru desc.subtype = RTE_ETH_EVENT_IPSEC_SA_PKT_HARD_EXPIRY; 630f496b865SVamsi Attunuru else 631f496b865SVamsi Attunuru desc.subtype = RTE_ETH_EVENT_IPSEC_SA_BYTE_HARD_EXPIRY; 632f496b865SVamsi Attunuru break; 633ea695031SNithin Dabilpuram case ROC_IE_OT_UCC_ERR_PKT_IP: 634ea695031SNithin Dabilpuram warn_cnt++; 635ea695031SNithin Dabilpuram if (warn_cnt % 10000 == 0) 636ea695031SNithin Dabilpuram plt_warn("Outbound error, bad ip pkt, mbuf %p," 637ea695031SNithin Dabilpuram " sa_index %u (total warnings %" PRIu64 ")", 638ea695031SNithin Dabilpuram mbuf, sess_priv.sa_idx, warn_cnt); 639f5d1f6aaSNithin Dabilpuram desc.subtype = -res->uc_compcode; 640ea695031SNithin Dabilpuram break; 64169daa9e5SNithin Dabilpuram default: 642ea695031SNithin Dabilpuram warn_cnt++; 643ea695031SNithin Dabilpuram if (warn_cnt % 10000 == 0) 64469daa9e5SNithin Dabilpuram plt_warn("Outbound error, mbuf %p, sa_index %u," 645ea695031SNithin Dabilpuram " compcode %x uc %x," 646ea695031SNithin Dabilpuram " (total warnings %" PRIu64 ")", 647ea695031SNithin Dabilpuram mbuf, sess_priv.sa_idx, res->compcode, 648ea695031SNithin Dabilpuram res->uc_compcode, warn_cnt); 649f5d1f6aaSNithin Dabilpuram desc.subtype = -res->uc_compcode; 65069daa9e5SNithin Dabilpuram break; 65169daa9e5SNithin Dabilpuram } 65269daa9e5SNithin Dabilpuram 65369daa9e5SNithin Dabilpuram desc.metadata = (uint64_t)priv->userdata; 65469daa9e5SNithin Dabilpuram rte_eth_dev_callback_process(eth_dev, RTE_ETH_EVENT_IPSEC, &desc); 655ea695031SNithin Dabilpuram cnxk_pktmbuf_free_no_cache(mbuf); 65669daa9e5SNithin Dabilpuram } 65769daa9e5SNithin Dabilpuram 658d6c3525dSNithin Dabilpuram static void 659d6c3525dSNithin Dabilpuram outb_dbg_iv_update(struct roc_ot_ipsec_outb_sa *outb_sa, const char *__iv_str) 660d6c3525dSNithin Dabilpuram { 661d6c3525dSNithin Dabilpuram uint8_t *iv_dbg = outb_sa->iv.iv_dbg; 662d6c3525dSNithin Dabilpuram char *iv_str = strdup(__iv_str); 663d6c3525dSNithin Dabilpuram char *iv_b = NULL, len = 16; 664d6c3525dSNithin Dabilpuram char *save; 665d6c3525dSNithin Dabilpuram int i; 666d6c3525dSNithin Dabilpuram 667d6c3525dSNithin Dabilpuram if (!iv_str) 668d6c3525dSNithin Dabilpuram return; 669d6c3525dSNithin Dabilpuram 670c31a9465SAnoob Joseph if (outb_sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_GCM || 671c31a9465SAnoob Joseph outb_sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_CTR || 672c31a9465SAnoob Joseph outb_sa->w2.s.enc_type == ROC_IE_SA_ENC_AES_CCM || 673c31a9465SAnoob Joseph outb_sa->w2.s.auth_type == ROC_IE_SA_AUTH_AES_GMAC) { 674d6c3525dSNithin Dabilpuram memset(outb_sa->iv.s.iv_dbg1, 0, sizeof(outb_sa->iv.s.iv_dbg1)); 675d6c3525dSNithin Dabilpuram memset(outb_sa->iv.s.iv_dbg2, 0, sizeof(outb_sa->iv.s.iv_dbg2)); 676d6c3525dSNithin Dabilpuram 677d6c3525dSNithin Dabilpuram iv_dbg = outb_sa->iv.s.iv_dbg1; 678d6c3525dSNithin Dabilpuram for (i = 0; i < 4; i++) { 679d6c3525dSNithin Dabilpuram iv_b = strtok_r(i ? NULL : iv_str, ",", &save); 680d6c3525dSNithin Dabilpuram if (!iv_b) 681d6c3525dSNithin Dabilpuram break; 682d6c3525dSNithin Dabilpuram iv_dbg[i] = strtoul(iv_b, NULL, 0); 683d6c3525dSNithin Dabilpuram } 684d6c3525dSNithin Dabilpuram *(uint32_t *)iv_dbg = rte_be_to_cpu_32(*(uint32_t *)iv_dbg); 685d6c3525dSNithin Dabilpuram 686d6c3525dSNithin Dabilpuram iv_dbg = outb_sa->iv.s.iv_dbg2; 687d6c3525dSNithin Dabilpuram for (i = 0; i < 4; i++) { 688d6c3525dSNithin Dabilpuram iv_b = strtok_r(NULL, ",", &save); 689d6c3525dSNithin Dabilpuram if (!iv_b) 690d6c3525dSNithin Dabilpuram break; 691d6c3525dSNithin Dabilpuram iv_dbg[i] = strtoul(iv_b, NULL, 0); 692d6c3525dSNithin Dabilpuram } 693d6c3525dSNithin Dabilpuram *(uint32_t *)iv_dbg = rte_be_to_cpu_32(*(uint32_t *)iv_dbg); 694d6c3525dSNithin Dabilpuram 695d6c3525dSNithin Dabilpuram } else { 696d6c3525dSNithin Dabilpuram iv_dbg = outb_sa->iv.iv_dbg; 697d6c3525dSNithin Dabilpuram memset(iv_dbg, 0, sizeof(outb_sa->iv.iv_dbg)); 698d6c3525dSNithin Dabilpuram 699d6c3525dSNithin Dabilpuram for (i = 0; i < len; i++) { 700d6c3525dSNithin Dabilpuram iv_b = strtok_r(i ? NULL : iv_str, ",", &save); 701d6c3525dSNithin Dabilpuram if (!iv_b) 702d6c3525dSNithin Dabilpuram break; 703d6c3525dSNithin Dabilpuram iv_dbg[i] = strtoul(iv_b, NULL, 0); 704d6c3525dSNithin Dabilpuram } 705d6c3525dSNithin Dabilpuram *(uint64_t *)iv_dbg = rte_be_to_cpu_64(*(uint64_t *)iv_dbg); 706d6c3525dSNithin Dabilpuram *(uint64_t *)&iv_dbg[8] = 707d6c3525dSNithin Dabilpuram rte_be_to_cpu_64(*(uint64_t *)&iv_dbg[8]); 708d6c3525dSNithin Dabilpuram } 709d6c3525dSNithin Dabilpuram 710d6c3525dSNithin Dabilpuram /* Update source of IV */ 711d6c3525dSNithin Dabilpuram outb_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA; 712d6c3525dSNithin Dabilpuram free(iv_str); 713d6c3525dSNithin Dabilpuram } 714d6c3525dSNithin Dabilpuram 71569daa9e5SNithin Dabilpuram static int 716bea5d990SVamsi Attunuru cn10k_eth_sec_outb_sa_misc_fill(struct roc_nix *roc_nix, 717bea5d990SVamsi Attunuru struct roc_ot_ipsec_outb_sa *sa, void *sa_cptr, 718bea5d990SVamsi Attunuru struct rte_security_ipsec_xform *ipsec_xfrm, 719bea5d990SVamsi Attunuru uint32_t sa_idx) 720bea5d990SVamsi Attunuru { 721bea5d990SVamsi Attunuru uint64_t *ring_base, ring_addr; 722bea5d990SVamsi Attunuru 723bea5d990SVamsi Attunuru if (ipsec_xfrm->life.bytes_soft_limit | 724bea5d990SVamsi Attunuru ipsec_xfrm->life.packets_soft_limit) { 725bea5d990SVamsi Attunuru ring_base = roc_nix_inl_outb_ring_base_get(roc_nix); 726bea5d990SVamsi Attunuru if (ring_base == NULL) 727bea5d990SVamsi Attunuru return -ENOTSUP; 728bea5d990SVamsi Attunuru 729bea5d990SVamsi Attunuru ring_addr = ring_base[sa_idx >> 730bea5d990SVamsi Attunuru ROC_NIX_SOFT_EXP_ERR_RING_MAX_ENTRY_LOG2]; 731bea5d990SVamsi Attunuru sa->ctx.err_ctl.s.mode = ROC_IE_OT_ERR_CTL_MODE_RING; 732bea5d990SVamsi Attunuru sa->ctx.err_ctl.s.address = ring_addr >> 3; 733bea5d990SVamsi Attunuru sa->w0.s.ctx_id = ((uintptr_t)sa_cptr >> 51) & 0x1ff; 734bea5d990SVamsi Attunuru } 735bea5d990SVamsi Attunuru 736bea5d990SVamsi Attunuru return 0; 737bea5d990SVamsi Attunuru } 738bea5d990SVamsi Attunuru 739bea5d990SVamsi Attunuru static int 74069daa9e5SNithin Dabilpuram cn10k_eth_sec_session_create(void *device, 74169daa9e5SNithin Dabilpuram struct rte_security_session_conf *conf, 7423f3fc330SAkhil Goyal struct rte_security_session *sess) 74369daa9e5SNithin Dabilpuram { 74469daa9e5SNithin Dabilpuram struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; 74569daa9e5SNithin Dabilpuram struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); 74669daa9e5SNithin Dabilpuram struct rte_security_ipsec_xform *ipsec; 74769daa9e5SNithin Dabilpuram struct cn10k_sec_sess_priv sess_priv; 74869daa9e5SNithin Dabilpuram struct rte_crypto_sym_xform *crypto; 7493f3fc330SAkhil Goyal struct cnxk_eth_sec_sess *eth_sec = SECURITY_GET_SESS_PRIV(sess); 750fe5846bcSNithin Dabilpuram struct roc_nix *nix = &dev->nix; 75169daa9e5SNithin Dabilpuram bool inbound, inl_dev; 752fd7d681cSNithin Dabilpuram rte_spinlock_t *lock; 753fd7d681cSNithin Dabilpuram char tbuf[128] = {0}; 75469daa9e5SNithin Dabilpuram int rc = 0; 75569daa9e5SNithin Dabilpuram 75669daa9e5SNithin Dabilpuram if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) 75769daa9e5SNithin Dabilpuram return -ENOTSUP; 75869daa9e5SNithin Dabilpuram 75914598b31SAkhil Goyal if (conf->protocol == RTE_SECURITY_PROTOCOL_MACSEC) 76014598b31SAkhil Goyal return cnxk_eth_macsec_session_create(dev, conf, sess); 76114598b31SAkhil Goyal else if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) 76269daa9e5SNithin Dabilpuram return -ENOTSUP; 76369daa9e5SNithin Dabilpuram 76403b15238SSrujana Challa if (nix->custom_inb_sa) 76503b15238SSrujana Challa return -ENOTSUP; 76603b15238SSrujana Challa 76769daa9e5SNithin Dabilpuram if (rte_security_dynfield_register() < 0) 76869daa9e5SNithin Dabilpuram return -ENOTSUP; 76969daa9e5SNithin Dabilpuram 770c062f572SVidya Sagar Velumuri if (conf->ipsec.options.ip_reassembly_en && 771c062f572SVidya Sagar Velumuri dev->reass_dynfield_off < 0) { 772c062f572SVidya Sagar Velumuri if (rte_eth_ip_reassembly_dynfield_register(&dev->reass_dynfield_off, 773c062f572SVidya Sagar Velumuri &dev->reass_dynflag_bit) < 0) 774c062f572SVidya Sagar Velumuri return -rte_errno; 775c062f572SVidya Sagar Velumuri } 776c062f572SVidya Sagar Velumuri 7775e9e008dSNithin Dabilpuram if (conf->ipsec.options.ingress_oop && 7785e9e008dSNithin Dabilpuram rte_security_oop_dynfield_offset < 0) { 7795e9e008dSNithin Dabilpuram /* Register for security OOP dynfield if required */ 7805e9e008dSNithin Dabilpuram if (rte_security_oop_dynfield_register() < 0) 7815e9e008dSNithin Dabilpuram return -rte_errno; 7825e9e008dSNithin Dabilpuram } 7835e9e008dSNithin Dabilpuram 7845e9e008dSNithin Dabilpuram /* We cannot support inbound reassembly and OOP together */ 7855e9e008dSNithin Dabilpuram if (conf->ipsec.options.ip_reassembly_en && 7865e9e008dSNithin Dabilpuram conf->ipsec.options.ingress_oop) { 7875e9e008dSNithin Dabilpuram plt_err("Cannot support Inbound reassembly and OOP together"); 7885e9e008dSNithin Dabilpuram return -ENOTSUP; 7895e9e008dSNithin Dabilpuram } 7905e9e008dSNithin Dabilpuram 79169daa9e5SNithin Dabilpuram ipsec = &conf->ipsec; 79269daa9e5SNithin Dabilpuram crypto = conf->crypto_xform; 79369daa9e5SNithin Dabilpuram inbound = !!(ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS); 79469daa9e5SNithin Dabilpuram inl_dev = !!dev->inb.inl_dev; 79569daa9e5SNithin Dabilpuram 79669daa9e5SNithin Dabilpuram /* Search if a session already exits */ 79769daa9e5SNithin Dabilpuram if (cnxk_eth_sec_sess_get_by_spi(dev, ipsec->spi, inbound)) { 79869daa9e5SNithin Dabilpuram plt_err("%s SA with SPI %u already in use", 79969daa9e5SNithin Dabilpuram inbound ? "Inbound" : "Outbound", ipsec->spi); 80069daa9e5SNithin Dabilpuram return -EEXIST; 80169daa9e5SNithin Dabilpuram } 80269daa9e5SNithin Dabilpuram 80369daa9e5SNithin Dabilpuram memset(eth_sec, 0, sizeof(struct cnxk_eth_sec_sess)); 80469daa9e5SNithin Dabilpuram sess_priv.u64 = 0; 80569daa9e5SNithin Dabilpuram 806fd7d681cSNithin Dabilpuram lock = inbound ? &dev->inb.lock : &dev->outb.lock; 807fd7d681cSNithin Dabilpuram rte_spinlock_lock(lock); 808fd7d681cSNithin Dabilpuram 80969daa9e5SNithin Dabilpuram /* Acquire lock on inline dev for inbound */ 81069daa9e5SNithin Dabilpuram if (inbound && inl_dev) 81169daa9e5SNithin Dabilpuram roc_nix_inl_dev_lock(); 81269daa9e5SNithin Dabilpuram 81369daa9e5SNithin Dabilpuram if (inbound) { 8143c3ea76cSSrujana Challa struct roc_ot_ipsec_inb_sa *inb_sa, *inb_sa_dptr; 81569daa9e5SNithin Dabilpuram struct cn10k_inb_priv_data *inb_priv; 816fe5846bcSNithin Dabilpuram uint32_t spi_mask; 81769daa9e5SNithin Dabilpuram uintptr_t sa; 81869daa9e5SNithin Dabilpuram 81969daa9e5SNithin Dabilpuram PLT_STATIC_ASSERT(sizeof(struct cn10k_inb_priv_data) < 82069daa9e5SNithin Dabilpuram ROC_NIX_INL_OT_IPSEC_INB_SW_RSVD); 82169daa9e5SNithin Dabilpuram 822fe5846bcSNithin Dabilpuram spi_mask = roc_nix_inl_inb_spi_range(nix, inl_dev, NULL, NULL); 823fe5846bcSNithin Dabilpuram 82469daa9e5SNithin Dabilpuram /* Get Inbound SA from NIX_RX_IPSEC_SA_BASE */ 825fe5846bcSNithin Dabilpuram sa = roc_nix_inl_inb_sa_get(nix, inl_dev, ipsec->spi); 82669daa9e5SNithin Dabilpuram if (!sa && dev->inb.inl_dev) { 827fd7d681cSNithin Dabilpuram snprintf(tbuf, sizeof(tbuf), 828fd7d681cSNithin Dabilpuram "Failed to create ingress sa, inline dev " 82969daa9e5SNithin Dabilpuram "not found or spi not in range"); 83069daa9e5SNithin Dabilpuram rc = -ENOTSUP; 8313f3fc330SAkhil Goyal goto err; 83269daa9e5SNithin Dabilpuram } else if (!sa) { 833fd7d681cSNithin Dabilpuram snprintf(tbuf, sizeof(tbuf), 834fd7d681cSNithin Dabilpuram "Failed to create ingress sa"); 83569daa9e5SNithin Dabilpuram rc = -EFAULT; 8363f3fc330SAkhil Goyal goto err; 83769daa9e5SNithin Dabilpuram } 83869daa9e5SNithin Dabilpuram 83969daa9e5SNithin Dabilpuram inb_sa = (struct roc_ot_ipsec_inb_sa *)sa; 84069daa9e5SNithin Dabilpuram 84169daa9e5SNithin Dabilpuram /* Check if SA is already in use */ 84269daa9e5SNithin Dabilpuram if (inb_sa->w2.s.valid) { 843fd7d681cSNithin Dabilpuram snprintf(tbuf, sizeof(tbuf), 844fd7d681cSNithin Dabilpuram "Inbound SA with SPI %u already in use", 84569daa9e5SNithin Dabilpuram ipsec->spi); 84669daa9e5SNithin Dabilpuram rc = -EBUSY; 8473f3fc330SAkhil Goyal goto err; 84869daa9e5SNithin Dabilpuram } 84969daa9e5SNithin Dabilpuram 8503c3ea76cSSrujana Challa inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr; 8513c3ea76cSSrujana Challa memset(inb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa)); 85269daa9e5SNithin Dabilpuram 85369daa9e5SNithin Dabilpuram /* Fill inbound sa params */ 8545ece02e7SVidya Sagar Velumuri rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto, 8555ece02e7SVidya Sagar Velumuri true); 85669daa9e5SNithin Dabilpuram if (rc) { 857fd7d681cSNithin Dabilpuram snprintf(tbuf, sizeof(tbuf), 858fd7d681cSNithin Dabilpuram "Failed to init inbound sa, rc=%d", rc); 8593f3fc330SAkhil Goyal goto err; 86069daa9e5SNithin Dabilpuram } 86169daa9e5SNithin Dabilpuram 86269daa9e5SNithin Dabilpuram inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa); 86369daa9e5SNithin Dabilpuram /* Back pointer to get eth_sec */ 86469daa9e5SNithin Dabilpuram inb_priv->eth_sec = eth_sec; 86569daa9e5SNithin Dabilpuram /* Save userdata in inb private area */ 86669daa9e5SNithin Dabilpuram inb_priv->userdata = conf->userdata; 86769daa9e5SNithin Dabilpuram 86869daa9e5SNithin Dabilpuram /* Save SA index/SPI in cookie for now */ 869fe5846bcSNithin Dabilpuram inb_sa_dptr->w1.s.cookie = 870fe5846bcSNithin Dabilpuram rte_cpu_to_be_32(ipsec->spi & spi_mask); 87169daa9e5SNithin Dabilpuram 872d6e6bc5dSAkhil Goyal if (ipsec->options.stats == 1) { 873d6e6bc5dSAkhil Goyal /* Enable mib counters */ 874d6e6bc5dSAkhil Goyal inb_sa_dptr->w0.s.count_mib_bytes = 1; 875d6e6bc5dSAkhil Goyal inb_sa_dptr->w0.s.count_mib_pkts = 1; 876d6e6bc5dSAkhil Goyal } 8775e9e008dSNithin Dabilpuram 8785e9e008dSNithin Dabilpuram /* Enable out-of-place processing */ 8795e9e008dSNithin Dabilpuram if (ipsec->options.ingress_oop) 8805e9e008dSNithin Dabilpuram inb_sa_dptr->w0.s.pkt_format = 8815e9e008dSNithin Dabilpuram ROC_IE_OT_SA_PKT_FMT_FULL; 8825e9e008dSNithin Dabilpuram 88369daa9e5SNithin Dabilpuram /* Prepare session priv */ 88469daa9e5SNithin Dabilpuram sess_priv.inb_sa = 1; 885fe5846bcSNithin Dabilpuram sess_priv.sa_idx = ipsec->spi & spi_mask; 88669daa9e5SNithin Dabilpuram 88769daa9e5SNithin Dabilpuram /* Pointer from eth_sec -> inb_sa */ 88869daa9e5SNithin Dabilpuram eth_sec->sa = inb_sa; 88969daa9e5SNithin Dabilpuram eth_sec->sess = sess; 890fe5846bcSNithin Dabilpuram eth_sec->sa_idx = ipsec->spi & spi_mask; 89169daa9e5SNithin Dabilpuram eth_sec->spi = ipsec->spi; 89269daa9e5SNithin Dabilpuram eth_sec->inl_dev = !!dev->inb.inl_dev; 89369daa9e5SNithin Dabilpuram eth_sec->inb = true; 8945e9e008dSNithin Dabilpuram eth_sec->inb_oop = !!ipsec->options.ingress_oop; 89569daa9e5SNithin Dabilpuram 89669daa9e5SNithin Dabilpuram TAILQ_INSERT_TAIL(&dev->inb.list, eth_sec, entry); 89769daa9e5SNithin Dabilpuram dev->inb.nb_sess++; 8983c3ea76cSSrujana Challa /* Sync session in context cache */ 8993c3ea76cSSrujana Challa rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa, 9003c3ea76cSSrujana Challa eth_sec->inb, 9013c3ea76cSSrujana Challa sizeof(struct roc_ot_ipsec_inb_sa)); 9023c3ea76cSSrujana Challa if (rc) 9033f3fc330SAkhil Goyal goto err; 904c062f572SVidya Sagar Velumuri 905c062f572SVidya Sagar Velumuri if (conf->ipsec.options.ip_reassembly_en) { 906c062f572SVidya Sagar Velumuri inb_priv->reass_dynfield_off = dev->reass_dynfield_off; 907c062f572SVidya Sagar Velumuri inb_priv->reass_dynflag_bit = dev->reass_dynflag_bit; 908c062f572SVidya Sagar Velumuri } 909c062f572SVidya Sagar Velumuri 9105e9e008dSNithin Dabilpuram if (ipsec->options.ingress_oop) 9115e9e008dSNithin Dabilpuram dev->inb.nb_oop++; 9125e9e008dSNithin Dabilpuram 9135e9e008dSNithin Dabilpuram /* Update function pointer to handle OOP sessions */ 9145e9e008dSNithin Dabilpuram if (dev->inb.nb_oop && 9155e9e008dSNithin Dabilpuram !(dev->rx_offload_flags & NIX_RX_REAS_F)) { 9165e9e008dSNithin Dabilpuram dev->rx_offload_flags |= NIX_RX_REAS_F; 9175e9e008dSNithin Dabilpuram cn10k_eth_set_rx_function(eth_dev); 918*d524a552SRakesh Kudurumalla if (cnxk_ethdev_rx_offload_cb) 919*d524a552SRakesh Kudurumalla cnxk_ethdev_rx_offload_cb(eth_dev->data->port_id, 920*d524a552SRakesh Kudurumalla NIX_RX_REAS_F); 9215e9e008dSNithin Dabilpuram } 92269daa9e5SNithin Dabilpuram } else { 9233c3ea76cSSrujana Challa struct roc_ot_ipsec_outb_sa *outb_sa, *outb_sa_dptr; 92469daa9e5SNithin Dabilpuram struct cn10k_outb_priv_data *outb_priv; 92569daa9e5SNithin Dabilpuram struct cnxk_ipsec_outb_rlens *rlens; 92669daa9e5SNithin Dabilpuram uint64_t sa_base = dev->outb.sa_base; 927d6c3525dSNithin Dabilpuram const char *iv_str; 92869daa9e5SNithin Dabilpuram uint32_t sa_idx; 92969daa9e5SNithin Dabilpuram 93069daa9e5SNithin Dabilpuram PLT_STATIC_ASSERT(sizeof(struct cn10k_outb_priv_data) < 93169daa9e5SNithin Dabilpuram ROC_NIX_INL_OT_IPSEC_OUTB_SW_RSVD); 93269daa9e5SNithin Dabilpuram 93369daa9e5SNithin Dabilpuram /* Alloc an sa index */ 9348efa348eSKiran Kumar K rc = cnxk_eth_outb_sa_idx_get(dev, &sa_idx, ipsec->spi); 93569daa9e5SNithin Dabilpuram if (rc) 9363f3fc330SAkhil Goyal goto err; 93769daa9e5SNithin Dabilpuram 93869daa9e5SNithin Dabilpuram outb_sa = roc_nix_inl_ot_ipsec_outb_sa(sa_base, sa_idx); 93969daa9e5SNithin Dabilpuram outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa); 94069daa9e5SNithin Dabilpuram rlens = &outb_priv->rlens; 94169daa9e5SNithin Dabilpuram 9423c3ea76cSSrujana Challa outb_sa_dptr = (struct roc_ot_ipsec_outb_sa *)dev->outb.sa_dptr; 9433c3ea76cSSrujana Challa memset(outb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa)); 94469daa9e5SNithin Dabilpuram 94569daa9e5SNithin Dabilpuram /* Fill outbound sa params */ 9463c3ea76cSSrujana Challa rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto); 94769daa9e5SNithin Dabilpuram if (rc) { 948fd7d681cSNithin Dabilpuram snprintf(tbuf, sizeof(tbuf), 949fd7d681cSNithin Dabilpuram "Failed to init outbound sa, rc=%d", rc); 95069daa9e5SNithin Dabilpuram rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx); 9513f3fc330SAkhil Goyal goto err; 95269daa9e5SNithin Dabilpuram } 95369daa9e5SNithin Dabilpuram 95476e0dd11SAkhil Goyal if (conf->ipsec.options.iv_gen_disable == 1) { 95576e0dd11SAkhil Goyal iv_str = getenv("ETH_SEC_IV_OVR"); 956d6c3525dSNithin Dabilpuram if (iv_str) 957d6c3525dSNithin Dabilpuram outb_dbg_iv_update(outb_sa_dptr, iv_str); 95876e0dd11SAkhil Goyal } 959bea5d990SVamsi Attunuru /* Fill outbound sa misc params */ 960bea5d990SVamsi Attunuru rc = cn10k_eth_sec_outb_sa_misc_fill(&dev->nix, outb_sa_dptr, 961bea5d990SVamsi Attunuru outb_sa, ipsec, sa_idx); 962bea5d990SVamsi Attunuru if (rc) { 963bea5d990SVamsi Attunuru snprintf(tbuf, sizeof(tbuf), 964bea5d990SVamsi Attunuru "Failed to init outb sa misc params, rc=%d", 965bea5d990SVamsi Attunuru rc); 966bea5d990SVamsi Attunuru rc |= cnxk_eth_outb_sa_idx_put(dev, sa_idx); 9673f3fc330SAkhil Goyal goto err; 968bea5d990SVamsi Attunuru } 969bea5d990SVamsi Attunuru 97069daa9e5SNithin Dabilpuram /* Save userdata */ 97169daa9e5SNithin Dabilpuram outb_priv->userdata = conf->userdata; 97269daa9e5SNithin Dabilpuram outb_priv->sa_idx = sa_idx; 97369daa9e5SNithin Dabilpuram outb_priv->eth_sec = eth_sec; 97469daa9e5SNithin Dabilpuram 97569daa9e5SNithin Dabilpuram /* Save rlen info */ 97669daa9e5SNithin Dabilpuram cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto); 97769daa9e5SNithin Dabilpuram 978d6e6bc5dSAkhil Goyal if (ipsec->options.stats == 1) { 979d6e6bc5dSAkhil Goyal /* Enable mib counters */ 980d6e6bc5dSAkhil Goyal outb_sa_dptr->w0.s.count_mib_bytes = 1; 981d6e6bc5dSAkhil Goyal outb_sa_dptr->w0.s.count_mib_pkts = 1; 982d6e6bc5dSAkhil Goyal } 983d6e6bc5dSAkhil Goyal 98469daa9e5SNithin Dabilpuram /* Prepare session priv */ 98569daa9e5SNithin Dabilpuram sess_priv.sa_idx = outb_priv->sa_idx; 98669daa9e5SNithin Dabilpuram sess_priv.roundup_byte = rlens->roundup_byte; 98769daa9e5SNithin Dabilpuram sess_priv.roundup_len = rlens->roundup_len; 98869daa9e5SNithin Dabilpuram sess_priv.partial_len = rlens->partial_len; 9893c3ea76cSSrujana Challa sess_priv.mode = outb_sa_dptr->w2.s.ipsec_mode; 9903c3ea76cSSrujana Challa sess_priv.outer_ip_ver = outb_sa_dptr->w2.s.outer_ip_ver; 9911e1bfd07SNithin Dabilpuram /* Propagate inner checksum enable from SA to fast path */ 9921e1bfd07SNithin Dabilpuram sess_priv.chksum = (!ipsec->options.ip_csum_enable << 1 | 9931e1bfd07SNithin Dabilpuram !ipsec->options.l4_csum_enable); 9949aa97229SAkhil Goyal sess_priv.dec_ttl = ipsec->options.dec_ttl; 9957c67c489SNithin Dabilpuram if (roc_feature_nix_has_inl_ipsec_mseg() && 9967c67c489SNithin Dabilpuram dev->outb.cpt_eng_caps & BIT_ULL(35)) 997b354dc05SNithin Dabilpuram sess_priv.nixtx_off = 1; 99869daa9e5SNithin Dabilpuram 99969daa9e5SNithin Dabilpuram /* Pointer from eth_sec -> outb_sa */ 100069daa9e5SNithin Dabilpuram eth_sec->sa = outb_sa; 100169daa9e5SNithin Dabilpuram eth_sec->sess = sess; 100269daa9e5SNithin Dabilpuram eth_sec->sa_idx = sa_idx; 100369daa9e5SNithin Dabilpuram eth_sec->spi = ipsec->spi; 100469daa9e5SNithin Dabilpuram 100569daa9e5SNithin Dabilpuram TAILQ_INSERT_TAIL(&dev->outb.list, eth_sec, entry); 100669daa9e5SNithin Dabilpuram dev->outb.nb_sess++; 100769daa9e5SNithin Dabilpuram /* Sync session in context cache */ 10083c3ea76cSSrujana Challa rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa, 10093c3ea76cSSrujana Challa eth_sec->inb, 10103c3ea76cSSrujana Challa sizeof(struct roc_ot_ipsec_outb_sa)); 10113c3ea76cSSrujana Challa if (rc) 10123f3fc330SAkhil Goyal goto err; 10133c3ea76cSSrujana Challa } 101469daa9e5SNithin Dabilpuram if (inbound && inl_dev) 101569daa9e5SNithin Dabilpuram roc_nix_inl_dev_unlock(); 1016fd7d681cSNithin Dabilpuram rte_spinlock_unlock(lock); 101769daa9e5SNithin Dabilpuram 101869daa9e5SNithin Dabilpuram plt_nix_dbg("Created %s session with spi=%u, sa_idx=%u inl_dev=%u", 101969daa9e5SNithin Dabilpuram inbound ? "inbound" : "outbound", eth_sec->spi, 102069daa9e5SNithin Dabilpuram eth_sec->sa_idx, eth_sec->inl_dev); 102169daa9e5SNithin Dabilpuram /* 102269daa9e5SNithin Dabilpuram * Update fast path info in priv area. 102369daa9e5SNithin Dabilpuram */ 10243f3fc330SAkhil Goyal sess->fast_mdata = sess_priv.u64; 102569daa9e5SNithin Dabilpuram 102669daa9e5SNithin Dabilpuram return 0; 10273f3fc330SAkhil Goyal err: 102869daa9e5SNithin Dabilpuram if (inbound && inl_dev) 102969daa9e5SNithin Dabilpuram roc_nix_inl_dev_unlock(); 1030fd7d681cSNithin Dabilpuram rte_spinlock_unlock(lock); 1031fd7d681cSNithin Dabilpuram 1032fd7d681cSNithin Dabilpuram if (rc) 1033fd7d681cSNithin Dabilpuram plt_err("%s", tbuf); 103469daa9e5SNithin Dabilpuram return rc; 103569daa9e5SNithin Dabilpuram } 103669daa9e5SNithin Dabilpuram 103769daa9e5SNithin Dabilpuram static int 103869daa9e5SNithin Dabilpuram cn10k_eth_sec_session_destroy(void *device, struct rte_security_session *sess) 103969daa9e5SNithin Dabilpuram { 104069daa9e5SNithin Dabilpuram struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; 104169daa9e5SNithin Dabilpuram struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); 104214598b31SAkhil Goyal struct cnxk_macsec_sess *macsec_sess; 104369daa9e5SNithin Dabilpuram struct cnxk_eth_sec_sess *eth_sec; 1044fd7d681cSNithin Dabilpuram rte_spinlock_t *lock; 10453c3ea76cSSrujana Challa void *sa_dptr; 104669daa9e5SNithin Dabilpuram 104769daa9e5SNithin Dabilpuram eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); 104814598b31SAkhil Goyal if (!eth_sec) { 104914598b31SAkhil Goyal macsec_sess = cnxk_eth_macsec_sess_get_by_sess(dev, sess); 105014598b31SAkhil Goyal if (macsec_sess) 105114598b31SAkhil Goyal return cnxk_eth_macsec_session_destroy(dev, sess); 105269daa9e5SNithin Dabilpuram return -ENOENT; 105314598b31SAkhil Goyal } 105403b15238SSrujana Challa if (dev->nix.custom_inb_sa) 105503b15238SSrujana Challa return -ENOTSUP; 105669daa9e5SNithin Dabilpuram 1057fd7d681cSNithin Dabilpuram lock = eth_sec->inb ? &dev->inb.lock : &dev->outb.lock; 1058fd7d681cSNithin Dabilpuram rte_spinlock_lock(lock); 1059fd7d681cSNithin Dabilpuram 106069daa9e5SNithin Dabilpuram if (eth_sec->inl_dev) 106169daa9e5SNithin Dabilpuram roc_nix_inl_dev_lock(); 106269daa9e5SNithin Dabilpuram 106369daa9e5SNithin Dabilpuram if (eth_sec->inb) { 106469daa9e5SNithin Dabilpuram /* Disable SA */ 10653c3ea76cSSrujana Challa sa_dptr = dev->inb.sa_dptr; 10665ece02e7SVidya Sagar Velumuri roc_ot_ipsec_inb_sa_init(sa_dptr, true); 106769daa9e5SNithin Dabilpuram 10683c3ea76cSSrujana Challa roc_nix_inl_ctx_write(&dev->nix, sa_dptr, eth_sec->sa, 10693c3ea76cSSrujana Challa eth_sec->inb, 10703c3ea76cSSrujana Challa sizeof(struct roc_ot_ipsec_inb_sa)); 107169daa9e5SNithin Dabilpuram TAILQ_REMOVE(&dev->inb.list, eth_sec, entry); 107269daa9e5SNithin Dabilpuram dev->inb.nb_sess--; 10735e9e008dSNithin Dabilpuram if (eth_sec->inb_oop) 10745e9e008dSNithin Dabilpuram dev->inb.nb_oop--; 10755e9e008dSNithin Dabilpuram 10765e9e008dSNithin Dabilpuram /* Clear offload flags if was used by OOP */ 10775e9e008dSNithin Dabilpuram if (!dev->inb.nb_oop && !dev->inb.reass_en && 10785e9e008dSNithin Dabilpuram dev->rx_offload_flags & NIX_RX_REAS_F) { 10795e9e008dSNithin Dabilpuram dev->rx_offload_flags &= ~NIX_RX_REAS_F; 10805e9e008dSNithin Dabilpuram cn10k_eth_set_rx_function(eth_dev); 10815e9e008dSNithin Dabilpuram } 108269daa9e5SNithin Dabilpuram } else { 108369daa9e5SNithin Dabilpuram /* Disable SA */ 10843c3ea76cSSrujana Challa sa_dptr = dev->outb.sa_dptr; 10855ece02e7SVidya Sagar Velumuri roc_ot_ipsec_outb_sa_init(sa_dptr); 108669daa9e5SNithin Dabilpuram 10873c3ea76cSSrujana Challa roc_nix_inl_ctx_write(&dev->nix, sa_dptr, eth_sec->sa, 10883c3ea76cSSrujana Challa eth_sec->inb, 10893c3ea76cSSrujana Challa sizeof(struct roc_ot_ipsec_outb_sa)); 109069daa9e5SNithin Dabilpuram /* Release Outbound SA index */ 109169daa9e5SNithin Dabilpuram cnxk_eth_outb_sa_idx_put(dev, eth_sec->sa_idx); 109269daa9e5SNithin Dabilpuram TAILQ_REMOVE(&dev->outb.list, eth_sec, entry); 109369daa9e5SNithin Dabilpuram dev->outb.nb_sess--; 109469daa9e5SNithin Dabilpuram } 109569daa9e5SNithin Dabilpuram if (eth_sec->inl_dev) 109669daa9e5SNithin Dabilpuram roc_nix_inl_dev_unlock(); 109769daa9e5SNithin Dabilpuram 1098fd7d681cSNithin Dabilpuram rte_spinlock_unlock(lock); 1099fd7d681cSNithin Dabilpuram 110069daa9e5SNithin Dabilpuram plt_nix_dbg("Destroyed %s session with spi=%u, sa_idx=%u, inl_dev=%u", 110169daa9e5SNithin Dabilpuram eth_sec->inb ? "inbound" : "outbound", eth_sec->spi, 110269daa9e5SNithin Dabilpuram eth_sec->sa_idx, eth_sec->inl_dev); 110369daa9e5SNithin Dabilpuram 110469daa9e5SNithin Dabilpuram return 0; 110569daa9e5SNithin Dabilpuram } 110669daa9e5SNithin Dabilpuram 110769daa9e5SNithin Dabilpuram static const struct rte_security_capability * 110869daa9e5SNithin Dabilpuram cn10k_eth_sec_capabilities_get(void *device __rte_unused) 110969daa9e5SNithin Dabilpuram { 111069daa9e5SNithin Dabilpuram return cn10k_eth_sec_capabilities; 111169daa9e5SNithin Dabilpuram } 111269daa9e5SNithin Dabilpuram 11138efa348eSKiran Kumar K static int 11148efa348eSKiran Kumar K cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, 11158efa348eSKiran Kumar K struct rte_security_session_conf *conf) 11168efa348eSKiran Kumar K { 11178efa348eSKiran Kumar K struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; 11188efa348eSKiran Kumar K struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); 11198efa348eSKiran Kumar K struct rte_security_ipsec_xform *ipsec; 1120590ee5cdSNithin Dabilpuram struct cn10k_sec_sess_priv sess_priv; 11218efa348eSKiran Kumar K struct rte_crypto_sym_xform *crypto; 11228efa348eSKiran Kumar K struct cnxk_eth_sec_sess *eth_sec; 11238efa348eSKiran Kumar K bool inbound; 11248efa348eSKiran Kumar K int rc; 11258efa348eSKiran Kumar K 11268efa348eSKiran Kumar K if (conf->action_type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || 11278efa348eSKiran Kumar K conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) 11288efa348eSKiran Kumar K return -ENOENT; 11298efa348eSKiran Kumar K 11308efa348eSKiran Kumar K ipsec = &conf->ipsec; 11318efa348eSKiran Kumar K crypto = conf->crypto_xform; 11328efa348eSKiran Kumar K inbound = !!(ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS); 11338efa348eSKiran Kumar K 11348efa348eSKiran Kumar K eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); 11358efa348eSKiran Kumar K if (!eth_sec) 11368efa348eSKiran Kumar K return -ENOENT; 11378efa348eSKiran Kumar K 11388efa348eSKiran Kumar K eth_sec->spi = conf->ipsec.spi; 11398efa348eSKiran Kumar K 11408efa348eSKiran Kumar K if (inbound) { 1141590ee5cdSNithin Dabilpuram struct roc_ot_ipsec_inb_sa *inb_sa_dptr, *inb_sa; 1142590ee5cdSNithin Dabilpuram struct cn10k_inb_priv_data *inb_priv; 1143590ee5cdSNithin Dabilpuram 1144590ee5cdSNithin Dabilpuram inb_sa = eth_sec->sa; 1145590ee5cdSNithin Dabilpuram inb_priv = roc_nix_inl_ot_ipsec_inb_sa_sw_rsvd(inb_sa); 11468efa348eSKiran Kumar K inb_sa_dptr = (struct roc_ot_ipsec_inb_sa *)dev->inb.sa_dptr; 11478efa348eSKiran Kumar K memset(inb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_inb_sa)); 11488efa348eSKiran Kumar K 11498efa348eSKiran Kumar K rc = cnxk_ot_ipsec_inb_sa_fill(inb_sa_dptr, ipsec, crypto, 11508efa348eSKiran Kumar K true); 11518efa348eSKiran Kumar K if (rc) 11528efa348eSKiran Kumar K return -EINVAL; 1153590ee5cdSNithin Dabilpuram /* Use cookie for original data */ 1154590ee5cdSNithin Dabilpuram inb_sa_dptr->w1.s.cookie = inb_sa->w1.s.cookie; 1155590ee5cdSNithin Dabilpuram 1156590ee5cdSNithin Dabilpuram if (ipsec->options.stats == 1) { 1157590ee5cdSNithin Dabilpuram /* Enable mib counters */ 1158590ee5cdSNithin Dabilpuram inb_sa_dptr->w0.s.count_mib_bytes = 1; 1159590ee5cdSNithin Dabilpuram inb_sa_dptr->w0.s.count_mib_pkts = 1; 1160590ee5cdSNithin Dabilpuram } 1161590ee5cdSNithin Dabilpuram 1162590ee5cdSNithin Dabilpuram /* Enable out-of-place processing */ 1163590ee5cdSNithin Dabilpuram if (ipsec->options.ingress_oop) 1164590ee5cdSNithin Dabilpuram inb_sa_dptr->w0.s.pkt_format = ROC_IE_OT_SA_PKT_FMT_FULL; 11658efa348eSKiran Kumar K 11668efa348eSKiran Kumar K rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa_dptr, eth_sec->sa, 11678efa348eSKiran Kumar K eth_sec->inb, 11688efa348eSKiran Kumar K sizeof(struct roc_ot_ipsec_inb_sa)); 11698efa348eSKiran Kumar K if (rc) 11708efa348eSKiran Kumar K return -EINVAL; 11718efa348eSKiran Kumar K 1172590ee5cdSNithin Dabilpuram /* Save userdata in inb private area */ 1173590ee5cdSNithin Dabilpuram inb_priv->userdata = conf->userdata; 1174590ee5cdSNithin Dabilpuram } else { 1175590ee5cdSNithin Dabilpuram struct roc_ot_ipsec_outb_sa *outb_sa_dptr, *outb_sa; 1176590ee5cdSNithin Dabilpuram struct cn10k_outb_priv_data *outb_priv; 1177590ee5cdSNithin Dabilpuram struct cnxk_ipsec_outb_rlens *rlens; 1178590ee5cdSNithin Dabilpuram 1179590ee5cdSNithin Dabilpuram outb_sa = eth_sec->sa; 1180590ee5cdSNithin Dabilpuram outb_priv = roc_nix_inl_ot_ipsec_outb_sa_sw_rsvd(outb_sa); 1181590ee5cdSNithin Dabilpuram rlens = &outb_priv->rlens; 11828efa348eSKiran Kumar K outb_sa_dptr = (struct roc_ot_ipsec_outb_sa *)dev->outb.sa_dptr; 11838efa348eSKiran Kumar K memset(outb_sa_dptr, 0, sizeof(struct roc_ot_ipsec_outb_sa)); 11848efa348eSKiran Kumar K 11858efa348eSKiran Kumar K rc = cnxk_ot_ipsec_outb_sa_fill(outb_sa_dptr, ipsec, crypto); 11868efa348eSKiran Kumar K if (rc) 11878efa348eSKiran Kumar K return -EINVAL; 1188590ee5cdSNithin Dabilpuram 1189590ee5cdSNithin Dabilpuram /* Save rlen info */ 1190590ee5cdSNithin Dabilpuram cnxk_ipsec_outb_rlens_get(rlens, ipsec, crypto); 1191590ee5cdSNithin Dabilpuram 1192590ee5cdSNithin Dabilpuram if (ipsec->options.stats == 1) { 1193590ee5cdSNithin Dabilpuram /* Enable mib counters */ 1194590ee5cdSNithin Dabilpuram outb_sa_dptr->w0.s.count_mib_bytes = 1; 1195590ee5cdSNithin Dabilpuram outb_sa_dptr->w0.s.count_mib_pkts = 1; 1196590ee5cdSNithin Dabilpuram } 1197590ee5cdSNithin Dabilpuram 1198590ee5cdSNithin Dabilpuram sess_priv.u64 = 0; 1199590ee5cdSNithin Dabilpuram sess_priv.sa_idx = outb_priv->sa_idx; 1200590ee5cdSNithin Dabilpuram sess_priv.roundup_byte = rlens->roundup_byte; 1201590ee5cdSNithin Dabilpuram sess_priv.roundup_len = rlens->roundup_len; 1202590ee5cdSNithin Dabilpuram sess_priv.partial_len = rlens->partial_len; 1203590ee5cdSNithin Dabilpuram sess_priv.mode = outb_sa_dptr->w2.s.ipsec_mode; 1204590ee5cdSNithin Dabilpuram sess_priv.outer_ip_ver = outb_sa_dptr->w2.s.outer_ip_ver; 1205590ee5cdSNithin Dabilpuram /* Propagate inner checksum enable from SA to fast path */ 1206590ee5cdSNithin Dabilpuram sess_priv.chksum = 1207590ee5cdSNithin Dabilpuram (!ipsec->options.ip_csum_enable << 1 | !ipsec->options.l4_csum_enable); 1208590ee5cdSNithin Dabilpuram sess_priv.dec_ttl = ipsec->options.dec_ttl; 1209590ee5cdSNithin Dabilpuram if (roc_feature_nix_has_inl_ipsec_mseg() && dev->outb.cpt_eng_caps & BIT_ULL(35)) 1210590ee5cdSNithin Dabilpuram sess_priv.nixtx_off = 1; 1211590ee5cdSNithin Dabilpuram 12128efa348eSKiran Kumar K rc = roc_nix_inl_ctx_write(&dev->nix, outb_sa_dptr, eth_sec->sa, 12138efa348eSKiran Kumar K eth_sec->inb, 12148efa348eSKiran Kumar K sizeof(struct roc_ot_ipsec_outb_sa)); 12158efa348eSKiran Kumar K if (rc) 12168efa348eSKiran Kumar K return -EINVAL; 1217590ee5cdSNithin Dabilpuram 1218590ee5cdSNithin Dabilpuram /* Save userdata */ 1219590ee5cdSNithin Dabilpuram outb_priv->userdata = conf->userdata; 1220590ee5cdSNithin Dabilpuram sess->fast_mdata = sess_priv.u64; 12218efa348eSKiran Kumar K } 12228efa348eSKiran Kumar K 12238efa348eSKiran Kumar K return 0; 12248efa348eSKiran Kumar K } 12258efa348eSKiran Kumar K 1226d6e6bc5dSAkhil Goyal static int 1227d6e6bc5dSAkhil Goyal cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, 1228d6e6bc5dSAkhil Goyal struct rte_security_stats *stats) 1229d6e6bc5dSAkhil Goyal { 1230d6e6bc5dSAkhil Goyal struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; 1231d6e6bc5dSAkhil Goyal struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); 1232bc8147e6SAkhil Goyal struct cnxk_macsec_sess *macsec_sess; 1233d6e6bc5dSAkhil Goyal struct cnxk_eth_sec_sess *eth_sec; 1234d6e6bc5dSAkhil Goyal int rc; 1235d6e6bc5dSAkhil Goyal 1236d6e6bc5dSAkhil Goyal eth_sec = cnxk_eth_sec_sess_get_by_sess(dev, sess); 1237bc8147e6SAkhil Goyal if (eth_sec == NULL) { 1238bc8147e6SAkhil Goyal macsec_sess = cnxk_eth_macsec_sess_get_by_sess(dev, sess); 1239bc8147e6SAkhil Goyal if (macsec_sess) 1240bc8147e6SAkhil Goyal return cnxk_eth_macsec_session_stats_get(dev, macsec_sess, stats); 1241d6e6bc5dSAkhil Goyal return -EINVAL; 1242bc8147e6SAkhil Goyal } 1243d6e6bc5dSAkhil Goyal 1244d6e6bc5dSAkhil Goyal rc = roc_nix_inl_sa_sync(&dev->nix, eth_sec->sa, eth_sec->inb, 1245d6e6bc5dSAkhil Goyal ROC_NIX_INL_SA_OP_FLUSH); 1246d6e6bc5dSAkhil Goyal if (rc) 1247d6e6bc5dSAkhil Goyal return -EINVAL; 1248d6e6bc5dSAkhil Goyal rte_delay_ms(1); 1249d6e6bc5dSAkhil Goyal 1250d6e6bc5dSAkhil Goyal stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC; 1251d6e6bc5dSAkhil Goyal 1252d6e6bc5dSAkhil Goyal if (eth_sec->inb) { 1253d6e6bc5dSAkhil Goyal stats->ipsec.ipackets = 1254d6e6bc5dSAkhil Goyal ((struct roc_ot_ipsec_inb_sa *)eth_sec->sa)->ctx.mib_pkts; 1255d6e6bc5dSAkhil Goyal stats->ipsec.ibytes = 1256d6e6bc5dSAkhil Goyal ((struct roc_ot_ipsec_inb_sa *)eth_sec->sa)->ctx.mib_octs; 1257d6e6bc5dSAkhil Goyal } else { 1258d6e6bc5dSAkhil Goyal stats->ipsec.opackets = 1259d6e6bc5dSAkhil Goyal ((struct roc_ot_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_pkts; 1260d6e6bc5dSAkhil Goyal stats->ipsec.obytes = 1261d6e6bc5dSAkhil Goyal ((struct roc_ot_ipsec_outb_sa *)eth_sec->sa)->ctx.mib_octs; 1262d6e6bc5dSAkhil Goyal } 1263d6e6bc5dSAkhil Goyal 1264d6e6bc5dSAkhil Goyal return 0; 1265d6e6bc5dSAkhil Goyal } 1266d6e6bc5dSAkhil Goyal 1267e410eb58SAnkur Dwivedi static void 1268e410eb58SAnkur Dwivedi eth_sec_caps_add(struct rte_security_capability eth_sec_caps[], uint32_t *idx, 1269e410eb58SAnkur Dwivedi const struct rte_security_capability *caps, uint32_t nb_caps) 1270e410eb58SAnkur Dwivedi { 1271e410eb58SAnkur Dwivedi PLT_VERIFY(*idx + nb_caps < SEC_CAPS_LEN); 1272e410eb58SAnkur Dwivedi 1273e410eb58SAnkur Dwivedi rte_memcpy(ð_sec_caps[*idx], caps, nb_caps * sizeof(caps[0])); 1274e410eb58SAnkur Dwivedi *idx += nb_caps; 1275e410eb58SAnkur Dwivedi } 1276e410eb58SAnkur Dwivedi 127747cca253SRahul Bhansali static uint16_t __rte_hot 127847cca253SRahul Bhansali cn10k_eth_sec_inb_rx_inject(void *device, struct rte_mbuf **pkts, 127947cca253SRahul Bhansali struct rte_security_session **sess, uint16_t nb_pkts) 128047cca253SRahul Bhansali { 128147cca253SRahul Bhansali struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; 128247cca253SRahul Bhansali struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); 128347cca253SRahul Bhansali 128447cca253SRahul Bhansali return cn10k_nix_inj_pkts(sess, &dev->inj_cfg, pkts, nb_pkts); 128547cca253SRahul Bhansali } 128647cca253SRahul Bhansali 128747cca253SRahul Bhansali static int 128847cca253SRahul Bhansali cn10k_eth_sec_rx_inject_config(void *device, uint16_t port_id, bool enable) 128947cca253SRahul Bhansali { 129047cca253SRahul Bhansali struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; 129147cca253SRahul Bhansali struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); 129247cca253SRahul Bhansali uint64_t channel, pf_func, inj_match_id = 0xFFFFUL; 129347cca253SRahul Bhansali struct cnxk_ethdev_inj_cfg *inj_cfg; 129447cca253SRahul Bhansali struct roc_nix *nix = &dev->nix; 129547cca253SRahul Bhansali struct roc_cpt_lf *inl_lf; 129647cca253SRahul Bhansali uint64_t sa_base; 129747cca253SRahul Bhansali 129847cca253SRahul Bhansali if (!rte_eth_dev_is_valid_port(port_id)) 129947cca253SRahul Bhansali return -EINVAL; 130047cca253SRahul Bhansali 130147cca253SRahul Bhansali if (eth_dev->data->dev_started || !eth_dev->data->dev_configured) 130247cca253SRahul Bhansali return -EBUSY; 130347cca253SRahul Bhansali 130447cca253SRahul Bhansali if (!roc_nix_inl_inb_rx_inject_enable(nix, dev->inb.inl_dev)) 130547cca253SRahul Bhansali return -ENOTSUP; 130647cca253SRahul Bhansali 130747cca253SRahul Bhansali roc_idev_nix_rx_inject_set(port_id, enable); 130847cca253SRahul Bhansali 130947cca253SRahul Bhansali inl_lf = roc_nix_inl_inb_inj_lf_get(nix); 131047cca253SRahul Bhansali sa_base = roc_nix_inl_inb_sa_base_get(nix, dev->inb.inl_dev); 131147cca253SRahul Bhansali 131247cca253SRahul Bhansali inj_cfg = &dev->inj_cfg; 131347cca253SRahul Bhansali inj_cfg->sa_base = sa_base | eth_dev->data->port_id; 131447cca253SRahul Bhansali inj_cfg->io_addr = inl_lf->io_addr; 131547cca253SRahul Bhansali inj_cfg->lmt_base = nix->lmt_base; 131647cca253SRahul Bhansali channel = roc_nix_get_base_chan(nix); 131725ca149bSAnoob Joseph pf_func = roc_idev_nix_inl_dev_pffunc_get(); 131847cca253SRahul Bhansali inj_cfg->cmd_w0 = pf_func << 48 | inj_match_id << 32 | channel << 4; 131947cca253SRahul Bhansali 132047cca253SRahul Bhansali return 0; 132147cca253SRahul Bhansali } 132247cca253SRahul Bhansali 1323de8c60d1SSrujana Challa #define CPT_LMTST_BURST 32 1324de8c60d1SSrujana Challa static uint16_t 1325de8c60d1SSrujana Challa cn10k_inl_dev_submit(struct roc_nix_inl_dev_q *q, void *inst, uint16_t nb_inst) 1326de8c60d1SSrujana Challa { 1327de8c60d1SSrujana Challa uintptr_t lbase = q->lmt_base; 1328de8c60d1SSrujana Challa uint8_t lnum, shft, loff; 1329de8c60d1SSrujana Challa uint16_t left, burst; 1330de8c60d1SSrujana Challa rte_iova_t io_addr; 1331de8c60d1SSrujana Challa uint16_t lmt_id; 1332de8c60d1SSrujana Challa 1333de8c60d1SSrujana Challa /* Check the flow control to avoid the queue overflow */ 1334de8c60d1SSrujana Challa if (cnxk_nix_inl_fc_check(q->fc_addr, &q->fc_addr_sw, q->nb_desc, nb_inst)) 1335de8c60d1SSrujana Challa return 0; 1336de8c60d1SSrujana Challa 1337de8c60d1SSrujana Challa io_addr = q->io_addr; 1338de8c60d1SSrujana Challa ROC_LMT_CPT_BASE_ID_GET(lbase, lmt_id); 1339de8c60d1SSrujana Challa 1340de8c60d1SSrujana Challa left = nb_inst; 1341de8c60d1SSrujana Challa again: 1342de8c60d1SSrujana Challa burst = left > CPT_LMTST_BURST ? CPT_LMTST_BURST : left; 1343de8c60d1SSrujana Challa 1344de8c60d1SSrujana Challa lnum = 0; 1345de8c60d1SSrujana Challa loff = 0; 1346de8c60d1SSrujana Challa shft = 16; 1347de8c60d1SSrujana Challa memcpy(PLT_PTR_CAST(lbase), inst, burst * sizeof(struct cpt_inst_s)); 1348de8c60d1SSrujana Challa loff = (burst % 2) ? 1 : 0; 1349de8c60d1SSrujana Challa lnum = (burst / 2); 1350de8c60d1SSrujana Challa shft = shft + (lnum * 3); 1351de8c60d1SSrujana Challa 1352de8c60d1SSrujana Challa left -= burst; 1353de8c60d1SSrujana Challa cn10k_nix_sec_steorl(io_addr, lmt_id, lnum, loff, shft); 1354de8c60d1SSrujana Challa rte_io_wmb(); 1355de8c60d1SSrujana Challa if (left) { 1356de8c60d1SSrujana Challa inst = RTE_PTR_ADD(inst, burst * sizeof(struct cpt_inst_s)); 1357de8c60d1SSrujana Challa goto again; 1358de8c60d1SSrujana Challa } 1359de8c60d1SSrujana Challa return nb_inst; 1360de8c60d1SSrujana Challa } 1361de8c60d1SSrujana Challa 136269daa9e5SNithin Dabilpuram void 136369daa9e5SNithin Dabilpuram cn10k_eth_sec_ops_override(void) 136469daa9e5SNithin Dabilpuram { 136569daa9e5SNithin Dabilpuram static int init_once; 1366e410eb58SAnkur Dwivedi uint32_t idx = 0; 136769daa9e5SNithin Dabilpuram 136869daa9e5SNithin Dabilpuram if (init_once) 136969daa9e5SNithin Dabilpuram return; 137069daa9e5SNithin Dabilpuram init_once = 1; 137169daa9e5SNithin Dabilpuram 1372e410eb58SAnkur Dwivedi if (roc_feature_nix_has_inl_ipsec()) 1373e410eb58SAnkur Dwivedi eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx, 1374e410eb58SAnkur Dwivedi cn10k_eth_sec_ipsec_capabilities, 1375e410eb58SAnkur Dwivedi RTE_DIM(cn10k_eth_sec_ipsec_capabilities)); 1376e410eb58SAnkur Dwivedi 1377e410eb58SAnkur Dwivedi if (roc_feature_nix_has_macsec()) 1378e410eb58SAnkur Dwivedi eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx, 1379e410eb58SAnkur Dwivedi cn10k_eth_sec_macsec_capabilities, 1380e410eb58SAnkur Dwivedi RTE_DIM(cn10k_eth_sec_macsec_capabilities)); 1381e410eb58SAnkur Dwivedi 1382e410eb58SAnkur Dwivedi cn10k_eth_sec_capabilities[idx].action = RTE_SECURITY_ACTION_TYPE_NONE; 1383e410eb58SAnkur Dwivedi 138469daa9e5SNithin Dabilpuram /* Update platform specific ops */ 1385ec0931b3SAkhil Goyal cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create; 1386ec0931b3SAkhil Goyal cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create; 1387ec0931b3SAkhil Goyal cnxk_eth_sec_ops.macsec_sa_destroy = cnxk_eth_macsec_sa_destroy; 1388ec0931b3SAkhil Goyal cnxk_eth_sec_ops.macsec_sc_destroy = cnxk_eth_macsec_sc_destroy; 138969daa9e5SNithin Dabilpuram cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create; 139069daa9e5SNithin Dabilpuram cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy; 139169daa9e5SNithin Dabilpuram cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get; 13928efa348eSKiran Kumar K cnxk_eth_sec_ops.session_update = cn10k_eth_sec_session_update; 1393d6e6bc5dSAkhil Goyal cnxk_eth_sec_ops.session_stats_get = cn10k_eth_sec_session_stats_get; 1394bc8147e6SAkhil Goyal cnxk_eth_sec_ops.macsec_sc_stats_get = cnxk_eth_macsec_sc_stats_get; 1395bc8147e6SAkhil Goyal cnxk_eth_sec_ops.macsec_sa_stats_get = cnxk_eth_macsec_sa_stats_get; 139647cca253SRahul Bhansali cnxk_eth_sec_ops.rx_inject_configure = cn10k_eth_sec_rx_inject_config; 139747cca253SRahul Bhansali cnxk_eth_sec_ops.inb_pkt_rx_inject = cn10k_eth_sec_inb_rx_inject; 1398de8c60d1SSrujana Challa 1399de8c60d1SSrujana Challa /* Update platform specific rte_pmd_cnxk ops */ 1400de8c60d1SSrujana Challa cnxk_pmd_ops.inl_dev_submit = cn10k_inl_dev_submit; 140169daa9e5SNithin Dabilpuram } 1402