On 11/11/2020 6:49 AM, Jiawen Wu wrote:
> Add macsec register enable and setting reset operations.
> Add macsec offload suuport.
>
> Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
<...>
> @@ -1763,6 +1767,10 @@ txgbe_dev_start(struct rte_eth_dev *dev)
> */
> txgbe_dev_link_update(dev, 0);
>
> + /* setup the macsec ctrl register */
> + if (macsec_setting->offload_en)
> + txgbe_dev_macsec_register_enable(dev, macsec_setting);
> +
Is there any piece of code that sets 'offload_en'? This looks like all new added
code is dead code and not called at all...
<...>
> +++ b/drivers/net/txgbe/txgbe_rxtx.c
> @@ -56,6 +56,9 @@ static const u64 TXGBE_TX_OFFLOAD_MASK = (PKT_TX_IP_CKSUM |
> PKT_TX_L4_MASK |
> PKT_TX_TCP_SEG |
> PKT_TX_TUNNEL_MASK |
> +#ifdef RTE_LIBRTE_MACSEC
> + PKT_TX_MACSEC |
> +#endif
Where this macro defined? Who enables it?
@@ -33,6 +33,7 @@ VLAN offload = P
QinQ offload = P
L3 checksum offload = P
L4 checksum offload = P
+MACsec offload = P
Inner L3 checksum = P
Inner L4 checksum = P
Packet type parsing = Y
@@ -487,6 +487,8 @@ eth_txgbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused)
PMD_INIT_FUNC_TRACE();
+ txgbe_dev_macsec_setting_reset(eth_dev);
+
eth_dev->dev_ops = &txgbe_eth_dev_ops;
eth_dev->rx_queue_count = txgbe_dev_rx_queue_count;
eth_dev->rx_descriptor_status = txgbe_dev_rx_descriptor_status;
@@ -1549,6 +1551,8 @@ txgbe_dev_start(struct rte_eth_dev *dev)
uint16_t vf, idx;
uint32_t *link_speeds;
struct txgbe_tm_conf *tm_conf = TXGBE_DEV_TM_CONF(dev);
+ struct txgbe_macsec_setting *macsec_setting =
+ TXGBE_DEV_MACSEC_SETTING(dev);
PMD_INIT_FUNC_TRACE();
@@ -1763,6 +1767,10 @@ txgbe_dev_start(struct rte_eth_dev *dev)
*/
txgbe_dev_link_update(dev, 0);
+ /* setup the macsec ctrl register */
+ if (macsec_setting->offload_en)
+ txgbe_dev_macsec_register_enable(dev, macsec_setting);
+
wr32m(hw, TXGBE_LEDCTL, 0xFFFFFFFF, TXGBE_LEDCTL_ORD_MASK);
txgbe_read_stats_registers(hw, hw_stats);
@@ -5142,6 +5150,85 @@ txgbe_clear_all_l2_tn_filter(struct rte_eth_dev *dev)
return 0;
}
+void
+txgbe_dev_macsec_setting_reset(struct rte_eth_dev *dev)
+{
+ struct txgbe_macsec_setting *macsec = TXGBE_DEV_MACSEC_SETTING(dev);
+
+ macsec->offload_en = 0;
+ macsec->encrypt_en = 0;
+ macsec->replayprotect_en = 0;
+}
+
+void
+txgbe_dev_macsec_register_enable(struct rte_eth_dev *dev,
+ struct txgbe_macsec_setting *macsec_setting)
+{
+ struct txgbe_hw *hw = TXGBE_DEV_HW(dev);
+ uint32_t ctrl;
+ uint8_t en = macsec_setting->encrypt_en;
+ uint8_t rp = macsec_setting->replayprotect_en;
+
+ /**
+ * Workaround:
+ * As no txgbe_disable_sec_rx_path equivalent is
+ * implemented for tx in the base code, and we are
+ * not allowed to modify the base code in DPDK, so
+ * just call the hand-written one directly for now.
+ * The hardware support has been checked by
+ * txgbe_disable_sec_rx_path().
+ */
+ txgbe_disable_sec_tx_path(hw);
+
+ /* Enable Ethernet CRC (required by MACsec offload) */
+ ctrl = rd32(hw, TXGBE_SECRXCTL);
+ ctrl |= TXGBE_SECRXCTL_CRCSTRIP;
+ wr32(hw, TXGBE_SECRXCTL, ctrl);
+
+ /* Enable the TX and RX crypto engines */
+ ctrl = rd32(hw, TXGBE_SECTXCTL);
+ ctrl &= ~TXGBE_SECTXCTL_XDSA;
+ wr32(hw, TXGBE_SECTXCTL, ctrl);
+
+ ctrl = rd32(hw, TXGBE_SECRXCTL);
+ ctrl &= ~TXGBE_SECRXCTL_XDSA;
+ wr32(hw, TXGBE_SECRXCTL, ctrl);
+
+ ctrl = rd32(hw, TXGBE_SECTXIFG);
+ ctrl &= ~TXGBE_SECTXIFG_MIN_MASK;
+ ctrl |= TXGBE_SECTXIFG_MIN(0x3);
+ wr32(hw, TXGBE_SECTXIFG, ctrl);
+
+ /* Enable SA lookup */
+ ctrl = rd32(hw, TXGBE_LSECTXCTL);
+ ctrl &= ~TXGBE_LSECTXCTL_MODE_MASK;
+ ctrl |= en ? TXGBE_LSECTXCTL_MODE_AENC : TXGBE_LSECTXCTL_MODE_AUTH;
+ ctrl &= ~TXGBE_LSECTXCTL_PNTRH_MASK;
+ ctrl |= TXGBE_LSECTXCTL_PNTRH(TXGBE_MACSEC_PNTHRSH);
+ wr32(hw, TXGBE_LSECTXCTL, ctrl);
+
+ ctrl = rd32(hw, TXGBE_LSECRXCTL);
+ ctrl &= ~TXGBE_LSECRXCTL_MODE_MASK;
+ ctrl |= TXGBE_LSECRXCTL_MODE_STRICT;
+ ctrl &= ~TXGBE_LSECRXCTL_POSTHDR;
+ if (rp)
+ ctrl |= TXGBE_LSECRXCTL_REPLAY;
+ else
+ ctrl &= ~TXGBE_LSECRXCTL_REPLAY;
+ wr32(hw, TXGBE_LSECRXCTL, ctrl);
+
+ /* Start the data paths */
+ txgbe_enable_sec_rx_path(hw);
+ /**
+ * Workaround:
+ * As no txgbe_enable_sec_rx_path equivalent is
+ * implemented for tx in the base code, and we are
+ * not allowed to modify the base code in DPDK, so
+ * just call the hand-written one directly for now.
+ */
+ txgbe_enable_sec_tx_path(hw);
+}
+
static const struct eth_dev_ops txgbe_eth_dev_ops = {
.dev_configure = txgbe_dev_configure,
.dev_infos_get = txgbe_dev_info_get,
@@ -62,6 +62,8 @@
#define TXGBE_MISC_VEC_ID RTE_INTR_VEC_ZERO_OFFSET
#define TXGBE_RX_VEC_START RTE_INTR_VEC_RXTX_OFFSET
+#define TXGBE_MACSEC_PNTHRSH 0xFFFFFE00
+
#define TXGBE_MAX_FDIR_FILTER_NUM (1024 * 32)
#define TXGBE_MAX_L2_TN_FILTER_NUM 128
@@ -270,6 +272,12 @@ struct rte_flow {
void *rule;
};
+struct txgbe_macsec_setting {
+ uint8_t offload_en;
+ uint8_t encrypt_en;
+ uint8_t replayprotect_en;
+};
+
/* The configuration of bandwidth */
struct txgbe_bw_conf {
uint8_t tc_num; /* Number of TCs. */
@@ -343,6 +351,7 @@ struct txgbe_tm_conf {
struct txgbe_adapter {
struct txgbe_hw hw;
struct txgbe_hw_stats stats;
+ struct txgbe_macsec_setting macsec_setting;
struct txgbe_hw_fdir_info fdir;
struct txgbe_interrupt intr;
struct txgbe_stat_mappings stat_mappings;
@@ -374,6 +383,9 @@ struct txgbe_adapter {
#define TXGBE_DEV_STATS(dev) \
(&((struct txgbe_adapter *)(dev)->data->dev_private)->stats)
+#define TXGBE_DEV_MACSEC_SETTING(dev) \
+ (&((struct txgbe_adapter *)(dev)->data->dev_private)->macsec_setting)
+
#define TXGBE_DEV_INTR(dev) \
(&((struct txgbe_adapter *)(dev)->data->dev_private)->intr)
@@ -578,6 +590,11 @@ int txgbe_action_rss_same(const struct rte_flow_action_rss *comp,
int txgbe_config_rss_filter(struct rte_eth_dev *dev,
struct txgbe_rte_flow_rss_conf *conf, bool add);
+void txgbe_dev_macsec_register_enable(struct rte_eth_dev *dev,
+ struct txgbe_macsec_setting *macsec_setting);
+
+void txgbe_dev_macsec_setting_reset(struct rte_eth_dev *dev);
+
static inline int
txgbe_ethertype_filter_lookup(struct txgbe_filter_info *filter_info,
uint16_t ethertype)
@@ -56,6 +56,9 @@ static const u64 TXGBE_TX_OFFLOAD_MASK = (PKT_TX_IP_CKSUM |
PKT_TX_L4_MASK |
PKT_TX_TCP_SEG |
PKT_TX_TUNNEL_MASK |
+#ifdef RTE_LIBRTE_MACSEC
+ PKT_TX_MACSEC |
+#endif
PKT_TX_OUTER_IP_CKSUM |
TXGBE_TX_IEEE1588_TMST);