[PATCH] examples/ipsec-secgw: add security capabilities mapping

Akhil Goyal gakhil at marvell.com
Thu Jul 20 15:21:23 CEST 2023

Previous message (by thread): [PATCH] test: eal: update base-virtaddr parameter test
Next message (by thread): [EXT] Re: [PATCH v2 4/4] app: add testgraph application
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently the cryptodev queue pair mapping was done only
on lookaside crypto capabilities.
But device capabilities for lookaside crypto and
lookaside proto may be different.
Hence, mappings are also added for rte_security_capabilities
of cryptodev.

Signed-off-by: Akhil Goyal <gakhil at marvell.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 41 ++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 72b3bfba9e..3ab7995fd5 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1555,6 +1555,8 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
 	struct lcore_conf *qconf;
 	struct ipsec_ctx *ipsec_ctx;
 	const char *str;
+	void *sec_ctx;
+	const struct rte_security_capability *sec_cap;
 
 	qconf = &lcore_conf[params->lcore_id];
 
@@ -1569,8 +1571,8 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
 	}
 
 	/* Required cryptodevs with operation chaining */
-	if (!(dev_info->feature_flags &
-				RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
+	if (!(dev_info->feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING) &&
+			!(dev_info->feature_flags & RTE_CRYPTODEV_FF_SECURITY))
 		return ret;
 
 	for (i = dev_info->capabilities;
@@ -1600,6 +1602,41 @@ add_cdev_mapping(const struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
 		}
 	}
 
+	sec_ctx = rte_cryptodev_get_sec_ctx(cdev_id);
+	if (sec_ctx == NULL)
+		return ret;
+
+	sec_cap = rte_security_capabilities_get(sec_ctx);
+	if (sec_cap == NULL)
+		return ret;
+
+	for (i = sec_cap->crypto_capabilities;
+			i->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; i++) {
+		if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+			continue;
+
+		if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			ret |= add_mapping(str, cdev_id, qp, params,
+					ipsec_ctx, NULL, NULL, i);
+			continue;
+		}
+
+		if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+			continue;
+
+		for (j = sec_cap->crypto_capabilities;
+				j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
+			if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+				continue;
+
+			if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
+				continue;
+
+			ret |= add_mapping(str, cdev_id, qp, params,
+						ipsec_ctx, i, j, NULL);
+		}
+	}
+
 	return ret;
 }
 
-- 
2.25.1

Previous message (by thread): [PATCH] test: eal: update base-virtaddr parameter test
Next message (by thread): [EXT] Re: [PATCH v2 4/4] app: add testgraph application
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list