From a86e5f56a4ad10b7546ae147177006f169e9d1c3 Mon Sep 17 00:00:00 2001
From: Akhil Goyal <gakhil@marvell.com>
Date: Sun, 8 May 2022 13:18:33 +0530
Subject: [PATCH] net/cnxk: add capabilities for IPsec options

Added supported capabilities for various IPsec SA options.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c | 57 +++++++++++++++++++++++++++--
 1 file changed, 53 insertions(+), 4 deletions(-)

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 70c9a3f763..b535bda6b7 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -280,7 +280,20 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
-			.options = { 0 }
+			.replay_win_sz_max = ROC_AR_WIN_SIZE_MAX,
+			.options = {
+				.udp_encap = 1,
+				.udp_ports_verify = 1,
+				.copy_df = 1,
+				.copy_dscp = 1,
+				.copy_flabel = 1,
+				.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR,
+				.dec_ttl = 1,
+				.ip_csum_enable = 1,
+				.l4_csum_enable = 1,
+				.stats = 0,
+				.esn = 1,
+			},
 		},
 		.crypto_capabilities = cn10k_eth_sec_crypto_caps,
 		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
@@ -292,7 +305,20 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
-			.options = { 0 }
+			.replay_win_sz_max = ROC_AR_WIN_SIZE_MAX,
+			.options = {
+				.iv_gen_disable = 1,
+				.udp_encap = 1,
+				.udp_ports_verify = 1,
+				.copy_df = 1,
+				.copy_dscp = 1,
+				.copy_flabel = 1,
+				.dec_ttl = 1,
+				.ip_csum_enable = 1,
+				.l4_csum_enable = 1,
+				.stats = 0,
+				.esn = 1,
+			},
 		},
 		.crypto_capabilities = cn10k_eth_sec_crypto_caps,
 		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
@@ -304,7 +330,19 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
 			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
-			.options = { 0 }
+			.replay_win_sz_max = ROC_AR_WIN_SIZE_MAX,
+			.options = {
+				.iv_gen_disable = 1,
+				.udp_encap = 1,
+				.udp_ports_verify = 1,
+				.copy_df = 1,
+				.copy_dscp = 1,
+				.dec_ttl = 1,
+				.ip_csum_enable = 1,
+				.l4_csum_enable = 1,
+				.stats = 0,
+				.esn = 1,
+			},
 		},
 		.crypto_capabilities = cn10k_eth_sec_crypto_caps,
 		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
@@ -316,7 +354,18 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
 			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
-			.options = { 0 }
+			.replay_win_sz_max = ROC_AR_WIN_SIZE_MAX,
+			.options = {
+				.udp_encap = 1,
+				.udp_ports_verify = 1,
+				.copy_df = 1,
+				.copy_dscp = 1,
+				.dec_ttl = 1,
+				.ip_csum_enable = 1,
+				.l4_csum_enable = 1,
+				.stats = 0,
+				.esn = 1,
+			},
 		},
 		.crypto_capabilities = cn10k_eth_sec_crypto_caps,
 		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA