From: Anoob Joseph <anoob.joseph@caviumnetworks.com>
To: Akhil Goyal <akhil.goyal@nxp.com>,
Declan Doherty <declan.doherty@intel.com>,
Radu Nicolau <radu.nicolau@intel.com>,
Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Cc: Jerin Jacob <jerin.jacob@caviumnetworks.com>,
Narayana Prasad <narayanaprasad.athreya@caviumnetworks.com>,
dev@dpdk.org
Subject: [dpdk-dev] [PATCH v2 1/2] lib/security: add support for get metadata
Date: Wed, 22 Nov 2017 06:55:15 +0000 [thread overview]
Message-ID: <1511333716-11955-2-git-send-email-anoob.joseph@caviumnetworks.com> (raw)
In-Reply-To: <1511333716-11955-1-git-send-email-anoob.joseph@caviumnetworks.com>
In case of inline protocol processed ingress traffic, the packet may not
have enough information to determine the security parameters with which
the packet was processed. For such cases, application could register a
64 bit metadata in security session, which could be retrieved from the
packet using "rte_security_get_pkt_metadata" API. Application can use
this metadata to identify the parameters it need.
Application can choose what it should register as the metadata. It can
register SPI or a pointer to SA.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
---
v2:
* Replaced get_session and get_cookie APIs with get_pkt_metadata API
lib/librte_security/rte_security.c | 13 +++++++++++++
lib/librte_security/rte_security.h | 19 +++++++++++++++++++
lib/librte_security/rte_security_driver.h | 16 ++++++++++++++++
3 files changed, 48 insertions(+)
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 1227fca..804f11f 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -108,6 +108,19 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
sess, m, params);
}
+uint64_t
+rte_security_get_pkt_metadata(struct rte_security_ctx *instance,
+ struct rte_mbuf *pkt)
+{
+ uint64_t mdata = 0;
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_pkt_metadata, 0);
+ if (instance->ops->get_pkt_metadata(instance->device, pkt, &mdata))
+ return 0;
+
+ return mdata;
+}
+
const struct rte_security_capability *
rte_security_capabilities_get(struct rte_security_ctx *instance)
{
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 653929b..aa3a471 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -274,6 +274,8 @@ struct rte_security_session_conf {
/**< Configuration parameters for security session */
struct rte_crypto_sym_xform *crypto_xform;
/**< Security Session Crypto Transformations */
+ uint64_t metadata;
+ /**< Metadata registered by application */
};
struct rte_security_session {
@@ -346,6 +348,23 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
struct rte_mbuf *mb, void *params);
/**
+ * Get metadata from the packet. This is an application registered 64 bit
+ * value, associated with the security session which processed the packet.
+ *
+ * This is valid only for inline processed ingress packets.
+ *
+ * @param instance security instance
+ * @param pkt packet mbuf
+ *
+ * @return
+ * - On success, metadata
+ * - On failure, 0
+ */
+uint64_t
+rte_security_get_pkt_metadata(struct rte_security_ctx *instance,
+ struct rte_mbuf *pkt);
+
+/**
* Attach a session to a symmetric crypto operation
*
* @param sym_op crypto operation
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index 997fbe7..da0ebf4 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -122,6 +122,20 @@ typedef int (*security_set_pkt_metadata_t)(void *device,
void *params);
/**
+ * Get application interpretable metadata from the packet.
+ *
+ * @param device Crypto/eth device pointer
+ * @param pkt Packet mbuf
+ * @param mt Pointer to receive metadata
+ *
+ * @return
+ * - Returns 0 if metadata is retrieved successfully.
+ * - Returns -ve value for errors.
+ */
+typedef int (*security_get_pkt_metadata_t)(void *device,
+ struct rte_mbuf *pkt, uint64_t *mt);
+
+/**
* Get security capabilities of the device.
*
* @param device crypto/eth device pointer
@@ -145,6 +159,8 @@ struct rte_security_ops {
/**< Clear a security sessions private data. */
security_set_pkt_metadata_t set_pkt_metadata;
/**< Update mbuf metadata. */
+ security_get_pkt_metadata_t get_pkt_metadata;
+ /**< Get metadata from packet. */
security_capabilities_get_t capabilities_get;
/**< Get security capabilities. */
};
--
2.7.4
next prev parent reply other threads:[~2017-11-22 6:56 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-20 10:31 [dpdk-dev] [PATCH 0/2] add inline protocol support Anoob Joseph
2017-11-20 10:31 ` [dpdk-dev] [PATCH 1/2] lib/security: add support for saving app cookie Anoob Joseph
2017-11-20 12:12 ` Radu Nicolau
2017-11-20 15:32 ` Anoob
2017-11-20 17:49 ` Radu Nicolau
2017-11-20 19:09 ` Anoob Joseph
2017-11-21 10:15 ` Radu Nicolau
2017-11-20 10:31 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add support for inline protocol Anoob Joseph
2017-11-22 6:55 ` [dpdk-dev] [PATCH v2 0/2] add inline protocol support Anoob Joseph
2017-11-22 6:55 ` Anoob Joseph [this message]
2017-11-22 11:29 ` [dpdk-dev] [PATCH v2 1/2] lib/security: add support for get metadata Radu Nicolau
2017-11-22 11:52 ` Anoob
2017-11-22 12:12 ` Radu Nicolau
2017-11-22 13:27 ` Neil Horman
2017-11-22 14:13 ` Anoob
2017-11-27 13:55 ` Neil Horman
2017-11-22 6:55 ` [dpdk-dev] [PATCH v2 2/2] examples/ipsec-secgw: add support for inline protocol Anoob Joseph
2017-11-22 12:21 ` [dpdk-dev] [PATCH v2 0/2] add inline protocol support Nelio Laranjeiro
2017-11-22 12:55 ` Anoob
2017-11-22 13:05 ` Nelio Laranjeiro
2017-11-22 13:38 ` Anoob
2017-11-22 13:53 ` Anoob
2017-11-22 15:13 ` Anoob
2017-11-22 15:25 ` Nelio Laranjeiro
2017-11-23 11:19 ` [dpdk-dev] [PATCH v3 " Anoob Joseph
2017-11-23 11:19 ` [dpdk-dev] [PATCH v3 1/2] lib/security: add support for get metadata Anoob Joseph
2017-11-24 8:50 ` Akhil Goyal
2017-11-24 9:39 ` Radu Nicolau
2017-11-24 10:55 ` Akhil Goyal
2017-11-24 11:17 ` Radu Nicolau
2017-11-24 11:34 ` Akhil Goyal
2017-11-24 11:59 ` Radu Nicolau
2017-11-24 12:03 ` Akhil Goyal
2017-12-06 7:30 ` Anoob
2017-12-06 9:43 ` Radu Nicolau
2017-12-11 7:21 ` Anoob
2017-12-12 8:55 ` Akhil Goyal
2017-12-12 13:50 ` Anoob Joseph
2017-12-13 14:38 ` Akhil Goyal
2017-11-24 12:22 ` Anoob
2017-11-29 5:43 ` Anoob
2017-12-04 9:28 ` Akhil Goyal
2017-12-04 10:16 ` Anoob
2017-11-23 11:19 ` [dpdk-dev] [PATCH v3 2/2] examples/ipsec-secgw: add support for inline protocol Anoob Joseph
2017-12-11 11:02 ` Radu Nicolau
2017-12-15 8:30 ` [dpdk-dev] [PATCH v4 0/2] add inline protocol support Anoob Joseph
2017-12-15 8:30 ` [dpdk-dev] [PATCH v4 1/2] lib/security: add support for get userdata Anoob Joseph
2017-12-15 8:30 ` [dpdk-dev] [PATCH v4 2/2] examples/ipsec-secgw: add support for inline protocol Anoob Joseph
2017-12-15 8:43 ` [dpdk-dev] [PATCH v5 0/2] add inline protocol support Anoob Joseph
2017-12-15 8:43 ` [dpdk-dev] [PATCH v5 1/2] lib/security: add support for get userdata Anoob Joseph
2017-12-15 10:01 ` Akhil Goyal
2017-12-15 10:53 ` Anoob Joseph
2017-12-15 10:58 ` Akhil Goyal
2017-12-15 8:43 ` [dpdk-dev] [PATCH v5 2/2] examples/ipsec-secgw: add support for inline protocol Anoob Joseph
2017-12-15 9:39 ` Nelio Laranjeiro
2017-12-15 11:03 ` Anoob Joseph
2017-12-15 13:35 ` Nelio Laranjeiro
2017-12-15 10:04 ` Akhil Goyal
2017-12-15 11:16 ` Anoob Joseph
2017-12-18 7:15 ` [dpdk-dev] [PATCH v6 0/2] add inline protocol support Anoob Joseph
2017-12-18 7:15 ` [dpdk-dev] [PATCH v6 1/2] lib/security: add support for get userdata Anoob Joseph
2017-12-18 7:34 ` Akhil Goyal
2017-12-18 7:15 ` [dpdk-dev] [PATCH v6 2/2] examples/ipsec-secgw: add support for inline protocol Anoob Joseph
2018-01-08 16:10 ` De Lara Guarch, Pablo
2018-01-09 9:12 ` Akhil Goyal
2018-01-16 11:00 ` Nicolau, Radu
2018-01-09 16:05 ` [dpdk-dev] [PATCH v6 0/2] add inline protocol support De Lara Guarch, Pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1511333716-11955-2-git-send-email-anoob.joseph@caviumnetworks.com \
--to=anoob.joseph@caviumnetworks.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=jerin.jacob@caviumnetworks.com \
--cc=narayanaprasad.athreya@caviumnetworks.com \
--cc=radu.nicolau@intel.com \
--cc=sergio.gonzalez.monroy@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).