DPDK patches and discussions
 help / color / mirror / Atom feed
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
	Declan Doherty <declan.doherty@intel.com>,
	Fan Zhang <roy.fan.zhang@intel.com>,
	"Konstantin Ananyev" <konstantin.ananyev@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
	Jerin Jacob <jerinj@marvell.com>,
	Archana Muniganti <marchana@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>,
	Hemant Agrawal <hemant.agrawal@nxp.com>,
	"Radu Nicolau" <radu.nicolau@intel.com>,
	Ciara Power <ciara.power@intel.com>,
	Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v4 0/6] Add SA lifetime in security
Date: Tue, 28 Sep 2021 16:29:53 +0530	[thread overview]
Message-ID: <1632826799-454-1-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1632823662-384-1-git-send-email-anoobj@marvell.com>

Add SA lifetime configuration in security. SA lifetime tracking can be
offloaded on supported PMDs.

SA lifetime would cover soft & hard expiry in units of number of packets and
bytes. When SA soft expiry happens, the packet is successfuly processed but
with additional expiry notification. Crypto op structure, ``rte_crypto_op``
is updated to cover such notifications with lookaside protocol offloads.

SA hard expiration would cause IPsec processing to return an error.

PMDs crypto_cn10k, crypto_cn9k and crypto_octeontx2 are updated with their
respective lifetime tracking capabilities. Unit tests are added for soft and
hard expiry with number of packets.

Changes in v4:
- Removed extra comments around auxilliary flag macros
  (comment from Konstantin)

Changes in v3:
- Removed explicit 0 setting of soft expiry configuration in
  ipsec-secgw (comment from Konstantin)

Changes in v2:
- Clear soft expiry configuration in ipsec-secgw
- Rebased on v3 of dependent series

Anoob Joseph (6):
  security: add SA lifetime configuration
  common/cnxk: support lifetime configuration
  crypto/octeontx2: add checks for life configuration
  test/crypto: add packets soft expiry cases
  test/crypto: add packets hard expiry cases
  examples/ipsec-secgw: clear soft expiry configuration

 app/test/test_cryptodev.c                          | 38 +++++++++++-
 app/test/test_cryptodev_security_ipsec.c           | 40 +++++++++++--
 app/test/test_cryptodev_security_ipsec.h           |  5 +-
 .../test_cryptodev_security_ipsec_test_vectors.h   |  3 -
 doc/guides/rel_notes/deprecation.rst               |  5 --
 doc/guides/rel_notes/release_21_11.rst             | 13 ++++
 drivers/common/cnxk/cnxk_security.c                | 70 ++++++++++++++++++++++
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c          | 48 +++++++++++----
 drivers/crypto/cnxk/cn9k_ipsec.c                   |  6 +-
 drivers/crypto/octeontx2/otx2_ipsec_po.h           |  6 ++
 examples/ipsec-secgw/ipsec.c                       |  1 -
 examples/ipsec-secgw/ipsec.h                       |  2 -
 lib/cryptodev/rte_crypto.h                         | 12 +++-
 lib/security/rte_security.h                        | 28 ++++++++-
 14 files changed, 243 insertions(+), 34 deletions(-)

-- 
2.7.4


  parent reply	other threads:[~2021-09-28 11:00 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-17 13:42 [dpdk-dev] [PATCH 0/5] " Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 1/5] security: add SA lifetime configuration Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 2/5] common/cnxk: support " Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 3/5] crypto/octeontx2: add checks for life configuration Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 4/5] test/crypto: add packets soft expiry tests Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 5/5] test/crypto: add packets hard " Anoob Joseph
2021-09-07 16:32 ` [dpdk-dev] [PATCH v2 0/6] Add SA lifetime in security Anoob Joseph
2021-09-07 16:32   ` [dpdk-dev] [PATCH v2 1/6] security: add SA lifetime configuration Anoob Joseph
2021-09-16 11:06     ` Ananyev, Konstantin
2021-09-17  4:48       ` Anoob Joseph
2021-09-07 16:32   ` [dpdk-dev] [PATCH v2 2/6] common/cnxk: support " Anoob Joseph
2021-09-07 16:32   ` [dpdk-dev] [PATCH v2 3/6] crypto/octeontx2: add checks for life configuration Anoob Joseph
2021-09-07 16:32   ` [dpdk-dev] [PATCH v2 4/6] test/crypto: add packets soft expiry tests Anoob Joseph
2021-09-07 16:32   ` [dpdk-dev] [PATCH v2 5/6] test/crypto: add packets hard " Anoob Joseph
2021-09-07 16:32   ` [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: clear soft expiry configuration Anoob Joseph
2021-09-16 11:11     ` Ananyev, Konstantin
2021-09-28 10:07   ` [dpdk-dev] [PATCH v3 0/6] Add SA lifetime in security Anoob Joseph
2021-09-28 10:07     ` [dpdk-dev] [PATCH v3 1/6] security: add SA lifetime configuration Anoob Joseph
2021-09-28 10:07     ` [dpdk-dev] [PATCH v3 2/6] common/cnxk: support " Anoob Joseph
2021-09-28 10:07     ` [dpdk-dev] [PATCH v3 3/6] crypto/octeontx2: add checks for life configuration Anoob Joseph
2021-09-28 10:07     ` [dpdk-dev] [PATCH v3 4/6] test/crypto: add packets soft expiry tests Anoob Joseph
2021-09-28 10:07     ` [dpdk-dev] [PATCH v3 5/6] test/crypto: add packets hard " Anoob Joseph
2021-09-28 10:07     ` [dpdk-dev] [PATCH v3 6/6] examples/ipsec-secgw: clear soft expiry configuration Anoob Joseph
2021-09-28 10:59     ` Anoob Joseph [this message]
2021-09-28 10:59       ` [dpdk-dev] [PATCH v4 1/6] security: add SA lifetime configuration Anoob Joseph
2021-09-28 10:59       ` [dpdk-dev] [PATCH v4 2/6] common/cnxk: support " Anoob Joseph
2021-09-28 10:59       ` [dpdk-dev] [PATCH v4 3/6] crypto/octeontx2: add checks for life configuration Anoob Joseph
2021-09-28 10:59       ` [dpdk-dev] [PATCH v4 4/6] test/crypto: add packets soft expiry cases Anoob Joseph
2021-09-28 10:59       ` [dpdk-dev] [PATCH v4 5/6] test/crypto: add packets hard " Anoob Joseph
2021-09-28 10:59       ` [dpdk-dev] [PATCH v4 6/6] examples/ipsec-secgw: clear soft expiry configuration Anoob Joseph
2021-09-28 14:40       ` [dpdk-dev] [PATCH v4 0/6] Add SA lifetime in security Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1632826799-454-1-git-send-email-anoobj@marvell.com \
    --to=anoobj@marvell.com \
    --cc=ciara.power@intel.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=g.singh@nxp.com \
    --cc=gakhil@marvell.com \
    --cc=hemant.agrawal@nxp.com \
    --cc=jerinj@marvell.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=ktejasree@marvell.com \
    --cc=marchana@marvell.com \
    --cc=radu.nicolau@intel.com \
    --cc=roy.fan.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).