From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2A570A0032; Tue, 28 Sep 2021 13:00:16 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B7E1F40E3C; Tue, 28 Sep 2021 13:00:15 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 5FB5740DF6 for ; Tue, 28 Sep 2021 13:00:14 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SAF4rA019495; Tue, 28 Sep 2021 04:00:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=VwYdmVJwEzVU03Q1bGGIiR88o2MNOSHPCveBuyO2PrQ=; b=FhKuO+Wa5s5cRIvYkQ3VgpgD0JTecWCKy6wa16cl9D8kGmxDwcI3etVYAxnxRnmXlAF0 KEAuYWKvLgLHiKLUh9+i9AXAMBVpsAxyg6WfjJQpETSLffqXE+sPJroGXc2fnBUM1mI0 Aiw4W2IVUriQKRDtZdmnkl2ZFME7Y5m4ijZnUVZ7mnSZgiI9GvnfIFP8v2R7dnbUkhyO 1K15OQU97mxcy0R5o/0msYaovnH4LGxgYNyWVfwMijXvxrQ3Ywt6oDnYiceR3D18O87R NNvr4nQCat3RitGM9ljmfaRkIgQxmyEzm+1FvFzNgOu4l9u9MEtsMOO+ePXWOMXJnFXi xA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3bc14pr4vm-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 04:00:13 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 04:00:11 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 04:00:11 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 945145B6978; Tue, 28 Sep 2021 04:00:06 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 28 Sep 2021 16:29:53 +0530 Message-ID: <1632826799-454-1-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1632823662-384-1-git-send-email-anoobj@marvell.com> References: <1632823662-384-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: Nglw7L1hp0lLtfhRE4KYJWArpJfD42B0 X-Proofpoint-GUID: Nglw7L1hp0lLtfhRE4KYJWArpJfD42B0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v4 0/6] Add SA lifetime in security X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add SA lifetime configuration in security. SA lifetime tracking can be offloaded on supported PMDs. SA lifetime would cover soft & hard expiry in units of number of packets and bytes. When SA soft expiry happens, the packet is successfuly processed but with additional expiry notification. Crypto op structure, ``rte_crypto_op`` is updated to cover such notifications with lookaside protocol offloads. SA hard expiration would cause IPsec processing to return an error. PMDs crypto_cn10k, crypto_cn9k and crypto_octeontx2 are updated with their respective lifetime tracking capabilities. Unit tests are added for soft and hard expiry with number of packets. Changes in v4: - Removed extra comments around auxilliary flag macros (comment from Konstantin) Changes in v3: - Removed explicit 0 setting of soft expiry configuration in ipsec-secgw (comment from Konstantin) Changes in v2: - Clear soft expiry configuration in ipsec-secgw - Rebased on v3 of dependent series Anoob Joseph (6): security: add SA lifetime configuration common/cnxk: support lifetime configuration crypto/octeontx2: add checks for life configuration test/crypto: add packets soft expiry cases test/crypto: add packets hard expiry cases examples/ipsec-secgw: clear soft expiry configuration app/test/test_cryptodev.c | 38 +++++++++++- app/test/test_cryptodev_security_ipsec.c | 40 +++++++++++-- app/test/test_cryptodev_security_ipsec.h | 5 +- .../test_cryptodev_security_ipsec_test_vectors.h | 3 - doc/guides/rel_notes/deprecation.rst | 5 -- doc/guides/rel_notes/release_21_11.rst | 13 ++++ drivers/common/cnxk/cnxk_security.c | 70 ++++++++++++++++++++++ drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 48 +++++++++++---- drivers/crypto/cnxk/cn9k_ipsec.c | 6 +- drivers/crypto/octeontx2/otx2_ipsec_po.h | 6 ++ examples/ipsec-secgw/ipsec.c | 1 - examples/ipsec-secgw/ipsec.h | 2 - lib/cryptodev/rte_crypto.h | 12 +++- lib/security/rte_security.h | 28 ++++++++- 14 files changed, 243 insertions(+), 34 deletions(-) -- 2.7.4