* [dpdk-dev] [RFC] net/mlx5: add IPsec offload support
@ 2021-03-16 16:28 Slava Ovsiienko
2021-03-16 17:13 ` Thomas Monjalon
0 siblings, 1 reply; 2+ messages in thread
From: Slava Ovsiienko @ 2021-03-16 16:28 UTC (permalink / raw)
To: dev; +Cc: Matan Azrad, Shahaf Shuler, Ori Kam, Asaf Penso, Thomas Monjalon
The DPDK ethernet device might support the offload for security
operations. Since ConnectX-6DX the hardware implements the
cryptographic options required to provide the IPsec protocol
offload and there is an intention to update mlx5 PMD to make this
security offload capability available.
The minimal required set of offload options to be supported:
- crypto inline offload only
(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
- ESP protocol only (AH will be not supported)
- AES-GCM 128/256 algorithms
- support both Transport and Tunnel modes
- operate on BlueField-2, ConnectX-6DX and above
- support both IPv4 and IPv6
- VXLAN/GRE tunnel support
The common updates in mlx5 PMD include the standard security
context API support:
- rte_security_capabilities_get()
- rte_security_session_get_size()
- rte_security_session_create()
- rte_security_session_destroy()
- rte_security_session_update()
The mlx5 data path update includes:
- RTE_SECURITY_DYNFIELD_NAME mbuf dynamic field support
- rte_security_get_user_data()
- rte_security_get_stats_get()
- PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD_FAILED,
PKT_TX_SEC_OFFLOAD mbuf flags support
- report of DEV_RX_OFFLOAD_SECURITY and DEV_TX_OFFLOAD_SECURITY
The mlx5 rte_flow API update includes:
- RTE_FLOW_ACTION_TYPE_SECURITY action support
- RTE_FLOW_ITEM_TYPE_ESP item support
- support RSS over ESP option
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dpdk-dev] [RFC] net/mlx5: add IPsec offload support
2021-03-16 16:28 [dpdk-dev] [RFC] net/mlx5: add IPsec offload support Slava Ovsiienko
@ 2021-03-16 17:13 ` Thomas Monjalon
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Monjalon @ 2021-03-16 17:13 UTC (permalink / raw)
To: Slava Ovsiienko
Cc: dev, Matan Azrad, Shahaf Shuler, Ori Kam, Asaf Penso,
Akhil Goyal, Konstantin Ananyev, Radu Nicolau, Declan Doherty,
Anoob Joseph
+Cc Akhil, Anoob, Konstantin, Radu & Declan
16/03/2021 17:28, Slava Ovsiienko:
> The DPDK ethernet device might support the offload for security
> operations. Since ConnectX-6DX the hardware implements the
> cryptographic options required to provide the IPsec protocol
> offload and there is an intention to update mlx5 PMD to make this
> security offload capability available.
>
> The minimal required set of offload options to be supported:
> - crypto inline offload only
> (RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
> - ESP protocol only (AH will be not supported)
> - AES-GCM 128/256 algorithms
> - support both Transport and Tunnel modes
> - operate on BlueField-2, ConnectX-6DX and above
> - support both IPv4 and IPv6
> - VXLAN/GRE tunnel support
>
> The common updates in mlx5 PMD include the standard security
> context API support:
> - rte_security_capabilities_get()
> - rte_security_session_get_size()
> - rte_security_session_create()
> - rte_security_session_destroy()
> - rte_security_session_update()
>
> The mlx5 data path update includes:
> - RTE_SECURITY_DYNFIELD_NAME mbuf dynamic field support
> - rte_security_get_user_data()
> - rte_security_get_stats_get()
> - PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD_FAILED,
> PKT_TX_SEC_OFFLOAD mbuf flags support
> - report of DEV_RX_OFFLOAD_SECURITY and DEV_TX_OFFLOAD_SECURITY
>
> The mlx5 rte_flow API update includes:
> - RTE_FLOW_ACTION_TYPE_SECURITY action support
> - RTE_FLOW_ITEM_TYPE_ESP item support
> - support RSS over ESP option
>
> Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-16 17:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-16 16:28 [dpdk-dev] [RFC] net/mlx5: add IPsec offload support Slava Ovsiienko
2021-03-16 17:13 ` Thomas Monjalon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).