From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0085.outbound.protection.outlook.com [104.47.34.85]) by dpdk.org (Postfix) with ESMTP id 05B6711C5 for ; Mon, 28 Aug 2017 16:23:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vN9rzCRGog1EDcMyi64JH8Poa2X/m3R2R/Tz6pk8sXc=; b=Vgy4ZTGmWIFJumoglFio6vbOThxHsfiXj9Y7eb5gGGtOSGSq3N9R2sClc67ew0wvqh9N4fIjsnpZAc9f7BNxaKWeK26PfBMA/Puz21PaDiL72q3PpZF74WnBJB26wFkKc2i56cFxqmREPb1iySHRmOREgGY9GQJjIPidzzgWrb4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=PrasadAthreya.Narayana@cavium.com; Received: from [10.90.207.71] (14.140.2.178) by DM2PR0701MB1068.namprd07.prod.outlook.com (2a01:111:e400:2472::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1385.9; Mon, 28 Aug 2017 14:23:01 +0000 To: dev@dpdk.org From: Narayana Prasad Athreya Message-ID: <1b68515b-bb11-5da7-6a94-b30c04294478@caviumnetworks.com> Date: Mon, 28 Aug 2017 19:53:02 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 X-Originating-IP: [14.140.2.178] X-ClientProxiedBy: CO2PR07CA0071.namprd07.prod.outlook.com (2603:10b6:100::39) To DM2PR0701MB1068.namprd07.prod.outlook.com (2a01:111:e400:2472::21) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b65c82dc-ce10-49d5-5d25-08d4ee204ab1 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0701MB1068; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1068; 3:LFfazttrAa7SxuGLwhV3602j0BQLmMiOJEVFe6/vqrmIGZyFJvgCFXnvI+6AjsD2PQmIMTa3L3UbLa5rlZfdgD7BG1qtOA/a1R3VM9YnZVUPbfzGaN62sox0BQ0JjmZfPbxSHDhzLzvwBz9iwxkTcY9pyxZ3onx31SPfUpKuT0F0UxfDbTuxJmnuNV8E5/YFoNbJ/jftI/0RYOH9PcrjMo2qntj9HjFg/NCl3CWojJkOddRDHQmWbiujYpZW/d54; 25:NBQSk8vXUx8NzxtVZHt2OAr18g1/H6HC553NdhMGFl8h+QqfebO+Ls8mDXNS+T9ZKIOYAuYYLjEgL6m/Tpld64QNrWxl0kIdQttFazzcmdQXRWl4w29dvKWmyp0R4JwpQOK9o5IoyptvvOKagSa8oB+JmIcjHllaIGJcq+SuLLeoUvpKm9RiWDGXxxnLesJVbNRtKZYSF/OkQG9yITn5cfbSeWZch7VtlywDWZ/aiXtI3UHUilLjbFykvqvqb4cb2Zm38vdO9j6UEyuLIJ3f5jBdyjbvCdhJPlenyAek2cW2LUuSRryiDnJXVFbGqv308mo6FfrabwDEJqU9SHw3gA==; 31:ekeMi6gP4m69CHgYrEs0lFHNnhzsSpy9ypwsV+5mCReqOzFXdVn1e+04Su83KNSBbkaeRTbGmegxaL87B4kxSd0IhwAw1MjL+FCAl6vjlAPwvbuTbULDRUBTY51hvlzFlMBKCseZW/1+ywgVsg6YPbK3khXigMSiuz+8wpSd1+ycJlEFk7IjCNuUkkwfHk7lsKlK6LacVHdn+Ru5cdb94tb4lvpLnjRk2CawAl39Hvk= X-MS-TrafficTypeDiagnostic: DM2PR0701MB1068: X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1068; 20:2F4Fn9Em50242UqL3Dk9iqLrAhcRtwe/Orf6EzdWTMEG1ZBCRsKn/1IHSq+J63hD6B2YgmXXkf2PQgxBduQsGj4zhvfsiulKtL6vxY6C7tw++GkhHgoMGlnKpbQerw/lwLMVktOiPBwPtTLpURLn1ShQl0i1PdDnEZq2ZlXPad/e/GzKYOKiDg5sYWSFfcHs1K09UtI2X7A+Bnka5jL5q/wexEC+lpv6DultXhw6LNLhQatTy/6jYVMrb2/rWQ2cEpcM/CNwQKD8U7xnAOnlx7RaDKxdB0FJfnVRH36et7ZFjud09thUcuRv8YpylVewtID9zSKIZ72K7838m9AjsjzFHfL5QY0zPho/mERqhpsCyTU0u7bHxaN4FVTnrP6BUGhK5D+b0ZPMwrCAbYgcWodY2f43JKMp6bGG7nA6t0M19f7vd8MFf9hWwdg/szD5eyhi1D/+C3JBvgMSySzNqKt1Uhc4p5YxVFAeFK+Utu+vrzL6BRSm4c3BHlFSuEgWU+/HatE80AORIuOrIoVvx85oXynhsoZDq1OhYJUYVjjS5983wdrAua7cnaiApZjFHyuaP/xjoyewLX4pg3c6JIS8J+Y0c+VfPJgdzIB2eMg= X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(17755550239193); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(6041248)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0701MB1068; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0701MB1068; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1068; 4:ZNDmTcMq3HtnnYYgNHNdChwA04MGY07UPjuiZeQzOwY+kf6asYsuMYOo7SwMg6QZBicQSbasPL1Rc6mg3nQOVdqlmBpNHedJAgrNrjkqd0cgd8LpXlfvEXz0DzPC2V4FWpLhkcBZwvYIT5U4mS4x22+zbWbiTM0RIzQEKJQvbEKL7j8EA9oqaj4sm9mI7tj4yG8bPFKtqRrXM2qwJCOhphazFOU9n5ixXYbucg4AV23o4y4lAohvovwdcv201k1ju05F7GNs/GF6RusFBQ+cEUosQyPJyzJ1nFCU+aJEuhWC4LDzgWJir9ShFHuWY1xi3GoPPhsd5/VJvYsxnIyjpA== X-Forefront-PRVS: 0413C9F1ED X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(7370300001)(4630300001)(6049001)(6009001)(199003)(189002)(42186005)(5660300001)(101416001)(7736002)(5009440100003)(105586002)(66066001)(6486002)(2351001)(2361001)(65806001)(7350300001)(65956001)(110136004)(106356001)(6246003)(2906002)(81166006)(189998001)(65826007)(42882006)(6916009)(81156014)(54896002)(6116002)(8676002)(3846002)(33646002)(478600001)(72206003)(54356999)(31686004)(68736007)(84326002)(97736004)(64126003)(4001350100001)(77096006)(31696002)(83506001)(36756003)(53936002)(229853002)(25786009)(50986999)(110426004)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR0701MB1068; H:[10.90.207.71]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0701MB1068; 23:lGT7L/OYGjgTAdrPv02cWAdKQXR7QSebj+nf510?= =?us-ascii?Q?DXbfDib+0FlrPdQGYU1cpVowQgfTFS/0waENl7juL1e1nS6bm8cNUR3Kdy+G?= =?us-ascii?Q?58ZDItfd1xnNcFw7pab9Y4KiUxMl1K2Q1s70VFn4p/fBcyl8gPE+R4KvLoYu?= =?us-ascii?Q?I/oymnBO2YUNQsAsvDcf2qOlzQZNkyysyY5sdH+UlCf7nBA766zQKoItmtl+?= =?us-ascii?Q?2a1454HYxRFxKN0caq5T0+2fvm38t62NPcqrq5UcwSqCRfiXjKnCKMyhFLO6?= =?us-ascii?Q?IpYOVJJFeAsSqj/BceiL2OMCJiBgXWxS3BqME4PqT29SArG17Etv3ECVXIkk?= =?us-ascii?Q?GnPHD+jvEeK0ggvZyAj3epu4JhrJvWkc8hUstoX/LWd2G3TumSgQmMAcZuAg?= =?us-ascii?Q?ff7hKE0XZ8F0GOQTXc6KQSSZF2RMrwbz/ldNmpcS8nVq5cKGicIIXzNQy6uG?= =?us-ascii?Q?kQyxCIbPOMmLjDcgEERmKrOO0waxqqyJbZ36iWRqL3bxtdG+nuWhqZKXZL/R?= =?us-ascii?Q?+ORbJlH2og1B5gq9LMOX/Ism+JS8zKm0Fxn7G+Itb1pVXMajsYe02j7097QC?= =?us-ascii?Q?2YIVCIFaaVEUYvcvpl7Ga6aunCvIHhft8qJfSWhW6cZepf6bZFEZmBzxmqqI?= =?us-ascii?Q?K4GPIgzSe8PnPEutWZdP1pd2kOhej1BMOYKuZSuBv93+SaLaLbWyrLd2VRpn?= =?us-ascii?Q?tJHTTZ0ceNH3occ+qeSn4Swke8YEN8sHpVRh+MiuKFALLCe+NEWLIo3iYzPn?= =?us-ascii?Q?3Z1DXJqzVjfubuDTAJ4NJruvme04lk7BhnkjQlmDd9nAZBTrlA3Qd+hmkBHD?= =?us-ascii?Q?8e8a6M+MuxNawuYBTJEXwQvd4mn/Km8g2grC+0HGM0DrY3Boe49xbFQOoD0Z?= =?us-ascii?Q?TdIDczuAC7A0nhcL2NqV7WP5Nkyp3e3UX3QafDz3U5Xq2v/yoVXCurkLne3b?= =?us-ascii?Q?189V/0Tf+AV4SSLeE5M5nFavyY2n8ryyxnS0/e6zJqXqXgXBkGIXYUPIcM39?= =?us-ascii?Q?xLx+cQhDbgMDgiZjZNTTjxi+aNcl5sWn0oF8B7fEX0afsTuV+AL4nHMNTlcF?= =?us-ascii?Q?1bryd/znYhdxGJgwyul5k3QG2Iu07hcjAybK4dEoRo+GiaxEKg97yQHMwx3c?= =?us-ascii?Q?GqgVNN6LCAKX2iExj+G8xnr3GoV9Of4MlbX/d2a/6FlwzpxrFtVOCLIIom/k?= =?us-ascii?Q?gs1DhcCx0+FfEuD9fHW9omEKDITUTe6FahxPIDmk8xMHG2chgo9wrhyJsMHQ?= =?us-ascii?Q?6FqXHUMfeCSO4bQ71LYxQYGKZM8AzAfV4xJeO6T5rki/up0AZ5Rm7+9JAjGC?= =?us-ascii?Q?p1A=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1068; 6:vSwlNzKkZ/2wYS2I7ek1uBvKnQFhnxSo/jkRJxOWUOvNsPJ+axf7X8JH1+QAuoMesqP7Vxj0tWQJbVj4MQABadB0ndG3bl7A3ot3f7nz+CL+VopSr1MZICiyFL0TsD9pBqbw3dao11TAA1ef6rgHyXPgpKOgi0ByOdX0rIMZS4Fy9a+5LvexZUEGamUsgBSm7Z+5+423eOA68S/pOAID5lrksjpIBkYiRPowIII/HI5kHwQmZ0n9fxoaf7GBqOjlu6SAEGO21TECXONQCNdBbPtQXdBhF5fxCQhr/yQQ4ppinrtOV2/2vlHRyW5/281wvbpxUxZxty8p/2EBoglpbQ==; 5:mpeXZC9qaZsN0S2OtARLzrBonCLmBBQZ7+Raz77efRnV/vrY6S0gdsvLgEtoO1OGwcmdLGT9WTPNy12LYqLItv4JhTpNolXscHfO3oOJstJWHanYC8Y80DMn5+dHh6AggjvMzLyEDl7PyeUT2vDB/w==; 24:s1jRtVeJSxeMP98Loyk558KZKv4s8lp3ZDwo68CmHzGXyOGtU2cDynoTd+NiM5LFqFUXiGwKLdfyCxdGGcHvUyUVrZOplT9KWdBEahxdyhY=; 7:QkY6mbI5kUpDf+t48SDj0Wd3+gVuUNag4X2q2FiUafB45uKxh4McVCJKNwq4UswYGbIuWkc8BG/QRx3fJGf2eK1wg9maT26FEndrWqK+UxVvE0TxyjhMAfkbrCcCzCBb1mtAXL+WGdFIuWOrYESqTvHEAwfCs9fXeglKv2EJ0iKfnhB0lwkjixLSdfzLwYpKT1lpOwjEjnF7UJEq+w0RmLD811mdPCA6fwC71pwwUNw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Aug 2017 14:23:01.4803 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0701MB1068 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [RFC PATCH v2 0/4] IPSec Inline and look aside crypto offload X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2017 14:23:05 -0000 > This patchet showcases the definition and usage of the rte_security > APIs described in the RFC v1 sent earlier. > > The data path and configuration path is similar to what was proposed in > version 1. However, rte_security_configure API is removed, as it looked > redundant. > > Also the rte_security.x files are placed inside the lib/librte_cryptodev/ > as the APIs are defined with the help of crypto APIs and it makes more sense > to extend the cryptodev library instead of a separate library which perform > similar actions. > > Some of the parameters of the APIs are also modified for better usability. > The parameter ``dev_name`` is removed as the appropriate device(crypto/eth) > can be obtained by using the action type. > > The patchset is still in work in progress state and there may be some changes > and cleanup in the next version. This is just to enable others to work > in parallel on the crypto offloading using ethernet devices. > > This patchset include the definition of rte_security APIs in patch 1, > changes required in cryptodev in patch 2, sample driver implementation > in patch 3 and ipsec-secgw application changes in patch 4. > > Akhil Goyal (4): > RFC2: rte_security: API definitions > cryptodev: entend cryptodev to support security APIs > crypto/dpaa2_sec: add support for protocol offload ipsec > example/ipsec-secgw: add support for offloading crypto op > > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 368 ++++++++++++++++++++++++- > drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 33 +++ > examples/ipsec-secgw/ipsec.c | 125 ++++++--- > examples/ipsec-secgw/ipsec.h | 13 +- > examples/ipsec-secgw/sa.c | 142 +++++++--- > lib/librte_cryptodev/Makefile | 3 +- > lib/librte_cryptodev/rte_crypto_sym.h | 15 + > lib/librte_cryptodev/rte_cryptodev.h | 20 +- > lib/librte_cryptodev/rte_cryptodev_pmd.h | 35 +++ > lib/librte_cryptodev/rte_security.c | 171 ++++++++++++ > lib/librte_cryptodev/rte_security.h | 409 ++++++++++++++++++++++++++++ > 11 files changed, 1243 insertions(+), 91 deletions(-) > create mode 100644 lib/librte_cryptodev/rte_security.c > create mode 100644 lib/librte_cryptodev/rte_security.h > > -- > 2.9.3 I have a few questions/comments on the v1 and v2 versions of this patch. I accumulated these from a few different cavium stakeholders. 1. conf_ipsec_sa::sa_dir and ipsec_xform::op seem to have same purpose. 2. Its unclear how the Crypto Device will be configured to use a specific Network device and vice-versa. The situation is when the same network port must process IPsec and regular traffic. Should regular traffic also use the singular device? 3. The spec seems to assume PMD Network device. Event driven model is also needed. 4. SA Options for expiry(byte/time) are lacking. 5. Error handling and Status notifications are not specified. These can be tricky in the inline mode of operation, particularly inbound. 6. SA expiry handling is another key aspect which hasn’t been accounted for. 7. No anti-replay window size SA param. 8. ESP TFC padding not addressed. 9. Incremental checksum computation in transport mode ESP doesnt appear to be addressed 10. Didnt spot details for tunnel mode header preservation 11. Selector checking, especially for the inner packet in tunnel mode appears to be missing 12. Dynamic offloading - selectively offload some packets in hardware is a feature we would like to support. 13. Destination queue for IPSEC events: Operations in asynchronous or inline mode enqueue resulting events into this queue. This helps with our 93xx inline ipsec design. 14. If event model (ASYNC) and inline are supported, there should be a “pipeline” classifier option for inbound SAs. 15. Maximum number of destination CoSes is not supported. The same CoS may be used for many SAs. 16. Per protocol header parsing capability after inbound processing is missing. Preferred options : None/L2/L3/L4/ALL protocols. 17. Per protocol outer header retention in inbound processing is missing. Preferred options : None/L2/L3/L4/ALL protocols. Thanks Prasad