From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0063.outbound.protection.outlook.com [104.47.36.63]) by dpdk.org (Postfix) with ESMTP id D45047D4E for ; Thu, 14 Sep 2017 10:29:11 +0200 (CEST) Received: from CY1PR03CA0031.namprd03.prod.outlook.com (10.174.128.41) by BN6PR03MB2689.namprd03.prod.outlook.com (10.173.144.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.12; Thu, 14 Sep 2017 08:29:10 +0000 Received: from BN1AFFO11FD040.protection.gbl (2a01:111:f400:7c10::162) by CY1PR03CA0031.outlook.office365.com (2603:10b6:600::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.12 via Frontend Transport; Thu, 14 Sep 2017 08:29:09 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; NXP1.onmicrosoft.com; dkim=none (message not signed) header.d=none;NXP1.onmicrosoft.com; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1AFFO11FD040.mail.protection.outlook.com (10.58.52.251) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.13.11 via Frontend Transport; Thu, 14 Sep 2017 08:29:08 +0000 Received: from netperf2.ap.freescale.net ([10.232.133.164]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id v8E8T36E025953; Thu, 14 Sep 2017 01:29:04 -0700 From: Akhil Goyal To: CC: , , , , , , , , Date: Thu, 14 Sep 2017 13:56:40 +0530 Message-ID: <20170914082651.26232-1-akhil.goyal@nxp.com> X-Mailer: git-send-email 2.9.3 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131498513491845234; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(336005)(39380400002)(346002)(376002)(39860400002)(2980300002)(1110001)(1109001)(339900001)(189002)(199003)(36756003)(7110500001)(86362001)(15650500001)(2351001)(2906002)(2420400007)(10710500007)(8936002)(6666003)(48376002)(33646002)(50466002)(316002)(53376002)(110136004)(8656003)(50226002)(6916009)(106466001)(4326008)(16586007)(5660300001)(7416002)(97736004)(85426001)(50986999)(104016004)(77096006)(47776003)(5003940100001)(105606002)(1076002)(53936002)(54906002)(6306002)(68736007)(966005)(189998001)(81166006)(8676002)(356003)(81156014)(305945005)(498600001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR03MB2689; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD040; 1:EqxwRjVSaB7sMziG2x+6M17fbDsz3v6C2Gtb/33tz92f/kuFyuKs58Koy/s7QEmPdsZiklYmkJDcaUtSRcSi6iZ+KYR89GG4PzeyCeEPjBc7oo1soqWhLBxGHJFdnK+B MIME-Version: 1.0 Content-Type: text/plain X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0dd178f4-61cd-457b-ff11-08d4fb4aaba0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(2017052603199)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN6PR03MB2689; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2689; 3:1wKyFOmIXUgkGaiBtnrYwaC77tDd0ik+TJw/KI3k9U+IJHLeYD/s+osiCHEXLtJT2COMPjyp2yChkUlRbbAQjQjhr5wGpLr/j2AoThQZ4+cecoEzBJyRSCvkJT1VRLRXsfn+BBMu+ASJHiuuK0/GQ1I2zx09OePmikFeVYyCIcmbSLjCZnCWwhGts/u2EUkubVydhrYTxN/dfvSEqTjkAA/Sdilz2jD9/b/AveHj7CTgmn7X/+XOTKFzuKNj5E9/R6ln6YMtNEV4SD/hdZHxhW3CNMcKSz+RuYm7Yu9s4qPM5vmqy+l+w+Fw0yvHENY0I/2JSj17dFHYJ8wAXzGJ41NAUfEqx4xjbVsgnBoeEHY=; 25:adK/s4h/ynrtowsvsyO0YxlHYeZChO6xQdkchr7kmtEMZr7ct6QGd0TB/1OcdJoOVl3unHujgW+jvZYjEmaMqSOPHsqcLX0re6rChhiEYUlolrlwdCwE5hb96byH5TMUOwvZew5VF/ztGEeWHkOXCL7E6ruEB5qLFqE2CvsYRJqc41x4fVKxRLGr02pPmTFDRE2QL981PSkW+Juv3l4lGR5QUrZc6k8Nnj63bgC9H26UOqt2Zb2NvfkZScN3hNGsREQCYIT9aIwuk8RtMMCsFlvSW7zEHZpANymL+f2Ym8pCKtOwGgm4Tz0q1fxWakxBo+ZGcoiBa2s24djCQRSYzQ== X-MS-TrafficTypeDiagnostic: BN6PR03MB2689: X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2689; 31:pgc9hcRqU8eD7XpqERstTzV7YW0jH/ehKmrK4CwtLvLjlT5yXK+3O7ynud5vN0S6P65xurB6+I3ESGjt0XJEUodEK786a8QJt8Vc6Jilphp6gHj1rnw8q6CVcr+VOW5g4zVTP/tu8emSZzSiFLXAqKV1By6HM6F6/8YkFlPLqdynr1HyZngvXsQ6M8IbRaFZSYwh78eYiK86tHeuIVJqqQFApPL/oJeZ2iHLgTfHq6I=; 4:4qBEM11a+8F05sHg9m9a5svUhqEMS5ULZAoqIAsYYGLpnR3vbU8LHogTYgsyKNe6cfcgs7ocOWsudvEAsxsFtSBLOdJIvbNZl2+WmQf50MwufTKwngMcJs8wsH29rr5KtvB7eDmG7NGFYVO0xmc3+jZHDhm/FpRE9jZ0GnKQaUfVq0upwAUWtaReEEIXHkXvP+1zG2EC2daEwsOtRZjbUZz1uvMFIAOEA2959Q0jtCqe8IziIVNAHcPuk7q1WAwwne2L3JYAwws+2mAh0lAxyrrlqQ5VgGzv0YvHeUh3tZM= X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(6055026)(6096035)(20161123563025)(20161123556025)(20161123565025)(201703131430075)(201703131433075)(201703131448075)(201703161259150)(201703151042153)(20161123559100)(20161123561025)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN6PR03MB2689; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN6PR03MB2689; X-Forefront-PRVS: 0430FA5CB7 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR03MB2689; 23:+18U7s4pgk9PZ1nso0FRSPR0YoOXEErPVyQXbT4ob?= =?us-ascii?Q?bHu28YbpA1Lme1DKJe5eR9x5GAM/COZ8si68l7PZVbmKLEvtItRSlmhKYOgD?= =?us-ascii?Q?51QwBRdZgUgOcN6vKyPnty15iKdj+8gDjqiIcbhhdD4KX8JDy4uWpY0ngU9C?= =?us-ascii?Q?FQkFTBWsuhRYw0bFgjNumj2KZolRSVsLvmeqJa8GMC0aNgejBWWBIXixqUuN?= =?us-ascii?Q?n+V/XPF4WlVitCMRXuuMh8Ea8mD3WSFb2b2Mx/iRnTmIcaNqDHU62RtFtzZ4?= =?us-ascii?Q?I+/Uz8/lsDLyIOozTLfPjR4DdZKwL1J0gBNhSUZkYJQ4bJt+8I8BNAGKLVWe?= =?us-ascii?Q?q5JgIeDCwcQX5i726JmrgxPBiDabewdnIOO8JUGpqCusYV6yQB91tFXWWmAc?= =?us-ascii?Q?VlrlazbMCzkcyQ89Qp77EYVVeY0RB9KmUjwcsfsMrZHOQdo9/+K45znNzZi8?= =?us-ascii?Q?tvL5qJ/29ei2PTKB+GCJwSuN96crKdTJ4gHom7Y8fdbvtJoilMVRk+jS4Wnd?= =?us-ascii?Q?1JFqCulYTCGWBjrBWwMGw7HN9tFVVcizTJhPBFMYEUaczpS480s8A0EDVuCb?= =?us-ascii?Q?gUCIr00e16N4Xis+t4lJ9E4X0qlqVF3GuUhYCgJUkrpXtWhhmmDDMGAWA9ww?= =?us-ascii?Q?0p/PsqeIifcOVRkuIFmgOADb0dX1M1StFZB4mOE9vdXv6anGR0kY+WfBSgz9?= =?us-ascii?Q?No8QBl06s84/2XG4LqyWQ3A3lrzJWrexjy+z/vSj82zbc9gS4HcYrAyithsF?= =?us-ascii?Q?TlMltog2cufYcuBFhqxIiiV9Kx/3SVrQ12TlG1+EGArKuwo40hnZfwbnxphk?= =?us-ascii?Q?ZVxIX4vsMh2E2mMHXllc/zmS7hLUOSyLvdIQR2dIKnQOFLhcpQeebiq1F5da?= =?us-ascii?Q?8WNH0PLZdx/9rGD159+jmi919KHDEnQY0X8dRkpleDvxDDT/92t9IYFp7Lvp?= =?us-ascii?Q?3mpBUokcIR7wIHc+tU8jA05tkFM8vb6+Zql6kZQm3oztZMD+VD3F+YZgti4F?= =?us-ascii?Q?nvg5hyPtt3wx4mgXMigK5UpuBu4BKI/QhuhgMlQK8BoUdswIEebKbx0wD15U?= =?us-ascii?Q?zT9ypryGc05DMOqf7aQ5azvNQeMzoDYTNbpfhFTf1TlGOEWe74UFvZPoDkx4?= =?us-ascii?Q?Ph/2yt2+B7n5o0PgwMcM6PQKWfMJFLF8EUt+qesf//nu6ZqmbAWzCeLcnzVy?= =?us-ascii?Q?xbdbJ9rchNP0YW/LmpaPh3/HBRqzynYf3oYg8yDtqqdKGXdyjMpk1ru+Uf3r?= =?us-ascii?Q?mzifVMzJRv7xVMkDRRM/YtnLC6m1Xv/bYTdREw96VDkHbu0nIg1JgKCY4uVl?= =?us-ascii?Q?07oM4pHsHdzHuH4fX8vF2Vr6JbEJD+PD3urf8XbXv1I?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2689; 6:BFZfTgns4zOFCajHazI7SVVE034eP0fUgBWUlek0MSbUq0tOWlEp53ds4QbETNC3//bWack0nilvzEmigYRLFaPNFQKD15ryjVI0BxhP1Pv6fXnkw5Fe9J0KPshwncSaoDYBfzFvsDGRzQjXi3rO+KPX+4lJdRMk9F7W2jmSvJkiSq/U1C75yVQnFSON5UcfcHtD5n6DftoRt+8auCGXsR8i/aOXpQhi/orbueronIJG5Qgl6WmS5+O0H/5w8A4fhKoZCu3fXeg1lMTAaZ2tHujCrDp/Nr/Cx0U1PasAyIt2XfEQL11lAk+KVtCqAfxr5JWN5RXaYp94yrZtl2w2yA==; 5:eVOdp1cwb2gOMSZmtAbxP8vrQrMmJrflJcgVEsaid/KxI7grgJxcZSaRSouPJRKqVZgsN1MlDn9V/oZQOZWx+XHR0Gm63plVR3y32J/6xYephURCLVhksomGDl2kikWFp4r2M99nkDY/KHiyvKFT9w==; 24:1mOK5pdk081CUt4nGokhfIEe1UlAuN/vRxEACZC+UpYvPk82LqBPmU0BIbRbZ6Y5aN5rN3a6A2WM3Rwhb7GPu/diqwYNBWIfEK8fZPGZLVA=; 7:lbEM+S10w2Kn7RV2F01w123WOt3XXu2uMnyXTiL9jxxlBwh2Tt9P9RCev0lMzJssYb8ic5Xs6QgifpKxAXl9k7RCHbeSTdsYPAlfKVSVREDyMfYCO/50fZa3Fum1lTU7mSRmRQ8/P9+DZoa+AyPiIzB/lKuycc9UOAYYRJwBi7frv7LT8wB4KrzYTdtCb4oVWxkes9pbyYQdYN0VaCh7+PgpVYz4ZXX6kKfFztn1y7k= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2017 08:29:08.9973 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2689 Subject: [dpdk-dev] [PATCH 00/11] introduce security offload library X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2017 08:29:12 -0000 This patchset introduce the rte_security library in DPDK. This also includes the sample implementation of drivers and changes in ipsec gateway application to demonstrate its usage. rte_security library is implemented on the idea proposed earlier [1],[2],[3] to support IPsec Inline and look aside crypto offload. Though the current focus is only on IPsec protocol, but the library is not limited to IPsec, it can be extended to other security protocols e.g. MACSEC, PDCP or DTLS. In this library, crypto/ethernet devices can register itself to the security library to support security offload. The library support 3 modes of operation 1. full protocol offload using crypto devices. (RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) 2. inline ipsec using ethernet devices to perform crypto operations (RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) 3. full protocol offload using ethernet devices. (RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) The details for each mode is documented in the patchset in doc/guides/prog_guide/rte_security.rst The modification in the application ipsec-secgw is also doocumented in doc/guides/sample_app_ug/ipsec_secgw.rst This patchset is also available at: git://dpdk.org/draft/dpdk-draft-ipsec branch: integration To Do: 1. update documentation for rte_flow 2. unregister device to security library is incomplete 3. test application support Future enhancements: 1. for full protocol offload - error handling and notification cases 2. add more security protocols Reference: [1] http://dpdk.org/ml/archives/dev/2017-July/070793.html [2] http://dpdk.org/ml/archives/dev/2017-July/071893.html [3] http://dpdk.org/ml/archives/dev/2017-August/072900.html Akhil Goyal (6): lib/rte_security: add security library doc: add details of rte security cryptodev: extend cryptodev to support security APIs mk: add rte security into build system crypto/dpaa2_sec: add support for protocol offload ipsec examples/ipsec-secgw: add support for security offload Boris Pismenny (3): lib/librte_net: add ESP header to generic flow steering lib/librte_mbuf: add security crypto flags and mbuf fields ethdev: add rte flow action for crypto Declan Doherty (1): ethdev: extend ethdev to support security APIs Radu Nicolau (1): net/ixgbe: enable inline ipsec MAINTAINERS | 6 + config/common_base | 7 + doc/api/doxy-api-index.md | 4 +- doc/api/doxy-api.conf | 1 + doc/guides/cryptodevs/features/default.ini | 1 + doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 + doc/guides/prog_guide/index.rst | 1 + doc/guides/prog_guide/rte_security.rst | 552 +++++++++++++++++ doc/guides/sample_app_ug/ipsec_secgw.rst | 52 +- drivers/crypto/Makefile | 2 +- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 402 +++++++++++- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 62 ++ drivers/net/Makefile | 2 +- drivers/net/ixgbe/Makefile | 4 +- drivers/net/ixgbe/ixgbe_ethdev.c | 13 + drivers/net/ixgbe/ixgbe_ethdev.h | 10 +- drivers/net/ixgbe/ixgbe_flow.c | 27 + drivers/net/ixgbe/ixgbe_ipsec.c | 815 +++++++++++++++++++++++++ drivers/net/ixgbe/ixgbe_ipsec.h | 145 +++++ drivers/net/ixgbe/ixgbe_rxtx.c | 63 +- drivers/net/ixgbe/ixgbe_rxtx.h | 4 + drivers/net/ixgbe/ixgbe_rxtx_vec_sse.c | 44 ++ examples/ipsec-secgw/esp.c | 101 ++- examples/ipsec-secgw/esp.h | 10 - examples/ipsec-secgw/ipsec-secgw.c | 5 + examples/ipsec-secgw/ipsec.c | 275 +++++++-- examples/ipsec-secgw/ipsec.h | 32 +- examples/ipsec-secgw/sa.c | 151 +++-- lib/Makefile | 5 + lib/librte_cryptodev/rte_crypto.h | 3 +- lib/librte_cryptodev/rte_crypto_sym.h | 2 + lib/librte_cryptodev/rte_cryptodev.c | 10 + lib/librte_cryptodev/rte_cryptodev.h | 8 +- lib/librte_cryptodev/rte_cryptodev_version.map | 7 + lib/librte_ether/rte_ethdev.c | 11 + lib/librte_ether/rte_ethdev.h | 22 +- lib/librte_ether/rte_ethdev_version.map | 7 + lib/librte_ether/rte_flow.h | 56 ++ lib/librte_mbuf/rte_mbuf.c | 6 + lib/librte_mbuf/rte_mbuf.h | 32 +- lib/librte_net/Makefile | 2 +- lib/librte_net/rte_esp.h | 60 ++ lib/librte_security/Makefile | 53 ++ lib/librte_security/rte_security.c | 252 ++++++++ lib/librte_security/rte_security.h | 494 +++++++++++++++ lib/librte_security/rte_security_driver.h | 181 ++++++ lib/librte_security/rte_security_version.map | 13 + mk/rte.app.mk | 1 + 48 files changed, 3862 insertions(+), 155 deletions(-) create mode 100644 doc/guides/prog_guide/rte_security.rst create mode 100644 drivers/net/ixgbe/ixgbe_ipsec.c create mode 100644 drivers/net/ixgbe/ixgbe_ipsec.h create mode 100644 lib/librte_net/rte_esp.h create mode 100644 lib/librte_security/Makefile create mode 100644 lib/librte_security/rte_security.c create mode 100644 lib/librte_security/rte_security.h create mode 100644 lib/librte_security/rte_security_driver.h create mode 100644 lib/librte_security/rte_security_version.map -- 2.9.3