From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0053.outbound.protection.outlook.com [104.47.41.53]) by dpdk.org (Postfix) with ESMTP id 3169C1B216 for ; Fri, 6 Oct 2017 20:14:37 +0200 (CEST) Received: from BN6PR03CA0078.namprd03.prod.outlook.com (10.164.122.144) by BN6PR03MB2691.namprd03.prod.outlook.com (10.173.144.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Fri, 6 Oct 2017 18:14:34 +0000 Received: from BY2FFO11FD025.protection.gbl (2a01:111:f400:7c0c::108) by BN6PR03CA0078.outlook.office365.com (2603:10b6:405:6f::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.56.11 via Frontend Transport; Fri, 6 Oct 2017 18:14:34 +0000 Authentication-Results: spf=fail (sender IP is 192.88.158.2) smtp.mailfrom=nxp.com; NXP1.onmicrosoft.com; dkim=none (message not signed) header.d=none;NXP1.onmicrosoft.com; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.158.2 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.158.2; helo=az84smr01.freescale.net; Received: from az84smr01.freescale.net (192.88.158.2) by BY2FFO11FD025.mail.protection.outlook.com (10.1.15.214) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.77.10 via Frontend Transport; Fri, 6 Oct 2017 18:14:34 +0000 Received: from netperf2.ap.freescale.net ([10.232.133.164]) by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id v96IERoY027297; Fri, 6 Oct 2017 11:14:28 -0700 From: Akhil Goyal To: CC: , , , , , , , , , , , , Date: Fri, 6 Oct 2017 23:41:39 +0530 Message-ID: <20171006181151.4758-1-akhil.goyal@nxp.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20171003131413.23846-1-akhil.goyal@nxp.com> References: <20171003131413.23846-1-akhil.goyal@nxp.com> X-EOPAttributedMessage: 0 X-Matching-Connectors: 131517872742690761; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.158.2; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(7966004)(336005)(346002)(39380400002)(39860400002)(376002)(2980300002)(1109001)(1110001)(339900001)(199003)(189002)(69596002)(15650500001)(5003940100001)(106466001)(8936002)(68736007)(86362001)(5660300001)(105606002)(2906002)(16586007)(305945005)(10710500007)(6666003)(48376002)(54906003)(4326008)(356003)(104016004)(7416002)(50466002)(77096006)(8676002)(53376002)(50226002)(8656003)(81166006)(1076002)(2420400007)(2950100002)(85426001)(53936002)(966005)(6306002)(189998001)(498600001)(97736004)(316002)(76176999)(47776003)(81156014)(36756003)(50986999)(6916009)(7110500001)(33646002)(2351001)(50929005); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR03MB2691; H:az84smr01.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD025; 1:zfOWHe7GMyl+ROC2kXO8IW8c0N0BmVpRyFo9mQUYrgm3jhNwoqCHMjVo/AL/xqetAEv4QQdSYHyikXZBxZBr87lQAD9wyRUjEXFT76lml008u8+d75hJtdE9Yg72b39f MIME-Version: 1.0 Content-Type: text/plain X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a0cd4d0e-5a54-41c2-64d1-08d50ce618d5 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017052603199)(201703131430075)(201703131517081); SRVR:BN6PR03MB2691; X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2691; 3:3Wmm++rJ03kgGY8urWQKkvOAcXzEdClMekjTEVCxhBafY+KZ91VoKp9lrDspStv5Gbg6G/L0GWX22j2CwEtHQK5McexKWv7Ze7rjIWBS69IwuAzh4rSGW3tk/iBmTqp9CT8OoP8D7r0myV+1kvPjeWTgyLN3SdGOHJfccEs3zekcP1gZQiy7kChNgl4LpYUQaroV8Cyj1d5WgntmtLhh3OkvTeiJdnUgCxD2Hyi6EG/NJGomWNv+MZAvZiDKLPB51q4SAXwaydbSuJcvkNm3qlJf6ICxajJioM2D2ZRDdMof+A6lJXSqOKqcjEQzWHyqhOb8eFdMwpmUv7LghO7ysaWwmxYGuoIAsYwHX+wOXxE=; 25:dtc+WLGE1eCQr07khIGJr/glMJNlDrkrLFG/rKDC7UkDorN3+n+XoyJoGYxe7UFLu0awcDwL6uHGL1+BTjwk4ftQAUX3Qp1AD7XRuvdkM+VDcm+ey8GuBfwTB3b1OxWAKKsOQoovH8oSJEYEp+NZRgm58lKR2WNgRpaxknmuQy7zpyuukB/R/Ukux7FeulIDfQY0Af6hEhjxwyCow4EfzBiskjtI1OGqNhNM1ZgT8C7NJP77QmKR9XBpZTYzfaoz5/t1Wp4aWJA40ECE9n5qeA3KSu3pBFUMAqbhCM8UvmUXDJ7/tPjOwKHAEL1BXOsg9qmfV4fgdPweTDABok+IfA== X-MS-TrafficTypeDiagnostic: BN6PR03MB2691: X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2691; 31:LCvlkAlEXq/5Vlxg6vqHIva1VznKqfVhp/jaQ7reDpvz6QdhOnrE41RQemknbOdgvvvE0StKVgmukaO0ckV8DI8Q1bIJhAsXmJ7m+g+iBoBtgPGpYAOVeKtuegHc+XtZ4briO8bjLwm3tko+jI+ZFP4TVsvk/30Trq+6H+kZtft4WKGLp9xv4Ak68MFCXMnuaQA+h2ZyjdXr5vVm3y9lCJASYSBWmm+FTt9AnrKNjTY=; 4:XLOQLH0iYk6z0J43zHBNl/efB7KLq8jGsq30QN9AW37O5YiKZosG2cdAEsDt7sWornk42RFuwEV3VRVk/TMwyTr6wW2OUrtaY+1LW4XdK0mLFdYzZ0m+52ezf/e/5J3kS/cW7XVA/2M3umBT2S2js/5Xm1OHFekP87YO1x23b1z6Z+fBdB5h121QRFl7mA2Si7xdJHzzMpitgzprSwczS5WKuKvVci9eeO5qOeS8dCjRlFZ9EoC4f/GM1wO9n6m1F681u+kRimqsmo5HxORop9HBe8kO04q2sSCwXhL1/tljC9L5eOIyVvTIg0JUSIAW2swJ11Obf0yd5cTWvDrGGg== X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(66839620246622); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(6055026)(2002001)(6096035)(20161123559100)(20161123563025)(201703131430075)(201703131441075)(201703131448075)(201703131433075)(201703161259150)(20161123565025)(20161123556025)(20161123561025)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN6PR03MB2691; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN6PR03MB2691; X-Forefront-PRVS: 0452022BE1 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR03MB2691; 23:7rktPM75RcXTjX75IHPnDymayF7kXsnsaEC0rNKIu?= =?us-ascii?Q?FodmQyvrsQSty2Nu90Qnna3ptHz1Xs8Bw3u/6+8+v3rlFsQL6zeftcyPitqY?= =?us-ascii?Q?eyu2okcMJc0ILiETFLOO+QVZJEoHb8YQlv19nSJxcNvZFvwX7gleRcXZu4Bv?= =?us-ascii?Q?wb6SiFsSrJWPJTei+MlgpT0o9ed1L8tCsyaFUb1+jB2FeKk7q2cHCBlOf5cM?= =?us-ascii?Q?oe3ZQDO2GTEgbUyCN7R2L6riOwVhk+bwGi4ol1QBHDNsSmOu0xI6lN+mv1ID?= =?us-ascii?Q?EgHKOZoRA4TP0eJlTgsdiB+lsCUj3Div0qBFvkncnpcoiOeJYxcb0JRlNOgs?= =?us-ascii?Q?kmE6ChnN5GBvH7alFjbdRpuhjemQByUDIlJGbl6FNai1oL5oh+8dA0y5dtIM?= =?us-ascii?Q?knHJ4VRiBkVIP4Zrqsz3cFDj3Rm3WutkFGrcWefmU5ZwoUFx7Vy+Qwit9PQ/?= =?us-ascii?Q?0i24ZJnavAUDUqUAdoh/yM4cYEu7WpmOGP6agtUBoOCr5lCkDdjlfTIDeIbL?= =?us-ascii?Q?aZSrou5mmpfxJkqXh/gL87ROqgMIuRVSe059TLhHMtMxBh6hEv0fqjKbNL6T?= =?us-ascii?Q?BvrE0/H9BKnmB4yNidGhJ4ejy4PwC2fG/sbk+KXhKLbi6HA8ike80XTVfHbE?= =?us-ascii?Q?mjMbiZwp/PJARi9pyUbDBG+NbffAhwWA0nnsH5pr54Kix2VP2ZMSxYMQjXoX?= =?us-ascii?Q?84u1jn5T5x4UMg/7X6wsXemIybzyHvKNcANyk0C39NYKzzNoD0+J5b29JPvX?= =?us-ascii?Q?1OkskYHtvQHPGdJaXz8wR51XyiVJvBy0DbaU4XZASr/njoPxsNpUuhLFoQJ5?= =?us-ascii?Q?1ibzN2Kr/eo6FeEX9ZAaqZ3aa//NxL7xqc39QaK3dXwWbjNO3cMzhamVnGEs?= =?us-ascii?Q?o0BmEzVzuXrO5pFnfEtoxtbrrZFD+tLBSvHGYly3LSQTfq9YcdWcLCaVlD6a?= =?us-ascii?Q?uOUfhjjT8BuSLTxGoy+tXSXXvqumOB8+AW3VVdIAbn9u+VZzFtbEYx+dLDAr?= =?us-ascii?Q?SaFhSaHs8qvFCaAGcx6oUEYZx/cgyRWbT7GTZ5GMcOWI3YAqBPXLM+tZMS6a?= =?us-ascii?Q?0yrGPqW7wGYSCdRuWorhMd9O9lWiEDx40TznrBb/nSiFUrJHLpWzdRhBk/JY?= =?us-ascii?Q?Btdke9e3IraNZVzupC+/PG0mdjCzW6W8gRuka/Zc4uZO5RBJyACDjUlEkjZQ?= =?us-ascii?Q?OgG+ND4vx2XMXbE2bKGd0LScZNlENUBcA+NAsqmaT/e92vl7JQpzGt8hxZdP?= =?us-ascii?Q?AjA4mv9H5FSL71bB5tiBILuvOoGCGTJnJhB+9dHonbzLM1EWwlSMKCYFjguF?= =?us-ascii?Q?rV2e/WXKodaQDbhUtfwp3sw0jjLQPzFqQZhZLnLN5KXS2RM2g/L3RqNPP/21?= =?us-ascii?Q?Yi1yU8jGX3R0p20mULvzOc3UavBZsuU0LUf/JBwPbt5bVcYCReHDhAcBDvFI?= =?us-ascii?Q?WUXubdLfg=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR03MB2691; 6:M8tSH6AQskrAvOuimmUeNO+uTKR8dxMxFjAtUWNa86U9MGOEEWFuyDbwxhT2qZPB3lPBExS7+3QPD2VyIiO+DunZkd4vqtETNxkH6P/KNn14zZL2ZACuPZKlOlG1ZyM0JTtLAESTQpb80MvjM1RQth3Idg+oD7rTwemaOCxF1bW9Kc7rPxJPyKFr33vcl5ra6sgqm5Qqm2T4S1P6aLXP3G1SKl6XsDd+N8i/UyxAoqUEf/8B4pxmKAohPg4ilvcsKp/kmhsF+y9DPxfw3RNALSb2EAMjYM/ThbF6z3qgjm1pWr19ax8QpT84CpGqS0Ltv/oBDd2OVUUx/qRsJLfZcg==; 5:28hFgnAJEAmPi/dW3e6xGrahgqjYPl3vaDHA8HKssYgw6fWv7vBAH1jT8m/85QbYpkMe7Q+MzlOkv4fc62cWHhzXQZJm3UTygXrEU9bHMuWfDDJ5h04qgudIYbMbLgrcXwCaoWV3vN17bGXSpkDPfw==; 24:daspHtHO5l7sHUIxXk4mwsReLNFhRMQsIXyQvbJnWyJDwY1piShKNJh9Hz2RtDpCBvM1mEwiXKszQ6j+2VnyXMsV7OLb9b81PUeJXVLDXZA=; 7:crkYh01pmgU6iVPfP9zOW9ygjCs3dbXmLx0MtLEclnTFNoR6v0I46SpIItojFDdzS6H4StPkA/S3N5LRMFxbI64QNi3+M1S+cEYk8EtOu26+/DA6rrVdMSe9jCcYiat4LwbNxvajTGimtpdoJzDJUCuJllYMpZruADp6WR3YcTy4WtUxKUlpqMpHUc+LW2c12FhJum9PecsPdlE0gPJ4nF2G2Tc9EnHz3Sru4GL8jvY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2017 18:14:34.0350 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.158.2]; Helo=[az84smr01.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2691 Subject: [dpdk-dev] [PATCH v3 00/12] introduce security offload library X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2017 18:14:37 -0000 This patchset introduce the rte_security library in DPDK. This also includes the sample implementation of drivers and changes in ipsec gateway application to demonstrate its usage. rte_security library is implemented on the idea proposed earlier [1],[2],[3] to support IPsec Inline and look aside crypto offload. Though the current focus is only on IPsec protocol, but the library is not limited to IPsec, it can be extended to other security protocols e.g. MACSEC, PDCP or DTLS. In this library, crypto/ethernet devices can register itself to the security library to support security offload. The library support 3 modes of operation 1. full protocol offload using crypto devices. (RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) 2. inline ipsec using ethernet devices to perform crypto operations (RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) 3. full protocol offload using ethernet devices. (RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) The details for each mode is documented in the patchset in doc/guides/prog_guide/rte_security.rst The modification in the application ipsec-secgw is also doocumented in doc/guides/sample_app_ug/ipsec_secgw.rst This patchset is also available at: git://dpdk.org/draft/dpdk-draft-ipsec branch: integration changes in v3: 1. fixed compilation for FreeBSD 2. Incorporated comments from Pablo, John, Shahaf, Ananyev 3. Updated drivers for dpaa2_sec and ixgbe for some minor fixes 4. patch titles updated 5. fixed return type of rte_cryptodev_get_sec_id changes in v2: 1. update documentation for rte_flow. 2. fixed API to unregister device to security library. 3. incorporated most of the comments from Jerin. 4. updated rte_security documentation as per the review comments from John. 5. Certain application updates for some cases. 6. updated changes in mbuf as per the comments from Olivier. Future enhancements: 1. for full protocol offload - error handling and notification cases 2. add more security protocols 3. test application support 4. handling of multi process case. 5. anti-replay support 6. SA time out support Reference: [1] http://dpdk.org/ml/archives/dev/2017-July/070793.html [2] http://dpdk.org/ml/archives/dev/2017-July/071893.html [3] http://dpdk.org/ml/archives/dev/2017-August/072900.html Akhil Goyal (6): lib/rte_security: add security library doc: add details of rte security cryptodev: support security APIs mk: add rte security into build system crypto/dpaa2_sec: add support for protocol offload ipsec examples/ipsec-secgw: add support for security offload Boris Pismenny (4): net: add ESP header to generic flow steering mbuf: add security crypto flags and mbuf fields ethdev: add rte flow action for crypto doc: add details of rte_flow security actions Declan Doherty (1): ethdev: support security APIs Radu Nicolau (1): net/ixgbe: enable inline ipsec MAINTAINERS | 6 + config/common_base | 7 + doc/api/doxy-api-index.md | 4 +- doc/api/doxy-api.conf | 1 + doc/guides/cryptodevs/features/default.ini | 1 + doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 + doc/guides/prog_guide/index.rst | 1 + doc/guides/prog_guide/rte_flow.rst | 84 ++- doc/guides/prog_guide/rte_security.rst | 553 ++++++++++++++++++ doc/guides/sample_app_ug/ipsec_secgw.rst | 52 +- drivers/crypto/Makefile | 2 +- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 411 +++++++++++++- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 62 +++ drivers/net/Makefile | 2 +- drivers/net/ixgbe/Makefile | 4 +- drivers/net/ixgbe/ixgbe_ethdev.c | 17 + drivers/net/ixgbe/ixgbe_ethdev.h | 10 +- drivers/net/ixgbe/ixgbe_flow.c | 46 ++ drivers/net/ixgbe/ixgbe_ipsec.c | 742 +++++++++++++++++++++++++ drivers/net/ixgbe/ixgbe_ipsec.h | 147 +++++ drivers/net/ixgbe/ixgbe_rxtx.c | 68 ++- drivers/net/ixgbe/ixgbe_rxtx.h | 4 + drivers/net/ixgbe/ixgbe_rxtx_vec_sse.c | 44 ++ examples/ipsec-secgw/esp.c | 102 ++-- examples/ipsec-secgw/esp.h | 10 - examples/ipsec-secgw/ipsec-secgw.c | 5 + examples/ipsec-secgw/ipsec.c | 295 ++++++++-- examples/ipsec-secgw/ipsec.h | 32 +- examples/ipsec-secgw/sa.c | 151 +++-- lib/Makefile | 5 + lib/librte_cryptodev/rte_crypto.h | 3 +- lib/librte_cryptodev/rte_crypto_sym.h | 2 + lib/librte_cryptodev/rte_cryptodev.c | 10 + lib/librte_cryptodev/rte_cryptodev.h | 8 + lib/librte_cryptodev/rte_cryptodev_version.map | 7 + lib/librte_ether/rte_ethdev.c | 11 + lib/librte_ether/rte_ethdev.h | 19 +- lib/librte_ether/rte_ethdev_version.map | 7 + lib/librte_ether/rte_flow.h | 64 +++ lib/librte_mbuf/rte_mbuf.c | 6 + lib/librte_mbuf/rte_mbuf.h | 35 +- lib/librte_mbuf/rte_mbuf_ptype.c | 1 + lib/librte_mbuf/rte_mbuf_ptype.h | 11 + lib/librte_net/Makefile | 2 +- lib/librte_net/rte_esp.h | 60 ++ lib/librte_security/Makefile | 53 ++ lib/librte_security/rte_security.c | 275 +++++++++ lib/librte_security/rte_security.h | 505 +++++++++++++++++ lib/librte_security/rte_security_driver.h | 182 ++++++ lib/librte_security/rte_security_version.map | 13 + mk/rte.app.mk | 1 + 51 files changed, 3987 insertions(+), 157 deletions(-) create mode 100644 doc/guides/prog_guide/rte_security.rst create mode 100644 drivers/net/ixgbe/ixgbe_ipsec.c create mode 100644 drivers/net/ixgbe/ixgbe_ipsec.h create mode 100644 lib/librte_net/rte_esp.h create mode 100644 lib/librte_security/Makefile create mode 100644 lib/librte_security/rte_security.c create mode 100644 lib/librte_security/rte_security.h create mode 100644 lib/librte_security/rte_security_driver.h create mode 100644 lib/librte_security/rte_security_version.map -- 2.9.3