From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
Cc: <hemant.agrawal@nxp.com>, <thomas@monjalon.net>,
<g.singh@nxp.com>, <ferruh.yigit@intel.com>,
<roy.fan.zhang@intel.com>, <konstantin.ananyev@intel.com>,
<olivier.matz@6wind.com>, <jerinj@marvell.com>,
Nithin Dabilpuram <ndabilpuram@marvell.com>,
"Akhil Goyal" <gakhil@marvell.com>
Subject: [dpdk-dev] [PATCH 1/2] security: enforce semantics for Tx inline processing
Date: Thu, 24 Jun 2021 15:58:47 +0530 [thread overview]
Message-ID: <20210624102848.3878788-1-gakhil@marvell.com> (raw)
From: Nithin Dabilpuram <ndabilpuram@marvell.com>
For Tx inline processing, when RTE_SECURITY_TX_OLOAD_NEED_MDATA is
set, rte_security_set_pkt_metadata() needs to be called for pkts
to associate a Security session with a mbuf before submitting
to Ethdev Tx. This is apart from setting PKT_TX_SEC_OFFLOAD in
mbuf.ol_flags. rte_security_set_pkt_metadata() is also used to
set some opaque metadata in mbuf for PMD's use.
This patch updates documentation that rte_security_set_pkt_metadata()
should be called only with mbuf containing Layer 3 and above data.
This behaviour is consistent with existing PMD's such as ixgbe.
On Tx, not all net PMD's/HW can parse packet and identify
L2 header and L3 header locations on Tx. This is inline with other
Tx offloads requirements such as L3 checksum, L4 checksum offload,
etc, where mbuf.l2_len, mbuf.l3_len etc, needs to be set for
HW to be able to generate checksum. Since Inline IPSec is also
such a Tx offload, some PMD's at least need mbuf.l2_len to be
valid to find L3 header and perform Outbound IPSec processing.
Hence, this patch updates documentation to enforce setting
mbuf.l2_len while setting PKT_TX_SEC_OFFLOAD in mbuf.ol_flags
for Inline IPSec Crypto / Protocol offload processing to
work on Tx.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Reviewed-by: Akhil Goyal <gakhil@marvell.com>
---
doc/guides/nics/features.rst | 2 ++
doc/guides/prog_guide/rte_security.rst | 6 +++++-
lib/mbuf/rte_mbuf_core.h | 2 ++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst
index 403c2b03a..414baf14f 100644
--- a/doc/guides/nics/features.rst
+++ b/doc/guides/nics/features.rst
@@ -430,6 +430,7 @@ of protocol operations. See Security library and PMD documentation for more deta
* **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFLOAD_SECURITY``,
* **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_SECURITY``.
+* **[uses] mbuf**: ``mbuf.l2_len``.
* **[implements] rte_security_ops**: ``session_create``, ``session_update``,
``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``capabilities_get``.
* **[provides] rte_eth_dev_info**: ``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
@@ -451,6 +452,7 @@ protocol operations. See security library and PMD documentation for more details
* **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFLOAD_SECURITY``,
* **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_SECURITY``.
+* **[uses] mbuf**: ``mbuf.l2_len``.
* **[implements] rte_security_ops**: ``session_create``, ``session_update``,
``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``get_userdata``,
``capabilities_get``.
diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f72bc8a78..7b68c698d 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -560,7 +560,11 @@ created by the application is attached to the security session by the API
For Inline Crypto and Inline protocol offload, device specific defined metadata is
updated in the mbuf using ``rte_security_set_pkt_metadata()`` if
-``DEV_TX_OFFLOAD_SEC_NEED_MDATA`` is set.
+``RTE_SECURITY_TX_OLOAD_NEED_MDATA`` is set. ``rte_security_set_pkt_metadata()``
+should be called on mbuf only with Layer 3 and above data present and
+``mbuf.data_off`` should be pointing to Layer 3 Header. Once called,
+Layer 3 and above data cannot be modified or moved around unless
+``rte_security_set_pkt_metadata()`` is called again.
For inline protocol offloaded ingress traffic, the application can register a
pointer, ``userdata`` , in the security session. When the packet is received,
diff --git a/lib/mbuf/rte_mbuf_core.h b/lib/mbuf/rte_mbuf_core.h
index bb38d7f58..9d8e3ddc8 100644
--- a/lib/mbuf/rte_mbuf_core.h
+++ b/lib/mbuf/rte_mbuf_core.h
@@ -228,6 +228,8 @@ extern "C" {
/**
* Request security offload processing on the TX packet.
+ * To use Tx security offload, the user needs to fill l2_len in mbuf
+ * indicating L2 header size and where L3 header starts.
*/
#define PKT_TX_SEC_OFFLOAD (1ULL << 43)
--
2.25.1
next reply other threads:[~2021-06-24 10:29 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-24 10:28 Akhil Goyal [this message]
2021-06-24 10:28 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: modify event mode inline path Akhil Goyal
2021-07-06 9:13 ` [dpdk-dev] [PATCH 1/2] security: enforce semantics for Tx inline processing Akhil Goyal
2021-07-06 10:56 ` Ananyev, Konstantin
2021-07-06 12:27 ` Nithin Dabilpuram
2021-07-06 12:42 ` Ananyev, Konstantin
2021-07-06 12:58 ` Nithin Dabilpuram
2021-07-06 14:07 ` Ananyev, Konstantin
2021-07-07 9:07 ` Nithin Dabilpuram
2021-07-07 9:59 ` Ananyev, Konstantin
2021-07-07 11:22 ` Nithin Dabilpuram
2021-07-10 12:57 ` Ananyev, Konstantin
2021-07-12 17:01 ` Nithin Dabilpuram
2021-07-13 12:33 ` Ananyev, Konstantin
2021-07-13 14:08 ` Ananyev, Konstantin
2021-07-13 15:58 ` Nithin Dabilpuram
2021-07-14 11:09 ` Ananyev, Konstantin
2021-07-14 13:29 ` Nithin Dabilpuram
2021-07-14 17:28 ` Ananyev, Konstantin
2021-07-15 6:09 ` [dpdk-dev] [PATCH v2 0/3] security: Improve inline fast path routines Nithin Dabilpuram
2021-07-15 6:09 ` [dpdk-dev] [PATCH v2 1/3] security: enforce semantics for Tx inline processing Nithin Dabilpuram
2021-07-15 6:09 ` [dpdk-dev] [PATCH v2 2/3] security: add option for faster udata or mdata access Nithin Dabilpuram
2021-07-15 6:09 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update L2 length for Tx Nithin Dabilpuram
2021-08-10 6:07 ` [dpdk-dev] [PATCH v3 0/3] security: Improve inline fast path routines Nithin Dabilpuram
2021-08-10 6:07 ` [dpdk-dev] [PATCH v3 1/3] security: enforce semantics for Tx inline processing Nithin Dabilpuram
2021-08-10 6:07 ` [dpdk-dev] [PATCH v3 2/3] security: add option for faster udata or mdata access Nithin Dabilpuram
2021-08-10 6:07 ` [dpdk-dev] [PATCH v3 3/3] examples/ipsec-secgw: update event mode inline path Nithin Dabilpuram
2021-08-12 12:32 ` [dpdk-dev] [PATCH v4 0/4] security: Improve inline fast path routines Nithin Dabilpuram
2021-08-12 12:32 ` [dpdk-dev] [PATCH v4 1/4] security: enforce semantics for Tx inline processing Nithin Dabilpuram
2021-09-06 18:58 ` Akhil Goyal
2021-08-12 12:32 ` [dpdk-dev] [PATCH v4 2/4] security: add option for faster udata or mdata access Nithin Dabilpuram
2021-09-06 18:58 ` Akhil Goyal
2021-09-06 18:59 ` Akhil Goyal
2021-08-12 12:32 ` [dpdk-dev] [PATCH v4 3/4] examples/ipsec-secgw: update event mode inline path Nithin Dabilpuram
2021-09-06 18:59 ` Akhil Goyal
2021-08-12 12:32 ` [dpdk-dev] [PATCH v4 4/4] doc: remove deprecation notice for security fast path change Nithin Dabilpuram
2021-09-06 18:57 ` Akhil Goyal
2021-09-14 15:14 ` [dpdk-dev] [PATCH v5 0/3] security: Improve inline fast path routines Nithin Dabilpuram
2021-09-14 15:14 ` [dpdk-dev] [PATCH v5 1/3] security: enforce semantics for Tx inline processing Nithin Dabilpuram
2021-09-15 14:25 ` Ananyev, Konstantin
2021-09-14 15:14 ` [dpdk-dev] [PATCH v5 2/3] security: add option for faster udata or mdata access Nithin Dabilpuram
2021-09-15 14:33 ` Ananyev, Konstantin
2021-09-14 15:14 ` [dpdk-dev] [PATCH v5 3/3] examples/ipsec-secgw: update event mode inline path Nithin Dabilpuram
2021-09-15 14:34 ` Ananyev, Konstantin
2021-09-15 16:29 ` [dpdk-dev] [PATCH v6 0/3] security: Improve inline fast path routines Nithin Dabilpuram
2021-09-15 16:29 ` [dpdk-dev] [PATCH v6 1/3] security: enforce semantics for Tx inline processing Nithin Dabilpuram
2021-09-21 13:50 ` Akhil Goyal
2021-09-15 16:30 ` [dpdk-dev] [PATCH v6 2/3] security: add option for faster udata or mdata access Nithin Dabilpuram
2021-09-27 17:10 ` Thomas Monjalon
2021-09-28 8:24 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-15 16:30 ` [dpdk-dev] [PATCH v6 3/3] examples/ipsec-secgw: update event mode inline path Nithin Dabilpuram
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210624102848.3878788-1-gakhil@marvell.com \
--to=gakhil@marvell.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=g.singh@nxp.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=ndabilpuram@marvell.com \
--cc=olivier.matz@6wind.com \
--cc=roy.fan.zhang@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).