From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C7232A0547; Thu, 24 Jun 2021 12:29:15 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AF06E4069C; Thu, 24 Jun 2021 12:29:15 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 6C6164069C for ; Thu, 24 Jun 2021 12:29:13 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15OAABPP005356; Thu, 24 Jun 2021 03:29:11 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=ys6EQUhApBTtR6Kyz5xJwkvEfpRRMy/Hcm0igxC3aHs=; b=Yyey0z6crcqR/73B1AzIAFZagLbE1/JD3GiicFZTp3UYlEEBkBHt5y3n95AtkZcLKzd5 HcVJ1iFTwa/9eEMhJmUPQItU4VgOMNzc+EyhFkRvV4WrjYjfMDlWOR9+ESpF6B+ACA/g WyGvtvDpEoMsvxorcp20iuZg+DjZ0UGvRJiiA+QhE7taciNeFiF4woROXCj045u8Kaff Z3dK10d4JmMYO/73sd86txa44CP9cqd38lslIXdiWqWiz0xrPHrYDwGLWCooHshuz9i1 3uamZTovg+0ac/otL2qmm9aNwquz6JBZ2cQCN2/H9OUl1ubs7nbdF5ABAN6in8HcehaI 2Q== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 39cgc89sfs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 24 Jun 2021 03:29:11 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 24 Jun 2021 03:29:10 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 24 Jun 2021 03:29:10 -0700 Received: from localhost.localdomain (unknown [10.28.36.185]) by maili.marvell.com (Postfix) with ESMTP id 4FEAC5B6953; Thu, 24 Jun 2021 03:29:07 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , Nithin Dabilpuram , "Akhil Goyal" Date: Thu, 24 Jun 2021 15:58:47 +0530 Message-ID: <20210624102848.3878788-1-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: -qz50a8GRKIiBuG2ezKytFlMsKjHekyH X-Proofpoint-GUID: -qz50a8GRKIiBuG2ezKytFlMsKjHekyH X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-24_06:2021-06-24, 2021-06-24 signatures=0 Subject: [dpdk-dev] [PATCH 1/2] security: enforce semantics for Tx inline processing X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Nithin Dabilpuram For Tx inline processing, when RTE_SECURITY_TX_OLOAD_NEED_MDATA is set, rte_security_set_pkt_metadata() needs to be called for pkts to associate a Security session with a mbuf before submitting to Ethdev Tx. This is apart from setting PKT_TX_SEC_OFFLOAD in mbuf.ol_flags. rte_security_set_pkt_metadata() is also used to set some opaque metadata in mbuf for PMD's use. This patch updates documentation that rte_security_set_pkt_metadata() should be called only with mbuf containing Layer 3 and above data. This behaviour is consistent with existing PMD's such as ixgbe. On Tx, not all net PMD's/HW can parse packet and identify L2 header and L3 header locations on Tx. This is inline with other Tx offloads requirements such as L3 checksum, L4 checksum offload, etc, where mbuf.l2_len, mbuf.l3_len etc, needs to be set for HW to be able to generate checksum. Since Inline IPSec is also such a Tx offload, some PMD's at least need mbuf.l2_len to be valid to find L3 header and perform Outbound IPSec processing. Hence, this patch updates documentation to enforce setting mbuf.l2_len while setting PKT_TX_SEC_OFFLOAD in mbuf.ol_flags for Inline IPSec Crypto / Protocol offload processing to work on Tx. Signed-off-by: Nithin Dabilpuram Reviewed-by: Akhil Goyal --- doc/guides/nics/features.rst | 2 ++ doc/guides/prog_guide/rte_security.rst | 6 +++++- lib/mbuf/rte_mbuf_core.h | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst index 403c2b03a..414baf14f 100644 --- a/doc/guides/nics/features.rst +++ b/doc/guides/nics/features.rst @@ -430,6 +430,7 @@ of protocol operations. See Security library and PMD documentation for more deta * **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFLOAD_SECURITY``, * **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_SECURITY``. +* **[uses] mbuf**: ``mbuf.l2_len``. * **[implements] rte_security_ops**: ``session_create``, ``session_update``, ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``capabilities_get``. * **[provides] rte_eth_dev_info**: ``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``, @@ -451,6 +452,7 @@ protocol operations. See security library and PMD documentation for more details * **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFLOAD_SECURITY``, * **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_SECURITY``. +* **[uses] mbuf**: ``mbuf.l2_len``. * **[implements] rte_security_ops**: ``session_create``, ``session_update``, ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``get_userdata``, ``capabilities_get``. diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst index f72bc8a78..7b68c698d 100644 --- a/doc/guides/prog_guide/rte_security.rst +++ b/doc/guides/prog_guide/rte_security.rst @@ -560,7 +560,11 @@ created by the application is attached to the security session by the API For Inline Crypto and Inline protocol offload, device specific defined metadata is updated in the mbuf using ``rte_security_set_pkt_metadata()`` if -``DEV_TX_OFFLOAD_SEC_NEED_MDATA`` is set. +``RTE_SECURITY_TX_OLOAD_NEED_MDATA`` is set. ``rte_security_set_pkt_metadata()`` +should be called on mbuf only with Layer 3 and above data present and +``mbuf.data_off`` should be pointing to Layer 3 Header. Once called, +Layer 3 and above data cannot be modified or moved around unless +``rte_security_set_pkt_metadata()`` is called again. For inline protocol offloaded ingress traffic, the application can register a pointer, ``userdata`` , in the security session. When the packet is received, diff --git a/lib/mbuf/rte_mbuf_core.h b/lib/mbuf/rte_mbuf_core.h index bb38d7f58..9d8e3ddc8 100644 --- a/lib/mbuf/rte_mbuf_core.h +++ b/lib/mbuf/rte_mbuf_core.h @@ -228,6 +228,8 @@ extern "C" { /** * Request security offload processing on the TX packet. + * To use Tx security offload, the user needs to fill l2_len in mbuf + * indicating L2 header size and where L3 header starts. */ #define PKT_TX_SEC_OFFLOAD (1ULL << 43) -- 2.25.1