From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0060.outbound.protection.outlook.com [104.47.0.60]) by dpdk.org (Postfix) with ESMTP id 7534B548B for ; Tue, 13 Mar 2018 13:24:48 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5h1cpX1XnUJTeAvZRGrfYwq62gip58EH3zpM/QpYx34=; b=HoLxyY/HZ7pLaP9FBLU4yMlKVKIc6OJLvoGEoVIF6Z2Hz/XrTOTyZ15aVBfznSj0kJbz1p8Mvc58TQV19U8A24jq/ttdZRpJTiM+NEaznvRmnrckHgjvTcRm3jJrJ3JLEUkTRGYZ8ZJUeVNPinvtQ9AhnqHOZ/37nt9ozKE2Qu8= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; Received: from [IPv6:2402:3a80:936:1f2e:3902:95b6:f515:489b] (2402:3a80:936:1f2e:3902:95b6:f515:489b) by DB5PR04MB1381.eurprd04.prod.outlook.com (2a01:111:e400:58da::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Tue, 13 Mar 2018 12:24:44 +0000 To: Anoob Joseph , Declan Doherty , Radu Nicolau Cc: Jerin Jacob , Narayana Prasad , Nelio Laranjeiro , dev@dpdk.org References: <1519191430-19201-1-git-send-email-anoob.joseph@caviumnetworks.com> <1519896103-32479-1-git-send-email-anoob.joseph@caviumnetworks.com> <1519896103-32479-5-git-send-email-anoob.joseph@caviumnetworks.com> From: Akhil Goyal Message-ID: <3b57c323-69c0-a20e-b846-d686576ac1da@nxp.com> Date: Tue, 13 Mar 2018 17:54:14 +0530 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1519896103-32479-5-git-send-email-anoob.joseph@caviumnetworks.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [2402:3a80:936:1f2e:3902:95b6:f515:489b] X-ClientProxiedBy: MA1PR01CA0086.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00::26) To DB5PR04MB1381.eurprd04.prod.outlook.com (2a01:111:e400:58da::15) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: d5db17ae-362c-4b32-b863-08d588dd68bb X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DB5PR04MB1381; X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1381; 3:0mQ4uaS3XrPi2O8wqufntrsCPbYicXFGOyDKv+fCMoe8Fu20Y76vXI7m/fLbExCPcZ+SvonB50CRGsxARiT8vFe/WOeHQ7z687hEFMVcTFPJWui6tyzl8demFeVQpwA4vT35I80HREXOBOnVhOyrIDieYid9n5D6k6tjzDvbi3w+Ox4PZ2XTlnbPAb9pTboBqnFdS6XIah/xiecUKAVcK+Ogv3RLSXexfGfGyFByoQp8TYsqn3RMx7DJj3x/J+nW; 25:dtPsTsjRm0WQttP6X+Wkm0odMdwCiwkHqEcB49Mpwd5toSXNL1HEWj3TUZpui598ZkODqWaZtlbZLAmlXrAa4b8FubQfoa2e9zfb+HzgjAFzlKnxyiajHByL0g603SAI5A4EiaEVA9BN6gP8MDAfCYAsFCLeWO8jONP2XqL3RV/G+/T3RkKx/oSun1o+EcDdUxIXoE4ZyolENMw7dEo2XykuI7O1mIfAk8Ju/cu6/8XJxG0SllDSVPHDxz75B6rwHRH+/rKpRxH6R1tGWqMhhqrdUpui3XyZ8YibAWY5K4B39omT8zVADyYNePN1IF+LRRAIfgOuxB0LtQN0TpDA1ObBns4peWmu85U/7Oi3ziA=; 31:xmRvHoiueBfjSRT0LNAApIWfC3UjATeDICSHeII6E2ho2J4hep9tLTnd4nB8cO1Sbozxd2tmeLjf8wA86cpDLrQWhh4ZORqUeT1Pca+DS2xo2RlKP66AZlU14DFo6mHqRQvMow5IM7nwztsLMWFVxYEafxPpHQryGig0EAVFUxN6XypyIau7YPP0gkDUgb0G3jcQrZ5eIUfyC1XDuSM+PgyQPsUN1+RsX2jb0UGsj8E= X-MS-TrafficTypeDiagnostic: DB5PR04MB1381: X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1381; 20:L942lNtLMp7NZS6qETW5vjIs19pSf2/qdbCkVGMhGLBgdmSh92Az9LCzSRlFqHWv3IB14olB9b4t2f7f2kin8U1A3d0eqlh2VEwftbZiINcn9/XGKQrn5gpwD9hbFcJVxvxCicrZlFiytgStYtHTy2MBZ7pN3KAmEgsZ4SnzNku3k6ZhIDceEvj5SLHsHJld3mMEXqt2BwmZB2rQgMUZU8E/DbXqZJsTmDUJh9/WiXIbrR8gsu6Y9u1IjX5hQy2UnEYEJDPHegbzQ5hL7Kd3coGTOX1BpfM/WiEG0MkY+ECnwafILheGReLCJ/82Paf3zIfILY9I6ka7HcT2eVgaXG8Pmw4vdpxIBskbOP7+Upgt+j0G0Aoo+S+Lk5pCGZVXFavRFkCEBhEOFs6IOZPHxlfp/QB/PqvZEtoHg0iBAPGAXSjt4DTh2BcOx25+Cq5yshjz8+omLqQ6ft6t48HwJOkTXdz3A2MQbaJ3Xp2MYVr72PrSWafg1sH9Zn2ijpoh; 4:DZK7tN3ThMruewzI6QgQGqTdrTiTAhWYvq7P+Ddnn0YZsNiH+E9fI1O4oKVAQuGw/IcX6/Pxxlcoh0qkttd1Ve7SokZbxTdNAFS86LnIJwanhFU2FLAMSyXp0DroUgh7kkzS8JUcRXtokZOIKar6Y2fWex2Yyhi3F6t5xMdr6JlobFdcH1zD5NMfaOwtVvmjsuf5DAQuear7M+SKphqtmBom4OKMDfIQGEyiZd+Z1HXf2FU5UflNkdCwgQfibIYcIHKWgD7pCBp7sZZ1hIYvSYF2+DKkNQUl8vQXLdZkOnQHQp3yQ/nTJNa44ZGgqOBl X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231221)(944501244)(52105095)(3002001)(10201501046)(6055026)(6041310)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:DB5PR04MB1381; BCL:0; PCL:0; RULEID:; SRVR:DB5PR04MB1381; X-Forefront-PRVS: 0610D16BBE X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(39860400002)(396003)(39380400002)(199004)(189003)(2906002)(46003)(65806001)(47776003)(8676002)(86362001)(25786009)(478600001)(305945005)(7736002)(53936002)(53546011)(64126003)(65826007)(65956001)(81166006)(81156014)(8936002)(97736004)(54906003)(31686004)(68736007)(58126008)(110136005)(6486002)(105586002)(4326008)(316002)(76176011)(2486003)(52116002)(23676004)(52146003)(229853002)(52396003)(16526019)(36756003)(59450400001)(2950100002)(6116002)(386003)(230700001)(6246003)(186003)(31696002)(106356001)(67846002)(5660300001)(50466002)(6666003)(1706002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR04MB1381; H:[IPv6:2402:3a80:936:1f2e:3902:95b6:f515:489b]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjVQUjA0TUIxMzgxOzIzOjlCMUI2TVVvUlNyaWhHV29TcVZOYnowcW9I?= =?utf-8?B?T1pwZ2dWSnhuTG5ZMExXbXJldCt4M0lpbWNHbHNZbXhoQlZHZDU5NVFkdDBF?= =?utf-8?B?anZsSWlOcUlFdjQwc1dKZG5OdGRMSjI4TjBwY3RGYXJ3Sm85UisxSXR1bkx3?= =?utf-8?B?WUlKSXNLQlR6V2lEOFV1M2YwZE1PUnpaNVgyVGJkcGUvWTNoRGZQNEtjTkNH?= =?utf-8?B?Q2hqdE5TcFM5bzFEVkhERnk1K0NVM2NGVVR0VXR1dUg4M1ZzZ2g0Y1JtNkFq?= =?utf-8?B?QmtvZHZnT2ZSbVk5YS9NRVFaTkRDdS82VWFrem02aHZsWXNkQlV4S1dacUlR?= =?utf-8?B?OXF6a0pyYjVXMHdjYzd6ZWVnRHBZeHkvK2o5aVJGYTZaUkpyLzNaeFJjQ3BS?= =?utf-8?B?dC85Vlk4YmcvQVZIWDJFdGxFdE56OVFiNnRtckZhd2lQY2FLVUpsTDNnMEVS?= =?utf-8?B?cUFuRi9ReDA3Zll5ZERLdkgvZnNqa0ZFRk9icmJPYVFyM1JUVWIyajFjdTNp?= =?utf-8?B?bU9uUXBXV3hSclVpaTBxSGczdkNsbzFtekRHcHJKd0ZBOG1BZTRUa1Z2Yiti?= =?utf-8?B?b0hnV2xHV2drOW04Snh2Z3ErcDlPcTdtSzRLRStMOHNvQ3RHRkRJcGhMeDdB?= =?utf-8?B?eTFiT3ZPaEQyQS93Vmh5dnkyWUYvVElaWFRUNjlBV0xpQ01OWm1XS0habURE?= =?utf-8?B?L3JKcjZ1V1pZajI1cHFVcGlMWGNYYWZrdDB6M3grS25ML1BKUUhyUTRBeDhY?= =?utf-8?B?elBvWW5XOXo2amJNWnZiaTMwYnc3REFvY1o5RXF4WXV2Sy9JUkd2Q05CcEFY?= =?utf-8?B?WkVBd0hOTEhOVjdtNWlPWFV5UlJsSWpZOFpsd0RQcXNNQnliQXpCTG5FSkcy?= =?utf-8?B?SFhZM21MWWRhVXA3RkVqc29vS2gzVUo5OTZsMWZCOU1ndXNFeVFSODIra3dl?= =?utf-8?B?eEp6bzdFby9ZeEp5YzlPMi8ya0ZaRjkzRVhGU2l6eisrMU9BVlFYcG1lN21H?= =?utf-8?B?M2NWT0JEY2Z3Y0hZS3RxVE1nNENJTHZhUTlrc2M5dU5DVkdlOTJYTkp3ZEZu?= =?utf-8?B?K3QwNEwvdnBjM2hVUzhsZmNtMS9FLzhyRjBYMXdZSVlwRTN4RFlHbExXYThB?= =?utf-8?B?TWxUR1VISTdKcXhJUTh6K2RtcHNERjRTTmxieEhUSW1TYklCaWZWNnhRbnFO?= =?utf-8?B?TUhSU2s3eDgzWHZEYkk0QXFQdk5Kckp4b21jcWswU2IzSXVzMXdyNHNQQllH?= =?utf-8?B?QUpTL2lsek04U2lEN1lKMGlmdkU3anE3L1hyVllRVlhWdUw3MTdsU01wZ0JG?= =?utf-8?B?VllCNkFYcXJpU2Q5ckc4MGxLNkRBQWVha3BXdVlKR2hhTkxTRDNSZHhuRkR6?= =?utf-8?B?MnhMWHVSZVREaFlGeWNmR2M0YkdtTHIrVnNIVUsyamRuVjh0KzhCNlgybmw0?= =?utf-8?B?dEU3ckl5T0dqRVduTEZCL2lBdFRxR3BjbklRblFJQ0lIOGJ2RTBleWJjanZq?= =?utf-8?B?R1JKMXF4TzRpanZ0Z0VFM3BYeUl5YUdTalhtb3k1NUloUTU3L3ZGa0d6blhj?= =?utf-8?B?bE00OEY3NW5rVTArdEpxakN5T1FyOXBTR0FWbHJsNUhuamRHUURpR0ZOQUhY?= =?utf-8?B?V21tZ0wwOGZFaHFNTFI2ZjlwY0ltVGlnYUMrMVVzR0FiZHdhakt3VE8vaEFX?= =?utf-8?B?V2pza2lQelNmYUFxN0h3TmF6NzRBZkZFM0E2QmJEZnQ4d00zdFl4R042eE80?= =?utf-8?B?Z3hHakVwR3NhR282aTVEeHhYQ213V1RGZnRTdGxMSldrY2xpcWdBeTBLMzVs?= =?utf-8?B?dEV3TzdpMEhvNXpCMkJnRDdBNDVHaVl6azFxUUdORlZMcnc9PQ==?= X-Microsoft-Antispam-Message-Info: Bw0IP+OY4/pgfowx/SHKvydP8oFrQlhz4bZI9xcsPLa1JvtS4+uNYKok32uKcoGv3hfsMmY01lfqKzCtZVGpgeMd97ij9b3vm9620lXT0j4xWAySCbzIU2UTJkfgG7lKG1ZizfgfJ8aPvfGXVjOTye6ICN9R9k6QQi+mn52F1xzwIM7FRw+QV0zLU64TdFJe X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1381; 6:UXqyPmI+KQjbEWx3CiAeAfnZHVYL85NL1lKhj/ZY61hNRw8REgKY7lyvpHXLPQQOEICgMqGKZ6N/Th2dA1VSpCOntXss4U1Hozu3jv/rj31WKH2y4XWoNXThUVd8il8Qmin7YSAVZn+fnVR+DLE6IxPSEOPH+0veks2PL37h0UiBFJJWjJto6xyvcjYHs0o+m4FZaMYoSf5uONnWEtYypUGwgOKypzkLdwpS18vw1VE0c5X2QunqWvbzo9US3AFFAfWZ/H8cCJfYIlabgvaORj+pgaCG9+iJm43RPVHYaFAiVjBxydxfBlhn7tUAxFGaYlbhqMQS7yPjxJ5c9ZEMD8x7dYlqghJwEH9YkAlZ1Y0=; 5:DHfmbR+8yhKN807nvdWKCanh5FZn2XzYiINY5rNQz3CgOfAM0uaBD++on/4ilDlHEPDUSByNk9oFn2aVAq4TMIrr33YIsp33BKCnnfdwAeuLnmcoFKaKfLah+WcyGtCRPKmOuyccLhm3G793nqSG3YMtb8w07RMdn1bati7Kqsc=; 24:X2DfSvflGyBWI6dsBuxfnMU0NK7jYqjy4NQ0MRqS3Sme+wvZUFqturGkjadB+VFeqMRGh8qycSurBnHrDTwD82/pqmImJZjt9MZh9Qluslk=; 7:/9nNxVeH1rYHvEjVQVzh6vX2QPeriqc3VkFyTelL/Belw4eW43etlB6bnypJcbk/dipyFbt+dughr5K5Wob1tkT+QM9lGo7+4dgzwEJCBjcUnPclFGUq1JqQl7d1QANFqfXqjS2NfH2cz/MHW59OudlGWvrOWpD5+xfWwFluLwkDR+3itXDN/w5uvq5WEv7E/0qbqUw021FhwxmDHkL4NYFIf5JGSh/JZ7CHX+o61GKDlAP+WWGwwnRBfe8ES3Wg SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Mar 2018 12:24:44.4075 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d5db17ae-362c-4b32-b863-08d588dd68bb X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR04MB1381 Subject: Re: [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: handle ESN soft limit event X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2018 12:24:49 -0000 Hi Anoob, On 3/1/2018 2:51 PM, Anoob Joseph wrote: > For inline protocol processing, the PMD/device is required to maintain > the ESN. But the application is required to monitor ESN overflow to > initiate SA expiry. > > For such cases, application would set the ESN soft limit. An IPsec event > would be raised by rte_eth_event framework, when ESN hits the soft limit > set by the application. > > Signed-off-by: Anoob Joseph > --- > v2: > * No change > > examples/ipsec-secgw/ipsec-secgw.c | 56 ++++++++++++++++++++++++++++++++++++++ > examples/ipsec-secgw/ipsec.c | 10 +++++-- > examples/ipsec-secgw/ipsec.h | 2 ++ > 3 files changed, 65 insertions(+), 3 deletions(-) > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c > index 3a8562e..5726fd3 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -40,6 +40,7 @@ > #include > #include > #include > +#include > > #include "ipsec.h" > #include "parser.h" > @@ -1640,6 +1641,58 @@ pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf) > printf("Allocated mbuf pool on socket %d\n", socket_id); > } > > +static inline int > +inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, uint64_t md) > +{ > + struct ipsec_sa *sa; > + > + /* For inline protocol processing, the metadata in the event will > + * uniquely identify the security session which raised the event. > + * Application would then need the userdata it had registered with the > + * security session to process the event. > + */ > + > + sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md); > + > + if (sa == NULL) { > + /* userdata could not be retrieved */ > + return -1; > + } > + > + /* Sequence number over flow. SA need to be re-established */ With this patchset, application will be able to get notification if the error has occurred. But it is not re-configuring the SA. Do you intend to add the same? > + RTE_SET_USED(sa); > + return 0; > +} > + > +static int > +inline_ipsec_event_callback(uint16_t port_id, enum rte_eth_event_type type, > + void *param, void *ret_param) > +{ > + struct rte_eth_event_ipsec_desc *event_desc = NULL; > + struct rte_security_ctx *ctx = (struct rte_security_ctx *) > + rte_eth_dev_get_sec_ctx(port_id); > + > + RTE_SET_USED(param); > + > + if (type != RTE_ETH_EVENT_IPSEC) > + return -1; > + > + event_desc = ret_param; > + if (event_desc == NULL) { > + printf("Event descriptor not set\n"); > + return -1; > + } > + > + if (event_desc->stype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW) > + return inline_ipsec_event_esn_overflow(ctx, event_desc->md); > + else if (event_desc->stype >= RTE_ETH_EVENT_IPSEC_MAX) { > + printf("Invalid IPsec event reported\n"); > + return -1; > + } > + > + return -1; > +} > + > int32_t > main(int32_t argc, char **argv) > { > @@ -1727,6 +1780,9 @@ main(int32_t argc, char **argv) > */ > if (promiscuous_on) > rte_eth_promiscuous_enable(portid); > + > + rte_eth_dev_callback_register(portid, > + RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL); > } > > check_all_ports_link_status(nb_ports, enabled_port_mask); > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index 5fb5bc1..acdd189 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -36,6 +36,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec) > } > /* TODO support for Transport and IPV6 tunnel */ > } > + ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT; > } > > static inline int > @@ -270,11 +271,14 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > * the packet is received, this userdata will be > * retrieved using the metadata from the packet. > * > - * This is required only for inbound SAs. > + * The PMD is expected to set similar metadata for other > + * operations, like rte_eth_event, which are tied to > + * security session. In such cases, the userdata could > + * be obtained to uniquely identify the security > + * parameters denoted. > */ > > - if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) > - sess_conf.userdata = (void *) sa; > + sess_conf.userdata = (void *) sa; > > sa->sec_session = rte_security_session_create(ctx, > &sess_conf, ipsec_ctx->session_pool); > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index 6059f6c..c1450f6 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -21,6 +21,8 @@ > > #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ > > +#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00 > + > #define IV_OFFSET (sizeof(struct rte_crypto_op) + \ > sizeof(struct rte_crypto_sym_op)) > >