From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id A15D31B3DA for ; Mon, 16 Oct 2017 10:47:04 +0200 (CEST) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Oct 2017 01:47:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.43,386,1503385200"; d="scan'208";a="1025583806" Received: from irsmsx106.ger.corp.intel.com ([163.33.3.31]) by orsmga003.jf.intel.com with ESMTP; 16 Oct 2017 01:47:00 -0700 Received: from irsmsx104.ger.corp.intel.com ([169.254.5.248]) by IRSMSX106.ger.corp.intel.com ([169.254.8.36]) with mapi id 14.03.0319.002; Mon, 16 Oct 2017 09:46:59 +0100 From: "Nicolau, Radu" To: Shahaf Shuler , Akhil Goyal , "dev@dpdk.org" CC: "Doherty, Declan" , "De Lara Guarch, Pablo" , "hemant.agrawal@nxp.com" , Boris Pismenny , "Aviad Yehezkel" , Thomas Monjalon , "sandeep.malik@nxp.com" , "jerin.jacob@caviumnetworks.com" , "Mcnamara, John" , "Ananyev, Konstantin" , "olivier.matz@6wind.com" Thread-Topic: [PATCH v4 06/12] ethdev: support security APIs Thread-Index: AQHTRTq6oXaAqapBA0KH1O/2jnvd76Lk03+AgAFYYDA= Date: Mon, 16 Oct 2017 08:46:58 +0000 Message-ID: <763A2F19A5EFF34F8B7F1657C992EE297B2EF30C@IRSMSX104.ger.corp.intel.com> References: <20171006181151.4758-1-akhil.goyal@nxp.com> <20171014221734.15511-1-akhil.goyal@nxp.com> <20171014221734.15511-7-akhil.goyal@nxp.com> In-Reply-To: Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_IC x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYWVhOGI1YzAtY2UzNC00MTg2LThjMGUtYWZjYzJmMjhhZGU4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6ImI4WUhcL3VDTkh5ekpRNHhzd2l3bFBWeHlGSUF3WFRLeU0rMU01S1wvXC9mY289In0= dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [163.33.239.182] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v4 06/12] ethdev: support security APIs X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 08:47:05 -0000 Hi Shahaf, I will address the issues asap, they didn't made it into v4 because of timi= ng reasons. Regards, Radu > -----Original Message----- > From: Shahaf Shuler [mailto:shahafs@mellanox.com] > Sent: Sunday, October 15, 2017 2:13 PM > To: Akhil Goyal ; dev@dpdk.org > Cc: Doherty, Declan ; De Lara Guarch, Pablo > ; hemant.agrawal@nxp.com; Nicolau, > Radu ; Boris Pismenny ; > Aviad Yehezkel ; Thomas Monjalon > ; sandeep.malik@nxp.com; > jerin.jacob@caviumnetworks.com; Mcnamara, John > ; Ananyev, Konstantin > ; olivier.matz@6wind.com > Subject: RE: [PATCH v4 06/12] ethdev: support security APIs >=20 > Hi Akhil, >=20 > Sunday, October 15, 2017 1:17 AM, Akhil Goyal: > > From: Declan Doherty > > > > rte_flow_action type and ethdev updated to support rte_security > > sessions for crypto offload to ethernet device. > > > > Signed-off-by: Boris Pismenny > > Signed-off-by: Aviad Yehezkel > > Signed-off-by: Radu Nicolau > > Signed-off-by: Declan Doherty > > --- > > lib/librte_ether/rte_ethdev.c | 11 +++++++++++ > > lib/librte_ether/rte_ethdev.h | 18 ++++++++++++++++-- > > lib/librte_ether/rte_ethdev_version.map | 1 + > > 3 files changed, 28 insertions(+), 2 deletions(-) > > > > diff --git a/lib/librte_ether/rte_ethdev.c > > b/lib/librte_ether/rte_ethdev.c index 0b1e928..9520f1e 100644 > > --- a/lib/librte_ether/rte_ethdev.c > > +++ b/lib/librte_ether/rte_ethdev.c > > @@ -301,6 +301,17 @@ rte_eth_dev_socket_id(uint16_t port_id) > > return rte_eth_devices[port_id].data->numa_node; > > } > > > > +void * > > +rte_eth_dev_get_sec_ctx(uint8_t port_id) { > > + RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, NULL); > > + > > + if (rte_eth_devices[port_id].data->dev_flags & > > RTE_ETH_DEV_SECURITY) > > + return rte_eth_devices[port_id].data->security_ctx; > > + > > + return NULL; > > +} > > + > > uint16_t > > rte_eth_dev_count(void) > > { > > diff --git a/lib/librte_ether/rte_ethdev.h > > b/lib/librte_ether/rte_ethdev.h index aaf02b3..159bb73 100644 > > --- a/lib/librte_ether/rte_ethdev.h > > +++ b/lib/librte_ether/rte_ethdev.h > > @@ -180,6 +180,8 @@ extern "C" { > > #include > > #include > > #include > > +#include > > + > > #include "rte_ether.h" > > #include "rte_eth_ctrl.h" > > #include "rte_dev_info.h" > > @@ -379,7 +381,8 @@ struct rte_eth_rxmode { > > * This bit is temporary till rxmode bitfield offloads API will > > * be deprecated. > > */ > > - ignore_offload_bitfield : 1; > > + ignore_offload_bitfield : 1, > > + enable_sec : 1; /**< Enable security offload */ >=20 > I suggest to keep the ignore_offload_bitfield last. >=20 > Also you should update the convert function. See: > rte_eth_convert_rx_offload_bitfield > rte_eth_convert_rx_offloads >=20 > > }; > > > > /** > > @@ -707,8 +710,10 @@ struct rte_eth_txmode { > > /**< If set, reject sending out tagged pkts */ > > hw_vlan_reject_untagged : 1, > > /**< If set, reject sending out untagged pkts */ > > - hw_vlan_insert_pvid : 1; > > + hw_vlan_insert_pvid : 1, > > /**< If set, enable port based VLAN insertion */ > > + enable_sec : 1; > > + /**< Enable security offload */ >=20 > Am copying the comment and answer from v2 on the Tx offload. Seems like > we agreed, why it is not addressed? >=20 > From: Radu Nicolau radu.nicolau at intel.com > > Already comment on it in the previous version [1]. > > I don't think there is a justification to introduce new approach to set= Tx > offloads given there is already patch set which provides such new API [2]= . > > I think this patch should be on top of it. > I agree with you, that is if the new offload API will be merged we will a= lso > change this one. But until then it makes testing and developing more > difficult. >=20 >=20 > > }; > > > > /** > > @@ -969,6 +974,7 @@ struct rte_eth_conf { #define > DEV_RX_OFFLOAD_VLAN > > (DEV_RX_OFFLOAD_VLAN_STRIP | \ > > DEV_RX_OFFLOAD_VLAN_FILTER | \ > > DEV_RX_OFFLOAD_VLAN_EXTEND) > > +#define DEV_RX_OFFLOAD_SECURITY 0x00000100 > > > > /** > > * TX offload capabilities of a device. > > @@ -998,6 +1004,7 @@ struct rte_eth_conf { > > * When set application must guarantee that per-queue all mbufs come= s > > from > > * the same mempool and has refcnt =3D 1. > > */ > > +#define DEV_TX_OFFLOAD_SECURITY 0x00008000 > > > > struct rte_pci_device; > > > > @@ -1736,6 +1743,9 @@ struct rte_eth_dev { > > enum rte_eth_dev_state state; /**< Flag indicating the port state */ > > } __rte_cache_aligned; > > > > +void * > > +rte_eth_dev_get_sec_ctx(uint8_t port_id); > > + > > struct rte_eth_dev_sriov { > > uint8_t active; /**< SRIOV is active with 16, 32 or 64 = pools */ > > uint8_t nb_q_per_pool; /**< rx queue number per pool */ > > @@ -1796,6 +1806,8 @@ struct rte_eth_dev_data { > > int numa_node; /**< NUMA node connection */ > > struct rte_vlan_filter_conf vlan_filter_conf; > > /**< VLAN filter configuration. */ > > + void *security_ctx; > > + /**< Context for security ops */ > > }; > > > > /** Device supports hotplug detach */ @@ -1806,6 +1818,8 @@ struct > > rte_eth_dev_data { #define RTE_ETH_DEV_BONDED_SLAVE 0x0004 > > /** Device supports device removal interrupt */ > > #define RTE_ETH_DEV_INTR_RMV 0x0008 > > +/** Device supports inline security processing */ > > +#define RTE_ETH_DEV_SECURITY 0x0010 >=20 > I have to insist about this one. I don't understand which extra functiona= lity it > provides in compare to the DEV_RX_OFFLOAD_SECURITY or > DEV_TX_OFFLOAD_SECURITY. > Answer from previous version was to "allow to advertise that a device ha= s > security features without the need to check exactly which ones are they". > I think this is exactly what DEV_RX_OFFLOAD_SECURITY and > DEV_TX_OFFLOAD_SECURITY means. Those flags does not provide the full > capabilities of the different security offload supported by the device (t= hose > should be queried through rte_scurity APIs). >=20 > > > > /** > > * @internal > > diff --git a/lib/librte_ether/rte_ethdev_version.map > > b/lib/librte_ether/rte_ethdev_version.map > > index e27f596..3cc6a64 100644 > > --- a/lib/librte_ether/rte_ethdev_version.map > > +++ b/lib/librte_ether/rte_ethdev_version.map > > @@ -194,5 +194,6 @@ DPDK_17.11 { > > rte_eth_dev_pool_ops_supported; > > rte_eth_dev_reset; > > rte_flow_error_set; > > + rte_eth_dev_get_sec_ctx; > > > > } DPDK_17.08; > > -- > > 2.9.3