From: Akhil Goyal <gakhil@marvell.com>
To: Anoob Joseph <anoobj@marvell.com>,
Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>
Cc: Hemant Agrawal <hemant.agrawal@nxp.com>,
"dev@dpdk.org" <dev@dpdk.org>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>,
"david.coyle@intel.com" <david.coyle@intel.com>,
"kai.ji@intel.com" <kai.ji@intel.com>,
"kevin.osullivan@intel.com" <kevin.osullivan@intel.com>,
Ciara Power <ciara.power@intel.com>
Subject: RE: [PATCH v3 1/2] security: add fallback security processing and Rx inject
Date: Mon, 9 Oct 2023 20:11:25 +0000 [thread overview]
Message-ID: <CO6PR18MB44846AF8E3058B7A339970B2D8CEA@CO6PR18MB4484.namprd18.prod.outlook.com> (raw)
In-Reply-To: <20230929153929.939-1-anoobj@marvell.com>
> Subject: [PATCH v3 1/2] security: add fallback security processing and Rx inject
>
> Add alternate datapath API for security processing which would do Rx
> injection (similar to loopback) after successful security processing.
>
> With inline protocol offload, variable part of the session context
> (AR windows, lifetime etc in case of IPsec), is not accessible to the
> application. If packets are not getting processed in the inline path
> due to non security reasons (such as outer fragmentation or rte_flow
> packet steering limitations), then the packet cannot be security
> processed as the session context is private to the PMD and security
> library doesn't provide alternate APIs to make use of the same session.
>
> Introduce new API and Rx injection as fallback mechanism to security
> processing failures due to non-security reasons. For example, when there
> is outer fragmentation and PMD doesn't support reassembly of outer
> fragments, application would receive fragments which it can then
> reassemble. Post successful reassembly, packet can be submitted for
> security processing and Rx inject. The packets can be then received in
> the application as normal inline protocol processed packets.
>
> Same API can be leveraged in lookaside protocol offload mode to inject
> packet to Rx. This would help in using rte_flow based packet parsing
> after security processing. For example, with IPsec, this will help in
> flow splitting after IPsec processing is done.
>
> In both inline protocol capable ethdevs and lookaside protocol capable
> cryptodevs, the packet would be received back in eth port & queue based
> on rte_flow rules and packet parsing after security processing. The API
> would behave like a loopback but with the additional security
> processing.
>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
> ---
> v3:
> * Resolved compilation error with 32 bit build
Series Acked-by: Akhil Goyal <gakhil@marvell.com>
Please add release notes for the new feature.
next prev parent reply other threads:[~2023-10-09 20:11 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-11 11:45 [RFC PATCH " Anoob Joseph
2023-08-11 11:45 ` [RFC PATCH 2/2] test/cryptodev: add Rx inject test Anoob Joseph
2023-08-24 7:55 ` [RFC PATCH 1/2] security: add fallback security processing and Rx inject Akhil Goyal
2023-09-29 7:16 ` [PATCH v2 " Anoob Joseph
2023-09-29 7:16 ` [PATCH v2 2/2] test/cryptodev: add Rx inject test Anoob Joseph
2023-09-29 15:39 ` [PATCH v3 1/2] security: add fallback security processing and Rx inject Anoob Joseph
2023-09-29 15:39 ` [PATCH v3 2/2] test/cryptodev: add Rx inject test Anoob Joseph
2023-10-09 20:11 ` Akhil Goyal [this message]
2023-10-10 10:32 ` [PATCH v4 1/2] security: add fallback security processing and Rx inject Anoob Joseph
2023-10-10 10:32 ` [PATCH v4 2/2] test/cryptodev: add Rx inject test Anoob Joseph
2023-10-10 16:48 ` [PATCH v4 1/2] security: add fallback security processing and Rx inject Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO6PR18MB44846AF8E3058B7A339970B2D8CEA@CO6PR18MB4484.namprd18.prod.outlook.com \
--to=gakhil@marvell.com \
--cc=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=david.coyle@intel.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=kai.ji@intel.com \
--cc=kevin.osullivan@intel.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).