From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2F768A0C48; Tue, 6 Jul 2021 13:02:43 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A5DB84128E; Tue, 6 Jul 2021 12:56:16 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id C7B8740688 for ; Tue, 6 Jul 2021 12:56:14 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10036"; a="230821976" X-IronPort-AV: E=Sophos;i="5.83,328,1616482800"; d="scan'208";a="230821976" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jul 2021 03:56:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,328,1616482800"; d="scan'208";a="481572549" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by fmsmga004.fm.intel.com with ESMTP; 06 Jul 2021 03:56:13 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Tue, 6 Jul 2021 03:56:13 -0700 Received: from fmsmsx605.amr.corp.intel.com (10.18.126.85) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Tue, 6 Jul 2021 03:56:12 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Tue, 6 Jul 2021 03:56:12 -0700 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.42) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Tue, 6 Jul 2021 03:56:12 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c5Dsx4CpuF5+B6tD8XdCmqhbR2cm7b2i4FqnSG8ENMhwMI7nc+/BVRSzlOwcvjM0u33dNMWPx+ar6btOQEF/WU4H/LrAAzpwrkyKIxp0/djcg52NKu8t4jChEzjMs9sMJMVwlXgVqGvtxKvP8dSflzl6K2bS0901eCFIwKXoZsuTZ9st1Xyu+XfrZQtF4MqgBu4vDKUyRMReQ0ALCSGiL29xY8BRebQvx/JyEQrp1pDqAzpoLdDGYJz9opZNbE48Qx34QC3tqPjVy5wnsPpIdErpz/0aibpxn4PAm8Nn0dxvY/O2dfQcqIahtmpGhISB9UDZyvVJg67c9ms7WqmDpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UL5rI1kWDd32tKHOSvDRyoHJwU5B5PmySWUVhNyBh84=; b=FJ55NzNbdY0DiYRskYN4EPmxQaYAeFC/uqb04JDRJItY95YG3ZDCHGo6gsIonk6HSmjr+FX7JyWqy5A159CV3qCZ9Q/2nZ0bm6K/CTQa1Len9BjaXNAcnIJ50e2FFyVN3kLLxnuF3PKEZGTUCDid6GbmAI4T4M+TpgPyhzgvn0NKNtOfrT8MGhQKFxKD/kCpNp0xcznVPzpTNZnpo6nqRLBgXnQPd6ugQzPJS4qd1rktKCICklWXM60+LYogGUkRD7yUr0ce2/06XdViY13PjqTrOq53uwY+PyEtZkmBZGoVHv3ixRpUwjU7T+q+2xrhP1/6Oki2MzRZ74QyZRL/Rw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UL5rI1kWDd32tKHOSvDRyoHJwU5B5PmySWUVhNyBh84=; b=s6T4HAIE6GOnwC6dFOA7RCACsXrzP4oB8s8QXaSRCgeZDkCX6ldL71JazfCLz7cWlK7KWeltytCx5KAte3E8/dlxplxUZHwNFLfEmGzCLZKTwsRWazTWeHAWYQiqqNlBGLoTVxnfAzppIXinL4naezMvorDrT7qq05SSpDzhB+U= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM5PR1101MB2170.namprd11.prod.outlook.com (2603:10b6:4:54::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.23; Tue, 6 Jul 2021 10:56:10 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::7dc4:66b0:f76b:6d48]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::7dc4:66b0:f76b:6d48%7]) with mapi id 15.20.4287.033; Tue, 6 Jul 2021 10:56:10 +0000 From: "Ananyev, Konstantin" To: Akhil Goyal , "dev@dpdk.org" CC: "hemant.agrawal@nxp.com" , "thomas@monjalon.net" , "g.singh@nxp.com" , "Yigit, Ferruh" , "Zhang, Roy Fan" , "olivier.matz@6wind.com" , "jerinj@marvell.com" , Nithin Dabilpuram Thread-Topic: [PATCH 1/2] security: enforce semantics for Tx inline processing Thread-Index: AQHXaOPPEvFIqFhEn0C8QRoI7a/e16s12L8Q Date: Tue, 6 Jul 2021 10:56:10 +0000 Message-ID: References: <20210624102848.3878788-1-gakhil@marvell.com> In-Reply-To: <20210624102848.3878788-1-gakhil@marvell.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 566d03ce-678e-4eb5-45f4-08d9406caa1d x-ms-traffictypediagnostic: DM5PR1101MB2170: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VmpEW+q2uelX4xia8mbTWOOiK6YaE+OmJ/0gDZ0sb9iQceOhyAv4PBE0jqsr87/qohOMhvmzyD/vcoAoUdGYk5wPXbBBfmLKpUhq2v27ZP7EamVzZ3vgr6bV6671tqHrrSySgxy7EfIfXpogIyTFN5fEQraGqxT8sS98g224xr4s6SQQrjKQ8V7IdPRSnIEf6Vt3nQ3Sx6tbAP4rRqf86bReL0ldSXBCNxhzDCBKlk7ET4loBCbwzk4YKS/hQet82zwqvZltrTWpXl3Y7VSjrOZ807v8fXLF6g5x/5DgZrXnW/SvXlooc1Oj4JQY2cGmO8CXq+aR/tij5GnJSr3y3NoxHHp0Y3z2mqisDVohFpmcW14qGewhjl9BcCOl+ppLZXB84zQS7ZOlwph8A7OnfJx2hnoDK5kS3ysSVzxtExHG/lKIkm7iNhYUjWMqAEyTg0ggMyq4wmBUIjfibwFN8U45oePYwEUaJVsxh+1b0A1TqA1EzcSjYpJc2nv0zsL2pIEkDYLGSbf3U48xAvce5jE0C84N8CMJy+VgNSDm+W9PascHamKDGRxdhm79M76TlzJovrQ/xOJZqb2Tiakh+2fEYPR0UmwLHsEhuI2Mtw6DOLtVht4VbE4gXdtUKHow30BW5M2eRlrqqvS6FVtBTQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(136003)(346002)(396003)(366004)(376002)(66946007)(478600001)(76116006)(122000001)(71200400001)(9686003)(86362001)(26005)(66476007)(55016002)(66556008)(6506007)(52536014)(66446008)(64756008)(186003)(38100700002)(2906002)(55236004)(15650500001)(5660300002)(4326008)(8676002)(316002)(83380400001)(7696005)(54906003)(110136005)(8936002)(33656002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?+nNEKcrJXCforie0xrKg7+AhqhBJJPGDsKyUTX/CJxTajqwl3Lj4XxKUDxmE?= =?us-ascii?Q?+qZPPQ9VMJStaU3KR0s9Ig0NO/4zeuiI/hwIaIzAclsnZY1gQgA5teaZmFtl?= =?us-ascii?Q?3UI+iOSpwbgBuN2XTUyfizlz2LTxruYpa8zs8mJ0XY9Bkv6R7zlR60hLl4JL?= =?us-ascii?Q?lykGvsccFk+cakgJGRvV51yR3NzL4XD5xsACrHmUgj86QReoVWMxBWP+pZ7d?= =?us-ascii?Q?8YXk/BfotE+wa3YtOKAdxA8s8YItchF5CmksJGhYmcYZxvHU5aWItwEk7jkg?= =?us-ascii?Q?f5Qy321el1C6sfjqxjaWzHfBVkxBvkvAesC8Q6+8HE28JIMr+IRHRCs0drEB?= =?us-ascii?Q?dnLpZQhkwImMZsgmpd0wB+di67PTN6tb+ENteL8PriEXEp4bPBJZojVrWXGh?= =?us-ascii?Q?8rgkLPup13HVTbd2ybMBGCwMTjVLmqfhxmEGl2QNLj6wcpA3xf2hXihbiSJY?= =?us-ascii?Q?+amflrCG88xtJC6FyLvIHuorvvgijfXhi1FTuqOUibaAvFrYWEtmd9Qibg/R?= =?us-ascii?Q?KHL/roPGnXQ5ZqrKhkeT/r9X7pemYfhOSvU5Uyorl0zBAF49eE+LU8bs1nEu?= =?us-ascii?Q?Nn//t1m9BlClc/CTnTlwidsrwZ9qezjxLMSanrbxiDJip7OE+J+IHDuiOOVd?= =?us-ascii?Q?iCerVLby+eRY86xeWJ9JH/L2lmKoqsdNGLplLwZqZMXsDQ69lXRxFqzRC/6i?= =?us-ascii?Q?vV7qLI1XzlVVTLMBiTu955cDrSPO5v17ycjGBwIJh/gKv/+OpUVlNB6epZ8q?= =?us-ascii?Q?FAGIlZMWziGmriCIC7GXxJjz86GLijlaN/aQDH0q+2j2fsqdiGVnd8sB1u/f?= =?us-ascii?Q?5Js+9YVuJRt11kq6PQy4RyCFhA4YfiP0Au+CycAgjftMszpihXpialn+X3QO?= =?us-ascii?Q?3jO2XuPo9qS4skUU/kpVLpxHzf5T4DX+FHApnoWSOjI7gMVVuuuI0U/us8it?= =?us-ascii?Q?7U7DkHRLpb6fB5sdkgC5jxVlI7I0ouf6s4YEhYXIbp7XVDiBXc4kgxEd+doJ?= =?us-ascii?Q?AemcWdcPAn96r97LBRYqpgi35dM0U7ViIzmJFbO0uSI2Yd7cJqJD+Py4aol1?= =?us-ascii?Q?GerUSWgZmbKzyGZ79OZsIdk5hNxaFCLW6ZaYE7Iy1eibKqZq6B3jMccPvdl/?= =?us-ascii?Q?h0YfN64D32PoCSdHqSXcMp1lOSb28Ep8dGYLa8wa0HGhKeIxBqvTm/VI9FKF?= =?us-ascii?Q?ymchVih3Ym9LL3ptLbdsh8LZjhoWirG5uFJMCh59nJd9pyQq194jgG1NQ1vT?= =?us-ascii?Q?w9Rfk5pix2hWZcLSJUNOcs1l5LwvG3AdyB34cF2ZANrl8b9RxrbSE3Mew7wY?= =?us-ascii?Q?y1HRQER6pO6oxnJKsEYISOek?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 566d03ce-678e-4eb5-45f4-08d9406caa1d X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2021 10:56:10.3287 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: lgbT02FIB2heya3vgtZppDKy+kTd3XL2lEXujuNAIEYT6mQ/akDQn+7AfpwzU6rhICWd3CIOFl6vfuStTDFuisq6GTRvSIgtKrHXENRjZOk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2170 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH 1/2] security: enforce semantics for Tx inline processing X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" >=20 > From: Nithin Dabilpuram >=20 > For Tx inline processing, when RTE_SECURITY_TX_OLOAD_NEED_MDATA is > set, rte_security_set_pkt_metadata() needs to be called for pkts > to associate a Security session with a mbuf before submitting > to Ethdev Tx. This is apart from setting PKT_TX_SEC_OFFLOAD in > mbuf.ol_flags. rte_security_set_pkt_metadata() is also used to > set some opaque metadata in mbuf for PMD's use. > This patch updates documentation that rte_security_set_pkt_metadata() > should be called only with mbuf containing Layer 3 and above data. > This behaviour is consistent with existing PMD's such as ixgbe. >=20 > On Tx, not all net PMD's/HW can parse packet and identify > L2 header and L3 header locations on Tx. This is inline with other > Tx offloads requirements such as L3 checksum, L4 checksum offload, > etc, where mbuf.l2_len, mbuf.l3_len etc, needs to be set for > HW to be able to generate checksum. Since Inline IPSec is also > such a Tx offload, some PMD's at least need mbuf.l2_len to be > valid to find L3 header and perform Outbound IPSec processing. > Hence, this patch updates documentation to enforce setting > mbuf.l2_len while setting PKT_TX_SEC_OFFLOAD in mbuf.ol_flags > for Inline IPSec Crypto / Protocol offload processing to > work on Tx. >=20 > Signed-off-by: Nithin Dabilpuram > Reviewed-by: Akhil Goyal > --- > doc/guides/nics/features.rst | 2 ++ > doc/guides/prog_guide/rte_security.rst | 6 +++++- > lib/mbuf/rte_mbuf_core.h | 2 ++ > 3 files changed, 9 insertions(+), 1 deletion(-) >=20 > diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst > index 403c2b03a..414baf14f 100644 > --- a/doc/guides/nics/features.rst > +++ b/doc/guides/nics/features.rst > @@ -430,6 +430,7 @@ of protocol operations. See Security library and PMD = documentation for more deta >=20 > * **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFL= OAD_SECURITY``, > * **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFL= OAD_SECURITY``. > +* **[uses] mbuf**: ``mbuf.l2_len``. > * **[implements] rte_security_ops**: ``session_create``, ``session_updat= e``, > ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``ca= pabilities_get``. > * **[provides] rte_eth_dev_info**: ``rx_offload_capa,rx_queue_offload_ca= pa:DEV_RX_OFFLOAD_SECURITY``, > @@ -451,6 +452,7 @@ protocol operations. See security library and PMD doc= umentation for more details >=20 > * **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFL= OAD_SECURITY``, > * **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFL= OAD_SECURITY``. > +* **[uses] mbuf**: ``mbuf.l2_len``. > * **[implements] rte_security_ops**: ``session_create``, ``session_updat= e``, > ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``ge= t_userdata``, > ``capabilities_get``. > diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_gui= de/rte_security.rst > index f72bc8a78..7b68c698d 100644 > --- a/doc/guides/prog_guide/rte_security.rst > +++ b/doc/guides/prog_guide/rte_security.rst > @@ -560,7 +560,11 @@ created by the application is attached to the securi= ty session by the API >=20 > For Inline Crypto and Inline protocol offload, device specific defined m= etadata is > updated in the mbuf using ``rte_security_set_pkt_metadata()`` if > -``DEV_TX_OFFLOAD_SEC_NEED_MDATA`` is set. > +``RTE_SECURITY_TX_OLOAD_NEED_MDATA`` is set. ``rte_security_set_pkt_meta= data()`` > +should be called on mbuf only with Layer 3 and above data present and > +``mbuf.data_off`` should be pointing to Layer 3 Header. Hmm... not sure why mbuf.data_off should point to L3 hdr. Who will add L2 hdr to the packet in that case? Or did you mean ``mbuf.data_off + mbuf.l2_len`` here? > Once called, > +Layer 3 and above data cannot be modified or moved around unless > +``rte_security_set_pkt_metadata()`` is called again. >=20 > For inline protocol offloaded ingress traffic, the application can regis= ter a > pointer, ``userdata`` , in the security session. When the packet is rece= ived, > diff --git a/lib/mbuf/rte_mbuf_core.h b/lib/mbuf/rte_mbuf_core.h > index bb38d7f58..9d8e3ddc8 100644 > --- a/lib/mbuf/rte_mbuf_core.h > +++ b/lib/mbuf/rte_mbuf_core.h > @@ -228,6 +228,8 @@ extern "C" { >=20 > /** > * Request security offload processing on the TX packet. > + * To use Tx security offload, the user needs to fill l2_len in mbuf > + * indicating L2 header size and where L3 header starts. > */ > #define PKT_TX_SEC_OFFLOAD (1ULL << 43) >=20 > -- > 2.25.1