From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C8ECCA0548; Fri, 24 Sep 2021 14:42:37 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4E9274126F; Fri, 24 Sep 2021 14:42:37 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id 26F524122D for ; Fri, 24 Sep 2021 14:42:35 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10116"; a="287734434" X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; d="scan'208";a="287734434" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Sep 2021 05:42:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; d="scan'208";a="436984940" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga003.jf.intel.com with ESMTP; 24 Sep 2021 05:42:34 -0700 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Fri, 24 Sep 2021 05:42:34 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Fri, 24 Sep 2021 05:42:34 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.101) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Fri, 24 Sep 2021 05:42:33 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AcwYQvym6DTr5AG1bl6MS+pN2mk9QlFY4DaW4Y2svLhOPTUGJKpKrXwM1eBgiZ2zWoprstsBtnIdfshdAwJO0ClYOt0i6NigEPquMWreegpzzYvTnWUnXxlJs85QLYUBVmVFh5I/M8+u+/ounPHY+fA9TzPBo82QlwNzxNJCa6ArKwm807NCc3/lUymAj9NmXweE5NE40WKXwmTrWvaWwgAtdXl+BD1yhZJXBnwkRiNx6VeNxgeHokHmOSdF8RkIG/2TLFIx1oz7FT/5L3alebOkE6MbJc5n+F3pSk+WGXKeEy1Z3hYHzxP07+6DDC1xf05BHuLHvB2naVPvUi0vWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xFq4AVaOrQp7NBbTl3jjfn0l4SjWIo6iksG+g5nlm+k=; b=WlChpAtjAlKNXWIrZfB7NNRWG1iHvFi2qjUUwngQD75w+KUsxVO8B28OrvZ/XrblpIx3RxX54TVInt2ce1ecRHc5mAwsKGxNHLTBb8QeTOnETMbkTryMPBSAFZtamP83EEiB7SuA4L6EZhFtgVMeH38VhsR5uyr4gWcn2NaDSP8a5c3w8JClzr8e/iQ4ZQp/FHc2q/fnvbHO5wfeOP9cM4ZKgSZy+wibS7OpYf3je58SfKG/LHsH6HL0SlD/mov1PffSobJn2peSo/hPW2ZsypJbjGbb5kYyMeLZWlrUgrnNrp8UXmsg8rOGjlFufSlnnblpHQO1Ce4v5UlRhemmUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xFq4AVaOrQp7NBbTl3jjfn0l4SjWIo6iksG+g5nlm+k=; b=QSCYQg9IWTBzyA5SJEN4f6MFEuXqCe9FUSyfX5SYogJEXzNwpEnvnSmEQJ95Y99L0Lq1tNK/3XS7PaUpWI6optAgJqUDL6eRN4jGRbXTidUbqd8dg/iHZa7xhSWEDrnh3oQgdDt3xPMVgsRa1OEY6lsNZeLt2qaYbo1Eai26iDI= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM6PR11MB3627.namprd11.prod.outlook.com (2603:10b6:5:13b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Fri, 24 Sep 2021 12:42:30 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::740e:126e:c785:c8fd]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::740e:126e:c785:c8fd%4]) with mapi id 15.20.4544.018; Fri, 24 Sep 2021 12:42:30 +0000 From: "Ananyev, Konstantin" To: "Nicolau, Radu" CC: "dev@dpdk.org" , "mdr@ashroe.eu" , "Medvedkin, Vladimir" , "Richardson, Bruce" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" , "gakhil@marvell.com" , "anoobj@marvell.com" , "Doherty, Declan" , "Sinha, Abhijit" , "Buckley, Daniel M" , "marchana@marvell.com" , "ktejasree@marvell.com" , "matan@nvidia.com" Thread-Topic: [PATCH v6 00/10] new features for ipsec and security libraries Thread-Index: AQHXq6YGnE1NFrCg1EGe4rgL18ib/KuzJ+OA Date: Fri, 24 Sep 2021 12:42:30 +0000 Message-ID: References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20210917091747.1528262-1-radu.nicolau@intel.com> In-Reply-To: <20210917091747.1528262-1-radu.nicolau@intel.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: de5c89ed-70a3-4471-fcec-08d97f58c5c9 x-ms-traffictypediagnostic: DM6PR11MB3627: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: hP/Lj5xEkSLSZ+gG8JShwYZ0vbBxl1Mf8UFKBK3i9/WWcJD7LFFK5xt3XEUGOz9ZrrGWsAFjh9s7PNdzJFs8WLmaVI5iq7MqDrYqcPh4s4K0ByVqjrnCrtG52yG2eU+do2d9xa55Q96JKqJADqp1B5PM0pzaeD/Vv1oCjw78sEwV/yGf1/ks5lgFw67GH1hBUWnELsWGlWPsHJygadbb1cavbwk1M0ayKXl6rxZ1AZ2abm5X3tyE/eUK8ZcyW/Go6lQXDdp1jsLBOxhFdI6Q1zQPoz4vIH1CdjcyjWavv6m7sYuy/iU0KBMhhKgus6Yf+9/VY7kopcgceHvCvp3iRgUHWckhZtKDP2bV6i2q7bgwIoMdOHdUQf6OfEVn4WTDXstladHoQyf1V3D5Zjq9UASN1te4nW+qgZa1Ee0jajtBgs/zUmqZudnjZskesgFIG6Ow8h1ISDewk7ZLU7R4aSMNVmX/ADDAAmlYdYSIg81lJ+4w/WjeUJXrOVmjmCE656+fryqI9TR6+1W8nFiKZKytH64d1VGpnnsP//NfTMs99U13LMYqkZENAuGxW2JtKNEURrCGe6xOgfv6d638x3wqQBIBxe7Y38ecat7R1A00IjV6aXkZOkMyjVI8u5a+5uJLhTyghpqYF/ggGYXFylO5DEtKRzpFGw/U5yehP8fBAex/hPpP2DPWb8pNPTZyREFd8xNTzCvdvPpAdqOGdg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(26005)(8676002)(55016002)(38070700005)(66476007)(6636002)(33656002)(86362001)(66446008)(64756008)(66556008)(5660300002)(15650500001)(71200400001)(2906002)(4326008)(9686003)(8936002)(186003)(7696005)(6862004)(316002)(54906003)(55236004)(66946007)(122000001)(76116006)(38100700002)(52536014)(6506007)(508600001)(83380400001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?IWVpAcZBOxHSIHtrOXcsvUcKb10nO0gjQPZhg61s/LX1JRIsooX+RJl7vyva?= =?us-ascii?Q?R1GP2+UimEMsddoKo/VpclrxMOxshtmFh8nbFH4A+BFqisX+0spvr1W9SUND?= =?us-ascii?Q?WhMj8Q14dOBSqrQxuLI6cSOM7u3Gr581uDS3xX9jbxKKJ7LiSCquYCJtkGb3?= =?us-ascii?Q?HNZ6CAG+eOB/1RykRtT2XZh4JvPl7YCVd2ZFU0mpsFIsPiDFdNvOTrxMTEGB?= =?us-ascii?Q?UuA2EpD9t7q7ciqTkPZNJY2bHcD3c37R9SJessE4DAKy3Ik5OeoCxCjJhbc+?= =?us-ascii?Q?tfQUbQHsm4HsvLtd5Zep5nOojJ5WXXc7NjkHCQ2nqqY0f7hd0kmK3OlGoKfK?= =?us-ascii?Q?UX0q46Kz+1yUT1Cl6hrSmcYSanU5AqHAJIW81vb92rIG99YmPisoYUnwpfRi?= =?us-ascii?Q?Lc18pXzWfGaTR2cHNRKM51NlaxJ4VwzMs9paarl6btcn+puG+YqrZ1ZcER6D?= =?us-ascii?Q?SyL35Qoer7yYtppnZkTnDT1EwLhqRXRiJ0HbZvqgb2/9l3N9p0yiVI+u2A8r?= =?us-ascii?Q?LBkPbxFXhwgmQu6/b7+jjghMXRYIu+Gk3Pvd9/KQc86JU0T9Vb/hzyPewXzz?= =?us-ascii?Q?9KkCJXdctALGo9GPyEGCRMo9U+XC1Df+u45824nNb6vFZqbbPf01hnvRWHGU?= =?us-ascii?Q?XpPkPODUf86c2R4QN7zmIoT7qUutE8DmCBScDxI6Zk7fNmjOoAaj5pgeisPs?= =?us-ascii?Q?/tHMonJvcGFI1CIuD8dGF82q9PBSugk37i8GqqcCwJVTLmbQ6HEV5ohI3ubi?= =?us-ascii?Q?0UbIl1VujHJvSnxUgbX8EnNzRtpQitqXFqbVSz29Q5srfez0HXw3Jr4OY5bR?= =?us-ascii?Q?YhEDf8qckoQ5vgeAcLL6RkQ7xUp1YI4KaSayvJdfkirBLswBIyOw3wHE6rp/?= =?us-ascii?Q?LEubHXzBIbF9oEBgpt1ox40M6IbqP11sv7bE50KX2mpdStJLhq7POO6RR45C?= =?us-ascii?Q?gxZPQiYy+8178jHiygPnV0VOAqAnKKmd1VbkTZ5PrSbrWAUvmqj/VUv7dSPr?= =?us-ascii?Q?+SZ9MfYuHh7AEUIZaRhRfo9SImDEf5rWlvLUV4jnQ7mt5llT17mRaT7414R+?= =?us-ascii?Q?CD+wkoSbmhN2Jksc5oykso8DfoLdkKpP2r+WtNSEaivXyBYxO8wIMK5Eo8Fi?= =?us-ascii?Q?ksrQyVOXtUiY1ck8J3S13HOYNlWdzwc1f/jgC3vROFo0WjNUzjvnqr1Wi3QH?= =?us-ascii?Q?vohggWW2WJdMa4khxYWLSDZXFA9aAH81iAWHJSTYPmtBcX4oD44JtbGLhpYn?= =?us-ascii?Q?nnS2joNcwif98zRY+uaIiZ/hH4mjQ2FcI/OuOvUA/ke8kUN8QNRSKCFKTNVQ?= =?us-ascii?Q?yfSNK897c8bVcvYZrLxSdPt2?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: de5c89ed-70a3-4471-fcec-08d97f58c5c9 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 12:42:30.0835 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: yUCSIMK1l4ZA0H8lee8oXFAmrzQa2Rq5tb1oH/4gbWCzLIftuPpHT/HVATWgW28LvWaHkEtMMg0De7TtxHf+MigVXX8Vo2sZxHPjYY4Q2wY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3627 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v6 00/10] new features for ipsec and security libraries X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" >=20 > Add support for: > TSO, NAT-T/UDP encapsulation, ESN > AES_CCM, CHACHA20_POLY1305 and AES_GMAC > SA telemetry > mbuf offload flags > Initial SQN value I provided my comments for individual patches. There are few more generic ones, I have: 1. Documentation updates are missing. Specially things that need to be documented properly: - changes in the public API and current behaviour. 2. In some patches you describe the actual changes, but without providing any reason why it is necessary. 3. For new algos/features it would be really good to extend examples/ipsec-secgw/test with new test-cases. 4. When submitting new version - it would be really good to have in cover-l= etter a summary of changes from previous version, so reviewer can avoid looking through all patches again. =20 5. The series contains mix of patches for completely different features. It would be much cleaner to have a separate series for each such featur= e. Let say series to enable feature X: - patch to update lib/security public headers (if any) - patch(es) to update lib/ipsec - patch(es) to update PMD to implement new functionality (if any) - patch(es) to update examples/ipec-secgw to enable new functionality - patch(es) to update examples/ipsec-secgw/test to add new test-cases (if= any) >=20 > Signed-off-by: Declan Doherty > Signed-off-by: Radu Nicolau > Signed-off-by: Abhijit Sinha > Signed-off-by: Daniel Martin Buckley >=20 > Radu Nicolau (10): > security: add support for TSO on IPsec session > security: add UDP params for IPsec NAT-T > security: add ESN field to ipsec_xform > mbuf: add IPsec ESP tunnel type > ipsec: add support for AEAD algorithms > ipsec: add transmit segmentation offload support > ipsec: add support for NAT-T > ipsec: add support for SA telemetry > ipsec: add support for initial SQN value > ipsec: add ol_flags support >=20 > lib/ipsec/crypto.h | 137 ++++++++++++ > lib/ipsec/esp_inb.c | 88 +++++++- > lib/ipsec/esp_outb.c | 262 +++++++++++++++++++---- > lib/ipsec/iph.h | 27 ++- > lib/ipsec/meson.build | 2 +- > lib/ipsec/rte_ipsec.h | 23 ++ > lib/ipsec/rte_ipsec_sa.h | 11 +- > lib/ipsec/sa.c | 406 ++++++++++++++++++++++++++++++++++-- > lib/ipsec/sa.h | 43 ++++ > lib/ipsec/version.map | 9 + > lib/mbuf/rte_mbuf_core.h | 1 + > lib/security/rte_security.h | 31 +++ > 12 files changed, 967 insertions(+), 73 deletions(-) >=20 > -- > v2: fixed lib/ipsec/version.map updates to show correct version > v3: fixed build error and corrected misspelled email address > v4: add doxygen comments for the IPsec telemetry APIs > update inline comments refering to the wrong RFC > v5: update commit messages after feedback > update the UDP encapsulation patch to actually use the configured por= ts > v6: fix initial SQN value >=20 > 2.25.1