From: "Coyle, David" <david.coyle@intel.com>
To: "Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
Akhil Goyal <akhil.goyal@nxp.com>,
"Doherty, Declan" <declan.doherty@intel.com>,
"Thomas Monjalon" <thomas@monjalon.net>,
"Yigit, Ferruh" <ferruh.yigit@intel.com>,
"Trahe, Fiona" <fiona.trahe@intel.com>
Cc: "techboard@dpdk.org" <techboard@dpdk.org>,
"dev@dpdk.org" <dev@dpdk.org>,
"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
"Ryan, Brendan" <brendan.ryan@intel.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
"Anoob Joseph" <anoobj@marvell.com>,
Ruifeng Wang <ruifeng.wang@arm.com>,
Liron Himi <lironh@marvell.com>,
Nagadheeraj Rottela <rnagadheeraj@marvell.com>,
Srikanth Jampala <jsrikanth@marvell.com>,
Gagandeep Singh <G.Singh@nxp.com>,
Jay Zhou <jianjay.zhou@huawei.com>,
Ravi Kumar <ravi1.kumar@amd.com>,
"Richardson, Bruce" <bruce.richardson@intel.com>,
"olivier.matz@6wind.com" <olivier.matz@6wind.com>,
"honnappa.nagarahalli@arm.com" <honnappa.nagarahalli@arm.com>,
Stephen Hemminger <stephen@networkplumber.org>,
"alexr@mellanox.com" <alexr@mellanox.com>
Subject: Re: [dpdk-dev] [PATCH v3 0/4] add AESNI-MB rawdev for multi-function processing
Date: Tue, 12 May 2020 17:32:09 +0000 [thread overview]
Message-ID: <MN2PR11MB3550F20F21980A5DED4CC8ECE3BE0@MN2PR11MB3550.namprd11.prod.outlook.com> (raw)
In-Reply-To: <BL0PR11MB3043FC895A4CAD269112B235B8AB0@BL0PR11MB3043.namprd11.prod.outlook.com>
Hi Fan & Akhil,
> -----Original Message-----
> From: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Sent: Friday, May 1, 2020 2:18 PM
>
> Hi Akhil,
>
> > -----Original Message-----
> > From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal
> > Sent: Wednesday, April 22, 2020 2:44 PM
> > To: Coyle, David <david.coyle@intel.com>; Doherty, Declan
> > <declan.doherty@intel.com>; Thomas Monjalon
> <thomas@monjalon.net>;
> > Yigit, Ferruh <ferruh.yigit@intel.com>; Trahe, Fiona
> > <fiona.trahe@intel.com>
> > Cc: techboard@dpdk.org; dev@dpdk.org; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Ryan, Brendan
> > <brendan.ryan@intel.com>; Hemant Agrawal
> <hemant.agrawal@nxp.com>;
> > Anoob Joseph <anoobj@marvell.com>; Ruifeng Wang
> > <ruifeng.wang@arm.com>; Liron Himi <lironh@marvell.com>; Nagadheeraj
> > Rottela <rnagadheeraj@marvell.com>; Srikanth Jampala
> > <jsrikanth@marvell.com>; Gagandeep Singh <G.Singh@nxp.com>; Jay
> Zhou
> > <jianjay.zhou@huawei.com>; Ravi Kumar <ravi1.kumar@amd.com>;
> > Richardson, Bruce <bruce.richardson@intel.com>;
> > olivier.matz@6wind.com; honnappa.nagarahalli@arm.com; Stephen
> > Hemminger <stephen@networkplumber.org>; alexr@mellanox.com
> > Subject: Re: [dpdk-dev] [PATCH v3 0/4] add AESNI-MB rawdev for multi-
> > function processing
> ...
> > Yes, it is preferred, but it should be a union to
> > rte_crypto_sym_op/rte_crypto_asym_op.
> > Crypto_op->type as RTE_CRYPTO_OP_TYPE_SECURITY and sess_type as
> > RTE_CRYPTO_OP_SECURITY_SESSION The size of rte_crypto_op will remain
> > as is and there will be no ABI breakage I guess.
> >
> [Fan: with this way the PMD will have to do rte_crypto_op.type check, and
> then look into rte_security_op field, only when it find the security_op type is
> crypto_crc, it will process the security_op data. Would that being too many
> reads and checking for a single op? Can we create a new API for rte_security
> to process rte_security_ops for Crypto_CRC or future needs?] ...
[DC] If we were to add new enqueue/dequeue APIs to rte_security, then this may
cause extra churn and extra paths of code in a customer's application. For the
DOCSIS Crypto-CRC use-case which is currently supported by IPSecMB, only the
AES-DOCSISBPI cipher algorithm is supported. For these Crypto-CRC ops, they would
create rte_security sessions, attach these to rte_security_ops and enqueue/dequeue
using the new APIs in rte_security.
However, the customer may also be using the legacy DES-DOCSISBPI cipher algorithm
for some subscribers, and this algorithm is not supported in the chained Crypto-CRC
functionality in IPSecMB (and most likely never will be). So for these the customer
would need to create cryptodev sessions, attach these to rte_crypto_ops and enqueue/
dequeue with the cryptodev enq/deq APIs. That is 2 different paths of code now in
the application datapath, where some packets in a batch need to be enqueued through
rte_security and some need to be enqueued through cryptodev.
If rte_crypto_ops are always used and enqueued/dequeued through cryptodev, then the
only thing that changes is the type of session that is created and either the security session
or the cryptodev session gets attached to the crypto_op.
Now, we could add support to rte_security for DES-DOCSISBPI too, but it would not be a
combined operation with CRC - it would be a simple cipher operation going through
rte_security. But that, to me, does not seem like a good use of rte_security.
For DOCSIS Crypto-CRC, we may also want to take advantage of the
rte_cryptodev_sym_cpu_crypto_process() API which was added to cryptodev recently to
avoid the enqueue/dequeue overhead. A similar API would also then need to be added
to rte_security.
Taking all of the above into account, I feel keeping the normal cryptodev enqueue/dequeue
would be best. Having said all that, we do need to consider performance in the PMD of the
extra op type checks. Take aesni_mb PMD as an example. It would need to check
rte_crypto_op->type and if it's not RTE_CRYPTO_OP_TYPE_SECURITY, then it can assume
it's an RTE_CRYPTO_OP_TYPE_SYMMETRIC op and carry on as normal for existing symmetric
operations. Security ops will need some extra parsing but this is new functionality. The impact
on existing functionality of the extra checks would certainly need to be tested though, but as
all the op data will be in the same cache line, I don't see any major impact.
Akhil & Fan (& others), I would be interested to hear your feedback on this.
Regards,
David
>
> Regards,
> Fan
next prev parent reply other threads:[~2020-05-12 17:32 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-10 14:27 David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 1/4] raw/common: add multi-function interface David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 2/4] raw/aesni_mb_mfn: add aesni_mb_mfn raw device PMD David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 3/4] test/rawdev: add aesni_mb_mfn raw device tests David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 4/4] doc: update docs for aesni_mb_mfn raw device PMD David Coyle
2020-04-10 22:55 ` [dpdk-dev] [PATCH v3 0/4] add AESNI-MB rawdev for multi-function processing Thomas Monjalon
2020-04-14 10:21 ` Ferruh Yigit
2020-04-14 10:32 ` Thomas Monjalon
2020-04-14 13:04 ` Trahe, Fiona
2020-04-14 13:24 ` Thomas Monjalon
2020-04-14 14:02 ` Trahe, Fiona
2020-04-14 14:44 ` Thomas Monjalon
2020-04-15 22:19 ` Doherty, Declan
2020-04-15 22:33 ` Thomas Monjalon
2020-04-21 16:46 ` Doherty, Declan
2020-04-21 17:23 ` Coyle, David
2020-04-22 10:51 ` Akhil Goyal
2020-04-22 13:17 ` Coyle, David
2020-04-22 13:44 ` Akhil Goyal
2020-04-22 14:21 ` Coyle, David
2020-05-01 13:18 ` Zhang, Roy Fan
2020-05-12 17:32 ` Coyle, David [this message]
2020-04-22 14:01 ` Kevin Traynor
2020-04-22 14:41 ` Coyle, David
2020-04-21 17:25 ` Thomas Monjalon
2020-04-21 18:37 ` Coyle, David
2020-04-21 21:51 ` Thomas Monjalon
2020-06-04 15:13 ` [dpdk-dev] [PATCH 0/3] add support for DOCSIS protocol to security library David Coyle
2020-06-04 15:13 ` [dpdk-dev] [PATCH 1/3] security: add support for DOCSIS protocol David Coyle
2020-06-04 15:13 ` [dpdk-dev] [PATCH 2/3] cryptodev: add security operation to crypto operation David Coyle
2020-06-09 13:23 ` Ananyev, Konstantin
2020-06-09 13:50 ` Coyle, David
2020-06-10 10:40 ` Ananyev, Konstantin
2020-06-10 12:02 ` Coyle, David
2020-06-11 12:21 ` Ananyev, Konstantin
2020-06-11 14:01 ` Coyle, David
2020-06-23 18:38 ` Akhil Goyal
2020-06-24 14:11 ` Coyle, David
2020-06-04 15:13 ` [dpdk-dev] [PATCH 3/3] crypto/aesni_mb: add support for DOCSIS protocol David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 0/6] " David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 1/6] cryptodev: add security operation to crypto operation David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 2/6] security: add support for DOCSIS protocol David Coyle
2020-06-23 17:29 ` De Lara Guarch, Pablo
2020-06-26 15:15 ` Coyle, David
2020-06-23 18:06 ` Akhil Goyal
2020-06-24 14:25 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 3/6] crypto/aesni_mb: " David Coyle
2020-06-23 17:57 ` De Lara Guarch, Pablo
2020-06-26 15:13 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 4/6] crypto/qat: " David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 5/6] test/crypto: add DOCSIS security test cases David Coyle
2020-06-23 18:04 ` De Lara Guarch, Pablo
2020-06-26 15:14 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 6/6] test/security: add DOCSIS capability check tests David Coyle
2020-06-23 14:51 ` [dpdk-dev] [PATCH v2 0/6] add support for DOCSIS protocol David Marchand
2020-06-23 15:18 ` Coyle, David
2020-06-23 15:38 ` David Marchand
2020-06-23 15:56 ` Coyle, David
2020-06-23 16:22 ` David Marchand
2020-06-23 16:27 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 0/8] " David Coyle
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 1/8] security: " David Coyle
2020-07-01 21:41 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add a note regarding DOCSIS protocol support David Coyle
2020-07-01 21:42 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 3/8] crypto/aesni_mb: add support for DOCSIS protocol David Coyle
2020-07-01 17:04 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 4/8] crypto/qat: " David Coyle
2020-07-01 17:04 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add DOCSIS security test cases David Coyle
2020-07-01 21:43 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 6/8] test/security: add DOCSIS capability check tests David Coyle
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 7/8] app/crypto-perf: add support for DOCSIS protocol David Coyle
2020-07-01 21:44 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 8/8] doc: add doc updates for DOCSIS security protocol David Coyle
2020-06-30 18:33 ` Akhil Goyal
2020-07-01 17:03 ` Coyle, David
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 0/7] add support for DOCSIS protocol David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 1/7] security: " David Coyle
2020-07-03 17:50 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 2/7] cryptodev: add a note regarding DOCSIS protocol support David Coyle
2020-07-03 17:56 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 3/7] crypto/aesni_mb: add support for DOCSIS protocol David Coyle
2020-07-03 17:56 ` De Lara Guarch, Pablo
2020-07-04 19:55 ` Akhil Goyal
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 4/7] crypto/qat: " David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 5/7] test/crypto: add DOCSIS security test cases David Coyle
2020-07-03 17:56 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 6/7] test/security: add DOCSIS capability check tests David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 7/7] app/crypto-perf: add support for DOCSIS protocol David Coyle
2020-07-03 17:57 ` De Lara Guarch, Pablo
2020-07-04 19:54 ` [dpdk-dev] [PATCH v4 0/7] " Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR11MB3550F20F21980A5DED4CC8ECE3BE0@MN2PR11MB3550.namprd11.prod.outlook.com \
--to=david.coyle@intel.com \
--cc=G.Singh@nxp.com \
--cc=akhil.goyal@nxp.com \
--cc=alexr@mellanox.com \
--cc=anoobj@marvell.com \
--cc=brendan.ryan@intel.com \
--cc=bruce.richardson@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=fiona.trahe@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=honnappa.nagarahalli@arm.com \
--cc=jianjay.zhou@huawei.com \
--cc=jsrikanth@marvell.com \
--cc=lironh@marvell.com \
--cc=olivier.matz@6wind.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=ravi1.kumar@amd.com \
--cc=rnagadheeraj@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=ruifeng.wang@arm.com \
--cc=stephen@networkplumber.org \
--cc=techboard@dpdk.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).