From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5925145936; Fri, 20 Sep 2024 07:53:21 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DF70C40669; Fri, 20 Sep 2024 07:53:20 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7F1EF400EF for ; Fri, 20 Sep 2024 07:53:19 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48JImGvL022897; Thu, 19 Sep 2024 22:53:18 -0700 Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2168.outbound.protection.outlook.com [104.47.57.168]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 41rh5mmtqk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 22:53:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=A2V+CokGaCfWZAyBFS8HKUaKC3hWnjgpGQy1C917kL/5PdKCJNExYrlLL70s2RiJvx5bRR5I6OfrIrQoBzlocIE6I3c1/MU0BnjkTXLedh+pL+WBhfOv3Htov5K+JcEKoa1dwiZEsAr0jNhULwephA7zNk/EP9ggiVCM1hNYWUxYoBhdjeqrXGjnPbOIEFqJvNXuHJxB1SiA9KGJheFljij0yy3Kd15uiUqsUCN8GJzk/VxhxXtWVioMK0exMSZNhhH5qkjedE4gXWYA+g8Gcobl6mTnSYJuFYCdPfWvy8zxwGtbDHhuCZjyLeTpfbaBMmi34tuFLIgMR1RmSJcDDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RwlmYSROKv5Ma8W/3nv/W4gtImuNXqFDziFxyi2bG10=; b=VPNmOLlcmZWlvHOjtp9cjlVmaWBYJnw9wzI3UD867hMXZAems8IvOf4pXx851Bn3sodUbvTMp/9/RqQwggJ4XypRpnIxnNpXhYO+VDoGgoN0wzQI9ruQ9YVpzN2V7DOvTKOhnXC+l3j462X1sFp6RKEhjCqZwyzn8RCYO4zxsnROQjSCNcn0lHsnZU83fvNu2DNIeHluNTjmnpXDI1JvG8jtEGwshCWJ3V/EffXHTPs137keHE3mq65WDMizSsQhyqLjOwcpGfb5gqZBrJGEvwPhayIseb48LFzEz79TKvPNXQpyHA2o/KTEih1tP24RCjItBDy27I7kQ9zYMaepfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RwlmYSROKv5Ma8W/3nv/W4gtImuNXqFDziFxyi2bG10=; b=L2qQTinMddRoGxDuQ+6Ye3E1AoFtEgqHUU76yeMsBcGi2JGmHHkWHJv3UBUbgKK1vj7FHcoPNTtJ3Ol6xzi4nWOqE4+z4Spcs6UY0nZ6xOF6/BMpSYRE2araLrduujbR24/EwapLTGWD06BGwK5VV2uFhvpp3+BifdRYbAr3Xhs= Received: from PH0PR18MB4508.namprd18.prod.outlook.com (2603:10b6:510:e6::21) by MN6PR18MB5416.namprd18.prod.outlook.com (2603:10b6:208:46c::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.22; Fri, 20 Sep 2024 05:53:15 +0000 Received: from PH0PR18MB4508.namprd18.prod.outlook.com ([fe80::c4a3:f671:373a:b410]) by PH0PR18MB4508.namprd18.prod.outlook.com ([fe80::c4a3:f671:373a:b410%4]) with mapi id 15.20.7982.018; Fri, 20 Sep 2024 05:53:15 +0000 From: Aakash Sasidharan To: Konstantin Ananyev , Konstantin Ananyev , Vladimir Medvedkin CC: Akhil Goyal , Jerin Jacob , Anoob Joseph , Vidya Sagar Velumuri , "dev@dpdk.org" Subject: RE: [PATCH v2] ipsec: allow stateless IPsec processing Thread-Topic: [PATCH v2] ipsec: allow stateless IPsec processing Thread-Index: AQHbAeZQdkrYxgFgAkCyikZlP1mmqrJcReaAgAO4YSCAAEBGEA== Date: Fri, 20 Sep 2024 05:53:15 +0000 Message-ID: References: <20240907102524.2686767-1-asasidharan@marvell.com> <20240908115733.2708942-1-asasidharan@marvell.com> <692b6f6259a0429bae57826d3ec08dc8@huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR18MB4508:EE_|MN6PR18MB5416:EE_ x-ms-office365-filtering-correlation-id: 05e8f2ef-fb62-4781-9c27-08dcd93884ef x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; ARA:13230040|1800799024|366016|376014|38070700018; x-microsoft-antispam-message-info: =?us-ascii?Q?BJqNWSuxvh9Q7UlhRJfC/hMkgpwLMrFbL58RZkXoJ9IXirvxUsmeHc6vpVUk?= =?us-ascii?Q?nTj4FSGbvm7HVPsZWU3sbC0LMsQZQjjAc2pI85tSLhryAl2CGVUW0B+rPAJ1?= =?us-ascii?Q?K222U/5mGiMnKTux/xAIuaG+5Lna6Ioj+rvSmwryfkcx1ZuMt3HAkgcfa+vM?= =?us-ascii?Q?KWxY0JDQeyynvDDGxZ2vdmjBsmIp0k7QyugDn4+2scIu2yg2ArnhDRdWZB6v?= =?us-ascii?Q?ES6zxwHRsqHnFQgSY6m5AZIj0TZChIXoBPvDiKjM7peg9A/4Bz3w/xG2f6Eo?= =?us-ascii?Q?GC0f+XiKwjKs7Drf+yvzM5IM2GJqlIdLjcR1R6A7rC6bmWV6G+nW+tSF5iv9?= =?us-ascii?Q?F87f5tLF9EGbKaYipFZCMErbVoUpl4GB+rCrzQkMSnaKERRU17/Dt9yvfqdq?= =?us-ascii?Q?6iChu90+KSEs4lH/d4Yo4Q5ncdTJWKx9iRXLfdgWpSH2t+nChXQ1x3hQ2pkj?= =?us-ascii?Q?RyQbf4z4dRfg8aiU2kT2BnPik5mgX0n94OpbhoGuZlA0y/Isv20DjYRlVgFA?= =?us-ascii?Q?D0OMqrlEn+9JtoKwdBzFxysiQBnSDxs1/DM1ysd5ntvoSyxdWtAzIKcRoY5k?= =?us-ascii?Q?P8tYCs7WLvn7N29J9iY62F7V2IaPThKIP9WYUXaYgSCOwEhc6YX2LEiu0yhn?= =?us-ascii?Q?odbB7GqEHPpcpiA2BWBU/NnFQDYT+Ran0MRexYP/8FFUFVKOz1hRom/eIKLN?= =?us-ascii?Q?Wh7elh0gcE55OQFY4BlBOAEFG6TXXkRl3fiVNYHk8PlQIK+MOhb8WEI2ZacP?= =?us-ascii?Q?+8xAhZENo0SkP+k1qW6v8RfUqv9hSTcHV8fy747huOQRzpQ20Bon4wrI4nMh?= =?us-ascii?Q?zThZPzKY4nMsigQUTMbzoCdZgnnQuCYvj4abH3qp/6MeqbfUYngghu4lNFVJ?= =?us-ascii?Q?6sGinlD1WSDbukpuP2pDd0NACu8rXqyU1DB/EfA09/4i2ykGiVXVYbiYguwU?= =?us-ascii?Q?5OizEaPNAOwo9DHgMYXxNcykCb7eSVJoO9KHABBePm2eWiZxN0Yxe5icW+2X?= =?us-ascii?Q?40jwy9olUGTa1b2MoM2gkZwSGFdbIaaKWeg61gtQeAcgMSDCgR4Tq4hE457Q?= =?us-ascii?Q?9v3szAGfSR5CxlCkRrt7dxypd7c1SLI4UEmbo52CKfH5GcjtCi2T5J5RL3eS?= =?us-ascii?Q?NdRWvequMKTJuSv1XBg9R5UCiXRVWlEpOYQ8y7tk0nTaOLZDr/eoSr7beebj?= =?us-ascii?Q?PhQEG1NEC+QG08EV4FzjSaSZJGoXUFYSKiFYdC2oPQi9rWd71WFkBmECUCYx?= =?us-ascii?Q?RSjeabJhTg6XnHNpG70AZVqCxOzKT2F4J+2B19mdjOHfMo0QEnIxx3cs+tEZ?= =?us-ascii?Q?FXwsdHgKbDNw6MYBoCX5JINRnb/8g/1Y5SHsBTwSZmNRphwqgi8ivrKLVZQq?= =?us-ascii?Q?AsHRoilsDOzCgaZB3hytCO1QzEWQ4zs32og73CAvj8dDPr2wKg=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB4508.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(1800799024)(366016)(376014)(38070700018); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?/TLd3a2+PkVFyQGDwE1VcFlQ00+zPqg21+RARYZgheNiw9wjRWseoAl61+p7?= =?us-ascii?Q?Z4kGpOEggGK7xTdw9LK/Ljihtef4Qv9NFEE8Ad6i4ccE3NoX99ADAlObbO4G?= =?us-ascii?Q?MptfcgzJwOBecqv+V2uEDr/WFY8pDdyS+3lRb22eqerqLa3NSAhS0mbYUyR6?= =?us-ascii?Q?xqEELp+d+Inrij7INAdKFiSr0ERt8zMQ9QxVuPR5RoVGWxOQZ/Gwzpz5SfY7?= =?us-ascii?Q?znYhnjQTBb215Qv/29vfzQ65q6epIr9xzyV63uWBSFYodysknLAfxhXl7ZAc?= =?us-ascii?Q?dkIjIsorZEs7H+Nt3Ic+YApBsDDHqeQGTNhV/IWbEFe0SVf7LUYheCWk+LnA?= =?us-ascii?Q?gK/ebQpa58sSX9kRvPXvuHGIId1KA+TFErwhEMDy7CFQf6zkdVJha9XXtr9W?= =?us-ascii?Q?NWqtNxZI9oo/LKMyy7kfifAoorridE16GioLRFXPMJR8JSEbKwIFqTt4Hfkc?= =?us-ascii?Q?4jtZFwlVtowqUDVnA1WCo7QZEGPRRvd8/9yxAWvaHQc29oBZbtQu1hX4EOl3?= =?us-ascii?Q?jsHSiGiV3BcL/Xn/2EdL+BRiHRG5tdRz2Q89QWgs/RdBtWY0uB6Y0GTSSRmi?= =?us-ascii?Q?8YWrpGbi6GXkVXg0f2j8GoVjAVEXSPlYH6DaCM+AnqdHElHNpOGZAZDIkeyp?= =?us-ascii?Q?n8bJ+L6ho7z6et/nTnkRci1WZ6pP0o7Cme04UTEsvMMEMqjCwEvamh3B1Ywq?= =?us-ascii?Q?+LsSHrF8bixjgHBp240CttJ6RgwUt1rTtfAl5q8P5XIeZvDm9IPVas0k3eG5?= =?us-ascii?Q?t/mTp8tQn/bqQHkNRHAdV23OBkzBcXyMEYZGMvAzztYK+zgrLGKcO+Ur6agH?= =?us-ascii?Q?/owq7wne8+IVcFinDn3Xn1FYFuZWwCceZL2Z23Sle5sbz4I6Eg5M21NwQapN?= =?us-ascii?Q?1tclx0+Q/EvpUQc+xuq6XEhwWRHxOdE2i6NMZSEjqLhvEOq81yKGd+lTmCF4?= =?us-ascii?Q?q9l+sZvWYYZ/qd89fpuP7mjf0CddmX8IE+x7VIwsP0eXp0/tuahwcv/Q7CKX?= =?us-ascii?Q?alTBxdmCZYnTvhTT/R/HS06XjwaR5dM0/XK3RsUXTXuGS9VWWFhTrnu222hV?= =?us-ascii?Q?33EFh5Ozn44qKd0Byq1+a5GOzZq5d0AsW2BB56Wmn2aa8HTntOMAeRTeWJgG?= =?us-ascii?Q?TPfUAKelE08WRCJB412dIsl4e42xvrNSrlln2EhywBxW96ACjY3emxTB/hhE?= =?us-ascii?Q?P1VkHrx/GIf7dz5zpel0J2GxLdghofE1XEPDgiyXk1NVwzvX7tsFiwB1Zr4t?= =?us-ascii?Q?FPhNT7ZEQBzZNL2AYkoSpAuykyxh9ZSNKFT7eKZhrV3a3s5GluBeTW3PmQTJ?= =?us-ascii?Q?GcowPJgPucKs/l2zSW/MhjX+bvfScyUZPANalGBsUCXOO8CH2qJGNyPcQDD8?= =?us-ascii?Q?1QlpPEaFrS8t+dnsao19SMwbQc76/a1+PFis62GluEFZvstfL7Y9yvPsngU2?= =?us-ascii?Q?Um9SUJGqfEeTEFBOwskVMHfXHJPj4PLV+MasIwuGBvmUFQSiAvBe2Y9c9Gzi?= =?us-ascii?Q?Nl+Rxtd9ugLmNBPI2s9hfKkTwnuFY05xMDmQAEotQTW03vx+fPd3ntOVhjnJ?= =?us-ascii?Q?45TTe/dfPQTuSpqdAMsU6aHSIqh1zchazBpue3EG?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB4508.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 05e8f2ef-fb62-4781-9c27-08dcd93884ef X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2024 05:53:15.0903 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: W99bVj35GVPpXuhHH0nkAVA2ortIynDzKDbkov89TCYHLGtwnP4Thk7Ejgah91JCuxqDLYgnC3H+VINB0u49sQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR18MB5416 X-Proofpoint-ORIG-GUID: M_clvXsVYThdnIkvXFOlMnKKMEpMtHNk X-Proofpoint-GUID: M_clvXsVYThdnIkvXFOlMnKKMEpMtHNk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > > > Introduce stateless packet preparation API for IPsec processing. The > > > new API would allow preparation of IPsec packets without altering > > > the internal state of an IPsec session. > > > > > > For outbound IPsec processing, the change enables user to provide > > > sequence number to be used for the IPsec operation. > > > > Few questions/nits below. > > As a generic one - we need to add a use-case/test-case for it. > > Without it I think the patch is incomplete. >=20 > Ack. Will add test-case with v3. >=20 > > > > > > > > Signed-off-by: Aakash Sasidharan > > > --- > > > lib/ipsec/esp_outb.c | 85 > > > +++++++++++++++++++++++++++++++------------ > > > lib/ipsec/rte_ipsec.h | 68 ++++++++++++++++++++++++++++++++++ > > > lib/ipsec/sa.c | 4 +- > > > lib/ipsec/sa.h | 8 ++++ > > > 4 files changed, 140 insertions(+), 25 deletions(-) > > > > > > diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c index > > > ec87b1dce2..de28cb166d 100644 > > > --- a/lib/ipsec/esp_outb.c > > > +++ b/lib/ipsec/esp_outb.c > > > @@ -288,13 +288,12 @@ outb_pkt_xprepare(const struct rte_ipsec_sa > > > *sa, rte_be64_t sqc, > > > /* > > > * setup/update packets and crypto ops for ESP outbound tunnel case. > > > */ > > > -uint16_t > > > -esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct > > > rte_mbuf > > *mb[], > > > - struct rte_crypto_op *cop[], uint16_t num) > > > +static inline uint16_t > > > +esp_outb_tun_prepare_helper(const struct rte_ipsec_session *ss, > > > +struct > > rte_mbuf *mb[], > > > + struct rte_crypto_op *cop[], uint16_t num, uint64_t sqn) > > > { > > > int32_t rc; > > > - uint32_t i, k, n; > > > - uint64_t sqn; > > > + uint32_t i, k, n =3D num; > > > > You can just do s/num/n/ in function parameter list, then you don't > > need to keep 'num' at all. >=20 > This function will be called for normal IPsec processing. The function > esn_outb_update_sqn() updates the local variable n passed as parameter in > OVERFLOW case. If we remove the local variable n, this error path would b= e > lost and it is not our intention I believe. Apologies. Replied too soon. I understand your suggestion and will update t= hat in v3. >=20 > > > > > rte_be64_t sqc; > > > struct rte_ipsec_sa *sa; > > > struct rte_cryptodev_sym_session *cs; @@ -305,11 +304,6 @@ > > > esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct > > > rte_mbuf > > *mb[], > > > sa =3D ss->sa; > > > cs =3D ss->crypto.ses; > > > > > > - n =3D num; > > > - sqn =3D esn_outb_update_sqn(sa, &n); > > > - if (n !=3D num) > > > - rte_errno =3D EOVERFLOW; > > > - > > > k =3D 0; > > > for (i =3D 0; i !=3D n; i++) { > > > > > > @@ -339,6 +333,30 @@ esp_outb_tun_prepare(const struct > > rte_ipsec_session *ss, struct rte_mbuf *mb[], > > > return k; > > > } > > > > > > +uint16_t > > > +esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct > > > +rte_mbuf > > *mb[], > > > + struct rte_crypto_op *cop[], uint16_t num) { > > > + uint64_t sqn; > > > + uint32_t n; > > > + > > > + n =3D num; > > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > > + if (n !=3D num) > > > + rte_errno =3D EOVERFLOW; > > > + > > > + return esp_outb_tun_prepare_helper(ss, mb, cop, n, sqn); } > > > + > > > +uint16_t > > > +esp_outb_tun_prepare_stateless(const struct rte_ipsec_session *ss, > > > +struct > > rte_mbuf *mb[], > > > + struct rte_crypto_op *cop[], uint16_t num, struct rte_ipsec_state > > > +*state) { > > > + uint64_t sqn =3D state->sqn; > > > + > > > + return esp_outb_tun_prepare_helper(ss, mb, cop, num, sqn); } > > > + > > > /* > > > * setup/update packet data and metadata for ESP outbound transport > case. > > > */ > > > @@ -529,16 +547,15 @@ outb_cpu_crypto_prepare(const struct > > rte_ipsec_sa *sa, uint32_t *pofs, > > > return clen; > > > } > > > > > > -static uint16_t > > > -cpu_outb_pkt_prepare(const struct rte_ipsec_session *ss, > > > - struct rte_mbuf *mb[], uint16_t num, > > > - esp_outb_prepare_t prepare, uint32_t cofs_mask) > > > +static inline uint16_t > > > +cpu_outb_pkt_prepare_helper(const struct rte_ipsec_session *ss, > > > + struct rte_mbuf *mb[], uint16_t num, esp_outb_prepare_t > > prepare, > > > + uint32_t cofs_mask, uint64_t sqn) > > > { > > > int32_t rc; > > > - uint64_t sqn; > > > rte_be64_t sqc; > > > struct rte_ipsec_sa *sa; > > > - uint32_t i, k, n; > > > + uint32_t i, k, n =3D num; > > > > Same here, you can just use 'n' instead of 'num'. >=20 > Same comment as above. >=20 > > > > > uint32_t l2, l3; > > > union sym_op_data icv; > > > struct rte_crypto_va_iova_ptr iv[num]; @@ -551,11 +568,6 @@ > > > cpu_outb_pkt_prepare(const struct rte_ipsec_session *ss, > > > > > > sa =3D ss->sa; > > > > > > - n =3D num; > > > - sqn =3D esn_outb_update_sqn(sa, &n); > > > - if (n !=3D num) > > > - rte_errno =3D EOVERFLOW; > > > - > > > for (i =3D 0, k =3D 0; i !=3D n; i++) { > > > > > > l2 =3D mb[i]->l2_len; > > > @@ -604,15 +616,40 @@ uint16_t > > > cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *ss, > > > struct rte_mbuf *mb[], uint16_t num) { > > > - return cpu_outb_pkt_prepare(ss, mb, num, outb_tun_pkt_prepare, > > 0); > > > + uint64_t sqn; > > > + uint32_t n; > > > + > > > + n =3D num; > > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > > + if (n !=3D num) > > > + rte_errno =3D EOVERFLOW; > > > + > > > + return cpu_outb_pkt_prepare_helper(ss, mb, n, > > outb_tun_pkt_prepare, > > > +0, sqn); } > > > + > > > +uint16_t > > > +cpu_outb_tun_pkt_prepare_stateless(const struct rte_ipsec_session *s= s, > > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state > > *state) > > > +{ > > > + uint64_t sqn =3D state->sqn; > > > + > > > + return cpu_outb_pkt_prepare_helper(ss, mb, num, > > > +outb_tun_pkt_prepare, 0, sqn); > > > } > > > > > > uint16_t > > > cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss, > > > struct rte_mbuf *mb[], uint16_t num) { > > > - return cpu_outb_pkt_prepare(ss, mb, num, outb_trs_pkt_prepare, > > > - UINT32_MAX); > > > + uint64_t sqn; > > > + uint32_t n; > > > + > > > + n =3D num; > > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > > + if (n !=3D num) > > > + rte_errno =3D EOVERFLOW; > > > + > > > + return cpu_outb_pkt_prepare_helper(ss, mb, n, > > outb_trs_pkt_prepare, > > > + UINT32_MAX, sqn); > > > } > > > > > > /* > > > diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h index > > > f15f6f2966..b462068203 100644 > > > --- a/lib/ipsec/rte_ipsec.h > > > +++ b/lib/ipsec/rte_ipsec.h > > > @@ -23,11 +23,26 @@ extern "C" { > > > > > > struct rte_ipsec_session; > > > > > > +/** > > > + * IPsec state for stateless processing of a batch of IPsec packets. > > > + */ > > > +struct rte_ipsec_state { > > > + union { > > > > Curious what is the purpose of 'union' here? > > What other mutually exclusive fields you plan to add here? > > > > > + /** > > > + * 64 bit sequence number to be used for the first packet of > > the > > > + * batch of packets. > > > + */ > > > + uint64_t sqn; > > > + }; > > > +}; > > > + > > > /** > > > * IPsec session specific functions that will be used to: > > > * - prepare - for input mbufs and given IPsec session prepare crypt= o ops > > > * that can be enqueued into the cryptodev associated with given > session > > > * (see *rte_ipsec_pkt_crypto_prepare* below for more details). > > > + * - prepare_stateless - similar to prepare, but further processing = is done > > > + * based on IPsec state provided by the 'state' parameter. > > > * - process - finalize processing of packets after crypto-dev finis= hed > > > * with them or process packets that are subjects to inline IPsec = offload > > > * (see rte_ipsec_pkt_process for more details). > > > @@ -42,6 +57,17 @@ struct rte_ipsec_sa_pkt_func { > > > struct rte_mbuf *mb[], > > > uint16_t num); > > > } prepare; > > > + union { > > > + uint16_t (*async)(const struct rte_ipsec_session *ss, > > > + struct rte_mbuf *mb[], > > > + struct rte_crypto_op *cop[], > > > + uint16_t num, > > > + struct rte_ipsec_state *state); > > > + uint16_t (*sync)(const struct rte_ipsec_session *ss, > > > + struct rte_mbuf *mb[], > > > + uint16_t num, > > > + struct rte_ipsec_state *state); > > > + } prepare_stateless; > > > uint16_t (*process)(const struct rte_ipsec_session *ss, > > > struct rte_mbuf *mb[], > > > uint16_t num); > > > @@ -128,6 +154,48 @@ rte_ipsec_pkt_cpu_prepare(const struct > > rte_ipsec_session *ss, > > > return ss->pkt_func.prepare.sync(ss, mb, num); } > > > > > > +/** > > > + * Same as rte_ipsec_pkt_crypto_prepare, but processing is done > > > +based on > > > + * IPsec state provided by the 'state' parameter. Internal IPsec > > > +state won't > > > + * be updated when this API is called. > > > + * > > > + * For input mbufs and given IPsec session prepare crypto ops that > > > +can be > > > + * enqueued into the cryptodev associated with given session. > > > + * expects that for each input packet: > > > + * - l2_len, l3_len are setup correctly > > > + * Note that erroneous mbufs are not freed by the function, > > > + * but are placed beyond last valid mbuf in the *mb* array. > > > + * It is a user responsibility to handle them further. > > > + * @param ss > > > + * Pointer to the *rte_ipsec_session* object the packets belong to= . > > > + * @param mb > > > + * The address of an array of *num* pointers to *rte_mbuf* structu= res > > > + * which contain the input packets. > > > + * @param cop > > > + * The address of an array of *num* pointers to the output > > *rte_crypto_op* > > > + * structures. > > > + * @param num > > > + * The maximum number of packets to process. > > > + * @param state > > > + * The IPsec state to be used for processing current batch of pack= ets. > > > + * @return > > > + * Number of successfully processed packets, with error code set i= n > > rte_errno. > > > + */ > > > > We probably need to mark new API as 'rte_experimental'. >=20 > Ack. Will update in v3. >=20 > > > > > +static inline uint16_t > > > +rte_ipsec_pkt_crypto_prepare_stateless(const struct rte_ipsec_sessio= n > *ss, > > > + struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num, > > > + struct rte_ipsec_state *state) > > > +{ > > > + return ss->pkt_func.prepare_stateless.async(ss, mb, cop, num, > > > +state); } > > > + > > > +static inline uint16_t > > > +rte_ipsec_pkt_cpu_prepare_stateless(const struct rte_ipsec_session *= ss, > > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state > > > +*state) { > > > + return ss->pkt_func.prepare_stateless.sync(ss, mb, num, state); } > > > + > > > /** > > > * Finalise processing of packets after crypto-dev finished with the= m or > > > * process packets that are subjects to inline IPsec offload. > > > diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c index > > > 2297bd6d72..741e079831 100644 > > > --- a/lib/ipsec/sa.c > > > +++ b/lib/ipsec/sa.c > > > @@ -710,6 +710,7 @@ lksd_none_pkt_func_select(const struct > > rte_ipsec_sa *sa, > > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4): > > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6): > > > pf->prepare.async =3D esp_outb_tun_prepare; > > > + pf->prepare_stateless.async =3D > > esp_outb_tun_prepare_stateless; > > > pf->process =3D (sa->sqh_len !=3D 0) ? > > > esp_outb_sqh_process : pkt_flag_process; > > > break; > > > @@ -748,6 +749,7 @@ cpu_crypto_pkt_func_select(const struct > > rte_ipsec_sa *sa, > > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4): > > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6): > > > pf->prepare.sync =3D cpu_outb_tun_pkt_prepare; > > > + pf->prepare_stateless.sync =3D > > cpu_outb_tun_pkt_prepare_stateless; > > > pf->process =3D (sa->sqh_len !=3D 0) ? > > > esp_outb_sqh_process : pkt_flag_process; > > > break; > > > @@ -810,7 +812,7 @@ ipsec_sa_pkt_func_select(const struct > > rte_ipsec_session *ss, > > > int32_t rc; > > > > > > rc =3D 0; > > > - pf[0] =3D (struct rte_ipsec_sa_pkt_func) { {NULL}, NULL }; > > > + pf[0] =3D (struct rte_ipsec_sa_pkt_func) { {NULL}, {NULL}, NULL }; > > > > > > switch (ss->type) { > > > case RTE_SECURITY_ACTION_TYPE_NONE: > > > diff --git a/lib/ipsec/sa.h b/lib/ipsec/sa.h index > > > 719b5c735c..9b53586b2d 100644 > > > --- a/lib/ipsec/sa.h > > > +++ b/lib/ipsec/sa.h > > > @@ -179,6 +179,10 @@ uint16_t > > > esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct > > > rte_mbuf > > *mb[], > > > struct rte_crypto_op *cop[], uint16_t num); > > > > > > +uint16_t > > > +esp_outb_tun_prepare_stateless(const struct rte_ipsec_session *ss, > > > +struct > > rte_mbuf *mb[], > > > + struct rte_crypto_op *cop[], uint16_t num, struct rte_ipsec_state > > > +*state); > > > + > > > uint16_t > > > esp_outb_trs_prepare(const struct rte_ipsec_session *ss, struct > > > rte_mbuf > > *mb[], > > > struct rte_crypto_op *cop[], uint16_t num); @@ -207,6 +211,10 @@ > > > uint16_t cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *ss= , > > > struct rte_mbuf *mb[], uint16_t num); uint16_t > > > +cpu_outb_tun_pkt_prepare_stateless(const struct rte_ipsec_session *s= s, > > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state > > > +*state); > > > + > > > +uint16_t > > > cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss, > > > struct rte_mbuf *mb[], uint16_t num); > > > > > > -- > > > 2.25.1