From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 688C4A0547; Wed, 29 Sep 2021 13:03:20 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D7863410D7; Wed, 29 Sep 2021 13:03:19 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id CF14440685 for ; Wed, 29 Sep 2021 13:03:17 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18T8df9n008084; Wed, 29 Sep 2021 04:03:17 -0700 Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by mx0b-0016f401.pphosted.com with ESMTP id 3bcfd49rn4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 29 Sep 2021 04:03:16 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nVymbcQV+Bpqyu/c/QXKgG40sEjD5zlK7pSgd0v6+7mk05tYDoi8CZg1M1ruZeodzhcVAhQT39CGnAE47USJUVTCVIMdaMls06Iw2FwRwpuRqhQIw7t/MBWKnLgLvMFTR95I72F/POzwDZv8Vsvwzu7v3SO1e+qf0/MZDwCARafkKZLBxqzbMCtI26IZKhHf6uSV1Hfkm4iCsjCb/TrUN4gF6xb3etB5aAvh0a3lE7QFHcCJp5WAqtibs4k+b7IrYQQsZ1p6DefkjhSfItso2mgEXM9tXN2/4wF7tY7rWq3GWoGeYnxFaSOdp9i7A707/typrX4z8i2zygbRspYjeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GmDLSncVFqFgoPcBce6jTTIQt0l7Dyc9mCg15aKwgVU=; b=HxcCatm3XTJfS4m4482Pg7nWCtXPbRkWmhleG92LwOao0DfY+N6cmmJoUp2LkpgcOuJ2gNadpFgtMy0whkxe+I3EwflqS4Kg6gCsNkpsUXFTAnftjGW1slXdtcHGIs/OkmQMexlDgPmW60F/iGlIEKEwZn37YcJrSYRkZGaUzyJwCgXZ1vDjNWNQpaGqJSusOyE9cIuU4bklSAtE0SBPA/9UAPSNbTTtChX3qK0W/WsrF03m6Cz9tZOBT+tZRrmyflqZnOArUx4n9u4IyfN/bF4DUxAwljLtmf2o36D7d2LpkTeJXHuyzeQ5LvzXhw3389fA5uKJhv9irkoE2u/07w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GmDLSncVFqFgoPcBce6jTTIQt0l7Dyc9mCg15aKwgVU=; b=BV2AgIH6D1qDUR8CB+uW+r2R++PXBSHa3KJYpy1/mYl6F2E2Na7M5ARpFk4T0zZ0sd0FOcYIr3Ie1qhSUB7V7h4HvBocHX97661PKKM9HGLYRTSaUNXJZxGmFKuTuXA5KdIQpy8h3kUXCqHIAb+YLiokLHqZ3u+wKi/AAsDSSj4= Received: from PH0PR18MB4672.namprd18.prod.outlook.com (2603:10b6:510:c9::16) by PH0PR18MB4542.namprd18.prod.outlook.com (2603:10b6:510:a7::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.15; Wed, 29 Sep 2021 11:03:15 +0000 Received: from PH0PR18MB4672.namprd18.prod.outlook.com ([fe80::85aa:3d01:94f6:984]) by PH0PR18MB4672.namprd18.prod.outlook.com ([fe80::85aa:3d01:94f6:984%4]) with mapi id 15.20.4544.021; Wed, 29 Sep 2021 11:03:15 +0000 From: Anoob Joseph To: "Ananyev, Konstantin" , Archana Muniganti , Akhil Goyal , "Nicolau, Radu" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" CC: Tejasree Kondoj , Ankur Dwivedi , Jerin Jacob Kollanukkaran , "dev@dpdk.org" Thread-Topic: [PATCH v2 1/3] security: add SA config option for inner pkt csum Thread-Index: AQHXtRGSDYITc/zWa0+LntHh1AKpyau61yyAgAAAQdA= Date: Wed, 29 Sep 2021 11:03:14 +0000 Message-ID: References: <20210929090811.21030-1-marchana@marvell.com> <20210929090811.21030-2-marchana@marvell.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 07759965-e136-43b7-aac7-08d98338bc51 x-ms-traffictypediagnostic: PH0PR18MB4542: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: YDoxI907ptbKc/+ff5n96lrKq/WJw3Nrg6TOWPSBqnEBEYp99C/g3r88c5KCrfC2wZ2rb/A33ENtAl7hTFhhcPhwQNwyYDTBaOo8mSQorgrYScFhF7rppkbIuE7+q+6pRjO2LPOeRJG7vXmGchA7kvWbA60k4w2xmcVvy/iy4KAnWy3laUCCuOKSIanlrP5ZWxRgIkClZfO1WF24tgQus0MiViC+7P7v+XCgZ3SCsqrNtwUVN3N1uALH7W79LKgfrp24bCEN7w3tXbnFc7iSh7GSc8+ohOlZc/jYnnQgVQC9zegSugRs4517te9XBLrh0yEU52mRBlDpOLjVedPECzrYz44Q1Q7aaRRgPz65hhLy+wwWHmVPNILQ0GsxjVBI4F6l6lSIYF03o00oBJSphUicEzBhZYHA05ohIZcSBx3YBZgbDwXq2opU0x2hqW4lKKT/u260K1VELcKMLsVVWMjL6qloN2LwJ72bSbYngPXxPQw6SEk8HyPg4u5M/mnUWIFETqaGlXiwEAf05AfLVR1d4NgiwxD+MK00oSwz1zUar1LuZkjTx/fBsvzaV42wlCk3DJL5c9p//lZZwBhAJTl6gybGAc9O9XfnmX1zjRD2IJBbKmYnX/HA9BmVZvGY9oNxN1jwWLlWkypCZzYUTOSlEc+Xjm//TobPR+soEL1SRp5ckGehj6bYBe8LUEddZpTr3y7ewwrKRod5uM4UFg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB4672.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(55016002)(15650500001)(54906003)(110136005)(9686003)(316002)(508600001)(2906002)(4326008)(38070700005)(33656002)(38100700002)(122000001)(86362001)(26005)(5660300002)(52536014)(186003)(8936002)(53546011)(6506007)(71200400001)(7696005)(8676002)(76116006)(66476007)(66556008)(66446008)(64756008)(83380400001)(66946007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?9lMaiLcPcYyH5EndjFKXXdVPgoko/mRTxRcl6V8273tdG8Yqm5z6g655szZS?= =?us-ascii?Q?wX98mxznFQD3a/ZewOcTxxubR02OBx80fvdcbVUPezDSWXS8zFmYlTkUiG2+?= =?us-ascii?Q?RtKT05L7gPyDgjibxgaDxZCr+PC9+2T5O++uH56lVNRinQQa4t7Jc1sX5Z61?= =?us-ascii?Q?+L+iV8B7SvTFCWK4ES4SHclZY5vICPZ3zjeJU3nQ/AK8jm2tphcNwM0S0yI6?= =?us-ascii?Q?9nwvagB+oJHgJNzCUvEPhraVthyxgebT+2dqnqNAPhdBPinFEhXv73lpKVZg?= =?us-ascii?Q?/pUo9t4vKBaOjrI6eGXZ8ZR/PwOsdg2xV3zc/XWLzzCIa474Ki2U3r/K79QH?= =?us-ascii?Q?BR/rHRrj3OVmkJhDARnpAiwjKzAiqyo0Go+8NetEBsa/g45q6nd+Efq2peLl?= =?us-ascii?Q?xuGFXlHNH8RFlafSYJwFQvZDT1DMQCW/CBBKs+Qd8eTk5oh3onh8PjQXqyY5?= =?us-ascii?Q?wE3gR0bBmefUtkJff4sVNQDl6BSafEQ+OJzWqJUqo6BlCJUvjDBkCUpTYW/3?= =?us-ascii?Q?lwEVQ1eWb4ddB8Kd66mSn+oqaoEs5Lu3gsDSzQntngzoeaYnlbrknO8/fEOL?= =?us-ascii?Q?UTyiHNGsu6oHKtGp3IFbBo83QnTDc5jIX2nRYdlRNGGPacH+PkArpVBJ3sD1?= =?us-ascii?Q?SATk6HNAv7qkkyU7p8jVLjBHHfEB2n6UucwA8rA773fPsWcYdAJdHiDmN0vf?= =?us-ascii?Q?5rX0qtq7GDVJ2JqSfRBJWaWPH/fOB6CANt8+GgJ6d/ehB3t8kzWXK8E5VRiR?= =?us-ascii?Q?RCrui+8AzIRJgLQS6O9sFTa//53B7b0VnwpGjV78j6/doWg24M4sS4UlEfcd?= =?us-ascii?Q?PWF2Vd9x0CC215p5joqR8h4jWVOu9HFBXl/G15DEWGOcED1dYL4nkmVnyP4n?= =?us-ascii?Q?FlxRIUepqCnEmENuFAtifCT0kXLvOfukjTZUr3BkRcFAOeJNwt6VVUAhmjra?= =?us-ascii?Q?pb3XD8xJTOGZwBnvEFDm96NZ5GPfbmw2xn9BnaiuT6YFuf+pTrc7TjCdpNJO?= =?us-ascii?Q?rxerhofl5JgrQYUCtjs4LpBuJrHL4UiiW7Q+lFeuxxzdA3jFitDDGscsZFDY?= =?us-ascii?Q?aK3coZXrx6cHs+TMnuhngETs1ajO6bWrYH8ORpxBug8ZKZCmjTZpYGYMW9Em?= =?us-ascii?Q?j4eYcO7PEUDk1bnE8vBC+N1qQ1IzIosX+DXfUseni0l88LXVWNUrF/JMuMAq?= =?us-ascii?Q?giCpgqKGYupSjyUoSmbgMZeNpmYemZixhlaRaRVqMqrDLstQxEWfxWei6nna?= =?us-ascii?Q?vR1jw5QXX8SUKkFPhs9qK1qdVFbxCod4xT+p6enXOePr6HtQ0HUZw3iuUX/N?= =?us-ascii?Q?xUqPQ/ceOYAKbsfYznYVZ+Gx?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB4672.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 07759965-e136-43b7-aac7-08d98338bc51 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Sep 2021 11:03:14.8460 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Tqk71d6E1yy+hmY/Wag7VEwymyoNzHEC0w2Q1BzLrMguu8FCXJ8qOV3ZFGymRLvKFqI714fN/FyAybhl/IY+2w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR18MB4542 X-Proofpoint-GUID: SGoyF7pHR4RILwK1t86z-Od-27nuC2-p X-Proofpoint-ORIG-GUID: SGoyF7pHR4RILwK1t86z-Od-27nuC2-p X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-29_04,2021-09-29_01,2020-04-07_01 Subject: Re: [dpdk-dev] [PATCH v2 1/3] security: add SA config option for inner pkt csum X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Konstanin, Please see inline. Thanks, Anoob > -----Original Message----- > From: Ananyev, Konstantin > Sent: Wednesday, September 29, 2021 4:26 PM > To: Archana Muniganti ; Akhil Goyal > ; Nicolau, Radu ; Zhang, Roy > Fan ; hemant.agrawal@nxp.com > Cc: Anoob Joseph ; Tejasree Kondoj > ; Ankur Dwivedi ; Jerin Jaco= b > Kollanukkaran ; dev@dpdk.org > Subject: [EXT] RE: [PATCH v2 1/3] security: add SA config option for inne= r pkt > csum >=20 > External Email >=20 > ---------------------------------------------------------------------- > > Add inner packet IPv4 hdr and L4 checksum enable options in conf. > > These will be used in case of protocol offload. > > Per SA, application could specify whether the > > checksum(compute/verify) can be offloaded to security device. > > > > Signed-off-by: Archana Muniganti > > --- > > doc/guides/cryptodevs/features/default.ini | 1 + > > doc/guides/rel_notes/deprecation.rst | 4 ++-- > > doc/guides/rel_notes/release_21_11.rst | 4 ++++ > > lib/cryptodev/rte_cryptodev.h | 2 ++ > > lib/security/rte_security.h | 18 ++++++++++++++++++ > > 5 files changed, 27 insertions(+), 2 deletions(-) > > > > diff --git a/doc/guides/cryptodevs/features/default.ini > > b/doc/guides/cryptodevs/features/default.ini > > index c24814de98..96d95ddc81 100644 > > --- a/doc/guides/cryptodevs/features/default.ini > > +++ b/doc/guides/cryptodevs/features/default.ini > > @@ -33,6 +33,7 @@ Non-Byte aligned data =3D Sym raw data path API = =3D > > Cipher multiple data units =3D > > Cipher wrapped key =3D > > +Inner checksum =3D > > > > ; > > ; Supported crypto algorithms of a default crypto driver. > > diff --git a/doc/guides/rel_notes/deprecation.rst > > b/doc/guides/rel_notes/deprecation.rst > > index 05fc2fdee7..8308e00ed4 100644 > > --- a/doc/guides/rel_notes/deprecation.rst > > +++ b/doc/guides/rel_notes/deprecation.rst > > @@ -232,8 +232,8 @@ Deprecation Notices > > IPsec payload MSS (Maximum Segment Size), and ESN (Extended Sequence > Number). > > > > * security: The IPsec SA config options ``struct > > rte_security_ipsec_sa_options`` > > - will be updated with new fields to support new features like IPsec > > inner > > - checksum, TSO in case of protocol offload. > > + will be updated with new fields to support new features like TSO in > > + case of protocol offload. > > > > * ipsec: The structure ``rte_ipsec_sa_prm`` will be extended with a ne= w field > > ``hdr_l3_len`` to configure tunnel L3 header length. > > diff --git a/doc/guides/rel_notes/release_21_11.rst > > b/doc/guides/rel_notes/release_21_11.rst > > index 8da851cccc..93d1b36889 100644 > > --- a/doc/guides/rel_notes/release_21_11.rst > > +++ b/doc/guides/rel_notes/release_21_11.rst > > @@ -194,6 +194,10 @@ ABI Changes > > ``rte_security_ipsec_xform`` to allow applications to configure SA s= oft > > and hard expiry limits. Limits can be either in number of packets or= bytes. > > > > +* security: The new options ``ip_csum_enable`` and ``l4_csum_enable`` > > +were added > > + in structure ``rte_security_ipsec_sa_options`` to indicate whether > > +inner > > + packet IPv4 header checksum and L4 checksum need to be offloaded to > > + security device. > > > > Known Issues > > ------------ > > diff --git a/lib/cryptodev/rte_cryptodev.h > > b/lib/cryptodev/rte_cryptodev.h index bb01f0f195..d9271a6c45 100644 > > --- a/lib/cryptodev/rte_cryptodev.h > > +++ b/lib/cryptodev/rte_cryptodev.h > > @@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum > > rte_crypto_asym_xform_type *xform_enum, /**< Support operations on > multiple data-units message */ > > #define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26) > > /**< Support wrapped key in cipher xform */ > > +#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL > << 27) > > +/**< Support inner checksum computation/verification */ > > > > /** > > * Get the name of a crypto device feature flag diff --git > > a/lib/security/rte_security.h b/lib/security/rte_security.h index > > ab1a6e1f65..945f45ad76 100644 > > --- a/lib/security/rte_security.h > > +++ b/lib/security/rte_security.h > > @@ -230,6 +230,24 @@ struct rte_security_ipsec_sa_options { > > * * 0: Do not match UDP ports > > */ > > uint32_t udp_ports_verify : 1; > > + > > + /** Compute/verify inner packet IPv4 header checksum in tunnel mode > > + * > > + * * 1: For outbound, compute inner packet IPv4 header checksum > > + * before tunnel encapsulation and for inbound, verify after > > + * tunnel decapsulation. > > + * * 0: Inner packet IP header checksum is not computed/verified. > > + */ > > + uint32_t ip_csum_enable : 1; > > + > > + /** Compute/verify inner packet L4 checksum in tunnel mode > > + * > > + * * 1: For outbound, compute inner packet L4 checksum before > > + * tunnel encapsulation and for inbound, verify after > > + * tunnel decapsulation. > > + * * 0: Inner packet L4 checksum is not computed/verified. > > + */ > > + uint32_t l4_csum_enable : 1; >=20 > As I understand these 2 new flags serve two purposes: > 1. report HW/PMD ability to perform these offloads. > 2. allow user to enable/disable this offload on SA basis. [Anoob] Correct =20 >=20 > One question I have - how it will work on data-path? > Would decision to perform these offloads be based on mbuf->ol_flags value > (same as we doing for ethdev TX offloads)? > Or some other approach is implied? [Anoob] There will be two settings. It can enabled per SA or enabled per pa= cket.=20 =20 >=20 > > }; > > > > /** IPSec security association direction */ > > -- > > 2.22.0