From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 41963A0C41; Thu, 30 Sep 2021 07:05:09 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B6A3140DDA; Thu, 30 Sep 2021 07:05:08 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 293024067E for ; Thu, 30 Sep 2021 07:05:07 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18U1KGxD000861; Wed, 29 Sep 2021 22:05:06 -0700 Received: from nam04-mw2-obe.outbound.protection.outlook.com (mail-mw2nam08lp2172.outbound.protection.outlook.com [104.47.73.172]) by mx0b-0016f401.pphosted.com with ESMTP id 3bd3g38qdu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 29 Sep 2021 22:05:06 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n3P1aFUxoApQ9znsdzAZP95qMzGNTnZrLf49HEYkJeS2egCn6tnPQhzySE4MXwX+O9eg7qSbSz6Rtpj3FxrKiPi6RjtnIoMvqB7MOqI3Ai9FPtH4pjsQijMp6NIvsILdyDGva+4N7324ECucPnlxWxetjGMahDNkSMroiEDZ1Qfs2K8v7F3nUdBhzWGvIgfz/MaUrtJchaGvkNGyBLjnuDVMVZcrXzFTNXIc7AZ4eA05Ms7+jG5pYXczCOOKYpv6rfOBwcGn8Ne1h9VX6Z6Ksq2dfMdw2x9p/a2xTwE6/qid8brfUhvhp3pDYIbGY9GkZ98F7+F3SK8RtYcy8U7Kng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FANDWz0xwPPepSxnllUxoZt43HlV5Eu7L99IVyM3F8I=; b=mGlVzyWiwFPL0oxGn5scyQluKjdsma9haGW51TfB9FlsOE9vZPeAToWSr1iRn/M979dO6FPvTbiL/G3n/ispAYWF8XVB+AMaJB8V1ExdZLsfPymolZGtrWImGtgfg04f/V/4cvAFDdV0a9t8kYIeFKD2sKDLAzJoWs46Bk8XR7S3DDTrtxQFdB4fQ4imwYmEIpk2siGjp1IITHsRK9fL9zCQUTK7AgGCcg6kzfku/ylYnVTHTYYgcz7ojL4RcQluWaQdb2aE93T1ZkGQvyxgdXDGhOyD5ur6TxXO4aa2TH970qRrhPbfAIEfxR4KJqEh/hiMzU+08iHuAlphsd2FAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FANDWz0xwPPepSxnllUxoZt43HlV5Eu7L99IVyM3F8I=; b=RIyzQCyDfA4/LJx0RUoDz9AZC8ObsuTcXjK4irOMFggK+IJPG36YZV5/abkI6RnqG+N0vyNKG5TNVQRsTLOklw7E6MjEAyjIm9rBg1FZraqWrhEJd2nynnwFcyuz6M/huxL02lgUiW48jRCddbYeYTBpdbAxCUFWRFfcBp8fkCg= Received: from PH0PR18MB4672.namprd18.prod.outlook.com (2603:10b6:510:c9::16) by PH0PR18MB4781.namprd18.prod.outlook.com (2603:10b6:510:ca::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Thu, 30 Sep 2021 05:05:03 +0000 Received: from PH0PR18MB4672.namprd18.prod.outlook.com ([fe80::85aa:3d01:94f6:984]) by PH0PR18MB4672.namprd18.prod.outlook.com ([fe80::85aa:3d01:94f6:984%5]) with mapi id 15.20.4566.015; Thu, 30 Sep 2021 05:05:03 +0000 From: Anoob Joseph To: "Ananyev, Konstantin" , Archana Muniganti , Akhil Goyal , "Nicolau, Radu" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" CC: Tejasree Kondoj , Ankur Dwivedi , Jerin Jacob Kollanukkaran , "dev@dpdk.org" Thread-Topic: [PATCH v2 1/3] security: add SA config option for inner pkt csum Thread-Index: AQHXtRGSDYITc/zWa0+LntHh1AKpyau61yyAgAAAQdCAAAuogIABI5LA Date: Thu, 30 Sep 2021 05:05:03 +0000 Message-ID: References: <20210929090811.21030-1-marchana@marvell.com> <20210929090811.21030-2-marchana@marvell.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: fc66b754-9ec0-4913-799e-08d983cfdce5 x-ms-traffictypediagnostic: PH0PR18MB4781: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: y7tFlVFxb7aa6T3opE2PAZIzsRor9jfZyIOuBh9qJm/KuhWxBYtYHTEqTsn1LTZtUg4dWgZHxK1XyKHgNKirEqi3msfgV4XOeTpjIneZFnMLfdn8B7Ag6noy3eBmFsrP7bQIHrtCczHBhDORtLmtiJRz6Ypovm8qQJIlReG2uJPfMjkHRxgOSFdf7Xs56MHYYB58sKbzKceezCD01cnM0FO5q1fxCViXrFLPqfHwCJVT22JNlGv4pmd6auvV04j5XKCItCIUObWEY70SGDwnJ4lf+XyS0PUKmdHMl0gFnBoTU2AEglxjLehz5Y1Fa8JRLvTuGmouXC8I99hUUcPLZ1o1+dwCqm5RESDMdSendTKzRY+4voilJVnlcyxyEuVK9HcNIGQAobeoVpzRCuiIiULFzMwhL7Puk/atGOyELFTA9qOIAIhJQwqRKfuNjJTMtQcRpL7YNBr8fn15MCpjoTKIlqBCkAfAn0W9kbFDsxH2Imdy6tz74aUd1IocO4hAKfuzhlzIwn6/CsTKvlUGPkGlxHVe/OhNz8zjg7u3V84rSCWQjFwTKZ47WHSog5lAD+aD0Mjk0mCHUS6Zj9jGmtOl9ybggPzRkkYZDkcJSAkU27IX5kVH0YWrSVwIjt+8FMyrFyYN3mwy+hGkITRf4zdMd4tOUEUndTpS7YOMrtp6b+azH2iN91fyK5NW6KgBl1euQ1hSVcleUikG3oBG6A== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB4672.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(4326008)(52536014)(15650500001)(8936002)(71200400001)(122000001)(86362001)(76116006)(6506007)(38100700002)(66446008)(53546011)(66556008)(66476007)(66946007)(26005)(64756008)(186003)(33656002)(7696005)(2906002)(83380400001)(110136005)(54906003)(9686003)(38070700005)(508600001)(8676002)(316002)(55016002)(5660300002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Mt29ymQ3N4w3lJaJ1EK7E++mFdT0vmpctHiaFKFd9UBHYvJpRTMsrY+eDlC0?= =?us-ascii?Q?4KHKRvSYwFWqac+rcpuN0/fQfVN6gPnxk3M6XTstVm4p/Ux/DzcoeB8M5glr?= =?us-ascii?Q?vyMeYZvp+9THjqKtZ8oktkgZBwbUd2hBM4dyj3Z+NCiWwqteTyDJUxSSv5LF?= =?us-ascii?Q?nM2I4/lQ6HVojzInrUIyuFz0bYaa21gAew6IlcPVwykufkbjo+2gxvhDr0zC?= =?us-ascii?Q?DlA5+kyZJh+ARw38Drp/27ioWc9gMJzHxnl+8VB26YqIyBfA04iUe0DKme/B?= =?us-ascii?Q?yyZbMr/Dp8IzqQA0e3JCA8V3oNxKyKaW/ZhcwAM3Ocn9A7T/Tw/gv4dgxTEx?= =?us-ascii?Q?04adDuVKgEpMbmUTJBHNRWeUJhTKXt4ExjnW8WvD3TsYEeEVmCS/B3FmvFpg?= =?us-ascii?Q?dauLkooPCFSGF/pAMZnIFqJVQ8ExnMkP05UbVC2c+wRs4vbRWWrq1SxcQXVb?= =?us-ascii?Q?8z3DHpqaSGPGdZ+A3PIRj8ErUt6dUyJu29k9N/xjOFWhAZvukLnUie5bolJN?= =?us-ascii?Q?LcTVu6E8C30waLyPbKNTcvhkV89SZMrT3HYHu0sGPTWLy48s1d5jikcQy6+E?= =?us-ascii?Q?02EUEYuL3VcxhZ9qkz2cp+pj2aRJ92RInmDYHD/iDkrQeuXCbMrkKIHKpDga?= =?us-ascii?Q?iQZwRhZkKvJbsjfmuF5MEbNxhuUK1xbjqOtC/jQDxV6kz2HDu4SlyQ5oDf6r?= =?us-ascii?Q?Qg606KJVKz74Iy5MEKFoxrncRxmL6ta0czviEUK2dd1wbyKH+XkCIb2UeY2l?= =?us-ascii?Q?DXbhzH7/kT3ObZHEPdqvo3CEAND+KZAGWuHa1oYPeizTGTTqUt2dxxtLe21P?= =?us-ascii?Q?eeXADdIVnTmCKAXIiJZxjhyopugusiah24B77gbblAbb9oyFgfTKu6RcylyB?= =?us-ascii?Q?pCRrOSX/FCdQt8ECQbCoucbqUL4FyN/1pYHuBqYQQIWagmflj/+c4KTyXvDG?= =?us-ascii?Q?YxgLNXygXWR+cIC/bhUmHMmibn1LR1ZbCAUzkNqyRPP/w61ILxVMUs5iwl4I?= =?us-ascii?Q?0iq5mCS/HXOPVJ6WkNtSPKuPSnr/DERG3V6DXL3JjJQhk3m+NpW6ikEOa2ML?= =?us-ascii?Q?u0MVZcLYNOKRbEx1Ygx5z83LBmcPf5mSVsY+sr5HCfwnUkmyeigV7S6cLIsq?= =?us-ascii?Q?97KAaEDmxDrwiB8lbRSefP37iHxAMtq6XxaZwT83N6zE85azleLGeivw8G9B?= =?us-ascii?Q?RI3PellO2LAFRo34tpLj0/pXnjtO5ruwkpEjYPstKoP1ySU+jT7JAmwRVhA8?= =?us-ascii?Q?5dxyGMfLSt2wT15fUXRth/puICuHC6ewqSwX245RyyZkoXkHZIYIyiv3atq9?= =?us-ascii?Q?fYqusAwJHzvnIOk54W9HDlKr?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB4672.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: fc66b754-9ec0-4913-799e-08d983cfdce5 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2021 05:05:03.5269 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wJI+Z2LT6jthTjgw63iZQAIhI7B59y2lwk4kK9QaWwoFyHk0Bdgxrh+2PsehetUJHlFiWBaMdEWG+QIWJS1Wzg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR18MB4781 X-Proofpoint-GUID: m4W4dvNOXrevMsYFvOhXWtkrh39FFZqr X-Proofpoint-ORIG-GUID: m4W4dvNOXrevMsYFvOhXWtkrh39FFZqr X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-30_01,2021-09-29_01,2020-04-07_01 Subject: Re: [dpdk-dev] [PATCH v2 1/3] security: add SA config option for inner pkt csum X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Konstantin, Please see inline. Thanks, Anoob > -----Original Message----- > From: Ananyev, Konstantin > Sent: Wednesday, September 29, 2021 5:09 PM > To: Anoob Joseph ; Archana Muniganti > ; Akhil Goyal ; Nicolau, Radu > ; Zhang, Roy Fan ; > hemant.agrawal@nxp.com > Cc: Tejasree Kondoj ; Ankur Dwivedi > ; Jerin Jacob Kollanukkaran ; > dev@dpdk.org > Subject: [EXT] RE: [PATCH v2 1/3] security: add SA config option for inne= r pkt > csum >=20 > External Email >=20 > ---------------------------------------------------------------------- > Hi Anoob, >=20 > > Hi Konstanin, > > > > Please see inline. > > > > Thanks, > > Anoob > > > > > -----Original Message----- > > > From: Ananyev, Konstantin > > > Sent: Wednesday, September 29, 2021 4:26 PM > > > To: Archana Muniganti ; Akhil Goyal > > > ; Nicolau, Radu ; Zhang, > > > Roy Fan ; hemant.agrawal@nxp.com > > > Cc: Anoob Joseph ; Tejasree Kondoj > > > ; Ankur Dwivedi ; Jerin > > > Jacob Kollanukkaran ; dev@dpdk.org > > > Subject: [EXT] RE: [PATCH v2 1/3] security: add SA config option for > > > inner pkt csum > > > > > > External Email > > > > > > -------------------------------------------------------------------- > > > -- > > > > Add inner packet IPv4 hdr and L4 checksum enable options in conf. > > > > These will be used in case of protocol offload. > > > > Per SA, application could specify whether the > > > > checksum(compute/verify) can be offloaded to security device. > > > > > > > > Signed-off-by: Archana Muniganti > > > > --- > > > > doc/guides/cryptodevs/features/default.ini | 1 + > > > > doc/guides/rel_notes/deprecation.rst | 4 ++-- > > > > doc/guides/rel_notes/release_21_11.rst | 4 ++++ > > > > lib/cryptodev/rte_cryptodev.h | 2 ++ > > > > lib/security/rte_security.h | 18 ++++++++++++++++++ > > > > 5 files changed, 27 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/doc/guides/cryptodevs/features/default.ini > > > > b/doc/guides/cryptodevs/features/default.ini > > > > index c24814de98..96d95ddc81 100644 > > > > --- a/doc/guides/cryptodevs/features/default.ini > > > > +++ b/doc/guides/cryptodevs/features/default.ini > > > > @@ -33,6 +33,7 @@ Non-Byte aligned data =3D Sym raw data path API > > > > =3D Cipher multiple data units =3D > > > > Cipher wrapped key =3D > > > > +Inner checksum =3D > > > > > > > > ; > > > > ; Supported crypto algorithms of a default crypto driver. > > > > diff --git a/doc/guides/rel_notes/deprecation.rst > > > > b/doc/guides/rel_notes/deprecation.rst > > > > index 05fc2fdee7..8308e00ed4 100644 > > > > --- a/doc/guides/rel_notes/deprecation.rst > > > > +++ b/doc/guides/rel_notes/deprecation.rst > > > > @@ -232,8 +232,8 @@ Deprecation Notices > > > > IPsec payload MSS (Maximum Segment Size), and ESN (Extended > > > > Sequence > > > Number). > > > > > > > > * security: The IPsec SA config options ``struct > > > > rte_security_ipsec_sa_options`` > > > > - will be updated with new fields to support new features like > > > > IPsec inner > > > > - checksum, TSO in case of protocol offload. > > > > + will be updated with new fields to support new features like > > > > + TSO in case of protocol offload. > > > > > > > > * ipsec: The structure ``rte_ipsec_sa_prm`` will be extended with = a new > field > > > > ``hdr_l3_len`` to configure tunnel L3 header length. > > > > diff --git a/doc/guides/rel_notes/release_21_11.rst > > > > b/doc/guides/rel_notes/release_21_11.rst > > > > index 8da851cccc..93d1b36889 100644 > > > > --- a/doc/guides/rel_notes/release_21_11.rst > > > > +++ b/doc/guides/rel_notes/release_21_11.rst > > > > @@ -194,6 +194,10 @@ ABI Changes > > > > ``rte_security_ipsec_xform`` to allow applications to configure = SA soft > > > > and hard expiry limits. Limits can be either in number of packet= s or bytes. > > > > > > > > +* security: The new options ``ip_csum_enable`` and > > > > +``l4_csum_enable`` were added > > > > + in structure ``rte_security_ipsec_sa_options`` to indicate > > > > +whether inner > > > > + packet IPv4 header checksum and L4 checksum need to be > > > > +offloaded to > > > > + security device. > > > > > > > > Known Issues > > > > ------------ > > > > diff --git a/lib/cryptodev/rte_cryptodev.h > > > > b/lib/cryptodev/rte_cryptodev.h index bb01f0f195..d9271a6c45 > > > > 100644 > > > > --- a/lib/cryptodev/rte_cryptodev.h > > > > +++ b/lib/cryptodev/rte_cryptodev.h > > > > @@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum > > > > rte_crypto_asym_xform_type *xform_enum, /**< Support operations > > > > on > > > multiple data-units message */ > > > > #define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL > << 26) > > > > /**< Support wrapped key in cipher xform */ > > > > +#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL > > > << 27) > > > > +/**< Support inner checksum computation/verification */ > > > > > > > > /** > > > > * Get the name of a crypto device feature flag diff --git > > > > a/lib/security/rte_security.h b/lib/security/rte_security.h index > > > > ab1a6e1f65..945f45ad76 100644 > > > > --- a/lib/security/rte_security.h > > > > +++ b/lib/security/rte_security.h > > > > @@ -230,6 +230,24 @@ struct rte_security_ipsec_sa_options { > > > > * * 0: Do not match UDP ports > > > > */ > > > > uint32_t udp_ports_verify : 1; > > > > + > > > > + /** Compute/verify inner packet IPv4 header checksum in tunnel mo= de > > > > + * > > > > + * * 1: For outbound, compute inner packet IPv4 header checksum > > > > + * before tunnel encapsulation and for inbound, verify after > > > > + * tunnel decapsulation. > > > > + * * 0: Inner packet IP header checksum is not computed/verified. > > > > + */ > > > > + uint32_t ip_csum_enable : 1; > > > > + > > > > + /** Compute/verify inner packet L4 checksum in tunnel mode > > > > + * > > > > + * * 1: For outbound, compute inner packet L4 checksum before > > > > + * tunnel encapsulation and for inbound, verify after > > > > + * tunnel decapsulation. > > > > + * * 0: Inner packet L4 checksum is not computed/verified. > > > > + */ > > > > + uint32_t l4_csum_enable : 1; > > > > > > As I understand these 2 new flags serve two purposes: > > > 1. report HW/PMD ability to perform these offloads. > > > 2. allow user to enable/disable this offload on SA basis. > > > > [Anoob] Correct > > > > > > > > One question I have - how it will work on data-path? > > > Would decision to perform these offloads be based on mbuf->ol_flags > > > value (same as we doing for ethdev TX offloads)? > > > Or some other approach is implied? > > > > [Anoob] There will be two settings. It can enabled per SA or enabled pe= r > packet. >=20 > Ok, will it be documented somewhere? > Or probably it already is, and I just missed/forgot it somehow? [Anoob] Looks like we missed documenting this. Will update in the next vers= ion. Should we add documentation around SA options or around TX offload fla= gs? I think it's better around SA options. Do you suggest either? =20 >=20 > > > > > > > }; > > > > > > > > /** IPSec security association direction */ > > > > -- > > > > 2.22.0