From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A0846A04B3; Mon, 27 Jan 2020 12:25:24 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AFB0E1BFAE; Mon, 27 Jan 2020 12:25:23 +0100 (CET) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70078.outbound.protection.outlook.com [40.107.7.78]) by dpdk.org (Postfix) with ESMTP id A41F81BFAB for ; Mon, 27 Jan 2020 12:25:21 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E6K1AJiHehoZZrcC9yTMugCbk9q5muxuo8OFTQAOSO4wN09bqIwfwM4NDPIFlDMDvHBgxPiQ4CKfC28RNafqRTuC8qpjrQNoej3JNpY0QqkoFX6fGXrq6r1yFoP+pX7vMVqviD6FdojUl4fLxeSZv61HFKnwnyMgi2qFf9s0a+0Z7b+nibmhtq/qKOAyFNKcB+aR5KGwPApKn8GHJKLxNl450Ke/0adaA9ZPbdjD/tzPKy1mJYdqOpxtrjnGRaUQaz1d0tJ+QaWDungHYnNZzhSKNc1ReIb8bvgtAExemvubhmuYE668QubLHLKbww3ivlVkZwBbjr9ITHAvBNJNiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qvyMZDIBKmv1+/FeCekR+5QtSwKO3Jwuh30A9c/Iem4=; b=aQvQ6/3gp4YPgMtuwU5k6uFkIniluXb4tzX5ebkbtyccMxXiDngC0SU9Y+mqs7ulFRsHSaGOrlYHU7ob+JmVDYU531xe34mpiyfzD/iQaVl6XtqwDScclVcznpFNhdO2KBDFCbw2NnVpkbUcUX87myIxAPiEU1gynXy1KuOu56AkMUmBfwGIpZb+p+NIgJdVeBr9kM5aWV7TwrWxJViawDLAQjnRl6RWqVTfY0OZ8qSxfO6ZVtPpD5l4IjbjCbvgAdd3SNdnuHq0GZD8QALU/3QfEntFbE3oyCDnNikijYJeikQq8izcZMiWiWR7ssRDlUHroZSe8yFfIWG4aiUfBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qvyMZDIBKmv1+/FeCekR+5QtSwKO3Jwuh30A9c/Iem4=; b=bFliP8KxSsUO3DRCyLTlScuIpcg7TuujIcHqnT+NNdpKm9xqtkJCxmVxm8opXznfGei7QXB1+T/OVYG3Pyn204kmQDoIHPlIwopDR/8vH/BRTEK2stjZP3RAJrB6C7rpenqsKMlXs8MfnBgile3fxOcKq5bEZcB/fyBppLL3fgQ= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6432.eurprd04.prod.outlook.com (20.179.234.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.24; Mon, 27 Jan 2020 11:25:20 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::25b0:b1ac:aed0:63e1]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::25b0:b1ac:aed0:63e1%7]) with mapi id 15.20.2665.026; Mon, 27 Jan 2020 11:25:20 +0000 From: Akhil Goyal To: Pavel Belous , "dev@dpdk.org" CC: Ferruh Yigit , John McNamara , Declan Doherty , Konstantin Ananyev , Thomas Monjalon , Igor Russkikh , Fenilkumar Patel , Hitesh K Maisheri Thread-Topic: [RFC v2 0/7] RFC: Support MACSEC offload in the RTE_SECURITY infrastructure. Thread-Index: AQHVi10nBXEPDIlV80SgF8Z6g0Szcaf+8LJQ Date: Mon, 27 Jan 2020 11:25:20 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.72] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: c3503efb-225d-407c-9cfb-08d7a31b9809 x-ms-traffictypediagnostic: VE1PR04MB6432: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 02951C14DC x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(346002)(376002)(39860400002)(136003)(199004)(189003)(8936002)(81156014)(66556008)(81166006)(316002)(8676002)(52536014)(86362001)(7696005)(7416002)(26005)(64756008)(966005)(66446008)(110136005)(33656002)(186003)(2906002)(4326008)(54906003)(44832011)(66946007)(5660300002)(478600001)(76116006)(71200400001)(55016002)(9686003)(6506007)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6432; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GljySMLoATiAOXUVidmtT+2oxR5Ra24fPl111yeAFFbIl8SSuu8RWd2XMQacrEX3myXpQExDambDVtSNdLkHOyYpGLd0zokPEX+8YXSXbG3oNLeatHPQLXTetqhkslrCTaWETXdQxDJhJ4oL+1JlNWPMY4IzQBvRdlcR0WsJpxCt1yQBetu4BoyQ05x9SSxRviGINCBaZum4jk3FqNUZjfi687Jj6KLLk+JCQ8tOh8sMlyAYMVcgI6DLtWvxDDEh9wywBlj+K1DSHeESN2yPJluGepyuCQ3d8kYUk7sdIgtQ2B6J3RYSh2CBasQmEAG2DDSGlwIHXXFRKiXDIvCPsHx6Y8loY3BhfYHXyaJrKIetUyfrQxslchEqGhlEP0t9FCP52PftJxsCt773fO+YqxJg5jL1SZ0Cvg/wmfXjStNPisFTajp+c2K0ArRfmxwrDi2Y4Dke4yna/m5Va7w/xsVxOCipAkTKG0RXsAic4F4= x-ms-exchange-antispam-messagedata: p9z9J2yf0SdvchPvFWrI6aV30IFgTrSXhwdxb1lk+mOa0VjPspRCg3tY/6051ZQq90QJQ53ACwpI50vb0o8g5ioyvaRFCSLnb44/B7YdskriirbkDwL8F6Aru3WwP4e9xz8+xjKAAlR8pETVhXx3kQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: c3503efb-225d-407c-9cfb-08d7a31b9809 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2020 11:25:20.5806 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pSwOfjWREsPB/Ckxa2PGq8ldFs2CoxYT/ACTUsm7LqQFK+e2e9xlQpXvh3AxnznSCMQBPTZv99N8Jkl9+wmjtA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6432 Subject: Re: [dpdk-dev] [RFC v2 0/7] RFC: Support MACSEC offload in the RTE_SECURITY infrastructure. X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Pavel, > From: Pavel Belous >=20 > This RFC suggest possible API to implement generic MACSEC HW > offload in DPDK infrastructure. >=20 > Right now two PMDs implementing MACSEC hw offload via private > API: ixgbe (Intel) and atlantic (Aquantia). >=20 > During that private API discussion it was decided to go further > with well defined public API, based most probably on rte_security > infrastructure. >=20 > Here is that previous discussion: >=20 > http://inbox.dpdk.org/dev/20190416101145.nVecHKp3w14Ptd_hne-DqHhKyzbre88P= wNI-OAowXJM@z/ >=20 > Declaring macsec API via rte_security gives a good data-centric view on > parameters > and operations macsec supports. Old, pure functional API (basically ixbe = only API) > presented function calls with big argument lists which is hard to extend = and > analyse. >=20 > However, I'd like to note rte_security has to be used via explicitly crea= ted > mempools - this hardens abit the usage. > It also may be hard to extend the structures in the ABI compatible way. >=20 > One of the problems with MACSEC is that internally implementation and > hardware > support could be either very simple, doing only endpoint encryption with = a single > TX SC (Secure Connection), or quite complex, capable to do flexible filte= ring > and SC matching based on mac, vlan, ethertype and other. >=20 > Different macsec hardware supports some custom features and from our > experience > users would like to configure these as well. Therefore there will probabl= y be > needed a number of PMD specific macsec operators support. >=20 > Examples include: custom in-the-clear tag (matched by vlan id or mask), > configurable internal logic to allow both secure and unsecure traffic, > bypass filters on specific ethertypes. > To support such extensions, suggest use rte_security_macsec_op enum with > vendor specific operation codes. >=20 > In context of rte_security, MACSEC operations should normally be based on > security session create and update calls. >=20 > Session create is used to setup overall session. Thats equivalent of old > `macsec enable` operation. >=20 > Session update is used to update security connections and associations. > Here xform->op contains the required operation: rx/tx session/association > add/update/removal. >=20 The patches look good from rte_security perspective. You can send the forma= l Patches for 20.05 window.