From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10075.outbound.protection.outlook.com [40.107.1.75]) by dpdk.org (Postfix) with ESMTP id 51784127E for ; Sun, 17 Sep 2017 15:45:09 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qxanLpFuxMTpM4zPx2S6ygNcchdvxN+wX0JiaDssVaw=; b=XDLJz/Y2s1WZeQE+5ErXAVVlN5AvJMeWml8V6gHgMYizJJcwMcWdpULcZNNve5eRJQ6WJwo1AwxmOnUqn2fdvVj0e7FC752oR71cvanx+OT0MylVyteEnMxPCJ5cAGpun9rf9C7xNkJqD7uwzbCAf3ujrQDedTLkaWahhydjiTA= Received: from VI1PR05MB3149.eurprd05.prod.outlook.com (10.170.237.142) by VI1PR05MB3232.eurprd05.prod.outlook.com (10.170.238.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.56.9; Sun, 17 Sep 2017 13:45:06 +0000 Received: from VI1PR05MB3149.eurprd05.prod.outlook.com ([fe80::3c3c:8f27:30a1:cd59]) by VI1PR05MB3149.eurprd05.prod.outlook.com ([fe80::3c3c:8f27:30a1:cd59%13]) with mapi id 15.20.0056.010; Sun, 17 Sep 2017 13:45:06 +0000 From: Shahaf Shuler To: Akhil Goyal , "dev@dpdk.org" CC: "declan.doherty@intel.com" , "pablo.de.lara.guarch@intel.com" , "hemant.agrawal@nxp.com" , "radu.nicolau@intel.com" , Boris Pismenny , "Aviad Yehezkel" , Thomas Monjalon , "sandeep.malik@nxp.com" , "jerin.jacob@caviumnetworks.com" Thread-Topic: [dpdk-dev] [PATCH 06/11] ethdev: extend ethdev to support security APIs Thread-Index: AQHTLTPGaw31S//PCE22SGd04jgjK6K5FLnQ Date: Sun, 17 Sep 2017 13:45:06 +0000 Message-ID: References: <20170914082651.26232-1-akhil.goyal@nxp.com> <20170914082651.26232-7-akhil.goyal@nxp.com> In-Reply-To: <20170914082651.26232-7-akhil.goyal@nxp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=shahafs@mellanox.com; x-originating-ip: [193.47.165.251] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR05MB3232; 6:z3/QdaBkh3BLaQMZkIRsXfRAKdOTq3ohQpJMNE9lZq9xBni5fctdfeC1aniqF53Gm6ohfs8z+khbn2gyBvZHka7LaiKgYWDVLgWOO/4iAIXMFN5IGSwriZN//POl0Fd+3bNhhKMne5wU9XV2pjXD2MEJmHav+Nq237FXA3XWZ8FjrLBbg5EGb6H6yZVaWWoSdFsbKsEfrqUL3a27uAQD7IifHXUJMywhq/XrMuPzVtTOsTvAc+acILqokBrpf5mhMIuQrRNMW12/Hete+bVxsG3InzgV7oE13pJ+oIiO8l4DlpyYkwH2Qa3PiJzMHsiPpbnKPaubOFlTjs4Cnk7aoQ==; 5:5PqnDYJkMBCJHFkDe6AHAGJ0EIMMcz8AsBeumvS3yQVI07P46ysA3Ha8kutIbQrvJTci0N6hKkTDdRAv3KPEGLUb4kK1drjTeRj+s0z97BJuLtHthFegdnB2kO4XEEj2VJEM/FPPCRMubNrRA3pnxg==; 24:KWnpV3cOzn6WUzkQsRFjNJhpt2b0Q2n4NxOdJ2n34IWiYHGhDZ5UFUe0jtHN5XNtYtBUNSwyC4Dwr7NNndLx/PGwj2yNH6SWCN79zq/sDT8=; 7:hvAC5WBsk+jPYkaelwFwwhurjuW8PkeGBSFee5iYpU7nyLFMh/SELpnhMZcIgkhhKTNh5lgilWr6K40lt4X41A//2+OOQQ1gcOeeHbZCFaWOBHCYElgWugh4Vrzic5/Qji+dJ+Q1wHkdDUhFzhROKu0SKoLaCWu2pw8/NSvw2SiZD8XboBk/Cra98X0T6uo0aoMX5QJ3pRtEAZZ4q5im7EFHFCcNqTLLh65MzzV7/Vg= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ld-processed: a652971c-7d2e-4d9b-a6a4-d149256f461b,ExtAddr x-ms-office365-filtering-correlation-id: 8e5d7fe6-1185-453c-0831-08d4fdd24e43 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:VI1PR05MB3232; x-ms-traffictypediagnostic: VI1PR05MB3232: x-exchange-antispam-report-test: UriScan:(192374486261705)(228905959029699); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041248)(20161123562025)(20161123560025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR05MB3232; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR05MB3232; x-forefront-prvs: 0433DB2766 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(189002)(199003)(377454003)(3660700001)(189998001)(10710500007)(53376002)(6306002)(229853002)(2501003)(966005)(54356999)(76176999)(9686003)(54906002)(99286003)(55016002)(25786009)(101416001)(2950100002)(50986999)(53936002)(106356001)(66066001)(102836003)(6116002)(6246003)(5250100002)(105586002)(86362001)(2906002)(3280700002)(6436002)(74316002)(6506006)(2900100001)(15650500001)(14454004)(3846002)(7110500001)(5660300001)(2420400007)(305945005)(7736002)(68736007)(478600001)(81156014)(81166006)(8936002)(7696004)(316002)(33656002)(97736004)(4326008)(8656003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR05MB3232; H:VI1PR05MB3149.eurprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2017 13:45:06.3432 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR05MB3232 Subject: Re: [dpdk-dev] [PATCH 06/11] ethdev: extend ethdev to support security APIs X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Sep 2017 13:45:09 -0000 Hi Declan, Thursday, September 14, 2017 11:27 AM, Akhil Goyal: >=20 > From: Declan Doherty >=20 > rte_flow_action type and ethdev updated to support rte_security sessions > for crypto offload to ethernet device. >=20 > Signed-off-by: Boris Pismenny > Signed-off-by: Aviad Yehezkel > Signed-off-by: Radu Nicolau > Signed-off-by: Declan Doherty > --- > lib/librte_ether/rte_ethdev.c | 11 +++++++++++ > lib/librte_ether/rte_ethdev.h | 22 ++++++++++++++++++++-- > lib/librte_ether/rte_ethdev_version.map | 7 +++++++ > 3 files changed, 38 insertions(+), 2 deletions(-) >=20 > diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.= c > index 0597641..f51c5a5 100644 > --- a/lib/librte_ether/rte_ethdev.c > +++ b/lib/librte_ether/rte_ethdev.c > @@ -302,6 +302,17 @@ rte_eth_dev_socket_id(uint8_t port_id) > return rte_eth_devices[port_id].data->numa_node; > } >=20 > +uint16_t > +rte_eth_dev_get_sec_id(uint8_t port_id) { > + RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -1); > + > + if (rte_eth_devices[port_id].data->dev_flags & > RTE_ETH_DEV_SECURITY) > + return rte_eth_devices[port_id].data->sec_id; > + > + return -1; > +} > + > uint8_t > rte_eth_dev_count(void) > { > diff --git a/lib/librte_ether/rte_ethdev.h b/lib/librte_ether/rte_ethdev.= h > index 0adf327..262ba47 100644 > --- a/lib/librte_ether/rte_ethdev.h > +++ b/lib/librte_ether/rte_ethdev.h > @@ -180,6 +180,8 @@ extern "C" { > #include > #include > #include > +#include > + > #include "rte_ether.h" > #include "rte_eth_ctrl.h" > #include "rte_dev_info.h" > @@ -357,7 +359,8 @@ struct rte_eth_rxmode { > jumbo_frame : 1, /**< Jumbo Frame Receipt enable. */ > hw_strip_crc : 1, /**< Enable CRC stripping by hardware. */ > enable_scatter : 1, /**< Enable scatter packets rx handler */ > - enable_lro : 1; /**< Enable LRO */ > + enable_lro : 1, /**< Enable LRO */ > + enable_sec : 1; /**< Enable security offload */ Based on the time of integration you may need to update the convert functio= n [1] as well. > }; >=20 > /** > @@ -679,8 +682,10 @@ struct rte_eth_txmode { > /**< If set, reject sending out tagged pkts */ > hw_vlan_reject_untagged : 1, > /**< If set, reject sending out untagged pkts */ > - hw_vlan_insert_pvid : 1; > + hw_vlan_insert_pvid : 1, > /**< If set, enable port based VLAN insertion */ > + enable_sec : 1; > + /**< Enable security offload */ Considering this enable_sec is an exception in compare to the regular Tx of= floads which are always enabled and set per queue, Wouldn't it be better to use the new offloads API [2] for that flag?=20 > }; >=20 > /** > @@ -907,6 +912,7 @@ struct rte_eth_conf { #define > DEV_RX_OFFLOAD_QINQ_STRIP 0x00000020 #define > DEV_RX_OFFLOAD_OUTER_IPV4_CKSUM 0x00000040 > #define DEV_RX_OFFLOAD_MACSEC_STRIP 0x00000080 > +#define DEV_RX_OFFLOAD_SECURITY 0x00000100 >=20 > /** > * TX offload capabilities of a device. > @@ -926,6 +932,11 @@ struct rte_eth_conf { > #define DEV_TX_OFFLOAD_GENEVE_TNL_TSO 0x00001000 /**< Used for > tunneling packet. */ > #define DEV_TX_OFFLOAD_MACSEC_INSERT 0x00002000 > #define DEV_TX_OFFLOAD_MT_LOCKFREE 0x00004000 > +#define DEV_TX_OFFLOAD_SECURITY 0x00008000 The above flag I understand.=20 > +#define DEV_TX_OFFLOAD_SEC_NEED_MDATA 0x00010000 > +#define DEV_TX_OFFLOAD_IPSEC_CRYPTO_HW_TRAILER 0x00020000 > +#define DEV_TX_OFFLOAD_IPSEC_CRYPTO_TSO 0x00040000 > +#define DEV_TX_OFFLOAD_IPSEC_CRYPTO_CKSUM 0x00080000 The above 4 flags I don't. doc/comments are missing to describe what exactl= y each feature means.=20 Also considering those caps may be protocol depended (e.g. PMD can do TSO f= or ipsec but cannot for macsec) isn't it better for those caps to be advert= ised as part of rte_security_capabilities ? The PMD will report for ethdev layer it support the security offloads, then= per protocol the above caps will be advertised.=20 > /**< Multiple threads can invoke rte_eth_tx_burst() concurrently on the > same > * tx queue without SW lock. > */ > @@ -1651,6 +1662,9 @@ struct rte_eth_dev { > enum rte_eth_dev_state state; /**< Flag indicating the port state */ > } __rte_cache_aligned; >=20 > +uint16_t > +rte_eth_dev_get_sec_id(uint8_t port_id); > + > struct rte_eth_dev_sriov { > uint8_t active; /**< SRIOV is active with 16, 32 or 64 po= ols */ > uint8_t nb_q_per_pool; /**< rx queue number per pool */ > @@ -1711,6 +1725,8 @@ struct rte_eth_dev_data { > int numa_node; /**< NUMA node connection */ > struct rte_vlan_filter_conf vlan_filter_conf; > /**< VLAN filter configuration. */ > + uint16_t sec_id; > + /**< security instance identifier */ > }; >=20 > /** Device supports hotplug detach */ > @@ -1721,6 +1737,8 @@ struct rte_eth_dev_data { #define > RTE_ETH_DEV_BONDED_SLAVE 0x0004 > /** Device supports device removal interrupt */ > #define RTE_ETH_DEV_INTR_RMV 0x0008 > +/** Device supports inline security processing */ > +#define RTE_ETH_DEV_SECURITY 0x0010 I see you use this cap to protect in ethdev layer from returning invalid se= curity id. However it seems to me kind of duplication with the DEV_TX_OFFL= OAD_SECURITY and DEV_RX_OFFLOAD_SECURITY. The combination of the two flags means the PMD supports rte_security, can't= we use it instead of the above flag? Meaning the function will be: uint16_t = =20 rte_eth_dev_get_sec_id(uint8_t port_id) = =20 { = =20 rte_eth_dev_info dev_info; unsigned int support_sec =3D 0; RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -1); = =20 = =20 rte_eth_dev_info_get(port_id, &dev_info); support_sec =3D !!(dev_info->rx_offloads_capa & DEV_RX_OFFLOAD_SECUR= ITY) && (dev_info->tx_offloads_capa & DEV_TX_OFFLOAD_SECURITY)) if (support_sec) return rte_eth_devices[port_id].data->sec_id; = =20 = =20 return -1; = =20 } = =20 >=20 > /** > * @internal > diff --git a/lib/librte_ether/rte_ethdev_version.map > b/lib/librte_ether/rte_ethdev_version.map > index 4283728..24cbd7d 100644 > --- a/lib/librte_ether/rte_ethdev_version.map > +++ b/lib/librte_ether/rte_ethdev_version.map > @@ -187,3 +187,10 @@ DPDK_17.08 { > rte_tm_wred_profile_delete; >=20 > } DPDK_17.05; > + > +DPDK_17.11 { > + global: > + > + rte_eth_dev_get_sec_id; > + > +} DPDK_17.08; > -- > 2.9.3 [1] http://dpdk.org/dev/patchwork/patch/28799/ [2] http://dpdk.org/dev/patchwork/patch/28800/