From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0078.outbound.protection.outlook.com [104.47.34.78]) by dpdk.org (Postfix) with ESMTP id 319341B53 for ; Mon, 28 Aug 2017 16:26:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=R6/6aBvEYyu5Rc4riaFUJbg/meKKahvOTynSdNnLk+A=; b=apV8oB4Hpr0tjzwhCDjNxPqvz6A8HYwlp57uEG9eQ5DYOqmtwf150fK6SCeuOgSoXxozT8Tr6EXy/cp6sNS52PnSzlBZH2RETMrh+Y4fYnOAx2buhDyWIYgsxwErQJ8tkVCIFigX027gkDnmFdzNX8XnKImZaiy1NCkRsaQaiOA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=PrasadAthreya.Narayana@cavium.com; Received: from [10.90.207.71] (14.140.2.178) by DM2PR0701MB1065.namprd07.prod.outlook.com (2a01:111:e400:2472::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1385.9; Mon, 28 Aug 2017 14:26:04 +0000 To: dev@dpdk.org, "Berestovskyy, Andriy" , "Manoharan, Balasubramanian" References: <1b68515b-bb11-5da7-6a94-b30c04294478@caviumnetworks.com> Cc: "Kulkarni, Sunil" , "Chandran, Suheil" , "Murthy, Nidadavolu" From: Narayana Prasad Athreya Message-ID: Date: Mon, 28 Aug 2017 19:56:05 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 In-Reply-To: <1b68515b-bb11-5da7-6a94-b30c04294478@caviumnetworks.com> X-Originating-IP: [14.140.2.178] X-ClientProxiedBy: DM5PR07CA0039.namprd07.prod.outlook.com (2603:10b6:3:16::25) To DM2PR0701MB1065.namprd07.prod.outlook.com (2a01:111:e400:2472::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b06c8a4a-1c32-4c0e-9575-08d4ee20b844 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0701MB1065; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1065; 3:+OhgK7gzeSxI69OfvrAjeoTecFDq2TFARqW19ikYGiAEvqso82OxVI+vxz2TvkmK4Q4uY2qWHB0WpqCE9MMHwE+g4aDLycPfyZoLMYIBZDP3m9nyo0dCJuxq2NtKp2zweLDJ7mobbyQ0jjpOioRcwjTFdCVKRzJ3rx4ajWvZZCHc0YgTKHJGnQIIBoSc6G2iBX6nOKx3KRbBG2GYb+EXDSPF9ukQpSaD2AAy44VE6cepJyvVty/Wj0gThjTOkzay; 25:cEP0uSg1iBOIF9+pdkHwlUWRQDEiN4JD/re8zO4KPUxiOMVP/1elx4Yxe0jdLexVse1ExicpcYbtUsuRnB8dqbT7IWoJNVmTEESxwCwSOrpgPw796VX32ANwQIwSXoBQ0GGEG8ztKNIgyRhdT2eu4QzJs55UPcd7XRFIFxKmbVMdhUZXIq7cC22CVfkcNF0Luq8hpCEeZeMqGC3MHNFShMoTuqgxrNB8/0smjA2EJgw6R5f6TIAanJg61Z/548ht8FoCChQ47aN4TJE9CsEzejgYD5W2Ypt/LBzq2tXpHF3lb2E+RRlVyFxnAXHOD9yLaRO5LM5V3LVuqM0hSKv8Aw==; 31:69XzGf7D7hGXhu8HmMugvesaqbyuncZibMS78zzuZtlP/xNkKz0Z+PZjOkalrw2yC7brg8fV29qIa9POZAjlGARNUy+A0sMyc2Wsf22cgXjqGfQZJW3wsqvQ7PX4b0NxVOyLiqhgovO/xsATG9tGRgurHBV5KIpMtaKlckRE23Be2mIz1/rdXk7GmuA3OyP55a4WskyQC8qjl+YAdH6lbHtz3wx6ovZ5TdxuAsCC3F8= X-MS-TrafficTypeDiagnostic: DM2PR0701MB1065: X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1065; 20:uHWrzRgsIyk17l0KpuJRkxI1S/JXyWopmmcZ2LCs3H66sBZhct7FF0/lSPArpAGzzEBVaIHTwGE2SM6+B7bgUYP0pT5DdjtbL3YmaZ6ivC7+qAEpi5nnw7HX2GRZRtGwP8ydfdH1Wp5rzeGOW6p5i/YgZVSmk0CXMAX6edzcEizuWYTBOnBIQYj4/XXxvdPSgzn2sSp/wNCm1Ffu9oMsBzNOt5lY0pUaCRneaIo4hiTGSkAjLKFlvQjVQGOOyiwQDg+Kot+gRI56QM8lGdCYUxC91n7lX/N0+kZFIwh5eNSVsJ+7KJnBqWS/NC5urcQ6XGMhmOze2pylw7tcD9FrtclwJ0ZlGvdkZ9hmrVsiY+pPiY4XiyKbSHJfa7OFnGjns8SgrqSnRTq8SM06hygT8WFbhCelM2GLt/Y9Rn7JUzyhZygB3tRDRu+lUV1VehmqFsuFR/luEcYWOYgAsYhZt3NqxM3gi0kINwmQ3t5mg1sY17yBsdmv9xxBWcqLwCylLkFAKy7x3Zne0mAxXqjs1REvRF3yKB3Cnhg8PRxQUol1B1RL1PLtuDYvINV14TBiU295TbgXH55Nl2tYCERy2SU1egEcxugyZZgL7qOmqB0= X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(17755550239193); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(100000703101)(100105400095)(93006095)(6041248)(20161123564025)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0701MB1065; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0701MB1065; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1065; 4:bWHtkc5CjHyalbTss80srFgIDMzcepJAhT87aj+Ke6M5K2qGqMowm2LEHRuGnjECBX5FccwH84i+rChJ/zEOaSqzPbR6v02oM35a+4OBXqdfuLOAXY69uz2m2sxDIuVvwtKMMgx+Tzh/sXzQcsE2SrvzcVS0P1+iqyMSC6/ZyfpJ6zgkzj3wISZgcJkkZwBSRXGhUwXO1hBEmfsKrrztyUjWoRhwhHfLxTsxICdhEqijCES39Z1U8iC+2afTgh4iBBz13LT1EuaEFQruQdklf7s/QZYDoeuTuU3U26x2hejq2+SQDw1lLaiNgbPYDzj/txjcD5AlyuaRcZXVP6YoUA== X-Forefront-PRVS: 0413C9F1ED X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(7370300001)(4630300001)(6049001)(6009001)(199003)(189002)(24454002)(377454003)(229853002)(65806001)(42882006)(105586002)(77096006)(66066001)(83506001)(31696002)(53936002)(42186005)(107886003)(7350300001)(36756003)(68736007)(8676002)(31686004)(81156014)(6246003)(81166006)(6486002)(106356001)(64126003)(7736002)(33646002)(5660300001)(65956001)(54896002)(54906002)(2950100002)(76176999)(101416001)(50986999)(65826007)(54356999)(97736004)(4001350100001)(189998001)(84326002)(5009440100003)(3846002)(25786009)(2906002)(4326008)(6116002)(72206003)(478600001)(110426004)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR0701MB1065; H:[10.90.207.71]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0701MB1065; 23:3VzoyccNRuj3255XZSnU0845ROf51M6lZeDsOeS?= =?us-ascii?Q?s6AZKpHs8BVGJ+j0ePhSqD2B66yw4yj1VkwcK2GvgPhX0R3C9/TzaXxWdd1d?= =?us-ascii?Q?TDkXst/4T63kzUm6WZOOHHOhGDS2t0HHJZG07P4zo6+0oqxPemkTRQRajngV?= =?us-ascii?Q?0WEdIIm12+xnJ8TgNuFYwI7SPx2amlXnDAWzZhhsw98JvpUAw8AWEdpbxPTo?= =?us-ascii?Q?NjmEJ2bSV5tbNjHAvZxSe19XQzF03tipoGPzzQ25bmfbz9GoLNCiM5PcMJvp?= =?us-ascii?Q?LnsuPXQajEWfzW8en47QqJRAJovX+aZ3SOoMroDDlTJlEYUPqdSn6sCT6+zu?= =?us-ascii?Q?QzTD6OQe6OBNQygSEm5Dl5Z+COBzjIoDFiBFey/LaxEeZhhy9g3oEiMlRImx?= =?us-ascii?Q?vBHCauG5GHOxKZ0KH1QABq3T/KXDXFsyy5U9e6TNcJqdajdFQdbx2i7ZktGC?= =?us-ascii?Q?2gvD57QRE/i+KSlDcQsmelGSwnalZgZ8H9Ch+uag5OjZyf3zdOjnhPCSNzWe?= =?us-ascii?Q?N/UKrCYeFu8F7F12RqW4XbvLujurjTQyzMo81KOyqIFUfiY+wew4m0mz7yfe?= =?us-ascii?Q?6OhE8u2vDklOtrjYU2IklmoNg7rprrj417ZfiN/T9QJl2DpB3dfFMYOxbSK/?= =?us-ascii?Q?+I7ADR1eG/blvqDVPrUgzeOvpxQki2MLbMRrWfaEjWcnP3n4IuzEfyYPcMGQ?= =?us-ascii?Q?RJXfEPCumLFs9HtEWhAA76HK+KPCicdFgImIHHzJbWbk+vp8Iztdlo9Ta+BZ?= =?us-ascii?Q?NhLGnrWJ2Sd7XcRGduEIBhGkW0H5ZXPs2VtDHajuWss4fcNa4BmWnCJNwXNg?= =?us-ascii?Q?lDysP4t2eglVL7gNBpKpZ8krVg+6nIMcKLiTPUZK60b85ODkvkQuXSMWXImk?= =?us-ascii?Q?ZGhf454MUwbyd7+6FAz9n5GJO7UmPh52KqcvGp2e3fBzxfReQ6iSuuPs8q87?= =?us-ascii?Q?1HqnzonmczrcvFplJ2RlJtscv6hpu8Fe5kKj4pccK9cbZCG2kR9kYXFH4vdA?= =?us-ascii?Q?Z0ZAn/v2hjzpFexcq/C0yHtu2WkYuvrBAVrLLXAWu4h4RqJAiflBzuT3u32w?= =?us-ascii?Q?3pSCAiMMWe3ZSEX2mgNS12ttu8R2oEBGMzved8cUg3ldT8MO5JZqD4pXgY2Q?= =?us-ascii?Q?rPoLXvFmYpscz8jvwOeV78nUYQd3jDCVj1LzkECSqfqftMEIgf3HFAosAgg2?= =?us-ascii?Q?ngzqBZoQQXIRFMIEtZoN3Q4OUTFA8XIwPDhbDPMTGea+R+OVcYBuaI3KrMcF?= =?us-ascii?Q?c4ccGE5rL731pXvJYDt4xic4y7fmUyoeer+U2DXCaaNlozz2UWffTdFBM2OT?= =?us-ascii?Q?Cc5SdsvBaTk7D/6CwXEza824SJEp7yqskXNqzn6mYU9DmVelNW+bfnhJCQbK?= =?us-ascii?Q?YXNbyOA=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR0701MB1065; 6:xFI6qpDiABSv3ptyXt+mxolgGDg+3+EduC5J/bZ3S+nitKA3ZO3f23T7trYDHJkxyLRKd60bJKXQm4gGQ1HDg1Cq2ujY6BxS7jygKoTin+51cyFR0KjGUKjzwjeb1yIDw30DQEv8CzRFNbo0E8XMGstzr++FSmtxi+Ha+d4KFbQiFXX2VRTTUjuBuY3ZSCWp41ibPH/O1wLa0OJ7Py0mX9bXWshfzVqu3uUIGsc6bWoe4yK0UsUif+CMYoN18C3GuCm38vKtqEuwnU/SgDH7fXn6l6SsSA+cy8LyOGOYJtz56tG39PXkwPl1s/6AeP2wtre2WCG/baxcCOtBU2rr2w==; 5:e+lg8aGQ1JQJw3F+y1L0ehaAvjgRWZFetPSeVOKu3dFMawzXaOe9IKAHIXfUTtzq7lUzWtPfwDl8y8JY2vaxvnKYTG0ieOGkIO2XqJVN5pNU23jZN1HTVMVFpSqB7VLVwsU1pEqcegXTXlAqnUoG8Q==; 24:Y0zYA00tVqKDFZw2m9GtPtODYoChXxdhuEFTPOcG3ZuxAM6jIAJT7e6xqSK4rDch72ROap14sdEv7hm1S11hGhUCaGa5G1D5MWf42/K4vG0=; 7:bSRkLGt2HP4VTvsLJvXhJRMU8K3qOscm6Mo7n8XyQDfHWbhiAlD1pNO1AWu4gP/oy/Bg59JOgUtq3GynXFlPrqL6YQAjI2ez8+lALs5bj9S9S9q3P6CZ7xXo27ywro5boIiOWh6AoU0Zi1rzt8nRvuD6kOCrH2uE3PCmKhCGBWWfHnELUw5VDTfRa1LnslH9bm1ZbcO8kBB8DiViZqM2OGJTYKNvbjrWLRbFWWGxfXw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Aug 2017 14:26:04.1221 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0701MB1065 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [RFC PATCH v2 0/4] IPSec Inline and look aside crypto offload X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2017 14:26:08 -0000 On Monday 28 August 2017 07:53 PM, Narayana Prasad Athreya wrote: >> This patchet showcases the definition and usage of the rte_security >> APIs described in the RFC v1 sent earlier. >> >> The data path and configuration path is similar to what was proposed in >> version 1. However, rte_security_configure API is removed, as it looked >> redundant. >> >> Also the rte_security.x files are placed inside the lib/librte_cryptodev/ >> as the APIs are defined with the help of crypto APIs and it makes more sense >> to extend the cryptodev library instead of a separate library which perform >> similar actions. >> >> Some of the parameters of the APIs are also modified for better usability. >> The parameter ``dev_name`` is removed as the appropriate device(crypto/eth) >> can be obtained by using the action type. >> >> The patchset is still in work in progress state and there may be some changes >> and cleanup in the next version. This is just to enable others to work >> in parallel on the crypto offloading using ethernet devices. >> >> This patchset include the definition of rte_security APIs in patch 1, >> changes required in cryptodev in patch 2, sample driver implementation >> in patch 3 and ipsec-secgw application changes in patch 4. >> >> Akhil Goyal (4): >> RFC2: rte_security: API definitions >> cryptodev: entend cryptodev to support security APIs >> crypto/dpaa2_sec: add support for protocol offload ipsec >> example/ipsec-secgw: add support for offloading crypto op >> >> drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 368 ++++++++++++++++++++++++- >> drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 33 +++ >> examples/ipsec-secgw/ipsec.c | 125 ++++++--- >> examples/ipsec-secgw/ipsec.h | 13 +- >> examples/ipsec-secgw/sa.c | 142 +++++++--- >> lib/librte_cryptodev/Makefile | 3 +- >> lib/librte_cryptodev/rte_crypto_sym.h | 15 + >> lib/librte_cryptodev/rte_cryptodev.h | 20 +- >> lib/librte_cryptodev/rte_cryptodev_pmd.h | 35 +++ >> lib/librte_cryptodev/rte_security.c | 171 ++++++++++++ >> lib/librte_cryptodev/rte_security.h | 409 ++++++++++++++++++++++++++++ >> 11 files changed, 1243 insertions(+), 91 deletions(-) >> create mode 100644 lib/librte_cryptodev/rte_security.c >> create mode 100644 lib/librte_cryptodev/rte_security.h >> >> -- >> 2.9.3 > I have a few questions/comments on the v1 and v2 versions of this > patch. I accumulated these from a few different cavium stakeholders. > > 1. conf_ipsec_sa::sa_dir and ipsec_xform::op seem to have same purpose. > 2. Its unclear how the Crypto Device will be configured to use a > specific Network device and vice-versa. The situation is when the same > network port must process IPsec and regular traffic. Should regular > traffic also use the singular device? > 3. The spec seems to assume PMD Network device. Event driven model is > also needed. > 4. SA Options for expiry(byte/time) are lacking. > 5. Error handling and Status notifications are not specified. These > can be tricky in the inline mode of operation, particularly inbound. > 6. SA expiry handling is another key aspect which hasn’t been > accounted for. > 7. No anti-replay window size SA param. > 8. ESP TFC padding not addressed. > 9. Incremental checksum computation in transport mode ESP doesnt > appear to be addressed > 10. Didnt spot details for tunnel mode header preservation > 11. Selector checking, especially for the inner packet in tunnel mode > appears to be missing > 12. Dynamic offloading - selectively offload some packets in hardware > is a feature we would like to support. > 13. Destination queue for IPSEC events: Operations in asynchronous or > inline mode enqueue resulting events into this queue. This helps with > our 93xx inline ipsec design. > 14. If event model (ASYNC) and inline are supported, there should be a > “pipeline” classifier option for inbound SAs. > 15. Maximum number of destination CoSes is not supported. The same CoS > may be used for many SAs. > 16. Per protocol header parsing capability after inbound processing > is missing. Preferred options : None/L2/L3/L4/ALL protocols. > 17. Per protocol outer header retention in inbound processing is > missing. Preferred options : None/L2/L3/L4/ALL protocols. > > Thanks > Prasad cc'ed the cavium stakeholders.