* |WARNING| pw131937 [PATCH] [v4] security: hide security context
@ 2023-09-26 18:32 dpdklab
0 siblings, 0 replies; only message in thread
From: dpdklab @ 2023-09-26 18:32 UTC (permalink / raw)
To: test-report; +Cc: dpdk-test-reports
Test-Label: iol-testing
Test-Status: WARNING
http://dpdk.org/patch/131937
_apply patch failure_
Submitter: Akhil Goyal <gakhil@marvell.com>
Date: Tuesday, September 26 2023 08:08:50
Applied on: CommitID:d419c85a7299a57fb94edcc00f1d2f816e22fb40
Apply patch set 131937 failed:
Checking patch app/test-crypto-perf/cperf_ops.c...
error: while searching for:
else
sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
error: patch failed: app/test-crypto-perf/cperf_ops.c:749
error: while searching for:
.crypto_xform = &cipher_xform
};
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
error: patch failed: app/test-crypto-perf/cperf_ops.c:853
error: while searching for:
} },
.crypto_xform = &cipher_xform
};
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
error: patch failed: app/test-crypto-perf/cperf_ops.c:901
Checking patch app/test-crypto-perf/cperf_test_latency.c...
error: while searching for:
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
struct rte_security_ctx *sec_ctx =
rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(sec_ctx, ctx->sess);
}
#endif
error: patch failed: app/test-crypto-perf/cperf_test_latency.c:53
Checking patch app/test-crypto-perf/cperf_test_pmd_cyclecount.c...
error: while searching for:
#ifdef RTE_LIB_SECURITY
if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS) {
struct rte_security_ctx *sec_ctx =
(struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(sec_ctx,
(void *)ctx->sess);
} else
#endif
rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
error: patch failed: app/test-crypto-perf/cperf_test_pmd_cyclecount.c:67
Checking patch app/test-crypto-perf/cperf_test_throughput.c...
error: while searching for:
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
struct rte_security_ctx *sec_ctx =
(struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(
sec_ctx,
(void *)ctx->sess);
}
#endif
else
error: patch failed: app/test-crypto-perf/cperf_test_throughput.c:44
Checking patch app/test-crypto-perf/cperf_test_verify.c...
error: while searching for:
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
struct rte_security_ctx *sec_ctx =
rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(sec_ctx, ctx->sess);
}
#endif
error: patch failed: app/test-crypto-perf/cperf_test_verify.c:48
Checking patch app/test-security-perf/test_security_perf.c...
error: while searching for:
struct rte_security_session_conf sess_conf;
int i, ret, nb_sessions, nb_sess_total;
struct rte_security_session **sess;
struct rte_security_ctx *sec_ctx;
double setup_rate, destroy_rate;
uint64_t setup_ms, destroy_ms;
struct lcore_conf *conf = arg;
error: patch failed: app/test-security-perf/test_security_perf.c:344
Checking patch app/test/test_cryptodev.c...
error: while searching for:
const struct rte_security_capability *capability;
uint16_t i = 0;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
capabilities = rte_security_capabilities_get(ctx);
error: patch failed: app/test/test_cryptodev.c:8931
error: while searching for:
struct crypto_unittest_params *ut_params = &unittest_params;
uint8_t *plaintext;
int ret = TEST_SUCCESS;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
struct rte_cryptodev_info dev_info;
uint64_t feat_flags;
error: patch failed: app/test/test_cryptodev.c:8973
error: while searching for:
unsigned int trn_data = 0;
struct rte_cryptodev_info dev_info;
uint64_t feat_flags;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
struct rte_mbuf *temp_mbuf;
rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
error: patch failed: app/test/test_cryptodev.c:9180
error: while searching for:
struct ipsec_test_data *res_d_tmp = NULL;
uint8_t input_text[IPSEC_TEXT_MAX_LEN];
int salt_len, i, ret = TEST_SUCCESS;
struct rte_security_ctx *ctx;
uint32_t src, dst;
uint32_t verify;
error: patch failed: app/test/test_cryptodev.c:9905
error: while searching for:
uint32_t crc_data_len;
int ret = TEST_SUCCESS;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
error: patch failed: app/test/test_cryptodev.c:11088
error: while searching for:
int32_t cipher_len, crc_len;
int ret = TEST_SUCCESS;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
error: patch failed: app/test/test_cryptodev.c:11272
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: while searching for:
}
int
test_ipsec_stats_verify(struct rte_security_ctx *ctx,
void *sess,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir)
error: patch failed: app/test/test_cryptodev_security_ipsec.c:1249
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: while searching for:
enum rte_security_ipsec_sa_direction dir,
int pkt_num);
int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
void *sess,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
error: patch failed: app/test/test_cryptodev_security_ipsec.h:302
Checking patch app/test/test_security_inline_macsec.c...
error: while searching for:
static int
init_mempools(unsigned int nb_mbuf)
{
struct rte_security_ctx *sec_ctx;
uint16_t nb_sess = 512;
uint32_t sess_sz;
char s[64];
error: patch failed: app/test/test_security_inline_macsec.c:136
error: while searching for:
}
static void
mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op,
void *rx_sess, void *tx_sess,
uint8_t rx_sc_id, uint8_t tx_sc_id,
uint16_t rx_sa_id[], uint16_t tx_sa_id[])
error: patch failed: app/test/test_security_inline_macsec.c:482
error: while searching for:
}
static int
mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op,
const struct mcs_test_opts *opts,
const struct mcs_test_vector *td,
void *rx_sess, void *tx_sess,
error: patch failed: app/test/test_security_inline_macsec.c:667
error: while searching for:
struct rte_security_macsec_sa sa_conf = {0};
struct rte_security_macsec_sc sc_conf = {0};
struct mcs_err_vector err_vector = {0};
struct rte_security_ctx *ctx;
int nb_rx = 0, nb_sent;
int i, j = 0, ret, id, an = 0;
uint8_t tci_off;
error: patch failed: app/test/test_security_inline_macsec.c:900
error: while searching for:
memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td);
ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id);
if (ctx == NULL) {
printf("Ethernet device doesn't support security features.\n");
return TEST_SKIPPED;
error: patch failed: app/test/test_security_inline_macsec.c:908
Checking patch app/test/test_security_inline_proto.c...
error: while searching for:
/* Create Inline IPsec session */
static int
create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
void **sess, struct rte_security_ctx **ctx,
uint32_t *ol_flags, const struct ipsec_test_flags *flags,
struct rte_security_session_conf *sess_conf)
{
error: patch failed: app/test/test_security_inline_proto.c:136
error: while searching for:
struct rte_security_capability_idx sec_cap_idx;
const struct rte_security_capability *sec_cap;
enum rte_security_ipsec_sa_direction dir;
struct rte_security_ctx *sec_ctx;
uint32_t verify;
sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
error: patch failed: app/test/test_security_inline_proto.c:149
error: while searching for:
sess_conf->userdata = (void *) sa;
sec_ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(portid);
if (sec_ctx == NULL) {
printf("Ethernet device doesn't support security features.\n");
return TEST_SKIPPED;
error: patch failed: app/test/test_security_inline_proto.c:221
error: while searching for:
static int
init_mempools(unsigned int nb_mbuf)
{
struct rte_security_ctx *sec_ctx;
uint16_t nb_sess = 512;
uint32_t sess_sz;
char s[64];
error: patch failed: app/test/test_security_inline_proto.c:503
error: while searching for:
struct rte_crypto_sym_xform auth_in = {0};
struct rte_crypto_sym_xform aead_in = {0};
struct ipsec_test_data sa_data;
struct rte_security_ctx *ctx;
unsigned int i, nb_rx = 0, j;
uint32_t ol_flags;
bool outer_ipv4;
error: patch failed: app/test/test_security_inline_proto.c:846
error: while searching for:
struct rte_crypto_sym_xform auth = {0};
struct rte_crypto_sym_xform aead = {0};
struct sa_expiry_vector vector = {0};
struct rte_security_ctx *ctx;
int nb_rx = 0, nb_sent;
uint32_t ol_flags;
int i, j = 0, ret;
error: patch failed: app/test/test_security_inline_proto.c:1113
error: while searching for:
struct rte_mbuf *tx_pkt = NULL;
int nb_rx, nb_sent;
void *ses;
struct rte_security_ctx *ctx;
uint32_t ol_flags;
bool outer_ipv4;
int i, ret;
error: patch failed: app/test/test_security_inline_proto.c:1398
Checking patch doc/guides/prog_guide/rte_security.rst...
error: while searching for:
Once the session mempools have been created, ``rte_security_session_create()``
is used to allocate and initialize a session for the required crypto/ethernet device.
Session APIs need a parameter ``rte_security_ctx`` to identify the crypto/ethernet
security ops. This parameter can be retrieved using the APIs
``rte_cryptodev_get_sec_ctx()`` (for crypto device) or ``rte_eth_dev_get_sec_ctx``
(for ethernet port).
error: patch failed: doc/guides/prog_guide/rte_security.rst:637
Checking patch doc/guides/rel_notes/deprecation.rst...
error: while searching for:
which got error interrupt to the application,
so that application can reset that particular queue pair.
* security: Hide structures ``rte_security_ops`` and ``rte_security_ctx``
as these are internal to DPDK library and drivers.
* eventdev: The single-event (non-burst) enqueue and dequeue operations,
used by static inline burst enqueue and dequeue functions in ``rte_eventdev.h``,
will be removed in DPDK 23.11.
error: patch failed: doc/guides/rel_notes/deprecation.rst:139
Checking patch doc/guides/rel_notes/release_23_11.rst...
error: while searching for:
except ``rte_thread_setname()`` and ``rte_ctrl_thread_create()`` which are
replaced with ``rte_thread_set_name()`` and ``rte_thread_create_control()``.
ABI Changes
-----------
error: patch failed: doc/guides/rel_notes/release_23_11.rst:144
Checking patch examples/ipsec-secgw/ipsec-secgw.c...
error: while searching for:
static inline void
process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts,
uint8_t nb_pkts, uint16_t portid, struct rte_security_ctx *ctx)
{
struct ipsec_traffic traffic;
error: patch failed: examples/ipsec-secgw/ipsec-secgw.c:568
Checking patch examples/ipsec-secgw/ipsec.c...
error: while searching for:
static inline int
verify_security_capabilities(struct rte_security_ctx *ctx,
struct rte_security_session_conf *sess_conf,
uint32_t *ol_flags)
{
error: patch failed: examples/ipsec-secgw/ipsec.c:205
error: while searching for:
};
if (ips->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
cdev_id);
/* Set IPsec parameters in conf */
set_ipsec_conf(sa, &(sess_conf.ipsec));
error: patch failed: examples/ipsec-secgw/ipsec.c:327
error: while searching for:
struct rte_ipsec_session *ips)
{
int32_t ret = 0;
struct rte_security_ctx *sec_ctx;
struct rte_security_session_conf sess_conf = {
.action_type = ips->type,
.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
error: patch failed: examples/ipsec-secgw/ipsec.c:411
error: while searching for:
struct rte_flow_error err;
int ret = 0;
sec_ctx = (struct rte_security_ctx *)
rte_eth_dev_get_sec_ctx(
sa->portid);
if (sec_ctx == NULL) {
RTE_LOG(ERR, IPSEC,
" rte_eth_dev_get_sec_ctx failed\n");
error: patch failed: examples/ipsec-secgw/ipsec.c:490
error: while searching for:
return -1;
}
} else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
sec_ctx = (struct rte_security_ctx *)
rte_eth_dev_get_sec_ctx(sa->portid);
if (sec_ctx == NULL) {
RTE_LOG(ERR, IPSEC,
error: patch failed: examples/ipsec-secgw/ipsec.c:657
Checking patch examples/ipsec-secgw/ipsec.h...
error: while searching for:
struct lcore_rx_queue {
uint16_t port_id;
uint8_t queue_id;
struct rte_security_ctx *sec_ctx;
} __rte_cache_aligned;
struct buffer {
error: patch failed: examples/ipsec-secgw/ipsec.h:279
Checking patch examples/ipsec-secgw/ipsec_worker.c...
error: while searching for:
struct port_drv_mode_data {
void *sess;
struct rte_security_ctx *ctx;
};
typedef void (*ipsec_worker_fn_t)(void);
error: patch failed: examples/ipsec-secgw/ipsec_worker.c:20
Checking patch examples/ipsec-secgw/ipsec_worker.h...
error: while searching for:
}
static __rte_always_inline void
prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt,
struct ipsec_traffic *t)
{
uint32_t ptype = pkt->packet_type;
error: patch failed: examples/ipsec-secgw/ipsec_worker.h:119
error: while searching for:
}
static __rte_always_inline void
prepare_traffic(struct rte_security_ctx *ctx, struct rte_mbuf **pkts,
struct ipsec_traffic *t, uint16_t nb_pkts)
{
int32_t i;
error: patch failed: examples/ipsec-secgw/ipsec_worker.h:230
Checking patch lib/security/rte_security.c...
error: while searching for:
}
void *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp)
{
struct rte_security_session *sess = NULL;
uint32_t sess_priv_size;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
error: patch failed: lib/security/rte_security.c:60
error: while searching for:
}
int
rte_security_session_update(struct rte_security_ctx *instance,
void *sess,
struct rte_security_session_conf *conf)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
-ENOTSUP);
RTE_PTR_OR_ERR_RET(sess, -EINVAL);
error: patch failed: lib/security/rte_security.c:93
error: while searching for:
}
unsigned int
rte_security_session_get_size(struct rte_security_ctx *instance)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
return (sizeof(struct rte_security_session) +
error: patch failed: lib/security/rte_security.c:106
error: while searching for:
}
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
void *sess,
struct rte_security_stats *stats)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
-ENOTSUP);
/* Parameter sess can be NULL in case of getting global statistics. */
error: patch failed: lib/security/rte_security.c:115
error: while searching for:
}
int
rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
{
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
error: patch failed: lib/security/rte_security.c:128
error: while searching for:
}
int
rte_security_macsec_sc_create(struct rte_security_ctx *instance,
struct rte_security_macsec_sc *conf)
{
int sc_id;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_create, -EINVAL, -ENOTSUP);
error: patch failed: lib/security/rte_security.c:149
error: while searching for:
}
int
rte_security_macsec_sa_create(struct rte_security_ctx *instance,
struct rte_security_macsec_sa *conf)
{
int sa_id;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_create, -EINVAL, -ENOTSUP);
error: patch failed: lib/security/rte_security.c:165
error: while searching for:
}
int
rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id,
enum rte_security_macsec_direction dir)
{
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_destroy, -EINVAL, -ENOTSUP);
error: patch failed: lib/security/rte_security.c:181
error: while searching for:
}
int
rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id,
enum rte_security_macsec_direction dir)
{
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_destroy, -EINVAL, -ENOTSUP);
error: patch failed: lib/security/rte_security.c:199
error: while searching for:
}
int
rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id,
enum rte_security_macsec_direction dir,
struct rte_security_macsec_sc_stats *stats)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_stats_get, -EINVAL, -ENOTSUP);
RTE_PTR_OR_ERR_RET(stats, -EINVAL);
error: patch failed: lib/security/rte_security.c:217
error: while searching for:
}
int
rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id,
enum rte_security_macsec_direction dir,
struct rte_security_macsec_sa_stats *stats)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_stats_get, -EINVAL, -ENOTSUP);
RTE_PTR_OR_ERR_RET(stats, -EINVAL);
error: patch failed: lib/security/rte_security.c:228
error: while searching for:
}
int
__rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
void *sess,
struct rte_mbuf *m, void *params)
{
#ifdef RTE_DEBUG
RTE_PTR_OR_ERR_RET(sess, -EINVAL);
RTE_PTR_OR_ERR_RET(instance, -EINVAL);
error: patch failed: lib/security/rte_security.c:239
error: while searching for:
}
const struct rte_security_capability *
rte_security_capabilities_get(struct rte_security_ctx *instance)
{
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
return instance->ops->capabilities_get(instance->device);
}
const struct rte_security_capability *
rte_security_capability_get(struct rte_security_ctx *instance,
struct rte_security_capability_idx *idx)
{
const struct rte_security_capability *capabilities;
const struct rte_security_capability *capability;
uint16_t i = 0;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
error: patch failed: lib/security/rte_security.c:255
error: while searching for:
security_capabilities_from_dev_id(int dev_id, const void **caps)
{
const struct rte_security_capability *capabilities;
struct rte_security_ctx *sec_ctx;
if (rte_cryptodev_is_valid_dev(dev_id) == 0)
return -EINVAL;
sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id);
RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL);
capabilities = rte_security_capabilities_get(sec_ctx);
error: patch failed: lib/security/rte_security.c:401
Checking patch lib/security/rte_security.h...
error: while searching for:
#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1
#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2
/**
* Security context for crypto/eth devices
*
* Security instance for each driver to register security operations.
* The application can get the security context from the crypto/eth device id
* using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx()
* This structure is used to identify the device(crypto/eth) for which the
* security operations need to be performed.
*/
struct rte_security_ctx {
void *device;
/**< Crypto/ethernet device attached */
const struct rte_security_ops *ops;
/**< Pointer to security ops for the device */
uint16_t sess_cnt;
/**< Number of sessions attached to this context */
uint16_t macsec_sc_cnt;
/**< Number of MACsec SC attached to this context */
uint16_t macsec_sa_cnt;
/**< Number of MACsec SA attached to this context */
uint32_t flags;
/**< Flags for security context */
};
#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001
/**< Driver uses fast metadata update without using driver specific callback.
* For fast mdata, mbuf dynamic field would be registered by driver
error: patch failed: lib/security/rte_security.h:56
error: while searching for:
* - On failure, NULL
*/
void *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp);
error: patch failed: lib/security/rte_security.h:695
error: while searching for:
*/
__rte_experimental
int
rte_security_session_update(struct rte_security_ctx *instance,
void *sess,
struct rte_security_session_conf *conf);
error: patch failed: lib/security/rte_security.h:711
error: while searching for:
* - 0 if device is invalid or does not support the operation.
*/
unsigned int
rte_security_session_get_size(struct rte_security_ctx *instance);
/**
* Free security session header and the session private data and
error: patch failed: lib/security/rte_security.h:725
error: while searching for:
* - other negative values in case of freeing private data errors.
*/
int
rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
/**
* @warning
error: patch failed: lib/security/rte_security.h:742
error: while searching for:
*/
__rte_experimental
int
rte_security_macsec_sc_create(struct rte_security_ctx *instance,
struct rte_security_macsec_sc *conf);
/**
error: patch failed: lib/security/rte_security.h:761
error: while searching for:
*/
__rte_experimental
int
rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id,
enum rte_security_macsec_direction dir);
/**
error: patch failed: lib/security/rte_security.h:780
error: while searching for:
*/
__rte_experimental
int
rte_security_macsec_sa_create(struct rte_security_ctx *instance,
struct rte_security_macsec_sa *conf);
/**
error: patch failed: lib/security/rte_security.h:800
error: while searching for:
*/
__rte_experimental
int
rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id,
enum rte_security_macsec_direction dir);
/** Device-specific metadata field type */
error: patch failed: lib/security/rte_security.h:819
error: while searching for:
return rte_security_dynfield_offset >= 0;
}
#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0
#define RTE_SECURITY_SESS_FAST_MDATA_OFF 1
/**
error: patch failed: lib/security/rte_security.h:889
error: while searching for:
/** Function to call PMD specific function pointer set_pkt_metadata() */
__rte_experimental
int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
void *sess,
struct rte_mbuf *m, void *params);
error: patch failed: lib/security/rte_security.h:933
error: while searching for:
* - On failure, a negative value.
*/
static inline int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
void *sess,
struct rte_mbuf *mb, void *params)
{
/* Fast Path */
if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
*rte_security_dynfield(mb) = (rte_security_dynfield_t)
rte_security_session_fast_mdata_get(sess);
return 0;
error: patch failed: lib/security/rte_security.h:951
error: while searching for:
*/
__rte_experimental
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
void *sess,
struct rte_security_stats *stats);
error: patch failed: lib/security/rte_security.h:1105
error: while searching for:
*/
__rte_experimental
int
rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance,
uint16_t sa_id, enum rte_security_macsec_direction dir,
struct rte_security_macsec_sa_stats *stats);
error: patch failed: lib/security/rte_security.h:1125
error: while searching for:
*/
__rte_experimental
int
rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance,
uint16_t sc_id, enum rte_security_macsec_direction dir,
struct rte_security_macsec_sc_stats *stats);
error: patch failed: lib/security/rte_security.h:1145
error: while searching for:
* - Return NULL if no capabilities available.
*/
const struct rte_security_capability *
rte_security_capabilities_get(struct rte_security_ctx *instance);
/**
* Query if a specific capability is available on security instance
error: patch failed: lib/security/rte_security.h:1296
error: while searching for:
* - Return NULL if the capability not matched on security instance.
*/
const struct rte_security_capability *
rte_security_capability_get(struct rte_security_ctx *instance,
struct rte_security_capability_idx *idx);
#ifdef __cplusplus
error: patch failed: lib/security/rte_security.h:1310
Checking patch lib/security/rte_security_driver.h...
error: while searching for:
/**< Private session material, variable size (depends on driver) */
};
/**
* Helper macro to get driver private data
*/
error: patch failed: lib/security/rte_security_driver.h:37
Applying patch app/test-crypto-perf/cperf_ops.c with 3 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Applying patch app/test-crypto-perf/cperf_test_latency.c with 1 reject...
Rejected hunk #1.
Applying patch app/test-crypto-perf/cperf_test_pmd_cyclecount.c with 1 reject...
Rejected hunk #1.
Applying patch app/test-crypto-perf/cperf_test_throughput.c with 1 reject...
Rejected hunk #1.
Applying patch app/test-crypto-perf/cperf_test_verify.c with 1 reject...
Rejected hunk #1.
Applying patch app/test-security-perf/test_security_perf.c with 1 reject...
Rejected hunk #1.
Applying patch app/test/test_cryptodev.c with 6 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Rejected hunk #5.
Rejected hunk #6.
Applying patch app/test/test_cryptodev_security_ipsec.c with 1 reject...
Rejected hunk #1.
Applying patch app/test/test_cryptodev_security_ipsec.h with 1 reject...
Rejected hunk #1.
Applying patch app/test/test_security_inline_macsec.c with 5 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Rejected hunk #5.
Applying patch app/test/test_security_inline_proto.c with 7 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Rejected hunk #5.
Rejected hunk #6.
Rejected hunk #7.
Applying patch doc/guides/prog_guide/rte_security.rst with 1 reject...
Rejected hunk #1.
Applying patch doc/guides/rel_notes/deprecation.rst with 1 reject...
Rejected hunk #1.
Applying patch doc/guides/rel_notes/release_23_11.rst with 1 reject...
Rejected hunk #1.
Applying patch examples/ipsec-secgw/ipsec-secgw.c with 1 reject...
Rejected hunk #1.
Applying patch examples/ipsec-secgw/ipsec.c with 5 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Rejected hunk #5.
Applying patch examples/ipsec-secgw/ipsec.h with 1 reject...
Rejected hunk #1.
Applying patch examples/ipsec-secgw/ipsec_worker.c with 1 reject...
Rejected hunk #1.
Applying patch examples/ipsec-secgw/ipsec_worker.h with 2 rejects...
Rejected hunk #1.
Rejected hunk #2.
Applying patch lib/security/rte_security.c with 14 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Rejected hunk #5.
Rejected hunk #6.
Rejected hunk #7.
Rejected hunk #8.
Rejected hunk #9.
Rejected hunk #10.
Rejected hunk #11.
Rejected hunk #12.
Rejected hunk #13.
Rejected hunk #14.
Applying patch lib/security/rte_security.h with 17 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Rejected hunk #5.
Rejected hunk #6.
Rejected hunk #7.
Rejected hunk #8.
Rejected hunk #9.
Rejected hunk #10.
Rejected hunk #11.
Rejected hunk #12.
Rejected hunk #13.
Rejected hunk #14.
Rejected hunk #15.
Rejected hunk #16.
Rejected hunk #17.
Applying patch lib/security/rte_security_driver.h with 1 reject...
Rejected hunk #1.
hint: Use 'git am --show-current-patch' to see the failed patch
diff a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c (rejected hunks)
@@ -749,8 +749,7 @@ create_ipsec_session(struct rte_mempool *sess_mp,
else
sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(dev_id);
+ void *ctx = rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
@@ -853,8 +852,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
.crypto_xform = &cipher_xform
};
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(dev_id);
+ void *ctx = rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
@@ -901,8 +899,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
} },
.crypto_xform = &cipher_xform
};
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(dev_id);
+ void *ctx = rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
diff a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c (rejected hunks)
@@ -53,8 +53,7 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
- struct rte_security_ctx *sec_ctx =
- rte_cryptodev_get_sec_ctx(ctx->dev_id);
+ void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(sec_ctx, ctx->sess);
}
#endif
diff a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c (rejected hunks)
@@ -67,11 +67,9 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
#ifdef RTE_LIB_SECURITY
if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS) {
- struct rte_security_ctx *sec_ctx =
- (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(ctx->dev_id);
- rte_security_session_destroy(sec_ctx,
- (void *)ctx->sess);
+ void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id);
+
+ rte_security_session_destroy(sec_ctx, (void *)ctx->sess);
} else
#endif
rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
diff a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c (rejected hunks)
@@ -44,12 +44,9 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
- struct rte_security_ctx *sec_ctx =
- (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(ctx->dev_id);
- rte_security_session_destroy(
- sec_ctx,
- (void *)ctx->sess);
+ void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id);
+
+ rte_security_session_destroy(sec_ctx, (void *)ctx->sess);
}
#endif
else
diff a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c (rejected hunks)
@@ -48,8 +48,8 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
- struct rte_security_ctx *sec_ctx =
- rte_cryptodev_get_sec_ctx(ctx->dev_id);
+ void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id);
+
rte_security_session_destroy(sec_ctx, ctx->sess);
}
#endif
diff a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c (rejected hunks)
@@ -344,7 +344,7 @@ test_security_session_perf(void *arg)
struct rte_security_session_conf sess_conf;
int i, ret, nb_sessions, nb_sess_total;
struct rte_security_session **sess;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
double setup_rate, destroy_rate;
uint64_t setup_ms, destroy_ms;
struct lcore_conf *conf = arg;
diff a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c (rejected hunks)
@@ -8931,9 +8931,7 @@ security_proto_supported(enum rte_security_session_action_type action,
const struct rte_security_capability *capability;
uint16_t i = 0;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
capabilities = rte_security_capabilities_get(ctx);
@@ -8973,9 +8971,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
struct crypto_unittest_params *ut_params = &unittest_params;
uint8_t *plaintext;
int ret = TEST_SUCCESS;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
struct rte_cryptodev_info dev_info;
uint64_t feat_flags;
@@ -9180,9 +9176,7 @@ test_pdcp_proto_SGL(int i, int oop,
unsigned int trn_data = 0;
struct rte_cryptodev_info dev_info;
uint64_t feat_flags;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
struct rte_mbuf *temp_mbuf;
rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
@@ -9905,7 +9899,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
struct ipsec_test_data *res_d_tmp = NULL;
uint8_t input_text[IPSEC_TEXT_MAX_LEN];
int salt_len, i, ret = TEST_SUCCESS;
- struct rte_security_ctx *ctx;
+ void *ctx;
uint32_t src, dst;
uint32_t verify;
@@ -11088,9 +11082,7 @@ test_docsis_proto_uplink(const void *data)
uint32_t crc_data_len;
int ret = TEST_SUCCESS;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
@@ -11272,9 +11264,7 @@ test_docsis_proto_downlink(const void *data)
int32_t cipher_len, crc_len;
int ret = TEST_SUCCESS;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
diff a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c (rejected hunks)
@@ -1249,7 +1249,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
}
int
-test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+test_ipsec_stats_verify(void *ctx,
void *sess,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir)
diff a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h (rejected hunks)
@@ -302,7 +302,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td,
enum rte_security_ipsec_sa_direction dir,
int pkt_num);
-int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+int test_ipsec_stats_verify(void *ctx,
void *sess,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
diff a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c (rejected hunks)
@@ -136,7 +136,7 @@ init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len)
static int
init_mempools(unsigned int nb_mbuf)
{
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
uint16_t nb_sess = 512;
uint32_t sess_sz;
char s[64];
@@ -482,7 +482,7 @@ test_macsec_post_process(struct rte_mbuf *m, const struct mcs_test_vector *td,
}
static void
-mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op,
+mcs_stats_dump(void *ctx, enum mcs_op op,
void *rx_sess, void *tx_sess,
uint8_t rx_sc_id, uint8_t tx_sc_id,
uint16_t rx_sa_id[], uint16_t tx_sa_id[])
@@ -667,7 +667,7 @@ mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op,
}
static int
-mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op,
+mcs_stats_check(void *ctx, enum mcs_op op,
const struct mcs_test_opts *opts,
const struct mcs_test_vector *td,
void *rx_sess, void *tx_sess,
@@ -900,7 +900,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
struct rte_security_macsec_sa sa_conf = {0};
struct rte_security_macsec_sc sc_conf = {0};
struct mcs_err_vector err_vector = {0};
- struct rte_security_ctx *ctx;
+ void *ctx;
int nb_rx = 0, nb_sent;
int i, j = 0, ret, id, an = 0;
uint8_t tci_off;
@@ -908,7 +908,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td);
- ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id);
+ ctx = rte_eth_dev_get_sec_ctx(port_id);
if (ctx == NULL) {
printf("Ethernet device doesn't support security features.\n");
return TEST_SKIPPED;
diff a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c (rejected hunks)
@@ -136,7 +136,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS];
/* Create Inline IPsec session */
static int
create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
- void **sess, struct rte_security_ctx **ctx,
+ void **sess, void **ctx,
uint32_t *ol_flags, const struct ipsec_test_flags *flags,
struct rte_security_session_conf *sess_conf)
{
@@ -149,7 +149,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
struct rte_security_capability_idx sec_cap_idx;
const struct rte_security_capability *sec_cap;
enum rte_security_ipsec_sa_direction dir;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
uint32_t verify;
sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
@@ -221,7 +221,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
sess_conf->userdata = (void *) sa;
- sec_ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(portid);
+ sec_ctx = rte_eth_dev_get_sec_ctx(portid);
if (sec_ctx == NULL) {
printf("Ethernet device doesn't support security features.\n");
return TEST_SKIPPED;
@@ -503,7 +503,7 @@ init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len, bool
static int
init_mempools(unsigned int nb_mbuf)
{
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
uint16_t nb_sess = 512;
uint32_t sess_sz;
char s[64];
@@ -846,7 +846,7 @@ test_ipsec_with_reassembly(struct reassembly_vector *vector,
struct rte_crypto_sym_xform auth_in = {0};
struct rte_crypto_sym_xform aead_in = {0};
struct ipsec_test_data sa_data;
- struct rte_security_ctx *ctx;
+ void *ctx;
unsigned int i, nb_rx = 0, j;
uint32_t ol_flags;
bool outer_ipv4;
@@ -1113,7 +1113,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
struct rte_crypto_sym_xform auth = {0};
struct rte_crypto_sym_xform aead = {0};
struct sa_expiry_vector vector = {0};
- struct rte_security_ctx *ctx;
+ void *ctx;
int nb_rx = 0, nb_sent;
uint32_t ol_flags;
int i, j = 0, ret;
@@ -1398,7 +1398,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
struct rte_mbuf *tx_pkt = NULL;
int nb_rx, nb_sent;
void *ses;
- struct rte_security_ctx *ctx;
+ void *ctx;
uint32_t ol_flags;
bool outer_ipv4;
int i, ret;
diff a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst (rejected hunks)
@@ -637,7 +637,7 @@ And the session mempool object size should be enough to accommodate
Once the session mempools have been created, ``rte_security_session_create()``
is used to allocate and initialize a session for the required crypto/ethernet device.
-Session APIs need a parameter ``rte_security_ctx`` to identify the crypto/ethernet
+Session APIs need an opaque handle to identify the crypto/ethernet
security ops. This parameter can be retrieved using the APIs
``rte_cryptodev_get_sec_ctx()`` (for crypto device) or ``rte_eth_dev_get_sec_ctx``
(for ethernet port).
diff a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst (rejected hunks)
@@ -139,9 +139,6 @@ Deprecation Notices
which got error interrupt to the application,
so that application can reset that particular queue pair.
-* security: Hide structures ``rte_security_ops`` and ``rte_security_ctx``
- as these are internal to DPDK library and drivers.
-
* eventdev: The single-event (non-burst) enqueue and dequeue operations,
used by static inline burst enqueue and dequeue functions in ``rte_eventdev.h``,
will be removed in DPDK 23.11.
diff a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst (rejected hunks)
@@ -144,6 +144,9 @@ API Changes
except ``rte_thread_setname()`` and ``rte_ctrl_thread_create()`` which are
replaced with ``rte_thread_set_name()`` and ``rte_thread_create_control()``.
+* security: Structures ``rte_security_ops`` and ``rte_security_ctx`` were moved to
+ internal library headers not visible to application.
+
ABI Changes
-----------
diff a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c (rejected hunks)
@@ -568,7 +568,7 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
static inline void
process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts,
- uint8_t nb_pkts, uint16_t portid, struct rte_security_ctx *ctx)
+ uint8_t nb_pkts, uint16_t portid, void *ctx)
{
struct ipsec_traffic traffic;
diff a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c (rejected hunks)
@@ -205,7 +205,7 @@ verify_ipsec_capabilities(struct rte_security_ipsec_xform *ipsec_xform,
static inline int
-verify_security_capabilities(struct rte_security_ctx *ctx,
+verify_security_capabilities(void *ctx,
struct rte_security_session_conf *sess_conf,
uint32_t *ol_flags)
{
@@ -327,9 +327,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
};
if (ips->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- cdev_id);
+ void *ctx = rte_cryptodev_get_sec_ctx(cdev_id);
/* Set IPsec parameters in conf */
set_ipsec_conf(sa, &(sess_conf.ipsec));
@@ -411,7 +409,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
struct rte_ipsec_session *ips)
{
int32_t ret = 0;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
struct rte_security_session_conf sess_conf = {
.action_type = ips->type,
.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
@@ -490,9 +488,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
struct rte_flow_error err;
int ret = 0;
- sec_ctx = (struct rte_security_ctx *)
- rte_eth_dev_get_sec_ctx(
- sa->portid);
+ sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid);
if (sec_ctx == NULL) {
RTE_LOG(ERR, IPSEC,
" rte_eth_dev_get_sec_ctx failed\n");
@@ -657,8 +653,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
return -1;
}
} else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
- sec_ctx = (struct rte_security_ctx *)
- rte_eth_dev_get_sec_ctx(sa->portid);
+ sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid);
if (sec_ctx == NULL) {
RTE_LOG(ERR, IPSEC,
diff a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h (rejected hunks)
@@ -279,7 +279,7 @@ struct cnt_blk {
struct lcore_rx_queue {
uint16_t port_id;
uint8_t queue_id;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
} __rte_cache_aligned;
struct buffer {
diff a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c (rejected hunks)
@@ -20,7 +20,7 @@
struct port_drv_mode_data {
void *sess;
- struct rte_security_ctx *ctx;
+ void *ctx;
};
typedef void (*ipsec_worker_fn_t)(void);
diff a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec-secgw/ipsec_worker.h (rejected hunks)
@@ -119,7 +119,7 @@ adjust_ipv6_pktlen(struct rte_mbuf *m, const struct rte_ipv6_hdr *iph,
}
static __rte_always_inline void
-prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt,
+prepare_one_packet(void *ctx, struct rte_mbuf *pkt,
struct ipsec_traffic *t)
{
uint32_t ptype = pkt->packet_type;
@@ -230,7 +230,7 @@ prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt,
}
static __rte_always_inline void
-prepare_traffic(struct rte_security_ctx *ctx, struct rte_mbuf **pkts,
+prepare_traffic(void *ctx, struct rte_mbuf **pkts,
struct ipsec_traffic *t, uint16_t nb_pkts)
{
int32_t i;
diff a/lib/security/rte_security.c b/lib/security/rte_security.c (rejected hunks)
@@ -60,11 +60,12 @@ rte_security_oop_dynfield_register(void)
}
void *
-rte_security_session_create(struct rte_security_ctx *instance,
+rte_security_session_create(void *ctx,
struct rte_security_session_conf *conf,
struct rte_mempool *mp)
{
struct rte_security_session *sess = NULL;
+ struct rte_security_ctx *instance = ctx;
uint32_t sess_priv_size;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
@@ -93,10 +94,10 @@ rte_security_session_create(struct rte_security_ctx *instance,
}
int
-rte_security_session_update(struct rte_security_ctx *instance,
- void *sess,
- struct rte_security_session_conf *conf)
+rte_security_session_update(void *ctx, void *sess, struct rte_security_session_conf *conf)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
-ENOTSUP);
RTE_PTR_OR_ERR_RET(sess, -EINVAL);
@@ -106,8 +107,10 @@ rte_security_session_update(struct rte_security_ctx *instance,
}
unsigned int
-rte_security_session_get_size(struct rte_security_ctx *instance)
+rte_security_session_get_size(void *ctx)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
return (sizeof(struct rte_security_session) +
@@ -115,10 +118,10 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
}
int
-rte_security_session_stats_get(struct rte_security_ctx *instance,
- void *sess,
- struct rte_security_stats *stats)
+rte_security_session_stats_get(void *ctx, void *sess, struct rte_security_stats *stats)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
-ENOTSUP);
/* Parameter sess can be NULL in case of getting global statistics. */
@@ -128,8 +131,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
}
int
-rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
+rte_security_session_destroy(void *ctx, void *sess)
{
+ struct rte_security_ctx *instance = ctx;
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
@@ -149,9 +153,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
}
int
-rte_security_macsec_sc_create(struct rte_security_ctx *instance,
- struct rte_security_macsec_sc *conf)
+rte_security_macsec_sc_create(void *ctx, struct rte_security_macsec_sc *conf)
{
+ struct rte_security_ctx *instance = ctx;
int sc_id;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_create, -EINVAL, -ENOTSUP);
@@ -165,9 +169,9 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance,
}
int
-rte_security_macsec_sa_create(struct rte_security_ctx *instance,
- struct rte_security_macsec_sa *conf)
+rte_security_macsec_sa_create(void *ctx, struct rte_security_macsec_sa *conf)
{
+ struct rte_security_ctx *instance = ctx;
int sa_id;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_create, -EINVAL, -ENOTSUP);
@@ -181,9 +185,10 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance,
}
int
-rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id,
+rte_security_macsec_sc_destroy(void *ctx, uint16_t sc_id,
enum rte_security_macsec_direction dir)
{
+ struct rte_security_ctx *instance = ctx;
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_destroy, -EINVAL, -ENOTSUP);
@@ -199,9 +204,10 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id
}
int
-rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id,
+rte_security_macsec_sa_destroy(void *ctx, uint16_t sa_id,
enum rte_security_macsec_direction dir)
{
+ struct rte_security_ctx *instance = ctx;
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_destroy, -EINVAL, -ENOTSUP);
@@ -217,10 +223,12 @@ rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id
}
int
-rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id,
+rte_security_macsec_sc_stats_get(void *ctx, uint16_t sc_id,
enum rte_security_macsec_direction dir,
struct rte_security_macsec_sc_stats *stats)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_stats_get, -EINVAL, -ENOTSUP);
RTE_PTR_OR_ERR_RET(stats, -EINVAL);
@@ -228,10 +236,12 @@ rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_
}
int
-rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id,
+rte_security_macsec_sa_stats_get(void *ctx, uint16_t sa_id,
enum rte_security_macsec_direction dir,
struct rte_security_macsec_sa_stats *stats)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_stats_get, -EINVAL, -ENOTSUP);
RTE_PTR_OR_ERR_RET(stats, -EINVAL);
@@ -239,10 +249,9 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_
}
int
-__rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- void *sess,
- struct rte_mbuf *m, void *params)
+__rte_security_set_pkt_metadata(void *ctx, void *sess, struct rte_mbuf *m, void *params)
{
+ struct rte_security_ctx *instance = ctx;
#ifdef RTE_DEBUG
RTE_PTR_OR_ERR_RET(sess, -EINVAL);
RTE_PTR_OR_ERR_RET(instance, -EINVAL);
@@ -255,19 +264,21 @@ __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
}
const struct rte_security_capability *
-rte_security_capabilities_get(struct rte_security_ctx *instance)
+rte_security_capabilities_get(void *ctx)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
return instance->ops->capabilities_get(instance->device);
}
const struct rte_security_capability *
-rte_security_capability_get(struct rte_security_ctx *instance,
- struct rte_security_capability_idx *idx)
+rte_security_capability_get(void *ctx, struct rte_security_capability_idx *idx)
{
const struct rte_security_capability *capabilities;
const struct rte_security_capability *capability;
+ struct rte_security_ctx *instance = ctx;
uint16_t i = 0;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
@@ -401,12 +412,12 @@ static int
security_capabilities_from_dev_id(int dev_id, const void **caps)
{
const struct rte_security_capability *capabilities;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
if (rte_cryptodev_is_valid_dev(dev_id) == 0)
return -EINVAL;
- sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id);
+ sec_ctx = rte_cryptodev_get_sec_ctx(dev_id);
RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL);
capabilities = rte_security_capabilities_get(sec_ctx);
diff a/lib/security/rte_security.h b/lib/security/rte_security.h (rejected hunks)
@@ -56,30 +56,6 @@ enum rte_security_ipsec_tunnel_type {
#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1
#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2
-/**
- * Security context for crypto/eth devices
- *
- * Security instance for each driver to register security operations.
- * The application can get the security context from the crypto/eth device id
- * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx()
- * This structure is used to identify the device(crypto/eth) for which the
- * security operations need to be performed.
- */
-struct rte_security_ctx {
- void *device;
- /**< Crypto/ethernet device attached */
- const struct rte_security_ops *ops;
- /**< Pointer to security ops for the device */
- uint16_t sess_cnt;
- /**< Number of sessions attached to this context */
- uint16_t macsec_sc_cnt;
- /**< Number of MACsec SC attached to this context */
- uint16_t macsec_sa_cnt;
- /**< Number of MACsec SA attached to this context */
- uint32_t flags;
- /**< Flags for security context */
-};
-
#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001
/**< Driver uses fast metadata update without using driver specific callback.
* For fast mdata, mbuf dynamic field would be registered by driver
@@ -695,7 +671,7 @@ struct rte_security_session_conf {
* - On failure, NULL
*/
void *
-rte_security_session_create(struct rte_security_ctx *instance,
+rte_security_session_create(void *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp);
@@ -711,7 +687,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_session_update(struct rte_security_ctx *instance,
+rte_security_session_update(void *instance,
void *sess,
struct rte_security_session_conf *conf);
@@ -725,7 +701,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
* - 0 if device is invalid or does not support the operation.
*/
unsigned int
-rte_security_session_get_size(struct rte_security_ctx *instance);
+rte_security_session_get_size(void *instance);
/**
* Free security session header and the session private data and
@@ -742,7 +718,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
* - other negative values in case of freeing private data errors.
*/
int
-rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
+rte_security_session_destroy(void *instance, void *sess);
/**
* @warning
@@ -761,7 +737,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
*/
__rte_experimental
int
-rte_security_macsec_sc_create(struct rte_security_ctx *instance,
+rte_security_macsec_sc_create(void *instance,
struct rte_security_macsec_sc *conf);
/**
@@ -780,7 +756,7 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id,
+rte_security_macsec_sc_destroy(void *instance, uint16_t sc_id,
enum rte_security_macsec_direction dir);
/**
@@ -800,7 +776,7 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id
*/
__rte_experimental
int
-rte_security_macsec_sa_create(struct rte_security_ctx *instance,
+rte_security_macsec_sa_create(void *instance,
struct rte_security_macsec_sa *conf);
/**
@@ -819,7 +795,7 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id,
+rte_security_macsec_sa_destroy(void *instance, uint16_t sa_id,
enum rte_security_macsec_direction dir);
/** Device-specific metadata field type */
@@ -889,6 +865,27 @@ static inline bool rte_security_dynfield_is_registered(void)
return rte_security_dynfield_offset >= 0;
}
+#define RTE_SECURITY_CTX_FLAGS_OFF 4
+/**
+ * Get security flags from security instance.
+ */
+static inline uint32_t
+rte_security_ctx_flags_get(void *ctx)
+{
+ return *((uint32_t *)ctx + RTE_SECURITY_CTX_FLAGS_OFF);
+}
+
+/**
+ * Set security flags in security instance.
+ */
+static inline void
+rte_security_ctx_flags_set(void *ctx, uint32_t flags)
+{
+ uint32_t *data;
+ data = (((uint32_t *)ctx) + RTE_SECURITY_CTX_FLAGS_OFF);
+ *data = flags;
+}
+
#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0
#define RTE_SECURITY_SESS_FAST_MDATA_OFF 1
/**
@@ -933,7 +930,7 @@ rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
/** Function to call PMD specific function pointer set_pkt_metadata() */
__rte_experimental
-int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
+int __rte_security_set_pkt_metadata(void *instance,
void *sess,
struct rte_mbuf *m, void *params);
@@ -951,12 +948,12 @@ int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
* - On failure, a negative value.
*/
static inline int
-rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
+rte_security_set_pkt_metadata(void *instance,
void *sess,
struct rte_mbuf *mb, void *params)
{
/* Fast Path */
- if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
+ if (rte_security_ctx_flags_get(instance) & RTE_SEC_CTX_F_FAST_SET_MDATA) {
*rte_security_dynfield(mb) = (rte_security_dynfield_t)
rte_security_session_fast_mdata_get(sess);
return 0;
@@ -1105,7 +1102,7 @@ struct rte_security_stats {
*/
__rte_experimental
int
-rte_security_session_stats_get(struct rte_security_ctx *instance,
+rte_security_session_stats_get(void *instance,
void *sess,
struct rte_security_stats *stats);
@@ -1125,7 +1122,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance,
+rte_security_macsec_sa_stats_get(void *instance,
uint16_t sa_id, enum rte_security_macsec_direction dir,
struct rte_security_macsec_sa_stats *stats);
@@ -1145,7 +1142,7 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance,
+rte_security_macsec_sc_stats_get(void *instance,
uint16_t sc_id, enum rte_security_macsec_direction dir,
struct rte_security_macsec_sc_stats *stats);
@@ -1296,7 +1293,7 @@ struct rte_security_capability_idx {
* - Return NULL if no capabilities available.
*/
const struct rte_security_capability *
-rte_security_capabilities_get(struct rte_security_ctx *instance);
+rte_security_capabilities_get(void *instance);
/**
* Query if a specific capability is available on security instance
@@ -1310,7 +1307,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
* - Return NULL if the capability not matched on security instance.
*/
const struct rte_security_capability *
-rte_security_capability_get(struct rte_security_ctx *instance,
+rte_security_capability_get(void *instance,
struct rte_security_capability_idx *idx);
#ifdef __cplusplus
diff a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h (rejected hunks)
@@ -37,6 +37,30 @@ struct rte_security_session {
/**< Private session material, variable size (depends on driver) */
};
+/**
+ * Security context for crypto/eth devices
+ *
+ * Security instance for each driver to register security operations.
+ * The application can get the security context from the crypto/eth device id
+ * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx()
+ * This structure is used to identify the device(crypto/eth) for which the
+ * security operations need to be performed.
+ */
+struct rte_security_ctx {
+ void *device;
+ /**< Crypto/ethernet device attached */
+ const struct rte_security_ops *ops;
+ /**< Pointer to security ops for the device */
+ uint32_t flags;
+ /**< Flags for security context */
+ uint16_t sess_cnt;
+ /**< Number of sessions attached to this context */
+ uint16_t macsec_sc_cnt;
+ /**< Number of MACsec SC attached to this context */
+ uint16_t macsec_sa_cnt;
+ /**< Number of MACsec SA attached to this context */
+};
+
/**
* Helper macro to get driver private data
*/
https://lab.dpdk.org/results/dashboard/patchsets/27726/
UNH-IOL DPDK Community Lab
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-09-26 18:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-26 18:32 |WARNING| pw131937 [PATCH] [v4] security: hide security context dpdklab
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).