From: Boris Pismenny <borisp@mellanox.com>
To: Thomas Monjalon <thomas@monjalon.net>, "dev@dpdk.org" <dev@dpdk.org>
Cc: Hemant Agrawal <hemant.agrawal@nxp.com>,
Akhil Goyal <akhil.goyal@nxp.com>,
"declan.doherty@intel.com" <declan.doherty@intel.com>,
"radu.nicolau@intel.com" <radu.nicolau@intel.com>,
Aviad Yehezkel <aviadye@mellanox.com>,
"pablo.de.lara.guarch@intel.com" <pablo.de.lara.guarch@intel.com>,
Boris Pismenny <borisp@mellanox.com>
Subject: Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
Date: Mon, 7 Aug 2017 18:07:02 +0000 [thread overview]
Message-ID: <DB6PR05MB3176DCD9B5A237F2DFB7E165B0B50@DB6PR05MB3176.eurprd05.prod.outlook.com> (raw)
In-Reply-To: <2679300.3rDZ1MV7ox@xps>
> From: Thomas Monjalon [mailto:thomas@monjalon.net]
> 04/08/2017 07:26, Hemant Agrawal:
> > On 8/3/2017 9:02 PM, Akhil Goyal wrote:
> > > Support for security operations is planned to be added in ethdev and
> > > cryptodev for the 17.11 release.
> > >
> > > For this following changes are required.
> > > - rte_cryptodev and rte_eth_dev structures need to be added new
> > > parameter rte_security_ops which extend support for security ops to
> > > the corresponding driver.
> > > - rte_cryptodev_info and rte_ethd_dev_info need to be added with
> > > rte_security_capabilities to identify the capabilities of the
> > > corresponding driver.
>
> It is not explained what is the fundamental difference between rte_security
> and rte_crypto?
> It looks to be just a technical workaround.
rte_security is a layer between crypto and NIC.
Today crypto sessions are created exclusively against crypto devices, but they don't use network related fields, while the network namespace doesn't use crypto related fields. We expect this API to represent crypto sessions that combine network fields and allow to add/delete them for all devices.
For NICs we will use rte_flow with rte_security for inline/full crypto protocol offload such as ESP.
>
> Why the ABI would be changed by rte_security additions?
>
> > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> > >
> > Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
>
> No more opinions outside of NXP?
> It seems there is not yet a consensus on how to manage IPsec offloading.
> I heard there were some phone calls about these stuff but nothing clear
> appears publicly on the mailing list.
> Looks to be a community failure.
We agreed to go ahead with this approach on one such phone call. I hope we could use the dpdk github for development.
Acked-by: Boris Pismenny <borisp@mellanox.com>
next prev parent reply other threads:[~2017-08-07 18:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-03 15:32 Akhil Goyal
2017-08-04 5:26 ` Hemant Agrawal
2017-08-07 17:41 ` Thomas Monjalon
2017-08-07 18:07 ` Boris Pismenny [this message]
2017-08-08 5:03 ` Shahaf Shuler
2017-08-08 10:00 ` Thomas Monjalon
2017-08-04 9:28 ` De Lara Guarch, Pablo
2017-08-04 15:25 ` De Lara Guarch, Pablo
2017-08-08 6:54 ` Akhil Goyal
2017-08-08 7:09 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2017-08-08 8:08 ` De Lara Guarch, Pablo
2017-08-08 8:42 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DB6PR05MB3176DCD9B5A237F2DFB7E165B0B50@DB6PR05MB3176.eurprd05.prod.outlook.com \
--to=borisp@mellanox.com \
--cc=akhil.goyal@nxp.com \
--cc=aviadye@mellanox.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).