From: Aviad Yehezkel <aviadye@dev.mellanox.co.il>
To: Akhil Goyal <akhil.goyal@nxp.com>, dev@dpdk.org
Cc: declan.doherty@intel.com, pablo.de.lara.guarch@intel.com,
hemant.agrawal@nxp.com, radu.nicolau@intel.com,
borisp@mellanox.com, aviadye@mellanox.com, thomas@monjalon.net,
sandeep.malik@nxp.com, jerin.jacob@caviumnetworks.com,
john.mcnamara@intel.com, konstantin.ananyev@intel.com,
shahafs@mellanox.com, olivier.matz@6wind.com
Subject: Re: [dpdk-dev] [PATCH v4 01/12] lib/rte_security: add security library
Date: Sun, 15 Oct 2017 15:47:21 +0300 [thread overview]
Message-ID: <ce39b8c4-5e1c-4da3-8ff2-e0025763c4b4@dev.mellanox.co.il> (raw)
In-Reply-To: <20171014221734.15511-2-akhil.goyal@nxp.com>
On 10/15/2017 1:17 AM, Akhil Goyal wrote:
> rte_security library provides APIs for security session
> create/free for protocol offload or offloaded crypto
> operation to ethernet device.
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> Signed-off-by: Boris Pismenny <borisp@mellanox.com>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> lib/librte_security/Makefile | 53 +++
> lib/librte_security/rte_security.c | 149 ++++++++
> lib/librte_security/rte_security.h | 535 +++++++++++++++++++++++++++
> lib/librte_security/rte_security_driver.h | 155 ++++++++
> lib/librte_security/rte_security_version.map | 13 +
> 5 files changed, 905 insertions(+)
> create mode 100644 lib/librte_security/Makefile
> create mode 100644 lib/librte_security/rte_security.c
> create mode 100644 lib/librte_security/rte_security.h
> create mode 100644 lib/librte_security/rte_security_driver.h
> create mode 100644 lib/librte_security/rte_security_version.map
>
> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
> new file mode 100644
> index 0000000..af87bb2
> --- /dev/null
> +++ b/lib/librte_security/Makefile
> @@ -0,0 +1,53 @@
> +# BSD LICENSE
> +#
> +# Copyright(c) 2017 Intel Corporation. All rights reserved.
> +#
> +# Redistribution and use in source and binary forms, with or without
> +# modification, are permitted provided that the following conditions
> +# are met:
> +#
> +# * Redistributions of source code must retain the above copyright
> +# notice, this list of conditions and the following disclaimer.
> +# * Redistributions in binary form must reproduce the above copyright
> +# notice, this list of conditions and the following disclaimer in
> +# the documentation and/or other materials provided with the
> +# distribution.
> +# * Neither the name of Intel Corporation nor the names of its
> +# contributors may be used to endorse or promote products derived
> +# from this software without specific prior written permission.
> +#
> +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> +
> +include $(RTE_SDK)/mk/rte.vars.mk
> +
> +# library name
> +LIB = librte_security.a
> +
> +# library version
> +LIBABIVER := 1
> +
> +# build flags
> +CFLAGS += -O3
> +CFLAGS += $(WERROR_FLAGS)
> +
> +# library source files
> +SRCS-y += rte_security.c
> +
> +# export include files
> +SYMLINK-y-include += rte_security.h
> +SYMLINK-y-include += rte_security_driver.h
> +
> +# versioning export map
> +EXPORT_MAP := rte_security_version.map
> +
> +include $(RTE_SDK)/mk/rte.lib.mk
> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
> new file mode 100644
> index 0000000..1227fca
> --- /dev/null
> +++ b/lib/librte_security/rte_security.c
> @@ -0,0 +1,149 @@
> +/*-
> + * BSD LICENSE
> + *
> + * Copyright 2017 NXP.
> + * Copyright(c) 2017 Intel Corporation. All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + *
> + * * Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * * Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer in
> + * the documentation and/or other materials provided with the
> + * distribution.
> + * * Neither the name of NXP nor the names of its
> + * contributors may be used to endorse or promote products derived
> + * from this software without specific prior written permission.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + */
> +
> +#include <rte_malloc.h>
> +#include <rte_dev.h>
> +
> +#include "rte_security.h"
> +#include "rte_security_driver.h"
> +
> +struct rte_security_session *
> +rte_security_session_create(struct rte_security_ctx *instance,
> + struct rte_security_session_conf *conf,
> + struct rte_mempool *mp)
> +{
> + struct rte_security_session *sess = NULL;
> +
> + if (conf == NULL)
> + return NULL;
> +
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
> +
> + if (rte_mempool_get(mp, (void *)&sess))
> + return NULL;
> +
> + if (instance->ops->session_create(instance->device, conf, sess, mp)) {
> + rte_mempool_put(mp, (void *)sess);
> + return NULL;
> + }
> + instance->sess_cnt++;
> +
> + return sess;
> +}
> +
> +int
> +rte_security_session_update(struct rte_security_ctx *instance,
> + struct rte_security_session *sess,
> + struct rte_security_session_conf *conf)
> +{
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_update, -ENOTSUP);
> + return instance->ops->session_update(instance->device, sess, conf);
> +}
> +
> +int
> +rte_security_session_stats_get(struct rte_security_ctx *instance,
> + struct rte_security_session *sess,
> + struct rte_security_stats *stats)
> +{
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_stats_get, -ENOTSUP);
> + return instance->ops->session_stats_get(instance->device, sess, stats);
> +}
> +
> +int
> +rte_security_session_destroy(struct rte_security_ctx *instance,
> + struct rte_security_session *sess)
> +{
> + int ret;
> + struct rte_mempool *mp = rte_mempool_from_obj(sess);
> +
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_destroy, -ENOTSUP);
> +
> + if (instance->sess_cnt)
> + instance->sess_cnt--;
> +
> + ret = instance->ops->session_destroy(instance->device, sess);
> + if (!ret)
> + rte_mempool_put(mp, (void *)sess);
> +
> + return ret;
> +}
> +
> +int
> +rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> + struct rte_security_session *sess,
> + struct rte_mbuf *m, void *params)
> +{
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
> + return instance->ops->set_pkt_metadata(instance->device,
> + sess, m, params);
> +}
> +
> +const struct rte_security_capability *
> +rte_security_capabilities_get(struct rte_security_ctx *instance)
> +{
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> + return instance->ops->capabilities_get(instance->device);
> +}
> +
> +const struct rte_security_capability *
> +rte_security_capability_get(struct rte_security_ctx *instance,
> + struct rte_security_capability_idx *idx)
> +{
> + const struct rte_security_capability *capabilities;
> + const struct rte_security_capability *capability;
> + uint16_t i = 0;
> +
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> + capabilities = instance->ops->capabilities_get(instance->device);
> +
> + if (capabilities == NULL)
> + return NULL;
> +
> + while ((capability = &capabilities[i++])->action
> + != RTE_SECURITY_ACTION_TYPE_NONE) {
> + if (capability->action == idx->action &&
> + capability->protocol == idx->protocol) {
> + if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
> + if (capability->ipsec.proto ==
> + idx->ipsec.proto &&
> + capability->ipsec.mode ==
> + idx->ipsec.mode &&
> + capability->ipsec.direction ==
> + idx->ipsec.direction)
> + return capability;
> + }
> + }
> + }
> +
> + return NULL;
> +}
> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> new file mode 100644
> index 0000000..416bbfd
> --- /dev/null
> +++ b/lib/librte_security/rte_security.h
> @@ -0,0 +1,535 @@
> +/*-
> + * BSD LICENSE
> + *
> + * Copyright 2017 NXP.
> + * Copyright(c) 2017 Intel Corporation. All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + *
> + * * Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * * Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer in
> + * the documentation and/or other materials provided with the
> + * distribution.
> + * * Neither the name of NXP nor the names of its
> + * contributors may be used to endorse or promote products derived
> + * from this software without specific prior written permission.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + */
> +
> +#ifndef _RTE_SECURITY_H_
> +#define _RTE_SECURITY_H_
> +
> +/**
> + * @file rte_security.h
> + *
> + * RTE Security Common Definitions
> + *
> + */
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +#include <sys/types.h>
> +
> +#include <netinet/in.h>
> +#include <netinet/ip.h>
> +#include <netinet/ip6.h>
> +
> +#include <rte_common.h>
> +#include <rte_crypto.h>
> +#include <rte_mbuf.h>
> +#include <rte_memory.h>
> +#include <rte_mempool.h>
> +
> +/** IPSec protocol mode */
> +enum rte_security_ipsec_sa_mode {
> + RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
> + /**< IPSec Transport mode */
> + RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
> + /**< IPSec Tunnel mode */
> +};
> +
> +/** IPSec Protocol */
> +enum rte_security_ipsec_sa_protocol {
> + RTE_SECURITY_IPSEC_SA_PROTO_AH,
> + /**< AH protocol */
> + RTE_SECURITY_IPSEC_SA_PROTO_ESP,
> + /**< ESP protocol */
> +};
> +
> +/** IPSEC tunnel type */
> +enum rte_security_ipsec_tunnel_type {
> + RTE_SECURITY_IPSEC_TUNNEL_IPV4,
> + /**< Outer header is IPv4 */
> + RTE_SECURITY_IPSEC_TUNNEL_IPV6,
> + /**< Outer header is IPv6 */
> +};
> +
> +/**
> + * Security context for crypto/eth devices
> + *
> + * Security instance for each driver to register security operations.
> + * The application can get the security context from the crypto/eth device id
> + * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx()
> + * This structure is used to identify the device(crypto/eth) for which the
> + * security operations need to be performed.
> + */
> +struct rte_security_ctx {
> + enum {
> + RTE_SECURITY_INSTANCE_INVALID,
> + /**< Security context is invalid */
> + RTE_SECURITY_INSTANCE_VALID
> + /**< Security context is valid */
> + } state;
> + /**< Current state of security context */
> + void *device;
> + /**< Crypto/ethernet device attached */
> + struct rte_security_ops *ops;
> + /**< Pointer to security ops for the device */
> + uint16_t sess_cnt;
> + /**< Number of sessions attached to this context */
> +};
> +
> +/**
> + * IPSEC tunnel parameters
> + *
> + * These parameters are used to build outbound tunnel headers.
> + */
> +struct rte_security_ipsec_tunnel_param {
> + enum rte_security_ipsec_tunnel_type type;
> + /**< Tunnel type: IPv4 or IPv6 */
> + RTE_STD_C11
> + union {
> + struct {
> + struct in_addr src_ip;
> + /**< IPv4 source address */
> + struct in_addr dst_ip;
> + /**< IPv4 destination address */
> + uint8_t dscp;
> + /**< IPv4 Differentiated Services Code Point */
> + uint8_t df;
> + /**< IPv4 Don't Fragment bit */
> + uint8_t ttl;
> + /**< IPv4 Time To Live */
> + } ipv4;
> + /**< IPv4 header parameters */
> + struct {
> + struct in6_addr src_addr;
> + /**< IPv6 source address */
> + struct in6_addr dst_addr;
> + /**< IPv6 destination address */
> + uint8_t dscp;
> + /**< IPv6 Differentiated Services Code Point */
> + uint32_t flabel;
> + /**< IPv6 flow label */
> + uint8_t hlimit;
> + /**< IPv6 hop limit */
> + } ipv6;
> + /**< IPv6 header parameters */
> + };
> +};
> +
> +/**
> + * IPsec Security Association option flags
> + */
> +struct rte_security_ipsec_sa_options {
> + /**< Extended Sequence Numbers (ESN)
> + *
> + * * 1: Use extended (64 bit) sequence numbers
> + * * 0: Use normal sequence numbers
> + */
> + uint32_t esn : 1;
> +
> + /**< UDP encapsulation
> + *
> + * * 1: Do UDP encapsulation/decapsulation so that IPSEC packets can
> + * traverse through NAT boxes.
> + * * 0: No UDP encapsulation
> + */
> + uint32_t udp_encap : 1;
> +
> + /**< Copy DSCP bits
> + *
> + * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
> + * the outer IP header in encapsulation, and vice versa in
> + * decapsulation.
> + * * 0: Do not change DSCP field.
> + */
> + uint32_t copy_dscp : 1;
> +
> + /**< Copy IPv6 Flow Label
> + *
> + * * 1: Copy IPv6 flow label from inner IPv6 header to the
> + * outer IPv6 header.
> + * * 0: Outer header is not modified.
> + */
> + uint32_t copy_flabel : 1;
> +
> + /**< Copy IPv4 Don't Fragment bit
> + *
> + * * 1: Copy the DF bit from the inner IPv4 header to the outer
> + * IPv4 header.
> + * * 0: Outer header is not modified.
> + */
> + uint32_t copy_df : 1;
> +
> + /**< Decrement inner packet Time To Live (TTL) field
> + *
> + * * 1: In tunnel mode, decrement inner packet IPv4 TTL or
> + * IPv6 Hop Limit after tunnel decapsulation, or before tunnel
> + * encapsulation.
> + * * 0: Inner packet is not modified.
> + */
> + uint32_t dec_ttl : 1;
> +};
> +
> +/** IPSec security association direction */
> +enum rte_security_ipsec_sa_direction {
> + RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
> + /**< Encrypt and generate digest */
> + RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
> + /**< Verify digest and decrypt */
> +};
> +
> +/**
> + * IPsec security association configuration data.
> + *
> + * This structure contains data required to create an IPsec SA security session.
> + */
> +struct rte_security_ipsec_xform {
> + uint32_t spi;
> + /**< SA security parameter index */
> + uint32_t salt;
> + /**< SA salt */
> + struct rte_security_ipsec_sa_options options;
> + /**< various SA options */
> + enum rte_security_ipsec_sa_direction direction;
> + /**< IPSec SA Direction - Egress/Ingress */
> + enum rte_security_ipsec_sa_protocol proto;
> + /**< IPsec SA Protocol - AH/ESP */
> + enum rte_security_ipsec_sa_mode mode;
> + /**< IPsec SA Mode - transport/tunnel */
> + struct rte_security_ipsec_tunnel_param tunnel;
> + /**< Tunnel parameters, NULL for transport mode */
> +};
> +
> +/**
> + * MACsec security session configuration
> + */
> +struct rte_security_macsec_xform {
> + /** To be Filled */
> +};
> +
> +/**
> + * Security session action type.
> + */
> +enum rte_security_session_action_type {
> + RTE_SECURITY_ACTION_TYPE_NONE,
> + /**< No security actions */
> + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
> + /**< Crypto processing for security protocol is processed inline
> + * during transmission
> + */
> + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
> + /**< All security protocol processing is performed inline during
> + * transmission
> + */
> + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
> + /**< All security protocol processing including crypto is performed
> + * on a lookaside accelerator
> + */
> +};
> +
> +/** Security session protocol definition */
> +enum rte_security_session_protocol {
> + RTE_SECURITY_PROTOCOL_IPSEC,
> + /**< IPsec Protocol */
> + RTE_SECURITY_PROTOCOL_MACSEC,
> + /**< MACSec Protocol */
> +};
> +
> +/**
> + * Security session configuration
> + */
> +struct rte_security_session_conf {
> + enum rte_security_session_action_type action_type;
> + /**< Type of action to be performed on the session */
> + enum rte_security_session_protocol protocol;
> + /**< Security protocol to be configured */
> + union {
> + struct rte_security_ipsec_xform ipsec;
> + struct rte_security_macsec_xform macsec;
> + };
> + /**< Configuration parameters for security session */
> + struct rte_crypto_sym_xform *crypto_xform;
> + /**< Security Session Crypto Transformations */
> +};
> +
> +struct rte_security_session {
> + void *sess_private_data;
> + /**< Private session material */
> +};
> +
> +/**
> + * Create security session as specified by the session configuration
> + *
> + * @param instance security instance
> + * @param conf session configuration parameters
> + * @param mp mempool to allocate session objects from
> + * @return
> + * - On success, pointer to session
> + * - On failure, NULL
> + */
> +struct rte_security_session *
> +rte_security_session_create(struct rte_security_ctx *instance,
> + struct rte_security_session_conf *conf,
> + struct rte_mempool *mp);
> +
> +/**
> + * Update security session as specified by the session configuration
> + *
> + * @param instance security instance
> + * @param sess session to update parameters
> + * @param conf update configuration parameters
> + * @return
> + * - On success returns 0
> + * - On failure return errno
> + */
> +int
> +rte_security_session_update(struct rte_security_ctx *instance,
> + struct rte_security_session *sess,
> + struct rte_security_session_conf *conf);
> +
> +/**
> + * Free security session header and the session private data and
> + * return it to its original mempool.
> + *
> + * @param instance security instance
> + * @param sess security session to freed
> + *
> + * @return
> + * - 0 if successful.
> + * - -EINVAL if session is NULL.
> + * - -EBUSY if not all device private data has been freed.
> + */
> +int
> +rte_security_session_destroy(struct rte_security_ctx *instance,
> + struct rte_security_session *sess);
> +
> +/**
> + * Updates the buffer with device-specific defined metadata
> + *
> + * @param instance security instance
> + * @param sess security session
> + * @param mb packet mbuf to set metadata on.
> + * @param params device-specific defined parameters
> + * required for metadata
> + *
> + * @return
> + * - On success, zero.
> + * - On failure, a negative value.
> + */
> +int
> +rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> + struct rte_security_session *sess,
> + struct rte_mbuf *mb, void *params);
> +
> +/**
> + * Attach a session to a symmetric crypto operation
> + *
> + * @param sym_op crypto operation
> + * @param sess security session
> + */
> +static inline int
> +__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
> + struct rte_security_session *sess)
> +{
> + sym_op->sec_session = sess;
> +
> + return 0;
> +}
> +
> +static inline void *
> +get_sec_session_private_data(const struct rte_security_session *sess)
> +{
> + return sess->sess_private_data;
> +}
> +
> +static inline void
> +set_sec_session_private_data(struct rte_security_session *sess,
> + void *private_data)
> +{
> + sess->sess_private_data = private_data;
> +}
> +
> +/**
> + * Attach a session to a crypto operation.
> + * This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD
> + * For other rte_security_session_action_type, ol_flags in rte_mbuf may be
> + * defined to perform security operations.
> + *
> + * @param op crypto operation
> + * @param sess security session
> + */
> +static inline int
> +rte_security_attach_session(struct rte_crypto_op *op,
> + struct rte_security_session *sess)
> +{
> + if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
> + return -EINVAL;
> +
> + op->sess_type = RTE_CRYPTO_OP_SECURITY_SESSION;
> +
> + return __rte_security_attach_session(op->sym, sess);
> +}
> +
> +struct rte_security_macsec_stats {
> + uint64_t reserved;
> +};
> +
> +struct rte_security_ipsec_stats {
> + uint64_t reserved;
> +
> +};
> +
> +struct rte_security_stats {
> + enum rte_security_session_protocol protocol;
> + /**< Security protocol to be configured */
> +
> + union {
> + struct rte_security_macsec_stats macsec;
> + struct rte_security_ipsec_stats ipsec;
> + };
> +};
> +
> +/**
> + * Get security session statistics
> + *
> + * @param instance security instance
> + * @param sess security session
> + * @param stats statistics
> + * @return
> + * - On success return 0
> + * - On failure errno
> + */
> +int
> +rte_security_session_stats_get(struct rte_security_ctx *instance,
> + struct rte_security_session *sess,
> + struct rte_security_stats *stats);
> +
> +/**
> + * Security capability definition
> + */
> +struct rte_security_capability {
> + enum rte_security_session_action_type action;
> + /**< Security action type*/
> + enum rte_security_session_protocol protocol;
> + /**< Security protocol */
> + RTE_STD_C11
> + union {
> + struct {
> + enum rte_security_ipsec_sa_protocol proto;
> + /**< IPsec SA protocol */
> + enum rte_security_ipsec_sa_mode mode;
> + /**< IPsec SA mode */
> + enum rte_security_ipsec_sa_direction direction;
> + /**< IPsec SA direction */
> + struct rte_security_ipsec_sa_options options;
> + /**< IPsec SA supported options */
> + } ipsec;
> + /**< IPsec capability */
> + struct {
> + /* To be Filled */
> + } macsec;
> + /**< MACsec capability */
> + };
> +
> + const struct rte_cryptodev_capabilities *crypto_capabilities;
> + /**< Corresponding crypto capabilities for security capability */
> +
> + uint32_t ol_flags;
> + /**< Device offload flags */
> +};
> +
> +#define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001
> +/**< HW needs metadata update, see rte_security_set_pkt_metadata().
> + */
> +
> +#define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002
> +/**< HW constructs trailer of packets
> + * Transmitted packets will have the trailer added to them
> + * by hardawre. The next protocol field will be based on
> + * the mbuf->inner_esp_next_proto field.
> + */
> +#define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000
> +/**< HW removes trailer of packets
> + * Received packets have no trailer, the next protocol field
> + * is supplied in the mbuf->inner_esp_next_proto field.
> + * Inner packet is not modified.
> + */
> +
> +/**
> + * Security capability index used to query a security instance for a specific
> + * security capability
> + */
> +struct rte_security_capability_idx {
> + enum rte_security_session_action_type action;
> + enum rte_security_session_protocol protocol;
> +
> + union {
> + struct {
> + enum rte_security_ipsec_sa_protocol proto;
> + enum rte_security_ipsec_sa_mode mode;
> + enum rte_security_ipsec_sa_direction direction;
> + } ipsec;
> + };
> +};
> +
> +/**
> + * Returns array of security instance capabilities
> + *
> + * @param instance Security instance.
> + *
> + * @return
> + * - Returns array of security capabilities.
> + * - Return NULL if no capabilities available.
> + */
> +const struct rte_security_capability *
> +rte_security_capabilities_get(struct rte_security_ctx *instance);
> +
> +/**
> + * Query if a specific capability is available on security instance
> + *
> + * @param instance security instance.
> + * @param idx security capability index to match against
> + *
> + * @return
> + * - Returns pointer to security capability on match of capability
> + * index criteria.
> + * - Return NULL if the capability not matched on security instance.
> + */
> +const struct rte_security_capability *
> +rte_security_capability_get(struct rte_security_ctx *instance,
> + struct rte_security_capability_idx *idx);
> +
> +#ifdef __cplusplus
> +}
> +#endif
> +
> +#endif /* _RTE_SECURITY_H_ */
> diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
> new file mode 100644
> index 0000000..78814fa
> --- /dev/null
> +++ b/lib/librte_security/rte_security_driver.h
> @@ -0,0 +1,155 @@
> +/*-
> + * BSD LICENSE
> + *
> + * Copyright(c) 2017 Intel Corporation. All rights reserved.
> + * Copyright 2017 NXP.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + *
> + * * Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * * Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer in
> + * the documentation and/or other materials provided with the
> + * distribution.
> + * * Neither the name of Intel Corporation nor the names of its
> + * contributors may be used to endorse or promote products derived
> + * from this software without specific prior written permission.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + */
> +
> +#ifndef _RTE_SECURITY_DRIVER_H_
> +#define _RTE_SECURITY_DRIVER_H_
> +
> +/**
> + * @file rte_security_driver.h
> + *
> + * RTE Security Common Definitions
> + *
> + */
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +#include "rte_security.h"
> +
> +/**
> + * Configure a security session on a device.
> + *
> + * @param device Crypto/eth device pointer
> + * @param conf Security session configuration
> + * @param sess Pointer to Security private session structure
> + * @param mp Mempool where the private session is allocated
> + *
> + * @return
> + * - Returns 0 if private session structure have been created successfully.
> + * - Returns -EINVAL if input parameters are invalid.
> + * - Returns -ENOTSUP if crypto device does not support the crypto transform.
> + * - Returns -ENOMEM if the private session could not be allocated.
> + */
> +typedef int (*security_session_create_t)(void *device,
> + struct rte_security_session_conf *conf,
> + struct rte_security_session *sess,
> + struct rte_mempool *mp);
> +
> +/**
> + * Free driver private session data.
> + *
> + * @param dev Crypto/eth device pointer
> + * @param sess Security session structure
> + */
> +typedef int (*security_session_destroy_t)(void *device,
> + struct rte_security_session *sess);
> +
> +/**
> + * Update driver private session data.
> + *
> + * @param device Crypto/eth device pointer
> + * @param sess Pointer to Security private session structure
> + * @param conf Security session configuration
> + *
> + * @return
> + * - Returns 0 if private session structure have been updated successfully.
> + * - Returns -EINVAL if input parameters are invalid.
> + * - Returns -ENOTSUP if crypto device does not support the crypto transform.
> + */
> +typedef int (*security_session_update_t)(void *device,
> + struct rte_security_session *sess,
> + struct rte_security_session_conf *conf);
> +/**
> + * Get stats from the PMD.
> + *
> + * @param device Crypto/eth device pointer
> + * @param sess Pointer to Security private session structure
> + * @param stats Security stats of the driver
> + *
> + * @return
> + * - Returns 0 if private session structure have been updated successfully.
> + * - Returns -EINVAL if session parameters are invalid.
> + */
> +typedef int (*security_session_stats_get_t)(void *device,
> + struct rte_security_session *sess,
> + struct rte_security_stats *stats);
> +
> +/**
> + * Update the mbuf with provided metadata.
> + *
> + * @param sess Security session structure
> + * @param mb Packet buffer
> + * @param mt Metadata
> + *
> + * @return
> + * - Returns 0 if metadata updated successfully.
> + * - Returns -ve value for errors.
> + */
> +typedef int (*security_set_pkt_metadata_t)(void *device,
> + struct rte_security_session *sess, struct rte_mbuf *m,
> + void *params);
> +
> +/**
> + * Get security capabilities of the device.
> + *
> + * @param device crypto/eth device pointer
> + *
> + * @return
> + * - Returns rte_security_capability pointer on success.
> + * - Returns NULL on error.
> + */
> +typedef const struct rte_security_capability *(*security_capabilities_get_t)(
> + void *device);
> +
> +/** Security operations function pointer table */
> +struct rte_security_ops {
> + security_session_create_t session_create;
> + /**< Configure a security session. */
> + security_session_update_t session_update;
> + /**< Update a security session. */
> + security_session_stats_get_t session_stats_get;
> + /**< Get security session statistics. */
> + security_session_destroy_t session_destroy;
> + /**< Clear a security sessions private data. */
> + security_set_pkt_metadata_t set_pkt_metadata;
> + /**< Update mbuf metadata. */
> + security_capabilities_get_t capabilities_get;
> + /**< Get security capabilities. */
> +};
> +
> +#ifdef __cplusplus
> +}
> +#endif
> +
> +#endif /* _RTE_SECURITY_DRIVER_H_ */
> diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
> new file mode 100644
> index 0000000..8af7fc1
> --- /dev/null
> +++ b/lib/librte_security/rte_security_version.map
> @@ -0,0 +1,13 @@
> +DPDK_17.11 {
> + global:
> +
> + rte_security_attach_session;
> + rte_security_capabilities_get;
> + rte_security_capability_get;
> + rte_security_session_create;
> + rte_security_session_destroy;
> + rte_security_session_stats_get;
> + rte_security_session_update;
> + rte_security_set_pkt_metadata;
> +
> +};
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
next prev parent reply other threads:[~2017-10-15 12:47 UTC|newest]
Thread overview: 195+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-14 8:26 [dpdk-dev] [PATCH 00/11] introduce security offload library Akhil Goyal
2017-09-14 8:26 ` [dpdk-dev] [PATCH 01/11] lib/rte_security: add security library Akhil Goyal
2017-09-15 5:32 ` Hemant Agrawal
2017-09-17 13:31 ` Boris Pismenny
2017-09-20 11:35 ` Akhil Goyal
2017-09-18 13:13 ` Jerin Jacob
2017-09-22 11:55 ` Radu Nicolau
2017-09-14 8:26 ` [dpdk-dev] [PATCH 02/11] doc: add details of rte security Akhil Goyal
2017-09-18 11:13 ` Jerin Jacob
2017-09-20 10:59 ` Akhil Goyal
2017-09-18 15:38 ` Mcnamara, John
2017-09-20 11:00 ` Akhil Goyal
2017-09-14 8:26 ` [dpdk-dev] [PATCH 03/11] cryptodev: extend cryptodev to support security APIs Akhil Goyal
2017-09-14 8:26 ` [dpdk-dev] [PATCH 04/11] lib/librte_net: add ESP header to generic flow steering Akhil Goyal
2017-09-15 4:51 ` Hemant Agrawal
2017-09-17 7:19 ` Boris Pismenny
2017-09-14 8:26 ` [dpdk-dev] [PATCH 05/11] lib/librte_mbuf: add security crypto flags and mbuf fields Akhil Goyal
2017-09-18 7:54 ` Boris Pismenny
2017-09-20 9:43 ` Olivier MATZ
2017-09-26 10:19 ` Boris Pismenny
2017-09-14 8:26 ` [dpdk-dev] [PATCH 06/11] ethdev: extend ethdev to support security APIs Akhil Goyal
2017-09-17 13:45 ` Shahaf Shuler
2017-09-22 11:42 ` Radu Nicolau
2017-09-18 7:57 ` Jerin Jacob
2017-09-22 11:49 ` Radu Nicolau
2017-09-14 8:26 ` [dpdk-dev] [PATCH 07/11] ethdev: add rte flow action for crypto Akhil Goyal
2017-09-21 9:16 ` Jerin Jacob
2017-09-21 16:53 ` Boris Pismenny
2017-09-14 8:26 ` [dpdk-dev] [PATCH 08/11] mk: add rte security into build system Akhil Goyal
2017-09-14 8:26 ` [dpdk-dev] [PATCH 09/11] net/ixgbe: enable inline ipsec Akhil Goyal
2017-09-15 4:48 ` Hemant Agrawal
2017-09-15 13:14 ` Doherty, Declan
2017-09-14 8:26 ` [dpdk-dev] [PATCH 10/11] crypto/dpaa2_sec: add support for protocol offload ipsec Akhil Goyal
2017-09-14 8:26 ` [dpdk-dev] [PATCH 11/11] examples/ipsec-secgw: add support for security offload Akhil Goyal
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 00/12] introduce security offload library Akhil Goyal
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 01/12] lib/rte_security: add security library Akhil Goyal
2017-10-05 15:32 ` De Lara Guarch, Pablo
2017-10-05 16:30 ` Ananyev, Konstantin
2017-10-06 18:11 ` Akhil Goyal
2017-10-09 13:42 ` Ananyev, Konstantin
2017-10-10 12:17 ` Akhil Goyal
2017-10-11 9:02 ` Ananyev, Konstantin
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 02/12] doc: add details of rte security Akhil Goyal
2017-10-03 15:56 ` Mcnamara, John
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 03/12] cryptodev: extend cryptodev to support security APIs Akhil Goyal
2017-10-05 8:49 ` De Lara Guarch, Pablo
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 04/12] lib/librte_net: add ESP header to generic flow steering Akhil Goyal
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 05/12] lib/librte_mbuf: add security crypto flags and mbuf fields Akhil Goyal
2017-10-05 8:54 ` De Lara Guarch, Pablo
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 06/12] ethdev: extend ethdev to support security APIs Akhil Goyal
2017-10-04 10:52 ` Shahaf Shuler
2017-10-06 16:31 ` Radu Nicolau
2017-10-05 18:01 ` Ananyev, Konstantin
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 07/12] ethdev: add rte flow action for crypto Akhil Goyal
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 08/12] doc: add details of rte_flow security actions Akhil Goyal
2017-10-03 15:38 ` Mcnamara, John
2017-10-03 15:39 ` Mcnamara, John
2017-10-05 15:34 ` De Lara Guarch, Pablo
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 09/12] mk: add rte security into build system Akhil Goyal
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 10/12] net/ixgbe: enable inline ipsec Akhil Goyal
2017-10-05 17:55 ` Ananyev, Konstantin
2017-10-06 9:17 ` Radu Nicolau
2017-10-06 18:33 ` Ananyev, Konstantin
2017-10-10 16:10 ` Radu Nicolau
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 11/12] crypto/dpaa2_sec: add support for protocol offload ipsec Akhil Goyal
2017-10-05 9:13 ` De Lara Guarch, Pablo
2017-10-03 13:14 ` [dpdk-dev] [PATCH v2 12/12] examples/ipsec-secgw: add support for security offload Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 00/12] introduce security offload library Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 01/12] lib/rte_security: add security library Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 02/12] doc: add details of rte security Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 03/12] cryptodev: support security APIs Akhil Goyal
2017-10-10 13:43 ` De Lara Guarch, Pablo
2017-10-21 15:22 ` Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 04/12] net: add ESP header to generic flow steering Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 05/12] mbuf: add security crypto flags and mbuf fields Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 06/12] ethdev: support security APIs Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 07/12] ethdev: add rte flow action for crypto Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 08/12] doc: add details of rte_flow security actions Akhil Goyal
2017-10-12 13:41 ` Mcnamara, John
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 09/12] mk: add rte security into build system Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 10/12] net/ixgbe: enable inline ipsec Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 11/12] crypto/dpaa2_sec: add support for protocol offload ipsec Akhil Goyal
2017-10-06 18:11 ` [dpdk-dev] [PATCH v3 12/12] examples/ipsec-secgw: add support for security offload Akhil Goyal
2017-10-09 13:49 ` [dpdk-dev] [PATCH v3 00/12] introduce security offload library Ananyev, Konstantin
2017-10-10 12:22 ` Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 " Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 01/12] lib/rte_security: add security library Akhil Goyal
2017-10-15 12:47 ` Aviad Yehezkel [this message]
2017-10-19 9:30 ` Ananyev, Konstantin
2017-10-21 15:54 ` Akhil Goyal
2017-10-20 9:37 ` Thomas Monjalon
2017-10-20 9:39 ` Thomas Monjalon
2017-10-21 19:46 ` Akhil Goyal
2017-10-21 19:45 ` Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 02/12] doc: add details of rte security Akhil Goyal
2017-10-15 12:47 ` Aviad Yehezkel
2017-10-20 9:41 ` Thomas Monjalon
2017-10-21 19:48 ` Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 03/12] cryptodev: support security APIs Akhil Goyal
2017-10-15 12:48 ` Aviad Yehezkel
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 04/12] net: add ESP header to generic flow steering Akhil Goyal
2017-10-15 12:48 ` Aviad Yehezkel
2017-10-20 10:15 ` Thomas Monjalon
2017-10-21 19:49 ` Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 05/12] mbuf: add security crypto flags and mbuf fields Akhil Goyal
2017-10-15 12:49 ` Aviad Yehezkel
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 06/12] ethdev: support security APIs Akhil Goyal
2017-10-15 12:49 ` Aviad Yehezkel
2017-10-15 13:13 ` Shahaf Shuler
2017-10-16 8:46 ` Nicolau, Radu
2017-10-19 9:23 ` Ananyev, Konstantin
2017-10-21 16:00 ` Akhil Goyal
2017-10-23 9:56 ` Ananyev, Konstantin
2017-10-23 13:08 ` Nicolau, Radu
2017-10-20 10:58 ` Thomas Monjalon
2017-10-21 19:50 ` Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 07/12] ethdev: add rte flow action for crypto Akhil Goyal
2017-10-15 12:49 ` Aviad Yehezkel
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 08/12] doc: add details of rte_flow security actions Akhil Goyal
2017-10-15 12:50 ` Aviad Yehezkel
2017-10-16 19:17 ` Mcnamara, John
2017-10-20 11:00 ` Thomas Monjalon
2017-10-21 19:50 ` Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 09/12] mk: add rte security into build system Akhil Goyal
2017-10-15 12:50 ` Aviad Yehezkel
2017-10-20 11:06 ` Thomas Monjalon
2017-10-21 19:44 ` Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 10/12] net/ixgbe: enable inline ipsec Akhil Goyal
2017-10-15 12:51 ` Aviad Yehezkel
2017-10-16 10:41 ` Thomas Monjalon
2017-10-18 21:29 ` Ananyev, Konstantin
2017-10-19 10:51 ` Radu Nicolau
2017-10-19 11:04 ` Ananyev, Konstantin
2017-10-19 11:57 ` Nicolau, Radu
2017-10-19 12:16 ` Ananyev, Konstantin
2017-10-19 12:29 ` Ananyev, Konstantin
2017-10-19 13:14 ` Radu Nicolau
2017-10-19 13:22 ` Ananyev, Konstantin
2017-10-19 14:19 ` Nicolau, Radu
2017-10-19 14:36 ` Ananyev, Konstantin
2017-10-19 13:09 ` Radu Nicolau
2017-10-19 9:04 ` Ananyev, Konstantin
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 11/12] crypto/dpaa2_sec: add support for protocol offload ipsec Akhil Goyal
2017-10-14 22:17 ` [dpdk-dev] [PATCH v4 12/12] examples/ipsec-secgw: add support for security offload Akhil Goyal
2017-10-15 12:51 ` Aviad Yehezkel
2017-10-16 10:44 ` [dpdk-dev] [PATCH v4 00/12] introduce security offload library Thomas Monjalon
2017-10-20 9:32 ` Thomas Monjalon
2017-10-21 16:13 ` Akhil Goyal
2017-10-22 20:37 ` Akhil Goyal
2017-10-22 20:59 ` Thomas Monjalon
2017-10-23 11:44 ` Aviad Yehezkel
2017-10-24 9:41 ` Akhil Goyal
2017-10-24 9:52 ` Thomas Monjalon
2017-10-24 14:27 ` Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 00/11] " Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 01/11] lib/rte_security: add security library Akhil Goyal
2017-10-24 15:15 ` De Lara Guarch, Pablo
2017-10-25 11:06 ` Akhil Goyal
2017-10-24 20:47 ` Thomas Monjalon
2017-10-25 11:08 ` Akhil Goyal
2017-10-25 5:13 ` Hemant Agrawal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 02/11] doc: add details of rte security Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 03/11] cryptodev: support security APIs Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 04/11] net: add ESP header to generic flow steering Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 05/11] mbuf: add security crypto flags and mbuf fields Akhil Goyal
2017-10-25 9:38 ` Olivier MATZ
2017-10-25 12:05 ` Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 06/11] ethdev: support security APIs Akhil Goyal
2017-10-25 5:05 ` Hemant Agrawal
2017-10-25 7:01 ` Shahaf Shuler
2017-10-25 12:35 ` Aviad Yehezkel
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 07/11] ethdev: add rte flow action for crypto Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 08/11] mk: add rte security into build system Akhil Goyal
2017-10-24 20:48 ` Thomas Monjalon
2017-10-25 11:12 ` Akhil Goyal
2017-10-25 5:04 ` Hemant Agrawal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 09/11] net/ixgbe: enable inline ipsec Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 10/11] crypto/dpaa2_sec: add support for protocol offload ipsec Akhil Goyal
2017-10-24 14:15 ` [dpdk-dev] [PATCH v5 11/11] examples/ipsec-secgw: add support for security offload Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 00/10] introduce security offload library Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 01/10] cryptodev: support security APIs Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 02/10] net: add ESP header to generic flow steering Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 03/10] mbuf: add security crypto flags and mbuf fields Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 04/10] ethdev: support security APIs Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 05/10] ethdev: add rte flow action for crypto Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 06/10] security: introduce security API and framework Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 07/10] doc: add details of rte security Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 08/10] net/ixgbe: enable inline ipsec Akhil Goyal
2017-10-26 7:09 ` David Marchand
2017-10-26 7:19 ` David Marchand
2017-11-01 19:58 ` Thomas Monjalon
2017-11-01 20:10 ` Ferruh Yigit
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 09/10] crypto/dpaa2_sec: add support for protocol offload ipsec Akhil Goyal
2017-10-25 15:07 ` [dpdk-dev] [PATCH v6 10/10] examples/ipsec-secgw: add support for security offload Akhil Goyal
2017-10-26 1:16 ` [dpdk-dev] [PATCH v6 00/10] introduce security offload library Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ce39b8c4-5e1c-4da3-8ff2-e0025763c4b4@dev.mellanox.co.il \
--to=aviadye@dev.mellanox.co.il \
--cc=akhil.goyal@nxp.com \
--cc=aviadye@mellanox.com \
--cc=borisp@mellanox.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
--cc=jerin.jacob@caviumnetworks.com \
--cc=john.mcnamara@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=olivier.matz@6wind.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=sandeep.malik@nxp.com \
--cc=shahafs@mellanox.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).