From: Anoob Joseph <anoob.joseph@caviumnetworks.com>
To: Akhil Goyal <akhil.goyal@nxp.com>,
Declan Doherty <declan.doherty@intel.com>,
Radu Nicolau <radu.nicolau@intel.com>,
Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Cc: Anoob Joseph <anoob.joseph@caviumnetworks.com>,
Jerin Jacob <jerin.jacob@caviumnetworks.com>,
Narayana Prasad <narayanaprasad.athreya@caviumnetworks.com>,
Nelio Laranjeiro <nelio.laranjeiro@6wind.com>,
dev@dpdk.org
Subject: [dpdk-dev] [RFC 1/3] lib/security: set/retrieve per packet protocol metadata
Date: Mon, 22 Jan 2018 13:11:06 +0000 [thread overview]
Message-ID: <1516626668-9031-2-git-send-email-anoob.joseph@caviumnetworks.com> (raw)
In-Reply-To: <1516626668-9031-1-git-send-email-anoob.joseph@caviumnetworks.com>
This patch enables the application to set & retrieve per packet protocol
parameters like seq no, which is required in case of protocol offload. The
ability to set/retrieve such data is PMD dependent and the application is
expected to use "mdata_flags" while using such fields.
Retrieving the sequence number is required to monitor the sequence
number overflow in inline IPsec offload.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
---
lib/librte_security/rte_security.c | 7 ++--
lib/librte_security/rte_security.h | 66 ++++++++++++++++++++++++++++---
lib/librte_security/rte_security_driver.h | 3 +-
3 files changed, 64 insertions(+), 12 deletions(-)
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 5805051..508046b 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -100,12 +100,11 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
- struct rte_mbuf *m, void *params)
+ struct rte_security_mdata *mdata,
+ struct rte_mbuf *m)
{
RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
- return instance->ops->set_pkt_metadata(instance->device,
- sess, m, params);
+ return instance->ops->set_pkt_metadata(instance->device, mdata, m);
}
void *
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 004a0eb..9d322a8 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -284,6 +284,48 @@ struct rte_security_session {
/**< Private session material */
};
+/* IN/OUT flags for IPsec mdata */
+
+/**
+ * IN/OUT flag for sequence number
+ */
+#define RTE_SECURITY_IPSEC_MDATA_FLAGS_SEQ_NO (1ULL << 0)
+
+/**
+ * Metadata for IPsec protocol offload
+ */
+struct rte_security_ipsec_mdata {
+ uint64_t seq_no;
+ /**< Sequence number */
+};
+
+/**
+ * Per packet metadata for protocol offload
+ */
+struct rte_security_mdata {
+ struct rte_security_session *sess;
+ /**< Security session */
+ union {
+ struct rte_security_ipsec_mdata ipsec;
+ };
+ /**< Protocol specific metadata. This field is IN/OUT, and could be
+ * used for setting and retrieving per packet metadata.
+ */
+ struct {
+ uint32_t set;
+ /**< Used by application to denote the fields it has set */
+ uint32_t get;
+ /**< Used by application to denote the fields PMD should
+ * update back
+ */
+ uint32_t updated;
+ /**< Used by PMD to denote the fields it has set */
+ } mdata_flags;
+ /**< Flags to denote the usage of various fields in metadata */
+ void *params;
+ /**< Device specific pointer */
+};
+
/**
* Create security session as specified by the session configuration
*
@@ -331,13 +373,25 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
struct rte_security_session *sess);
/**
- * Updates the buffer with device-specific defined metadata
+ * Updates the buffer with the security metadata.
+ *
+ * This metadata could be used by the application to set some protocol defined
+ * fields per packet. For such protocol defined fields, application can only
+ * request the PMD to set various values, and it will be upto the PMD to
+ * decide whether the provided values should be used or not.
+ *
+ * In addition, this could be used by the application to probe such per packet
+ * fields used in inline offload case. PMD would update the metadata field with
+ * what it would use, if the corresponding "get" flag is set.
+ *
+ * E.g. for inline IPsec mode, application could request a sequence number by
+ * setting "rte_security_mdata.ipsec.seq_no" field and the corresponding flag.
+ * Additionally, "rte_security_mdata.mdata_flags.get" would give application
+ * the ability to check the sequence number selected for the packet.
*
* @param instance security instance
- * @param sess security session
+ * @param mdata security metadata
* @param mb packet mbuf to set metadata on.
- * @param params device-specific defined parameters
- * required for metadata
*
* @return
* - On success, zero.
@@ -345,8 +399,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
*/
int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
- struct rte_mbuf *mb, void *params);
+ struct rte_security_mdata *mdata,
+ struct rte_mbuf *mb);
/**
* Get userdata associated with the security session which processed the
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index bf0170e..662afa9 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -118,8 +118,7 @@ typedef int (*security_session_stats_get_t)(void *device,
* - Returns -ve value for errors.
*/
typedef int (*security_set_pkt_metadata_t)(void *device,
- struct rte_security_session *sess, struct rte_mbuf *m,
- void *params);
+ struct rte_security_mdata *md, struct rte_mbuf *m);
/**
* Get application specific userdata associated with the security session which
--
2.7.4
next prev parent reply other threads:[~2018-01-22 13:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-22 13:11 [dpdk-dev] [RFC 0/3] set protocol specific metadata using set_pkt_metadata API Anoob Joseph
2018-01-22 13:11 ` Anoob Joseph [this message]
2018-01-22 13:11 ` [dpdk-dev] [RFC 2/3] net/ixgbe: use structure for passing metadata Anoob Joseph
2018-01-22 13:11 ` [dpdk-dev] [RFC 3/3] examples/ipsec-secgw: support for setting seq no Anoob Joseph
2018-01-25 17:13 ` [dpdk-dev] [RFC 0/3] set protocol specific metadata using set_pkt_metadata API Anoob Joseph
2018-01-26 11:22 ` Nicolau, Radu
2018-01-26 14:38 ` Anoob Joseph
2018-01-26 15:08 ` Nicolau, Radu
2018-01-29 7:32 ` Akhil Goyal
2018-01-29 8:03 ` Anoob Joseph
2018-01-29 9:08 ` Akhil Goyal
2018-01-29 11:44 ` Anoob Joseph
2018-01-29 10:01 ` Nicolau, Radu
2018-01-29 18:01 ` Anoob Joseph
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1516626668-9031-2-git-send-email-anoob.joseph@caviumnetworks.com \
--to=anoob.joseph@caviumnetworks.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=jerin.jacob@caviumnetworks.com \
--cc=narayanaprasad.athreya@caviumnetworks.com \
--cc=nelio.laranjeiro@6wind.com \
--cc=radu.nicolau@intel.com \
--cc=sergio.gonzalez.monroy@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).