From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 42CD7A054F; Tue, 16 Mar 2021 18:14:02 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 11A02406A2; Tue, 16 Mar 2021 18:14:02 +0100 (CET) Received: from new2-smtp.messagingengine.com (new2-smtp.messagingengine.com [66.111.4.224]) by mails.dpdk.org (Postfix) with ESMTP id 32E4F4069F for ; Tue, 16 Mar 2021 18:14:01 +0100 (CET) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.nyi.internal (Postfix) with ESMTP id 74CCA5809F9; Tue, 16 Mar 2021 13:14:00 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 16 Mar 2021 13:14:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s=fm3; bh= wC0KIYZaVnCaQ1EMKVZtGK5We34f+1UMy9o1Rmfi0RI=; b=cl14VJ7XgtaB0NdT RCC7WmcEJOq0WNDnA5FLW2BF6WoeThVDHK6qpWL6ACIkQZNFj3ZYgIwkC5e3C4px ss+HcsvCCZJ1fIx8FNH/lAXo/pSpmsINkkSJaRlkGcx+f9MLxSMIX4nQp03ew4Wz spPRC9iCnoSg4XGIUkzrGfJYYIpqVkX2z8KW4l7GzGlrZWucwh7ksjWFGsaMo7Kj k6H2fOTS1dG9JmaiZFyffd+dIaZNr7IxKzGQV490XjHW3tNMxXXKWmExkav1tmlM yXGejnzIPxKNs+8ZnOdzB2TY94by5zZtzeVUfXujABpRezjye4kRLhqpx6Wu2axd u4l1RA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=wC0KIYZaVnCaQ1EMKVZtGK5We34f+1UMy9o1Rmfi0 RI=; b=RT9aFF989DFppyffEnF9Mmm/4Z2xTCIug5f5CzRkaU6LLbjqxjymgt1u6 62BR+W0sidZaRopuF6vAAlT0cJO+9jDp7Zyuo8lfLmi1tfF2MWz0iyTBw0JA+bBW s9dG7h1HrqV2W+NncEOx8PGU9N+caxga695rN8Nz4kvUJbLPLjhwhWnXvad1f1FK mPdjwB2jc3OWWrDlg+R4fzgGSG6bGN0klflys/dXsi2/UCp19H3fdxfULGd+/1Ui vQ0HzcZUCPm9ArYJ8HgTc4g0Rq6COKmSUCIKyYuw8N6VxQVC8ztou1FDjd61WuKx uOlzr+lzOYg2jx1eGP++GSysjB0iQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudefvddgleelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkfgjfhgggfgtsehtufertddttddvnecuhfhrohhmpefvhhhomhgr shcuofhonhhjrghlohhnuceothhhohhmrghssehmohhnjhgrlhhonhdrnhgvtheqnecugg ftrfgrthhtvghrnhepudeggfdvfeduffdtfeeglefghfeukefgfffhueejtdetuedtjeeu ieeivdffgeehnecukfhppeejjedrudefgedrvddtfedrudekgeenucevlhhushhtvghruf hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthhhomhgrshesmhhonhhjrghl ohhnrdhnvght X-ME-Proxy: Received: from xps.localnet (184.203.134.77.rev.sfr.net [77.134.203.184]) by mail.messagingengine.com (Postfix) with ESMTPA id F11C724005D; Tue, 16 Mar 2021 13:13:58 -0400 (EDT) From: Thomas Monjalon To: Slava Ovsiienko Cc: "dev@dpdk.org" , Matan Azrad , Shahaf Shuler , Ori Kam , Asaf Penso , Akhil Goyal , Konstantin Ananyev , Radu Nicolau , Declan Doherty , Anoob Joseph Date: Tue, 16 Mar 2021 18:13:56 +0100 Message-ID: <1957405.hO5CPrKO5X@thomas> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [dpdk-dev] [RFC] net/mlx5: add IPsec offload support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" +Cc Akhil, Anoob, Konstantin, Radu & Declan 16/03/2021 17:28, Slava Ovsiienko: > The DPDK ethernet device might support the offload for security > operations. Since ConnectX-6DX the hardware implements the > cryptographic options required to provide the IPsec protocol > offload and there is an intention to update mlx5 PMD to make this > security offload capability available. > > The minimal required set of offload options to be supported: > - crypto inline offload only > (RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) > - ESP protocol only (AH will be not supported) > - AES-GCM 128/256 algorithms > - support both Transport and Tunnel modes > - operate on BlueField-2, ConnectX-6DX and above > - support both IPv4 and IPv6 > - VXLAN/GRE tunnel support > > The common updates in mlx5 PMD include the standard security > context API support: > - rte_security_capabilities_get() > - rte_security_session_get_size() > - rte_security_session_create() > - rte_security_session_destroy() > - rte_security_session_update() > > The mlx5 data path update includes: > - RTE_SECURITY_DYNFIELD_NAME mbuf dynamic field support > - rte_security_get_user_data() > - rte_security_get_stats_get() > - PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD_FAILED, > PKT_TX_SEC_OFFLOAD mbuf flags support > - report of DEV_RX_OFFLOAD_SECURITY and DEV_TX_OFFLOAD_SECURITY > > The mlx5 rte_flow API update includes: > - RTE_FLOW_ACTION_TYPE_SECURITY action support > - RTE_FLOW_ITEM_TYPE_ESP item support > - support RSS over ESP option > > Signed-off-by: Viacheslav Ovsiienko