From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0085.outbound.protection.outlook.com [104.47.42.85]) by dpdk.org (Postfix) with ESMTP id 85248DE0 for ; Wed, 20 Sep 2017 13:36:00 +0200 (CEST) Received: from CY1PR03CA0042.namprd03.prod.outlook.com (2603:10b6:600::52) by SN2PR03MB2368.namprd03.prod.outlook.com (2603:10b6:804:e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Wed, 20 Sep 2017 11:35:58 +0000 Received: from BY2FFO11FD042.protection.gbl (2a01:111:f400:7c0c::177) by CY1PR03CA0042.outlook.office365.com (2603:10b6:600::52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.12 via Frontend Transport; Wed, 20 Sep 2017 11:35:58 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BY2FFO11FD042.mail.protection.outlook.com (10.1.14.227) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.35.14 via Frontend Transport; Wed, 20 Sep 2017 11:35:58 +0000 Received: from [10.232.134.49] (B35197-11.ap.freescale.net [10.232.134.49]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id v8KBZrBb019154; Wed, 20 Sep 2017 04:35:54 -0700 To: Hemant Agrawal , CC: , , , , , , , References: <20170914082651.26232-1-akhil.goyal@nxp.com> <20170914082651.26232-2-akhil.goyal@nxp.com> From: Akhil Goyal Message-ID: <1b00fffb-4375-321f-3e1f-4ac90ca8b6bb@nxp.com> Date: Wed, 20 Sep 2017 17:05:52 +0530 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Matching-Connectors: 131503809583999972; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(7966004)(336005)(39380400002)(346002)(39860400002)(376002)(2980300002)(1110001)(1109001)(339900001)(199003)(189002)(377454003)(24454002)(7416002)(81166006)(50986999)(81156014)(2950100002)(8676002)(104016004)(77096006)(229853002)(106466001)(31686004)(50466002)(54906003)(105606002)(8936002)(54356999)(76176999)(68736007)(8656003)(498600001)(97736004)(23746002)(85426001)(305945005)(4326008)(36756003)(356003)(6246003)(2906002)(110136005)(58126008)(53936002)(316002)(64126003)(83506001)(65806001)(65956001)(2870700001)(33646002)(65826007)(5660300001)(47776003)(86362001)(31696002)(15650500001)(53546010)(189998001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN2PR03MB2368; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD042; 1:7KxqFDLwbL+6EzbwTLhWDBO6sr8ICTGuBv//hVVMWlvJ8vSCQ02RdwzdXUWiyn6lGsTimV/fjzgSnZMMFVKDyVwLlyl9rDmmeQZl9oLA1Apvfxyf8v9eO7uabcj8CIL9 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6c561d90-658b-46d9-0a83-08d5001bc352 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(2017052603199)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:SN2PR03MB2368; X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2368; 3:dQLKlI7BIyaAMWsv9UaoxXVqgwhLY1ENspA1LR6z2rXGVmkER6O1ubqq4xizF2i9fXKmpEnxPA11+sD1Igmne1NT5ugxtrIDxLfoNpbLU0KfLipPoyEj6nFuQcEsAaazAiJ2bpUPQd2+qT5pYVDppk28isDXnsi64i8Vul4R/2bvFQkv65Hn02K9zp1YjL1zxnRFp5nJPUmjns4H/5CklpfDVbV/DWu8UBbDnI+PlcRnh+PBJWUQB570XIhy1d43PR0wHc6gJfAdoYozz8kgV1VwDWcMnPHtSGi543yiZyIKz69EyuMf9YuQIPkc4AGNpMZRKbQx4KiQRKylhPJiYo4l0HjszJGzItPn5H1d3HA=; 25:9qKlE5wop9Rko9uxq+9FszE0oEGjXCmdwBxCQKDqIFgssl+Z+oPtj7fUyQraFYmABaNPQFwwUdg0VIGC1ZsBnyTyVN0ICHvDLwCVTLoMtZ3uMxvm/1O6GIa+rHxqKA5OMWwQ3zuPejPcrDVfxB2gkLEKwyfnOL00jN/QclqPyK7297m+PVisoQ2/6WmNsq01F+OvoT/2sLuo0Jt9Q2+35AeeQ+ZKJs23adMmCGrMU4c1AiQKolGUGaTbb7sv8IijqhkARGD0nFYSHRj6Do9ba0DMDXh1hhgd0P1mFNpWVvlGRI3mjbN+Gh6A/TDQ9jtzgU950bOO8BrtWysvU8LjzQ== X-MS-TrafficTypeDiagnostic: SN2PR03MB2368: X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2368; 31:ccm1W9vggE0PM6wlDW+rIbmiaoNd15wWBuKfK51qEnCDNTFHj9FqAWHgj6UKn3hWtycK+XGj445DrSOFr44sjTQ6g7yOg6dO+siO0UiPGh7H07Rtlt9wva7miR+10sqsE4JmCbNNYt+0w5iBHWo4s0/g1jG5n+QRl2g+xS1LPpbLPaJAAJ7RXuCToA80wn86DM2BxTcdmtNLBDmWuD+2e7DZoOoYDO/0yL0lelZAZCM=; 4:SEI5JIrulSFAC+cIYYB1jZnnkGq406REVTdwKB/J1ooXHC8M9AG62t4ARcaQ8P4CVeO0bpftJ0oKe+EJmdKQUQTeintsDaZtXLc+jDdbo0reBHDb1ev6ZE4Tz3T6y6YpU5ti+iuPi6fhxlpEb0sF9bRYT4hlxjNwH2eLIjzp5bhELvC94hnbypIOvTwc+PL5eiQRCQZ1fQ+Kr49buy0QbFgWwpgQHEBTm+CjmGvTvg3ZLg+8gRAcXfVdiOmNrTNJJoZirgHjAyhp0vqgbHEP+0dqTf75abYhrDjBsudtir4= X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(6055026)(6096035)(201703131430075)(201703131433075)(201703131441075)(201703131448075)(201703161259150)(20161123561025)(20161123556025)(20161123563025)(20161123559100)(20161123565025)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN2PR03MB2368; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN2PR03MB2368; X-Forefront-PRVS: 04362AC73B X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1; SN2PR03MB2368; 23:HTqc1e6zrJihZmTp6hStlqGIYGvS7Rbx5jVeP?= =?Windows-1252?Q?R8UVnYx9ob15Hxlx8od6NxZT1AdTNLVtBkECLSek0+ndmcf9mm/M3z2Y?= =?Windows-1252?Q?XlmFReruLBDx7KSf1k1D2suCjhxSbrvFliCHNv/ba2q39fSxqZr78wOp?= =?Windows-1252?Q?QAHI1CWhAFnkS0fabvPWQdeUaWKwVUaJToywqls4nRn/S9KnfbrK3oud?= =?Windows-1252?Q?CI0o9xfbXto52YLCIihQdGVbE/YthSU3Ec7YBvA/9fJxprsW1ftsbWRj?= =?Windows-1252?Q?x2E2gyUoJlvM6J+kP3xgGE4AkRdzhBk+w4Mu2S7oGbXt3WNAUoh08AC6?= =?Windows-1252?Q?xIMn5jhd58/RKEHTJWCDLjRwJOhCLfqdfRI1ORwjbXyxAZfQ9pF9xhLV?= =?Windows-1252?Q?ZK/Le//O2QyY7du1tfH6XBRFuRIEajIL6HroXjS1FlAhOcTpcR3WdNFL?= =?Windows-1252?Q?yOBLFPvTYdVx0BCj/FMH7A2Ikchq2xqVC4StrupHJw0/+IScgIsNPl6Z?= =?Windows-1252?Q?Tlu5rIpZNlo+K8dHdkF+AVVIBOp+7QbXUS4t1f9/q7YgSguaNo768aq5?= =?Windows-1252?Q?IZR8/7W4nK9Xv12FO768HGYatli17ZQy1sJ5dawmtbzAnWt3Bktm0Nz7?= =?Windows-1252?Q?kCd4bmp29n+ASPOo8M9TBtPsv5kcVW6HpH/vYuRkOqsfAIuxrjhm1lrt?= =?Windows-1252?Q?o0zNAATJa530vBE0dxy+CvSkJeZrnPkaGuVZqwKVOR/7Te1UvvPPdLEE?= =?Windows-1252?Q?D254Wve4s+5whUdjuMIXAqDBq5PeWDpW1kIbMaMPqRs7cbZkPSeoW6kz?= =?Windows-1252?Q?ARvr7ndnehu/nG0fXQRXf5Vp5bGE77RfTLSqin0+xNWInEanYSVY4Lf2?= =?Windows-1252?Q?Z0uPMwdWtz1mjE4R9xs82Wdl3SIjEMfxJn4F5xZwZkD1RmO8jyesQRUB?= =?Windows-1252?Q?28DWRkUhyxLpIRBMIOngPOoYliGnRuPqgHNjLoId4WCpvHytbj4vlE6/?= =?Windows-1252?Q?bHUd7nng3kqDyLywL/XoQZVBDevjMKU76yUOFeRvajj5ubsjxMK9MOo+?= =?Windows-1252?Q?qjWjKNoOclJf8rrfMrh9M2reJoviL38gKWDQvPlBYzrIzMxGycyzlIzn?= =?Windows-1252?Q?r2sxTEu6BlkZ/ugPRNgGJUMtxN3ar9XUaD0B+ToJ18VQgaJods7c708R?= =?Windows-1252?Q?ObOLl/+qkwWAr7BPJgrR03DNU3lWZTfr+Qst/T2oS8+0E8YjLibPg796?= =?Windows-1252?Q?oUyUAm5s5JLtUG6sfEn+m7SKC1OH8ugnrGBlnchnuf21I/1QUHEumSuA?= =?Windows-1252?Q?kmGhCVH/wZIV0krI8vGrOvjowXL4CU//1W1SgL4C36/2zLolpELmH26n?= =?Windows-1252?Q?7GsW3RkPa2LIwVFBchxBGx2MDIEmbCNB5c+c9LYqfJZSaa01tbPm9avD?= =?Windows-1252?Q?LQe6bGUlLaEmUQQD3Jnj6ZtOupZQR35cuQCkD8YeiFXtewHf6n5l/eTO?= =?Windows-1252?Q?RQsIuQRAM/dbZWblvatpFEDJF4tzh5qogfvF+tHGNlmshcIb4U7ohex4?= =?Windows-1252?Q?3a9PlvCS2zA3SM=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN2PR03MB2368; 6:pQc19piYYeBgtzqWka6fFluXcFQZFCFa1YfTYdmIdlCKu3LmNt+F+ox0B1H+kgwdTDaM3o0KMRWQggoAUQlRAM8mUIqQ1k16yJCNX5WUras0hifRLUIxuHiFYYbiwho1hpYodHAhBx0w2Kb2LL8Aoo3MEwscvK2NN5DGQEgkabnYgTFss1/EBF2HxiGj7qhsBF0Anr3i06THvWHIJkxa4Dm/gnxuF09Onald8hDRGKr5fbs722HBC00gT+LeCwPe0CWPe4E0G3zDKiQ/ifZ+VT+tAfeksj4l4zvPb1+pDhALHGVBEkOFh9/pZo/4sC+1wo6sIU1X6X5y9c2094rDGw==; 5:rgEjsDA5FhJPMGQMnUOf5xxzvteId4pjHAjw6TtlZdIOYh2eiLtGz1sBTpIDHc4x/2fdqdtxW6THLaoH/3my5FvP3oJvhqKGPHhM5/mAOuPP0lBGx+IDnGC23P8Rl3A8y/nHb/wNzB51p6iVPR4/OA==; 24:9L4ImqqhN9G1n8Sqmz5D4p1Xk1FihWWAhJFBJmWo5S6xnYzdNBHrtEi7HVrymQJwME+DK/wCcm8w5ojYy4W9UDhKGZOuYQQfXNjVH8epan0=; 7:bSJrCpsVfEcyBce8aTxRzTVpVfMfB+AJ9NymCmbD0C+z+6u9xv/lanfK2EU4kiDPEfLLYWCbrpvmYUsWuRmm1a/aveV0qOpwum39Nft+XyGTjPmGmJMO6D/xvWz6z7Rzr4uCRyglcRMU4eolUqgxIPvBHSWw2YBGyXx/Ezt88FkmtqPObzT8gHvekm17z2+Ou4dbIC7k2jGtksTQ4TSaeoyvb1F8Iie48B1UqEQZ2UE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Sep 2017 11:35:58.1035 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR03MB2368 Subject: Re: [dpdk-dev] [PATCH 01/11] lib/rte_security: add security library X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 11:36:01 -0000 Hi Hemant, On 9/15/2017 11:02 AM, Hemant Agrawal wrote: > Hi, > > On 9/14/2017 1:56 PM, Akhil Goyal wrote: > .. > >> diff --git a/lib/librte_security/rte_security.c >> b/lib/librte_security/rte_security.c >> new file mode 100644 >> index 0000000..5776246 >> --- /dev/null >> +++ b/lib/librte_security/rte_security.c >> @@ -0,0 +1,252 @@ >> +/*- >> + *   BSD LICENSE >> + * >> + *   Copyright 2017 NXP. >> + *   Copyright(c) 2017 Intel Corporation. All rights reserved. >> + * >> + *   Redistribution and use in source and binary forms, with or without >> + *   modification, are permitted provided that the following conditions >> + *   are met: >> + * >> + *     * Redistributions of source code must retain the above copyright >> + *       notice, this list of conditions and the following disclaimer. >> + *     * Redistributions in binary form must reproduce the above >> copyright >> + *       notice, this list of conditions and the following disclaimer in >> + *       the documentation and/or other materials provided with the >> + *       distribution. >> + *     * Neither the name of NXP nor the names of its >> + *       contributors may be used to endorse or promote products derived >> + *       from this software without specific prior written permission. >> + * >> + *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >> + *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >> + *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND >> FITNESS FOR >> + *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >> COPYRIGHT >> + *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >> INCIDENTAL, >> + *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT >> + *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF >> USE, >> + *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND >> ON ANY >> + *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >> + *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF >> THE USE >> + *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH >> DAMAGE. >> + */ >> + >> +#include >> +#include >> + >> +#include "rte_security.h" >> +#include "rte_security_driver.h" >> + >> +#define RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ    (8) >> + >> +struct rte_security_ctx { >> +    uint16_t id; >> +    enum { >> +        RTE_SECURITY_INSTANCE_INVALID = 0, >> +        RTE_SECURITY_INSTANCE_VALID >> +    } state; >> +    void *device; >> +    struct rte_security_ops *ops; >> +}; >> + >> +static struct rte_security_ctx *security_instances; >> +static uint16_t max_nb_security_instances; >> +static uint16_t nb_security_instances; >> + >> +static int >> +rte_security_is_valid_id(uint16_t id) >> +{ >> +    if (id >= nb_security_instances || >> +        (security_instances[id].state != RTE_SECURITY_INSTANCE_VALID)) >> +        return 0; >> +    else >> +        return 1; >> +} >> + >> +/* Macros to check for valid id */ >> +#define RTE_SEC_VALID_ID_OR_ERR_RET(id, retval) do { \ >> +    if (!rte_security_is_valid_id(id)) { \ >> +        RTE_PMD_DEBUG_TRACE("Invalid sec_id=%d\n", id); \ >> +        return retval; \ >> +    } \ >> +} while (0) >> + >> +#define RTE_SEC_VALID_ID_OR_RET(id) do { \ >> +    if (!rte_security_is_valid_id(id)) { \ >> +        RTE_PMD_DEBUG_TRACE("Invalid sec_id=%d\n", id); \ >> +        return; \ >> +    } \ >> +} while (0) >> + >> +int >> +rte_security_register(uint16_t *id, void *device, >> +              struct rte_security_ops *ops) >> +{ >> +    if (max_nb_security_instances == 0) { >> +        security_instances = rte_malloc( >> +                "rte_security_instances_ops", >> +                sizeof(*security_instances) * >> +                RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ, 0); >> + >> +        if (security_instances == NULL) >> +            return -ENOMEM; >> +        max_nb_security_instances = >> +                RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ; >> +    } else if (nb_security_instances >= max_nb_security_instances) { >> +        uint16_t *instances = rte_realloc(security_instances, >> +                sizeof(struct rte_security_ops *) * >> +                (max_nb_security_instances + >> +                RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ), 0); > > I think "RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ" value as 8 is relatively > small. you may want to keep it "64" or more. > > you may change it into two parts > - Initial block size and incremental block size for realloc. > > Also, do you want to make it a configurable variable. as some > implementation may need really large number of SAs. Security Instances are not per SA, these are per eth/crypto device which support security offload. > >> + >> +        if (instances == NULL) >> +            return -ENOMEM; >> + >> +        max_nb_security_instances += >> +                RTE_SECURITY_INSTANCES_BLOCK_ALLOC_SZ; >> +    } >> + >> +    *id = nb_security_instances++; >> + >> +    security_instances[*id].id = *id; >> +    security_instances[*id].state = RTE_SECURITY_INSTANCE_VALID; >> +    security_instances[*id].device = device; >> +    security_instances[*id].ops = ops; >> + >> +    return 0; >> +} >> + >> +int >> +rte_security_unregister(__rte_unused uint16_t *id) >> +{ >> +    /* To be implemented */ >> +    return 0; >> +} >> + >> +struct rte_security_session * >> +rte_security_session_create(uint16_t id, >> +                struct rte_security_session_conf *conf, >> +                struct rte_mempool *mp) >> +{ >> +    struct rte_security_ctx *instance; >> +    struct rte_security_session *sess = NULL; >> + >> +    RTE_SEC_VALID_ID_OR_ERR_RET(id, NULL); >> +    instance = &security_instances[id]; >> + >> +    if (conf == NULL) >> +        return NULL; >> + >> +    if (rte_mempool_get(mp, (void *)&sess)) >> +        return NULL; >> + >> +    RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL); > > it will leak the sess memory, if returned on error. ok I will fix this. > >> +    if (instance->ops->session_create(instance->device, conf, sess, >> mp)) { >> +        rte_mempool_put(mp, (void *)sess); >> +        return NULL; >> +    } > > can the mempool operations be part of session_create api? No, this is used for struct rte_security_session. session_create() would take another object for its private data which it would free in the session_destroy() in the driver. > > it will be similar to destroy, which is expected to free the 'sess' > object to mempool? rte_security_session_destroy should free the mempool object used for struct rte_security_session in the rte_security_session_create I will fix this in the next version. > >> +    return sess; >> +} >> + > > .. > >> +struct rte_security_ipsec_xform { >> +    uint32_t spi; >> +    /**< SA security parameter index */ >> +    uint32_t salt; >> +    /**< SA salt */ >> +    struct rte_security_ipsec_sa_options options; >> +    /**< various SA options */ >> +    enum rte_security_ipsec_sa_direction direction; >> +    /**< IPSec SA Direction - Egress/Ingress */ >> +    enum rte_security_ipsec_sa_protocol proto; >> +    /**< IPsec SA Protocol - AH/ESP */ >> +    enum rte_security_ipsec_sa_mode mode; >> +    /**< IPsec SA Mode - transport/tunnel */ >> +    struct rte_security_ipsec_tunnel_param tunnel; >> +    /**< Tunnel parameters, NULL for transport mode */ >> +}; >> + >> +/** >> + * MACsec security session configuration >> + */ >> +struct rte_security_macsec_xform { >> +    /** To be Filled */ >> +}; >> + >> +/** >> + * Security session action type. >> + */ >> +enum rte_security_session_action_type { >> +    RTE_SECURITY_ACTION_TYPE_NONE, >> +    /**< No security actions */ > > This is not being used, it seems that you are only using it as marker to > indicate end of capability set? Yes. > >> +    RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, >> +    /**< Crypto processing for security protocol is processed inline >> +     * during transmission */ >> +    RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, >> +    /**< All security protocol processing is performed inline during >> +     * transmission */ >> +    RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL >> +    /**< All security protocol processing including crypto is performed >> +     * on a lookaside accelerator */ >> +}; >> + >> +/** Security session protocol definition */ >> +enum rte_security_session_protocol { >> +    RTE_SECURITY_PROTOCOL_IPSEC, >> +    /**< IPsec Protocol */ >> +    RTE_SECURITY_PROTOCOL_MACSEC, >> +    /**< MACSec Protocol */ >> +}; >> + >> +/** >> + * Security session configuration >> + */ >> +struct rte_security_session_conf { >> +    enum rte_security_session_action_type action_type; >> +    /**< Type of action to be performed on the session */ >> +    enum rte_security_session_protocol protocol; >> +    /**< Security protocol to be configured */ >> +    union { >> +        struct rte_security_ipsec_xform ipsec; >> +        struct rte_security_macsec_xform macsec; >> +    }; >> +    /**< Configuration parameters for security session */ >> +    struct rte_crypto_sym_xform *crypto_xform; >> +    /**< Security Session Crypto Transformations */ >> +}; >> + >> +struct rte_security_session { >> +    __extension__ void *sess_private_data; >> +    /**< Private session material */ >> +}; >> + > > > Do you need specific error handling for security sessions as well? > In case of full protocol offloads, you will need indications for > 1. SEQ number overflow (egress side, if the SA is not refreshed on time) > 2. Anti replay window config and err handlings? > This is in our TODO list for future. > >> +/** >> + * Create security session as specified by the session configuration >> + * >> + * @param   id        security instance identifier id >> + * @param   conf    session configuration parameters > > fix the indentation here and other places in this file. ok. > >> + * @param   mp        mempool to allocate session objects from >> + * @return >> + *  - On success, pointer to session >> + *  - On failure, NULL >> + */ >> +struct rte_security_session * >> +rte_security_session_create(uint16_t id, >> +                struct rte_security_session_conf *conf, >> +                struct rte_mempool *mp); >> + >> +/** > Regards, Akhil