From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0078.outbound.protection.outlook.com [104.47.36.78]) by dpdk.org (Postfix) with ESMTP id 321981B1EE for ; Wed, 25 Oct 2017 17:10:22 +0200 (CEST) Received: from BLUPR0301CA0012.namprd03.prod.outlook.com (10.162.113.150) by CY1PR03MB2364.namprd03.prod.outlook.com (10.166.207.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Wed, 25 Oct 2017 15:10:21 +0000 Received: from BN1BFFO11FD033.protection.gbl (2a01:111:f400:7c10::1:140) by BLUPR0301CA0012.outlook.office365.com (2a01:111:e400:5259::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.178.6 via Frontend Transport; Wed, 25 Oct 2017 15:10:21 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; NXP1.onmicrosoft.com; dkim=none (message not signed) header.d=none;NXP1.onmicrosoft.com; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1BFFO11FD033.mail.protection.outlook.com (10.58.144.96) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.156.4 via Frontend Transport; Wed, 25 Oct 2017 15:10:21 +0000 Received: from netperf2.ap.freescale.net ([10.232.133.164]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id v9PFAECU009577; Wed, 25 Oct 2017 08:10:15 -0700 From: Akhil Goyal To: CC: , , , , , , , , , , , , Date: Wed, 25 Oct 2017 20:37:17 +0530 Message-ID: <20171025150727.30364-1-akhil.goyal@nxp.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20171024141545.30837-1-akhil.goyal@nxp.com> References: <20171024141545.30837-1-akhil.goyal@nxp.com> X-EOPAttributedMessage: 0 X-Matching-Connectors: 131534178215491476; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(336005)(39380400002)(39860400002)(376002)(346002)(2980300002)(1110001)(1109001)(339900001)(199003)(189002)(966005)(85426001)(498600001)(5660300001)(7416002)(2906002)(2420400007)(10710500007)(76176999)(50986999)(36756003)(1076002)(104016004)(2351001)(106466001)(105606002)(50226002)(81166006)(316002)(356003)(8936002)(8676002)(4326008)(189998001)(305945005)(7110500001)(15650500001)(77096006)(6916009)(16586007)(50466002)(54906003)(2950100002)(48376002)(81156014)(86362001)(53936002)(33646002)(47776003)(68736007)(97736004)(6306002)(8656006)(5003940100001)(53376002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR03MB2364; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD033; 1:LSDwV+pazpA7gYeZbB4C4shqNg2MJZThlHydPOBCnj7ZYimTk7zo/LObC8HDwvuCEjfMj1oTqFUWFTQo55jyQnO30G8kq6UFfJu1oU5Eg9QqKNKMT+0RiP7eMSTyRICR MIME-Version: 1.0 Content-Type: text/plain X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: aae634ac-56e5-4b9d-6c94-08d51bba82bf X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4628075)(201703131517081)(2017052603238); SRVR:CY1PR03MB2364; X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2364; 3:MfPqfR/xWtT/GoyZr1z387/Ls27OKSBGlI3Se3Kt/2++gnVBADdl6oFEKcI8h3BFgRLZf1rsi5PMGjsqzABEWKNoz4b86yDbFuAuZyQevdvilnCVICiXbaU20orv990L99zqQSjT+0UMGhTDLfSbl6x9rB0I1RHgUxgZ9SD87UDTdmw/Xurtd/cMhBWtDCoBG/wss40JKycITd3ehSB80uSNfVNWHdBkSKYDqO0RTAZsHsT6/JufpjGtMeKfR6Nz9wuQqzq/pCoczCNVqQ+4Cq8iHFfNTiSebOQpKU1LTsXZv/rwZWEoMx9Gc74yULJ0Wq4vxrXpiqfj6Wr6P+pn405rYWpKXKronHD8bdJCDWY=; 25:12UIMI/ut6yV/Dt8kjvwfs4Li+JiC/KP+BPxDBr+J4Agy9PPnBouoexFovN9yJOP70Xq7Pl3tUpFC1NgNP0fIcUiXNt/1g6SEuctq7HwaNhjyjIgo7OuMDSid836jqtZnPJzplXIG3ygDfbPZxndtZPREYOScf8g50w+frsglxxh/OXoqKMGGwy+uqOsgvpcMP0RmqG/0Xa32sJxFt3MhFU12veA74P1jJ4QY7C5+PpAoXKkAPVgQObKbve4D+ZQzlqpz8PoxfA5vuQAv5az3aiB8wS+tV93DAiRFd2wE6nxlTAlt1lF+WJTxL1GoQA6jU5XSdNn7YYj030JS29+Fg== X-MS-TrafficTypeDiagnostic: CY1PR03MB2364: X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2364; 31:8mJfDz3HSlQtYwj/jXhMFBUfxYxUYIsTmBZIpWedU9ptRTph+nGy0HQZad42TCdOGkBHfN+TCWb0sW2YMb4Mx7DxT0D1ytClsprN8m6chCc8WF4RKmR6BQGuDq94FpM2mU/Yo08qgp5UgEJ8v6o4V+jaf7hh9cBQrTlonmmd8Ox4U02zrVa3vusrFFz90NeaszlmovpksmydfWYjweRnIipi/0TySeoxz2/XvYdfyfo=; 4:Frp4yKOaJDXyvruvLAHaGm+4+Nxno4X/+TkNlh5gGhh7lfvI1YKZyY5TKJkSxmgQzW1z8LYQbwhcG6vZJNo8KRjC4jahN0i84rvIAQmXofeaPBLGCFKWSbN08iY/v1FrWSAvojj/DasdUxGbxlEIqYeY5+t7x+HOdrSPhClnT7t6G0CrNoeHrRWVJCEdYB8+XYqExI4Q9XaTiWfWD5Y9ZpkL6Aatl0LbelWNvuYzKFcuNSTDeZOX3PoQoTqpfFEGE5BcrKM8kyi16NaPSgmesa0Ap9XZJLot0b3ZrrRJXffkhhdAQcQmbdExlBlhUtlE X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(2401047)(8121501046)(5005006)(10201501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(3231020)(6055026)(6096035)(20161123565025)(20161123556025)(20161123559100)(20161123563025)(201703131430075)(201703131433075)(201703131448075)(201703161259150)(201703151042153)(20161123561025)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR03MB2364; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR03MB2364; X-Forefront-PRVS: 0471B73328 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR03MB2364; 23:bqnpSnkLgI4UWNaDURiEiotyRc24DGf+87zgPI/6q?= =?us-ascii?Q?QX/pFJe3tV2jDeqopgDoJnYG3CZ6hMdK5D08NuTNH2FgZKI/dQG50WQdQAt8?= =?us-ascii?Q?X8lWcQtCyET3D0pvdGs7xTN7aD5UbMB9kX6C8QqDDzZxXUd1qiymgU7ACLvj?= =?us-ascii?Q?2/hvHUqJmkXAhq8Q84vTS9lTGmpZhme8WBGKMgZ4NrqCQmwc2Ls7cHv8D/Ng?= =?us-ascii?Q?TC5AldQYo66k5x/L4lCO/veYXSfTeCcnBcUrGbEfuvkGaBYw9+QX3tUvpHLM?= =?us-ascii?Q?3Vyhr2k8Pn59YgsrTIwr9B4bVGPEPr4u5g8MFiFW+HewBhThKdCwLqdKv5mK?= =?us-ascii?Q?oRJPeWnuhycPTZ+tZXkuPTdvorZ8wYLEFC6xFZXl2P2OFXPa67lAmU0MYHEW?= =?us-ascii?Q?ZV2Qa05U5lF3QH83B8gnFBln6KPVHYam7kR9KWkfLZmvZcYKpwDg18fyBa+d?= =?us-ascii?Q?xYaYWwd2lG7K41TMLkXlH/cdBOVSz4v4E18HkHHrcGjuuzwrbqwDJpb1Ggvy?= =?us-ascii?Q?5r2rJiOuXHAQNduDcarqWyfAx3iZZeazQmMqYv0AdQEVWjxUwWcXMT2/IYFt?= =?us-ascii?Q?/dFGyGYWVPJYEyvuN27sVv8koIW9Vf8tGMD8GDDa8YdbEplQQKPxvlWxcA7A?= =?us-ascii?Q?56ZA8GkKi2xKQRkQF0KVOhMqgxB0TFeI4odx30Xfzgh9pEuKP1fLVUVGuRj8?= =?us-ascii?Q?FGm4vsu6buCUOcUx2WmvY3Ad3LttoAZhTaEKsC7nEiCRa1LPKuYOsY1ejSya?= =?us-ascii?Q?v5ejD5Z3IVCNE2dGgQ5hsXaiqynDE7kIynB9Ge8zy1/1R7dWwQo63qgh+udZ?= =?us-ascii?Q?UqH3Xuc3Br3gf3ELxB9HbwxVtywOlLLCjE24P+P4l5Uo8ny/58nZkOhZ/EtQ?= =?us-ascii?Q?KvoFZ+Fdd/ehDnuZgk0hKIyiZ6Pqq1eSKiUI3ThDc8/pi9boj406+60v6/4Z?= =?us-ascii?Q?Pv/y+Eug6YT4RicDPtYFKhz6pLGtjuaD64oGIqBufU0mYMG/jqgWbUQjOIGc?= =?us-ascii?Q?/QVs01oAbGTMsMKwIgVV4Vc2LVFz+tlO6y3jzDofDfvVbmby/5bbUD9j/xt7?= =?us-ascii?Q?Fn7IzxBT9wZ/iwoOWHclaH4ByNr3JX6KUa8hoyqHE8F3MYYrC+YBVyMky24e?= =?us-ascii?Q?RZoZcwf4OWn8GamIaTH8Wu8DKTrfVRV3N6UhjCF5QQUdjZa9SQOyX/zV0KPK?= =?us-ascii?Q?ZkDbBKodejFmoP/eerJ4/FC607eZamEIkqRe+5ZFg0xhdOZ0LOp7ZiVlj1BR?= =?us-ascii?Q?6gObC3gnbwOqlV6WsbJzJ8AnK5LNKp+FlVakbVhR3d6q8/iDutbFH8/7IuUp?= =?us-ascii?Q?ENvEGsxmcu9CMLUXRZIwEldIYBIx7XGxz1zniNdc+Gc?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2364; 6:Tn33j4OESvl5VDVoUS3ziD5s8n0PpPQJFraBKUOl94HSLmAZBXbjKtMaCi4yfFHBmrVqGDqueMsLcOzjhII3Igb77P0ZZM0n9FsAEPsKwySEiY5Q50cg78ljn9RX1RyHjUTAwyHmANo/RVgaIgdmCWWW3/5ZqJ990Na3w3x1cdJYpjc7gcS+CK+GsSXJYrp4/xWmuW10/chw9Ra2pWgUyhCtZHLZZzlF5Lhnc4aZL7NXYlcrd14q6fdpl2+l9mpB/1BayUBUjwABnweFpIb2GP1Bo7RW16ExxzuN12VulLOg0WXtg687HdKcijoSX1xPw9CU5wczsTMkOWZfcD8GTuGCzZbsRgEnjqdd9vFbFlk=; 5:3ZbZ71foVf8982e5zCvdoc9IGKapaXC7O6agKwRiUtsffN41zcpteAgy6xRGwl9qxlmhJGSoVzUtYHH+QgYrFnvXXUQpOB1e6lDeQ0B5nLGlBJiOpn2xV8STVqN+zjthfe1jxe2vqJaiXm8QejwOWoTG30+dVB1HTmsJuqyNsCg=; 24:4BZYAPwPqjfNQc8Y4iEVUZPP2OiLh8SBtV/1Rr5LPSv+/EQSDcHboTfW8m+9k3MoFdkatYPohyd3mWYzsoUkWwSvr5Ewa7D+SqNjxV7xrso=; 7:/QSJl/P1tkez1O1V1DE2UyXKNTsNHr5xjXIZWht+SiWrolZwymFoicAPekhJhCMmxH6Q0aUiJVHTrTo4w1dNn9PpEx8jKilUBhw4jIt2KFgukE2XIglEj6fEqPOor4lRW4qdr5NDSTYxYKNh0vykA24WuENEVV/biqeG+/rYvxcywtDM1aiBXgspHSDAOwWDldx6AKrdXvl1R69dxvIVCSaw/0g4x/tQxtyZQbGTGHdNmTGrBZ5ipzOzxQZR3+Bk SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2017 15:10:21.1747 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aae634ac-56e5-4b9d-6c94-08d51bba82bf X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB2364 Subject: [dpdk-dev] [PATCH v6 00/10] introduce security offload library X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Oct 2017 15:10:23 -0000 This patchset introduce the rte_security library in DPDK. This also includes the sample implementation of drivers and changes in ipsec gateway application to demonstrate its usage. rte_security library is implemented on the idea proposed earlier [1],[2],[3] to support IPsec Inline and look aside crypto offload. Though the current focus is only on IPsec protocol, but the library is not limited to IPsec, it can be extended to other security protocols e.g. MACSEC, PDCP or DTLS. In this library, crypto/ethernet devices can register itself to the security library to support security offload. The library support 3 modes of operation 1. full protocol offload using crypto devices. (RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) 2. inline ipsec using ethernet devices to perform crypto operations (RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) 3. full protocol offload using ethernet devices. (RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) The details for each mode is documented in the patchset in doc/guides/prog_guide/rte_security.rst The modification in the application ipsec-secgw is also doocumented in doc/guides/sample_app_ug/ipsec_secgw.rst This patchset is also available at: git://dpdk.org/draft/dpdk-draft-ipsec branch: integration_v6 changes in v6: 1. fixed shared build 2. Incorporated comments from Thomas, Olivier and Shahaf 3. merged 8th patch of v5 to library patch. 4. moved cryptodev/net/mbuf/ethdev changes before the library patch so that compilation can be done for each patch. 5. rebased over latest crypto-next. changes in v5: 1. Incorporated comments from Shahaf, Konstantin and Thomas 2. Rebased over latest crypto-next tree(which is rebased over master) + Aviad's v3 of ipsec-secgw fixes. changes in v4: 1. Incorporated comments from Konstantin. 2. rebased over master 3. rebased over ipsec patches sent by Aviad http://dpdk.org/ml/archives/dev/2017-October/079192.html 4. resolved multi process limitation 5. minor updates in documentation and drivers changes in v3: 1. fixed compilation for FreeBSD 2. Incorporated comments from Pablo, John, Shahaf 3. Updated drivers for dpaa2_sec and ixgbe for some minor fixes 4. patch titles updated 5. fixed return type of rte_cryptodev_get_sec_id changes in v2: 1. update documentation for rte_flow. 2. fixed API to unregister device to security library. 3. incorporated most of the comments from Jerin. 4. updated rte_security documentation as per the review comments from John. 5. Certain application updates for some cases. 6. updated changes in mbuf as per the comments from Olivier. Future enhancements: 1. for full protocol offload - error handling and notification cases 2. add more security protocols 3. test application support 4. anti-replay support 5. SA time out support 6. Support Multi process use case Reference: [1] http://dpdk.org/ml/archives/dev/2017-July/070793.html [2] http://dpdk.org/ml/archives/dev/2017-July/071893.html [3] http://dpdk.org/ml/archives/dev/2017-August/072900.html Akhil Goyal (5): cryptodev: support security APIs security: introduce security API and framework doc: add details of rte security crypto/dpaa2_sec: add support for protocol offload ipsec examples/ipsec-secgw: add support for security offload Boris Pismenny (3): net: add ESP header to generic flow steering mbuf: add security crypto flags and mbuf fields ethdev: add rte flow action for crypto Declan Doherty (1): ethdev: support security APIs Radu Nicolau (1): net/ixgbe: enable inline ipsec MAINTAINERS | 6 + config/common_base | 5 + doc/api/doxy-api-index.md | 2 + doc/api/doxy-api.conf | 1 + doc/guides/cryptodevs/features/default.ini | 1 + doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 + doc/guides/prog_guide/index.rst | 1 + doc/guides/prog_guide/rte_flow.rst | 84 ++- doc/guides/prog_guide/rte_security.rst | 564 +++++++++++++++++++ doc/guides/rel_notes/release_17_11.rst | 1 + doc/guides/sample_app_ug/ipsec_secgw.rst | 52 +- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 422 +++++++++++++- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 62 +++ drivers/net/ixgbe/Makefile | 2 +- drivers/net/ixgbe/base/ixgbe_osdep.h | 8 + drivers/net/ixgbe/ixgbe_ethdev.c | 11 + drivers/net/ixgbe/ixgbe_ethdev.h | 6 +- drivers/net/ixgbe/ixgbe_flow.c | 47 ++ drivers/net/ixgbe/ixgbe_ipsec.c | 737 +++++++++++++++++++++++++ drivers/net/ixgbe/ixgbe_ipsec.h | 151 +++++ drivers/net/ixgbe/ixgbe_rxtx.c | 59 +- drivers/net/ixgbe/ixgbe_rxtx.h | 11 +- drivers/net/ixgbe/ixgbe_rxtx_vec_sse.c | 57 ++ examples/ipsec-secgw/esp.c | 120 ++-- examples/ipsec-secgw/esp.h | 10 - examples/ipsec-secgw/ipsec-secgw.c | 5 + examples/ipsec-secgw/ipsec.c | 308 +++++++++-- examples/ipsec-secgw/ipsec.h | 32 +- examples/ipsec-secgw/sa.c | 151 +++-- lib/Makefile | 4 + lib/librte_cryptodev/rte_crypto.h | 3 +- lib/librte_cryptodev/rte_crypto_sym.h | 2 + lib/librte_cryptodev/rte_cryptodev.c | 10 + lib/librte_cryptodev/rte_cryptodev.h | 8 + lib/librte_cryptodev/rte_cryptodev_version.map | 1 + lib/librte_ether/rte_ethdev.c | 13 + lib/librte_ether/rte_ethdev.h | 9 + lib/librte_ether/rte_ethdev_version.map | 1 + lib/librte_ether/rte_flow.h | 65 +++ lib/librte_mbuf/rte_mbuf.c | 6 + lib/librte_mbuf/rte_mbuf.h | 35 +- lib/librte_mbuf/rte_mbuf_ptype.c | 1 + lib/librte_mbuf/rte_mbuf_ptype.h | 11 + lib/librte_net/Makefile | 2 +- lib/librte_net/rte_esp.h | 60 ++ lib/librte_security/Makefile | 54 ++ lib/librte_security/rte_security.c | 149 +++++ lib/librte_security/rte_security.h | 529 ++++++++++++++++++ lib/librte_security/rte_security_driver.h | 156 ++++++ lib/librte_security/rte_security_version.map | 14 + mk/rte.app.mk | 1 + 51 files changed, 3893 insertions(+), 158 deletions(-) create mode 100644 doc/guides/prog_guide/rte_security.rst create mode 100644 drivers/net/ixgbe/ixgbe_ipsec.c create mode 100644 drivers/net/ixgbe/ixgbe_ipsec.h create mode 100644 lib/librte_net/rte_esp.h create mode 100644 lib/librte_security/Makefile create mode 100644 lib/librte_security/rte_security.c create mode 100644 lib/librte_security/rte_security.h create mode 100644 lib/librte_security/rte_security_driver.h create mode 100644 lib/librte_security/rte_security_version.map -- 2.9.3