From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: "Iremonger, Bernard" <bernard.iremonger@intel.com>,
"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>
Subject: Re: [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API
Date: Sat, 14 Sep 2019 23:05:37 +0000 [thread overview]
Message-ID: <2601191342CEEE43887BDE71AB977258019196585E@irsmsx105.ger.corp.intel.com> (raw)
In-Reply-To: <a0a69e4f67c6d6d592fc2ec554b74eaec06d6256.1567529480.git.vladimir.medvedkin@intel.com>
> --- /dev/null
> +++ b/lib/librte_ipsec/rte_ipsec_sad.h
> @@ -0,0 +1,174 @@
> +
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2019 Intel Corporation
> + */
> +
> +#ifndef _RTE_IPSEC_SAD_H_
> +#define _RTE_IPSEC_SAD_H_
> +
> +#include <rte_compat.h>
> +
> +/**
> + * @file rte_ipsec_sad.h
> + * @b EXPERIMENTAL: this API may change without prior notice
> + *
> + * RTE IPsec security association database (SAD) support.
> + * It is not recommended to include this file directly,
> + * include <rte_ipsec.h> instead.
> + * Contains helper functions to lookup and maintain SAD
> + */
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +struct rte_ipsec_sad;
> +
> +/** Type of key */
> +enum {
> + RTE_IPSEC_SAD_SPI_ONLY = 0,
> + RTE_IPSEC_SAD_SPI_DIP,
> + RTE_IPSEC_SAD_SPI_DIP_SIP,
> + RTE_IPSEC_SAD_KEY_TYPE_MASK,
> +};
> +
> +struct rte_ipsec_sadv4_key {
> + uint32_t spi;
> + uint32_t dip;
> + uint32_t sip;
> +};
> +
> +struct rte_ipsec_sadv6_key {
> + uint32_t spi;
> + uint8_t dip[16];
> + uint8_t sip[16];
> +};
> +
> +union rte_ipsec_sad_key {
> + struct rte_ipsec_sadv4_key v4;
> + struct rte_ipsec_sadv6_key v6;
> +};
> +
> +#define RTE_IPSEC_SAD_FLAG_IPV4 0x1
> +#define RTE_IPSEC_SAD_FLAG_IPV6 0x2
Don't think we need to values - ipv4/ipv6 flags are mutually exclusive here.
Might be better:
_ipv4=0, _ipv6=1 (or visa-versa) _mask=1
> +/** Flag to support reader writer concurrency */
> +#define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY 0x4
> +
> +/** IPsec SAD configuration structure */
> +struct rte_ipsec_sad_conf {
> + int socket_id;
> + /** maximum number of SA for each type key */
> + uint32_t max_sa[RTE_IPSEC_SAD_KEY_TYPE_MASK];
> + uint32_t flags;
> +};
> +
> +/**
> + * Add a rule into the SAD. Could be safely called with concurrent lookups
> + * if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
> + * While with this flag multi-reader - one-writer model Is MT safe,
> + * multi-writer model is not and required extra synchronisation.
> + *
> + * @param sad
> + * SAD object handle
> + * @param key
> + * pointer to the key
> + * @param key_type
> + * key type (spi only/spi+dip/spi+dip+sip)
> + * @param sa
> + * Pointer associated with the key to save in a SAD
> + * Must be 4 bytes aligned.
> + * @return
> + * 0 on success, negative value otherwise
> + */
> +__rte_experimental
> +int
> +rte_ipsec_sad_add(struct rte_ipsec_sad *sad, union rte_ipsec_sad_key *key,
> + int key_type, void *sa);
> +
> +/**
> + * Delete a rule from the SAD. Could be safely called with concurrent lookups
> + * if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
> + * While with this flag multi-reader - one-writer model Is MT safe,
> + * multi-writer model is not and required extra synchronisation.
> + *
> + * @param sad
> + * SAD object handle
> + * @param key
> + * pointer to the key
> + * @param key_type
> + * key type (spi only/spi+dip/spi+dip+sip)
> + * @return
> + * 0 on success, negative value otherwise
> + */
> +__rte_experimental
> +int
> +rte_ipsec_sad_del(struct rte_ipsec_sad *sad, union rte_ipsec_sad_key *key,
> + int key_type);
> +/*
> + * Create SAD
> + *
> + * @param name
> + * SAD name
> + * @param conf
> + * Structure containing the configuration
> + * @return
> + * Handle to SAD object on success
> + * NULL otherwise with rte_errno set to an appropriate values.
> + */
> +__rte_experimental
> +struct rte_ipsec_sad *
> +rte_ipsec_sad_create(const char *name, struct rte_ipsec_sad_conf *conf);
const struct rte_ipsec_sad_conf *
> +
> +/**
> + * Find an existing SAD object and return a pointer to it.
> + *
> + * @param name
> + * Name of the rib object as passed to rte_ipsec_sad_create()
> + * @return
> + * Pointer to sad object or NULL if object not found with rte_errno
> + * set appropriately. Possible rte_errno values include:
> + * - ENOENT - required entry not available to return.
> + */
> +__rte_experimental
> +struct rte_ipsec_sad *
> +rte_ipsec_sad_find_existing(const char *name);
> +
> +/**
> + * Free SAD object.
> + *
> + * @param sad
> + * pointer to the SAD object
> + * @return
> + * None
> + */
> +__rte_experimental
> +void
> +rte_ipsec_sad_free(struct rte_ipsec_sad *sad);
As a nit - might be better name I _destroy.
Usually such API comes in pairs: create/destroy, alloc/free, etc.
> +
> +/**
> + * Lookup multiple keys in the SAD.
> + *
> + * @param sad
> + * SAD object handle
> + * @param keys
> + * Array of keys to be looked up in the SAD
> + * @param sa
> + * Pointer assocoated with the keys.
> + * If the lookup for the given key failed, then corresponding sa
> + * will be NULL
> + * @param n
> + * Number of elements in keys array to lookup.
> + * @return
> + * -EINVAL for incorrect arguments, otherwise 0
> + */
> +__rte_experimental
> +int
> +rte_ipsec_sad_lookup(const struct rte_ipsec_sad *sad,
> + const union rte_ipsec_sad_key *keys[],
> + uint32_t n, void *sa[]);
> +
> +#ifdef __cplusplus
> +}
> +#endif
> +
> +#endif /* _RTE_IPSEC_SAD_H_ */
> diff --git a/lib/librte_ipsec/rte_ipsec_version.map b/lib/librte_ipsec/rte_ipsec_version.map
> index ee9f196..56c38ec 100644
> --- a/lib/librte_ipsec/rte_ipsec_version.map
> +++ b/lib/librte_ipsec/rte_ipsec_version.map
> @@ -11,5 +11,12 @@ EXPERIMENTAL {
> rte_ipsec_ses_from_crypto;
> rte_ipsec_session_prepare;
>
> + rte_ipsec_sad_add;
> + rte_ipsec_sad_create;
> + rte_ipsec_sad_del;
> + rte_ipsec_sad_find_existing;
> + rte_ipsec_sad_free;
> + rte_ipsec_sad_lookup;
> +
> local: *;
> };
> --
> 2.7.4
next prev parent reply other threads:[~2019-09-14 23:05 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-13 15:13 [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 " Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 " Vladimir Medvedkin
2019-10-11 11:34 ` Akhil Goyal
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 0/6] " Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 0/5] " Vladimir Medvedkin
2019-10-22 7:53 ` Akhil Goyal
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 1/6] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 2/6] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 3/6] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 4/6] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 5/6] app: add test-sad application Vladimir Medvedkin
2019-10-21 9:57 ` Akhil Goyal
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 6/6] doc/ipsec: update ipsec programmer's guide Vladimir Medvedkin
2019-10-18 10:09 ` Ananyev, Konstantin
2019-10-21 8:19 ` Akhil Goyal
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-11 10:42 ` Akhil Goyal
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-09 10:49 ` Ananyev, Konstantin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-09 10:56 ` Ananyev, Konstantin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-02 11:24 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-02 11:55 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-02 12:04 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-02 11:16 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-02 13:27 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-09-14 23:05 ` Ananyev, Konstantin [this message]
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-09-12 18:08 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-09-12 17:58 ` Ananyev, Konstantin
2019-10-01 17:24 ` Medvedkin, Vladimir
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-12 18:30 ` Ananyev, Konstantin
2019-09-12 18:33 ` Ananyev, Konstantin
2019-09-12 18:34 ` [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Ananyev, Konstantin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2601191342CEEE43887BDE71AB977258019196585E@irsmsx105.ger.corp.intel.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=vladimir.medvedkin@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).