From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <konstantin.ananyev@intel.com>
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by dpdk.org (Postfix) with ESMTP id C6BEF1B1F7
 for <dev@dpdk.org>; Thu,  5 Oct 2017 20:02:04 +0200 (CEST)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by fmsmga105.fm.intel.com with ESMTP; 05 Oct 2017 11:02:02 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.42,481,1500966000"; d="scan'208";a="1227496740"
Received: from irsmsx109.ger.corp.intel.com ([163.33.3.23])
 by fmsmga002.fm.intel.com with ESMTP; 05 Oct 2017 11:02:00 -0700
Received: from irsmsx103.ger.corp.intel.com ([169.254.3.49]) by
 IRSMSX109.ger.corp.intel.com ([169.254.13.28]) with mapi id 14.03.0319.002;
 Thu, 5 Oct 2017 19:01:59 +0100
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, "dev@dpdk.org" <dev@dpdk.org>
CC: "Doherty, Declan" <declan.doherty@intel.com>, "De Lara Guarch, Pablo"
 <pablo.de.lara.guarch@intel.com>, "hemant.agrawal@nxp.com"
 <hemant.agrawal@nxp.com>, "Nicolau, Radu" <radu.nicolau@intel.com>,
 "borisp@mellanox.com" <borisp@mellanox.com>, "aviadye@mellanox.com"
 <aviadye@mellanox.com>, "thomas@monjalon.net" <thomas@monjalon.net>,
 "sandeep.malik@nxp.com" <sandeep.malik@nxp.com>,
 "jerin.jacob@caviumnetworks.com" <jerin.jacob@caviumnetworks.com>,
 "Mcnamara, John" <john.mcnamara@intel.com>, "olivier.matz@6wind.com"
 <olivier.matz@6wind.com>, Shahaf Shuler <shahafs@mellanox.com>
Thread-Topic: [dpdk-dev] [PATCH v2 06/12] ethdev: extend ethdev to support
 security APIs
Thread-Index: AQHTPEoiOGdw+N79mEuYn/HEoad7tqLVjiHw
Date: Thu, 5 Oct 2017 18:01:57 +0000
Message-ID: <2601191342CEEE43887BDE71AB9772585FAA4EF6@IRSMSX103.ger.corp.intel.com>
References: <20170914082651.26232-1-akhil.goyal@nxp.com>
 <20171003131413.23846-1-akhil.goyal@nxp.com>
 <20171003131413.23846-7-akhil.goyal@nxp.com>
In-Reply-To: <20171003131413.23846-7-akhil.goyal@nxp.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNTIxOWVkZTUtY2YzYy00YmUxLTllZDMtNGUzMjc4Nzk2YTRmIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6Ik5QN1ZFa2JjNjFDU2RiUHRLN2ZZYlIxc1FEMWZpeDdhWWZHSWRNUlUxNlE9In0=
x-ctpclassification: CTP_IC
dlp-product: dlpe-windows
dlp-version: 11.0.0.116
dlp-reaction: no-action
x-originating-ip: [163.33.239.181]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH v2 06/12] ethdev: extend ethdev to
	support	security APIs
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2017 18:02:05 -0000



> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Akhil Goyal
> Sent: Tuesday, October 3, 2017 2:14 PM
> To: dev@dpdk.org
> Cc: Doherty, Declan <declan.doherty@intel.com>; De Lara Guarch, Pablo <pa=
blo.de.lara.guarch@intel.com>; hemant.agrawal@nxp.com;
> Nicolau, Radu <radu.nicolau@intel.com>; borisp@mellanox.com; aviadye@mell=
anox.com; thomas@monjalon.net;
> sandeep.malik@nxp.com; jerin.jacob@caviumnetworks.com; Mcnamara, John <jo=
hn.mcnamara@intel.com>; olivier.matz@6wind.com
> Subject: [dpdk-dev] [PATCH v2 06/12] ethdev: extend ethdev to support sec=
urity APIs
>=20
> From: Declan Doherty <declan.doherty@intel.com>
>=20
> rte_flow_action type and ethdev updated to support rte_security
> sessions for crypto offload to ethernet device.
>=20
> Signed-off-by: Boris Pismenny <borisp@mellanox.com>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> ---
>  lib/librte_ether/rte_ethdev.c           | 11 +++++++++++
>  lib/librte_ether/rte_ethdev.h           | 19 +++++++++++++++++--
>  lib/librte_ether/rte_ethdev_version.map |  7 +++++++
>  3 files changed, 35 insertions(+), 2 deletions(-)
>=20
> diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.=
c
> index 0597641..f51c5a5 100644
> --- a/lib/librte_ether/rte_ethdev.c
> +++ b/lib/librte_ether/rte_ethdev.c
> @@ -302,6 +302,17 @@ rte_eth_dev_socket_id(uint8_t port_id)
>  	return rte_eth_devices[port_id].data->numa_node;
>  }
>=20
> +uint16_t
> +rte_eth_dev_get_sec_id(uint8_t port_id)
> +{
> +	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -1);
> +
> +	if (rte_eth_devices[port_id].data->dev_flags & RTE_ETH_DEV_SECURITY)
> +		return rte_eth_devices[port_id].data->sec_id;
> +
> +	return -1;
> +}
> +
>  uint8_t
>  rte_eth_dev_count(void)
>  {
> diff --git a/lib/librte_ether/rte_ethdev.h b/lib/librte_ether/rte_ethdev.=
h
> index 0adf327..193ad62 100644
> --- a/lib/librte_ether/rte_ethdev.h
> +++ b/lib/librte_ether/rte_ethdev.h
> @@ -180,6 +180,8 @@ extern "C" {
>  #include <rte_dev.h>
>  #include <rte_devargs.h>
>  #include <rte_errno.h>
> +#include <rte_common.h>
> +
>  #include "rte_ether.h"
>  #include "rte_eth_ctrl.h"
>  #include "rte_dev_info.h"
> @@ -357,7 +359,8 @@ struct rte_eth_rxmode {
>  		jumbo_frame      : 1, /**< Jumbo Frame Receipt enable. */
>  		hw_strip_crc     : 1, /**< Enable CRC stripping by hardware. */
>  		enable_scatter   : 1, /**< Enable scatter packets rx handler */
> -		enable_lro       : 1; /**< Enable LRO */
> +		enable_lro       : 1, /**< Enable LRO */
> +		enable_sec       : 1; /**< Enable security offload */
>  };
>=20
>  /**
> @@ -679,8 +682,10 @@ struct rte_eth_txmode {
>  		/**< If set, reject sending out tagged pkts */
>  		hw_vlan_reject_untagged : 1,
>  		/**< If set, reject sending out untagged pkts */
> -		hw_vlan_insert_pvid : 1;
> +		hw_vlan_insert_pvid : 1,
>  		/**< If set, enable port based VLAN insertion */
> +		enable_sec       : 1;
> +		/**< Enable security offload */
>  };

You probably need to SYNC with Shahaf here regarding new proposed RX/TX
offload config method.
=20

>=20
>  /**
> @@ -907,6 +912,7 @@ struct rte_eth_conf {
>  #define DEV_RX_OFFLOAD_QINQ_STRIP  0x00000020
>  #define DEV_RX_OFFLOAD_OUTER_IPV4_CKSUM 0x00000040
>  #define DEV_RX_OFFLOAD_MACSEC_STRIP     0x00000080
> +#define DEV_RX_OFFLOAD_SECURITY         0x00000100

If that's for IPSec, why not name it just: DEV_RX_OFFLOAD_IPSEC?
Same question for TX.
Konstantin

>=20
>  /**
>   * TX offload capabilities of a device.
> @@ -926,6 +932,8 @@ struct rte_eth_conf {
>  #define DEV_TX_OFFLOAD_GENEVE_TNL_TSO   0x00001000    /**< Used for tunn=
eling packet. */
>  #define DEV_TX_OFFLOAD_MACSEC_INSERT    0x00002000
>  #define DEV_TX_OFFLOAD_MT_LOCKFREE      0x00004000
> +#define DEV_TX_OFFLOAD_SECURITY         0x00008000
> +#define DEV_TX_OFFLOAD_SEC_NEED_MDATA   0x00010000
>  /**< Multiple threads can invoke rte_eth_tx_burst() concurrently on the =
same
>   * tx queue without SW lock.
>   */
> @@ -1651,6 +1659,9 @@ struct rte_eth_dev {
>  	enum rte_eth_dev_state state; /**< Flag indicating the port state */
>  } __rte_cache_aligned;
>=20
> +uint16_t
> +rte_eth_dev_get_sec_id(uint8_t port_id);
> +
>  struct rte_eth_dev_sriov {
>  	uint8_t active;               /**< SRIOV is active with 16, 32 or 64 po=
ols */
>  	uint8_t nb_q_per_pool;        /**< rx queue number per pool */
> @@ -1711,6 +1722,8 @@ struct rte_eth_dev_data {
>  	int numa_node;  /**< NUMA node connection */
>  	struct rte_vlan_filter_conf vlan_filter_conf;
>  	/**< VLAN filter configuration. */
> +	uint16_t sec_id;
> +	/**< security instance identifier */
>  };
>=20
>  /** Device supports hotplug detach */
> @@ -1721,6 +1734,8 @@ struct rte_eth_dev_data {
>  #define RTE_ETH_DEV_BONDED_SLAVE 0x0004
>  /** Device supports device removal interrupt */
>  #define RTE_ETH_DEV_INTR_RMV     0x0008
> +/** Device supports inline security processing */
> +#define RTE_ETH_DEV_SECURITY    0x0010
>=20
>  /**
>   * @internal
> diff --git a/lib/librte_ether/rte_ethdev_version.map b/lib/librte_ether/r=
te_ethdev_version.map
> index 4283728..24cbd7d 100644
> --- a/lib/librte_ether/rte_ethdev_version.map
> +++ b/lib/librte_ether/rte_ethdev_version.map
> @@ -187,3 +187,10 @@ DPDK_17.08 {
>  	rte_tm_wred_profile_delete;
>=20
>  } DPDK_17.05;
> +
> +DPDK_17.11 {
> +	global:
> +
> +	rte_eth_dev_get_sec_id;
> +
> +} DPDK_17.08;
> --
> 2.9.3