From: Akhil Goyal <akhil.goyal@nxp.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: Thomas Monjalon <thomas@monjalon.net>,
"Awal, Mohammad Abdul" <mohammad.abdul.awal@intel.com>
Subject: Re: [dpdk-dev] [PATCH v4 04/10] lib: introduce ipsec library
Date: Fri, 21 Dec 2018 11:57:20 +0000 [thread overview]
Message-ID: <69809b4c-b075-215e-da22-4a6f70181373@nxp.com> (raw)
In-Reply-To: <2601191342CEEE43887BDE71AB977258010D8BD670@IRSMSX106.ger.corp.intel.com>
On 12/20/2018 11:47 PM, Ananyev, Konstantin wrote:
>>>> +
>>>> +static int
>>>> +fill_crypto_xform(struct crypto_xform *xform,
>>>> + const struct rte_ipsec_sa_prm *prm)
>>>> +{
>>>> + struct rte_crypto_sym_xform *xf;
>>>> +
>>>> + memset(xform, 0, sizeof(*xform));
>>>> +
>>>> + for (xf = prm->crypto_xform; xf != NULL; xf = xf->next) {
>>>> + if (xf->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
>>>> + if (xform->auth != NULL)
>>>> + return -EINVAL;
>>>> + xform->auth = &xf->auth;
>>>> + } else if (xf->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
>>>> + if (xform->cipher != NULL)
>>>> + return -EINVAL;
>>>> + xform->cipher = &xf->cipher;
>>>> + } else if (xf->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
>>>> + if (xform->aead != NULL)
>>>> + return -EINVAL;
>>>> + xform->aead = &xf->aead;
>>>> + } else
>>>> + return -EINVAL;
>>>> + }
>>>> +
>>>> + return check_crypto_xform(xform);
>>>> +}
>>> how is this function handling the inbound and outbound cases.
>>> In inbound first xform is auth and then cipher.
>>> In outbound first is cipher and then auth. I think this should be
>>> checked in the lib.
>> Interesting, I didn't know about such limitation.
>> My understanding was that the any order (<auth,cipher>, <cipher,auth>)
>> for both inbound and outbound is acceptable.
>> Is that order restriction is documented somewhere?
>>
> Actually, if such restriction really exists, and cryptodev framework obeys it,
> then crypto session creation will fail anyway.
ipsec library should not rely on other components to give error.
it should handle the cases which it is expected to.
As per my understanding, IPSEC is a cipher then authenticate protocol
for outbound case and it should give error in other case.
Similarly, auth then cipher in case of inbound case.
>>> Here for loop should not be there, as there would be at max only 2 xforms.
next prev parent reply other threads:[~2018-12-21 11:57 UTC|newest]
Thread overview: 194+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-24 16:53 [dpdk-dev] [RFC] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-09-03 12:41 ` Joseph, Anoob
2018-09-03 18:21 ` Ananyev, Konstantin
2018-09-05 14:39 ` Joseph, Anoob
[not found] ` <2601191342CEEE43887BDE71AB977258EA954BAD@irsmsx105.ger.corp.intel.com>
2018-09-12 18:09 ` Ananyev, Konstantin
2018-09-15 17:06 ` Joseph, Anoob
2018-09-16 10:56 ` Jerin Jacob
2018-09-17 18:12 ` Ananyev, Konstantin
2018-09-18 12:42 ` Ananyev, Konstantin
2018-09-20 14:26 ` Akhil Goyal
2018-09-24 10:51 ` Ananyev, Konstantin
2018-09-25 7:48 ` Akhil Goyal
2018-09-30 21:00 ` Ananyev, Konstantin
2018-10-01 12:49 ` Akhil Goyal
2018-10-02 23:24 ` Ananyev, Konstantin
2018-09-18 17:54 ` Jerin Jacob
2018-09-24 8:45 ` Ananyev, Konstantin
2018-09-26 18:02 ` Jerin Jacob
2018-10-02 23:56 ` Ananyev, Konstantin
2018-10-03 9:37 ` Jerin Jacob
2018-10-09 18:24 ` Ananyev, Konstantin
2018-09-17 10:36 ` Ananyev, Konstantin
2018-09-17 14:41 ` Joseph, Anoob
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 0/9] " Konstantin Ananyev
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 1/9] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 2/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 3/9] net: add ESP trailer structure definition Konstantin Ananyev
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 4/9] lib: introduce ipsec library Konstantin Ananyev
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 5/9] ipsec: add SA data-path API Konstantin Ananyev
2018-10-18 17:37 ` Jerin Jacob
2018-10-21 22:01 ` Ananyev, Konstantin
2018-10-24 12:03 ` Jerin Jacob
2018-10-28 20:37 ` Ananyev, Konstantin
2018-10-29 10:19 ` Jerin Jacob
2018-10-30 13:53 ` Ananyev, Konstantin
2018-10-31 6:37 ` Jerin Jacob
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 6/9] ipsec: implement " Konstantin Ananyev
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 7/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 8/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-10-09 18:23 ` [dpdk-dev] [RFC v2 9/9] test/ipsec: introduce functional test Konstantin Ananyev
2018-11-15 23:53 ` [dpdk-dev] [PATCH 0/9] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-11-15 23:53 ` [dpdk-dev] [PATCH 1/9] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2018-11-16 10:23 ` Mohammad Abdul Awal
2018-11-30 16:45 ` [dpdk-dev] [PATCH v2 0/9] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-11-30 16:45 ` [dpdk-dev] [PATCH v2 1/9] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2018-12-04 13:13 ` Mohammad Abdul Awal
2018-12-04 15:32 ` Trahe, Fiona
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 0/9] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 1/9] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2018-12-11 17:24 ` Doherty, Declan
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 01/10] " Konstantin Ananyev
2018-12-19 9:26 ` Akhil Goyal
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 00/10] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 01/10] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 00/10] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2019-01-11 1:09 ` Xu, Yanjie
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 01/10] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2019-01-04 0:25 ` Stephen Hemminger
2019-01-04 9:29 ` Ananyev, Konstantin
2019-01-09 23:41 ` Thomas Monjalon
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 00/10] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2019-01-10 14:25 ` Thomas Monjalon
2019-01-10 14:40 ` De Lara Guarch, Pablo
2019-01-10 14:52 ` Ananyev, Konstantin
2019-01-10 14:54 ` Thomas Monjalon
2019-01-10 14:58 ` Ananyev, Konstantin
2019-01-10 15:00 ` Akhil Goyal
2019-01-10 15:09 ` Akhil Goyal
2019-01-10 14:51 ` Akhil Goyal
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 01/10] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 0/9] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2019-01-10 23:59 ` De Lara Guarch, Pablo
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 1/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 2/9] net: add ESP trailer structure definition Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 3/9] lib: introduce ipsec library Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 4/9] ipsec: add SA data-path API Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 5/9] ipsec: implement " Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 6/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 7/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 8/9] test/ipsec: introduce functional test Konstantin Ananyev
2019-01-10 21:06 ` [dpdk-dev] [PATCH v8 9/9] doc: add IPsec library guide Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 02/10] security: add opaque userdata pointer into security session Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 03/10] net: add ESP trailer structure definition Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 04/10] lib: introduce ipsec library Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 05/10] ipsec: add SA data-path API Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 06/10] ipsec: implement " Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 07/10] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 08/10] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 09/10] test/ipsec: introduce functional test Konstantin Ananyev
2019-01-10 14:20 ` [dpdk-dev] [PATCH v7 10/10] doc: add IPsec library guide Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 02/10] security: add opaque userdata pointer into security session Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 03/10] net: add ESP trailer structure definition Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 04/10] lib: introduce ipsec library Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 05/10] ipsec: add SA data-path API Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 06/10] ipsec: implement " Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 07/10] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 08/10] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 09/10] test/ipsec: introduce functional test Konstantin Ananyev
2019-01-03 20:16 ` [dpdk-dev] [PATCH v6 10/10] doc: add IPsec library guide Konstantin Ananyev
2019-01-10 8:35 ` Thomas Monjalon
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 02/10] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 03/10] net: add ESP trailer structure definition Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 04/10] lib: introduce ipsec library Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 05/10] ipsec: add SA data-path API Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 06/10] ipsec: implement " Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 07/10] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 08/10] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 09/10] test/ipsec: introduce functional test Konstantin Ananyev
2018-12-28 15:17 ` [dpdk-dev] [PATCH v5 10/10] doc: add IPsec library guide Konstantin Ananyev
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 02/10] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-12-19 9:26 ` Akhil Goyal
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 03/10] net: add ESP trailer structure definition Konstantin Ananyev
2018-12-19 9:32 ` Akhil Goyal
2018-12-27 10:13 ` Olivier Matz
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 04/10] lib: introduce ipsec library Konstantin Ananyev
2018-12-19 12:08 ` Akhil Goyal
2018-12-19 12:39 ` Thomas Monjalon
2018-12-20 14:06 ` Ananyev, Konstantin
2018-12-20 14:14 ` Thomas Monjalon
2018-12-20 14:26 ` Ananyev, Konstantin
2018-12-20 18:17 ` Ananyev, Konstantin
2018-12-21 11:57 ` Akhil Goyal [this message]
2018-12-21 11:53 ` Akhil Goyal
2018-12-21 12:41 ` Ananyev, Konstantin
2018-12-21 12:54 ` Ananyev, Konstantin
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 05/10] ipsec: add SA data-path API Konstantin Ananyev
2018-12-19 13:04 ` Akhil Goyal
2018-12-20 10:17 ` Ananyev, Konstantin
2018-12-21 12:14 ` Akhil Goyal
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 06/10] ipsec: implement " Konstantin Ananyev
2018-12-19 15:32 ` Akhil Goyal
2018-12-20 12:56 ` Ananyev, Konstantin
2018-12-21 12:36 ` Akhil Goyal
2018-12-21 14:27 ` Ananyev, Konstantin
2018-12-21 14:39 ` Thomas Monjalon
2018-12-21 14:51 ` Akhil Goyal
2018-12-21 15:16 ` Ananyev, Konstantin
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 07/10] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 08/10] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-12-19 15:46 ` Akhil Goyal
2018-12-20 13:00 ` Ananyev, Konstantin
2018-12-21 12:37 ` Akhil Goyal
2018-12-14 16:23 ` [dpdk-dev] [PATCH v4 09/10] test/ipsec: introduce functional test Konstantin Ananyev
2018-12-19 15:53 ` Akhil Goyal
2018-12-20 13:03 ` Ananyev, Konstantin
2018-12-21 12:41 ` Akhil Goyal
2018-12-14 16:27 ` [dpdk-dev] [PATCH v4 10/10] doc: add IPsec library guide Konstantin Ananyev
2018-12-19 3:46 ` Thomas Monjalon
2018-12-19 16:01 ` Akhil Goyal
2018-12-20 13:06 ` Ananyev, Konstantin
2018-12-21 12:58 ` Akhil Goyal
2018-12-14 16:29 ` [dpdk-dev] [PATCH v4 00/10] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-12-21 13:32 ` Akhil Goyal
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 2/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-12-11 17:25 ` Doherty, Declan
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 3/9] net: add ESP trailer structure definition Konstantin Ananyev
2018-12-11 17:25 ` Doherty, Declan
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 4/9] lib: introduce ipsec library Konstantin Ananyev
2018-12-11 17:25 ` Doherty, Declan
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 5/9] ipsec: add SA data-path API Konstantin Ananyev
2018-12-11 17:25 ` Doherty, Declan
2018-12-12 7:37 ` Ananyev, Konstantin
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 6/9] ipsec: implement " Konstantin Ananyev
2018-12-12 17:47 ` Doherty, Declan
2018-12-13 11:21 ` Ananyev, Konstantin
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 7/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-12-13 12:14 ` Doherty, Declan
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 8/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-12-13 12:14 ` Doherty, Declan
2018-12-06 15:38 ` [dpdk-dev] [PATCH v3 9/9] test/ipsec: introduce functional test Konstantin Ananyev
2018-12-13 12:54 ` Doherty, Declan
2018-11-30 16:45 ` [dpdk-dev] [PATCH v2 2/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-12-04 13:13 ` Mohammad Abdul Awal
2018-11-30 16:46 ` [dpdk-dev] [PATCH v2 3/9] net: add ESP trailer structure definition Konstantin Ananyev
2018-12-04 13:12 ` Mohammad Abdul Awal
2018-11-30 16:46 ` [dpdk-dev] [PATCH v2 4/9] lib: introduce ipsec library Konstantin Ananyev
2018-11-30 16:46 ` [dpdk-dev] [PATCH v2 5/9] ipsec: add SA data-path API Konstantin Ananyev
2018-11-30 16:46 ` [dpdk-dev] [PATCH v2 6/9] ipsec: implement " Konstantin Ananyev
2018-11-30 16:46 ` [dpdk-dev] [PATCH v2 7/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-11-30 16:46 ` [dpdk-dev] [PATCH v2 8/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-11-30 16:46 ` [dpdk-dev] [PATCH v2 9/9] test/ipsec: introduce functional test Konstantin Ananyev
2018-11-15 23:53 ` [dpdk-dev] [PATCH 2/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-11-16 10:24 ` Mohammad Abdul Awal
2018-11-15 23:53 ` [dpdk-dev] [PATCH 3/9] net: add ESP trailer structure definition Konstantin Ananyev
2018-11-16 10:22 ` Mohammad Abdul Awal
2018-11-15 23:53 ` [dpdk-dev] [PATCH 4/9] lib: introduce ipsec library Konstantin Ananyev
2018-11-15 23:53 ` [dpdk-dev] [PATCH 5/9] ipsec: add SA data-path API Konstantin Ananyev
2018-11-15 23:53 ` [dpdk-dev] [PATCH 6/9] ipsec: implement " Konstantin Ananyev
2018-11-20 1:03 ` Zhang, Qi Z
2018-11-20 9:44 ` Ananyev, Konstantin
2018-11-20 10:02 ` Ananyev, Konstantin
2018-11-15 23:53 ` [dpdk-dev] [PATCH 7/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-11-15 23:53 ` [dpdk-dev] [PATCH 8/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-11-15 23:53 ` [dpdk-dev] [PATCH 9/9] test/ipsec: introduce functional test Konstantin Ananyev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69809b4c-b075-215e-da22-4a6f70181373@nxp.com \
--to=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
--cc=mohammad.abdul.awal@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).