From: "Joseph, Anoob" <Anoob.Joseph@caviumnetworks.com>
To: Akhil Goyal <akhil.goyal@nxp.com>
Cc: dev@dpdk.org, Declan Doherty <declan.doherty@intel.com>,
Pablo de Lara <pablo.de.lara.guarch@intel.com>,
Radu Nicolau <radu.nicolau@intel.com>,
Jerin Jacob <jerin.jacob@caviumnetworks.com>,
Narayana Prasad <narayanaprasad.athreya@caviumnetworks.com>,
"Verma, Shally" <Shally.Verma@caviumnetworks.com>,
Vidya Sagar Velumuri <Vidya.Velumuri@caviumnetworks.com>
Subject: Re: [dpdk-dev] [PATCH 1/3] security: support pdcp protocol
Date: Tue, 9 Oct 2018 17:08:42 +0530 [thread overview]
Message-ID: <764461fa-3083-ff10-ab47-748b27e9d439@caviumnetworks.com> (raw)
In-Reply-To: <08b3f2b9-260f-bea0-4cc1-61a40982190e@nxp.com>
Hi Akhil,
Please see inline.
Thanks,
Anoob
On 08-10-2018 15:19, Akhil Goyal wrote:
> External Email
>
> Hi Anoob,
>>>>> @@ -494,6 +553,23 @@ IPsec related configuration parameters are
>>>>> defined in ``rte_security_ipsec_xform
>>>>> /**< Tunnel parameters, NULL for transport mode */
>>>>> };
>>>>> +PDCP related configuration parameters are defined in
>>>>> ``rte_security_pdcp_xform``
>>>>> +
>>>>> +.. code-block:: c
>>>>> +
>>>>> + struct rte_security_pdcp_xform {
>>>>> + int8_t bearer; /**< PDCP bearer ID */
>>>>> + enum rte_security_pdcp_domain domain;
>>>>> + /** < PDCP mode of operation: Control or data */
>>>>> + enum rte_security_pdcp_direction pkt_dir;
>>>>> + /**< PDCP Frame Direction 0:UL 1:DL */
>>>>> + enum rte_security_pdcp_sn_size sn_size;
>>>>> + /**< Sequence number size, 5/7/12/15 */
>>>>> + int8_t hfn_ovd; /**< Overwrite HFN per operation */
>>>>> + uint32_t hfn; /**< Hyper Frame Number */
>>>>> + uint32_t hfn_threshold; /**< HFN Threashold for key
>>>>> renegotiation */
>>>>> + };
>>>>> +
>>>> [Anoob] PDCP packet ordering should be both a capability and a
>>>> setting.
>>>> HFN will be incremented overtime and starts at 0. So why is it part of
>>>> the xform?
>>>
>>> The Security accelerators may assume packet in order. Latest PDCP TS
>>> suggest to do de-Ciphering before re-Ordering the Rx PDCP PDUs. In this
>>> situation, the accelerator may use wrong HFN value. The PDCP
>>> application
>>> can provide the appropriate HFN value along with PDU to the security
>>> accelerator.
>>>
>> So what is the expectation with regards to ordering? Would PDCP know
>> the order or is it unaware of the order?
>> If implementation of this Spec knows the order of packets(which is
>> implied by the "In order delivery and Duplicate detection
>> Sequence Numbering" statement in the PDCP flow diagram), then there
>> should be no need to override the
>> HFN. If the implementation does not know the order of packets, then
>> the flow diagram should be corrected.
>> Also, is implementation expected to support ordered delivery and
>> duplicate detection. Perhaps it should be
>> a capability or 2.
> This patchset is basically talking about full protocol offload with look
> aside accelerators.
> And when we are talking about full protocol offload, all protocol
> related stuff like ordering, headers etc.
> needs to be handled by the HW/driver.
> So the expectation is driver/HW should be able to perform in order
> delivery and detect duplicates.
How will errors in these situations be reported to the application - if
packets are not in order or if a duplicate is detected - how should
driver report it?
Is the driver/HW expected to correct the order OR is the behaviour
limited to detection of out-of-order? In order to correct the order, the
driver/HW will need to accumulate packets. Is that really the
expectation of this specification
> If somebody have support for PDCP in the hardware, we can add
> capabilities as per the specific requirements.
> In v2/v3 I have removed the hfn_override. Will add it later when it will
> be supported.
>
>
> Thanks,
> Akhil
next prev parent reply other threads:[~2018-10-09 11:37 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-28 13:01 [dpdk-dev] [PATCH 0/3] security: support for pdcp akhil.goyal
2018-08-28 13:01 ` [dpdk-dev] [PATCH 1/3] security: support pdcp protocol akhil.goyal
2018-09-06 4:15 ` Joseph, Anoob
2018-10-05 12:05 ` Akhil Goyal
2018-10-07 9:02 ` Joseph, Anoob
2018-10-08 9:49 ` Akhil Goyal
2018-10-09 11:38 ` Joseph, Anoob [this message]
2018-10-15 13:03 ` Akhil Goyal
2018-10-16 6:27 ` Joseph
2018-08-28 13:01 ` [dpdk-dev] [PATCH 2/3] crypto/dpaa2_sec: add sample pdcp descriptor apis akhil.goyal
2018-08-28 13:01 ` [dpdk-dev] [PATCH 3/3] crypto/dpaa2_sec: support pdcp offload akhil.goyal
2018-08-30 6:46 ` [dpdk-dev] [PATCH 0/3] security: support for pdcp Akhil Goyal
2018-10-05 13:33 ` [dpdk-dev] [PATCH v2 " akhil.goyal
2018-10-05 13:33 ` [dpdk-dev] [PATCH v2 1/3] security: support pdcp protocol akhil.goyal
2018-10-05 13:33 ` [dpdk-dev] [PATCH v2 2/3] crypto/dpaa2_sec: add sample pdcp descriptor apis akhil.goyal
2018-10-05 13:33 ` [dpdk-dev] [PATCH v2 3/3] crypto/dpaa2_sec: support pdcp offload akhil.goyal
2018-10-05 13:53 ` [dpdk-dev] [PATCH v3 0/3] security: support for pdcp akhil.goyal
2018-10-05 13:53 ` [dpdk-dev] [PATCH v3 1/3] security: support pdcp protocol akhil.goyal
2018-10-05 13:53 ` [dpdk-dev] [PATCH v3 2/3] crypto/dpaa2_sec: add sample pdcp descriptor apis akhil.goyal
2018-10-05 13:53 ` [dpdk-dev] [PATCH v3 3/3] crypto/dpaa2_sec: support pdcp offload akhil.goyal
2018-10-15 12:53 ` [dpdk-dev] [PATCH v4 0/3] security: support for pdcp Akhil Goyal
2018-10-15 12:53 ` [dpdk-dev] [PATCH v4 1/3] security: support pdcp protocol Akhil Goyal
2018-10-16 6:40 ` Joseph
2018-10-16 6:55 ` Akhil Goyal
2018-10-15 12:53 ` [dpdk-dev] [PATCH v4 2/3] crypto/dpaa2_sec: add sample pdcp descriptor apis Akhil Goyal
2018-10-15 12:53 ` [dpdk-dev] [PATCH v4 3/3] crypto/dpaa2_sec: support pdcp offload Akhil Goyal
2018-10-16 10:38 ` [dpdk-dev] [PATCH v5 0/3] security: support for pdcp Akhil Goyal
2018-10-16 10:39 ` [dpdk-dev] [PATCH v5 1/3] security: support pdcp protocol Akhil Goyal
2018-10-16 10:49 ` Joseph, Anoob
2018-10-16 10:57 ` Akhil Goyal
2018-10-16 11:15 ` Joseph, Anoob
2018-10-16 12:25 ` Akhil Goyal
2018-10-16 10:39 ` [dpdk-dev] [PATCH v5 2/3] crypto/dpaa2_sec: add sample pdcp descriptor apis Akhil Goyal
2018-10-16 10:39 ` [dpdk-dev] [PATCH v5 3/3] crypto/dpaa2_sec: support pdcp offload Akhil Goyal
2018-10-16 14:35 ` [dpdk-dev] [PATCH v5 0/3] security: support for pdcp Akhil Goyal
2018-10-18 14:40 ` Thomas Monjalon
2018-10-22 7:10 ` Hemant Agrawal
2018-10-22 7:12 ` [dpdk-dev] [PATCH v6 " Hemant Agrawal
2018-10-22 7:12 ` [dpdk-dev] [PATCH v6 1/3] security: support pdcp protocol Hemant Agrawal
2018-10-22 7:12 ` [dpdk-dev] [PATCH v6 2/3] crypto/dpaa2_sec: add sample pdcp descriptor apis Hemant Agrawal
2018-10-22 7:12 ` [dpdk-dev] [PATCH v6 3/3] crypto/dpaa2_sec: support pdcp offload Hemant Agrawal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=764461fa-3083-ff10-ab47-748b27e9d439@caviumnetworks.com \
--to=anoob.joseph@caviumnetworks.com \
--cc=Shally.Verma@caviumnetworks.com \
--cc=Vidya.Velumuri@caviumnetworks.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=jerin.jacob@caviumnetworks.com \
--cc=narayanaprasad.athreya@caviumnetworks.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).