From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 86C18A0530; Wed, 22 Jan 2020 15:18:21 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4E3FF2BBD; Wed, 22 Jan 2020 15:18:21 +0100 (CET) Received: from mail-io1-f68.google.com (mail-io1-f68.google.com [209.85.166.68]) by dpdk.org (Postfix) with ESMTP id 2E9CB2A62 for ; Wed, 22 Jan 2020 15:18:19 +0100 (CET) Received: by mail-io1-f68.google.com with SMTP id k24so6777755ioc.4 for ; Wed, 22 Jan 2020 06:18:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CmKqpzTcEG1SPT9YmiS++XQUw0LTSXWi6l492MWDXrY=; b=urZAL7mbcHzEYPTOErGSd+kQd6UzSeKo9YbeoX7sGoQTBUqKbZRwcwb7HHDMctO+pr ILldV+za1PuSMc47SHr69t4VQDMoeWM2fHr4DmxXGDT640T3bTU2UFr1zBOHue0OHvIH AUJTZLA/I9Crd7Wieq1/aZcV9r61k/N4BKhe1x9G3uQ0MHiq6B3ItpA7n4ZP+ptmPgTV gBcP7cTESXfiLSQHcPvO12Q+PFYttqLLfDiFS4L/8Hoadabx71awzETe8vlDv4W9+Rwk FeUdk87bvGDH1KWo2ktyuxJX/WOOFqGzfMhXNvtpvk0fjJMeQ6pNv+BTMKiCtey8lKcd 1Xqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CmKqpzTcEG1SPT9YmiS++XQUw0LTSXWi6l492MWDXrY=; b=cbTG9IvDqdf3eAjhpvrm9sr+B+SIxD4eONJxQ/Zy6SsPBSZFZA8rADLAr2qABbn1k7 rAIrLDudgsdGv5o27dukjuwmBgOfe7ZgcFkVYRH4ey/4pY1oYetyW/l+4nmawFc3JAl9 MY8+IWkmk5cB2OTtWnlTOR8EkoU2sZQ2jcw119pi8mOwOH6blmiDN++Nxr6OzcRnsgdZ hUowA/HXKyPpd3AT+JipLPFvPE/MNFQ81joVFZz2n0gf79VuOLtwwjFyO5sbI5q8V8bk yNi129Zm9uqc05sIJnJ2ry5pOYxaC5aYSNmNVfGq1oraZin+iuYxYqGR4LI5TYYJZAi4 gfLQ== X-Gm-Message-State: APjAAAWFVTvs+8Gdwu93A6Jnf+B64j8zqKfFuNHHOVP9JlvVyjHrLoXQ 6cmWoQlKMFYA21wTb3Z3R0j3/2xsvR4P0FuvLvI= X-Google-Smtp-Source: APXvYqwHKMRH1kFztdc1lisqkvy0aC1QgDvQ0YdPl5VQFJuiIwfm1AzZJvdhHqjy+8EDnhuqfmfcaok5S8/MLsQEGdw= X-Received: by 2002:a5d:8cce:: with SMTP id k14mr7457602iot.294.1579702698315; Wed, 22 Jan 2020 06:18:18 -0800 (PST) MIME-Version: 1.0 References: <1575806094-28391-1-git-send-email-anoobj@marvell.com> <1579344553-11428-1-git-send-email-anoobj@marvell.com> In-Reply-To: From: Jerin Jacob Date: Wed, 22 Jan 2020 19:48:02 +0530 Message-ID: To: Akhil Goyal Cc: Anoob Joseph , Declan Doherty , Thomas Monjalon , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Kiran Kumar Kokkilagadda , Nithin Kumar Dabilpuram , Pavan Nikhilesh Bhagavatula , Ankur Dwivedi , Archana Muniganti , Tejasree Kondoj , Vamsi Krishna Attunuru , Lukas Bartosik , dpdk-dev Content-Type: text/plain; charset="UTF-8" Subject: Re: [dpdk-dev] [PATCH v2 00/15] add OCTEONTX2 inline IPsec support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Wed, Jan 22, 2020 at 6:26 PM Akhil Goyal wrote: > > > > > > > > > Hi Jerin, > > > > > > > > Will do the suggested change (RX/rx-> Rx & TX/tx->Tx). Do you want me > > > > to trim the headline as well? > > > > > > > > > > Hi Anoob, > > > > > > > @Akhil, did you get a chance to review the series? Do you have any > > > > comments on the patches? > > > > > > > > > > You are adding inline ipsec support to ethernet device and not a crypto > > > device. > > > These patches should not be part of crypto PMD. There will be cyclic > > > dependency Between ethernet device and crypto device which can be easily > > > avoided. > > > > [Anoob] We have plans to use lookaside protocol to handle the "fallback" > > session. And that involves session sharing between inline and lookaside protocol > > offloads. Also, though the feature is exposed as a feature of ethdev, on our > > platform, it's the crypto block which primarily implements the feature. And so, if > > the code is moved to ethdev dir, there would be lot of code duplication. The > > idea is to have all security related code in one place. > > > > Also, the PMDs don't have any calls to each other. The communication between > > the two happens via common. The crypto dev PMD will register the required > > security ops to a common structure and ethdev would get it from there. So there > > won't be an issue of build dependency. > > > > - The code that need to be duplicated can be moved to drivers/common/ I would like to keep the common code that is common to all the coprocessors. Moreover, there are logistic issues in that case where a) drivers/common/octeontx2/ going through master repo. So we will be creating unnecessary dependency with that 'master' tree. b) crypto and ethdev work is done by different teams so we would like to make responsibly clear wrt the review and ownership. I would like to keep the security/crypto-related code to driver/crypto and hook to driver/net/octeontx2 with required functionalities over the driver/common using a few function pointers to remove the cyclic build dependency. Considering there is no cyclic build and shared library dependency now, Can we make forward progress with the existing scheme? > - You may not need to include rte_ethdev.h inside drivers/crypto > - otx2_sec_eth_ctx_create should be part of ethdev and you would need similar API > for crypto device as well when you would support the fallback session support. > So that would go in crypto. Session creation code may be common and can go > in drivers/common. > - You would have separate security_ctx for both eth device and crypto device and that should > In net device and crypto device separately. Similarly security->ops should be different in both of them. > However if they may have same session creation code and that can go in common. > > > > > > > > > > > > > > > > > > > This series adds inline IPsec support in OCTEONTX2 PMD. > > > > > > > > > > > > In the inbound path, rte_flow framework need to be used to > > > > > > configure the NPC block, which does the h/w lookup. The packets > > > > > > would get processed by the crypto block and would submit to the > > > > > > scheduling block, SSO. So inline IPsec mode can be enabled only > > > > > > when traffic is received via event device using Rx adapter. > > > > > > > > > > > > In the outbound path, the core would submit to the crypto block > > > > > > and the crypto block would submit the packet for Tx internally. > > > > > > > > > > > > > > > Please fix following check-git-log.sh issues. > > > > > > > > > > Wrong headline lowercase: > > > > > net/octeontx2: add inline ipsec rx path changes > > > > > drivers/octeontx2: add sec in compiler optimized RX fastpath > > > framework > > > > > drivers/octeontx2: add sec in compiler optimized TX fastpath > > > framework > > > > > crypto/octeontx2: add inline tx path changes Headline too long: > > > > > drivers/octeontx2: add sec in compiler optimized RX fastpath > > > framework > > > > > drivers/octeontx2: add sec in compiler optimized TX fastpath > > > framework > > > > > crypto/octeontx2: sync inline tag type cfg with Rx adapter > > > > > configuration > > > > > > > > > > Changing to Rx and Tx will fix most of the issues. > > > > > > > > > > > > > > > > > > > > > v2: > > > > > > * Minimized additions to common/octeontx2 > > > > > > * Updated release notes > > > > > > * Renamed otx2_is_ethdev to otx2_ethdev_is_sec_capable > > > > > > > > > > > > Ankur Dwivedi (3): > > > > > > crypto/octeontx2: add eth security capabilities > > > > > > crypto/octeontx2: add datapath ops in eth security ctx > > > > > > crypto/octeontx2: add inline tx path changes > > > > > > > > > > > > Anoob Joseph (4): > > > > > > common/octeontx2: add CPT LF mbox for inline inbound > > > > > > crypto/octeontx2: create eth security ctx > > > > > > crypto/octeontx2: enable CPT to share QP with ethdev > > > > > > crypto/octeontx2: add eth security session operations > > > > > > > > > > > > Archana Muniganti (3): > > > > > > crypto/octeontx2: add lookup mem changes to hold sa indices > > > > > > drivers/octeontx2: add sec in compiler optimized RX fastpath > > > framework > > > > > > drivers/octeontx2: add sec in compiler optimized TX fastpath > > > > > > framework > > > > > > > > > > > > Tejasree Kondoj (3): > > > > > > crypto/octeontx2: configure for inline IPsec > > > > > > crypto/octeontx2: add security in eth dev configure > > > > > > net/octeontx2: add inline ipsec rx path changes > > > > > > > > > > > > Vamsi Attunuru (2): > > > > > > common/octeontx2: add routine to check if sec capable otx2 > > > > > > crypto/octeontx2: sync inline tag type cfg with Rx adapter > > > > > > configuration > > > > > > > > > > > > doc/guides/nics/octeontx2.rst | 20 + > > > > > > doc/guides/rel_notes/release_20_02.rst | 9 + > > > > > > drivers/common/octeontx2/otx2_common.c | 22 + > > > > > > drivers/common/octeontx2/otx2_common.h | 22 + > > > > > > drivers/common/octeontx2/otx2_mbox.h | 7 + > > > > > > .../octeontx2/rte_common_octeontx2_version.map | 3 + > > > > > > drivers/crypto/octeontx2/Makefile | 7 +- > > > > > > drivers/crypto/octeontx2/meson.build | 7 +- > > > > > > drivers/crypto/octeontx2/otx2_cryptodev.c | 8 + > > > > > > .../crypto/octeontx2/otx2_cryptodev_hw_access.h | 22 +- > > > > > > drivers/crypto/octeontx2/otx2_cryptodev_mbox.c | 53 ++ > > > > > > drivers/crypto/octeontx2/otx2_cryptodev_mbox.h | 7 + > > > > > > drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 56 ++ > > > > > > drivers/crypto/octeontx2/otx2_cryptodev_qp.h | 35 + > > > > > > drivers/crypto/octeontx2/otx2_ipsec_fp.h | 348 +++++++++ > > > > > > drivers/crypto/octeontx2/otx2_security.c | 870 > > > > > +++++++++++++++++++++ > > > > > > drivers/crypto/octeontx2/otx2_security.h | 158 ++++ > > > > > > drivers/crypto/octeontx2/otx2_security_tx.h | 175 +++++ > > > > > > drivers/event/octeontx2/Makefile | 1 + > > > > > > drivers/event/octeontx2/meson.build | 5 +- > > > > > > drivers/event/octeontx2/otx2_evdev.c | 170 ++-- > > > > > > drivers/event/octeontx2/otx2_evdev.h | 4 +- > > > > > > drivers/event/octeontx2/otx2_worker.c | 6 +- > > > > > > drivers/event/octeontx2/otx2_worker.h | 6 + > > > > > > drivers/event/octeontx2/otx2_worker_dual.c | 6 +- > > > > > > drivers/net/octeontx2/Makefile | 1 + > > > > > > drivers/net/octeontx2/meson.build | 3 + > > > > > > drivers/net/octeontx2/otx2_ethdev.c | 46 +- > > > > > > drivers/net/octeontx2/otx2_ethdev.h | 2 + > > > > > > drivers/net/octeontx2/otx2_ethdev_devargs.c | 19 + > > > > > > drivers/net/octeontx2/otx2_flow.c | 26 + > > > > > > drivers/net/octeontx2/otx2_lookup.c | 11 +- > > > > > > drivers/net/octeontx2/otx2_rx.c | 27 +- > > > > > > drivers/net/octeontx2/otx2_rx.h | 377 ++++++--- > > > > > > drivers/net/octeontx2/otx2_tx.c | 29 +- > > > > > > drivers/net/octeontx2/otx2_tx.h | 271 +++++-- > > > > > > 36 files changed, 2556 insertions(+), 283 deletions(-) create > > > > > > mode > > > > > > 100644 drivers/crypto/octeontx2/otx2_cryptodev_qp.h > > > > > > create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_fp.h > > > > > > create mode 100644 drivers/crypto/octeontx2/otx2_security.c > > > > > > create mode 100644 drivers/crypto/octeontx2/otx2_security.h > > > > > > create mode 100644 drivers/crypto/octeontx2/otx2_security_tx.h > > > > > > > > > > > > -- > > > > > > 2.7.4 > > > > > >