From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30075.outbound.protection.outlook.com [40.107.3.75]) by dpdk.org (Postfix) with ESMTP id 78AB0F04 for ; Mon, 18 Sep 2017 09:54:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=05PlG7f2j4TXX+LWdLjAQgA3nfECWVwj6z9P2FZnDck=; b=jMn2Az7aWQGjJJAEJisWWqpHcVl9mpo34levT9CQJROGHMAgEI6wtvwnvwtFDdtLfTTdjD2h45KNqv6eee6amANZh+Se4CiGYY7RGf8UodtagfXWgsoH0uxoFJ5en/pFwzN41syjhQwSCZaymxBPcHtuM3B3t0086XheWTTaUGM= Received: from DB6PR05MB3176.eurprd05.prod.outlook.com (10.170.221.26) by DB6PR05MB3287.eurprd05.prod.outlook.com (10.170.221.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.56.11; Mon, 18 Sep 2017 07:54:03 +0000 Received: from DB6PR05MB3176.eurprd05.prod.outlook.com ([fe80::6950:5fb1:cff1:35b7]) by DB6PR05MB3176.eurprd05.prod.outlook.com ([fe80::6950:5fb1:cff1:35b7%13]) with mapi id 15.20.0056.016; Mon, 18 Sep 2017 07:54:03 +0000 From: Boris Pismenny To: "olivier.matz@6wind.com" CC: "declan.doherty@intel.com" , "pablo.de.lara.guarch@intel.com" , "hemant.agrawal@nxp.com" , "radu.nicolau@intel.com" , Aviad Yehezkel , "Thomas Monjalon" , "sandeep.malik@nxp.com" , "jerin.jacob@caviumnetworks.com" , Akhil Goyal , "dev@dpdk.org" , =?iso-8859-1?Q?N=E9lio_Laranjeiro?= Thread-Topic: [PATCH 05/11] lib/librte_mbuf: add security crypto flags and mbuf fields Thread-Index: AQHTLUNmdJeFb466pEa+MKu+WpnPaKK6SefQ Date: Mon, 18 Sep 2017 07:54:03 +0000 Message-ID: References: <20170914082651.26232-1-akhil.goyal@nxp.com> <20170914082651.26232-6-akhil.goyal@nxp.com> In-Reply-To: <20170914082651.26232-6-akhil.goyal@nxp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=borisp@mellanox.com; x-originating-ip: [193.47.165.251] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB6PR05MB3287; 6:SOzHdocotOJ63AGKY2tCPpMN6FobgSekM9POIaMq/MHvlBTOAJ7Pji5SOwBCwe9CEx3xG+s2o6T6Z6/g/KqnePhx6t4Y2THvzupvxF0TZRAxPfRNJM3vp8s/7Ksaqegct4x18HPg2565/+6eQJg9WIdQazInU6O+nFMj5sEfmX4BnBbvnhose3ywAPJ4KYbIgfcjsNMlLNkhL6rW8XqVLIT0ZJemD5MefptPjeHUKsHZPS/fABjqEmJyPvQhN32aMdry0nsH+5GD8BDL8TFJJuANw5pJ0XLf+TG1vhiYlFSMhicqV5ePCz/jL/dehRxF7VJXmjOLe9j5T9tLSeAMqQ==; 5:rcVdXJJNre92z/FjRdZFAbS84SvVYi4B7CS6KuQEl5DjT2LL56PkVTPep2wCSy+skwHm7dXTKW3Fl/lcDPQZtbEOynwWF/KEIfs0OBnkHyCV5QKQkWn+YPwICtUc/B3dDjdeGlQIdpFEDfcYVM7+Ag==; 24:ppk6A5OlaUlwaKjcRKWbtHg9PhPyntp3qlr0mHOLS2DLoAqTYYw0UuV7AzZToA9SiG0Aq09loCt/HInqOog3SdZHfznqXMYAwjJ3b8GUApU=; 7:GA5tHcM9inWkbUvdSQ1DssyPuM+HaNic0pHm1iYfaogdivZ1m30mYm0xIGJw18bI/xO1BBiMqxcyvkwrfLZzCOQdjbqTArvcSAZr3L/WrS9mwbC5Irv8rY3Q0gCcyl9A9CG1mj3g4w87NI/AzExQQTYfEmaJ9ybxka30A5sEBvjp0hPL8L93EjlEl0jdUSzKAT10wEKwbeswUX406E+Ait6xhmS9WwE61IAXYSlN94g= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ld-processed: a652971c-7d2e-4d9b-a6a4-d149256f461b,ExtAddr x-ms-office365-filtering-correlation-id: e1849a29-de79-4798-b4e8-08d4fe6a6e43 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DB6PR05MB3287; x-ms-traffictypediagnostic: DB6PR05MB3287: x-exchange-antispam-report-test: UriScan:(192374486261705)(228905959029699); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB6PR05MB3287; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB6PR05MB3287; x-forefront-prvs: 04347F8039 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(24454002)(189002)(76104003)(199003)(377454003)(2900100001)(2501003)(7416002)(54906002)(8936002)(55016002)(2950100002)(6436002)(86362001)(478600001)(9686003)(99286003)(316002)(106356001)(5660300001)(53546010)(2351001)(189998001)(66066001)(97736004)(8656003)(7696004)(5250100002)(25786009)(6246003)(305945005)(7736002)(74316002)(105586002)(110136004)(14454004)(101416001)(68736007)(8676002)(33656002)(6506006)(3846002)(6916009)(2906002)(53936002)(54356999)(229853002)(4326008)(3660700001)(5640700003)(3280700002)(81166006)(81156014)(15650500001)(50986999)(76176999)(6116002)(102836003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR05MB3287; H:DB6PR05MB3176.eurprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2017 07:54:03.5533 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR05MB3287 Subject: Re: [dpdk-dev] [PATCH 05/11] lib/librte_mbuf: add security crypto flags and mbuf fields X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 07:54:05 -0000 Hi Olivier, On 9/14/2017 11:27 AM, Akhil Goyal wrote: >=20 > From: Boris Pismenny >=20 > add security crypto flags and update mbuf fields to support > IPsec crypto offload for transmitted packets, and to indicate > crypto result for received packets. >=20 > Signed-off-by: Aviad Yehezkel > Signed-off-by: Boris Pismenny > Signed-off-by: Radu Nicolau > --- > lib/librte_mbuf/rte_mbuf.c | 6 ++++++ > lib/librte_mbuf/rte_mbuf.h | 32 +++++++++++++++++++++++++++++--- > 2 files changed, 35 insertions(+), 3 deletions(-) >=20 > diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c > index 26a62b8..bbd42a6 100644 > --- a/lib/librte_mbuf/rte_mbuf.c > +++ b/lib/librte_mbuf/rte_mbuf.c > @@ -323,6 +323,8 @@ const char *rte_get_rx_ol_flag_name(uint64_t mask) > case PKT_RX_QINQ_STRIPPED: return "PKT_RX_QINQ_STRIPPED"; > case PKT_RX_LRO: return "PKT_RX_LRO"; > case PKT_RX_TIMESTAMP: return "PKT_RX_TIMESTAMP"; > + case PKT_RX_SEC_OFFLOAD: return "PKT_RX_SECURITY_OFFLOAD"; > + case PKT_RX_SEC_OFFLOAD_FAILED: return > "PKT_RX_SECURITY_OFFLOAD_FAILED"; > default: return NULL; > } > } > @@ -358,6 +360,8 @@ rte_get_rx_ol_flag_list(uint64_t mask, char *buf, > size_t buflen) > { PKT_RX_QINQ_STRIPPED, PKT_RX_QINQ_STRIPPED, NULL }, > { PKT_RX_LRO, PKT_RX_LRO, NULL }, > { PKT_RX_TIMESTAMP, PKT_RX_TIMESTAMP, NULL }, > + { PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD, NULL }, > + { PKT_RX_SEC_OFFLOAD_FAILED, > PKT_RX_SEC_OFFLOAD_FAILED, NULL }, > }; > const char *name; > unsigned int i; > @@ -410,6 +414,7 @@ const char *rte_get_tx_ol_flag_name(uint64_t mask) > case PKT_TX_TUNNEL_GENEVE: return "PKT_TX_TUNNEL_GENEVE"; > case PKT_TX_TUNNEL_MPLSINUDP: return > "PKT_TX_TUNNEL_MPLSINUDP"; > case PKT_TX_MACSEC: return "PKT_TX_MACSEC"; > + case PKT_TX_SEC_OFFLOAD: return "PKT_TX_SECURITY_OFFLOAD"; > default: return NULL; > } > } > @@ -443,6 +448,7 @@ rte_get_tx_ol_flag_list(uint64_t mask, char *buf, > size_t buflen) > { PKT_TX_TUNNEL_MPLSINUDP, PKT_TX_TUNNEL_MASK, > "PKT_TX_TUNNEL_NONE" }, > { PKT_TX_MACSEC, PKT_TX_MACSEC, NULL }, > + { PKT_TX_SEC_OFFLOAD, PKT_TX_SEC_OFFLOAD, NULL }, > }; > const char *name; > unsigned int i; > diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h > index eaed7ee..9ce61ae 100644 > --- a/lib/librte_mbuf/rte_mbuf.h > +++ b/lib/librte_mbuf/rte_mbuf.h > @@ -189,11 +189,26 @@ extern "C" { > */ > #define PKT_RX_TIMESTAMP (1ULL << 17) >=20 > +/** > + * Indicate that security offload processing was applied on the RX packe= t. > + */ > +#define PKT_RX_SEC_OFFLOAD (1ULL << 18) > + > +/** > + * Indicate that security offload processing failed on the RX packet. > + */ > +#define PKT_RX_SEC_OFFLOAD_FAILED (1ULL << 19) > + > /* add new RX flags here */ >=20 > /* add new TX flags here */ >=20 > /** > + * Request security offload processing on the TX packet. > + */ > +#define PKT_TX_SEC_OFFLOAD (1ULL << 43) > + > +/** > * Offload the MACsec. This flag must be set by the application to enabl= e > * this offload feature for a packet to be transmitted. > */ > @@ -316,7 +331,8 @@ extern "C" { > PKT_TX_QINQ_PKT | \ > PKT_TX_VLAN_PKT | \ > PKT_TX_TUNNEL_MASK | \ > - PKT_TX_MACSEC) > + PKT_TX_MACSEC | \ > + PKT_TX_SEC_OFFLOAD) >=20 > #define __RESERVED (1ULL << 61) /**< reserved for future mbuf = use */ >=20 > @@ -456,8 +472,18 @@ struct rte_mbuf { > uint32_t l3_type:4; /**< (Outer) L3 type. */ > uint32_t l4_type:4; /**< (Outer) L4 type. */ > uint32_t tun_type:4; /**< Tunnel type. */ > - uint32_t inner_l2_type:4; /**< Inner L2 type. */ > - uint32_t inner_l3_type:4; /**< Inner L3 type. */ > + RTE_STD_C11 > + union { > + uint8_t inner_esp_next_proto; > + > + __extension__ > + struct { > + uint8_t inner_l2_type:4; > + /**< Inner L2 type. */ > + uint8_t inner_l3_type:4; > + /**< Inner L3 type. */ > + }; > + }; > uint32_t inner_l4_type:4; /**< Inner L4 type. */ > }; > }; What do you think about this change to mbuf? It doesn't increase the mbuf size and it replaces some fields that have no = meaning in IPsec encapsulations (inner L2 and L3) with a meaningful field of the co= rrect size (inner_esp_next_proto - 8 bytes). We later use this for IPsec offload on both Tx and Rx to indicate the packe= t format.