From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30083.outbound.protection.outlook.com [40.107.3.83]) by dpdk.org (Postfix) with ESMTP id 0ABD71B1A2 for ; Thu, 21 Sep 2017 18:53:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CD5Wf+qm3p+TK3casPOIkjSrMx6mZGwuUVIcQnxivL0=; b=I0N5HHbVu06ULBLJ2SmuCaMamGGGIXkrJhZ70lDN0JlFkJMpPmH2vugZL43Q+KkUW5pFwLyp2cwjiHXexaZKwTXrWKsCM6odU6aEc0y2rXV4QvlrRzhb6QvxCNJB7Yscju8wJraJNlT0vY7k3Ppc9KBVb2pOSczrKea8v/8xXbA= Received: from DB6PR05MB3176.eurprd05.prod.outlook.com (10.170.221.26) by DB6PR05MB3157.eurprd05.prod.outlook.com (10.170.221.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Thu, 21 Sep 2017 16:53:00 +0000 Received: from DB6PR05MB3176.eurprd05.prod.outlook.com ([fe80::6950:5fb1:cff1:35b7]) by DB6PR05MB3176.eurprd05.prod.outlook.com ([fe80::6950:5fb1:cff1:35b7%13]) with mapi id 15.20.0077.011; Thu, 21 Sep 2017 16:53:00 +0000 From: Boris Pismenny To: Jerin Jacob , Akhil Goyal CC: "dev@dpdk.org" , "declan.doherty@intel.com" , "pablo.de.lara.guarch@intel.com" , "hemant.agrawal@nxp.com" , "radu.nicolau@intel.com" , Aviad Yehezkel , Thomas Monjalon , "sandeep.malik@nxp.com" Thread-Topic: [PATCH 07/11] ethdev: add rte flow action for crypto Thread-Index: AQHTLUNjFF5qGibVk0meYHejOp5TsKK/GfgAgAB/MrA= Date: Thu, 21 Sep 2017 16:53:00 +0000 Message-ID: References: <20170914082651.26232-1-akhil.goyal@nxp.com> <20170914082651.26232-8-akhil.goyal@nxp.com> <20170921091600.GA1567@jerin> In-Reply-To: <20170921091600.GA1567@jerin> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=borisp@mellanox.com; x-originating-ip: [37.142.231.231] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB6PR05MB3157; 6:CgWDY19u6Jwn+0bXVO7ZVMNl/vNFHQwbNx+NdsdMvIJFrt4n+jE6SdqYuh4RuZyusFbJoZZjM8PH1TKNU51KJ8fNaFRtNCe46BLKmircCdZSUaUlQVGVdsAP2blEoWxWSsKIwoArfsPT4NEIY2t1mB8aTFRFrWmgmilUQlo2HFp53isvgAt4c9fngqkMB39JcErCt+L1qvfxTvzCTF0dTS68iiJTPpAFB81ebwBomQ9ZgtHr4t+08thp8+cjzKvrwh+3FHsAgom90/ROMEClVUmkA0evI2drIO98qfJC+7HB9o+h8nKi/GTAjd6mxD0FlDC76bOyyjOU31Xace7PBg==; 5:IuK/6FL9Ozl4oG1uqfDxEZwy8aZ4oSkjSOqM3lZ8vgQMqF73b8Yn61C5mVr5TXl0/tmVFRvWZYfbeFeR0v27pHUs75c46fQgMBD6xG9vgGvAvjzv0ekX3KxrOV4rkNlh9jEAMLq3GnTKozDxJwCrkw==; 24:5UBqIZ7cY2dzD3+JW92ZjEkMQLgTG/H1hzNs67I63E+PdDWGCYcaTcWXhzYzwRDn1s8edCBonFTDAbZGW4NY+vGkZKZZ4DhgghonfLSlV8U=; 7:KFlKpwIyQs3bdnsLaHHrrnaYU64+5fKJnDaPdJblq+GxJbgU/wFn315+ECuJo2qSpe8JlS2XjRJjtRgtcCwuDB+xU2L2+zPQhxO58elXPskbCQ/gfIheVMp0enFvlYYFTSYQnpPhhxUnWHjAVQSAFpSHccj9wOzesgm8F4foFjuC35kdpC/vTzkGsn+4Ed5xq6axqUwAoQroqRLo/OEmBu1woOTFjhqJTKE/IKho+74= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 935bbc2d-f470-4ad9-45b9-08d501113804 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DB6PR05MB3157; x-ms-traffictypediagnostic: DB6PR05MB3157: x-ld-processed: a652971c-7d2e-4d9b-a6a4-d149256f461b,ExtAddr x-exchange-antispam-report-test: UriScan:(192374486261705)(185117386973197)(228905959029699); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(20161123555025)(20161123558100)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB6PR05MB3157; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB6PR05MB3157; x-forefront-prvs: 04371797A5 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(13464003)(189002)(199003)(305945005)(50986999)(8936002)(53546010)(99286003)(5250100002)(74316002)(81156014)(8676002)(66066001)(33656002)(81166006)(6436002)(6506006)(7736002)(4326008)(189998001)(105586002)(53936002)(6246003)(106356001)(8656003)(3660700001)(102836003)(3846002)(6116002)(3280700002)(478600001)(9686003)(14454004)(229853002)(2906002)(2900100001)(55016002)(7696004)(2950100002)(97736004)(68736007)(25786009)(316002)(101416001)(86362001)(54356999)(76176999)(110136005)(5660300001)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR05MB3157; H:DB6PR05MB3176.eurprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2017 16:53:00.7419 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR05MB3157 Subject: Re: [dpdk-dev] [PATCH 07/11] ethdev: add rte flow action for crypto X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2017 16:53:03 -0000 Hi Jern, > -----Original Message----- > From: Jerin Jacob [mailto:jerin.jacob@caviumnetworks.com] > Sent: Thursday, September 21, 2017 12:16 > To: Akhil Goyal > Cc: dev@dpdk.org; declan.doherty@intel.com; > pablo.de.lara.guarch@intel.com; hemant.agrawal@nxp.com; > radu.nicolau@intel.com; Boris Pismenny ; Aviad > Yehezkel ; Thomas Monjalon > ; sandeep.malik@nxp.com > Subject: Re: [PATCH 07/11] ethdev: add rte flow action for crypto >=20 > -----Original Message----- > > Date: Thu, 14 Sep 2017 13:56:47 +0530 > > From: Akhil Goyal > > To: dev@dpdk.org > > CC: declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, > > hemant.agrawal@nxp.com, radu.nicolau@intel.com, > borisp@mellanox.com, > > aviadye@mellanox.com, thomas@monjalon.net, > sandeep.malik@nxp.com, > > jerin.jacob@caviumnetworks.com > > Subject: [PATCH 07/11] ethdev: add rte flow action for crypto > > X-Mailer: git-send-email 2.9.3 > > > > From: Boris Pismenny >=20 > Hi Boris, >=20 > > > > The crypto action is specified by an application to request crypto > > offload for a flow. > > > > Signed-off-by: Boris Pismenny > > Signed-off-by: Aviad Yehezkel > > --- > > lib/librte_ether/rte_flow.h | 30 ++++++++++++++++++++++++++++++ > > 1 file changed, 30 insertions(+) > > > > diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h > > index ea08af6..dce92ca 100644 > > --- a/lib/librte_ether/rte_flow.h > > +++ b/lib/librte_ether/rte_flow.h > > @@ -941,6 +941,13 @@ enum rte_flow_action_type { > > * See struct rte_flow_action_vf. > > */ > > RTE_FLOW_ACTION_TYPE_VF, > > + /** > > + * Redirects packets to security engine of current device for securit= y > > + * processing as specified by security session. > > + * > > + * See struct rte_flow_action_security. > > + */ > > + RTE_FLOW_ACTION_TYPE_SECURITY > > }; > > > > /** > > @@ -1034,6 +1041,29 @@ struct rte_flow_action_vf { }; > > > > /** > > + * RTE_FLOW_ACTION_TYPE_SECURITY > > + * > > + * Perform security action on define flow as specified by security ses= sion. > > + * The security session specified in the action must be created on > > + the same port > > + * as the flow action that is being specified. > > + * > > + * The ingress/egress flow attribute should match that specified in > > + the >=20 > We do HW CAMs at ingress side to specify the action like > RTE_FLOW_ACTION_TYPE_SECURITY. But, egress side there is NO for HW > CAM for RTE_FLOW_ACTION_TYPE_SECURITY(meaning flow to SA lookup). If > I understand it correctly, Intel has the similar situation and that is th= e reason > for adding rte_security_set_pkt_metadata() to fix up something in outboun= d > or inbound. Is it a correct interpretation? Yes, that's correct.=20 Please note that rte_flow is only the control path. It is called once per S= A for setting up offload. The data-path uses the security flags at mbuf->ol_flags and the= metadata that's required for some devices. >=20 > Something like below in ipsec-gw application for > RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL outbound case. >=20 > 296,6 +296,11 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct > ipsec_ctx *ipsec_ctx, > } > break; > case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL: > + /* Some ports require SA for inline IPsec */ > + if (sa->port_needs_md) > + rte_security_set_pkt_metadata( > + sa->port_md_uid, > + sa->sec_session, pkts[i], sa); > break; >=20 >=20 >=20 >=20 > > + * security session if the security session supports the definition > > +of the > > + * direction. > > + * > > + * Multiple flows can be configured to use the same security session. > > +For > > + * example if the security session specifies an egress IPsec SA, then > > +multiple > > + * flows can be specified to that SA. In the case of an ingress IPsec > > +SA then > > + * it is only valid to have a single flow to map to that security sess= ion. > > + * > > + * > > + * Non-terminating by default. > > + */ > > +struct rte_flow_action_security { > > + void *security_session; /**< Pointer to security session structure. > > +*/ }; > > + > > +/** > > * Definition of a single action. > > * > > * A list of actions is terminated by a END action. > > -- > > 2.9.3 > >