From: Slava Ovsiienko <viacheslavo@nvidia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: Matan Azrad <matan@nvidia.com>,
Shahaf Shuler <shahafs@nvidia.com>, Ori Kam <orika@nvidia.com>,
Asaf Penso <asafp@nvidia.com>,
Thomas Monjalon <tmonjalon@nvidia.com>
Subject: [dpdk-dev] [RFC] net/mlx5: add IPsec offload support
Date: Tue, 16 Mar 2021 16:28:31 +0000 [thread overview]
Message-ID: <DM6PR12MB37531E74F9F4D8626D627D44DF6B9@DM6PR12MB3753.namprd12.prod.outlook.com> (raw)
The DPDK ethernet device might support the offload for security
operations. Since ConnectX-6DX the hardware implements the
cryptographic options required to provide the IPsec protocol
offload and there is an intention to update mlx5 PMD to make this
security offload capability available.
The minimal required set of offload options to be supported:
- crypto inline offload only
(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
- ESP protocol only (AH will be not supported)
- AES-GCM 128/256 algorithms
- support both Transport and Tunnel modes
- operate on BlueField-2, ConnectX-6DX and above
- support both IPv4 and IPv6
- VXLAN/GRE tunnel support
The common updates in mlx5 PMD include the standard security
context API support:
- rte_security_capabilities_get()
- rte_security_session_get_size()
- rte_security_session_create()
- rte_security_session_destroy()
- rte_security_session_update()
The mlx5 data path update includes:
- RTE_SECURITY_DYNFIELD_NAME mbuf dynamic field support
- rte_security_get_user_data()
- rte_security_get_stats_get()
- PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD_FAILED,
PKT_TX_SEC_OFFLOAD mbuf flags support
- report of DEV_RX_OFFLOAD_SECURITY and DEV_TX_OFFLOAD_SECURITY
The mlx5 rte_flow API update includes:
- RTE_FLOW_ACTION_TYPE_SECURITY action support
- RTE_FLOW_ITEM_TYPE_ESP item support
- support RSS over ESP option
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
next reply other threads:[~2021-03-16 16:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 16:28 Slava Ovsiienko [this message]
2021-03-16 17:13 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM6PR12MB37531E74F9F4D8626D627D44DF6B9@DM6PR12MB3753.namprd12.prod.outlook.com \
--to=viacheslavo@nvidia.com \
--cc=asafp@nvidia.com \
--cc=dev@dpdk.org \
--cc=matan@nvidia.com \
--cc=orika@nvidia.com \
--cc=shahafs@nvidia.com \
--cc=tmonjalon@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).