From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 68A9B45A2B; Wed, 25 Sep 2024 13:59:55 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 00D9C4025D; Wed, 25 Sep 2024 13:59:55 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 1D932400EF for ; Wed, 25 Sep 2024 13:59:53 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48PBpFub020095; Wed, 25 Sep 2024 04:59:52 -0700 Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2040.outbound.protection.outlook.com [104.47.57.40]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 41vj0t81by-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Sep 2024 04:59:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DxosDYGJuD4Vgj2D76cMRZHiVr8sCW1rYhzNe5YII+O3bplDd/ZBLGBU9KjGn29tTMqhjjYH4FzkZ3NbMI0DUCRIfBjyhCy9iPpf5qzqWLmMdXldWVO/MzE1WUeET7ERKctga9tyrZc9BNxuNtaS6jlKcU+EvduCxssYM3U72JP5fq0oOCG40u9N4j7Zt8PNNh/uuVu5s2ccFns++5LzaG1Rcbep2sPCmkfDubU9yUVsm3x/r63oThc9E/RBCzg7FqZtR4Wk+C+9DWB/WHs3CtOkrnpPJbzb1UCC66UE4BjmNey4AglpYaRvgY//Ntkj/WxX0t4llUCur4BZbgG21g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gSRU3oKU7JUuvmCrlNX4j3rTZEEwJUg1GgDeOY2x0ww=; b=PUWN34y1af3lpai2FrmcR5/NbFGi+j0L6u9PC5wsDWwpWp+kmfZEKpHbnVM4jb33j6kWcvnRhDui+PbJZEOCe2CV3TLFXyULpTEgPJKauNAi8IqWjzIDE3KhSK4NY07CpL/CnR0KQkHWnbwQ9f0NrJ6ChUxWa5vs8fwApeAIWwNfGwrKQBZiXe/Mkr70OWpqgZzuo21x6aSz3jA2Pj7N3xduEX8YeoAjKU+61naJjI7qWfDuCEXBvIEwOHoJwasIC+0DseUBB1IpxYRhHIBJNwu7YdUko6FsMa6zAZOWaAsTYXqo8iNs4eoWrO5scpUp628ykg7z40e48UYn1GXr7Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gSRU3oKU7JUuvmCrlNX4j3rTZEEwJUg1GgDeOY2x0ww=; b=g/KmiBzt/chZKiQiW4TZB9Aq2z7NFmaooNBILPbK2z38jBViLEB9Zft3yZ2B9AzlbB3HY8l5VSrBqpMFOPZpTfqwXzjxI6jwUirUKs00H6JTIdQlfTqV+b/tveB59LA+NxYwhdYzb1q92F8wleT2M5VK8A+OCsh59rknvwvvfnk= Received: from PH0PR18MB4508.namprd18.prod.outlook.com (2603:10b6:510:e6::21) by DS1PR18MB6195.namprd18.prod.outlook.com (2603:10b6:8:1e0::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.26; Wed, 25 Sep 2024 11:59:47 +0000 Received: from PH0PR18MB4508.namprd18.prod.outlook.com ([fe80::c4a3:f671:373a:b410]) by PH0PR18MB4508.namprd18.prod.outlook.com ([fe80::c4a3:f671:373a:b410%4]) with mapi id 15.20.7982.022; Wed, 25 Sep 2024 11:59:47 +0000 From: Aakash Sasidharan To: Konstantin Ananyev , Konstantin Ananyev , Vladimir Medvedkin CC: Akhil Goyal , Jerin Jacob , Anoob Joseph , Vidya Sagar Velumuri , "dev@dpdk.org" , Aakash Sasidharan Subject: RE: [PATCH v2] ipsec: allow stateless IPsec processing Thread-Topic: [PATCH v2] ipsec: allow stateless IPsec processing Thread-Index: AQHbAeZQdkrYxgFgAkCyikZlP1mmqrJcReaAgAO4YSCAAEBGEIAIPqpg Date: Wed, 25 Sep 2024 11:59:47 +0000 Message-ID: References: <20240907102524.2686767-1-asasidharan@marvell.com> <20240908115733.2708942-1-asasidharan@marvell.com> <692b6f6259a0429bae57826d3ec08dc8@huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR18MB4508:EE_|DS1PR18MB6195:EE_ x-ms-office365-filtering-correlation-id: eef6d059-5fc0-42f6-3f38-08dcdd598da3 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; ARA:13230040|376014|366016|1800799024|38070700018; x-microsoft-antispam-message-info: =?us-ascii?Q?uWZ6AnuRSe2Z2xjxSE+1q22zDJpQi5MfnpSwnqQc8VlsFYV+s2UkXOCXRgcX?= =?us-ascii?Q?vV8vv55VspedvP8h5lcZnDh79YU57S/F3vIT+cSiyNYoGfnq75R8lIzQ9kwO?= =?us-ascii?Q?DKe0Fq/6nsAzxTlsVDNtBQox8L9DOozJ1TU++CdvOR8yCZddgSVCDpQuIN3a?= =?us-ascii?Q?yHqfzO0OjaUqTbvDhfK1UtqgS6Ee7HNHPtW8YX5cAu7IV3qJp4DJGlgRMBKs?= =?us-ascii?Q?OJdH0RGwgZTHWx8i0LPc4aCMYbbJe9iFQKWXEN43eRmS88UT1pFqGQKmpgdw?= =?us-ascii?Q?rTohvtycLYukFVlxHRBKZzi0MbJolhcu/yT7igQK5TY9o/XaKI53eVOTiyDa?= =?us-ascii?Q?i9WtVt985002HAYIYcRpji2ENggm02fIZAk2VpRAqZCMxKAVqphx25+mmZG+?= =?us-ascii?Q?hShn52puB8w4I9Zdogk9hwd+CZqykk6qYTo1yKtU3lxIwBc+gvsUTLbxOklk?= =?us-ascii?Q?pBevJe4z0sQE7kuONIr9SaonkbXSsF0k92Oa5fVon7I5D05cDbJ88ykB+9OQ?= =?us-ascii?Q?Tpd0iIlVvzPKeb72nLi1cUsPueDc9d64S5xssDrz32T0gmrae+m4Jo7JRoDT?= =?us-ascii?Q?E7s/IkHYbgbVMFkfMgRjG0mMRPah0njh/y45c/9MiBO1zzRYQIuRjQ5KIrK9?= =?us-ascii?Q?C19kAsuA/iUIdaQQ20NvhYXkmY1sHkoB7ioyVcOpK/2qoP7+kjdioHQl42FN?= =?us-ascii?Q?54jmIjxTh8VpAX1e6/oZ9D81EAGVDBZvxu5xYg9gPYfalupUZyC2pFcg8Crz?= =?us-ascii?Q?g0lDNv250ywRg+Nq959VhVHYUV24IRh8lue4C9xzr85lXK6tyqjl//c8LTBS?= =?us-ascii?Q?OFCYha03JopkcnxZnAwdS+HUwCC2ZU5NVNXHzhhtgE4E+6T7pHVA5QjztP9m?= =?us-ascii?Q?AcI+iOgRH3e2veyU7OfrDH8MJU+OjdRVMivZHraaUuK9egii8zjezU7LG/Ef?= =?us-ascii?Q?lvHqKnivurUgYzYcSSbyOFOYnacZc4W7NE5vrcNxtWOO5kd20pmcpsiK4ENV?= =?us-ascii?Q?M7WEP0f92XA+0OXOMUfo4zg0LcAl4ad5aUbAdpD3HFANSasgar6KRTxb52wp?= =?us-ascii?Q?0kVtefXcCBjEwf1OGzwzkJbdsZb5QF7nT39LacFWoqgwQd4Tciz0EU+CAVzo?= =?us-ascii?Q?9xV3cYp7Bi3uhiBJEr7qPZQDZxApWy+AJkUKHncaxMSWtjd/w72HPNTVRNN+?= =?us-ascii?Q?bMr4lazJGos8vWaaFuvbMXT2h0GqrxwTLenjmSq122zLNIcAuhuUXuVjH+SW?= =?us-ascii?Q?5M5WN1Tfj+X4HY8zqjJeB9TJymW4H85uexjfDN+/F2y/Gy/U2Eo8jzgz0RHh?= =?us-ascii?Q?Ip3bekN/f9Up8/QQgIRyQvCrkrutSyleXjCUwenplRlwjXGQndpvqVo9Ggin?= =?us-ascii?Q?ZWR4DZPzXXDhWjjw4Lt9YhS6KNG2edd6YBiqvt3V/PwTMpL2fg=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB4508.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(376014)(366016)(1800799024)(38070700018); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Lwyor/BQKlfcFCfEMUGgTJjCZA/FMm+dywqHWvAGYbrVoZJeCURFRB2Xdk1I?= =?us-ascii?Q?t/JXnIuieKzxRz0MfJHsFVoqIUR3FwZSQ+iuQ9YwFwdJzkOeF0pSB/SwQPeb?= =?us-ascii?Q?49tI2kCEydBQaLqmkvqt+P7YPg37BwOz2yg2fGelr+xX1pO/mLrrFFwN9PXF?= =?us-ascii?Q?8C23eOcpGlN+yCNeq2hneZ5KdPJhI6YUHI97K2bArLdCtZcDCi0HfL7nAcAa?= =?us-ascii?Q?aGdpJEd4g9qpNjnJTQaYpW0W7bsvQ8Tpd5awJo/7Whux7qimcSF2faHa2jVS?= =?us-ascii?Q?2KxjQWCW4J8KRdRlIk58xofunnKydth8BKniRcRZhb22TNpYSX1MPk1wJRKx?= =?us-ascii?Q?ChNi73XRb+dDow9lGhgbFfr1GuADo3XKHTLROfZOu9F354VGqy01URK7JlSY?= =?us-ascii?Q?HxfTGw6D2JNg+jGBoqnX1Trsx7QScn9xrE95wmbFS0ulNve1HHYmWdbmusKp?= =?us-ascii?Q?0GqNnwUkjQV+TMXRDoXewksR51lqzj1uldbfLtnZPUztqNcNCElXUQ5uc3Gy?= =?us-ascii?Q?CiaiUwd0BsNXKNcqd5/HJGMlujv5YPA0jLxzUQ0CDMmTgnU9BL7NmgQevq4m?= =?us-ascii?Q?EcjnFimc8MHxKmS5vTYdaEPVzRq+c2zpLhgh+rFcTrh4+dJhVn4fUsXOI7xt?= =?us-ascii?Q?+4rQLv3TGvLtiIjFGvL0idinGw9B39HAjueW2Mbh83bNsPqLKaUbsNwsuDuL?= =?us-ascii?Q?MqgVZMHPyo6sUDyg+BsqxAwISdftOgEikJQJAIDrd/bpQH8LgGqYn/UG35DL?= =?us-ascii?Q?v4MYsYQpLOELfottaNjf1wr3xZMBmLPG2vouJDPetiEXOSr6HYgC0cYXeLwY?= =?us-ascii?Q?/ue6MeZbSn4SWZFDKeBu1qb8K36ZoOCqBUO5mOqREBE2vubQP0CEUFq5rBzK?= =?us-ascii?Q?eyY7JOt+7a2qZ6Akc0HcLa60RGWJshoaIRTj79B9PRbBC0hV2nTQdQFkx8Ce?= =?us-ascii?Q?wD1Nw6uqDmDAlHmoJdzhphh7P0ZAbD0kbozsrBLlGa+X1mK+6j20UxFJMjNy?= =?us-ascii?Q?uyLC8dPmM4z7WbJwkfEbzwAZN9WP4ri220VZzpXXyez8/HGpiLQL2NwhDAz7?= =?us-ascii?Q?d8gduA6z4HQBm66pBtGeR/W/ant5U0ps6zrSDmarUontNdypR/fEdFQ/nafN?= =?us-ascii?Q?dLg5+4NksMebkbi1I7Xlcpu2817EnOIN8Qm5wIf3QCyKvK94UgFylBxfzUeK?= =?us-ascii?Q?tDgU6022DdHKTVOyTgsjppsepIlr2Jr6jQ/1NSp7+6KH2l0V7FHA9XYToVZd?= =?us-ascii?Q?0TPWc+0vaLCYOCDMr/145FT2Dz9oNyclVloBPlTNy6WhzRc+7oQc0dVyjLIC?= =?us-ascii?Q?J3Qdnq+wNsLIxmgFk9mrJ16dP1BzOUide4LTLiBsokymA+3/p6V0spvWqDHD?= =?us-ascii?Q?sWQdE4SnZqwa1goaky/W6mV5ds1KWMVkOXmtIFyHqpmNm+B0xiHT0bfL52Mq?= =?us-ascii?Q?wVkGX4gF5EupnN7ZwRJxVeemxBp/8Y917negmxwoSv0Hy96GXijvaDSJLl5P?= =?us-ascii?Q?Zxwg8qVj63u4t/xtOqKnr+OS6PXdpaL5aTIIR4w1JPcT3O3SCJbF1FCpm+Ob?= =?us-ascii?Q?H3U+JrmvJJBX/Hj9/pXzTJm2KZEggR0/xR0H79AD?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB4508.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: eef6d059-5fc0-42f6-3f38-08dcdd598da3 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2024 11:59:47.7771 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 66xWV58W4FDZrSqxEymbvNSMMVwStjk2A6+jwsxOJW0cqre0+2hpBa24ySv55B8B3N3GFY3iKUDT054x775+NA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS1PR18MB6195 X-Proofpoint-GUID: nBDVwoXUoz2tkPIrPs8ovcm68gf_vdLU X-Proofpoint-ORIG-GUID: nBDVwoXUoz2tkPIrPs8ovcm68gf_vdLU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Realized that I missed to respond to one of your comments regarding the use= of union. Please find the comment below. > > > > Introduce stateless packet preparation API for IPsec processing. > > > > The new API would allow preparation of IPsec packets without > > > > altering the internal state of an IPsec session. > > > > > > > > For outbound IPsec processing, the change enables user to provide > > > > sequence number to be used for the IPsec operation. > > > > > > Few questions/nits below. > > > As a generic one - we need to add a use-case/test-case for it. > > > Without it I think the patch is incomplete. > > > > Ack. Will add test-case with v3. > > > > > > > > > > > > > Signed-off-by: Aakash Sasidharan > > > > --- > > > > lib/ipsec/esp_outb.c | 85 > > > > +++++++++++++++++++++++++++++++------------ > > > > lib/ipsec/rte_ipsec.h | 68 ++++++++++++++++++++++++++++++++++ > > > > lib/ipsec/sa.c | 4 +- > > > > lib/ipsec/sa.h | 8 ++++ > > > > 4 files changed, 140 insertions(+), 25 deletions(-) > > > > > > > > diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c index > > > > ec87b1dce2..de28cb166d 100644 > > > > --- a/lib/ipsec/esp_outb.c > > > > +++ b/lib/ipsec/esp_outb.c > > > > @@ -288,13 +288,12 @@ outb_pkt_xprepare(const struct rte_ipsec_sa > > > > *sa, rte_be64_t sqc, > > > > /* > > > > * setup/update packets and crypto ops for ESP outbound tunnel cas= e. > > > > */ > > > > -uint16_t > > > > -esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct > > > > rte_mbuf > > > *mb[], > > > > - struct rte_crypto_op *cop[], uint16_t num) > > > > +static inline uint16_t > > > > +esp_outb_tun_prepare_helper(const struct rte_ipsec_session *ss, > > > > +struct > > > rte_mbuf *mb[], > > > > + struct rte_crypto_op *cop[], uint16_t num, uint64_t sqn) > > > > { > > > > int32_t rc; > > > > - uint32_t i, k, n; > > > > - uint64_t sqn; > > > > + uint32_t i, k, n =3D num; > > > > > > You can just do s/num/n/ in function parameter list, then you don't > > > need to keep 'num' at all. > > > > This function will be called for normal IPsec processing. The function > > esn_outb_update_sqn() updates the local variable n passed as parameter > > in OVERFLOW case. If we remove the local variable n, this error path > > would be lost and it is not our intention I believe. >=20 > Apologies. Replied too soon. I understand your suggestion and will update > that in v3. >=20 > > > > > > > > > rte_be64_t sqc; > > > > struct rte_ipsec_sa *sa; > > > > struct rte_cryptodev_sym_session *cs; @@ -305,11 +304,6 @@ > > > > esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct > > > > rte_mbuf > > > *mb[], > > > > sa =3D ss->sa; > > > > cs =3D ss->crypto.ses; > > > > > > > > - n =3D num; > > > > - sqn =3D esn_outb_update_sqn(sa, &n); > > > > - if (n !=3D num) > > > > - rte_errno =3D EOVERFLOW; > > > > - > > > > k =3D 0; > > > > for (i =3D 0; i !=3D n; i++) { > > > > > > > > @@ -339,6 +333,30 @@ esp_outb_tun_prepare(const struct > > > rte_ipsec_session *ss, struct rte_mbuf *mb[], > > > > return k; > > > > } > > > > > > > > +uint16_t > > > > +esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct > > > > +rte_mbuf > > > *mb[], > > > > + struct rte_crypto_op *cop[], uint16_t num) { > > > > + uint64_t sqn; > > > > + uint32_t n; > > > > + > > > > + n =3D num; > > > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > > > + if (n !=3D num) > > > > + rte_errno =3D EOVERFLOW; > > > > + > > > > + return esp_outb_tun_prepare_helper(ss, mb, cop, n, sqn); } > > > > + > > > > +uint16_t > > > > +esp_outb_tun_prepare_stateless(const struct rte_ipsec_session > > > > +*ss, struct > > > rte_mbuf *mb[], > > > > + struct rte_crypto_op *cop[], uint16_t num, struct > > > > +rte_ipsec_state > > > > +*state) { > > > > + uint64_t sqn =3D state->sqn; > > > > + > > > > + return esp_outb_tun_prepare_helper(ss, mb, cop, num, sqn); } > > > > + > > > > /* > > > > * setup/update packet data and metadata for ESP outbound > > > > transport > > case. > > > > */ > > > > @@ -529,16 +547,15 @@ outb_cpu_crypto_prepare(const struct > > > rte_ipsec_sa *sa, uint32_t *pofs, > > > > return clen; > > > > } > > > > > > > > -static uint16_t > > > > -cpu_outb_pkt_prepare(const struct rte_ipsec_session *ss, > > > > - struct rte_mbuf *mb[], uint16_t num, > > > > - esp_outb_prepare_t prepare, uint32_t cofs_mask) > > > > +static inline uint16_t > > > > +cpu_outb_pkt_prepare_helper(const struct rte_ipsec_session *ss, > > > > + struct rte_mbuf *mb[], uint16_t num, esp_outb_prepare_t > > > prepare, > > > > + uint32_t cofs_mask, uint64_t sqn) > > > > { > > > > int32_t rc; > > > > - uint64_t sqn; > > > > rte_be64_t sqc; > > > > struct rte_ipsec_sa *sa; > > > > - uint32_t i, k, n; > > > > + uint32_t i, k, n =3D num; > > > > > > Same here, you can just use 'n' instead of 'num'. > > > > Same comment as above. > > > > > > > > > uint32_t l2, l3; > > > > union sym_op_data icv; > > > > struct rte_crypto_va_iova_ptr iv[num]; @@ -551,11 +568,6 @@ > > > > cpu_outb_pkt_prepare(const struct rte_ipsec_session *ss, > > > > > > > > sa =3D ss->sa; > > > > > > > > - n =3D num; > > > > - sqn =3D esn_outb_update_sqn(sa, &n); > > > > - if (n !=3D num) > > > > - rte_errno =3D EOVERFLOW; > > > > - > > > > for (i =3D 0, k =3D 0; i !=3D n; i++) { > > > > > > > > l2 =3D mb[i]->l2_len; > > > > @@ -604,15 +616,40 @@ uint16_t > > > > cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *ss, > > > > struct rte_mbuf *mb[], uint16_t num) { > > > > - return cpu_outb_pkt_prepare(ss, mb, num, outb_tun_pkt_prepare, > > > 0); > > > > + uint64_t sqn; > > > > + uint32_t n; > > > > + > > > > + n =3D num; > > > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > > > + if (n !=3D num) > > > > + rte_errno =3D EOVERFLOW; > > > > + > > > > + return cpu_outb_pkt_prepare_helper(ss, mb, n, > > > outb_tun_pkt_prepare, > > > > +0, sqn); } > > > > + > > > > +uint16_t > > > > +cpu_outb_tun_pkt_prepare_stateless(const struct rte_ipsec_session > *ss, > > > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state > > > *state) > > > > +{ > > > > + uint64_t sqn =3D state->sqn; > > > > + > > > > + return cpu_outb_pkt_prepare_helper(ss, mb, num, > > > > +outb_tun_pkt_prepare, 0, sqn); > > > > } > > > > > > > > uint16_t > > > > cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss, > > > > struct rte_mbuf *mb[], uint16_t num) { > > > > - return cpu_outb_pkt_prepare(ss, mb, num, outb_trs_pkt_prepare, > > > > - UINT32_MAX); > > > > + uint64_t sqn; > > > > + uint32_t n; > > > > + > > > > + n =3D num; > > > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > > > + if (n !=3D num) > > > > + rte_errno =3D EOVERFLOW; > > > > + > > > > + return cpu_outb_pkt_prepare_helper(ss, mb, n, > > > outb_trs_pkt_prepare, > > > > + UINT32_MAX, sqn); > > > > } > > > > > > > > /* > > > > diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h index > > > > f15f6f2966..b462068203 100644 > > > > --- a/lib/ipsec/rte_ipsec.h > > > > +++ b/lib/ipsec/rte_ipsec.h > > > > @@ -23,11 +23,26 @@ extern "C" { > > > > > > > > struct rte_ipsec_session; > > > > > > > > +/** > > > > + * IPsec state for stateless processing of a batch of IPsec packet= s. > > > > + */ > > > > +struct rte_ipsec_state { > > > > + union { > > > > > > Curious what is the purpose of 'union' here? > > > What other mutually exclusive fields you plan to add here? Our intention was to use a union to facilitate future support for the inbou= nd path. Would it be more appropriate to define the rte_ipsec_state itself as a unio= n? For example: union rte_ipsec_state { struct { uint64_t sqn; } outbound; }; What do you think would be the best approach to future-proof the API? > > > > > > > + /** > > > > + * 64 bit sequence number to be used for the first packet of > > > the > > > > + * batch of packets. > > > > + */ > > > > + uint64_t sqn; > > > > + }; > > > > +}; > > > > + > > > > /** > > > > * IPsec session specific functions that will be used to: > > > > * - prepare - for input mbufs and given IPsec session prepare cry= pto ops > > > > * that can be enqueued into the cryptodev associated with given > > session > > > > * (see *rte_ipsec_pkt_crypto_prepare* below for more details). > > > > + * - prepare_stateless - similar to prepare, but further processin= g is done > > > > + * based on IPsec state provided by the 'state' parameter. > > > > * - process - finalize processing of packets after crypto-dev fin= ished > > > > * with them or process packets that are subjects to inline IPse= c offload > > > > * (see rte_ipsec_pkt_process for more details). > > > > @@ -42,6 +57,17 @@ struct rte_ipsec_sa_pkt_func { > > > > struct rte_mbuf *mb[], > > > > uint16_t num); > > > > } prepare; > > > > + union { > > > > + uint16_t (*async)(const struct rte_ipsec_session *ss, > > > > + struct rte_mbuf *mb[], > > > > + struct rte_crypto_op *cop[], > > > > + uint16_t num, > > > > + struct rte_ipsec_state *state); > > > > + uint16_t (*sync)(const struct rte_ipsec_session *ss, > > > > + struct rte_mbuf *mb[], > > > > + uint16_t num, > > > > + struct rte_ipsec_state *state); > > > > + } prepare_stateless; > > > > uint16_t (*process)(const struct rte_ipsec_session *ss, > > > > struct rte_mbuf *mb[], > > > > uint16_t num); > > > > @@ -128,6 +154,48 @@ rte_ipsec_pkt_cpu_prepare(const struct > > > rte_ipsec_session *ss, > > > > return ss->pkt_func.prepare.sync(ss, mb, num); } > > > > > > > > +/** > > > > + * Same as rte_ipsec_pkt_crypto_prepare, but processing is done > > > > +based on > > > > + * IPsec state provided by the 'state' parameter. Internal IPsec > > > > +state won't > > > > + * be updated when this API is called. > > > > + * > > > > + * For input mbufs and given IPsec session prepare crypto ops > > > > +that can be > > > > + * enqueued into the cryptodev associated with given session. > > > > + * expects that for each input packet: > > > > + * - l2_len, l3_len are setup correctly > > > > + * Note that erroneous mbufs are not freed by the function, > > > > + * but are placed beyond last valid mbuf in the *mb* array. > > > > + * It is a user responsibility to handle them further. > > > > + * @param ss > > > > + * Pointer to the *rte_ipsec_session* object the packets belong = to. > > > > + * @param mb > > > > + * The address of an array of *num* pointers to *rte_mbuf* struc= tures > > > > + * which contain the input packets. > > > > + * @param cop > > > > + * The address of an array of *num* pointers to the output > > > *rte_crypto_op* > > > > + * structures. > > > > + * @param num > > > > + * The maximum number of packets to process. > > > > + * @param state > > > > + * The IPsec state to be used for processing current batch of pa= ckets. > > > > + * @return > > > > + * Number of successfully processed packets, with error code set= in > > > rte_errno. > > > > + */ > > > > > > We probably need to mark new API as 'rte_experimental'. > > > > Ack. Will update in v3. > > > > > > > > > +static inline uint16_t > > > > +rte_ipsec_pkt_crypto_prepare_stateless(const struct > > > > +rte_ipsec_session > > *ss, > > > > + struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num, > > > > + struct rte_ipsec_state *state) > > > > +{ > > > > + return ss->pkt_func.prepare_stateless.async(ss, mb, cop, num, > > > > +state); } > > > > + > > > > +static inline uint16_t > > > > +rte_ipsec_pkt_cpu_prepare_stateless(const struct rte_ipsec_session= *ss, > > > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state > > > > +*state) { > > > > + return ss->pkt_func.prepare_stateless.sync(ss, mb, num, state); > > > > +} > > > > + > > > > /** > > > > * Finalise processing of packets after crypto-dev finished with t= hem or > > > > * process packets that are subjects to inline IPsec offload. > > > > diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c index > > > > 2297bd6d72..741e079831 100644 > > > > --- a/lib/ipsec/sa.c > > > > +++ b/lib/ipsec/sa.c > > > > @@ -710,6 +710,7 @@ lksd_none_pkt_func_select(const struct > > > rte_ipsec_sa *sa, > > > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4): > > > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6): > > > > pf->prepare.async =3D esp_outb_tun_prepare; > > > > + pf->prepare_stateless.async =3D > > > esp_outb_tun_prepare_stateless; > > > > pf->process =3D (sa->sqh_len !=3D 0) ? > > > > esp_outb_sqh_process : pkt_flag_process; > > > > break; > > > > @@ -748,6 +749,7 @@ cpu_crypto_pkt_func_select(const struct > > > rte_ipsec_sa *sa, > > > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4): > > > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6): > > > > pf->prepare.sync =3D cpu_outb_tun_pkt_prepare; > > > > + pf->prepare_stateless.sync =3D > > > cpu_outb_tun_pkt_prepare_stateless; > > > > pf->process =3D (sa->sqh_len !=3D 0) ? > > > > esp_outb_sqh_process : pkt_flag_process; > > > > break; > > > > @@ -810,7 +812,7 @@ ipsec_sa_pkt_func_select(const struct > > > rte_ipsec_session *ss, > > > > int32_t rc; > > > > > > > > rc =3D 0; > > > > - pf[0] =3D (struct rte_ipsec_sa_pkt_func) { {NULL}, NULL }; > > > > + pf[0] =3D (struct rte_ipsec_sa_pkt_func) { {NULL}, {NULL}, NULL }= ; > > > > > > > > switch (ss->type) { > > > > case RTE_SECURITY_ACTION_TYPE_NONE: > > > > diff --git a/lib/ipsec/sa.h b/lib/ipsec/sa.h index > > > > 719b5c735c..9b53586b2d 100644 > > > > --- a/lib/ipsec/sa.h > > > > +++ b/lib/ipsec/sa.h > > > > @@ -179,6 +179,10 @@ uint16_t > > > > esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct > > > > rte_mbuf > > > *mb[], > > > > struct rte_crypto_op *cop[], uint16_t num); > > > > > > > > +uint16_t > > > > +esp_outb_tun_prepare_stateless(const struct rte_ipsec_session > > > > +*ss, struct > > > rte_mbuf *mb[], > > > > + struct rte_crypto_op *cop[], uint16_t num, struct > > > > +rte_ipsec_state *state); > > > > + > > > > uint16_t > > > > esp_outb_trs_prepare(const struct rte_ipsec_session *ss, struct > > > > rte_mbuf > > > *mb[], > > > > struct rte_crypto_op *cop[], uint16_t num); @@ -207,6 +211,10 @@ > > > > uint16_t cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *= ss, > > > > struct rte_mbuf *mb[], uint16_t num); uint16_t > > > > +cpu_outb_tun_pkt_prepare_stateless(const struct rte_ipsec_session > *ss, > > > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state > > > > +*state); > > > > + > > > > +uint16_t > > > > cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss, > > > > struct rte_mbuf *mb[], uint16_t num); > > > > > > > > -- > > > > 2.25.1