From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DFC0C459DC; Fri, 20 Sep 2024 04:12:16 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7349040669; Fri, 20 Sep 2024 04:12:16 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id EA675400EF for ; Fri, 20 Sep 2024 04:12:14 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48JKk67B014248; Thu, 19 Sep 2024 19:12:14 -0700 Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2040.outbound.protection.outlook.com [104.47.57.40]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 41qdwgmb0c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 19:12:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Qs1O3y4NpujEgyW0Agbm+CTBy0v8a6GPyQlaKc+fPE6k1FC2MPct//GeSE8p5XwWC9ACBIptjsFoKhY/Qd/1gRh77velcGysm4zD+8CL41R1zapGK13KTD0ys/hdFfRiJIinmHRfkLjrB0Hjomd79olMH+RQtvUd0ay68bAnsfol9Cx12Bm/ITh439oQjIy9/yNYB4MMDjRQd9XmPrBICUF4NH+lpayh5h1ZazvzN8AoiQItii3i/x2TYW1zSNmFJCqygt6Sb35mMjLQdSzGlmG2+qzrRuoboreMLpY9Vg1XLjA7JUdRJaORcgNnGr8U74yK/yFs8VnHe+rLRo5y8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=F7ruGhU07rXZErNHJVH02iS1hKAGxnxnVTLhgct09c0=; b=LhBtp9ZCy+YNbwJQ/ZCsqUTHknR/0whJaCHKGcxQ+kViO3ZKNrRuLtIoiUAxl8wJTQj+nXBT4YHirAWWFuuK7nn6BTR6HbUrygmkHgZASHBnno3QtQ9lIo+JzfvbS68fW2GDkLcpWSdsjUY/PslkXpjEZ1FZgT6ASimFDj+kET2PgSMV9xjCXl+4W+cCim8xgjaMmhBT4S8CfEr+gLu+ZJBWo6wBf/ZKXZ4UdPH/S1rAfbp8YABV1oN/FwovEuVwjeYNV+ZmUmwRgTyrf53T+gksfxL6oOA3zirjwW5yMEUzFzpkRPCPs17RGQB1cBafmOiEVug0k3I9HtgLCs59EA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F7ruGhU07rXZErNHJVH02iS1hKAGxnxnVTLhgct09c0=; b=KUIQHoVB83EqUCaQOlxZ9/HhfphoanV2NkBfoflpJgQBQNaYCn7sus3JlcOULoMpIhcXuG6lEJy8/43r/sHqN64fxeBdAPBZgORa4yPyMnR8B4gG1CJEtAer65NQKLlyULI59DCx3+ZUFjhiejX2tJNYj9EPCXPFV3cW1Fppm60= Received: from PH0PR18MB4508.namprd18.prod.outlook.com (2603:10b6:510:e6::21) by MW4PR18MB5229.namprd18.prod.outlook.com (2603:10b6:303:1a5::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.17; Fri, 20 Sep 2024 02:12:11 +0000 Received: from PH0PR18MB4508.namprd18.prod.outlook.com ([fe80::c4a3:f671:373a:b410]) by PH0PR18MB4508.namprd18.prod.outlook.com ([fe80::c4a3:f671:373a:b410%4]) with mapi id 15.20.7982.018; Fri, 20 Sep 2024 02:12:10 +0000 From: Aakash Sasidharan To: Konstantin Ananyev , Konstantin Ananyev , Vladimir Medvedkin CC: Akhil Goyal , Jerin Jacob , Anoob Joseph , Vidya Sagar Velumuri , "dev@dpdk.org" Subject: RE: [PATCH v2] ipsec: allow stateless IPsec processing Thread-Topic: [PATCH v2] ipsec: allow stateless IPsec processing Thread-Index: AQHbAeZQdkrYxgFgAkCyikZlP1mmqrJcReaAgAO4YSA= Date: Fri, 20 Sep 2024 02:12:10 +0000 Message-ID: References: <20240907102524.2686767-1-asasidharan@marvell.com> <20240908115733.2708942-1-asasidharan@marvell.com> <692b6f6259a0429bae57826d3ec08dc8@huawei.com> In-Reply-To: <692b6f6259a0429bae57826d3ec08dc8@huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR18MB4508:EE_|MW4PR18MB5229:EE_ x-ms-office365-filtering-correlation-id: 58a18061-86dd-4144-559c-08dcd919a2ab x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; ARA:13230040|376014|366016|1800799024|38070700018; x-microsoft-antispam-message-info: =?us-ascii?Q?bS8zPfZX/lhUht73O9xmPb1Bxxl6IYJzSwJ1cjNmjtSUcfLWYTta9RNnRG/3?= =?us-ascii?Q?krg/bekXcBy/z6HFLrmIX/SX96mNj5m5l8faffHwcchXWXlzf3v222ny0tUq?= =?us-ascii?Q?VRTvQ/rTKPity7V/hfc/morviOP+bciYk3ZgoitoMKo+KNZtranliik/XNE7?= =?us-ascii?Q?SG/EPY8Zj8joqYJLPDqoN8X6WA5lIZPSWe6emJpiulpOTUngc3wceZOdd5ZR?= =?us-ascii?Q?8q/iMKQ3g6aL62p8FINr1bRoDZAMiwk+y1EQzlBhUETe10AFlN2r2QSXnDf3?= =?us-ascii?Q?LrUdYRifz3JkpyHCdqB8LKFayadnvPoqov44QQTSWlzGZy+gNGHKJ7BFsIyz?= =?us-ascii?Q?Bg8Z2MMkWyFswtowylnYI1/h2hVo9Uk1t8wePJfBEI0FNFThCWz17rjU4bnm?= =?us-ascii?Q?IvX8UqK9/kG79Hla0UWAMjBchEc1hSwLIKTGKd3kk9m4t0KyYeSQZrQmQDO4?= =?us-ascii?Q?TB1jFaSRLhqsy67ut72rDxr/8NUnp8s4W6Lr+CzFZLFWDriAKgpG0YAMxUw8?= =?us-ascii?Q?m+E/no52N0UrXZ4qFFEq82NwfcNG5lACuKSMgIr1g74wxO6GLMpT8C2G1c3T?= =?us-ascii?Q?3gWJ/jsWZGl+GWRL9KPfvaMXhT74dzSMPgwtSV4qeWSQNOfbSzVSZRt13Ndj?= =?us-ascii?Q?WDOdexw/3EnKyW2feo0EqcqgNhGhVauvhLMOvWeUbZnjNEb96C1hxtZl3vJd?= =?us-ascii?Q?zlXj/T238MUyu6jab4aJffTkCBnRqaVUZp+3YA/o7fKkjuLoarChfFSjlLZL?= =?us-ascii?Q?Bag2OClBzja5+ooUOCdM3uIwl0Z9DBH0y/PKQyTtHcGKqw7cB0AOSh4L8HPX?= =?us-ascii?Q?a3KVOQcQzKLnjx0v91BbMeY/m2UsFEtzoI7FIXv0uxI11MU9zSqKu2y3pxTM?= =?us-ascii?Q?n6EShGbkashZiyPjIBUYws3KEJm1EAEe9FT0yCCThrLIoiVL02gdcDVlmPRZ?= =?us-ascii?Q?rQbX6/VhU71afqVROlQ9GMV4ZtSx9Xh+Et/AIXaDztWAGs7nCX5IzTCYCMxn?= =?us-ascii?Q?PneyTacuqbKT9TCfFL0DVlASK/yYck/VoGdrwvtAQx5XZ2dukldGa/UgYmB2?= =?us-ascii?Q?o45a0G1K35OP+9nvqpMVaoMd6C1QL4fFRKb3nMOKZTKxtkaKpVtcQmGE6sYd?= =?us-ascii?Q?sjR1Jt1ETA6yopPfLv26/58rLynRqCgl+XP78urbTM7H7GE8tZ1N1pGprLgm?= =?us-ascii?Q?ASEs+GQcdXtxkuwjZfO+ADjMWlq3PpyLi0rOZtvKEfYOHJHEZfwFuWGQt69r?= =?us-ascii?Q?IKWbFLOV4Lm2S+ckanqUs+ORedxECleKmf+ernXQwZHHBTt1Wdd/zHcPBFHx?= =?us-ascii?Q?Gg+utRhpl1xdbUIa8GtVt3qyOBN38u17Ue7i9ff/Y53t8mlUM69i3dxIapuw?= =?us-ascii?Q?ruqNlj8FCtj9wmJBUuEvxpufEFh9/TQLfqBSzdluUlv9pfHfbg=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB4508.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(376014)(366016)(1800799024)(38070700018); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?JtHt1oYclMv9JSRs3p2jscZIUP/wNyu9InWb94a20IEpnkTbpMesEXwM8IDx?= =?us-ascii?Q?XoTfcjxuBP0rEdBel/EXljocgs8O3QGa+PPrA6qsZYa0V1aSqLAR7GVOUKEX?= =?us-ascii?Q?2MCncoE5M4BuggDnlusUOoOvfxhEs4mGXn1IOSerS74k1cQEn26VtdK/uzgg?= =?us-ascii?Q?HUH2mLKAEIdR9wOJx7KJEV09Thgx8MFt51AHvHjH+8ox5ADTweX9acLlMyW9?= =?us-ascii?Q?7O4i2rzuhqisAZG6GhD6U+GkRdDDSsBTuN/oZ0SxNhLIKMfVLMxL0JXKSGrY?= =?us-ascii?Q?oDLfiyX4ally+tk30lDUIWIK3D1i5LNWW7D+qo95nxdmFNcL94NQmdfGqm9a?= =?us-ascii?Q?vCT+F6DMTsEsTF9x65yr2ZaOjMojpuSmy+CkLUOlPsVN7LBIBvx05fK6qNFL?= =?us-ascii?Q?QLUvJttk4170CcAqvYaVpVcqCZz6GmgUmugMmNQYM7vAZNTJBqUz3bDX+9Yr?= =?us-ascii?Q?2FzquZh5Dx+Q6pfHxsDyrijai4QPiEmiJXCWIDciFNY2q8uZLn1cFKjPNapo?= =?us-ascii?Q?jblFeTTrqgdV03TkTj/f6c+v7cprCwPWacZkSGDon3up4ksqtIWlZ7iMpNR4?= =?us-ascii?Q?BYds5jF7TgnmiX1nNy7+doskcuMwXs+WyGC7K5yljfw0I5gJojKSkTM1rGlS?= =?us-ascii?Q?k8Bbj/XXzLDYzVtgPV3d45weug+Op1u48AqMhDDe5S1Wnbv1zaRn0mGP2yhw?= =?us-ascii?Q?hfW7XaVI2UgbEoBZpRz7DPdob2N0QQ0EkbOTpR2hpPo49E9k+gYKfDFPXENy?= =?us-ascii?Q?48Jac2E5Z3S3VaLDFdFe+RjMdJiTgBiMepmwPWNaY8bq+/7QMqFPKfkwfP/0?= =?us-ascii?Q?zhnrBWD3dI425xixxvyp0n+4HcllDHVwnSlZc9b1OLf2JOgpqOEGjnHA52Pq?= =?us-ascii?Q?YBfJxUnIUequ5CABnxsYSTIUhJcISNI/gQ52ivpFAu3F8L+0NoIc4Atsvy2r?= =?us-ascii?Q?Y2Yjzjk8girt7OxFymjgB9dE9bErHbh88DNhpCEWV/lijMzHxvV64IbT31/U?= =?us-ascii?Q?qNob1f0cKk+ikVYsRcOJzBbRix0GpZ2nk7e6dpSJB6NuirhQRAzZm1LSmTng?= =?us-ascii?Q?HnifnP4zNL92zcK7yhNyTBZrCTUBjOusfcRkKxSgU2sUsXcXhnYSaFC2xGhs?= =?us-ascii?Q?XPv8WNUuAY/TQN/+/R3TPNyj5FTRjZ6Z5qTkdZsEHgb9yc1cLbhvl1Z4glQT?= =?us-ascii?Q?tHpvP4pgWndI+ezBALMX5p10JDVLOAZTymksSJ7k9cYBvBm9cAKMTH5z0goQ?= =?us-ascii?Q?TxaNYRnGZyBFDOgitRrfd7iZku3ag0SolWSXy6K/4MldKc5p8x1d9FcCOBHZ?= =?us-ascii?Q?z9J3voYFiDa+o64UEpLhoMfofCv9rv+AMsk2v7sPViyDgJg3yJb6JSJZaESe?= =?us-ascii?Q?UpOoKc09PthydvVKkeafod0BKkvAPrsJ0zWwqwlvPZy3KzU8SuMCHf0YSB4b?= =?us-ascii?Q?7KlVaQ2tXHsiqhY2CV9uOunJNSkBRNkI+jgVIVzRKc9uGygKdvi8s8nRQ6SJ?= =?us-ascii?Q?jB8pUIpbDRZ+GB7AD1rPj01XstLkW1/QVidVXAL48e0eFLb59+8YPQn5tOkz?= =?us-ascii?Q?Z+Sb+CzWOTdiQcWNdgMlGEoMNNV/DqckEy2E8Yd8?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB4508.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 58a18061-86dd-4144-559c-08dcd919a2ab X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2024 02:12:10.6038 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TDhZX0dcohrSpmy+Z5Z3k9bXybIdcxVhdV+p7ZJPVi85YPaLkpw1BS+pvojC7EQvnzbgTTkPq7IilX9P5LRZ8Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR18MB5229 X-Proofpoint-GUID: ReU8nwyI4DSdy6MHbjW7fAPA7Iwz33IR X-Proofpoint-ORIG-GUID: ReU8nwyI4DSdy6MHbjW7fAPA7Iwz33IR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > > Introduce stateless packet preparation API for IPsec processing. The > > new API would allow preparation of IPsec packets without altering the > > internal state of an IPsec session. > > > > For outbound IPsec processing, the change enables user to provide > > sequence number to be used for the IPsec operation. >=20 > Few questions/nits below. > As a generic one - we need to add a use-case/test-case for it. > Without it I think the patch is incomplete. Ack. Will add test-case with v3. >=20 > > > > Signed-off-by: Aakash Sasidharan > > --- > > lib/ipsec/esp_outb.c | 85 > > +++++++++++++++++++++++++++++++------------ > > lib/ipsec/rte_ipsec.h | 68 ++++++++++++++++++++++++++++++++++ > > lib/ipsec/sa.c | 4 +- > > lib/ipsec/sa.h | 8 ++++ > > 4 files changed, 140 insertions(+), 25 deletions(-) > > > > diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c index > > ec87b1dce2..de28cb166d 100644 > > --- a/lib/ipsec/esp_outb.c > > +++ b/lib/ipsec/esp_outb.c > > @@ -288,13 +288,12 @@ outb_pkt_xprepare(const struct rte_ipsec_sa *sa, > > rte_be64_t sqc, > > /* > > * setup/update packets and crypto ops for ESP outbound tunnel case. > > */ > > -uint16_t > > -esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct rte_mb= uf > *mb[], > > - struct rte_crypto_op *cop[], uint16_t num) > > +static inline uint16_t > > +esp_outb_tun_prepare_helper(const struct rte_ipsec_session *ss, struct > rte_mbuf *mb[], > > + struct rte_crypto_op *cop[], uint16_t num, uint64_t sqn) > > { > > int32_t rc; > > - uint32_t i, k, n; > > - uint64_t sqn; > > + uint32_t i, k, n =3D num; >=20 > You can just do s/num/n/ in function parameter list, then you don't need = to > keep 'num' at all. This function will be called for normal IPsec processing. The function esn_= outb_update_sqn() updates the local variable n passed as parameter in OVERF= LOW case. If we remove the local variable n, this error path would be lost = and it is not our intention I believe. >=20 > > rte_be64_t sqc; > > struct rte_ipsec_sa *sa; > > struct rte_cryptodev_sym_session *cs; @@ -305,11 +304,6 @@ > > esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct rte_mbu= f > *mb[], > > sa =3D ss->sa; > > cs =3D ss->crypto.ses; > > > > - n =3D num; > > - sqn =3D esn_outb_update_sqn(sa, &n); > > - if (n !=3D num) > > - rte_errno =3D EOVERFLOW; > > - > > k =3D 0; > > for (i =3D 0; i !=3D n; i++) { > > > > @@ -339,6 +333,30 @@ esp_outb_tun_prepare(const struct > rte_ipsec_session *ss, struct rte_mbuf *mb[], > > return k; > > } > > > > +uint16_t > > +esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct rte_mb= uf > *mb[], > > + struct rte_crypto_op *cop[], uint16_t num) { > > + uint64_t sqn; > > + uint32_t n; > > + > > + n =3D num; > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > + if (n !=3D num) > > + rte_errno =3D EOVERFLOW; > > + > > + return esp_outb_tun_prepare_helper(ss, mb, cop, n, sqn); } > > + > > +uint16_t > > +esp_outb_tun_prepare_stateless(const struct rte_ipsec_session *ss, str= uct > rte_mbuf *mb[], > > + struct rte_crypto_op *cop[], uint16_t num, struct rte_ipsec_state > > +*state) { > > + uint64_t sqn =3D state->sqn; > > + > > + return esp_outb_tun_prepare_helper(ss, mb, cop, num, sqn); } > > + > > /* > > * setup/update packet data and metadata for ESP outbound transport ca= se. > > */ > > @@ -529,16 +547,15 @@ outb_cpu_crypto_prepare(const struct > rte_ipsec_sa *sa, uint32_t *pofs, > > return clen; > > } > > > > -static uint16_t > > -cpu_outb_pkt_prepare(const struct rte_ipsec_session *ss, > > - struct rte_mbuf *mb[], uint16_t num, > > - esp_outb_prepare_t prepare, uint32_t cofs_mask) > > +static inline uint16_t > > +cpu_outb_pkt_prepare_helper(const struct rte_ipsec_session *ss, > > + struct rte_mbuf *mb[], uint16_t num, esp_outb_prepare_t > prepare, > > + uint32_t cofs_mask, uint64_t sqn) > > { > > int32_t rc; > > - uint64_t sqn; > > rte_be64_t sqc; > > struct rte_ipsec_sa *sa; > > - uint32_t i, k, n; > > + uint32_t i, k, n =3D num; >=20 > Same here, you can just use 'n' instead of 'num'. Same comment as above. >=20 > > uint32_t l2, l3; > > union sym_op_data icv; > > struct rte_crypto_va_iova_ptr iv[num]; @@ -551,11 +568,6 @@ > > cpu_outb_pkt_prepare(const struct rte_ipsec_session *ss, > > > > sa =3D ss->sa; > > > > - n =3D num; > > - sqn =3D esn_outb_update_sqn(sa, &n); > > - if (n !=3D num) > > - rte_errno =3D EOVERFLOW; > > - > > for (i =3D 0, k =3D 0; i !=3D n; i++) { > > > > l2 =3D mb[i]->l2_len; > > @@ -604,15 +616,40 @@ uint16_t > > cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *ss, > > struct rte_mbuf *mb[], uint16_t num) { > > - return cpu_outb_pkt_prepare(ss, mb, num, outb_tun_pkt_prepare, > 0); > > + uint64_t sqn; > > + uint32_t n; > > + > > + n =3D num; > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > + if (n !=3D num) > > + rte_errno =3D EOVERFLOW; > > + > > + return cpu_outb_pkt_prepare_helper(ss, mb, n, > outb_tun_pkt_prepare, > > +0, sqn); } > > + > > +uint16_t > > +cpu_outb_tun_pkt_prepare_stateless(const struct rte_ipsec_session *ss, > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state > *state) > > +{ > > + uint64_t sqn =3D state->sqn; > > + > > + return cpu_outb_pkt_prepare_helper(ss, mb, num, > > +outb_tun_pkt_prepare, 0, sqn); > > } > > > > uint16_t > > cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss, > > struct rte_mbuf *mb[], uint16_t num) { > > - return cpu_outb_pkt_prepare(ss, mb, num, outb_trs_pkt_prepare, > > - UINT32_MAX); > > + uint64_t sqn; > > + uint32_t n; > > + > > + n =3D num; > > + sqn =3D esn_outb_update_sqn(ss->sa, &n); > > + if (n !=3D num) > > + rte_errno =3D EOVERFLOW; > > + > > + return cpu_outb_pkt_prepare_helper(ss, mb, n, > outb_trs_pkt_prepare, > > + UINT32_MAX, sqn); > > } > > > > /* > > diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h index > > f15f6f2966..b462068203 100644 > > --- a/lib/ipsec/rte_ipsec.h > > +++ b/lib/ipsec/rte_ipsec.h > > @@ -23,11 +23,26 @@ extern "C" { > > > > struct rte_ipsec_session; > > > > +/** > > + * IPsec state for stateless processing of a batch of IPsec packets. > > + */ > > +struct rte_ipsec_state { > > + union { >=20 > Curious what is the purpose of 'union' here? > What other mutually exclusive fields you plan to add here? >=20 > > + /** > > + * 64 bit sequence number to be used for the first packet of > the > > + * batch of packets. > > + */ > > + uint64_t sqn; > > + }; > > +}; > > + > > /** > > * IPsec session specific functions that will be used to: > > * - prepare - for input mbufs and given IPsec session prepare crypto = ops > > * that can be enqueued into the cryptodev associated with given ses= sion > > * (see *rte_ipsec_pkt_crypto_prepare* below for more details). > > + * - prepare_stateless - similar to prepare, but further processing is= done > > + * based on IPsec state provided by the 'state' parameter. > > * - process - finalize processing of packets after crypto-dev finishe= d > > * with them or process packets that are subjects to inline IPsec of= fload > > * (see rte_ipsec_pkt_process for more details). > > @@ -42,6 +57,17 @@ struct rte_ipsec_sa_pkt_func { > > struct rte_mbuf *mb[], > > uint16_t num); > > } prepare; > > + union { > > + uint16_t (*async)(const struct rte_ipsec_session *ss, > > + struct rte_mbuf *mb[], > > + struct rte_crypto_op *cop[], > > + uint16_t num, > > + struct rte_ipsec_state *state); > > + uint16_t (*sync)(const struct rte_ipsec_session *ss, > > + struct rte_mbuf *mb[], > > + uint16_t num, > > + struct rte_ipsec_state *state); > > + } prepare_stateless; > > uint16_t (*process)(const struct rte_ipsec_session *ss, > > struct rte_mbuf *mb[], > > uint16_t num); > > @@ -128,6 +154,48 @@ rte_ipsec_pkt_cpu_prepare(const struct > rte_ipsec_session *ss, > > return ss->pkt_func.prepare.sync(ss, mb, num); } > > > > +/** > > + * Same as rte_ipsec_pkt_crypto_prepare, but processing is done based > > +on > > + * IPsec state provided by the 'state' parameter. Internal IPsec > > +state won't > > + * be updated when this API is called. > > + * > > + * For input mbufs and given IPsec session prepare crypto ops that > > +can be > > + * enqueued into the cryptodev associated with given session. > > + * expects that for each input packet: > > + * - l2_len, l3_len are setup correctly > > + * Note that erroneous mbufs are not freed by the function, > > + * but are placed beyond last valid mbuf in the *mb* array. > > + * It is a user responsibility to handle them further. > > + * @param ss > > + * Pointer to the *rte_ipsec_session* object the packets belong to. > > + * @param mb > > + * The address of an array of *num* pointers to *rte_mbuf* structure= s > > + * which contain the input packets. > > + * @param cop > > + * The address of an array of *num* pointers to the output > *rte_crypto_op* > > + * structures. > > + * @param num > > + * The maximum number of packets to process. > > + * @param state > > + * The IPsec state to be used for processing current batch of packet= s. > > + * @return > > + * Number of successfully processed packets, with error code set in > rte_errno. > > + */ >=20 > We probably need to mark new API as 'rte_experimental'. Ack. Will update in v3. >=20 > > +static inline uint16_t > > +rte_ipsec_pkt_crypto_prepare_stateless(const struct rte_ipsec_session = *ss, > > + struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num, > > + struct rte_ipsec_state *state) > > +{ > > + return ss->pkt_func.prepare_stateless.async(ss, mb, cop, num, > > +state); } > > + > > +static inline uint16_t > > +rte_ipsec_pkt_cpu_prepare_stateless(const struct rte_ipsec_session *ss= , > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state *state) > > +{ > > + return ss->pkt_func.prepare_stateless.sync(ss, mb, num, state); } > > + > > /** > > * Finalise processing of packets after crypto-dev finished with them = or > > * process packets that are subjects to inline IPsec offload. > > diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c index > > 2297bd6d72..741e079831 100644 > > --- a/lib/ipsec/sa.c > > +++ b/lib/ipsec/sa.c > > @@ -710,6 +710,7 @@ lksd_none_pkt_func_select(const struct > rte_ipsec_sa *sa, > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4): > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6): > > pf->prepare.async =3D esp_outb_tun_prepare; > > + pf->prepare_stateless.async =3D > esp_outb_tun_prepare_stateless; > > pf->process =3D (sa->sqh_len !=3D 0) ? > > esp_outb_sqh_process : pkt_flag_process; > > break; > > @@ -748,6 +749,7 @@ cpu_crypto_pkt_func_select(const struct > rte_ipsec_sa *sa, > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4): > > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6): > > pf->prepare.sync =3D cpu_outb_tun_pkt_prepare; > > + pf->prepare_stateless.sync =3D > cpu_outb_tun_pkt_prepare_stateless; > > pf->process =3D (sa->sqh_len !=3D 0) ? > > esp_outb_sqh_process : pkt_flag_process; > > break; > > @@ -810,7 +812,7 @@ ipsec_sa_pkt_func_select(const struct > rte_ipsec_session *ss, > > int32_t rc; > > > > rc =3D 0; > > - pf[0] =3D (struct rte_ipsec_sa_pkt_func) { {NULL}, NULL }; > > + pf[0] =3D (struct rte_ipsec_sa_pkt_func) { {NULL}, {NULL}, NULL }; > > > > switch (ss->type) { > > case RTE_SECURITY_ACTION_TYPE_NONE: > > diff --git a/lib/ipsec/sa.h b/lib/ipsec/sa.h index > > 719b5c735c..9b53586b2d 100644 > > --- a/lib/ipsec/sa.h > > +++ b/lib/ipsec/sa.h > > @@ -179,6 +179,10 @@ uint16_t > > esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct rte_mb= uf > *mb[], > > struct rte_crypto_op *cop[], uint16_t num); > > > > +uint16_t > > +esp_outb_tun_prepare_stateless(const struct rte_ipsec_session *ss, str= uct > rte_mbuf *mb[], > > + struct rte_crypto_op *cop[], uint16_t num, struct rte_ipsec_state > > +*state); > > + > > uint16_t > > esp_outb_trs_prepare(const struct rte_ipsec_session *ss, struct rte_mb= uf > *mb[], > > struct rte_crypto_op *cop[], uint16_t num); @@ -207,6 +211,10 @@ > > uint16_t cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *ss, > > struct rte_mbuf *mb[], uint16_t num); uint16_t > > +cpu_outb_tun_pkt_prepare_stateless(const struct rte_ipsec_session *ss, > > + struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state > > +*state); > > + > > +uint16_t > > cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss, > > struct rte_mbuf *mb[], uint16_t num); > > > > -- > > 2.25.1