From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0047.outbound.protection.outlook.com [104.47.32.47]) by dpdk.org (Postfix) with ESMTP id 2245E11D4 for ; Thu, 3 Aug 2017 13:25:46 +0200 (CEST) Received: from CY4PR03CA0002.namprd03.prod.outlook.com (10.168.162.12) by BY1PR0301MB0902.namprd03.prod.outlook.com (10.160.195.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.22; Thu, 3 Aug 2017 11:25:45 +0000 Received: from BN1AFFO11FD045.protection.gbl (2a01:111:f400:7c10::195) by CY4PR03CA0002.outlook.office365.com (2603:10b6:903:33::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.22 via Frontend Transport; Thu, 3 Aug 2017 11:25:45 +0000 Authentication-Results: spf=fail (sender IP is 192.88.158.2) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.158.2 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.158.2; helo=az84smr01.freescale.net; Received: from az84smr01.freescale.net (192.88.158.2) by BN1AFFO11FD045.mail.protection.outlook.com (10.58.53.60) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1282.16 via Frontend Transport; Thu, 3 Aug 2017 11:25:45 +0000 Received: from [127.0.0.1] (B35197-11.ap.freescale.net [10.232.134.49]) by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id v73BPbEn019032; Thu, 3 Aug 2017 04:25:41 -0700 To: Hemant Agrawal , Declan Doherty , , CC: , , , References: <7834b3bd-0800-500c-1c89-3b89e2eb47fa@nxp.com> <20170725112153.29699-1-akhil.goyal@nxp.com> <9c0b8bdd-2693-4275-664f-8ccf7b368031@nxp.com> From: Akhil Goyal Message-ID: Date: Thu, 3 Aug 2017 16:55:36 +0530 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <9c0b8bdd-2693-4275-664f-8ccf7b368031@nxp.com> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-EOPAttributedMessage: 0 X-Matching-Connectors: 131462331457746503; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.158.2; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(336005)(39380400002)(39850400002)(39410400002)(39840400002)(39400400002)(39860400002)(39450400003)(2980300002)(1109001)(1110001)(339900001)(51914003)(199003)(377454003)(189002)(24454002)(189998001)(69596002)(498600001)(76176999)(54356999)(50986999)(68736007)(33646002)(81166006)(8936002)(8676002)(2906002)(229853002)(105606002)(81156014)(106466001)(31686004)(356003)(36756003)(230700001)(305945005)(8656003)(77096006)(93886004)(561944003)(50466002)(7246003)(7126002)(65826007)(5660300001)(104016004)(83506001)(85426001)(6666003)(120886001)(2950100002)(64126003)(4326008)(97736004)(86362001)(53546010)(65956001)(65806001)(6246003)(38730400002)(53936002)(2201001)(4001350100001)(31696002)(54906002)(47776003)(626005)(23746002)(217873001)(2101003); DIR:OUT; SFP:1101; SCL:1; SRVR:BY1PR0301MB0902; H:az84smr01.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1; BN1AFFO11FD045; 1:lDaFPUZB9oVneR4rgk8h+Hi9sf4FQ+z2ukzkx?= =?Windows-1252?Q?thKZ+EetnEYMZRDcPjVdQOb6lGTyZWjGYLjayDRycX8PZjno/Y330jzT?= =?Windows-1252?Q?XoZlb0lMCnsin6HoOqpuNVrQfALzQG2jkUfWccOHbcBevdDJi1JtTcws?= =?Windows-1252?Q?NgOSt1u9cSw0EwgsW6DJHnO+THxEvlxJURsrji4VUOVjOVWTapAVrpmW?= =?Windows-1252?Q?92cfty+1Z5gAQ83bkJtUQA7lJogippGH91eVgyaxEBQkDN2D8s9GQxwt?= =?Windows-1252?Q?0WkhGNMb5sBOGmJQo0rB0pplyOG3dD65OmoqBwaE0JdRhDdNNMg3jueB?= =?Windows-1252?Q?aiMgB13up2h4OeKN8z7G9uxlOifZ/1aAs9tJfzJaNEZcJMqMlqaoZi6T?= =?Windows-1252?Q?kx5Vd2KlulU9J/M1PRTKhj1YtaW3l0EsZ45tW2G1E3IF4xpxdl0xy7OF?= =?Windows-1252?Q?v8A69ez+xOJpNwnF22o6mh/mP/itUbmpM5F9L31ecBRE/gFXA+XogSaS?= =?Windows-1252?Q?vKbHDwwIlT1mz5mGTHkkAP+x+Y5czLt/ScG/3g6MskReoZnz35zjF3W4?= =?Windows-1252?Q?G8++mlQW43isB+7PYnFmXCRw/m2kALjVB0xthKqE2XN2D0sSwdqAJn/u?= =?Windows-1252?Q?abymDGvM4u7YFo0yY9Bir/nMW7Vpo6UdvhDEb0M3f+ethEg25svyFvvc?= =?Windows-1252?Q?F9vgfllZm/TOBgBu4p70ije8Mrj5P58IFcHM7DaAFvsfDoKuVY2SxkGP?= =?Windows-1252?Q?RtDM8VxfDmEj2VhtyVbr7a3Gbf/5jGLvGngvZZ88T/nzjDBHMMMTa2P9?= =?Windows-1252?Q?sQkBk8kX5o3LrKdvEbVUnGtr9sGRZhQrAl0loDegEFOSDvyRuww9Jjox?= =?Windows-1252?Q?vLJjfjMEkKgE9m2PTpmmV5VqTT3MuX9Hh26YGtBPCRSYtTdC44IkY2Fy?= =?Windows-1252?Q?1g6AGybWWyt2TZtcXcqfBRB2AtRPhoxlT7xZjHEcfJ6gyNAJoqXc7DMN?= =?Windows-1252?Q?v8gMZM96U/teZyigsubyzSoFfN3HavNxadP58J/SPItvdmdPxzPngMzg?= =?Windows-1252?Q?UO6SSUQRgqzJFb0xwaMACKppipy7oSNyvUi?= X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b0fa418e-618f-47bc-d4e8-08d4da626256 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(2017052603031)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BY1PR0301MB0902; X-Microsoft-Exchange-Diagnostics: 1; BY1PR0301MB0902; 3:WVAnEJAv7cckbzInKZV8LRTPGwWRFkm6nJjIma7Q+qQOhZ/lkKDxCs31ER0wHrVsF144hoWM5R/4cQIPvFwWFKCBbj0QJU7g3yIQZnfXMZvckzM2R2KNayiAzD7WodoaS6ploA1So+cJ2T//2EryAyA16N05G+aq9ywZsBD3meMt8VUAs14y7sLjuwCGztQreLmzLM2BAJSdusrlSyzqGpdcdkox8vuT9n0P8S0+MOYNYU98MS7i1ZTj0LBj4BXficBuPN8BOFrQgRdsajYnBayXyk6cBDffX/v8Bbao4WpuoqPhWvG9YKPMgugCWrR9xnGrfBbnNcX6Cz63WSBOxw==; 25:Tg5NZW6Y4v3LYvjTS3hO9/fxYD4dPOi9hQgaAcBG0j/zAcylBxqipHjBBrnx5wBS6f91+PteztdDi0lWoIXz9gpgXIfVNvU5nTrcUpNA7icDOt97xDzqv0fFve2NqtobnougUjmWRHTEQlaJ+zN/OG9hOF20X4Fev0bTxvx1yz3DEe/Dr3MzJAwE44ICYnRisjEQKILtUcGwTUVz4G+nnWftcI+6Siw6YVXrs341WX2kIjuigN0BMkHLauzLnt2lmPJdnfIZCdFJC+D78f2URLgsdFM1XJJY3eb+KDYLrwkgaP7VZ5DFpQ4TTBALblXCeUqJ4wbDPSvQP7DoSkIm5g==; 31:g/bdGdd55yHUPN5HRakrg5O6/M9Js9+gA3U5mcZzrzyjDEdngCQNjgXAKuM3dhUnJqVtBFjp7bO27LcfiIL4SKEyV2VT8vzQAF5BCXXC9TP879JKsRpT3bWtKdnhHN5wBH7mWIZVlojrfn1Xcs1zzkBPQamSxLZpv+Ht8cMvPOMcd4eh9Sz1UVzn4ePFe35JmuFwiBhGbB+8lqzmzF88FxDj9HdjOaghiOOLmxU7exo= X-MS-TrafficTypeDiagnostic: BY1PR0301MB0902: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(601004)(2401047)(5005006)(8121501046)(13016025)(13018025)(10201501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(6055026)(6096035)(20161123565025)(20161123563025)(20161123559100)(201703131430075)(201703131448075)(201703131433075)(201703161259150)(201703151042153)(20161123561025)(20161123556025)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY1PR0301MB0902; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY1PR0301MB0902; X-Microsoft-Exchange-Diagnostics: 1; BY1PR0301MB0902; 4:mBedUcbM3tXFEdndU55PvMrwMAASt0Rv1XSeS5lgJzzyByMsKVRGssSTANozUEYx2SAKmdgcJ7wdr8BiObqTOImLc4iN4p9uwSiqo96RZ6hITUDxhpmRyEwo+fwZ6sRGuXhF5AfSJFvVQleqYTKnfHpyAWrvSRTV9eud6EaecT6Y6FbUn4ElklNPWmcshq9lq1Y5l4smXOcX3BWeGbbyF1m4yWPmgR/+PHJayVCbZxQipSpC90sKIllDid1h+1pnAnbplTG+yJhl+pqusj5oGB8zPB6/cZysvPb+zk8IrIw= X-Forefront-PRVS: 03883BD916 X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1; BY1PR0301MB0902; 23:arhWxEmMiRoYksMPG4MeZISxjbTnlkbl4q3?= =?Windows-1252?Q?AXI/SY6OwR/QEzO7iSNidA360o7+zimKUEHpCale1Aox83hAu2N2g6M0?= =?Windows-1252?Q?eBLFYkUDFc/N/4p34zAhvWZGyf+EMihmA6K78JAGp2VDRoFhWw30e3Dj?= =?Windows-1252?Q?P+0lixpkqb6xeWOphwM6XE0p9XlGDECFLyDSqgk+QUq4WHyNfIeC7nKo?= =?Windows-1252?Q?+UUDk6Ws0gxYlrxH/5PQjO3Emekah7+XYbEcEKJWyISW1+a/8WAqp6HR?= =?Windows-1252?Q?pc356fHjXmwq6MbqhPpu4mtEPy47PufQAeEcBW6TCIW9YQzGHQwUPkbJ?= =?Windows-1252?Q?NqqkRxW3FMbDrtFt13CYH3opDRX0yw9RVYGw6BclgcxLlbFuLdUdiF9a?= =?Windows-1252?Q?eMbE09LQDIklfbMlalPqsEnqrVbRXeqetBwHSwdgLzx7k9ceMaheMrM4?= =?Windows-1252?Q?E2ZGZRZaL4Ixr9S93cVf+xPMN808khdAiC4w6Ae6fEZC9NxRAot2pF6d?= =?Windows-1252?Q?nMnXeDfXB5JdPyR5TRE6+J9NVZ6CnURZlu9Gaz9VdphgKMS0VCHGfCJa?= =?Windows-1252?Q?oz8fht7z5oslXT1/VeXrlu1L94fENFleW7TVB0BOLaJOb2MneS3oFviP?= =?Windows-1252?Q?xxT6uDlnWGkN/r1+h4UXoielHmmTAm1+yeHAAD4QxmBSz1WEkoElPerL?= =?Windows-1252?Q?C71IrlK+gto4Cue/yWdyc3lsL4hLWsSsG1dwaMutRpuVIvfBLWYnUuUn?= =?Windows-1252?Q?zPUt8AenFM1g4sPq9dI12ULbHsI6NNXMFIYQuS3Tw817x0hWuJbqLAl+?= =?Windows-1252?Q?B5XVtw/zChxKruyTy9DftpDvsAcwc4eESE9ujeXcvzYYHjbeKwecWgfL?= =?Windows-1252?Q?5KP4bmNT3voDPckwEY0E3GdjAWH4Xl5UWDBemxjTEkpdiC3lr2LC90X0?= =?Windows-1252?Q?OgT3PciOPoYkbPAyynbkSfQgNJxBnksjPb0ycWaOoOuB1F/pm/mGE0yK?= =?Windows-1252?Q?71sb44+X/BGJ6yH+uNW2PUxgJ2iJ13c9Vyhm5LNr0w4cMRBGcY5xXHzo?= =?Windows-1252?Q?9Pc2OTCWmvM41rfJimwHnx/FRbnpvH+GIL0NeVY07XAGfGGmQC0RODmN?= =?Windows-1252?Q?mQr/8Dt+I7IQq1Unfo4QNV+C+ZJvvtPzJfN2xv6fNxu+hrqEhO/a2Zt0?= =?Windows-1252?Q?Yv+nMGUCbrFdqH/Ertt4xRQ632qbT3wrw/q18y7+bSu013usdr3qKKjZ?= =?Windows-1252?Q?HCdi0dqbehIU5IEuDJYrQTftzHt8r+uZzxBc3P+1ez6Ac7id/4ozuIK8?= =?Windows-1252?Q?72/rqtxdfrHOTPKbUA1TfEScXN4Tb/7oJM0Zm+yVPyz6ac8cmwt8wYqh?= =?Windows-1252?Q?ZQLPA4o/GRHAEaZme0GB0aqSimEqbE5rOdlj88Ac1PvCyDztXIBwkfXD?= =?Windows-1252?Q?P/HBJYq2cfuQWq5+ZBUZXfkLpcYxvH9NkmwFLSj2HZn/Dncg/Up1FdJz?= =?Windows-1252?Q?Tt3JKkf2MADSA8fyES79bM2zj+tnxZPLAKCtBRkNictw/aLpfM6xkjP5?= =?Windows-1252?Q?JOuqCtK9iOR/KexMYLNQqAAstF+28OcjDUVrUnBIGTT21AwzzszjKOmB?= =?Windows-1252?Q?1OqeMOptcWfleCrx8WXdI102SnP6KsFLySeZmY5un6Y9VKTirKnuVv3+?= =?Windows-1252?Q?8gRjI/2XpbPYKAMhxKBLND6B91gJLzpmgK2KKd6f2hwyUTp30ljuyn6P?= =?Windows-1252?Q?8xlM+0zvyr2OmlJacxqfiy+b8x5UDEsj5oyPM+m/NOvzS/lYBanro+f3?= =?Windows-1252?Q?0pdY7X6+FbRKicWHSqwKBFQT7A1fQve8Md9X1xLTPD2SW2Oh7F0FRPVf?= =?Windows-1252?Q?zpPmZdTy9FAQZ?= X-Microsoft-Exchange-Diagnostics: 1; BY1PR0301MB0902; 6:ZS7pNtWaD++zHBITEjaUBmpt25T+eRp0OwKQqp0bZaiBtMP9BzJ70aRwH6uRJz7WO4twTKjWLc47E3aIjW7hu5T6OWfcMqduOL71zHoqn4aD0GiBflMi3CJx4yXdipDCAvDMLL5DoRu5CrdsXL3rAKAB4Oeh0/K2LVq7chMhHNdVfg9PT1L+yTxgvsWOtsVAG+6AGDp2wPpXA9mFhbDditCrGxLepX443KjEDNQzfFp8jYHEwxaP2hxHKL+WYKWKI46CWNb9tWn7rGRsVKJUIOHEvnua1oCAqbKOqNyAplE1PsFnXGhper+Jj7n1kwNVE6wdFul2o4ave6wiRhYv3w==; 5:yXd7/ZZnKT9mxuupv3hOE0d+l0VVmrBtNk8kGYC9wPFTWLPvGDoEF0QoZi776QlMaE28MXOtC6bS0cjlcYWxOZ+VwKKYU9gLebWVSSeydQuQ3dXKkvPz3XuJfMEW5mCDMEXNxv6JwnJUZDEtEwU9dw==; 24:3wsSyuvzTl+mHauOa3lOy/zMudRHhOpongG7MGCTLLNZLwq8vEO+pGShrJ08NaSVWzaeFGNVVLVNd7Dtno/569Im3Ss2O8Qn/BGACV4izYg=; 7:h1gZDMIyhEEmM/9ywnttL11VfAypL+fvcIBHgxeZdASdnByioVwAZskJRZNCUvm3Si+p1zmUb1CYyjV3lBZfp9jRuV/cGN2pV/dYPVjt25dcKYrZhAaSpVvAfrloiybyzSK81j2sCklhqMWg+pBnPFCZ+IRwpohz9GGFzoTsF75fHdya67Spd5v0MghQiXVK6G2K4cG07rKAwZmd7pSF6CbwjLhutnrVvWjSeJ//jY0= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Aug 2017 11:25:45.4782 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.158.2]; Helo=[az84smr01.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0301MB0902 Subject: Re: [dpdk-dev] [RFC PATCH 0/1] IPSec Inline and look aside crypto offload X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Aug 2017 11:25:47 -0000 On 8/2/2017 6:46 PM, Hemant Agrawal wrote: > Hi Declan, > > On 7/26/2017 7:16 PM, Declan Doherty wrote: >> Hey Akhil, I like the proposal of allowing the rte_secruity API to be >> supported on both NIC and crypto devices as I think it allows us to >> cover all the protocol offload scenarios in a consist manner. >> >> The main concern I have is in regards to the device identification in a >> consistent manner between device types, and I'm not exactly clear from >> your description below on how you want to do that, as the dev_id and >> port_id can overlap. >> >> If we follow this model, I think it would a good time to introduce a >> sudo UUID into each device in DPDK, not necessarily a 16 byte UUID but I >> think a unit16_t or uint32_t would be more than sufficient for DPDK >> needs. As we now have a common rte_device structure in all device types, >> we can add the UUID here, and then allow common APIs like this to use >> the UUID as the key. We could also then support some generic device APIs >> such as: >> >> uuid_t rte_device_get_uuid_by_name(char *dev_name); >> >> uuid_t rte_ethdev_get_port_uuid(uint8_t pid); >> uuid_t rte_cryptodev_get_device_uuid(uint8_t pid); >> >> Which will allow easy retrieval handle to use in the rte_security APIs. >> >> Also I don't know if we need all the semantic of the cryptodev API in >> regards the way sessions are managed as I these security sessions are >> implicitly linked to hardware there isn't any need to support moving >> session between devices? >> >> int rte_security_configure(uuid_t uuid, struct rte_mempool *mempool); >> >> struct rte_security_session *sess >> rte_security_session_create(uuid_t uuid, >> struct rte_security_sess_conf *conf); >> > > Thanks for the comment. The uuid idea is good, we should work on it. > But this work can be started without uuid as well. the port and platform > type shall be able to help identifying the destination. > > We shall do it in next phase. On another thought, we can do away with dev_name for the rte_security APIs. rte_security APIs can configure crypto/NIC based on the action_type which the application provides. If it uses RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD, then crypto device is configured else for other cases, it will configure NIC device. >>> Now the application(ipsec-secgw) have 4 paths to decide for the data >>> path. >>> 1. Non-protocol offload (currently implemented) >>> 2. IPSec inline(only crypto operations using NIC) >>> 3. full protocol offload(crypto operations along with all the IPsec >>> header >>> and trailer processing using NIC) >>> 4. look aside protocol offload(single-pass encryption and >>> authentication with >>> additional levels of protocol processing offload using crypto device) >>> >>> The application can decide using the below action types >>> enum rte_security_session_action_type { >>> RTE_SECURITY_SESS_ETH_INLINE_CRYPTO, >>> /**< Crypto operations are performed by Network interface */ >>> RTE_SECURITY_SESS_ETH_PROTO_OFFLOAD, >>> /**< Crypto operations with protocol support are performed >>> * by Network/ethernet device. >>> */ >>> RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD, >>> /**< Crypto operations with protocol support are performed >>> * by Crypto device. >>> */ >>> RTE_SECURITY_SESS_NONE >>> /**< Non protocol offload. Application need to manage everything */ >>> }; >>> Also there would be one more structure required to add the security operations into rte_cryptodev or rte_eth_dev struct rte_security_ops { security_configure_session_t session_configure; /**< Configure a Security session. */ security_free_session_t session_clear; /**< Clear a security sessions private data. */ .... } And the rte_security_capability can be added in the rte_eth_dev_info/rte_cryptodev_info - Akhil