[dpdk-dev,RFC,1/3] lib/security: set/retrieve per packet protocol metadata
Checks
Commit Message
This patch enables the application to set & retrieve per packet protocol
parameters like seq no, which is required in case of protocol offload. The
ability to set/retrieve such data is PMD dependent and the application is
expected to use "mdata_flags" while using such fields.
Retrieving the sequence number is required to monitor the sequence
number overflow in inline IPsec offload.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
---
lib/librte_security/rte_security.c | 7 ++--
lib/librte_security/rte_security.h | 66 ++++++++++++++++++++++++++++---
lib/librte_security/rte_security_driver.h | 3 +-
3 files changed, 64 insertions(+), 12 deletions(-)
@@ -100,12 +100,11 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
- struct rte_mbuf *m, void *params)
+ struct rte_security_mdata *mdata,
+ struct rte_mbuf *m)
{
RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
- return instance->ops->set_pkt_metadata(instance->device,
- sess, m, params);
+ return instance->ops->set_pkt_metadata(instance->device, mdata, m);
}
void *
@@ -284,6 +284,48 @@ struct rte_security_session {
/**< Private session material */
};
+/* IN/OUT flags for IPsec mdata */
+
+/**
+ * IN/OUT flag for sequence number
+ */
+#define RTE_SECURITY_IPSEC_MDATA_FLAGS_SEQ_NO (1ULL << 0)
+
+/**
+ * Metadata for IPsec protocol offload
+ */
+struct rte_security_ipsec_mdata {
+ uint64_t seq_no;
+ /**< Sequence number */
+};
+
+/**
+ * Per packet metadata for protocol offload
+ */
+struct rte_security_mdata {
+ struct rte_security_session *sess;
+ /**< Security session */
+ union {
+ struct rte_security_ipsec_mdata ipsec;
+ };
+ /**< Protocol specific metadata. This field is IN/OUT, and could be
+ * used for setting and retrieving per packet metadata.
+ */
+ struct {
+ uint32_t set;
+ /**< Used by application to denote the fields it has set */
+ uint32_t get;
+ /**< Used by application to denote the fields PMD should
+ * update back
+ */
+ uint32_t updated;
+ /**< Used by PMD to denote the fields it has set */
+ } mdata_flags;
+ /**< Flags to denote the usage of various fields in metadata */
+ void *params;
+ /**< Device specific pointer */
+};
+
/**
* Create security session as specified by the session configuration
*
@@ -331,13 +373,25 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
struct rte_security_session *sess);
/**
- * Updates the buffer with device-specific defined metadata
+ * Updates the buffer with the security metadata.
+ *
+ * This metadata could be used by the application to set some protocol defined
+ * fields per packet. For such protocol defined fields, application can only
+ * request the PMD to set various values, and it will be upto the PMD to
+ * decide whether the provided values should be used or not.
+ *
+ * In addition, this could be used by the application to probe such per packet
+ * fields used in inline offload case. PMD would update the metadata field with
+ * what it would use, if the corresponding "get" flag is set.
+ *
+ * E.g. for inline IPsec mode, application could request a sequence number by
+ * setting "rte_security_mdata.ipsec.seq_no" field and the corresponding flag.
+ * Additionally, "rte_security_mdata.mdata_flags.get" would give application
+ * the ability to check the sequence number selected for the packet.
*
* @param instance security instance
- * @param sess security session
+ * @param mdata security metadata
* @param mb packet mbuf to set metadata on.
- * @param params device-specific defined parameters
- * required for metadata
*
* @return
* - On success, zero.
@@ -345,8 +399,8 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
*/
int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- struct rte_security_session *sess,
- struct rte_mbuf *mb, void *params);
+ struct rte_security_mdata *mdata,
+ struct rte_mbuf *mb);
/**
* Get userdata associated with the security session which processed the
@@ -118,8 +118,7 @@ typedef int (*security_session_stats_get_t)(void *device,
* - Returns -ve value for errors.
*/
typedef int (*security_set_pkt_metadata_t)(void *device,
- struct rte_security_session *sess, struct rte_mbuf *m,
- void *params);
+ struct rte_security_mdata *md, struct rte_mbuf *m);
/**
* Get application specific userdata associated with the security session which