diff mbox

[dpdk-dev,RFC,1/3] lib/security: set/retrieve per packet protocol metadata

Message ID 1516626668-9031-2-git-send-email-anoob.joseph@caviumnetworks.com (mailing list archive)
State Superseded, archived
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation fail Compilation issues

Commit Message

Anoob Joseph Jan. 22, 2018, 1:11 p.m. UTC 
  This patch enables the application to set & retrieve per packet protocol
parameters like seq no, which is required in case of protocol offload. The
ability to set/retrieve such data is PMD dependent and the application is
expected to use "mdata_flags" while using such fields.

Retrieving the sequence number is required to monitor the sequence
number overflow in inline IPsec offload.

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
---
 lib/librte_security/rte_security.c        |  7 ++--
 lib/librte_security/rte_security.h        | 66 ++++++++++++++++++++++++++++---
 lib/librte_security/rte_security_driver.h |  3 +-
 3 files changed, 64 insertions(+), 12 deletions(-)
diff mbox

Patch

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 5805051..508046b 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -100,12 +100,11 @@  rte_security_session_destroy(struct rte_security_ctx *instance,
 
 int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
-			      struct rte_mbuf *m, void *params)
+			      struct rte_security_mdata *mdata,
+			      struct rte_mbuf *m)
 {
 	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
-	return instance->ops->set_pkt_metadata(instance->device,
-					       sess, m, params);
+	return instance->ops->set_pkt_metadata(instance->device, mdata, m);
 }
 
 void *
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 004a0eb..9d322a8 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -284,6 +284,48 @@  struct rte_security_session {
 	/**< Private session material */
 };
 
+/* IN/OUT flags for IPsec mdata */
+
+/**
+ * IN/OUT flag for sequence number
+ */
+#define RTE_SECURITY_IPSEC_MDATA_FLAGS_SEQ_NO   (1ULL << 0)
+
+/**
+ * Metadata for IPsec protocol offload
+ */
+struct rte_security_ipsec_mdata {
+	uint64_t seq_no;
+	/**< Sequence number */
+};
+
+/**
+ * Per packet metadata for protocol offload
+ */
+struct rte_security_mdata {
+	struct rte_security_session *sess;
+	/**< Security session */
+	union {
+		struct rte_security_ipsec_mdata ipsec;
+	};
+	/**< Protocol specific metadata. This field is IN/OUT, and could be
+	 * used for setting and retrieving per packet metadata.
+	 */
+	struct {
+		uint32_t set;
+		/**< Used by application to denote the fields it has set */
+		uint32_t get;
+		/**< Used by application to denote the fields PMD should
+		 * update back
+		 */
+		uint32_t updated;
+		/**< Used by PMD to denote the fields it has set */
+	} mdata_flags;
+	/**< Flags to denote the usage of various fields in metadata */
+	void *params;
+	/**< Device specific pointer */
+};
+
 /**
  * Create security session as specified by the session configuration
  *
@@ -331,13 +373,25 @@  rte_security_session_destroy(struct rte_security_ctx *instance,
 			     struct rte_security_session *sess);
 
 /**
- *  Updates the buffer with device-specific defined metadata
+ * Updates the buffer with the security metadata.
+ *
+ * This metadata could be used by the application to set some protocol defined
+ * fields per packet. For such protocol defined fields, application can only
+ * request the PMD to set various values, and it will be upto the PMD to
+ * decide whether the provided values should be used or not.
+ *
+ * In addition, this could be used by the application to probe such per packet
+ * fields used in inline offload case. PMD would update the metadata field with
+ * what it would use, if the corresponding "get" flag is set.
+ *
+ * E.g. for inline IPsec mode, application could request a sequence number by
+ * setting "rte_security_mdata.ipsec.seq_no" field and the corresponding flag.
+ * Additionally, "rte_security_mdata.mdata_flags.get" would give application
+ * the ability to check the sequence number selected for the packet.
  *
  * @param	instance	security instance
- * @param	sess		security session
+ * @param	mdata		security metadata
  * @param	mb		packet mbuf to set metadata on.
- * @param	params		device-specific defined parameters
- *				required for metadata
  *
  * @return
  *  - On success, zero.
@@ -345,8 +399,8 @@  rte_security_session_destroy(struct rte_security_ctx *instance,
  */
 int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-			      struct rte_security_session *sess,
-			      struct rte_mbuf *mb, void *params);
+			      struct rte_security_mdata *mdata,
+			      struct rte_mbuf *mb);
 
 /**
  * Get userdata associated with the security session which processed the
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index bf0170e..662afa9 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -118,8 +118,7 @@  typedef int (*security_session_stats_get_t)(void *device,
  *  - Returns -ve value for errors.
  */
 typedef int (*security_set_pkt_metadata_t)(void *device,
-		struct rte_security_session *sess, struct rte_mbuf *m,
-		void *params);
+		struct rte_security_mdata *md, struct rte_mbuf *m);
 
 /**
  * Get application specific userdata associated with the security session which