[dpdk-dev] [PATCH 00/11] introduce security offload library
Akhil Goyal
akhil.goyal at nxp.com
Thu Sep 14 10:26:40 CEST 2017
This patchset introduce the rte_security library in DPDK.
This also includes the sample implementation of drivers and
changes in ipsec gateway application to demonstrate its usage.
rte_security library is implemented on the idea proposed earlier [1],[2],[3]
to support IPsec Inline and look aside crypto offload. Though
the current focus is only on IPsec protocol, but the library is
not limited to IPsec, it can be extended to other security
protocols e.g. MACSEC, PDCP or DTLS.
In this library, crypto/ethernet devices can register itself to
the security library to support security offload.
The library support 3 modes of operation
1. full protocol offload using crypto devices.
(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
2. inline ipsec using ethernet devices to perform crypto operations
(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
3. full protocol offload using ethernet devices.
(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
The details for each mode is documented in the patchset in
doc/guides/prog_guide/rte_security.rst
The modification in the application ipsec-secgw is also doocumented in
doc/guides/sample_app_ug/ipsec_secgw.rst
This patchset is also available at:
git://dpdk.org/draft/dpdk-draft-ipsec
branch: integration
To Do:
1. update documentation for rte_flow
2. unregister device to security library is incomplete
3. test application support
Future enhancements:
1. for full protocol offload - error handling and notification cases
2. add more security protocols
Reference:
[1] http://dpdk.org/ml/archives/dev/2017-July/070793.html
[2] http://dpdk.org/ml/archives/dev/2017-July/071893.html
[3] http://dpdk.org/ml/archives/dev/2017-August/072900.html
Akhil Goyal (6):
lib/rte_security: add security library
doc: add details of rte security
cryptodev: extend cryptodev to support security APIs
mk: add rte security into build system
crypto/dpaa2_sec: add support for protocol offload ipsec
examples/ipsec-secgw: add support for security offload
Boris Pismenny (3):
lib/librte_net: add ESP header to generic flow steering
lib/librte_mbuf: add security crypto flags and mbuf fields
ethdev: add rte flow action for crypto
Declan Doherty (1):
ethdev: extend ethdev to support security APIs
Radu Nicolau (1):
net/ixgbe: enable inline ipsec
MAINTAINERS | 6 +
config/common_base | 7 +
doc/api/doxy-api-index.md | 4 +-
doc/api/doxy-api.conf | 1 +
doc/guides/cryptodevs/features/default.ini | 1 +
doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 +
doc/guides/prog_guide/index.rst | 1 +
doc/guides/prog_guide/rte_security.rst | 552 +++++++++++++++++
doc/guides/sample_app_ug/ipsec_secgw.rst | 52 +-
drivers/crypto/Makefile | 2 +-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 402 +++++++++++-
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 62 ++
drivers/net/Makefile | 2 +-
drivers/net/ixgbe/Makefile | 4 +-
drivers/net/ixgbe/ixgbe_ethdev.c | 13 +
drivers/net/ixgbe/ixgbe_ethdev.h | 10 +-
drivers/net/ixgbe/ixgbe_flow.c | 27 +
drivers/net/ixgbe/ixgbe_ipsec.c | 815 +++++++++++++++++++++++++
drivers/net/ixgbe/ixgbe_ipsec.h | 145 +++++
drivers/net/ixgbe/ixgbe_rxtx.c | 63 +-
drivers/net/ixgbe/ixgbe_rxtx.h | 4 +
drivers/net/ixgbe/ixgbe_rxtx_vec_sse.c | 44 ++
examples/ipsec-secgw/esp.c | 101 ++-
examples/ipsec-secgw/esp.h | 10 -
examples/ipsec-secgw/ipsec-secgw.c | 5 +
examples/ipsec-secgw/ipsec.c | 275 +++++++--
examples/ipsec-secgw/ipsec.h | 32 +-
examples/ipsec-secgw/sa.c | 151 +++--
lib/Makefile | 5 +
lib/librte_cryptodev/rte_crypto.h | 3 +-
lib/librte_cryptodev/rte_crypto_sym.h | 2 +
lib/librte_cryptodev/rte_cryptodev.c | 10 +
lib/librte_cryptodev/rte_cryptodev.h | 8 +-
lib/librte_cryptodev/rte_cryptodev_version.map | 7 +
lib/librte_ether/rte_ethdev.c | 11 +
lib/librte_ether/rte_ethdev.h | 22 +-
lib/librte_ether/rte_ethdev_version.map | 7 +
lib/librte_ether/rte_flow.h | 56 ++
lib/librte_mbuf/rte_mbuf.c | 6 +
lib/librte_mbuf/rte_mbuf.h | 32 +-
lib/librte_net/Makefile | 2 +-
lib/librte_net/rte_esp.h | 60 ++
lib/librte_security/Makefile | 53 ++
lib/librte_security/rte_security.c | 252 ++++++++
lib/librte_security/rte_security.h | 494 +++++++++++++++
lib/librte_security/rte_security_driver.h | 181 ++++++
lib/librte_security/rte_security_version.map | 13 +
mk/rte.app.mk | 1 +
48 files changed, 3862 insertions(+), 155 deletions(-)
create mode 100644 doc/guides/prog_guide/rte_security.rst
create mode 100644 drivers/net/ixgbe/ixgbe_ipsec.c
create mode 100644 drivers/net/ixgbe/ixgbe_ipsec.h
create mode 100644 lib/librte_net/rte_esp.h
create mode 100644 lib/librte_security/Makefile
create mode 100644 lib/librte_security/rte_security.c
create mode 100644 lib/librte_security/rte_security.h
create mode 100644 lib/librte_security/rte_security_driver.h
create mode 100644 lib/librte_security/rte_security_version.map
--
2.9.3
More information about the dev
mailing list