[dpdk-dev] [PATCH 05/11] lib/librte_mbuf: add security crypto flags and mbuf fields

Boris Pismenny borisp at mellanox.com
Mon Sep 18 09:54:03 CEST 2017

Previous message: [dpdk-dev] [PATCH 05/11] lib/librte_mbuf: add security crypto flags and mbuf fields
Next message: [dpdk-dev] [PATCH 05/11] lib/librte_mbuf: add security crypto flags and mbuf fields
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Olivier,

On 9/14/2017 11:27 AM, Akhil Goyal wrote:
> 
> From: Boris Pismenny <borisp at mellanox.com>
> 
> add security crypto flags and update mbuf fields to support
> IPsec crypto offload for transmitted packets, and to indicate
> crypto result for received packets.
> 
> Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
> Signed-off-by: Boris Pismenny <borisp at mellanox.com>
> Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
> ---
>  lib/librte_mbuf/rte_mbuf.c |  6 ++++++
>  lib/librte_mbuf/rte_mbuf.h | 32 +++++++++++++++++++++++++++++---
>  2 files changed, 35 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index 26a62b8..bbd42a6 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -323,6 +323,8 @@ const char *rte_get_rx_ol_flag_name(uint64_t mask)
>  	case PKT_RX_QINQ_STRIPPED: return "PKT_RX_QINQ_STRIPPED";
>  	case PKT_RX_LRO: return "PKT_RX_LRO";
>  	case PKT_RX_TIMESTAMP: return "PKT_RX_TIMESTAMP";
> +	case PKT_RX_SEC_OFFLOAD: return "PKT_RX_SECURITY_OFFLOAD";
> +	case PKT_RX_SEC_OFFLOAD_FAILED: return
> "PKT_RX_SECURITY_OFFLOAD_FAILED";
>  	default: return NULL;
>  	}
>  }
> @@ -358,6 +360,8 @@ rte_get_rx_ol_flag_list(uint64_t mask, char *buf,
> size_t buflen)
>  		{ PKT_RX_QINQ_STRIPPED, PKT_RX_QINQ_STRIPPED, NULL },
>  		{ PKT_RX_LRO, PKT_RX_LRO, NULL },
>  		{ PKT_RX_TIMESTAMP, PKT_RX_TIMESTAMP, NULL },
> +		{ PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD, NULL },
> +		{ PKT_RX_SEC_OFFLOAD_FAILED,
> PKT_RX_SEC_OFFLOAD_FAILED, NULL },
>  	};
>  	const char *name;
>  	unsigned int i;
> @@ -410,6 +414,7 @@ const char *rte_get_tx_ol_flag_name(uint64_t mask)
>  	case PKT_TX_TUNNEL_GENEVE: return "PKT_TX_TUNNEL_GENEVE";
>  	case PKT_TX_TUNNEL_MPLSINUDP: return
> "PKT_TX_TUNNEL_MPLSINUDP";
>  	case PKT_TX_MACSEC: return "PKT_TX_MACSEC";
> +	case PKT_TX_SEC_OFFLOAD: return "PKT_TX_SECURITY_OFFLOAD";
>  	default: return NULL;
>  	}
>  }
> @@ -443,6 +448,7 @@ rte_get_tx_ol_flag_list(uint64_t mask, char *buf,
> size_t buflen)
>  		{ PKT_TX_TUNNEL_MPLSINUDP, PKT_TX_TUNNEL_MASK,
>  		  "PKT_TX_TUNNEL_NONE" },
>  		{ PKT_TX_MACSEC, PKT_TX_MACSEC, NULL },
> +		{ PKT_TX_SEC_OFFLOAD, PKT_TX_SEC_OFFLOAD, NULL },
>  	};
>  	const char *name;
>  	unsigned int i;
> diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
> index eaed7ee..9ce61ae 100644
> --- a/lib/librte_mbuf/rte_mbuf.h
> +++ b/lib/librte_mbuf/rte_mbuf.h
> @@ -189,11 +189,26 @@ extern "C" {
>   */
>  #define PKT_RX_TIMESTAMP     (1ULL << 17)
> 
> +/**
> + * Indicate that security offload processing was applied on the RX packet.
> + */
> +#define PKT_RX_SEC_OFFLOAD		(1ULL << 18)
> +
> +/**
> + * Indicate that security offload processing failed on the RX packet.
> + */
> +#define PKT_RX_SEC_OFFLOAD_FAILED  (1ULL << 19)
> +
>  /* add new RX flags here */
> 
>  /* add new TX flags here */
> 
>  /**
> + * Request security offload processing on the TX packet.
> + */
> +#define PKT_TX_SEC_OFFLOAD (1ULL << 43)
> +
> +/**
>   * Offload the MACsec. This flag must be set by the application to enable
>   * this offload feature for a packet to be transmitted.
>   */
> @@ -316,7 +331,8 @@ extern "C" {
>  		PKT_TX_QINQ_PKT |        \
>  		PKT_TX_VLAN_PKT |        \
>  		PKT_TX_TUNNEL_MASK |	 \
> -		PKT_TX_MACSEC)
> +		PKT_TX_MACSEC |		 \
> +		PKT_TX_SEC_OFFLOAD)
> 
>  #define __RESERVED           (1ULL << 61) /**< reserved for future mbuf use */
> 
> @@ -456,8 +472,18 @@ struct rte_mbuf {
>  			uint32_t l3_type:4; /**< (Outer) L3 type. */
>  			uint32_t l4_type:4; /**< (Outer) L4 type. */
>  			uint32_t tun_type:4; /**< Tunnel type. */
> -			uint32_t inner_l2_type:4; /**< Inner L2 type. */
> -			uint32_t inner_l3_type:4; /**< Inner L3 type. */
> +			RTE_STD_C11
> +			union {
> +				uint8_t inner_esp_next_proto;
> +
> +				__extension__
> +				struct {
> +					uint8_t inner_l2_type:4;
> +					/**< Inner L2 type. */
> +					uint8_t inner_l3_type:4;
> +					/**< Inner L3 type. */
> +				};
> +			};
>  			uint32_t inner_l4_type:4; /**< Inner L4 type. */
>  		};
>  	};

What do you think about this change to mbuf?

It doesn't increase the mbuf size and it replaces some fields that have no meaning
in IPsec encapsulations (inner L2 and L3) with a meaningful field of the correct
size (inner_esp_next_proto - 8 bytes).

We later use this for IPsec offload on both Tx and Rx to indicate the packet format.

Previous message: [dpdk-dev] [PATCH 05/11] lib/librte_mbuf: add security crypto flags and mbuf fields
Next message: [dpdk-dev] [PATCH 05/11] lib/librte_mbuf: add security crypto flags and mbuf fields
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list