[dpdk-dev,v5,06/11] ethdev: support security APIs
Checks
Commit Message
From: Declan Doherty <declan.doherty@intel.com>
rte_flow_action type and ethdev updated to support rte_security
sessions for crypto offload to ethernet device.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
---
lib/librte_ether/rte_ethdev.c | 7 +++++++
lib/librte_ether/rte_ethdev.h | 8 ++++++++
lib/librte_ether/rte_ethdev_version.map | 1 +
3 files changed, 16 insertions(+)
Comments
On 10/24/2017 7:45 PM, Akhil Goyal wrote:
> From: Declan Doherty <declan.doherty@intel.com>
>
> rte_flow_action type and ethdev updated to support rte_security
> sessions for crypto offload to ethernet device.
>
> Signed-off-by: Boris Pismenny <borisp@mellanox.com>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> ---
> lib/librte_ether/rte_ethdev.c | 7 +++++++
> lib/librte_ether/rte_ethdev.h | 8 ++++++++
> lib/librte_ether/rte_ethdev_version.map | 1 +
> 3 files changed, 16 insertions(+)
>
> diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c
> index 0b1e928..a3b0e4e 100644
> --- a/lib/librte_ether/rte_ethdev.c
> +++ b/lib/librte_ether/rte_ethdev.c
> @@ -301,6 +301,13 @@ rte_eth_dev_socket_id(uint16_t port_id)
> return rte_eth_devices[port_id].data->numa_node;
> }
>
> +void *
> +rte_eth_dev_get_sec_ctx(uint8_t port_id)
> +{
> + RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, NULL);
> + return rte_eth_devices[port_id].security_ctx;
> +}
> +
> uint16_t
> rte_eth_dev_count(void)
> {
> diff --git a/lib/librte_ether/rte_ethdev.h b/lib/librte_ether/rte_ethdev.h
> index b773589..119f7fc 100644
> --- a/lib/librte_ether/rte_ethdev.h
> +++ b/lib/librte_ether/rte_ethdev.h
> @@ -180,6 +180,8 @@ extern "C" {
> #include <rte_dev.h>
> #include <rte_devargs.h>
> #include <rte_errno.h>
> +#include <rte_common.h>
> +
> #include "rte_ether.h"
> #include "rte_eth_ctrl.h"
> #include "rte_dev_info.h"
> @@ -963,6 +965,7 @@ struct rte_eth_conf {
> #define DEV_RX_OFFLOAD_CRC_STRIP 0x00001000
> #define DEV_RX_OFFLOAD_SCATTER 0x00002000
> #define DEV_RX_OFFLOAD_TIMESTAMP 0x00004000
> +#define DEV_RX_OFFLOAD_SECURITY 0x00008000
> #define DEV_RX_OFFLOAD_CHECKSUM (DEV_RX_OFFLOAD_IPV4_CKSUM | \
> DEV_RX_OFFLOAD_UDP_CKSUM | \
> DEV_RX_OFFLOAD_TCP_CKSUM)
> @@ -998,6 +1001,7 @@ struct rte_eth_conf {
> * When set application must guarantee that per-queue all mbufs comes from
> * the same mempool and has refcnt = 1.
> */
> +#define DEV_TX_OFFLOAD_SECURITY 0x00020000
>
> struct rte_pci_device;
>
> @@ -1741,8 +1745,12 @@ struct rte_eth_dev {
> */
> struct rte_eth_rxtx_callback *pre_tx_burst_cbs[RTE_MAX_QUEUES_PER_PORT];
> enum rte_eth_dev_state state; /**< Flag indicating the port state */
> + void *security_ctx; /**< Context for security ops */
> } __rte_cache_aligned;
>
> +void *
> +rte_eth_dev_get_sec_ctx(uint8_t port_id);
> +
> struct rte_eth_dev_sriov {
> uint8_t active; /**< SRIOV is active with 16, 32 or 64 pools */
> uint8_t nb_q_per_pool; /**< rx queue number per pool */
> diff --git a/lib/librte_ether/rte_ethdev_version.map b/lib/librte_ether/rte_ethdev_version.map
> index 57d9b54..e9681ac 100644
> --- a/lib/librte_ether/rte_ethdev_version.map
> +++ b/lib/librte_ether/rte_ethdev_version.map
> @@ -191,6 +191,7 @@ DPDK_17.08 {
> DPDK_17.11 {
> global:
>
> + rte_eth_dev_get_sec_ctx;
> rte_eth_dev_pool_ops_supported;
> rte_eth_dev_reset;
> rte_flow_error_set;
>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Hi,
I know we are in a rush to put this patches in before RC2. however I still see critical issue (below).
Tuesday, October 24, 2017 5:16 PM, Akhil Goyal:
> From: Declan Doherty <declan.doherty@intel.com>
>
> rte_flow_action type and ethdev updated to support rte_security sessions
> for crypto offload to ethernet device.
>
> Signed-off-by: Boris Pismenny <borisp@mellanox.com>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> ---
> lib/librte_ether/rte_ethdev.c | 7 +++++++
> lib/librte_ether/rte_ethdev.h | 8 ++++++++
> lib/librte_ether/rte_ethdev_version.map | 1 +
> 3 files changed, 16 insertions(+)
>
> diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c
> index 0b1e928..a3b0e4e 100644
> --- a/lib/librte_ether/rte_ethdev.c
> +++ b/lib/librte_ether/rte_ethdev.c
> @@ -301,6 +301,13 @@ rte_eth_dev_socket_id(uint16_t port_id)
> return rte_eth_devices[port_id].data->numa_node;
> }
>
> +void *
> +rte_eth_dev_get_sec_ctx(uint8_t port_id) {
> + RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, NULL);
> + return rte_eth_devices[port_id].security_ctx;
> +}
> +
> uint16_t
> rte_eth_dev_count(void)
> {
> diff --git a/lib/librte_ether/rte_ethdev.h b/lib/librte_ether/rte_ethdev.h
> index b773589..119f7fc 100644
> --- a/lib/librte_ether/rte_ethdev.h
> +++ b/lib/librte_ether/rte_ethdev.h
> @@ -180,6 +180,8 @@ extern "C" {
> #include <rte_dev.h>
> #include <rte_devargs.h>
> #include <rte_errno.h>
> +#include <rte_common.h>
> +
> #include "rte_ether.h"
> #include "rte_eth_ctrl.h"
> #include "rte_dev_info.h"
> @@ -963,6 +965,7 @@ struct rte_eth_conf {
> #define DEV_RX_OFFLOAD_CRC_STRIP 0x00001000
> #define DEV_RX_OFFLOAD_SCATTER 0x00002000
> #define DEV_RX_OFFLOAD_TIMESTAMP 0x00004000
> +#define DEV_RX_OFFLOAD_SECURITY 0x00008000
How application will control this offload on 17.11 ?
The PMDs are not yet moved to the new API, so crypto offload is going to be enabled by default with no way to disable?
> #define DEV_RX_OFFLOAD_CHECKSUM (DEV_RX_OFFLOAD_IPV4_CKSUM |
> \
> DEV_RX_OFFLOAD_UDP_CKSUM | \
> DEV_RX_OFFLOAD_TCP_CKSUM)
> @@ -998,6 +1001,7 @@ struct rte_eth_conf {
> * When set application must guarantee that per-queue all mbufs comes
> from
> * the same mempool and has refcnt = 1.
> */
> +#define DEV_TX_OFFLOAD_SECURITY 0x00020000
Same point here.
>
> struct rte_pci_device;
>
> @@ -1741,8 +1745,12 @@ struct rte_eth_dev {
> */
> struct rte_eth_rxtx_callback
> *pre_tx_burst_cbs[RTE_MAX_QUEUES_PER_PORT];
> enum rte_eth_dev_state state; /**< Flag indicating the port state */
> + void *security_ctx; /**< Context for security ops */
> } __rte_cache_aligned;
>
> +void *
> +rte_eth_dev_get_sec_ctx(uint8_t port_id);
> +
> struct rte_eth_dev_sriov {
> uint8_t active; /**< SRIOV is active with 16, 32 or 64 pools */
> uint8_t nb_q_per_pool; /**< rx queue number per pool */
> diff --git a/lib/librte_ether/rte_ethdev_version.map
> b/lib/librte_ether/rte_ethdev_version.map
> index 57d9b54..e9681ac 100644
> --- a/lib/librte_ether/rte_ethdev_version.map
> +++ b/lib/librte_ether/rte_ethdev_version.map
> @@ -191,6 +191,7 @@ DPDK_17.08 {
> DPDK_17.11 {
> global:
>
> + rte_eth_dev_get_sec_ctx;
> rte_eth_dev_pool_ops_supported;
> rte_eth_dev_reset;
> rte_flow_error_set;
> --
> 2.9.3
On 10/25/2017 10:01 AM, Shahaf Shuler wrote:
> Hi,
>
> I know we are in a rush to put this patches in before RC2. however I still see critical issue (below).
>
> Tuesday, October 24, 2017 5:16 PM, Akhil Goyal:
>> From: Declan Doherty <declan.doherty@intel.com>
>>
>> rte_flow_action type and ethdev updated to support rte_security sessions
>> for crypto offload to ethernet device.
>>
>> Signed-off-by: Boris Pismenny <borisp@mellanox.com>
>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
>> ---
>> lib/librte_ether/rte_ethdev.c | 7 +++++++
>> lib/librte_ether/rte_ethdev.h | 8 ++++++++
>> lib/librte_ether/rte_ethdev_version.map | 1 +
>> 3 files changed, 16 insertions(+)
>>
>> diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c
>> index 0b1e928..a3b0e4e 100644
>> --- a/lib/librte_ether/rte_ethdev.c
>> +++ b/lib/librte_ether/rte_ethdev.c
>> @@ -301,6 +301,13 @@ rte_eth_dev_socket_id(uint16_t port_id)
>> return rte_eth_devices[port_id].data->numa_node;
>> }
>>
>> +void *
>> +rte_eth_dev_get_sec_ctx(uint8_t port_id) {
>> + RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, NULL);
>> + return rte_eth_devices[port_id].security_ctx;
>> +}
>> +
>> uint16_t
>> rte_eth_dev_count(void)
>> {
>> diff --git a/lib/librte_ether/rte_ethdev.h b/lib/librte_ether/rte_ethdev.h
>> index b773589..119f7fc 100644
>> --- a/lib/librte_ether/rte_ethdev.h
>> +++ b/lib/librte_ether/rte_ethdev.h
>> @@ -180,6 +180,8 @@ extern "C" {
>> #include <rte_dev.h>
>> #include <rte_devargs.h>
>> #include <rte_errno.h>
>> +#include <rte_common.h>
>> +
>> #include "rte_ether.h"
>> #include "rte_eth_ctrl.h"
>> #include "rte_dev_info.h"
>> @@ -963,6 +965,7 @@ struct rte_eth_conf {
>> #define DEV_RX_OFFLOAD_CRC_STRIP 0x00001000
>> #define DEV_RX_OFFLOAD_SCATTER 0x00002000
>> #define DEV_RX_OFFLOAD_TIMESTAMP 0x00004000
>> +#define DEV_RX_OFFLOAD_SECURITY 0x00008000
> How application will control this offload on 17.11 ?
> The PMDs are not yet moved to the new API, so crypto offload is going to be enabled by default with no way to disable?
will be fixed in v6
>
>> #define DEV_RX_OFFLOAD_CHECKSUM (DEV_RX_OFFLOAD_IPV4_CKSUM |
>> \
>> DEV_RX_OFFLOAD_UDP_CKSUM | \
>> DEV_RX_OFFLOAD_TCP_CKSUM)
>> @@ -998,6 +1001,7 @@ struct rte_eth_conf {
>> * When set application must guarantee that per-queue all mbufs comes
>> from
>> * the same mempool and has refcnt = 1.
>> */
>> +#define DEV_TX_OFFLOAD_SECURITY 0x00020000
> Same point here.
>
>> struct rte_pci_device;
>>
>> @@ -1741,8 +1745,12 @@ struct rte_eth_dev {
>> */
>> struct rte_eth_rxtx_callback
>> *pre_tx_burst_cbs[RTE_MAX_QUEUES_PER_PORT];
>> enum rte_eth_dev_state state; /**< Flag indicating the port state */
>> + void *security_ctx; /**< Context for security ops */
>> } __rte_cache_aligned;
>>
>> +void *
>> +rte_eth_dev_get_sec_ctx(uint8_t port_id);
>> +
>> struct rte_eth_dev_sriov {
>> uint8_t active; /**< SRIOV is active with 16, 32 or 64 pools */
>> uint8_t nb_q_per_pool; /**< rx queue number per pool */
>> diff --git a/lib/librte_ether/rte_ethdev_version.map
>> b/lib/librte_ether/rte_ethdev_version.map
>> index 57d9b54..e9681ac 100644
>> --- a/lib/librte_ether/rte_ethdev_version.map
>> +++ b/lib/librte_ether/rte_ethdev_version.map
>> @@ -191,6 +191,7 @@ DPDK_17.08 {
>> DPDK_17.11 {
>> global:
>>
>> + rte_eth_dev_get_sec_ctx;
>> rte_eth_dev_pool_ops_supported;
>> rte_eth_dev_reset;
>> rte_flow_error_set;
>> --
>> 2.9.3
@@ -301,6 +301,13 @@ rte_eth_dev_socket_id(uint16_t port_id)
return rte_eth_devices[port_id].data->numa_node;
}
+void *
+rte_eth_dev_get_sec_ctx(uint8_t port_id)
+{
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, NULL);
+ return rte_eth_devices[port_id].security_ctx;
+}
+
uint16_t
rte_eth_dev_count(void)
{
@@ -180,6 +180,8 @@ extern "C" {
#include <rte_dev.h>
#include <rte_devargs.h>
#include <rte_errno.h>
+#include <rte_common.h>
+
#include "rte_ether.h"
#include "rte_eth_ctrl.h"
#include "rte_dev_info.h"
@@ -963,6 +965,7 @@ struct rte_eth_conf {
#define DEV_RX_OFFLOAD_CRC_STRIP 0x00001000
#define DEV_RX_OFFLOAD_SCATTER 0x00002000
#define DEV_RX_OFFLOAD_TIMESTAMP 0x00004000
+#define DEV_RX_OFFLOAD_SECURITY 0x00008000
#define DEV_RX_OFFLOAD_CHECKSUM (DEV_RX_OFFLOAD_IPV4_CKSUM | \
DEV_RX_OFFLOAD_UDP_CKSUM | \
DEV_RX_OFFLOAD_TCP_CKSUM)
@@ -998,6 +1001,7 @@ struct rte_eth_conf {
* When set application must guarantee that per-queue all mbufs comes from
* the same mempool and has refcnt = 1.
*/
+#define DEV_TX_OFFLOAD_SECURITY 0x00020000
struct rte_pci_device;
@@ -1741,8 +1745,12 @@ struct rte_eth_dev {
*/
struct rte_eth_rxtx_callback *pre_tx_burst_cbs[RTE_MAX_QUEUES_PER_PORT];
enum rte_eth_dev_state state; /**< Flag indicating the port state */
+ void *security_ctx; /**< Context for security ops */
} __rte_cache_aligned;
+void *
+rte_eth_dev_get_sec_ctx(uint8_t port_id);
+
struct rte_eth_dev_sriov {
uint8_t active; /**< SRIOV is active with 16, 32 or 64 pools */
uint8_t nb_q_per_pool; /**< rx queue number per pool */
@@ -191,6 +191,7 @@ DPDK_17.08 {
DPDK_17.11 {
global:
+ rte_eth_dev_get_sec_ctx;
rte_eth_dev_pool_ops_supported;
rte_eth_dev_reset;
rte_flow_error_set;