From mboxrd@z Thu Jan  1 00:00:00 1970
From: Aviad Yehezkel <aviadye@dev.mellanox.co.il>
Subject: Re: [PATCH v5 06/11] ethdev: support security APIs
Date: Wed, 25 Oct 2017 15:35:57 +0300
Message-ID: <e4a8ee32-a869-d8ba-d78b-01c3720a91da@dev.mellanox.co.il>
References: <20171014221734.15511-1-akhil.goyal@nxp.com>
 <20171024141545.30837-1-akhil.goyal@nxp.com>
 <20171024141545.30837-7-akhil.goyal@nxp.com>
 <VI1PR05MB31490D73A236A22B037EFC60C3440@VI1PR05MB3149.eurprd05.prod.outlook.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "declan.doherty@intel.com" <declan.doherty@intel.com>,
 "pablo.de.lara.guarch@intel.com" <pablo.de.lara.guarch@intel.com>,
 "hemant.agrawal@nxp.com" <hemant.agrawal@nxp.com>,
 "radu.nicolau@intel.com" <radu.nicolau@intel.com>,
 Boris Pismenny <borisp@mellanox.com>, Aviad Yehezkel <aviadye@mellanox.com>,
 Thomas Monjalon <thomas@monjalon.net>,
 "sandeep.malik@nxp.com" <sandeep.malik@nxp.com>,
 "jerin.jacob@caviumnetworks.com" <jerin.jacob@caviumnetworks.com>,
 "john.mcnamara@intel.com" <john.mcnamara@intel.com>,
 "konstantin.ananyev@intel.com" <konstantin.ananyev@intel.com>,
 "olivier.matz@6wind.com" <olivier.matz@6wind.com>
To: Shahaf Shuler <shahafs@mellanox.com>, Akhil Goyal <akhil.goyal@nxp.com>,
 "dev@dpdk.org" <dev@dpdk.org>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66])
 by dpdk.org (Postfix) with ESMTP id 358251B81C
 for <dev@dpdk.org>; Wed, 25 Oct 2017 14:36:02 +0200 (CEST)
Received: by mail-wm0-f66.google.com with SMTP id u138so1627327wmu.4
 for <dev@dpdk.org>; Wed, 25 Oct 2017 05:36:02 -0700 (PDT)
In-Reply-To: <VI1PR05MB31490D73A236A22B037EFC60C3440@VI1PR05MB3149.eurprd05.prod.outlook.com>
Content-Language: en-US
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 10/25/2017 10:01 AM, Shahaf Shuler wrote:
> Hi,
>
> I know we are in a rush to put this patches in before RC2. however I still see critical issue (below).
>
> Tuesday, October 24, 2017 5:16 PM, Akhil Goyal:
>> From: Declan Doherty <declan.doherty@intel.com>
>>
>> rte_flow_action type and ethdev updated to support rte_security sessions
>> for crypto offload to ethernet device.
>>
>> Signed-off-by: Boris Pismenny <borisp@mellanox.com>
>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
>> ---
>>   lib/librte_ether/rte_ethdev.c           | 7 +++++++
>>   lib/librte_ether/rte_ethdev.h           | 8 ++++++++
>>   lib/librte_ether/rte_ethdev_version.map | 1 +
>>   3 files changed, 16 insertions(+)
>>
>> diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c
>> index 0b1e928..a3b0e4e 100644
>> --- a/lib/librte_ether/rte_ethdev.c
>> +++ b/lib/librte_ether/rte_ethdev.c
>> @@ -301,6 +301,13 @@ rte_eth_dev_socket_id(uint16_t port_id)
>>   	return rte_eth_devices[port_id].data->numa_node;
>>   }
>>
>> +void *
>> +rte_eth_dev_get_sec_ctx(uint8_t port_id) {
>> +	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, NULL);
>> +	return rte_eth_devices[port_id].security_ctx;
>> +}
>> +
>>   uint16_t
>>   rte_eth_dev_count(void)
>>   {
>> diff --git a/lib/librte_ether/rte_ethdev.h b/lib/librte_ether/rte_ethdev.h
>> index b773589..119f7fc 100644
>> --- a/lib/librte_ether/rte_ethdev.h
>> +++ b/lib/librte_ether/rte_ethdev.h
>> @@ -180,6 +180,8 @@ extern "C" {
>>   #include <rte_dev.h>
>>   #include <rte_devargs.h>
>>   #include <rte_errno.h>
>> +#include <rte_common.h>
>> +
>>   #include "rte_ether.h"
>>   #include "rte_eth_ctrl.h"
>>   #include "rte_dev_info.h"
>> @@ -963,6 +965,7 @@ struct rte_eth_conf {
>>   #define DEV_RX_OFFLOAD_CRC_STRIP	0x00001000
>>   #define DEV_RX_OFFLOAD_SCATTER		0x00002000
>>   #define DEV_RX_OFFLOAD_TIMESTAMP	0x00004000
>> +#define DEV_RX_OFFLOAD_SECURITY         0x00008000
> How application will control this offload on 17.11 ?
> The PMDs are not yet moved to the new API, so crypto offload is going to be enabled by default with no way to disable?
will be fixed in v6
>
>>   #define DEV_RX_OFFLOAD_CHECKSUM (DEV_RX_OFFLOAD_IPV4_CKSUM |
>> \
>>   				 DEV_RX_OFFLOAD_UDP_CKSUM | \
>>   				 DEV_RX_OFFLOAD_TCP_CKSUM)
>> @@ -998,6 +1001,7 @@ struct rte_eth_conf {
>>    *   When set application must guarantee that per-queue all mbufs comes
>> from
>>    *   the same mempool and has refcnt = 1.
>>    */
>> +#define DEV_TX_OFFLOAD_SECURITY         0x00020000
> Same point here.
>
>>   struct rte_pci_device;
>>
>> @@ -1741,8 +1745,12 @@ struct rte_eth_dev {
>>   	 */
>>   	struct rte_eth_rxtx_callback
>> *pre_tx_burst_cbs[RTE_MAX_QUEUES_PER_PORT];
>>   	enum rte_eth_dev_state state; /**< Flag indicating the port state */
>> +	void *security_ctx; /**< Context for security ops */
>>   } __rte_cache_aligned;
>>
>> +void *
>> +rte_eth_dev_get_sec_ctx(uint8_t port_id);
>> +
>>   struct rte_eth_dev_sriov {
>>   	uint8_t active;               /**< SRIOV is active with 16, 32 or 64 pools */
>>   	uint8_t nb_q_per_pool;        /**< rx queue number per pool */
>> diff --git a/lib/librte_ether/rte_ethdev_version.map
>> b/lib/librte_ether/rte_ethdev_version.map
>> index 57d9b54..e9681ac 100644
>> --- a/lib/librte_ether/rte_ethdev_version.map
>> +++ b/lib/librte_ether/rte_ethdev_version.map
>> @@ -191,6 +191,7 @@ DPDK_17.08 {
>>   DPDK_17.11 {
>>   	global:
>>
>> +	rte_eth_dev_get_sec_ctx;
>>   	rte_eth_dev_pool_ops_supported;
>>   	rte_eth_dev_reset;
>>   	rte_flow_error_set;
>> --
>> 2.9.3