From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=tmyJ=XJ=dpdk.org=dev-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2278AC4CECA
	for <dpdk-dev@archiver.kernel.org>; Sat, 14 Sep 2019 23:05:50 +0000 (UTC)
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by mail.kernel.org (Postfix) with ESMTP id 7294920693
	for <dpdk-dev@archiver.kernel.org>; Sat, 14 Sep 2019 23:05:49 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7294920693
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dev-bounces@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 99B451D167;
	Sun, 15 Sep 2019 01:05:45 +0200 (CEST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by dpdk.org (Postfix) with ESMTP id A98761C10A
 for <dev@dpdk.org>; Sun, 15 Sep 2019 01:05:40 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 14 Sep 2019 16:05:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,506,1559545200"; d="scan'208";a="210775553"
Received: from irsmsx108.ger.corp.intel.com ([163.33.3.3])
 by fmsmga004.fm.intel.com with ESMTP; 14 Sep 2019 16:05:38 -0700
Received: from irsmsx105.ger.corp.intel.com ([169.254.7.164]) by
 IRSMSX108.ger.corp.intel.com ([169.254.11.112]) with mapi id 14.03.0439.000;
 Sun, 15 Sep 2019 00:05:37 +0100
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>, "dev@dpdk.org"
 <dev@dpdk.org>
CC: "Iremonger, Bernard" <bernard.iremonger@intel.com>, "akhil.goyal@nxp.com"
 <akhil.goyal@nxp.com>
Thread-Topic: [PATCH v1 1/5] ipsec: add inbound SAD API
Thread-Index: AQHVYniE4J1tW0TgUEGAWGDn0/lai6cr28+Q
Date: Sat, 14 Sep 2019 23:05:37 +0000
Message-ID: <2601191342CEEE43887BDE71AB977258019196585E@irsmsx105.ger.corp.intel.com>
References: <1565709186-273340-1-git-send-email-vladimir.medvedkin@intel.com>
 <cover.1567529480.git.vladimir.medvedkin@intel.com>
 <a0a69e4f67c6d6d592fc2ec554b74eaec06d6256.1567529480.git.vladimir.medvedkin@intel.com>
In-Reply-To: <a0a69e4f67c6d6d592fc2ec554b74eaec06d6256.1567529480.git.vladimir.medvedkin@intel.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjE0NzUzZDAtYWQwNy00MmU3LWE2NDYtYTA0YjJiYTViMDkzIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiM3hwb1RMcDBzUU9FQktmNjJ5bXQzenJIWHlUTlo1eFhxejFUMTY4N294ME5oa1pQT1ZkOUdOcE1NQkVlUkVQdyJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [163.33.239.181]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

> --- /dev/null
> +++ b/lib/librte_ipsec/rte_ipsec_sad.h
> @@ -0,0 +1,174 @@
> +
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2019 Intel Corporation
> + */
> +
> +#ifndef _RTE_IPSEC_SAD_H_
> +#define _RTE_IPSEC_SAD_H_
> +
> +#include <rte_compat.h>
> +
> +/**
> + * @file rte_ipsec_sad.h
> + * @b EXPERIMENTAL: this API may change without prior notice
> + *
> + * RTE IPsec security association database (SAD) support.
> + * It is not recommended to include this file directly,
> + * include <rte_ipsec.h> instead.
> + * Contains helper functions to lookup and maintain SAD
> + */
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +struct rte_ipsec_sad;
> +
> +/** Type of key */
> +enum {
> +	RTE_IPSEC_SAD_SPI_ONLY =3D 0,
> +	RTE_IPSEC_SAD_SPI_DIP,
> +	RTE_IPSEC_SAD_SPI_DIP_SIP,
> +	RTE_IPSEC_SAD_KEY_TYPE_MASK,
> +};
> +
> +struct rte_ipsec_sadv4_key {
> +	uint32_t spi;
> +	uint32_t dip;
> +	uint32_t sip;
> +};
> +
> +struct rte_ipsec_sadv6_key {
> +	uint32_t spi;
> +	uint8_t dip[16];
> +	uint8_t sip[16];
> +};
> +
> +union rte_ipsec_sad_key {
> +	struct rte_ipsec_sadv4_key	v4;
> +	struct rte_ipsec_sadv6_key	v6;
> +};
> +
> +#define RTE_IPSEC_SAD_FLAG_IPV4			0x1
> +#define RTE_IPSEC_SAD_FLAG_IPV6			0x2

Don't think we need to values - ipv4/ipv6 flags are mutually exclusive here=
.
Might be better:
_ipv4=3D0, _ipv6=3D1 (or visa-versa) _mask=3D1

> +/** Flag to support reader writer concurrency */
> +#define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY	0x4
> +
> +/** IPsec SAD configuration structure */
> +struct rte_ipsec_sad_conf {
> +	int		socket_id;
> +	/** maximum number of SA for each type key */
> +	uint32_t	max_sa[RTE_IPSEC_SAD_KEY_TYPE_MASK];
> +	uint32_t	flags;
> +};
> +
> +/**
> + * Add a rule into the SAD. Could be safely called with concurrent looku=
ps
> + *  if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation=
 time.
> + *  While with this flag multi-reader - one-writer model Is MT safe,
> + *  multi-writer model is not and required extra synchronisation.
> + *
> + * @param sad
> + *   SAD object handle
> + * @param key
> + *   pointer to the key
> + * @param key_type
> + *   key type (spi only/spi+dip/spi+dip+sip)
> + * @param sa
> + *   Pointer associated with the key to save in a SAD
> + *   Must be 4 bytes aligned.
> + * @return
> + *   0 on success, negative value otherwise
> + */
> +__rte_experimental
> +int
> +rte_ipsec_sad_add(struct rte_ipsec_sad *sad, union rte_ipsec_sad_key *ke=
y,
> +	int key_type, void *sa);
> +
> +/**
> + * Delete a rule from the SAD. Could be safely called with concurrent lo=
okups
> + *  if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation=
 time.
> + *  While with this flag multi-reader - one-writer model Is MT safe,
> + *  multi-writer model is not and required extra synchronisation.
> + *
> + * @param sad
> + *   SAD object handle
> + * @param key
> + *   pointer to the key
> + * @param key_type
> + *   key type (spi only/spi+dip/spi+dip+sip)
> + * @return
> + *   0 on success, negative value otherwise
> + */
> +__rte_experimental
> +int
> +rte_ipsec_sad_del(struct rte_ipsec_sad *sad, union rte_ipsec_sad_key *ke=
y,
> +	int key_type);
> +/*
> + * Create SAD
> + *
> + * @param name
> + *  SAD name
> + * @param conf
> + *  Structure containing the configuration
> + * @return
> + *  Handle to SAD object on success
> + *  NULL otherwise with rte_errno set to an appropriate values.
> + */
> +__rte_experimental
> +struct rte_ipsec_sad *
> +rte_ipsec_sad_create(const char *name, struct rte_ipsec_sad_conf *conf);

const struct rte_ipsec_sad_conf *=20


> +
> +/**
> + * Find an existing SAD object and return a pointer to it.
> + *
> + * @param name
> + *  Name of the rib object as passed to rte_ipsec_sad_create()
> + * @return
> + *  Pointer to sad object or NULL if object not found with rte_errno
> + *  set appropriately. Possible rte_errno values include:
> + *   - ENOENT - required entry not available to return.
> + */
> +__rte_experimental
> +struct rte_ipsec_sad *
> +rte_ipsec_sad_find_existing(const char *name);
> +
> +/**
> + * Free SAD object.
> + *
> + * @param sad
> + *   pointer to the SAD object
> + * @return
> + *   None
> + */
> +__rte_experimental
> +void
> +rte_ipsec_sad_free(struct rte_ipsec_sad *sad);

As a nit - might be better name I _destroy.
Usually such API comes in pairs: create/destroy, alloc/free, etc.


> +
> +/**
> + * Lookup multiple keys in the SAD.
> + *
> + * @param sad
> + *   SAD object handle
> + * @param keys
> + *   Array of keys to be looked up in the SAD
> + * @param sa
> + *   Pointer assocoated with the keys.
> + *   If the lookup for the given key failed, then corresponding sa
> + *   will be NULL
> + * @param n
> + *   Number of elements in keys array to lookup.
> + *  @return
> + *   -EINVAL for incorrect arguments, otherwise 0
> + */
> +__rte_experimental
> +int
> +rte_ipsec_sad_lookup(const struct rte_ipsec_sad *sad,
> +	const union rte_ipsec_sad_key *keys[],
> +	uint32_t n, void *sa[]);
> +
> +#ifdef __cplusplus
> +}
> +#endif
> +
> +#endif /* _RTE_IPSEC_SAD_H_ */
> diff --git a/lib/librte_ipsec/rte_ipsec_version.map b/lib/librte_ipsec/rt=
e_ipsec_version.map
> index ee9f196..56c38ec 100644
> --- a/lib/librte_ipsec/rte_ipsec_version.map
> +++ b/lib/librte_ipsec/rte_ipsec_version.map
> @@ -11,5 +11,12 @@ EXPERIMENTAL {
>  	rte_ipsec_ses_from_crypto;
>  	rte_ipsec_session_prepare;
>=20
> +	rte_ipsec_sad_add;
> +	rte_ipsec_sad_create;
> +	rte_ipsec_sad_del;
> +	rte_ipsec_sad_find_existing;
> +	rte_ipsec_sad_free;
> +	rte_ipsec_sad_lookup;
> +
>  	local: *;
>  };
> --
> 2.7.4