Cover Detail
Show a cover letter.
GET /api/covers/49645/?format=api
http://patches.dpdk.org/api/covers/49645/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/cover/1547154394-14875-1-git-send-email-konstantin.ananyev@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1547154394-14875-1-git-send-email-konstantin.ananyev@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1547154394-14875-1-git-send-email-konstantin.ananyev@intel.com", "date": "2019-01-10T21:06:25", "name": "[v8,0/9] ipsec: new library for IPsec data-path processing", "submitter": { "id": 33, "url": "http://patches.dpdk.org/api/people/33/?format=api", "name": "Ananyev, Konstantin", "email": "konstantin.ananyev@intel.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/cover/1547154394-14875-1-git-send-email-konstantin.ananyev@intel.com/mbox/", "series": [ { "id": 3111, "url": "http://patches.dpdk.org/api/series/3111/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=3111", "date": "2019-01-10T21:06:25", "name": "ipsec: new library for IPsec data-path processing", "version": 8, "mbox": "http://patches.dpdk.org/series/3111/mbox/" } ], "comments": "http://patches.dpdk.org/api/covers/49645/comments/", "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 060C81B929;\n\tThu, 10 Jan 2019 22:06:42 +0100 (CET)", "from mga11.intel.com (mga11.intel.com [192.55.52.93])\n\tby dpdk.org (Postfix) with ESMTP id 1E9961B90C\n\tfor <dev@dpdk.org>; Thu, 10 Jan 2019 22:06:39 +0100 (CET)", "from orsmga006.jf.intel.com ([10.7.209.51])\n\tby fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t10 Jan 2019 13:06:39 -0800", "from sivswdev08.ir.intel.com (HELO localhost.localdomain)\n\t([10.237.217.47])\n\tby orsmga006.jf.intel.com with ESMTP; 10 Jan 2019 13:06:37 -0800" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.56,462,1539673200\"; d=\"scan'208\";a=\"107316552\"", "From": "Konstantin Ananyev <konstantin.ananyev@intel.com>", "To": "dev@dpdk.org", "Cc": "akhil.goyal@nxp.com, pablo.de.lara.guarch@intel.com, thomas@monjalon.net,\n\tKonstantin Ananyev <konstantin.ananyev@intel.com>", "Date": "Thu, 10 Jan 2019 21:06:25 +0000", "Message-Id": "<1547154394-14875-1-git-send-email-konstantin.ananyev@intel.com>", "X-Mailer": "git-send-email 1.7.0.7", "In-Reply-To": "<1547130059-9408-2-git-send-email-konstantin.ananyev@intel.com>", "References": "<1547130059-9408-2-git-send-email-konstantin.ananyev@intel.com>", "Subject": "[dpdk-dev] [PATCH v8 0/9] ipsec: new library for IPsec data-path\n\tprocessing", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "v7 -> v8\n- update release notes with new version for librte_security\n- rebase on top of crypto-next\n\nv6 -> v7\n- Changes to address Thomas comments:\n bump ABI version\n remove related deprecation notice\n update release notes, ABI changes section\n\nv5 -> v6\n - Fix issues reported by Akhil:\n rte_ipsec_session_prepare() fails for lookaside-proto\n\nv4 -> v5\n - Fix issue with SQN overflows\n - Address Akhil comments:\n documentation update\n spell checks spacing etc.\n fix input crypto_xform check/prepcess\n test cases for lookaside and inline proto\n\nv3 -> v4\n - Changes to address Declan comments\n - Update docs\n\nv2 -> v3\n - Several fixes for IPv6 support\n - Extra checks for input parameters in public APi functions\n\nv1 -> v2\n - Changes to get into account l2_len for outbound transport packets\n (Qi comments)\n - Several bug fixes\n - Some code restructured\n - Update MAINTAINERS file\n\nRFCv2 -> v1\n - Changes per Jerin comments\n - Implement transport mode\n - Several bug fixes\n - UT largely reworked and extended\n\nThis patch introduces a new library within DPDK: librte_ipsec.\nThe aim is to provide DPDK native high performance library for IPsec\ndata-path processing.\nThe library is supposed to utilize existing DPDK crypto-dev and\nsecurity API to provide application with transparent IPsec\nprocessing API.\nThe library is concentrated on data-path protocols processing\n(ESP and AH), IKE protocol(s) implementation is out of scope\nfor that library.\nCurrent patch introduces SA-level API.\n\nSA level API\n============\n\nAPI described below operates on SA level.\nIt provides functionality that allows user for given SA to process\ninbound and outbound IPsec packets.\nTo be more specific:\n- for inbound ESP/AH packets perform decryption, authentication,\n integrity checking, remove ESP/AH related headers\n- for outbound packets perform payload encryption, attach ICV,\n update/add IP headers, add ESP/AH headers/trailers,\n setup related mbuf felids (ol_flags, tx_offloads, etc.).\n- initialize/un-initialize given SA based on user provided parameters.\n\nThe following functionality:\n - match inbound/outbound packets to particular SA\n - manage crypto/security devices\n - provide SAD/SPD related functionality\n - determine what crypto/security device has to be used\n for given packet(s)\nis out of scope for SA-level API.\n\nSA-level API is based on top of crypto-dev/security API and relies on\nthem\nto perform actual cipher and integrity checking.\nTo have an ability to easily map crypto/security sessions into related\nIPSec SA opaque userdata field was added into\nrte_cryptodev_sym_session and rte_security_session structures.\nThat implies ABI change for both librte_crytpodev and librte_security.\n\nDue to the nature of crypto-dev API (enqueue/deque model) we use\nasynchronous API for IPsec packets destined to be processed by\ncrypto-device.\nExpected API call sequence would be:\n /* enqueue for processing by crypto-device */\n rte_ipsec_pkt_crypto_prepare(...);\n rte_cryptodev_enqueue_burst(...);\n /* dequeue from crypto-device and do final processing (if any) */\n rte_cryptodev_dequeue_burst(...);\n rte_ipsec_pkt_crypto_group(...); /* optional */\n rte_ipsec_pkt_process(...);\n\nThough for packets destined for inline processing no extra overhead\nis required and synchronous API call: rte_ipsec_pkt_process()\nis sufficient for that case.\n\nCurrent implementation supports all four currently defined\nrte_security types.\nThough to accommodate future custom implementations function pointers\nmodel is used for both for *crypto_prepare* and *process*\nimpelementations.\n\nKonstantin Ananyev (9):\n security: add opaque userdata pointer into security session\n net: add ESP trailer structure definition\n lib: introduce ipsec library\n ipsec: add SA data-path API\n ipsec: implement SA data-path API\n ipsec: rework SA replay window/SQN for MT environment\n ipsec: helper functions to group completed crypto-ops\n test/ipsec: introduce functional test\n doc: add IPsec library guide\n\n MAINTAINERS | 8 +-\n config/common_base | 5 +\n doc/guides/prog_guide/index.rst | 1 +\n doc/guides/prog_guide/ipsec_lib.rst | 168 ++\n doc/guides/rel_notes/deprecation.rst | 4 -\n doc/guides/rel_notes/release_19_02.rst | 17 +-\n lib/Makefile | 2 +\n lib/librte_ipsec/Makefile | 27 +\n lib/librte_ipsec/crypto.h | 123 ++\n lib/librte_ipsec/iph.h | 84 +\n lib/librte_ipsec/ipsec_sqn.h | 343 ++++\n lib/librte_ipsec/meson.build | 10 +\n lib/librte_ipsec/pad.h | 45 +\n lib/librte_ipsec/rte_ipsec.h | 154 ++\n lib/librte_ipsec/rte_ipsec_group.h | 151 ++\n lib/librte_ipsec/rte_ipsec_sa.h | 174 ++\n lib/librte_ipsec/rte_ipsec_version.map | 15 +\n lib/librte_ipsec/sa.c | 1527 ++++++++++++++\n lib/librte_ipsec/sa.h | 106 +\n lib/librte_ipsec/ses.c | 52 +\n lib/librte_net/rte_esp.h | 10 +-\n lib/librte_security/Makefile | 4 +-\n lib/librte_security/meson.build | 3 +-\n lib/librte_security/rte_security.h | 2 +\n lib/meson.build | 2 +\n mk/rte.app.mk | 2 +\n test/test/Makefile | 3 +\n test/test/meson.build | 3 +\n test/test/test_ipsec.c | 2565 ++++++++++++++++++++++++\n 29 files changed, 5600 insertions(+), 10 deletions(-)\n create mode 100644 doc/guides/prog_guide/ipsec_lib.rst\n create mode 100644 lib/librte_ipsec/Makefile\n create mode 100644 lib/librte_ipsec/crypto.h\n create mode 100644 lib/librte_ipsec/iph.h\n create mode 100644 lib/librte_ipsec/ipsec_sqn.h\n create mode 100644 lib/librte_ipsec/meson.build\n create mode 100644 lib/librte_ipsec/pad.h\n create mode 100644 lib/librte_ipsec/rte_ipsec.h\n create mode 100644 lib/librte_ipsec/rte_ipsec_group.h\n create mode 100644 lib/librte_ipsec/rte_ipsec_sa.h\n create mode 100644 lib/librte_ipsec/rte_ipsec_version.map\n create mode 100644 lib/librte_ipsec/sa.c\n create mode 100644 lib/librte_ipsec/sa.h\n create mode 100644 lib/librte_ipsec/ses.c\n create mode 100644 test/test/test_ipsec.c" }{ "id": 49645, "url": "