Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/61427/?format=api
{ "id": 61427, "url": "http://patches.dpdk.org/api/patches/61427/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/599f8545b14fa59b79c03b0381ea347ffb84fbc8.1571322983.git.vladimir.medvedkin@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<599f8545b14fa59b79c03b0381ea347ffb84fbc8.1571322983.git.vladimir.medvedkin@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/599f8545b14fa59b79c03b0381ea347ffb84fbc8.1571322983.git.vladimir.medvedkin@intel.com", "date": "2019-10-17T15:47:58", "name": "[v6,1/6] ipsec: add inbound SAD API", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "81590a70ff1ed008e67de9f7adb54ad947ed630c", "submitter": { "id": 1216, "url": "http://patches.dpdk.org/api/people/1216/?format=api", "name": "Vladimir Medvedkin", "email": "vladimir.medvedkin@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/599f8545b14fa59b79c03b0381ea347ffb84fbc8.1571322983.git.vladimir.medvedkin@intel.com/mbox/", "series": [ { "id": 6917, "url": "http://patches.dpdk.org/api/series/6917/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=6917", "date": "2019-10-17T15:47:57", "name": "ipsec: add inbound SAD", "version": 6, "mbox": "http://patches.dpdk.org/series/6917/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/61427/comments/", "check": "warning", "checks": "http://patches.dpdk.org/api/patches/61427/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id BE01B1E9D6;\n\tThu, 17 Oct 2019 17:48:13 +0200 (CEST)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n\tby dpdk.org (Postfix) with ESMTP id F21A41E930\n\tfor <dev@dpdk.org>; Thu, 17 Oct 2019 17:48:09 +0200 (CEST)", "from orsmga005.jf.intel.com ([10.7.209.41])\n\tby fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t17 Oct 2019 08:48:09 -0700", "from silpixa00400072.ir.intel.com ([10.237.222.213])\n\tby orsmga005.jf.intel.com with ESMTP; 17 Oct 2019 08:48:07 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.67,308,1566889200\"; d=\"scan'208\";a=\"371174131\"", "From": "Vladimir Medvedkin <vladimir.medvedkin@intel.com>", "To": "dev@dpdk.org", "Cc": "konstantin.ananyev@intel.com, bernard.iremonger@intel.com,\n\takhil.goyal@nxp.com", "Date": "Thu, 17 Oct 2019 16:47:58 +0100", "Message-Id": "<599f8545b14fa59b79c03b0381ea347ffb84fbc8.1571322983.git.vladimir.medvedkin@intel.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": [ "<cover.1571322982.git.vladimir.medvedkin@intel.com>", "<cover.1571322982.git.vladimir.medvedkin@intel.com>" ], "References": [ "<cover.1571322982.git.vladimir.medvedkin@intel.com>", "<cover.1570725871.git.vladimir.medvedkin@intel.com>\n\t<cover.1571322982.git.vladimir.medvedkin@intel.com>" ], "Subject": "[dpdk-dev] [PATCH v6 1/6] ipsec: add inbound SAD API", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add inbound security association database (SAD) API\nand stub implementation.\n\nSigned-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>\nAcked-by: Akhil Goyal <akhil.goyal@nxp.com>\nAcked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>\n---\n lib/librte_ipsec/Makefile | 2 +\n lib/librte_ipsec/ipsec_sad.c | 50 ++++++++++\n lib/librte_ipsec/meson.build | 4 +-\n lib/librte_ipsec/rte_ipsec_sad.h | 176 +++++++++++++++++++++++++++++++++\n lib/librte_ipsec/rte_ipsec_version.map | 7 ++\n 5 files changed, 237 insertions(+), 2 deletions(-)\n create mode 100644 lib/librte_ipsec/ipsec_sad.c\n create mode 100644 lib/librte_ipsec/rte_ipsec_sad.h", "diff": "diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile\nindex 22f29d9..5aaab72 100644\n--- a/lib/librte_ipsec/Makefile\n+++ b/lib/librte_ipsec/Makefile\n@@ -21,10 +21,12 @@ SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += esp_inb.c\n SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += esp_outb.c\n SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += sa.c\n SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += ses.c\n+SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += ipsec_sad.c\n \n # install header files\n SYMLINK-$(CONFIG_RTE_LIBRTE_IPSEC)-include += rte_ipsec.h\n SYMLINK-$(CONFIG_RTE_LIBRTE_IPSEC)-include += rte_ipsec_group.h\n SYMLINK-$(CONFIG_RTE_LIBRTE_IPSEC)-include += rte_ipsec_sa.h\n+SYMLINK-$(CONFIG_RTE_LIBRTE_IPSEC)-include += rte_ipsec_sad.h\n \n include $(RTE_SDK)/mk/rte.lib.mk\ndiff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c\nnew file mode 100644\nindex 0000000..703be65\n--- /dev/null\n+++ b/lib/librte_ipsec/ipsec_sad.c\n@@ -0,0 +1,50 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2019 Intel Corporation\n+ */\n+\n+#include <rte_errno.h>\n+\n+#include \"rte_ipsec_sad.h\"\n+\n+int\n+rte_ipsec_sad_add(__rte_unused struct rte_ipsec_sad *sad,\n+\t\t__rte_unused const union rte_ipsec_sad_key *key,\n+\t\t__rte_unused int key_type, __rte_unused void *sa)\n+{\n+\treturn -ENOTSUP;\n+}\n+\n+int\n+rte_ipsec_sad_del(__rte_unused struct rte_ipsec_sad *sad,\n+\t\t__rte_unused const union rte_ipsec_sad_key *key,\n+\t\t__rte_unused int key_type)\n+{\n+\treturn -ENOTSUP;\n+}\n+\n+struct rte_ipsec_sad *\n+rte_ipsec_sad_create(__rte_unused const char *name,\n+\t\t__rte_unused const struct rte_ipsec_sad_conf *conf)\n+{\n+\treturn NULL;\n+}\n+\n+struct rte_ipsec_sad *\n+rte_ipsec_sad_find_existing(__rte_unused const char *name)\n+{\n+\treturn NULL;\n+}\n+\n+void\n+rte_ipsec_sad_destroy(__rte_unused struct rte_ipsec_sad *sad)\n+{\n+\treturn;\n+}\n+\n+int\n+rte_ipsec_sad_lookup(__rte_unused const struct rte_ipsec_sad *sad,\n+\t\t__rte_unused const union rte_ipsec_sad_key *keys[],\n+\t\t__rte_unused void *sa[], __rte_unused uint32_t n)\n+{\n+\treturn -ENOTSUP;\n+}\ndiff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build\nindex 7ea0c7d..91b9867 100644\n--- a/lib/librte_ipsec/meson.build\n+++ b/lib/librte_ipsec/meson.build\n@@ -3,8 +3,8 @@\n \n allow_experimental_apis = true\n \n-sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c')\n+sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad.c')\n \n-headers = files('rte_ipsec.h', 'rte_ipsec_group.h', 'rte_ipsec_sa.h')\n+headers = files('rte_ipsec.h', 'rte_ipsec_group.h', 'rte_ipsec_sa.h', 'rte_ipsec_sad.h')\n \n deps += ['mbuf', 'net', 'cryptodev', 'security']\ndiff --git a/lib/librte_ipsec/rte_ipsec_sad.h b/lib/librte_ipsec/rte_ipsec_sad.h\nnew file mode 100644\nindex 0000000..8386f73\n--- /dev/null\n+++ b/lib/librte_ipsec/rte_ipsec_sad.h\n@@ -0,0 +1,176 @@\n+\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2019 Intel Corporation\n+ */\n+\n+#ifndef _RTE_IPSEC_SAD_H_\n+#define _RTE_IPSEC_SAD_H_\n+\n+#include <rte_compat.h>\n+\n+/**\n+ * @file rte_ipsec_sad.h\n+ * @b EXPERIMENTAL: this API may change without prior notice\n+ *\n+ * RTE IPsec security association database (SAD) support.\n+ * Contains helper functions to lookup and maintain SAD\n+ */\n+\n+#ifdef __cplusplus\n+extern \"C\" {\n+#endif\n+\n+struct rte_ipsec_sad;\n+\n+/** Type of key */\n+enum {\n+\tRTE_IPSEC_SAD_SPI_ONLY = 0,\n+\tRTE_IPSEC_SAD_SPI_DIP,\n+\tRTE_IPSEC_SAD_SPI_DIP_SIP,\n+\tRTE_IPSEC_SAD_KEY_TYPE_MASK,\n+};\n+\n+struct rte_ipsec_sadv4_key {\n+\tuint32_t spi;\n+\tuint32_t dip;\n+\tuint32_t sip;\n+};\n+\n+struct rte_ipsec_sadv6_key {\n+\tuint32_t spi;\n+\tuint8_t dip[16];\n+\tuint8_t sip[16];\n+};\n+\n+union rte_ipsec_sad_key {\n+\tstruct rte_ipsec_sadv4_key\tv4;\n+\tstruct rte_ipsec_sadv6_key\tv6;\n+};\n+\n+/** Flag to create SAD with ipv6 dip and sip addresses */\n+#define RTE_IPSEC_SAD_FLAG_IPV6\t\t\t0x1\n+/** Flag to support reader writer concurrency */\n+#define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY\t0x2\n+\n+/** IPsec SAD configuration structure */\n+struct rte_ipsec_sad_conf {\n+\t/** CPU socket ID where rte_ipsec_sad should be allocated */\n+\tint\t\tsocket_id;\n+\t/** maximum number of SA for each type of key */\n+\tuint32_t\tmax_sa[RTE_IPSEC_SAD_KEY_TYPE_MASK];\n+\t/** RTE_IPSEC_SAD_FLAG_* flags */\n+\tuint32_t\tflags;\n+};\n+\n+/**\n+ * Add a rule into the SAD. Could be safely called with concurrent lookups\n+ * if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.\n+ * While with this flag multi-reader - one-writer model Is MT safe,\n+ * multi-writer model is not and required extra synchronisation.\n+ *\n+ * @param sad\n+ * SAD object handle\n+ * @param key\n+ * pointer to the key\n+ * @param key_type\n+ * key type (spi only/spi+dip/spi+dip+sip)\n+ * @param sa\n+ * Pointer associated with the key to save in a SAD\n+ * Must be 4 bytes aligned.\n+ * @return\n+ * 0 on success, negative value otherwise\n+ */\n+__rte_experimental\n+int\n+rte_ipsec_sad_add(struct rte_ipsec_sad *sad,\n+\tconst union rte_ipsec_sad_key *key,\n+\tint key_type, void *sa);\n+\n+/**\n+ * Delete a rule from the SAD. Could be safely called with concurrent lookups\n+ * if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.\n+ * While with this flag multi-reader - one-writer model Is MT safe,\n+ * multi-writer model is not and required extra synchronisation.\n+ *\n+ * @param sad\n+ * SAD object handle\n+ * @param key\n+ * pointer to the key\n+ * @param key_type\n+ * key type (spi only/spi+dip/spi+dip+sip)\n+ * @return\n+ * 0 on success, negative value otherwise\n+ */\n+__rte_experimental\n+int\n+rte_ipsec_sad_del(struct rte_ipsec_sad *sad,\n+\tconst union rte_ipsec_sad_key *key,\n+\tint key_type);\n+/*\n+ * Create SAD\n+ *\n+ * @param name\n+ * SAD name\n+ * @param conf\n+ * Structure containing the configuration\n+ * @return\n+ * Handle to SAD object on success\n+ * NULL otherwise with rte_errno set to an appropriate values.\n+ */\n+__rte_experimental\n+struct rte_ipsec_sad *\n+rte_ipsec_sad_create(const char *name, const struct rte_ipsec_sad_conf *conf);\n+\n+/**\n+ * Find an existing SAD object and return a pointer to it.\n+ *\n+ * @param name\n+ * Name of the SAD object as passed to rte_ipsec_sad_create()\n+ * @return\n+ * Pointer to sad object or NULL if object not found with rte_errno\n+ * set appropriately. Possible rte_errno values include:\n+ * - ENOENT - required entry not available to return.\n+ */\n+__rte_experimental\n+struct rte_ipsec_sad *\n+rte_ipsec_sad_find_existing(const char *name);\n+\n+/**\n+ * Destroy SAD object.\n+ *\n+ * @param sad\n+ * pointer to the SAD object\n+ * @return\n+ * None\n+ */\n+__rte_experimental\n+void\n+rte_ipsec_sad_destroy(struct rte_ipsec_sad *sad);\n+\n+/**\n+ * Lookup multiple keys in the SAD.\n+ *\n+ * @param sad\n+ * SAD object handle\n+ * @param keys\n+ * Array of keys to be looked up in the SAD\n+ * @param sa\n+ * Pointer assocoated with the keys.\n+ * If the lookup for the given key failed, then corresponding sa\n+ * will be NULL\n+ * @param n\n+ * Number of elements in keys array to lookup.\n+ * @return\n+ * -EINVAL for incorrect arguments, otherwise number of successful lookups.\n+ */\n+__rte_experimental\n+int\n+rte_ipsec_sad_lookup(const struct rte_ipsec_sad *sad,\n+\tconst union rte_ipsec_sad_key *keys[],\n+\tvoid *sa[], uint32_t n);\n+\n+#ifdef __cplusplus\n+}\n+#endif\n+\n+#endif /* _RTE_IPSEC_SAD_H_ */\ndiff --git a/lib/librte_ipsec/rte_ipsec_version.map b/lib/librte_ipsec/rte_ipsec_version.map\nindex ee9f196..3c6c630 100644\n--- a/lib/librte_ipsec/rte_ipsec_version.map\n+++ b/lib/librte_ipsec/rte_ipsec_version.map\n@@ -11,5 +11,12 @@ EXPERIMENTAL {\n \trte_ipsec_ses_from_crypto;\n \trte_ipsec_session_prepare;\n \n+\trte_ipsec_sad_add;\n+\trte_ipsec_sad_create;\n+\trte_ipsec_sad_del;\n+\trte_ipsec_sad_find_existing;\n+\trte_ipsec_sad_destroy;\n+\trte_ipsec_sad_lookup;\n+\n \tlocal: *;\n };\n", "prefixes": [ "v6", "1/6" ] }