From patchwork Thu Jan 26 14:12:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cristian Dumitrescu X-Patchwork-Id: 122549 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7717C42492; Thu, 26 Jan 2023 15:34:32 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 18DB540223; Thu, 26 Jan 2023 15:34:32 +0100 (CET) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id C52E0400D7 for ; Thu, 26 Jan 2023 15:34:29 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674743670; x=1706279670; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=dxW6rGnPE2wj3Gle/Ol1KoYLsB7MyeBPeNGCcDJxpZA=; b=UbOVnMU23liTwkp1o8cy7akEZTvWShpgFV6hID1zwT3l73zr5d+6XVpr 8ofzQ8K4zLf0qmUpxdPBsPyu5X+aWl15KOf1ymJhYT7jXPa9GIm9fvj59 E9M5KHbvVqDZvScER+jbJCdhcx6ToGdltCtpedn7H8oLtNFSe3uVavAfa 4ORA7dRotta5KSaFotGo3ZsOoHaxbl6Lzgf+kEuQ92rApbSnCn5Gb+r4S v//D13oPSqhYFYFWi1T+uHbYKluSBhqfEJsMnY0hSeQZ77A++O+PDkGvM H1x0483DuwFi8++w1JCpWxls6RSi8Weq+tt0pzYPdN10ILzQMoRsgkVqt Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="328080993" X-IronPort-AV: E=Sophos;i="5.97,248,1669104000"; d="scan'208";a="328080993" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 06:12:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="664856467" X-IronPort-AV: E=Sophos;i="5.97,248,1669104000"; d="scan'208";a="664856467" Received: from silpixa00400573.ir.intel.com (HELO silpixa00400573.ger.corp.intel.com) ([10.237.222.53]) by fmsmga007.fm.intel.com with ESMTP; 26 Jan 2023 06:12:57 -0800 From: Cristian Dumitrescu To: dev@dpdk.org Subject: [PATCH V6 00/11] pipeline: add IPsec support Date: Thu, 26 Jan 2023 14:12:45 +0000 Message-Id: <20230126141256.380415-1-cristian.dumitrescu@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230111205608.87953-1-cristian.dumitrescu@intel.com> References: <20230111205608.87953-1-cristian.dumitrescu@intel.com> MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This patch set introduces a companion block for the SWX pipeline for IPsec support. The IPsec block is external to the pipeline, hence it needs to be explicitly instantiated by the user and connected to a pipeline instance through the pipeline I/O ports. Main features: * IPsec inbound (encrypted input packets -> clear text output packets) and outbound (clear text input packets -> encrypted output packets) processing support for tunnel and transport modes. Interaction of the IPsec block with the pipeline: * Each IPsec block instance has its own set of Security Associations (SAs) used to process the input packets. Each SA is identified by its unique SA ID. The IPsec inbound and outbound SAs share the same ID space. * Each input packet is first mapped to one of the existing SAs by using the SA ID and then processed according to the identified SA. The SA ID is read from input packet. The SA ID field is typically written by the pipeline before sending the packet to the IPsec block. Change log: V6: Fixed more build issues for gcc 4.8.5. V5: Fixed build issue for gcc 4.8.5. V4: Fixed Doxygen issues. V3: Rebased on top of main latest. V2: Fixed minor style issues. Cristian Dumitrescu (11): pipeline: add IPsec support examples/pipeline: rework memory pool support examples/pipeline: streamline ring support examples/pipeline: streamline the Ethernet device support examples/pipeline: support crypto devices examples/pipeline: add CLI command for crypto device examples/pipeline: add IPsec CLI commands examples/pipeline: rework the thread configuration updates examples/pipeline: support blocks other than pipelines examples/pipeline: add block enable/disable CLI commands examples/pipeline: add IPsec example examples/pipeline/cli.c | 893 ++++++-- examples/pipeline/examples/fib.cli | 4 +- examples/pipeline/examples/hash_func.cli | 4 +- examples/pipeline/examples/ipsec.cli | 57 + examples/pipeline/examples/ipsec.io | 23 + examples/pipeline/examples/ipsec.spec | 138 ++ examples/pipeline/examples/ipsec_sa.txt | 216 ++ examples/pipeline/examples/l2fwd.cli | 4 +- examples/pipeline/examples/l2fwd_macswp.cli | 4 +- .../pipeline/examples/l2fwd_macswp_pcap.cli | 4 +- examples/pipeline/examples/l2fwd_pcap.cli | 4 +- examples/pipeline/examples/learner.cli | 4 +- examples/pipeline/examples/meter.cli | 4 +- examples/pipeline/examples/mirroring.cli | 4 +- examples/pipeline/examples/recirculation.cli | 4 +- examples/pipeline/examples/registers.cli | 4 +- examples/pipeline/examples/selector.cli | 4 +- examples/pipeline/examples/varbit.cli | 4 +- examples/pipeline/examples/vxlan.cli | 4 +- examples/pipeline/examples/vxlan_pcap.cli | 4 +- examples/pipeline/main.c | 12 +- examples/pipeline/obj.c | 361 +--- examples/pipeline/obj.h | 100 +- examples/pipeline/thread.c | 655 +++--- examples/pipeline/thread.h | 24 +- lib/pipeline/meson.build | 4 +- lib/pipeline/rte_swx_ipsec.c | 1821 +++++++++++++++++ lib/pipeline/rte_swx_ipsec.h | 383 ++++ lib/pipeline/version.map | 9 + 29 files changed, 3741 insertions(+), 1015 deletions(-) create mode 100644 examples/pipeline/examples/ipsec.cli create mode 100644 examples/pipeline/examples/ipsec.io create mode 100644 examples/pipeline/examples/ipsec.spec create mode 100644 examples/pipeline/examples/ipsec_sa.txt create mode 100644 lib/pipeline/rte_swx_ipsec.c create mode 100644 lib/pipeline/rte_swx_ipsec.h