diff mbox series

[v3,4/4] security: add IPsec option for IP reassembly

Message ID	20220130175935.1947730-5-gakhil@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	Ferruh Yigit
Headers	From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <anoobj@marvell.com>, <matan@nvidia.com>, <konstantin.ananyev@intel.com>, <thomas@monjalon.net>, <ferruh.yigit@intel.com>, <andrew.rybchenko@oktetlabs.ru>, <rosen.xu@intel.com>, <jerinj@marvell.com>, <stephen@networkplumber.org>, <mdr@ashroe.eu>, Akhil Goyal <gakhil@marvell.com> Subject: [PATCH v3 4/4] security: add IPsec option for IP reassembly Date: Sun, 30 Jan 2022 23:29:35 +0530 Message-ID: <20220130175935.1947730-5-gakhil@marvell.com> In-Reply-To: <20220130175935.1947730-1-gakhil@marvell.com> References: <20220120162627.4155695-1-gakhil@marvell.com> <20220130175935.1947730-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	ethdev: introduce IP reassembly offload \| [v3,0/4] ethdev: introduce IP reassembly offload [v3,1/4] ethdev: introduce IP reassembly offload [v3,2/4] ethdev: add dev op to set/get IP reassembly configuration [v3,3/4] ethdev: add mbuf dynfield for incomplete IP reassembly [v3,4/4] security: add IPsec option for IP reassembly

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS

Commit Message

Akhil Goyal Jan. 30, 2022, 5:59 p.m. UTC

  A new option is added in IPsec to enable and attempt reassembly
of inbound packets.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 devtools/libabigail.abignore | 14 ++++++++++++++
 lib/security/rte_security.h  | 12 +++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

Comments

Ferruh Yigit Feb. 1, 2022, 2:12 p.m. UTC | #1

On 1/30/2022 5:59 PM, Akhil Goyal wrote:
> A new option is added in IPsec to enable and attempt reassembly
> of inbound packets.
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
>   devtools/libabigail.abignore | 14 ++++++++++++++
>   lib/security/rte_security.h  | 12 +++++++++++-


+Radu for review

>   2 files changed, 25 insertions(+), 1 deletion(-)
> 
> diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore
> index 90f449c43a..c6e304282f 100644
> --- a/devtools/libabigail.abignore
> +++ b/devtools/libabigail.abignore
> @@ -16,3 +16,17 @@
>   [suppress_type]
>   	name = rte_eth_dev_info
>   	has_data_member_inserted_between = {offset_of(reserved_64s), end}
> +
> +; Ignore fields inserted in place of reserved_opts of rte_security_ipsec_sa_options
> +[suppress_type]
> +       name = rte_ipsec_sa_prm
> +       name = rte_security_ipsec_sa_options
> +       has_data_member_inserted_between = {offset_of(reserved_opts), end}
> +
> +[suppress_type]
> +       name = rte_security_capability
> +       has_data_member_inserted_between = {offset_of(reserved_opts), (offset_of(reserved_opts) + 18)}
> +
> +[suppress_type]
> +       name = rte_security_session_conf
> +       has_data_member_inserted_between = {offset_of(reserved_opts), (offset_of(reserved_opts) + 18)}
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 1228b6c8b1..168b837a82 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -264,6 +264,16 @@ struct rte_security_ipsec_sa_options {
>   	 */
>   	uint32_t l4_csum_enable : 1;
>   
> +	/** Enable reassembly on incoming packets.
> +	 *
> +	 * * 1: Enable driver to try reassembly of encrypted IP packets for
> +	 *      this SA, if supported by the driver. This feature will work
> +	 *      only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in
> +	 *      inline Ethernet device.
> +	 * * 0: Disable reassembly of packets (default).
> +	 */
> +	uint32_t reass_en : 1;
> +
>   	/** Reserved bit fields for future extension
>   	 *
>   	 * User should ensure reserved_opts is cleared as it may change in
> @@ -271,7 +281,7 @@ struct rte_security_ipsec_sa_options {
>   	 *
>   	 * Note: Reduce number of bits in reserved_opts for every new option.
>   	 */
> -	uint32_t reserved_opts : 18;
> +	uint32_t reserved_opts : 17;
>   };
>   
>   /** IPSec security association direction */

Akhil Goyal Feb. 2, 2022, 9:15 a.m. UTC | #2

> On 1/30/2022 5:59 PM, Akhil Goyal wrote:
> > A new option is added in IPsec to enable and attempt reassembly
> > of inbound packets.
> >
> > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> > ---
> >   devtools/libabigail.abignore | 14 ++++++++++++++
> >   lib/security/rte_security.h  | 12 +++++++++++-
> 
> 
> +Radu for review
> 
> >   2 files changed, 25 insertions(+), 1 deletion(-)
> >
> > diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore
> > index 90f449c43a..c6e304282f 100644
> > --- a/devtools/libabigail.abignore
> > +++ b/devtools/libabigail.abignore
> > @@ -16,3 +16,17 @@
> >   [suppress_type]
> >   	name = rte_eth_dev_info
> >   	has_data_member_inserted_between = {offset_of(reserved_64s), end}
> > +
> > +; Ignore fields inserted in place of reserved_opts of
> rte_security_ipsec_sa_options
> > +[suppress_type]
> > +       name = rte_ipsec_sa_prm
> > +       name = rte_security_ipsec_sa_options
> > +       has_data_member_inserted_between = {offset_of(reserved_opts), end}
> > +
> > +[suppress_type]
> > +       name = rte_security_capability
> > +       has_data_member_inserted_between = {offset_of(reserved_opts),
> (offset_of(reserved_opts) + 18)}
> > +
> > +[suppress_type]
> > +       name = rte_security_session_conf
> > +       has_data_member_inserted_between = {offset_of(reserved_opts),
> (offset_of(reserved_opts) + 18)}

Could not find any better way to suppress the ABI warning.
Any better idea?

> > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> > index 1228b6c8b1..168b837a82 100644
> > --- a/lib/security/rte_security.h
> > +++ b/lib/security/rte_security.h
> > @@ -264,6 +264,16 @@ struct rte_security_ipsec_sa_options {
> >   	 */
> >   	uint32_t l4_csum_enable : 1;
> >
> > +	/** Enable reassembly on incoming packets.
> > +	 *
> > +	 * * 1: Enable driver to try reassembly of encrypted IP packets for
> > +	 *      this SA, if supported by the driver. This feature will work
> > +	 *      only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in
> > +	 *      inline Ethernet device.
> > +	 * * 0: Disable reassembly of packets (default).
> > +	 */
> > +	uint32_t reass_en : 1;
> > +
> >   	/** Reserved bit fields for future extension
> >   	 *
> >   	 * User should ensure reserved_opts is cleared as it may change in
> > @@ -271,7 +281,7 @@ struct rte_security_ipsec_sa_options {
> >   	 *
> >   	 * Note: Reduce number of bits in reserved_opts for every new option.
> >   	 */
> > -	uint32_t reserved_opts : 18;
> > +	uint32_t reserved_opts : 17;
> >   };
> >
> >   /** IPSec security association direction */

Ferruh Yigit Feb. 2, 2022, 2:04 p.m. UTC | #3

On 2/2/2022 9:15 AM, Akhil Goyal wrote:
>> On 1/30/2022 5:59 PM, Akhil Goyal wrote:
>>> A new option is added in IPsec to enable and attempt reassembly
>>> of inbound packets.
>>>
>>> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
>>> ---
>>>    devtools/libabigail.abignore | 14 ++++++++++++++
>>>    lib/security/rte_security.h  | 12 +++++++++++-
>>
>>
>> +Radu for review
>>
>>>    2 files changed, 25 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore
>>> index 90f449c43a..c6e304282f 100644
>>> --- a/devtools/libabigail.abignore
>>> +++ b/devtools/libabigail.abignore
>>> @@ -16,3 +16,17 @@
>>>    [suppress_type]
>>>    	name = rte_eth_dev_info
>>>    	has_data_member_inserted_between = {offset_of(reserved_64s), end}
>>> +
>>> +; Ignore fields inserted in place of reserved_opts of
>> rte_security_ipsec_sa_options
>>> +[suppress_type]
>>> +       name = rte_ipsec_sa_prm
>>> +       name = rte_security_ipsec_sa_options
>>> +       has_data_member_inserted_between = {offset_of(reserved_opts), end}
>>> +
>>> +[suppress_type]
>>> +       name = rte_security_capability
>>> +       has_data_member_inserted_between = {offset_of(reserved_opts),
>> (offset_of(reserved_opts) + 18)}
>>> +
>>> +[suppress_type]
>>> +       name = rte_security_session_conf
>>> +       has_data_member_inserted_between = {offset_of(reserved_opts),
>> (offset_of(reserved_opts) + 18)}
> 
> Could not find any better way to suppress the ABI warning.
> Any better idea?
> 

+David for it, who knows abigail better.

>>> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
>>> index 1228b6c8b1..168b837a82 100644
>>> --- a/lib/security/rte_security.h
>>> +++ b/lib/security/rte_security.h
>>> @@ -264,6 +264,16 @@ struct rte_security_ipsec_sa_options {
>>>    	 */
>>>    	uint32_t l4_csum_enable : 1;
>>>
>>> +	/** Enable reassembly on incoming packets.
>>> +	 *
>>> +	 * * 1: Enable driver to try reassembly of encrypted IP packets for
>>> +	 *      this SA, if supported by the driver. This feature will work
>>> +	 *      only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in
>>> +	 *      inline Ethernet device.
>>> +	 * * 0: Disable reassembly of packets (default).
>>> +	 */
>>> +	uint32_t reass_en : 1;
>>> +
>>>    	/** Reserved bit fields for future extension
>>>    	 *
>>>    	 * User should ensure reserved_opts is cleared as it may change in
>>> @@ -271,7 +281,7 @@ struct rte_security_ipsec_sa_options {
>>>    	 *
>>>    	 * Note: Reduce number of bits in reserved_opts for every new option.
>>>    	 */
>>> -	uint32_t reserved_opts : 18;
>>> +	uint32_t reserved_opts : 17;
>>>    };
>>>
>>>    /** IPSec security association direction */
>

diff mbox series

Patch

diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore
index 90f449c43a..c6e304282f 100644
--- a/devtools/libabigail.abignore
+++ b/devtools/libabigail.abignore
@@ -16,3 +16,17 @@ 
 [suppress_type]
 	name = rte_eth_dev_info
 	has_data_member_inserted_between = {offset_of(reserved_64s), end}
+
+; Ignore fields inserted in place of reserved_opts of rte_security_ipsec_sa_options
+[suppress_type]
+       name = rte_ipsec_sa_prm
+       name = rte_security_ipsec_sa_options
+       has_data_member_inserted_between = {offset_of(reserved_opts), end}
+
+[suppress_type]
+       name = rte_security_capability
+       has_data_member_inserted_between = {offset_of(reserved_opts), (offset_of(reserved_opts) + 18)}
+
+[suppress_type]
+       name = rte_security_session_conf
+       has_data_member_inserted_between = {offset_of(reserved_opts), (offset_of(reserved_opts) + 18)}
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 1228b6c8b1..168b837a82 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -264,6 +264,16 @@  struct rte_security_ipsec_sa_options {
 	 */
 	uint32_t l4_csum_enable : 1;
 
+	/** Enable reassembly on incoming packets.
+	 *
+	 * * 1: Enable driver to try reassembly of encrypted IP packets for
+	 *      this SA, if supported by the driver. This feature will work
+	 *      only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in
+	 *      inline Ethernet device.
+	 * * 0: Disable reassembly of packets (default).
+	 */
+	uint32_t reass_en : 1;
+
 	/** Reserved bit fields for future extension
 	 *
 	 * User should ensure reserved_opts is cleared as it may change in
@@ -271,7 +281,7 @@  struct rte_security_ipsec_sa_options {
 	 *
 	 * Note: Reduce number of bits in reserved_opts for every new option.
 	 */
-	uint32_t reserved_opts : 18;
+	uint32_t reserved_opts : 17;
 };
 
 /** IPSec security association direction */