mbox

[V5,00/11] pipeline: add IPsec support

Message ID 20230126133427.379941-1-cristian.dumitrescu@intel.com (mailing list archive)
Headers

Message

Cristian Dumitrescu Jan. 26, 2023, 1:34 p.m. UTC 
  This patch set introduces a companion block for the SWX pipeline for
IPsec support.

The IPsec block is external to the pipeline, hence it needs to be
explicitly instantiated by the user and connected to a pipeline
instance through the pipeline I/O ports.

Main features:
* IPsec inbound (encrypted input packets -> clear text output packets)
and outbound (clear text input packets -> encrypted output packets)
processing support for tunnel and transport modes.

Interaction of the IPsec block with the pipeline:
* Each IPsec block instance has its own set of Security Associations
(SAs) used to process the input packets. Each SA is identified by its
unique SA ID. The IPsec inbound and outbound SAs share the same ID
space.
* Each input packet is first mapped to one of the existing SAs by
using the SA ID and then processed according to the identified SA. The
SA ID is read from input packet. The SA ID field is typically written
by the pipeline before sending the packet to the IPsec block.

Change log:

V5:
Fixed build issue for gcc 4.8.5.

V4:
Fixed Doxygen issues.

V3:
Rebased on top of main latest.

V2:
Fixed minor style issues.

Cristian Dumitrescu (11):
  pipeline: add IPsec support
  examples/pipeline: rework memory pool support
  examples/pipeline: streamline ring support
  examples/pipeline: streamline the Ethernet device support
  examples/pipeline: support crypto devices
  examples/pipeline: add CLI command for crypto device
  examples/pipeline: add IPsec CLI commands
  examples/pipeline: rework the thread configuration updates
  examples/pipeline: support blocks other than pipelines
  examples/pipeline: add block enable/disable CLI commands
  examples/pipeline: add IPsec example

 examples/pipeline/cli.c                       |  896 ++++++--
 examples/pipeline/examples/fib.cli            |    4 +-
 examples/pipeline/examples/hash_func.cli      |    4 +-
 examples/pipeline/examples/ipsec.cli          |   57 +
 examples/pipeline/examples/ipsec.io           |   23 +
 examples/pipeline/examples/ipsec.spec         |  138 ++
 examples/pipeline/examples/ipsec_sa.txt       |  216 ++
 examples/pipeline/examples/l2fwd.cli          |    4 +-
 examples/pipeline/examples/l2fwd_macswp.cli   |    4 +-
 .../pipeline/examples/l2fwd_macswp_pcap.cli   |    4 +-
 examples/pipeline/examples/l2fwd_pcap.cli     |    4 +-
 examples/pipeline/examples/learner.cli        |    4 +-
 examples/pipeline/examples/meter.cli          |    4 +-
 examples/pipeline/examples/mirroring.cli      |    4 +-
 examples/pipeline/examples/recirculation.cli  |    4 +-
 examples/pipeline/examples/registers.cli      |    4 +-
 examples/pipeline/examples/selector.cli       |    4 +-
 examples/pipeline/examples/varbit.cli         |    4 +-
 examples/pipeline/examples/vxlan.cli          |    4 +-
 examples/pipeline/examples/vxlan_pcap.cli     |    4 +-
 examples/pipeline/main.c                      |   12 +-
 examples/pipeline/obj.c                       |  361 +---
 examples/pipeline/obj.h                       |  100 +-
 examples/pipeline/thread.c                    |  655 +++---
 examples/pipeline/thread.h                    |   24 +-
 lib/pipeline/meson.build                      |    4 +-
 lib/pipeline/rte_swx_ipsec.c                  | 1821 +++++++++++++++++
 lib/pipeline/rte_swx_ipsec.h                  |  383 ++++
 lib/pipeline/version.map                      |    9 +
 29 files changed, 3741 insertions(+), 1018 deletions(-)
 create mode 100644 examples/pipeline/examples/ipsec.cli
 create mode 100644 examples/pipeline/examples/ipsec.io
 create mode 100644 examples/pipeline/examples/ipsec.spec
 create mode 100644 examples/pipeline/examples/ipsec_sa.txt
 create mode 100644 lib/pipeline/rte_swx_ipsec.c
 create mode 100644 lib/pipeline/rte_swx_ipsec.h