Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/48435/?format=api
https://patches.dpdk.org/api/patches/48435/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/1543596366-22617-1-git-send-email-konstantin.ananyev@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1543596366-22617-1-git-send-email-konstantin.ananyev@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1543596366-22617-1-git-send-email-konstantin.ananyev@intel.com", "date": "2018-11-30T16:45:57", "name": "[v2,0/9] ipsec: new library for IPsec data-path processing", "commit_ref": null, "pull_url": null, "state": null, "archived": false, "hash": null, "submitter": { "id": 33, "url": "https://patches.dpdk.org/api/people/33/?format=api", "name": "Ananyev, Konstantin", "email": "konstantin.ananyev@intel.com" }, "delegate": null, "mbox": "https://patches.dpdk.org/project/dpdk/patch/1543596366-22617-1-git-send-email-konstantin.ananyev@intel.com/mbox/", "series": [], "comments": "https://patches.dpdk.org/api/patches/48435/comments/", "check": "pending", "checks": "https://patches.dpdk.org/api/patches/48435/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 55C641B572;\n\tFri, 30 Nov 2018 17:46:24 +0100 (CET)", "from mga17.intel.com (mga17.intel.com [192.55.52.151])\n\tby dpdk.org (Postfix) with ESMTP id 238AC1B56E\n\tfor <dev@dpdk.org>; Fri, 30 Nov 2018 17:46:22 +0100 (CET)", "from orsmga007.jf.intel.com ([10.7.209.58])\n\tby fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t30 Nov 2018 08:46:22 -0800", "from sivswdev08.ir.intel.com (HELO localhost.localdomain)\n\t([10.237.217.47])\n\tby orsmga007.jf.intel.com with ESMTP; 30 Nov 2018 08:46:20 -0800" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.56,299,1539673200\"; d=\"scan'208\";a=\"94677598\"", "From": "Konstantin Ananyev <konstantin.ananyev@intel.com>", "To": "dev@dpdk.org", "Cc": "Konstantin Ananyev <konstantin.ananyev@intel.com>", "Date": "Fri, 30 Nov 2018 16:45:57 +0000", "Message-Id": "<1543596366-22617-1-git-send-email-konstantin.ananyev@intel.com>", "X-Mailer": "git-send-email 1.7.0.7", "In-Reply-To": "<1542326031-5263-2-git-send-email-konstantin.ananyev@intel.com>", "References": "<1542326031-5263-2-git-send-email-konstantin.ananyev@intel.com>", "Subject": "[dpdk-dev] [PATCH v2 0/9] ipsec: new library for IPsec data-path\n\tprocessing", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "This patch series depends on the patch:\nhttp://patches.dpdk.org/patch/48044/\nto be applied first.\n\nv1 -> v2\n - Changes to get into account l2_len for outbound transport packets\n (Qi comments)\n - Several bug fixes\n - Some code restructured\n - Update MAINTAINERS file\n\nRFCv2 -> v1\n - Changes per Jerin comments\n - Implement transport mode\n - Several bug fixes\n - UT largely reworked and extended\n\nThis patch introduces a new library within DPDK: librte_ipsec.\nThe aim is to provide DPDK native high performance library for IPsec\ndata-path processing.\nThe library is supposed to utilize existing DPDK crypto-dev and\nsecurity API to provide application with transparent IPsec processing\nAPI.\nThe library is concentrated on data-path protocols processing (ESP and\nAH),\nIKE protocol(s) implementation is out of scope for that library.\nCurrent patch introduces SA-level API.\n\nSA (low) level API\n==================\n\nAPI described below operates on SA level.\nIt provides functionality that allows user for given SA to process\ninbound and outbound IPsec packets.\nTo be more specific:\n- for inbound ESP/AH packets perform decryption, authentication,\n integrity checking, remove ESP/AH related headers\n- for outbound packets perform payload encryption, attach ICV,\n update/add IP headers, add ESP/AH headers/trailers,\n setup related mbuf felids (ol_flags, tx_offloads, etc.).\n- initialize/un-initialize given SA based on user provided parameters.\n\nThe following functionality:\n - match inbound/outbound packets to particular SA\n - manage crypto/security devices\n - provide SAD/SPD related functionality\n - determine what crypto/security device has to be used\n for given packet(s)\nis out of scope for SA-level API.\n\nSA-level API is based on top of crypto-dev/security API and relies on\nthem\nto perform actual cipher and integrity checking.\nTo have an ability to easily map crypto/security sessions into related\nIPSec SA opaque userdata field was added into\nrte_cryptodev_sym_session and rte_security_session structures.\nThat implies ABI change for both librte_crytpodev and librte_security.\n\nDue to the nature of crypto-dev API (enqueue/deque model) we use\nasynchronous API for IPsec packets destined to be processed\nby crypto-device.\nExpected API call sequence would be:\n /* enqueue for processing by crypto-device */\n rte_ipsec_pkt_crypto_prepare(...);\n rte_cryptodev_enqueue_burst(...);\n /* dequeue from crypto-device and do final processing (if any) */\n rte_cryptodev_dequeue_burst(...);\n rte_ipsec_pkt_crypto_group(...); /* optional */\n rte_ipsec_pkt_process(...);\n\nThough for packets destined for inline processing no extra overhead\nis required and synchronous API call: rte_ipsec_pkt_process()\nis sufficient for that case.\n\nCurrent implementation supports all four currently defined rte_security\ntypes.\nThough to accommodate future custom implementations function pointers\nmodel is used for both for *crypto_prepare* and *process*\nimpelementations.\n\nTODO list\n---------\n - update docs\n\nKonstantin Ananyev (9):\n cryptodev: add opaque userdata pointer into crypto sym session\n security: add opaque userdata pointer into security session\n net: add ESP trailer structure definition\n lib: introduce ipsec library\n ipsec: add SA data-path API\n ipsec: implement SA data-path API\n ipsec: rework SA replay window/SQN for MT environment\n ipsec: helper functions to group completed crypto-ops\n test/ipsec: introduce functional test\n\n MAINTAINERS | 5 +\n config/common_base | 5 +\n lib/Makefile | 2 +\n lib/librte_cryptodev/rte_cryptodev.h | 2 +\n lib/librte_ipsec/Makefile | 27 +\n lib/librte_ipsec/crypto.h | 123 ++\n lib/librte_ipsec/iph.h | 84 +\n lib/librte_ipsec/ipsec_sqn.h | 343 ++++\n lib/librte_ipsec/meson.build | 10 +\n lib/librte_ipsec/pad.h | 45 +\n lib/librte_ipsec/rte_ipsec.h | 156 ++\n lib/librte_ipsec/rte_ipsec_group.h | 151 ++\n lib/librte_ipsec/rte_ipsec_sa.h | 166 ++\n lib/librte_ipsec/rte_ipsec_version.map | 15 +\n lib/librte_ipsec/sa.c | 1381 +++++++++++++++\n lib/librte_ipsec/sa.h | 98 ++\n lib/librte_ipsec/ses.c | 45 +\n lib/librte_net/rte_esp.h | 10 +-\n lib/librte_security/rte_security.h | 2 +\n lib/meson.build | 2 +\n mk/rte.app.mk | 2 +\n test/test/Makefile | 3 +\n test/test/meson.build | 3 +\n test/test/test_ipsec.c | 2209 ++++++++++++++++++++++++\n 24 files changed, 4888 insertions(+), 1 deletion(-)\n create mode 100644 lib/librte_ipsec/Makefile\n create mode 100644 lib/librte_ipsec/crypto.h\n create mode 100644 lib/librte_ipsec/iph.h\n create mode 100644 lib/librte_ipsec/ipsec_sqn.h\n create mode 100644 lib/librte_ipsec/meson.build\n create mode 100644 lib/librte_ipsec/pad.h\n create mode 100644 lib/librte_ipsec/rte_ipsec.h\n create mode 100644 lib/librte_ipsec/rte_ipsec_group.h\n create mode 100644 lib/librte_ipsec/rte_ipsec_sa.h\n create mode 100644 lib/librte_ipsec/rte_ipsec_version.map\n create mode 100644 lib/librte_ipsec/sa.c\n create mode 100644 lib/librte_ipsec/sa.h\n create mode 100644 lib/librte_ipsec/ses.c\n create mode 100644 test/test/test_ipsec.c", "diff": null, "prefixes": [ "v2", "0/9" ] }{ "id": 48435, "url": "