Message ID | 20210917091747.1528262-1-radu.nicolau@intel.com (mailing list archive) |
---|---|
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DCA3FA0C46; Fri, 17 Sep 2021 11:26:12 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 45463410EA; Fri, 17 Sep 2021 11:26:08 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mails.dpdk.org (Postfix) with ESMTP id B2D6440689 for <dev@dpdk.org>; Fri, 17 Sep 2021 11:26:05 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10109"; a="209991895" X-IronPort-AV: E=Sophos;i="5.85,300,1624345200"; d="scan'208";a="209991895" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Sep 2021 02:25:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,300,1624345200"; d="scan'208";a="546264803" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by FMSMGA003.fm.intel.com with ESMTP; 17 Sep 2021 02:25:47 -0700 From: Radu Nicolau <radu.nicolau@intel.com> To: Cc: dev@dpdk.org, mdr@ashroe.eu, konstantin.ananyev@intel.com, vladimir.medvedkin@intel.com, bruce.richardson@intel.com, roy.fan.zhang@intel.com, hemant.agrawal@nxp.com, gakhil@marvell.com, anoobj@marvell.com, declan.doherty@intel.com, abhijit.sinha@intel.com, daniel.m.buckley@intel.com, marchana@marvell.com, ktejasree@marvell.com, matan@nvidia.com, Radu Nicolau <radu.nicolau@intel.com> Date: Fri, 17 Sep 2021 10:17:37 +0100 Message-Id: <20210917091747.1528262-1-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210713133542.3550525-1-radu.nicolau@intel.com> References: <20210713133542.3550525-1-radu.nicolau@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v6 00/10] new features for ipsec and security libraries X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Series |
new features for ipsec and security libraries
|
|
Message
Radu Nicolau
Sept. 17, 2021, 9:17 a.m. UTC
Add support for: TSO, NAT-T/UDP encapsulation, ESN AES_CCM, CHACHA20_POLY1305 and AES_GMAC SA telemetry mbuf offload flags Initial SQN value Signed-off-by: Declan Doherty <declan.doherty@intel.com> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com> Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com> Radu Nicolau (10): security: add support for TSO on IPsec session security: add UDP params for IPsec NAT-T security: add ESN field to ipsec_xform mbuf: add IPsec ESP tunnel type ipsec: add support for AEAD algorithms ipsec: add transmit segmentation offload support ipsec: add support for NAT-T ipsec: add support for SA telemetry ipsec: add support for initial SQN value ipsec: add ol_flags support lib/ipsec/crypto.h | 137 ++++++++++++ lib/ipsec/esp_inb.c | 88 +++++++- lib/ipsec/esp_outb.c | 262 +++++++++++++++++++---- lib/ipsec/iph.h | 27 ++- lib/ipsec/meson.build | 2 +- lib/ipsec/rte_ipsec.h | 23 ++ lib/ipsec/rte_ipsec_sa.h | 11 +- lib/ipsec/sa.c | 406 ++++++++++++++++++++++++++++++++++-- lib/ipsec/sa.h | 43 ++++ lib/ipsec/version.map | 9 + lib/mbuf/rte_mbuf_core.h | 1 + lib/security/rte_security.h | 31 +++ 12 files changed, 967 insertions(+), 73 deletions(-)
Comments
> > Add support for: > TSO, NAT-T/UDP encapsulation, ESN > AES_CCM, CHACHA20_POLY1305 and AES_GMAC > SA telemetry > mbuf offload flags > Initial SQN value I provided my comments for individual patches. There are few more generic ones, I have: 1. Documentation updates are missing. Specially things that need to be documented properly: - changes in the public API and current behaviour. 2. In some patches you describe the actual changes, but without providing any reason why it is necessary. 3. For new algos/features it would be really good to extend examples/ipsec-secgw/test with new test-cases. 4. When submitting new version - it would be really good to have in cover-letter a summary of changes from previous version, so reviewer can avoid looking through all patches again. 5. The series contains mix of patches for completely different features. It would be much cleaner to have a separate series for each such feature. Let say series to enable feature X: - patch to update lib/security public headers (if any) - patch(es) to update lib/ipsec - patch(es) to update PMD to implement new functionality (if any) - patch(es) to update examples/ipec-secgw to enable new functionality - patch(es) to update examples/ipsec-secgw/test to add new test-cases (if any) > > Signed-off-by: Declan Doherty <declan.doherty@intel.com> > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> > Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com> > Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com> > > Radu Nicolau (10): > security: add support for TSO on IPsec session > security: add UDP params for IPsec NAT-T > security: add ESN field to ipsec_xform > mbuf: add IPsec ESP tunnel type > ipsec: add support for AEAD algorithms > ipsec: add transmit segmentation offload support > ipsec: add support for NAT-T > ipsec: add support for SA telemetry > ipsec: add support for initial SQN value > ipsec: add ol_flags support > > lib/ipsec/crypto.h | 137 ++++++++++++ > lib/ipsec/esp_inb.c | 88 +++++++- > lib/ipsec/esp_outb.c | 262 +++++++++++++++++++---- > lib/ipsec/iph.h | 27 ++- > lib/ipsec/meson.build | 2 +- > lib/ipsec/rte_ipsec.h | 23 ++ > lib/ipsec/rte_ipsec_sa.h | 11 +- > lib/ipsec/sa.c | 406 ++++++++++++++++++++++++++++++++++-- > lib/ipsec/sa.h | 43 ++++ > lib/ipsec/version.map | 9 + > lib/mbuf/rte_mbuf_core.h | 1 + > lib/security/rte_security.h | 31 +++ > 12 files changed, 967 insertions(+), 73 deletions(-) > > -- > v2: fixed lib/ipsec/version.map updates to show correct version > v3: fixed build error and corrected misspelled email address > v4: add doxygen comments for the IPsec telemetry APIs > update inline comments refering to the wrong RFC > v5: update commit messages after feedback > update the UDP encapsulation patch to actually use the configured ports > v6: fix initial SQN value > > 2.25.1