[dpdk-dev] [PATCH v5 06/11] ethdev: support security APIs
    Shahaf Shuler 
    shahafs at mellanox.com
       
    Wed Oct 25 09:01:33 CEST 2017
    
    
  
Hi,
I know we are in a rush to put this patches in before RC2. however I still see critical issue (below).
Tuesday, October 24, 2017 5:16 PM, Akhil Goyal:
> From: Declan Doherty <declan.doherty at intel.com>
> 
> rte_flow_action type and ethdev updated to support rte_security sessions
> for crypto offload to ethernet device.
> 
> Signed-off-by: Boris Pismenny <borisp at mellanox.com>
> Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
> Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
> Signed-off-by: Declan Doherty <declan.doherty at intel.com>
> ---
>  lib/librte_ether/rte_ethdev.c           | 7 +++++++
>  lib/librte_ether/rte_ethdev.h           | 8 ++++++++
>  lib/librte_ether/rte_ethdev_version.map | 1 +
>  3 files changed, 16 insertions(+)
> 
> diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c
> index 0b1e928..a3b0e4e 100644
> --- a/lib/librte_ether/rte_ethdev.c
> +++ b/lib/librte_ether/rte_ethdev.c
> @@ -301,6 +301,13 @@ rte_eth_dev_socket_id(uint16_t port_id)
>  	return rte_eth_devices[port_id].data->numa_node;
>  }
> 
> +void *
> +rte_eth_dev_get_sec_ctx(uint8_t port_id) {
> +	RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, NULL);
> +	return rte_eth_devices[port_id].security_ctx;
> +}
> +
>  uint16_t
>  rte_eth_dev_count(void)
>  {
> diff --git a/lib/librte_ether/rte_ethdev.h b/lib/librte_ether/rte_ethdev.h
> index b773589..119f7fc 100644
> --- a/lib/librte_ether/rte_ethdev.h
> +++ b/lib/librte_ether/rte_ethdev.h
> @@ -180,6 +180,8 @@ extern "C" {
>  #include <rte_dev.h>
>  #include <rte_devargs.h>
>  #include <rte_errno.h>
> +#include <rte_common.h>
> +
>  #include "rte_ether.h"
>  #include "rte_eth_ctrl.h"
>  #include "rte_dev_info.h"
> @@ -963,6 +965,7 @@ struct rte_eth_conf {
>  #define DEV_RX_OFFLOAD_CRC_STRIP	0x00001000
>  #define DEV_RX_OFFLOAD_SCATTER		0x00002000
>  #define DEV_RX_OFFLOAD_TIMESTAMP	0x00004000
> +#define DEV_RX_OFFLOAD_SECURITY         0x00008000
How application will control this offload on 17.11 ? 
The PMDs are not yet moved to the new API, so crypto offload is going to be enabled by default with no way to disable? 
>  #define DEV_RX_OFFLOAD_CHECKSUM (DEV_RX_OFFLOAD_IPV4_CKSUM |
> \
>  				 DEV_RX_OFFLOAD_UDP_CKSUM | \
>  				 DEV_RX_OFFLOAD_TCP_CKSUM)
> @@ -998,6 +1001,7 @@ struct rte_eth_conf {
>   *   When set application must guarantee that per-queue all mbufs comes
> from
>   *   the same mempool and has refcnt = 1.
>   */
> +#define DEV_TX_OFFLOAD_SECURITY         0x00020000
Same point here.
> 
>  struct rte_pci_device;
> 
> @@ -1741,8 +1745,12 @@ struct rte_eth_dev {
>  	 */
>  	struct rte_eth_rxtx_callback
> *pre_tx_burst_cbs[RTE_MAX_QUEUES_PER_PORT];
>  	enum rte_eth_dev_state state; /**< Flag indicating the port state */
> +	void *security_ctx; /**< Context for security ops */
>  } __rte_cache_aligned;
> 
> +void *
> +rte_eth_dev_get_sec_ctx(uint8_t port_id);
> +
>  struct rte_eth_dev_sriov {
>  	uint8_t active;               /**< SRIOV is active with 16, 32 or 64 pools */
>  	uint8_t nb_q_per_pool;        /**< rx queue number per pool */
> diff --git a/lib/librte_ether/rte_ethdev_version.map
> b/lib/librte_ether/rte_ethdev_version.map
> index 57d9b54..e9681ac 100644
> --- a/lib/librte_ether/rte_ethdev_version.map
> +++ b/lib/librte_ether/rte_ethdev_version.map
> @@ -191,6 +191,7 @@ DPDK_17.08 {
>  DPDK_17.11 {
>  	global:
> 
> +	rte_eth_dev_get_sec_ctx;
>  	rte_eth_dev_pool_ops_supported;
>  	rte_eth_dev_reset;
>  	rte_flow_error_set;
> --
> 2.9.3
    
    
More information about the dev
mailing list