[dpdk-dev] [PATCH 0/5] Add SA lifetime in security
Anoob Joseph
anoobj at marvell.com
Tue Aug 17 15:42:42 CEST 2021
Add SA lifetime configuration in security. SA lifetime tracking can be
offloaded on supported PMDs.
SA lifetime would cover soft & hard expiry in units of number of packets and
bytes. When SA soft expiry happens, the packet is successfuly processed but
with additional expiry notification. Crypto op structure, ``rte_crypto_op``
is updated to cover such notifications with lookaside protocol offloads.
SA hard expiration would cause IPsec processing to return an error.
PMDs crypto_cn10k and crypto_octeontx2 are updated with their respective
lifetime tracking capabilities. Unit tests are added for soft and hard expiry
with number of packets.
Depends on
1. http://patches.dpdk.org/project/dpdk/list/?series=18253
2. http://patches.dpdk.org/project/dpdk/list/?series=18292
Anoob Joseph (5):
security: add SA lifetime configuration
common/cnxk: support lifetime configuration
crypto/octeontx2: add checks for life configuration
test/crypto: add packets soft expiry tests
test/crypto: add packets hard expiry tests
app/test/test_cryptodev.c | 38 +++++++++++-
app/test/test_cryptodev_security_ipsec.c | 40 +++++++++++--
app/test/test_cryptodev_security_ipsec.h | 5 +-
.../test_cryptodev_security_ipsec_test_vectors.h | 3 -
drivers/common/cnxk/cnxk_security.c | 70 ++++++++++++++++++++++
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 48 +++++++++++----
drivers/crypto/octeontx2/otx2_ipsec_po.h | 6 ++
examples/ipsec-secgw/ipsec.c | 2 +-
examples/ipsec-secgw/ipsec.h | 2 +-
lib/cryptodev/rte_crypto.h | 18 +++++-
lib/security/rte_security.h | 28 ++++++++-
11 files changed, 233 insertions(+), 27 deletions(-)
--
2.7.4
More information about the dev
mailing list