[dpdk-dev] [PATCH 0/5] Add SA lifetime in security

Anoob Joseph anoobj at marvell.com
Tue Aug 17 15:42:42 CEST 2021


Add SA lifetime configuration in security. SA lifetime tracking can be
offloaded on supported PMDs.

SA lifetime would cover soft & hard expiry in units of number of packets and
bytes. When SA soft expiry happens, the packet is successfuly processed but
with additional expiry notification. Crypto op structure, ``rte_crypto_op``
is updated to cover such notifications with lookaside protocol offloads.

SA hard expiration would cause IPsec processing to return an error.

PMDs crypto_cn10k and crypto_octeontx2 are updated with their respective
lifetime tracking capabilities. Unit tests are added for soft and hard expiry
with number of packets.

Depends on
1. http://patches.dpdk.org/project/dpdk/list/?series=18253
2. http://patches.dpdk.org/project/dpdk/list/?series=18292

Anoob Joseph (5):
  security: add SA lifetime configuration
  common/cnxk: support lifetime configuration
  crypto/octeontx2: add checks for life configuration
  test/crypto: add packets soft expiry tests
  test/crypto: add packets hard expiry tests

 app/test/test_cryptodev.c                          | 38 +++++++++++-
 app/test/test_cryptodev_security_ipsec.c           | 40 +++++++++++--
 app/test/test_cryptodev_security_ipsec.h           |  5 +-
 .../test_cryptodev_security_ipsec_test_vectors.h   |  3 -
 drivers/common/cnxk/cnxk_security.c                | 70 ++++++++++++++++++++++
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c          | 48 +++++++++++----
 drivers/crypto/octeontx2/otx2_ipsec_po.h           |  6 ++
 examples/ipsec-secgw/ipsec.c                       |  2 +-
 examples/ipsec-secgw/ipsec.h                       |  2 +-
 lib/cryptodev/rte_crypto.h                         | 18 +++++-
 lib/security/rte_security.h                        | 28 ++++++++-
 11 files changed, 233 insertions(+), 27 deletions(-)

-- 
2.7.4



More information about the dev mailing list