[dpdk-dev] [RFC] net/mlx5: add IPsec offload support

[Slava Ovsiienko]

The DPDK ethernet device might support the offload for security
operations. Since ConnectX-6DX the hardware implements the
cryptographic options required to provide the IPsec protocol
offload and there is an intention to update mlx5 PMD to make this
security offload capability available.

The minimal required set of offload options to be supported:
  - crypto inline offload only
    (RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) 
  - ESP protocol only (AH will be not supported)
  - AES-GCM 128/256 algorithms
  - support both Transport and Tunnel modes
  - operate on BlueField-2, ConnectX-6DX and above
  - support both IPv4 and IPv6
  - VXLAN/GRE tunnel support

The common updates in mlx5 PMD include the standard security
context API support:
  - rte_security_capabilities_get()
  - rte_security_session_get_size()
  - rte_security_session_create()
  - rte_security_session_destroy()
  - rte_security_session_update()

The mlx5 data path update includes:
  - RTE_SECURITY_DYNFIELD_NAME mbuf dynamic field support
  - rte_security_get_user_data()
  - rte_security_get_stats_get()
  - PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD_FAILED,
    PKT_TX_SEC_OFFLOAD mbuf flags support
  - report of DEV_RX_OFFLOAD_SECURITY and DEV_TX_OFFLOAD_SECURITY

The mlx5 rte_flow API update includes:
  - RTE_FLOW_ACTION_TYPE_SECURITY action support
  - RTE_FLOW_ITEM_TYPE_ESP item support
  - support RSS over ESP option

Signed-off-by: Viacheslav Ovsiienko <viacheslavo at nvidia.com>