[dpdk-dev] [PATCH v2 1/2] lib/security: add support for get metadata

Anoob anoob.joseph at caviumnetworks.com
Wed Nov 22 12:52:53 CET 2017

Previous message: [dpdk-dev] [PATCH v2 1/2] lib/security: add support for get metadata
Next message: [dpdk-dev] [PATCH v2 1/2] lib/security: add support for get metadata
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

See inline.


Thanks,
Anoob

On 11/22/2017 04:59 PM, Radu Nicolau wrote:
>
>
> On 11/22/2017 6:55 AM, Anoob Joseph wrote:
>> In case of inline protocol processed ingress traffic, the packet may not
>> have enough information to determine the security parameters with which
>> the packet was processed. For such cases, application could register a
>> 64 bit metadata in security session, which could be retrieved from the
>> packet using "rte_security_get_pkt_metadata" API. Application can use
>> this metadata to identify the parameters it need.
>>
>> Application can choose what it should register as the metadata. It can
>> register SPI or a pointer to SA.
>>
>> Signed-off-by: Anoob Joseph <anoob.joseph at caviumnetworks.com>
>> ---
>> v2:
>> * Replaced get_session and get_cookie APIs with get_pkt_metadata API
>>
>>   lib/librte_security/rte_security.c        | 13 +++++++++++++
>>   lib/librte_security/rte_security.h        | 19 +++++++++++++++++++
>>   lib/librte_security/rte_security_driver.h | 16 ++++++++++++++++
>>   3 files changed, 48 insertions(+)
>>
>> diff --git a/lib/librte_security/rte_security.c 
>> b/lib/librte_security/rte_security.c
>> index 1227fca..804f11f 100644
>> --- a/lib/librte_security/rte_security.c
>> +++ b/lib/librte_security/rte_security.c
>> @@ -108,6 +108,19 @@ rte_security_set_pkt_metadata(struct 
>> rte_security_ctx *instance,
>>                              sess, m, params);
>>   }
>>   +uint64_t
>> +rte_security_get_pkt_metadata(struct rte_security_ctx *instance,
>> +                  struct rte_mbuf *pkt)
>> +{
>> +    uint64_t mdata = 0;
>> +
>> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_pkt_metadata, 0);
>> +    if (instance->ops->get_pkt_metadata(instance->device, pkt, &mdata))
>> +        return 0;
>> +
>> +    return mdata;
>> +}
>> +
> Can you change the returned type to void *?
Will do that.
>>   const struct rte_security_capability *
>>   rte_security_capabilities_get(struct rte_security_ctx *instance)
>>   {
>> diff --git a/lib/librte_security/rte_security.h 
>> b/lib/librte_security/rte_security.h
>> index 653929b..aa3a471 100644
>> --- a/lib/librte_security/rte_security.h
>> +++ b/lib/librte_security/rte_security.h
>> @@ -274,6 +274,8 @@ struct rte_security_session_conf {
>>       /**< Configuration parameters for security session */
>>       struct rte_crypto_sym_xform *crypto_xform;
>>       /**< Security Session Crypto Transformations */
>> +    uint64_t metadata;
>> +    /**< Metadata registered by application */
>>   };
> Can you rename it to userdata?
Will do it. Thought it would be confusing, as this will be returned by 
rte_security_get_pkt_metadata. So get_metadata would give userdata of 
the security session. I can document it that way and proceed, right?
>>     struct rte_security_session {
>> @@ -346,6 +348,23 @@ rte_security_set_pkt_metadata(struct 
>> rte_security_ctx *instance,
>>                     struct rte_mbuf *mb, void *params);
>>     /**
>> + * Get metadata from the packet. This is an application registered 
>> 64 bit
>> + * value, associated with the security session which processed the 
>> packet.
>> + *
>> + * This is valid only for inline processed ingress packets.
>> + *
>> + * @param   instance    security instance
>> + * @param   pkt        packet mbuf
>> + *
>> + * @return
>> + *  - On success, metadata
>> + *  - On failure, 0
>> + */
>> +uint64_t
>> +rte_security_get_pkt_metadata(struct rte_security_ctx *instance,
>> +                  struct rte_mbuf *pkt);
>> +
>> +/**
>>    * Attach a session to a symmetric crypto operation
>>    *
>>    * @param    sym_op    crypto operation
>> diff --git a/lib/librte_security/rte_security_driver.h 
>> b/lib/librte_security/rte_security_driver.h
>> index 997fbe7..da0ebf4 100644
>> --- a/lib/librte_security/rte_security_driver.h
>> +++ b/lib/librte_security/rte_security_driver.h
>> @@ -122,6 +122,20 @@ typedef int (*security_set_pkt_metadata_t)(void 
>> *device,
>>           void *params);
>>     /**
>> + * Get application interpretable metadata from the packet.
>> + *
>> + * @param    device        Crypto/eth device pointer
>> + * @param    pkt        Packet mbuf
>> + * @param    mt        Pointer to receive metadata
>> + *
>> + * @return
>> + *  - Returns 0 if metadata is retrieved successfully.
>> + *  - Returns -ve value for errors.
>> + */
>> +typedef int (*security_get_pkt_metadata_t)(void *device,
>> +        struct rte_mbuf *pkt, uint64_t *mt);
>> +
>> +/**
>>    * Get security capabilities of the device.
>>    *
>>    * @param    device        crypto/eth device pointer
>> @@ -145,6 +159,8 @@ struct rte_security_ops {
>>       /**< Clear a security sessions private data. */
>>       security_set_pkt_metadata_t set_pkt_metadata;
>>       /**< Update mbuf metadata. */
>> +    security_get_pkt_metadata_t get_pkt_metadata;
>> +    /**< Get metadata from packet. */
>>       security_capabilities_get_t capabilities_get;
>>       /**< Get security capabilities. */
>>   };
>

Previous message: [dpdk-dev] [PATCH v2 1/2] lib/security: add support for get metadata
Next message: [dpdk-dev] [PATCH v2 1/2] lib/security: add support for get metadata
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list