From: "Doherty, Declan" <declan.doherty@intel.com>
To: Konstantin Ananyev <konstantin.ananyev@intel.com>, dev@dpdk.org
Cc: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Subject: Re: [PATCH v3 4/9] lib: introduce ipsec library
Date: Tue, 11 Dec 2018 17:25:36 +0000 [thread overview]
Message-ID: <ded0214c-e235-13e6-5394-bee2228a454d@intel.com> (raw)
In-Reply-To: <1544110714-4514-5-git-send-email-konstantin.ananyev@intel.com>
On 06/12/2018 3:38 PM, Konstantin Ananyev wrote:
> Introduce librte_ipsec library.
> The library is supposed to utilize existing DPDK crypto-dev and
> security API to provide application with transparent IPsec processing API.
> That initial commit provides some base API to manage
> IPsec Security Association (SA) object.
>
So cosmetics change suggested, otherwise looks fine to me.
> Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---
> MAINTAINERS | 5 +
...
> +
> +#ifndef _IPSEC_SQN_H_
> +#define _IPSEC_SQN_H_
> +
> +#define WINDOW_BUCKET_BITS 6 /* uint64_t */ > +#define WINDOW_BUCKET_SIZE (1 << WINDOW_BUCKET_BITS)
1 << 6 is a really confusing way of defining a 64 bit bucket size, is it
necessary to define this way?
> +#define WINDOW_BIT_LOC_MASK (WINDOW_BUCKET_SIZE - 1)
> +
> +/* minimum number of bucket, power of 2*/
> +#define WINDOW_BUCKET_MIN 2
> +#define WINDOW_BUCKET_MAX (INT16_MAX + 1)
> +
> +#define IS_ESN(sa) ((sa)->sqn_mask == UINT64_MAX)
> +
> +/*
> + * for given size, calculate required number of buckets.
> + */
> +static uint32_t
> +replay_num_bucket(uint32_t wsz)
> +{
> + uint32_t nb;
> +
> + nb = rte_align32pow2(RTE_ALIGN_MUL_CEIL(wsz, WINDOW_BUCKET_SIZE) /
> + WINDOW_BUCKET_SIZE);
> + nb = RTE_MAX(nb, (uint32_t)WINDOW_BUCKET_MIN);
> +
> + return nb;
> +}
> +
> +/**
> + * Based on number of buckets calculated required size for the
> + * structure that holds replay window and sequnce number (RSN) information.
^^ typo
> + */
> +static size_t
> +rsn_size(uint32_t nb_bucket)
> +{
> + size_t sz;
> + struct replay_sqn *rsn;
> +
> + sz = sizeof(*rsn) + nb_bucket * sizeof(rsn->window[0]);
> + sz = RTE_ALIGN_CEIL(sz, RTE_CACHE_LINE_SIZE);
> + return sz;
> +}
...
> +/**
> + * SA type is an 64-bit value that contain the following information:
> + * - IP version (IPv4/IPv6)
> + * - IPsec proto (ESP/AH)
> + * - inbound/outbound
> + * - mode (TRANSPORT/TUNNEL)
> + * - for TUNNEL outer IP version (IPv4/IPv6)
> + * ...
> + */
> +
> +enum {
> + RTE_SATP_LOG_IPV,
> + RTE_SATP_LOG_PROTO,
> + RTE_SATP_LOG_DIR,
> + RTE_SATP_LOG_MODE,
> + RTE_SATP_LOG_NUM
> +};
> +
> +#define RTE_IPSEC_SATP_IPV_MASK (1ULL << RTE_SATP_LOG_IPV)
> +#define RTE_IPSEC_SATP_IPV4 (0ULL << RTE_SATP_LOG_IPV)
> +#define RTE_IPSEC_SATP_IPV6 (1ULL << RTE_SATP_LOG_IPV)
> +
> +#define RTE_IPSEC_SATP_PROTO_MASK (1ULL << RTE_SATP_LOG_PROTO)
> +#define RTE_IPSEC_SATP_PROTO_AH (0ULL << RTE_SATP_LOG_PROTO)
> +#define RTE_IPSEC_SATP_PROTO_ESP (1ULL << RTE_SATP_LOG_PROTO)
> +
> +#define RTE_IPSEC_SATP_DIR_MASK (1ULL << RTE_SATP_LOG_DIR)
> +#define RTE_IPSEC_SATP_DIR_IB (0ULL << RTE_SATP_LOG_DIR)
> +#define RTE_IPSEC_SATP_DIR_OB (1ULL << RTE_SATP_LOG_DIR)
> +
> +#define RTE_IPSEC_SATP_MODE_MASK (3ULL << RTE_SATP_LOG_MODE)
> +#define RTE_IPSEC_SATP_MODE_TRANS (0ULL << RTE_SATP_LOG_MODE)
> +#define RTE_IPSEC_SATP_MODE_TUNLV4 (1ULL << RTE_SATP_LOG_MODE)
> +#define RTE_IPSEC_SATP_MODE_TUNLV6 (2ULL << RTE_SATP_LOG_MODE)
> +
for readability in the rest of the code I would suggest that using
either use RTE_IPSEC_SA_TYPE_ or just RTE_IPSEC_SA_ in the definitions
above. Also in the enumeration it's not clear to me what the the _LOG_
means, it's being used as the offset, so maybe _OFFSET_ would be a
better name but I I think it might clearer if absolute bit offsets were
used.
> +/**
> + * get type of given SA
> + * @return
> + * SA type value.
> + */
> +uint64_t __rte_experimental
> +rte_ipsec_sa_type(const struct rte_ipsec_sa *sa);
> +
> +/**
> + * Calculate requied SA size based on provided input parameters.
> + * @param prm
> + * Parameters that wil be used to initialise SA object.
^^ typo
> + * @return
> + * - Actual size required for SA with given parameters.
> + * - -EINVAL if the parameters are invalid.
> + */
> +int __rte_experimental
> +rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm);
> +
> +/**
...
> _LDLIBS-$(CONFIG_RTE_LIBRTE_CFGFILE) += -lrte_cfgfile
>
Acked-by: Declan Doherty <declan.doherty@intel.com>
next prev parent reply other threads:[~2018-12-11 17:25 UTC|newest]
Thread overview: 194+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-24 16:53 [RFC] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-09-03 12:41 ` Joseph, Anoob
2018-09-03 18:21 ` Ananyev, Konstantin
2018-09-05 14:39 ` Joseph, Anoob
[not found] ` <2601191342CEEE43887BDE71AB977258EA954BAD@irsmsx105.ger.corp.intel.com>
2018-09-12 18:09 ` Ananyev, Konstantin
2018-09-15 17:06 ` Joseph, Anoob
2018-09-16 10:56 ` Jerin Jacob
2018-09-17 18:12 ` Ananyev, Konstantin
2018-09-18 12:42 ` Ananyev, Konstantin
2018-09-20 14:26 ` Akhil Goyal
2018-09-24 10:51 ` Ananyev, Konstantin
2018-09-25 7:48 ` Akhil Goyal
2018-09-30 21:00 ` Ananyev, Konstantin
2018-10-01 12:49 ` Akhil Goyal
2018-10-02 23:24 ` Ananyev, Konstantin
2018-09-18 17:54 ` Jerin Jacob
2018-09-24 8:45 ` Ananyev, Konstantin
2018-09-26 18:02 ` Jerin Jacob
2018-10-02 23:56 ` Ananyev, Konstantin
2018-10-03 9:37 ` Jerin Jacob
2018-10-09 18:24 ` Ananyev, Konstantin
2018-09-17 10:36 ` Ananyev, Konstantin
2018-09-17 14:41 ` Joseph, Anoob
2018-10-09 18:23 ` [RFC v2 0/9] " Konstantin Ananyev
2018-10-09 18:23 ` [RFC v2 1/9] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2018-10-09 18:23 ` [RFC v2 2/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-10-09 18:23 ` [RFC v2 3/9] net: add ESP trailer structure definition Konstantin Ananyev
2018-10-09 18:23 ` [RFC v2 4/9] lib: introduce ipsec library Konstantin Ananyev
2018-10-09 18:23 ` [RFC v2 5/9] ipsec: add SA data-path API Konstantin Ananyev
2018-10-18 17:37 ` Jerin Jacob
2018-10-21 22:01 ` Ananyev, Konstantin
2018-10-24 12:03 ` Jerin Jacob
2018-10-28 20:37 ` Ananyev, Konstantin
2018-10-29 10:19 ` Jerin Jacob
2018-10-30 13:53 ` Ananyev, Konstantin
2018-10-31 6:37 ` Jerin Jacob
2018-10-09 18:23 ` [RFC v2 6/9] ipsec: implement " Konstantin Ananyev
2018-10-09 18:23 ` [RFC v2 7/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-10-09 18:23 ` [RFC v2 8/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-10-09 18:23 ` [RFC v2 9/9] test/ipsec: introduce functional test Konstantin Ananyev
2018-11-15 23:53 ` [PATCH 0/9] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-11-15 23:53 ` [PATCH 1/9] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2018-11-16 10:23 ` Mohammad Abdul Awal
2018-11-30 16:45 ` [PATCH v2 0/9] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-11-30 16:45 ` [PATCH v2 1/9] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2018-12-04 13:13 ` Mohammad Abdul Awal
2018-12-04 15:32 ` Trahe, Fiona
2018-12-06 15:38 ` [PATCH v3 0/9] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-12-06 15:38 ` [PATCH v3 1/9] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2018-12-11 17:24 ` Doherty, Declan
2018-12-14 16:23 ` [PATCH v4 01/10] " Konstantin Ananyev
2018-12-19 9:26 ` Akhil Goyal
2018-12-28 15:17 ` [PATCH v5 00/10] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 01/10] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 00/10] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2019-01-11 1:09 ` Xu, Yanjie
2019-01-03 20:16 ` [PATCH v6 01/10] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2019-01-04 0:25 ` Stephen Hemminger
2019-01-04 9:29 ` Ananyev, Konstantin
2019-01-09 23:41 ` Thomas Monjalon
2019-01-10 14:20 ` [PATCH v7 00/10] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2019-01-10 14:25 ` Thomas Monjalon
2019-01-10 14:40 ` De Lara Guarch, Pablo
2019-01-10 14:52 ` Ananyev, Konstantin
2019-01-10 14:54 ` Thomas Monjalon
2019-01-10 14:58 ` Ananyev, Konstantin
2019-01-10 15:00 ` Akhil Goyal
2019-01-10 15:09 ` Akhil Goyal
2019-01-10 14:51 ` Akhil Goyal
2019-01-10 14:20 ` [PATCH v7 01/10] cryptodev: add opaque userdata pointer into crypto sym session Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 0/9] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2019-01-10 23:59 ` De Lara Guarch, Pablo
2019-01-10 21:06 ` [PATCH v8 1/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 2/9] net: add ESP trailer structure definition Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 3/9] lib: introduce ipsec library Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 4/9] ipsec: add SA data-path API Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 5/9] ipsec: implement " Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 6/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 7/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 8/9] test/ipsec: introduce functional test Konstantin Ananyev
2019-01-10 21:06 ` [PATCH v8 9/9] doc: add IPsec library guide Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 02/10] security: add opaque userdata pointer into security session Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 03/10] net: add ESP trailer structure definition Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 04/10] lib: introduce ipsec library Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 05/10] ipsec: add SA data-path API Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 06/10] ipsec: implement " Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 07/10] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 08/10] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 09/10] test/ipsec: introduce functional test Konstantin Ananyev
2019-01-10 14:20 ` [PATCH v7 10/10] doc: add IPsec library guide Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 02/10] security: add opaque userdata pointer into security session Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 03/10] net: add ESP trailer structure definition Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 04/10] lib: introduce ipsec library Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 05/10] ipsec: add SA data-path API Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 06/10] ipsec: implement " Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 07/10] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 08/10] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 09/10] test/ipsec: introduce functional test Konstantin Ananyev
2019-01-03 20:16 ` [PATCH v6 10/10] doc: add IPsec library guide Konstantin Ananyev
2019-01-10 8:35 ` Thomas Monjalon
2018-12-28 15:17 ` [PATCH v5 02/10] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 03/10] net: add ESP trailer structure definition Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 04/10] lib: introduce ipsec library Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 05/10] ipsec: add SA data-path API Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 06/10] ipsec: implement " Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 07/10] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 08/10] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 09/10] test/ipsec: introduce functional test Konstantin Ananyev
2018-12-28 15:17 ` [PATCH v5 10/10] doc: add IPsec library guide Konstantin Ananyev
2018-12-14 16:23 ` [PATCH v4 02/10] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-12-19 9:26 ` Akhil Goyal
2018-12-14 16:23 ` [PATCH v4 03/10] net: add ESP trailer structure definition Konstantin Ananyev
2018-12-19 9:32 ` Akhil Goyal
2018-12-27 10:13 ` Olivier Matz
2018-12-14 16:23 ` [PATCH v4 04/10] lib: introduce ipsec library Konstantin Ananyev
2018-12-19 12:08 ` Akhil Goyal
2018-12-19 12:39 ` Thomas Monjalon
2018-12-20 14:06 ` Ananyev, Konstantin
2018-12-20 14:14 ` Thomas Monjalon
2018-12-20 14:26 ` Ananyev, Konstantin
2018-12-20 18:17 ` Ananyev, Konstantin
2018-12-21 11:57 ` Akhil Goyal
2018-12-21 11:53 ` Akhil Goyal
2018-12-21 12:41 ` Ananyev, Konstantin
2018-12-21 12:54 ` Ananyev, Konstantin
2018-12-14 16:23 ` [PATCH v4 05/10] ipsec: add SA data-path API Konstantin Ananyev
2018-12-19 13:04 ` Akhil Goyal
2018-12-20 10:17 ` Ananyev, Konstantin
2018-12-21 12:14 ` Akhil Goyal
2018-12-14 16:23 ` [PATCH v4 06/10] ipsec: implement " Konstantin Ananyev
2018-12-19 15:32 ` Akhil Goyal
2018-12-20 12:56 ` Ananyev, Konstantin
2018-12-21 12:36 ` Akhil Goyal
2018-12-21 14:27 ` Ananyev, Konstantin
2018-12-21 14:39 ` Thomas Monjalon
2018-12-21 14:51 ` Akhil Goyal
2018-12-21 15:16 ` Ananyev, Konstantin
2018-12-14 16:23 ` [PATCH v4 07/10] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-12-14 16:23 ` [PATCH v4 08/10] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-12-19 15:46 ` Akhil Goyal
2018-12-20 13:00 ` Ananyev, Konstantin
2018-12-21 12:37 ` Akhil Goyal
2018-12-14 16:23 ` [PATCH v4 09/10] test/ipsec: introduce functional test Konstantin Ananyev
2018-12-19 15:53 ` Akhil Goyal
2018-12-20 13:03 ` Ananyev, Konstantin
2018-12-21 12:41 ` Akhil Goyal
2018-12-14 16:27 ` [PATCH v4 10/10] doc: add IPsec library guide Konstantin Ananyev
2018-12-19 3:46 ` Thomas Monjalon
2018-12-19 16:01 ` Akhil Goyal
2018-12-20 13:06 ` Ananyev, Konstantin
2018-12-21 12:58 ` Akhil Goyal
2018-12-14 16:29 ` [PATCH v4 00/10] ipsec: new library for IPsec data-path processing Konstantin Ananyev
2018-12-21 13:32 ` Akhil Goyal
2018-12-06 15:38 ` [PATCH v3 2/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-12-11 17:25 ` Doherty, Declan
2018-12-06 15:38 ` [PATCH v3 3/9] net: add ESP trailer structure definition Konstantin Ananyev
2018-12-11 17:25 ` Doherty, Declan
2018-12-06 15:38 ` [PATCH v3 4/9] lib: introduce ipsec library Konstantin Ananyev
2018-12-11 17:25 ` Doherty, Declan [this message]
2018-12-06 15:38 ` [PATCH v3 5/9] ipsec: add SA data-path API Konstantin Ananyev
2018-12-11 17:25 ` Doherty, Declan
2018-12-12 7:37 ` Ananyev, Konstantin
2018-12-06 15:38 ` [PATCH v3 6/9] ipsec: implement " Konstantin Ananyev
2018-12-12 17:47 ` Doherty, Declan
2018-12-13 11:21 ` Ananyev, Konstantin
2018-12-06 15:38 ` [PATCH v3 7/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-12-13 12:14 ` Doherty, Declan
2018-12-06 15:38 ` [PATCH v3 8/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-12-13 12:14 ` Doherty, Declan
2018-12-06 15:38 ` [PATCH v3 9/9] test/ipsec: introduce functional test Konstantin Ananyev
2018-12-13 12:54 ` Doherty, Declan
2018-11-30 16:45 ` [PATCH v2 2/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-12-04 13:13 ` Mohammad Abdul Awal
2018-11-30 16:46 ` [PATCH v2 3/9] net: add ESP trailer structure definition Konstantin Ananyev
2018-12-04 13:12 ` Mohammad Abdul Awal
2018-11-30 16:46 ` [PATCH v2 4/9] lib: introduce ipsec library Konstantin Ananyev
2018-11-30 16:46 ` [PATCH v2 5/9] ipsec: add SA data-path API Konstantin Ananyev
2018-11-30 16:46 ` [PATCH v2 6/9] ipsec: implement " Konstantin Ananyev
2018-11-30 16:46 ` [PATCH v2 7/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-11-30 16:46 ` [PATCH v2 8/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-11-30 16:46 ` [PATCH v2 9/9] test/ipsec: introduce functional test Konstantin Ananyev
2018-11-15 23:53 ` [PATCH 2/9] security: add opaque userdata pointer into security session Konstantin Ananyev
2018-11-16 10:24 ` Mohammad Abdul Awal
2018-11-15 23:53 ` [PATCH 3/9] net: add ESP trailer structure definition Konstantin Ananyev
2018-11-16 10:22 ` Mohammad Abdul Awal
2018-11-15 23:53 ` [PATCH 4/9] lib: introduce ipsec library Konstantin Ananyev
2018-11-15 23:53 ` [PATCH 5/9] ipsec: add SA data-path API Konstantin Ananyev
2018-11-15 23:53 ` [PATCH 6/9] ipsec: implement " Konstantin Ananyev
2018-11-20 1:03 ` Zhang, Qi Z
2018-11-20 9:44 ` Ananyev, Konstantin
2018-11-20 10:02 ` Ananyev, Konstantin
2018-11-15 23:53 ` [PATCH 7/9] ipsec: rework SA replay window/SQN for MT environment Konstantin Ananyev
2018-11-15 23:53 ` [PATCH 8/9] ipsec: helper functions to group completed crypto-ops Konstantin Ananyev
2018-11-15 23:53 ` [PATCH 9/9] test/ipsec: introduce functional test Konstantin Ananyev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ded0214c-e235-13e6-5394-bee2228a454d@intel.com \
--to=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
--cc=mohammad.abdul.awal@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.