From mboxrd@z Thu Jan 1 00:00:00 1970 From: Akhil Goyal Subject: Re: [PATCH 1/3] security: support pdcp protocol Date: Mon, 8 Oct 2018 15:19:24 +0530 Message-ID: <08b3f2b9-260f-bea0-4cc1-61a40982190e@nxp.com> References: <20180828130105.30779-1-akhil.goyal@nxp.com> <20180828130105.30779-2-akhil.goyal@nxp.com> <0b682c3f-bb01-8970-f271-7ffa61cbface@nxp.com> <26ac4ab0-bb36-918a-23fe-41833eba9e7e@caviumnetworks.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Cc: dev@dpdk.org, Declan Doherty , Pablo de Lara , Radu Nicolau , Jerin Jacob , Narayana Prasad , "Verma, Shally" , Vidya Sagar Velumuri To: "Joseph, Anoob" Return-path: Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70089.outbound.protection.outlook.com [40.107.7.89]) by dpdk.org (Postfix) with ESMTP id 7C3A14C74 for ; Mon, 8 Oct 2018 11:49:40 +0200 (CEST) In-Reply-To: <26ac4ab0-bb36-918a-23fe-41833eba9e7e@caviumnetworks.com> Content-Language: en-US List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Anoob, >>>> @@ -494,6 +553,23 @@ IPsec related configuration parameters are >>>> defined in ``rte_security_ipsec_xform >>>>            /**< Tunnel parameters, NULL for transport mode */ >>>>        }; >>>> +PDCP related configuration parameters are defined in >>>> ``rte_security_pdcp_xform`` >>>> + >>>> +.. code-block:: c >>>> + >>>> +    struct rte_security_pdcp_xform { >>>> +        int8_t bearer; /**< PDCP bearer ID */ >>>> +        enum rte_security_pdcp_domain domain; >>>> +        /** < PDCP mode of operation: Control or data */ >>>> +        enum rte_security_pdcp_direction pkt_dir; >>>> +        /**< PDCP Frame Direction 0:UL 1:DL */ >>>> +        enum rte_security_pdcp_sn_size sn_size; >>>> +        /**< Sequence number size, 5/7/12/15 */ >>>> +        int8_t hfn_ovd; /**< Overwrite HFN per operation */ >>>> +        uint32_t hfn;  /**< Hyper Frame Number */ >>>> +        uint32_t hfn_threshold;        /**< HFN Threashold for key >>>> renegotiation */ >>>> +    }; >>>> + >>> [Anoob] PDCP packet ordering should be both a capability and a setting. >>> HFN will be incremented overtime and starts at 0. So why is it part of >>> the xform? >> >> The Security accelerators may assume packet in order. Latest PDCP TS >> suggest to do de-Ciphering before re-Ordering the Rx PDCP PDUs. In this >> situation, the accelerator may use wrong HFN value. The PDCP application >> can provide the appropriate HFN value along with PDU to the security >> accelerator. >> > So what is the expectation with regards to ordering? Would PDCP know > the order or is it unaware of the order? > If implementation of this Spec knows the order of packets(which is > implied by the "In order delivery and Duplicate detection > Sequence Numbering" statement in the PDCP flow diagram), then there > should be no need to override the > HFN. If the implementation does not know the order of packets, then > the flow diagram should be corrected. > Also, is implementation expected to support ordered delivery and > duplicate detection. Perhaps it should be > a capability or 2. This patchset is basically talking about full protocol offload with look aside accelerators. And when we are talking about full protocol offload, all protocol related stuff like ordering, headers etc. needs to be handled by the HW/driver. So the expectation is driver/HW should be able to perform in order delivery and detect duplicates. If somebody have support for PDCP in the hardware, we can add capabilities as per the specific requirements. In v2/v3 I have removed the hfn_override. Will add it later when it will be supported. Thanks, Akhil