Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
08/08/2017 07:03, Shahaf Shuler: > Monday, August 7, 2017 9:07 PM, Boris Pismenny: > > > From: Thomas Monjalon [mailto:tho...@monjalon.net] > > > 04/08/2017 07:26, Hemant Agrawal: > > > > On 8/3/2017 9:02 PM, Akhil Goyal wrote: > > > > > Support for security operations is planned to be added in ethdev > > > > > and cryptodev for the 17.11 release. > > > > > > > > > > For this following changes are required. > > > > > - rte_cryptodev and rte_eth_dev structures need to be added new > > > > > parameter rte_security_ops which extend support for security ops > > > > > to the corresponding driver. > > > > > - rte_cryptodev_info and rte_ethd_dev_info need to be added with > > > > > rte_security_capabilities to identify the capabilities of the > > > > > corresponding driver. > > > > > > It is not explained what is the fundamental difference between > > > rte_security and rte_crypto? > > > It looks to be just a technical workaround. > > > > rte_security is a layer between crypto and NIC. > > > > Today crypto sessions are created exclusively against crypto devices, but > > they don't use network related fields, while the network namespace doesn't > > use crypto related fields. We expect this API to represent crypto sessions > > that combine network fields and allow to add/delete them for all devices. > > > > For NICs we will use rte_flow with rte_security for inline/full crypto > > protocol > > offload such as ESP. > > > > > > > > Why the ABI would be changed by rte_security additions? > > > > > > > > Signed-off-by: Akhil Goyal > > > > > > > > > Acked-by: Hemant Agrawal > > > > > > No more opinions outside of NXP? > > > It seems there is not yet a consensus on how to manage IPsec offloading. > > > I heard there were some phone calls about these stuff but nothing > > > clear appears publicly on the mailing list. > > > Looks to be a community failure. > > > > We agreed to go ahead with this approach on one such phone call. I hope we > > could use the dpdk github for development. > > > > Acked-by: Boris Pismenny > > Acked-by: Shahaf Shuler Applied It means you have a chance to do this change in 17.11. It does not mean you can be sure that the patches will be accepted. This is introducing a new complexity. It must be discussed with the technical board before approving the final design in 17.11.
Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
Hi Pablo/Declan, On 8/4/2017 8:55 PM, De Lara Guarch, Pablo wrote: -Original Message- From: Akhil Goyal [mailto:akhil.go...@nxp.com] Sent: Thursday, August 3, 2017 4:32 PM To: dev@dpdk.org; Doherty, Declan ; tho...@monjalon.net; Nicolau, Radu ; avia...@mellanox.com; bor...@mellanox.com; hemant.agra...@nxp.com; De Lara Guarch, Pablo Cc: Akhil Goyal Subject: [PATCH] doc: announce ABI change for cryptodev and ethdev Support for security operations is planned to be added in ethdev and cryptodev for the 17.11 release. For this following changes are required. - rte_cryptodev and rte_eth_dev structures need to be added new parameter rte_security_ops which extend support for security ops to the corresponding driver. - rte_cryptodev_info and rte_ethd_dev_info need to be added with rte_security_capabilities to identify the capabilities of the corresponding driver. Signed-off-by: Akhil Goyal Not sure if this needed to be split into two patches, as this affects two libraries. At least, from cryptodev side: Acked-by: Pablo de Lara We would be needing one more ABI change, Can I send it now. I discovered it after I sent this patch. In the struct rte_crypto_sym_op, we would need to add a pointer to a security session in the union of session and xform. Also, Do I need to split this patch into two for crypto and eth? Regards, Akhil
Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
Monday, August 7, 2017 9:07 PM, Boris Pismenny: > > From: Thomas Monjalon [mailto:tho...@monjalon.net] > > 04/08/2017 07:26, Hemant Agrawal: > > > On 8/3/2017 9:02 PM, Akhil Goyal wrote: > > > > Support for security operations is planned to be added in ethdev > > > > and cryptodev for the 17.11 release. > > > > > > > > For this following changes are required. > > > > - rte_cryptodev and rte_eth_dev structures need to be added new > > > > parameter rte_security_ops which extend support for security ops > > > > to the corresponding driver. > > > > - rte_cryptodev_info and rte_ethd_dev_info need to be added with > > > > rte_security_capabilities to identify the capabilities of the > > > > corresponding driver. > > > > It is not explained what is the fundamental difference between > > rte_security and rte_crypto? > > It looks to be just a technical workaround. > > rte_security is a layer between crypto and NIC. > > Today crypto sessions are created exclusively against crypto devices, but > they don't use network related fields, while the network namespace doesn't > use crypto related fields. We expect this API to represent crypto sessions > that combine network fields and allow to add/delete them for all devices. > > For NICs we will use rte_flow with rte_security for inline/full crypto > protocol > offload such as ESP. > > > > > Why the ABI would be changed by rte_security additions? > > > > > > Signed-off-by: Akhil Goyal > > > > > > > Acked-by: Hemant Agrawal > > > > No more opinions outside of NXP? > > It seems there is not yet a consensus on how to manage IPsec offloading. > > I heard there were some phone calls about these stuff but nothing > > clear appears publicly on the mailing list. > > Looks to be a community failure. > > We agreed to go ahead with this approach on one such phone call. I hope we > could use the dpdk github for development. > > Acked-by: Boris Pismenny Acked-by: Shahaf Shuler
Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
> From: Thomas Monjalon [mailto:tho...@monjalon.net] > 04/08/2017 07:26, Hemant Agrawal: > > On 8/3/2017 9:02 PM, Akhil Goyal wrote: > > > Support for security operations is planned to be added in ethdev and > > > cryptodev for the 17.11 release. > > > > > > For this following changes are required. > > > - rte_cryptodev and rte_eth_dev structures need to be added new > > > parameter rte_security_ops which extend support for security ops to > > > the corresponding driver. > > > - rte_cryptodev_info and rte_ethd_dev_info need to be added with > > > rte_security_capabilities to identify the capabilities of the > > > corresponding driver. > > It is not explained what is the fundamental difference between rte_security > and rte_crypto? > It looks to be just a technical workaround. rte_security is a layer between crypto and NIC. Today crypto sessions are created exclusively against crypto devices, but they don't use network related fields, while the network namespace doesn't use crypto related fields. We expect this API to represent crypto sessions that combine network fields and allow to add/delete them for all devices. For NICs we will use rte_flow with rte_security for inline/full crypto protocol offload such as ESP. > > Why the ABI would be changed by rte_security additions? > > > > Signed-off-by: Akhil Goyal > > > > > Acked-by: Hemant Agrawal > > No more opinions outside of NXP? > It seems there is not yet a consensus on how to manage IPsec offloading. > I heard there were some phone calls about these stuff but nothing clear > appears publicly on the mailing list. > Looks to be a community failure. We agreed to go ahead with this approach on one such phone call. I hope we could use the dpdk github for development. Acked-by: Boris Pismenny
Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
04/08/2017 07:26, Hemant Agrawal: > On 8/3/2017 9:02 PM, Akhil Goyal wrote: > > Support for security operations is planned to be added > > in ethdev and cryptodev for the 17.11 release. > > > > For this following changes are required. > > - rte_cryptodev and rte_eth_dev structures need to be added > > new parameter rte_security_ops which extend support for > > security ops to the corresponding driver. > > - rte_cryptodev_info and rte_ethd_dev_info need to be added > > with rte_security_capabilities to identify the capabilities of > > the corresponding driver. It is not explained what is the fundamental difference between rte_security and rte_crypto? It looks to be just a technical workaround. Why the ABI would be changed by rte_security additions? > > Signed-off-by: Akhil Goyal > > > Acked-by: Hemant Agrawal No more opinions outside of NXP? It seems there is not yet a consensus on how to manage IPsec offloading. I heard there were some phone calls about these stuff but nothing clear appears publicly on the mailing list. Looks to be a community failure.
Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
> -Original Message- > From: Akhil Goyal [mailto:akhil.go...@nxp.com] > Sent: Thursday, August 3, 2017 4:32 PM > To: dev@dpdk.org; Doherty, Declan ; > tho...@monjalon.net; Nicolau, Radu ; > avia...@mellanox.com; bor...@mellanox.com; > hemant.agra...@nxp.com; De Lara Guarch, Pablo > > Cc: Akhil Goyal > Subject: [PATCH] doc: announce ABI change for cryptodev and ethdev > > Support for security operations is planned to be added in ethdev and > cryptodev for the 17.11 release. > > For this following changes are required. > - rte_cryptodev and rte_eth_dev structures need to be added new > parameter rte_security_ops which extend support for security ops to the > corresponding driver. > - rte_cryptodev_info and rte_ethd_dev_info need to be added with > rte_security_capabilities to identify the capabilities of the corresponding > driver. > > Signed-off-by: Akhil Goyal Not sure if this needed to be split into two patches, as this affects two libraries. At least, from cryptodev side: Acked-by: Pablo de Lara
Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
> -Original Message- > From: Akhil Goyal [mailto:akhil.go...@nxp.com] > Sent: Thursday, August 3, 2017 4:32 PM > To: dev@dpdk.org; Doherty, Declan ; > tho...@monjalon.net; Nicolau, Radu ; > avia...@mellanox.com; bor...@mellanox.com; > hemant.agra...@nxp.com; De Lara Guarch, Pablo > > Cc: Akhil Goyal > Subject: [PATCH] doc: announce ABI change for cryptodev and ethdev > > Support for security operations is planned to be added in ethdev and > cryptodev for the 17.11 release. > > For this following changes are required. > - rte_cryptodev and rte_eth_dev structures need to be added new > parameter rte_security_ops which extend support for security ops to the > corresponding driver. > - rte_cryptodev_info and rte_ethd_dev_info need to be added with > rte_security_capabilities to identify the capabilities of the corresponding > driver. > > Signed-off-by: Akhil Goyal Boris, Aviad, could you review this patch? Thanks, Pablo
Re: [dpdk-dev] [PATCH] doc: announce ABI change for cryptodev and ethdev
On 8/3/2017 9:02 PM, Akhil Goyal wrote: Support for security operations is planned to be added in ethdev and cryptodev for the 17.11 release. For this following changes are required. - rte_cryptodev and rte_eth_dev structures need to be added new parameter rte_security_ops which extend support for security ops to the corresponding driver. - rte_cryptodev_info and rte_ethd_dev_info need to be added with rte_security_capabilities to identify the capabilities of the corresponding driver. Signed-off-by: Akhil Goyal --- doc/guides/rel_notes/deprecation.rst | 10 ++ 1 file changed, 10 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index f6bd910..2393b4c 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -69,3 +69,13 @@ Deprecation Notices be removed in 17.11: - ``rte_cryptodev_create_vdev`` + +* cryptodev: new parameters - ``rte_security_capabilities`` and + ``rte_security_ops`` will be added to ``rte_cryptodev_info`` and + ``rte_cryptodev`` respectively to support security protocol offloaded + operations. + +* ethdev: new parameters - ``rte_security_capabilities`` and + ``rte_security_ops`` will be added to ``rte_eth_dev_info`` and + ``rte_eth_dev`` respectively to support security operations like + ipsec inline. Acked-by: Hemant Agrawal