Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 96083,
    "url": "http://patchwork.dpdk.org/api/patches/96083/?format=api",
    "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/1626759974-334-3-git-send-email-anoobj@marvell.com/",
    "project": {
        "id": 1,
        "url": "http://patchwork.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<1626759974-334-3-git-send-email-anoobj@marvell.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/1626759974-334-3-git-send-email-anoobj@marvell.com",
    "date": "2021-07-20T05:46:13",
    "name": "[2/2] lib/security: add SA lifetime configuration",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "35026e24a2a4931d148c18a3239826f869ed9910",
    "submitter": {
        "id": 1205,
        "url": "http://patchwork.dpdk.org/api/people/1205/?format=api",
        "name": "Anoob Joseph",
        "email": "anoobj@marvell.com"
    },
    "delegate": {
        "id": 6690,
        "url": "http://patchwork.dpdk.org/api/users/6690/?format=api",
        "username": "akhil",
        "first_name": "akhil",
        "last_name": "goyal",
        "email": "gakhil@marvell.com"
    },
    "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/1626759974-334-3-git-send-email-anoobj@marvell.com/mbox/",
    "series": [
        {
            "id": 17902,
            "url": "http://patchwork.dpdk.org/api/series/17902/?format=api",
            "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=17902",
            "date": "2021-07-20T05:46:11",
            "name": "Improvements to rte_security",
            "version": 1,
            "mbox": "http://patchwork.dpdk.org/series/17902/mbox/"
        }
    ],
    "comments": "http://patchwork.dpdk.org/api/patches/96083/comments/",
    "check": "fail",
    "checks": "http://patchwork.dpdk.org/api/patches/96083/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 7D669A0C49;\n\tTue, 20 Jul 2021 07:57:07 +0200 (CEST)",
            "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 6C1BA410E1;\n\tTue, 20 Jul 2021 07:57:07 +0200 (CEST)",
            "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 678A8410E1\n for <dev@dpdk.org>; Tue, 20 Jul 2021 07:57:06 +0200 (CEST)",
            "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id\n 16K5oelJ028927; Mon, 19 Jul 2021 22:57:05 -0700",
            "from dc5-exch01.marvell.com ([199.233.59.181])\n by mx0a-0016f401.pphosted.com with ESMTP id 39wa68b778-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Mon, 19 Jul 2021 22:57:05 -0700",
            "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Mon, 19 Jul 2021 22:57:03 -0700",
            "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Mon, 19 Jul 2021 22:57:04 -0700",
            "from HY-LT1002.marvell.com (unknown [10.193.70.144])\n by maili.marvell.com (Postfix) with ESMTP id B4C1F3F7048;\n Mon, 19 Jul 2021 22:56:55 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=DCp8CpUadQJNag+G4KNc64xyMCskoP3ELKcaDfm9UBo=;\n b=AoNIxpyqGFR2h7KpL5wHMz7mubvObLnjWpj8OicwRsJaojKWr2sJFdNPwtYAiDAcWhiq\n f4NAx6B2dogscTMRCrUnF40zYs12TcyEesViKa5mm5+SB1d36U1jrkZTaAZvElUEkkkC\n tsSsVm2la6vsMDxFjhfY3HlH8aWGhmuekv8ZskDCNUsPnuUvU4t5pX7gpQi20j5FbFwX\n Xob26Tk1GDgDhj0zXuZQaSuQisvouDnrZtKZu8dWLs+YtAV0z0hStMQi5cdvRw5l624z\n VfFXMtX4oRO8TT9o8+AHnE5B7pyM/UbfGn7ywpXrof/w/eyThdhLBWRHqHa2y5c5FS9Q ig==",
        "From": "Anoob Joseph <anoobj@marvell.com>",
        "To": "Akhil Goyal <gakhil@marvell.com>, Declan Doherty\n <declan.doherty@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>,\n \"Konstantin Ananyev\" <konstantin.ananyev@intel.com>",
        "CC": "Anoob Joseph <anoobj@marvell.com>, Jerin Jacob <jerinj@marvell.com>,\n \"Ankur Dwivedi\" <adwivedi@marvell.com>, Tejasree Kondoj\n <ktejasree@marvell.com>, <dev@dpdk.org>",
        "Date": "Tue, 20 Jul 2021 11:16:13 +0530",
        "Message-ID": "<1626759974-334-3-git-send-email-anoobj@marvell.com>",
        "X-Mailer": "git-send-email 2.7.4",
        "In-Reply-To": "<1626759974-334-1-git-send-email-anoobj@marvell.com>",
        "References": "<1626759974-334-1-git-send-email-anoobj@marvell.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Content-Type": "text/plain",
        "X-Proofpoint-GUID": "vEFLzpUZbQ6CYLk3XWZKOR-3nbYzhjEE",
        "X-Proofpoint-ORIG-GUID": "vEFLzpUZbQ6CYLk3XWZKOR-3nbYzhjEE",
        "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790\n definitions=2021-07-20_04:2021-07-19,\n 2021-07-20 signatures=0",
        "Subject": "[dpdk-dev] [PATCH 2/2] lib/security: add SA lifetime configuration",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "Add SA lifetime configuration to register soft and hard expiry limits.\nExpiry can be in units of number of packets or bytes. Crypto op\nstatus is also updated to cover warnings indicating soft expiry in case\nof lookaside protocol operations.\n\nIn case of soft expiry, the packets are successfully IPsec processed but\nthe soft expiry would indicate that SA needs to be reconfigured. For\ninline protocol capable ethdev, this would result in an eth event while\nfor lookaside protocol capable cryptodev, this can be communicated via\n`rte_crypto_op.status` field.\n\nIn case of hard expiry, the packets will not be IPsec processed and\nwould result in error.\n\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\n---\n examples/ipsec-secgw/ipsec.c |  2 +-\n examples/ipsec-secgw/ipsec.h |  2 +-\n lib/cryptodev/rte_crypto.h   |  7 +++++++\n lib/security/rte_security.h  | 28 ++++++++++++++++++++++++++--\n 4 files changed, 35 insertions(+), 4 deletions(-)",
    "diff": "diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c\nindex 5b032fe..4868294 100644\n--- a/examples/ipsec-secgw/ipsec.c\n+++ b/examples/ipsec-secgw/ipsec.c\n@@ -49,7 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)\n \t\t}\n \t\t/* TODO support for Transport */\n \t}\n-\tipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT;\n+\tipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT;\n \tipsec->replay_win_sz = app_sa_prm.window_size;\n \tipsec->options.esn = app_sa_prm.enable_esn;\n \tipsec->options.udp_encap = sa->udp_encap;\ndiff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h\nindex ae5058d..90c81c1 100644\n--- a/examples/ipsec-secgw/ipsec.h\n+++ b/examples/ipsec-secgw/ipsec.h\n@@ -23,7 +23,7 @@\n \n #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */\n \n-#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00\n+#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00\n \n #define IV_OFFSET\t\t(sizeof(struct rte_crypto_op) + \\\n \t\t\t\tsizeof(struct rte_crypto_sym_op))\ndiff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h\nindex fd5ef3a..c5a0897 100644\n--- a/lib/cryptodev/rte_crypto.h\n+++ b/lib/cryptodev/rte_crypto.h\n@@ -52,6 +52,13 @@ enum rte_crypto_op_status {\n \t/**< Operation failed due to invalid arguments in request */\n \tRTE_CRYPTO_OP_STATUS_ERROR,\n \t/**< Error handling operation */\n+\tRTE_CRYPTO_OP_STATUS_WAR = 128,\n+\t/**<\n+\t * Operation completed successfully with warnings.\n+\t * Note: All the warnings starts from here.\n+\t */\n+\tRTE_CRYPTO_OPSTATUS_WAR_SOFT_EXPIRY,\n+\t/**< Operation completed successfully with soft expiry of lifetime */\n };\n \n /**\ndiff --git a/lib/security/rte_security.h b/lib/security/rte_security.h\nindex d61a55d..d633c8d 100644\n--- a/lib/security/rte_security.h\n+++ b/lib/security/rte_security.h\n@@ -206,6 +206,30 @@ enum rte_security_ipsec_sa_direction {\n };\n \n /**\n+ * Configure soft and hard lifetime of an IPsec SA\n+ *\n+ * Lifetime of an IPsec SA would specify the maximum number of packets or bytes\n+ * that can be processed. IPsec operations would start failing once any hard\n+ * limit is reached.\n+ *\n+ * Soft limits can be specified to generate notification when the SA is\n+ * approaching hard limits for lifetime. For inline operations, reaching soft\n+ * expiry limit would result in raising an eth event for the same. For lookaside\n+ * operations, this would result in a warning returned in\n+ * ``rte_crypto_op.status``.\n+ */\n+struct rte_security_ipsec_lifetime {\n+\tuint64_t packets_soft_limit;\n+\t/**< Soft expiry limit in number of packets */\n+\tuint64_t bytes_soft_limit;\n+\t/**< Soft expiry limit in bytes */\n+\tuint64_t packets_hard_limit;\n+\t/**< Soft expiry limit in number of packets */\n+\tuint64_t bytes_hard_limit;\n+\t/**< Soft expiry limit in bytes */\n+};\n+\n+/**\n  * IPsec security association configuration data.\n  *\n  * This structure contains data required to create an IPsec SA security session.\n@@ -225,8 +249,8 @@ struct rte_security_ipsec_xform {\n \t/**< IPsec SA Mode - transport/tunnel */\n \tstruct rte_security_ipsec_tunnel_param tunnel;\n \t/**< Tunnel parameters, NULL for transport mode */\n-\tuint64_t esn_soft_limit;\n-\t/**< ESN for which the overflow event need to be raised */\n+\tstruct rte_security_ipsec_lifetime life;\n+\t/**< IPsec SA lifetime */\n \tuint32_t replay_win_sz;\n \t/**< Anti replay window size to enable sequence replay attack handling.\n \t * replay checking is disabled if the window size is 0.\n",
    "prefixes": [
        "2/2"
    ]
}