@@ -543,14 +543,11 @@ and this allows further acceleration of the offload of Crypto workloads.
The Security framework provides APIs to create and free sessions for crypto/ethernet
devices, where sessions are mempool objects. It is the application's responsibility
-to create and manage two session mempools - one for session and other for session
-private data. The private session data mempool object size should be able to
-accommodate the driver's private data of security session. The application can get
-the size of session private data using API ``rte_security_session_get_size``.
-And the session mempool object size should be enough to accommodate
-``rte_security_session``.
+to create and manage session mempool big enough for session and session
+private data. The application can get the size of session private data using API
+``rte_security_session_get_size``.
-Once the session mempools have been created, ``rte_security_session_create()``
+Once the session mempool has been created, ``rte_security_session_create()``
is used to allocate and initialize a session for the required crypto/ethernet device.
Session APIs need a parameter ``rte_security_ctx`` to identify the crypto/ethernet
@@ -179,10 +179,6 @@ Deprecation Notices
session and the private data of session. An opaque pointer can be exposed
directly to application which can be attached to the ``rte_crypto_op``.
-* security: Hide structure ``rte_security_session`` and expose an opaque
- pointer for the private data to the application which can be attached
- to the packet while enqueuing.
-
* eventdev: The file ``rte_eventdev_pmd.h`` will be renamed to ``eventdev_driver.h``
to make the driver interface as internal and the structures ``rte_eventdev_data``,
``rte_eventdev`` and ``rte_eventdevs`` will be moved to a new file named
@@ -281,6 +281,13 @@ API Changes
* cryptodev: The structure ``rte_crypto_sym_vec`` was updated to add
``dest_sgl`` to support out of place processing.
+* security: The structure ``rte_security_session`` was moved to rte_security_driver.h
+ and was hidden from the application. The APIs to create and destroy session were
+ updated to take a single mempool with element size enough to hold session data
+ and session private data. Inline APIs are created to get and set the session data.
+ All sample applications were updated to attach an opaque pointer for the session
+ to the ``rte_crypto_op`` while enqueuing.
+
* bbdev: Added device info related to data byte endianness processing.
@@ -70,7 +70,7 @@ struct rte_ipsec_session {
uint8_t dev_id;
} crypto;
struct {
- struct rte_security_session *ses;
+ void *ses;
struct rte_security_ctx *ctx;
uint32_t ol_flags;
} security;
@@ -44,12 +44,13 @@ struct rte_ipsec_group {
static inline struct rte_ipsec_session *
rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
{
- const struct rte_security_session *ss;
+ void *ss;
const struct rte_cryptodev_sym_session *cs;
if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
ss = cop->sym[0].sec_session;
- return (void *)(uintptr_t)ss->opaque_data;
+ return (void *)(uintptr_t)
+ rte_security_session_opaque_data_get(ss);
} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
cs = cop->sym[0].session;
return (void *)(uintptr_t)cs->opaque_data;
@@ -47,7 +47,8 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
ss->crypto.ses->opaque_data = (uintptr_t)ss;
else
- ss->security.ses->opaque_data = (uintptr_t)ss;
+ rte_security_session_opaque_data_set(ss->security.ses,
+ (uintptr_t)ss);
return 0;
}
@@ -508,14 +508,47 @@ struct rte_security_session_conf {
/**< Application specific userdata to be saved with session */
};
-struct rte_security_session {
- uint64_t opaque_data;
- /**< Opaque user defined data */
- uint64_t fast_mdata;
- /**< Fast metadata to be used for inline path */
- __extension__ void *sess_private_data[0];
- /**< Private session material */
-};
+#define SESS_FAST_MDATA_OFF 1
+#define SESS_OPAQUE_DATA_OFF 2
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+ return *((uint64_t *)sess - SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+ return *((uint64_t *)sess - SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+ uint64_t *data;
+ data = (((uint64_t *)sess) - SESS_OPAQUE_DATA_OFF);
+ *data = opaque;
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+ uint64_t *data;
+ data = (((uint64_t *)sess) - SESS_FAST_MDATA_OFF);
+ *data = fdata;
+}
/**
* Create security session as specified by the session configuration
@@ -646,8 +679,9 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
{
/* Fast Path */
if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
- *rte_security_dynfield(mb) =
- (rte_security_dynfield_t)(sess);
+ uint64_t mdata = rte_security_session_fast_mdata_get(sess);
+
+ *rte_security_dynfield(mb) = (rte_security_dynfield_t)(mdata);
return 0;
}
@@ -19,6 +19,19 @@ extern "C" {
#include "rte_security.h"
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+ /** Opaque user defined data */
+ uint64_t opaque_data;
+ /** Fast metadata to be used for inline path */
+ uint64_t fast_mdata;
+ /** Private session material */
+ __extension__ void *sess_private_data[0];
+};
+
/**
* Configure a security session on a device.
*
rte_security_session struct is now hidden in the library. application can access the opaque data and fast_mdata using the set/get APIs introduced in this patch. Signed-off-by: Akhil Goyal <gakhil@marvell.com> --- doc/guides/prog_guide/rte_security.rst | 11 ++---- doc/guides/rel_notes/deprecation.rst | 4 -- doc/guides/rel_notes/release_21_11.rst | 7 ++++ lib/ipsec/rte_ipsec.h | 2 +- lib/ipsec/rte_ipsec_group.h | 5 ++- lib/ipsec/ses.c | 3 +- lib/security/rte_security.h | 54 +++++++++++++++++++++----- lib/security/rte_security_driver.h | 13 +++++++ 8 files changed, 74 insertions(+), 25 deletions(-)