| Message ID | 20170428064941.10030-1-nikhil.agarwal@linaro.org |
|---|---|
| State | New |
| Headers | show |
Hi, > -----Original Message----- > From: lng-odp [mailto:lng-odp-bounces@lists.linaro.org] On Behalf Of Nikhil Agarwal > Sent: Friday, April 28, 2017 9:50 AM > To: lng-odp@lists.linaro.org > Subject: [lng-odp] [API_NEXT v2] API: IPSEC: Updating ipsec APIs to support sNIC > implementation. > > Signed-off-by: Nikhil Agarwal <nikhil.agarwal@linaro.org> > --- > include/odp/api/spec/ipsec.h | 62 +++++++++++++++++----------------------- > include/odp/api/spec/packet_io.h | 10 +++++++ > 2 files changed, 36 insertions(+), 36 deletions(-) > > diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h > index e83494d..a2624ff 100644 > --- a/include/odp/api/spec/ipsec.h > +++ b/include/odp/api/spec/ipsec.h > @@ -59,8 +59,10 @@ typedef enum odp_ipsec_op_mode_t { > /** Inline IPSEC operation > * > * Packet input/output is connected directly to IPSEC inbound/outbound > - * processing. Application uses asynchronous or inline IPSEC > - * operations. > + * processing. Application may use asynchronous IPSEC operations. > + * Packet post IPSEC operations are delivered to PKTIO queues. Further > + * classification/Hashing(inbound) will be applicaed to packet post IPSEC as > + * defined in PKTIO configuration. > */ > ODP_IPSEC_OP_MODE_INLINE, The added comment is not valid for asynchronously processed packets which are also allowed in the inline operating mode. So maybe the inline-specific comment should be reformulated or located elsewhere. > > @@ -226,6 +228,24 @@ typedef struct odp_ipsec_outbound_config_t { > > } odp_ipsec_outbound_config_t; > > +typedef union odp_ipsec_protocols_t { > + /** Cipher algorithms */ > + struct { > + /** ODP_IPSEC_ESP */ > + uint32_t esp : 1; > + > + /** ODP_IPSEC_AH */ > + uint32_t ah : 1; > + > + } bit; > + > + /** All bits of the bit field structure > + * > + * This field can be used to set/clear all flags, or bitwise > + * operations over the entire structure. */ > + uint32_t all_bits; > +} odp_ipsec_protocols_t; > + > /** > * IPSEC capability > */ > @@ -264,6 +284,9 @@ typedef struct odp_ipsec_capability_t { > */ > uint8_t hard_limit_sec; > > + /** Supported ipsec Protocols */ > + odp_ipsec_protocols_t protocols; > + > /** Supported cipher algorithms */ > odp_crypto_cipher_algos_t ciphers; > > @@ -554,21 +577,6 @@ typedef enum odp_ipsec_lookup_mode_t { > } odp_ipsec_lookup_mode_t; > > /** > - * Result event pipeline configuration > - */ > -typedef enum odp_ipsec_pipeline_t { > - /** Do not pipeline */ > - ODP_IPSEC_PIPELINE_NONE = 0, > - > - /** Send IPSEC result events to the classifier. > - * > - * IPSEC capability 'pipeline_cls' determines if pipelined > - * classification is supported. */ > - ODP_IPSEC_PIPELINE_CLS > - > -} odp_ipsec_pipeline_t; > - > -/** > * IPSEC Security Association (SA) parameters > */ > typedef struct odp_ipsec_sa_param_t { > @@ -632,31 +640,13 @@ typedef struct odp_ipsec_sa_param_t { > */ > uint32_t mtu; > > - /** Select pipelined destination for IPSEC result events > - * > - * Asynchronous and inline modes generate result events. Select where > - * those events are sent. Inbound SAs may choose to use pipelined > - * classification. The default value is ODP_IPSEC_PIPELINE_NONE. > - */ > - odp_ipsec_pipeline_t pipeline; > - So for asynchronously processed packets this proposal removes the possibility of ODP distributing the packets decapsulated from one fat tunnel to multiple queues for better parallelism. > /** Destination queue for IPSEC events > * > - * Operations in asynchronous or inline mode enqueue resulting events > + * Operations in asynchronous mode enqueue resulting events > * into this queue. > */ > odp_queue_t dest_queue; So where do the inline processed packets end up? After this patch the API would not say it. > > - /** Classifier destination CoS for IPSEC result events > - * > - * Result events for successfully decapsulated packets are sent to > - * classification through this CoS. Other result events are sent to > - * 'dest_queue'. This field is considered only when 'pipeline' is > - * ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared between any pktio > - * interface default CoS. > - */ > - odp_cos_t dest_cos; > - > /** User defined SA context pointer > * > * User defined context pointer associated with the SA. > diff --git a/include/odp/api/spec/packet_io.h b/include/odp/api/spec/packet_io.h > index 8802089..0744b1a 100644 > --- a/include/odp/api/spec/packet_io.h > +++ b/include/odp/api/spec/packet_io.h > @@ -1136,6 +1136,16 @@ uint64_t odp_pktin_ts_res(odp_pktio_t pktio); > * @return Packet input timestamp > */ > odp_time_t odp_pktin_ts_from_ns(odp_pktio_t pktio, uint64_t ns); > +/** > + * Returns virtual IPSEC PKTIO for a given PKTIO interface. > + * > + * @param pktio Packet IO handle > + * > + * @return virtual IPSEC PKT IO handle. returns ODP_PKTIO_INVALID in case IPSec > + * is not enabled on the PKTIO. > + */ > +odp_pktio_t odp_pktio_ipsec_pktio(odp_pktio_t pktio, uint64_t ns); > + There is no explanation on what this virtual pktio is for and how it can be used. Janne
On 28 April 2017 at 10:28, Peltonen, Janne (Nokia - FI/Espoo) <janne.peltonen@nokia.com> wrote: > Hi, > >> -----Original Message----- >> From: lng-odp [mailto:lng-odp-bounces@lists.linaro.org] On Behalf Of Nikhil Agarwal >> Sent: Friday, April 28, 2017 9:50 AM >> To: lng-odp@lists.linaro.org >> Subject: [lng-odp] [API_NEXT v2] API: IPSEC: Updating ipsec APIs to support sNIC >> implementation. >> >> Signed-off-by: Nikhil Agarwal <nikhil.agarwal@linaro.org> >> --- >> include/odp/api/spec/ipsec.h | 62 +++++++++++++++++----------------------- >> include/odp/api/spec/packet_io.h | 10 +++++++ >> 2 files changed, 36 insertions(+), 36 deletions(-) >> >> diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h >> index e83494d..a2624ff 100644 >> --- a/include/odp/api/spec/ipsec.h >> +++ b/include/odp/api/spec/ipsec.h >> @@ -59,8 +59,10 @@ typedef enum odp_ipsec_op_mode_t { >> /** Inline IPSEC operation >> * >> * Packet input/output is connected directly to IPSEC inbound/outbound >> - * processing. Application uses asynchronous or inline IPSEC >> - * operations. >> + * processing. Application may use asynchronous IPSEC operations. >> + * Packet post IPSEC operations are delivered to PKTIO queues. Further >> + * classification/Hashing(inbound) will be applicaed to packet post IPSEC as >> + * defined in PKTIO configuration. >> */ >> ODP_IPSEC_OP_MODE_INLINE, > > The added comment is not valid for asynchronously processed packets which are also > allowed in the inline operating mode. So maybe the inline-specific comment should > be reformulated or located elsewhere. > >> >> @@ -226,6 +228,24 @@ typedef struct odp_ipsec_outbound_config_t { >> >> } odp_ipsec_outbound_config_t; >> >> +typedef union odp_ipsec_protocols_t { >> + /** Cipher algorithms */ >> + struct { >> + /** ODP_IPSEC_ESP */ >> + uint32_t esp : 1; >> + >> + /** ODP_IPSEC_AH */ >> + uint32_t ah : 1; >> + >> + } bit; >> + >> + /** All bits of the bit field structure >> + * >> + * This field can be used to set/clear all flags, or bitwise >> + * operations over the entire structure. */ >> + uint32_t all_bits; >> +} odp_ipsec_protocols_t; >> + >> /** >> * IPSEC capability >> */ >> @@ -264,6 +284,9 @@ typedef struct odp_ipsec_capability_t { >> */ >> uint8_t hard_limit_sec; >> >> + /** Supported ipsec Protocols */ >> + odp_ipsec_protocols_t protocols; >> + >> /** Supported cipher algorithms */ >> odp_crypto_cipher_algos_t ciphers; >> >> @@ -554,21 +577,6 @@ typedef enum odp_ipsec_lookup_mode_t { >> } odp_ipsec_lookup_mode_t; >> >> /** >> - * Result event pipeline configuration >> - */ >> -typedef enum odp_ipsec_pipeline_t { >> - /** Do not pipeline */ >> - ODP_IPSEC_PIPELINE_NONE = 0, >> - >> - /** Send IPSEC result events to the classifier. >> - * >> - * IPSEC capability 'pipeline_cls' determines if pipelined >> - * classification is supported. */ >> - ODP_IPSEC_PIPELINE_CLS >> - >> -} odp_ipsec_pipeline_t; >> - >> -/** >> * IPSEC Security Association (SA) parameters >> */ >> typedef struct odp_ipsec_sa_param_t { >> @@ -632,31 +640,13 @@ typedef struct odp_ipsec_sa_param_t { >> */ >> uint32_t mtu; >> >> - /** Select pipelined destination for IPSEC result events >> - * >> - * Asynchronous and inline modes generate result events. Select where >> - * those events are sent. Inbound SAs may choose to use pipelined >> - * classification. The default value is ODP_IPSEC_PIPELINE_NONE. >> - */ >> - odp_ipsec_pipeline_t pipeline; >> - > > So for asynchronously processed packets this proposal removes the possibility > of ODP distributing the packets decapsulated from one fat tunnel to multiple > queues for better parallelism. > >> /** Destination queue for IPSEC events >> * >> - * Operations in asynchronous or inline mode enqueue resulting events >> + * Operations in asynchronous mode enqueue resulting events >> * into this queue. >> */ >> odp_queue_t dest_queue; > > So where do the inline processed packets end up? After this patch the > API would not say it. Input queues (pktins) of the inbound pktio, applying hashing configured on that pktio.... I guess. > >> >> - /** Classifier destination CoS for IPSEC result events >> - * >> - * Result events for successfully decapsulated packets are sent to >> - * classification through this CoS. Other result events are sent to >> - * 'dest_queue'. This field is considered only when 'pipeline' is >> - * ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared between any pktio >> - * interface default CoS. >> - */ >> - odp_cos_t dest_cos; >> - >> /** User defined SA context pointer >> * >> * User defined context pointer associated with the SA. >> diff --git a/include/odp/api/spec/packet_io.h b/include/odp/api/spec/packet_io.h >> index 8802089..0744b1a 100644 >> --- a/include/odp/api/spec/packet_io.h >> +++ b/include/odp/api/spec/packet_io.h >> @@ -1136,6 +1136,16 @@ uint64_t odp_pktin_ts_res(odp_pktio_t pktio); >> * @return Packet input timestamp >> */ >> odp_time_t odp_pktin_ts_from_ns(odp_pktio_t pktio, uint64_t ns); >> +/** >> + * Returns virtual IPSEC PKTIO for a given PKTIO interface. >> + * >> + * @param pktio Packet IO handle >> + * >> + * @return virtual IPSEC PKT IO handle. returns ODP_PKTIO_INVALID in case IPSec >> + * is not enabled on the PKTIO. >> + */ >> +odp_pktio_t odp_pktio_ipsec_pktio(odp_pktio_t pktio, uint64_t ns); >> + > > There is no explanation on what this virtual pktio is for and how it > can be used. > > Janne > >
Hi Janne, Thanks for your inputs. I have updated API descriptions/comments in v3 of the patch. Regards Nikhil -----Original Message----- From: lng-odp [mailto:lng-odp-bounces@lists.linaro.org] On Behalf Of Peltonen, Janne (Nokia - FI/Espoo) Sent: Friday, April 28, 2017 12:59 PM To: Nikhil Agarwal <nikhil.agarwal@linaro.org>; lng-odp@lists.linaro.org Subject: Re: [lng-odp] [API_NEXT v2] API: IPSEC: Updating ipsec APIs to support sNIC implementation. Hi, > -----Original Message----- > From: lng-odp [mailto:lng-odp-bounces@lists.linaro.org] On Behalf Of > Nikhil Agarwal > Sent: Friday, April 28, 2017 9:50 AM > To: lng-odp@lists.linaro.org > Subject: [lng-odp] [API_NEXT v2] API: IPSEC: Updating ipsec APIs to > support sNIC implementation. > > Signed-off-by: Nikhil Agarwal <nikhil.agarwal@linaro.org> > --- > include/odp/api/spec/ipsec.h | 62 +++++++++++++++++----------------------- > include/odp/api/spec/packet_io.h | 10 +++++++ > 2 files changed, 36 insertions(+), 36 deletions(-) > > diff --git a/include/odp/api/spec/ipsec.h > b/include/odp/api/spec/ipsec.h index e83494d..a2624ff 100644 > --- a/include/odp/api/spec/ipsec.h > +++ b/include/odp/api/spec/ipsec.h > @@ -59,8 +59,10 @@ typedef enum odp_ipsec_op_mode_t { > /** Inline IPSEC operation > * > * Packet input/output is connected directly to IPSEC inbound/outbound > - * processing. Application uses asynchronous or inline IPSEC > - * operations. > + * processing. Application may use asynchronous IPSEC operations. > + * Packet post IPSEC operations are delivered to PKTIO queues. Further > + * classification/Hashing(inbound) will be applicaed to packet post IPSEC as > + * defined in PKTIO configuration. > */ > ODP_IPSEC_OP_MODE_INLINE, The added comment is not valid for asynchronously processed packets which are also allowed in the inline operating mode. So maybe the inline-specific comment should be reformulated or located elsewhere. > > @@ -226,6 +228,24 @@ typedef struct odp_ipsec_outbound_config_t { > > } odp_ipsec_outbound_config_t; > > +typedef union odp_ipsec_protocols_t { > + /** Cipher algorithms */ > + struct { > + /** ODP_IPSEC_ESP */ > + uint32_t esp : 1; > + > + /** ODP_IPSEC_AH */ > + uint32_t ah : 1; > + > + } bit; > + > + /** All bits of the bit field structure > + * > + * This field can be used to set/clear all flags, or bitwise > + * operations over the entire structure. */ > + uint32_t all_bits; > +} odp_ipsec_protocols_t; > + > /** > * IPSEC capability > */ > @@ -264,6 +284,9 @@ typedef struct odp_ipsec_capability_t { > */ > uint8_t hard_limit_sec; > > + /** Supported ipsec Protocols */ > + odp_ipsec_protocols_t protocols; > + > /** Supported cipher algorithms */ > odp_crypto_cipher_algos_t ciphers; > > @@ -554,21 +577,6 @@ typedef enum odp_ipsec_lookup_mode_t { } > odp_ipsec_lookup_mode_t; > > /** > - * Result event pipeline configuration > - */ > -typedef enum odp_ipsec_pipeline_t { > - /** Do not pipeline */ > - ODP_IPSEC_PIPELINE_NONE = 0, > - > - /** Send IPSEC result events to the classifier. > - * > - * IPSEC capability 'pipeline_cls' determines if pipelined > - * classification is supported. */ > - ODP_IPSEC_PIPELINE_CLS > - > -} odp_ipsec_pipeline_t; > - > -/** > * IPSEC Security Association (SA) parameters > */ > typedef struct odp_ipsec_sa_param_t { @@ -632,31 +640,13 @@ typedef > struct odp_ipsec_sa_param_t { > */ > uint32_t mtu; > > - /** Select pipelined destination for IPSEC result events > - * > - * Asynchronous and inline modes generate result events. Select where > - * those events are sent. Inbound SAs may choose to use pipelined > - * classification. The default value is ODP_IPSEC_PIPELINE_NONE. > - */ > - odp_ipsec_pipeline_t pipeline; > - So for asynchronously processed packets this proposal removes the possibility of ODP distributing the packets decapsulated from one fat tunnel to multiple queues for better parallelism. > /** Destination queue for IPSEC events > * > - * Operations in asynchronous or inline mode enqueue resulting events > + * Operations in asynchronous mode enqueue resulting events > * into this queue. > */ > odp_queue_t dest_queue; So where do the inline processed packets end up? After this patch the API would not say it. > > - /** Classifier destination CoS for IPSEC result events > - * > - * Result events for successfully decapsulated packets are sent to > - * classification through this CoS. Other result events are sent to > - * 'dest_queue'. This field is considered only when 'pipeline' is > - * ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared between any pktio > - * interface default CoS. > - */ > - odp_cos_t dest_cos; > - > /** User defined SA context pointer > * > * User defined context pointer associated with the SA. > diff --git a/include/odp/api/spec/packet_io.h > b/include/odp/api/spec/packet_io.h > index 8802089..0744b1a 100644 > --- a/include/odp/api/spec/packet_io.h > +++ b/include/odp/api/spec/packet_io.h > @@ -1136,6 +1136,16 @@ uint64_t odp_pktin_ts_res(odp_pktio_t pktio); > * @return Packet input timestamp > */ > odp_time_t odp_pktin_ts_from_ns(odp_pktio_t pktio, uint64_t ns); > +/** > + * Returns virtual IPSEC PKTIO for a given PKTIO interface. > + * > + * @param pktio Packet IO handle > + * > + * @return virtual IPSEC PKT IO handle. returns ODP_PKTIO_INVALID in > +case IPSec > + * is not enabled on the PKTIO. > + */ > +odp_pktio_t odp_pktio_ipsec_pktio(odp_pktio_t pktio, uint64_t ns); > + There is no explanation on what this virtual pktio is for and how it can be used. Janne
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index e83494d..a2624ff 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -59,8 +59,10 @@ typedef enum odp_ipsec_op_mode_t { /** Inline IPSEC operation * * Packet input/output is connected directly to IPSEC inbound/outbound - * processing. Application uses asynchronous or inline IPSEC - * operations. + * processing. Application may use asynchronous IPSEC operations. + * Packet post IPSEC operations are delivered to PKTIO queues. Further + * classification/Hashing(inbound) will be applicaed to packet post IPSEC as + * defined in PKTIO configuration. */ ODP_IPSEC_OP_MODE_INLINE, @@ -226,6 +228,24 @@ typedef struct odp_ipsec_outbound_config_t { } odp_ipsec_outbound_config_t; +typedef union odp_ipsec_protocols_t { + /** Cipher algorithms */ + struct { + /** ODP_IPSEC_ESP */ + uint32_t esp : 1; + + /** ODP_IPSEC_AH */ + uint32_t ah : 1; + + } bit; + + /** All bits of the bit field structure + * + * This field can be used to set/clear all flags, or bitwise + * operations over the entire structure. */ + uint32_t all_bits; +} odp_ipsec_protocols_t; + /** * IPSEC capability */ @@ -264,6 +284,9 @@ typedef struct odp_ipsec_capability_t { */ uint8_t hard_limit_sec; + /** Supported ipsec Protocols */ + odp_ipsec_protocols_t protocols; + /** Supported cipher algorithms */ odp_crypto_cipher_algos_t ciphers; @@ -554,21 +577,6 @@ typedef enum odp_ipsec_lookup_mode_t { } odp_ipsec_lookup_mode_t; /** - * Result event pipeline configuration - */ -typedef enum odp_ipsec_pipeline_t { - /** Do not pipeline */ - ODP_IPSEC_PIPELINE_NONE = 0, - - /** Send IPSEC result events to the classifier. - * - * IPSEC capability 'pipeline_cls' determines if pipelined - * classification is supported. */ - ODP_IPSEC_PIPELINE_CLS - -} odp_ipsec_pipeline_t; - -/** * IPSEC Security Association (SA) parameters */ typedef struct odp_ipsec_sa_param_t { @@ -632,31 +640,13 @@ typedef struct odp_ipsec_sa_param_t { */ uint32_t mtu; - /** Select pipelined destination for IPSEC result events - * - * Asynchronous and inline modes generate result events. Select where - * those events are sent. Inbound SAs may choose to use pipelined - * classification. The default value is ODP_IPSEC_PIPELINE_NONE. - */ - odp_ipsec_pipeline_t pipeline; - /** Destination queue for IPSEC events * - * Operations in asynchronous or inline mode enqueue resulting events + * Operations in asynchronous mode enqueue resulting events * into this queue. */ odp_queue_t dest_queue; - /** Classifier destination CoS for IPSEC result events - * - * Result events for successfully decapsulated packets are sent to - * classification through this CoS. Other result events are sent to - * 'dest_queue'. This field is considered only when 'pipeline' is - * ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared between any pktio - * interface default CoS. - */ - odp_cos_t dest_cos; - /** User defined SA context pointer * * User defined context pointer associated with the SA. diff --git a/include/odp/api/spec/packet_io.h b/include/odp/api/spec/packet_io.h index 8802089..0744b1a 100644 --- a/include/odp/api/spec/packet_io.h +++ b/include/odp/api/spec/packet_io.h @@ -1136,6 +1136,16 @@ uint64_t odp_pktin_ts_res(odp_pktio_t pktio); * @return Packet input timestamp */ odp_time_t odp_pktin_ts_from_ns(odp_pktio_t pktio, uint64_t ns); +/** + * Returns virtual IPSEC PKTIO for a given PKTIO interface. + * + * @param pktio Packet IO handle + * + * @return virtual IPSEC PKT IO handle. returns ODP_PKTIO_INVALID in case IPSec + * is not enabled on the PKTIO. + */ +odp_pktio_t odp_pktio_ipsec_pktio(odp_pktio_t pktio, uint64_t ns); + /** * @}
Signed-off-by: Nikhil Agarwal <nikhil.agarwal@linaro.org> --- include/odp/api/spec/ipsec.h | 62 +++++++++++++++++----------------------- include/odp/api/spec/packet_io.h | 10 +++++++ 2 files changed, 36 insertions(+), 36 deletions(-) -- 2.9.3