RE: [PATCH v3 1/2] security: add fallback security processing and Rx inject
From: Akhil Goyal <hidden>
Date: 2023-10-09 20:11:31
Subject: [PATCH v3 1/2] security: add fallback security processing and Rx inject Add alternate datapath API for security processing which would do Rx injection (similar to loopback) after successful security processing. With inline protocol offload, variable part of the session context (AR windows, lifetime etc in case of IPsec), is not accessible to the application. If packets are not getting processed in the inline path due to non security reasons (such as outer fragmentation or rte_flow packet steering limitations), then the packet cannot be security processed as the session context is private to the PMD and security library doesn't provide alternate APIs to make use of the same session. Introduce new API and Rx injection as fallback mechanism to security processing failures due to non-security reasons. For example, when there is outer fragmentation and PMD doesn't support reassembly of outer fragments, application would receive fragments which it can then reassemble. Post successful reassembly, packet can be submitted for security processing and Rx inject. The packets can be then received in the application as normal inline protocol processed packets. Same API can be leveraged in lookaside protocol offload mode to inject packet to Rx. This would help in using rte_flow based packet parsing after security processing. For example, with IPsec, this will help in flow splitting after IPsec processing is done. In both inline protocol capable ethdevs and lookaside protocol capable cryptodevs, the packet would be received back in eth port & queue based on rte_flow rules and packet parsing after security processing. The API would behave like a loopback but with the additional security processing. Signed-off-by: Anoob Joseph <redacted> Signed-off-by: Vidya Sagar Velumuri <redacted> --- v3: * Resolved compilation error with 32 bit build
Series Acked-by: Akhil Goyal [off-list ref] Please add release notes for the new feature.