The device-specific metadata was stored in the deprecated field udata64.
It is moved to a dynamic mbuf field in order to allow removal of udata64.
The name rte_security_dynfield is not very descriptive
but it should be replaced later by separate fields for each type of data
that drivers pass to the upper layer.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Haiyue Wang <haiyue.wang@intel.com>
will contains the decrypted packet only. The driver Rx path checks the
descriptors and based on the crypto status sets additional flags in
``rte_mbuf.ol_flags`` field. The driver would also set device-specific
-metadata in ``rte_mbuf.udata64`` field. This will allow the application
-to identify the security processing done on the packet.
+metadata in ``RTE_SECURITY_DYNFIELD_NAME`` field.
+This will allow the application to identify the security processing
+done on the packet.
.. note::
.. note::
- In case of inline processed packets, ``rte_mbuf.udata64`` field would be
- used by the driver to relay information on the security processing
+ In case of inline processed packets, ``RTE_SECURITY_DYNFIELD_NAME`` field
+ would be used by the driver to relay information on the security processing
associated with the packet. In ingress, the driver would set this in Rx
path while in egress, ``rte_security_set_pkt_metadata()`` would perform a
similar operation. The application is expected not to modify the field
if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
return -ENOTSUP;
+ if (rte_security_dynfield_register() < 0)
+ return -rte_errno;
+
if (rte_mempool_get(mempool, (void **)&priv)) {
otx2_err("Could not allocate security session private data");
return -ENOMEM;
struct rte_mbuf *m, void *params __rte_unused)
{
/* Set security session as the pkt metadata */
- m->udata64 = (uint64_t)session;
+ *rte_security_dynfield(m) = (rte_security_dynfield_t)session;
return 0;
}
get_sec_session_private_data(session);
if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
union ixgbe_crypto_tx_desc_md *mdata =
- (union ixgbe_crypto_tx_desc_md *)&m->udata64;
+ (union ixgbe_crypto_tx_desc_md *)
+ rte_security_dynfield(m);
mdata->enc = 1;
mdata->sa_idx = ic_session->sa_index;
mdata->pad_len = ixgbe_crypto_compute_pad_len(m);
return -ENOMEM;
}
}
+ if (rte_security_dynfield_register() < 0)
+ return -rte_errno;
return 0;
}
#include <rte_mbuf.h>
#include <rte_ether.h>
#include <rte_ethdev_driver.h>
+#include <rte_security_driver.h>
#include <rte_prefetch.h>
#include <rte_udp.h>
#include <rte_tcp.h>
if (use_ipsec) {
union ixgbe_crypto_tx_desc_md *ipsec_mdata =
(union ixgbe_crypto_tx_desc_md *)
- &tx_pkt->udata64;
+ rte_security_dynfield(tx_pkt);
tx_offload.sa_idx = ipsec_mdata->sa_idx;
tx_offload.sec_pad_len = ipsec_mdata->pad_len;
}
}
ixgbe_set_xmit_ctx(txq, ctx_txd, tx_ol_req,
- tx_offload, &tx_pkt->udata64);
+ tx_offload,
+ rte_security_dynfield(tx_pkt));
txe->last_id = tx_last;
tx_id = txe->next_id;
#include <rte_kvargs.h>
#include <rte_mbuf.h>
#include <rte_mempool.h>
+#include <rte_security_driver.h>
#include <rte_string_fns.h>
#include <rte_time.h>
struct rte_mbuf *m, void *params __rte_unused)
{
/* Set security session as the pkt metadata */
- m->udata64 = (uint64_t)session;
+ *rte_security_dynfield(m) = (rte_security_dynfield_t)session;
return 0;
}
!(dev->rx_offloads & DEV_RX_OFFLOAD_SECURITY))
return 0;
+ if (rte_security_dynfield_register() < 0)
+ return -rte_errno;
+
nb_sa = dev->ipsec_in_max_spi;
mz_sz = nb_sa * sa_width;
in_sa_mz_name_get(name, RTE_MEMZONE_NAMESIZE, port);
struct nix_iova_s nix_iova;
} *sd;
- priv = get_sec_session_private_data((void *)(m->udata64));
+ priv = get_sec_session_private_data((void *)(*rte_security_dynfield(m)));
sess = &priv->ipsec.ip;
sa = &sess->out_sa;
spi = cq->tag & 0xFFFFF;
sa = nix_rx_sec_sa_get(lookup_mem, spi, m->port);
- m->udata64 = (uint64_t)sa->userdata;
+ *rte_security_dynfield(m) = sa->udata64;
data = rte_pktmbuf_mtod(m, char *);
* with the security session.
*/
- if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) {
+ if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD &&
+ rte_security_dynfield_is_registered()) {
struct ipsec_sa *sa;
struct ipsec_mbuf_metadata *priv;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
/* Retrieve the userdata registered. Here, the userdata
* registered is the SA pointer.
*/
-
- sa = (struct ipsec_sa *)
- rte_security_get_userdata(ctx, pkt->udata64);
-
+ sa = (struct ipsec_sa *)rte_security_get_userdata(ctx,
+ *rte_security_dynfield(pkt));
if (sa == NULL) {
/* userdata could not be retrieved */
return;
"Inbound security offload failed\n");
goto drop_pkt_and_exit;
}
- sa = pkt->userdata;
+ sa = *(struct ipsec_sa **)rte_security_dynfield(pkt);
}
/* Check if we have a match */
"Inbound security offload failed\n");
goto drop_pkt_and_exit;
}
- sa = pkt->userdata;
+ sa = *(struct ipsec_sa **)rte_security_dynfield(pkt);
}
/* Check if we have a match */
}
if (sess->security.ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
- pkt->userdata = sess->security.ses;
+ *(struct rte_security_session **)rte_security_dynfield(pkt) =
+ sess->security.ses;
/* Mark the packet for Tx security offload */
pkt->ol_flags |= PKT_TX_SEC_OFFLOAD;
}
/* Save security session */
- pkt->userdata = sess_tbl[port_id];
+ if (rte_security_dynfield_is_registered())
+ *(struct rte_security_session **)
+ rte_security_dynfield(pkt) =
+ sess_tbl[port_id];
/* Mark the packet for Tx security offload */
pkt->ol_flags |= PKT_TX_SEC_OFFLOAD;
RTE_PTR_OR_ERR_RET(p1->p2->p3, last_retval); \
} while (0)
+#define RTE_SECURITY_DYNFIELD_NAME "rte_security_dynfield_metadata"
+int rte_security_dynfield_offset = -1;
+
+int
+rte_security_dynfield_register(void)
+{
+ static const struct rte_mbuf_dynfield dynfield_desc = {
+ .name = RTE_SECURITY_DYNFIELD_NAME,
+ .size = sizeof(rte_security_dynfield_t),
+ .align = __alignof__(rte_security_dynfield_t),
+ };
+ rte_security_dynfield_offset =
+ rte_mbuf_dynfield_register(&dynfield_desc);
+ return rte_security_dynfield_offset;
+}
+
struct rte_security_session *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_mbuf.h>
+#include <rte_mbuf_dyn.h>
#include <rte_memory.h>
#include <rte_mempool.h>
rte_security_session_destroy(struct rte_security_ctx *instance,
struct rte_security_session *sess);
+/** Device-specific metadata field type */
+typedef uint64_t rte_security_dynfield_t;
+/** Dynamic mbuf field for device-specific metadata */
+extern int rte_security_dynfield_offset;
+
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice
+ *
+ * Get pointer to mbuf field for device-specific metadata.
+ *
+ * For performance reason, no check is done,
+ * the dynamic field may not be registered.
+ * @see rte_security_dynfield_is_registered
+ *
+ * @param mbuf packet to access
+ * @return pointer to mbuf field
+ */
+__rte_experimental
+static inline rte_security_dynfield_t *
+rte_security_dynfield(struct rte_mbuf *mbuf)
+{
+ return RTE_MBUF_DYNFIELD(mbuf,
+ rte_security_dynfield_offset,
+ rte_security_dynfield_t *);
+}
+
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice
+ *
+ * Check whether the dynamic field is registered.
+ *
+ * @return true if rte_security_dynfield_register() has been called.
+ */
+__rte_experimental
+static inline bool rte_security_dynfield_is_registered(void)
+{
+ return rte_security_dynfield_offset >= 0;
+}
+
/**
* Updates the buffer with device-specific defined metadata
*
struct rte_security_session *sess,
struct rte_security_stats *stats);
+__rte_experimental
+int rte_security_dynfield_register(void);
+
/**
* Update the mbuf with provided metadata.
*
EXPERIMENTAL {
global:
+ rte_security_dynfield_offset;
+ rte_security_dynfield_register;
rte_security_get_userdata;
rte_security_session_stats_get;
rte_security_session_update;
git.droids-corp.org / dpdk.git / commitdiff