The device-specific metadata was stored in the deprecated field udata64.
It is moved to a dynamic mbuf field in order to allow removal of udata64.
The name rte_security_dynfield is not very descriptive
but it should be replaced later by separate fields for each type of data
that drivers pass to the upper layer.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Haiyue Wang <haiyue.wang@intel.com>
The API ``rte_security_session_create`` takes only single
mempool for session and session private data. So the
application need to create mempool for twice the number of
sessions needed and will also lead to wastage of memory as
session private data need more memory compared to session.
Hence the API is modified to take two mempool pointers
- one for session and one for private data.
This is very similar to crypto based session create APIs.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Reviewed-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Tested-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Add support for DOCSIS protocol to rte_security library. This support
currently comprises the combination of Crypto and CRC operations.
Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Valid checks for optional function pointers inside dev-ops
were disabled by undefined macro.
Fixes: b6ee98547847 ("security: fix verification of parameters")
Cc: stable@dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Fix session counter to be decreased in rte_security_session_destroy
only when session was successfully destroyed.
Formerly session counter was decreased prior session destroying
and returning session object to mempool. It remained decreased even
if session was not destroyed and mempool object released making counter
invalid.
Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds verification of the parameters to the ret_security API
functions. All required parameters are checked if they are not NULL.
Checks verify full chain of pointers, e.g. in case of verification of
"instance->ops->session_XXX", they check also "instance"
and "instance->ops".
Fixes: c261d1431bd8 ("security: introduce security API and framework")
Fixes: 1a08c379b9b5 ("security: support user data retrieval")
Cc: stable@dpdk.org
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
We had some inconsistencies between functions prototypes and actual
definitions.
Let's avoid this by only adding the experimental tag to the prototypes.
Tests with gcc and clang show it is enough.
git grep -l __rte_experimental |grep \.c$ |while read file; do
sed -i -e '/^__rte_experimental$/d' $file;
sed -i -e 's/ *__rte_experimental//' $file;
sed -i -e 's/__rte_experimental *//' $file;
done
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Following APIs are not currently implemented by any of the
drivers, so marking them as rte_experimental again.
Fixes: 1a81dce780a0 ("security: remove experimental tag")
rte_security_get_userdata;
rte_security_session_stats_get;
rte_security_session_update;
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
rte_security has been experimental since DPDK 17.11 release.
Now the library has matured and expermental tag is removed in
this patch.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Boris Pismenny <borisp@mellanox.com>
Packet Data Convergence Protocol (PDCP) is added in rte_security
for 3GPP TS 36.323 for LTE.
The patchset provide the structure definitions for configuring the
PDCP sessions and relevant documentation is added.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
rte_security_session_destroy should return -EINVAL if session is NULL,
but segfaults because of rte_mempool_from_obj(NULL) call.
Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The wrong casts don't cause actual error, but they should conform to C
standard.
Fixes: c261d1431bd8 ("security: introduce security API and framework")
Fixes: b3bbd9e5f265 ("cryptodev: support device independent sessions")
Cc: stable@dpdk.org
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Append the __rte_experimental tag to api calls appearing in the
EXPERIMENTAL section of their libraries version map
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
In case of inline protocol processed ingress traffic, the packet may not
have enough information to determine the security parameters with which
the packet was processed. In such cases, application could get metadata
from the packet which could be used to identify the security parameters
with which the packet was processed.
Application could register "userdata" with the security session, and
this could be retrieved from the metadata of inline processed packets.
The metadata returned by "rte_security_get_pkt_metadata()" will be
device specific. Also the driver is expected to return the application
registered "userdata" as is, without any modifications.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
