Commit Graph

20 Commits

Author SHA1 Message Date
Akhil Goyal
f63ffee26f security: restore experimental tag for unimplemented APIs
Following APIs are not currently implemented by any of the
drivers, so marking them as rte_experimental again.

Fixes: 1a81dce780 ("security: remove experimental tag")

rte_security_get_userdata;
rte_security_session_stats_get;
rte_security_session_update;

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-11-23 02:03:33 +01:00
Akhil Goyal
1a81dce780 security: remove experimental tag
rte_security has been experimental since DPDK 17.11 release.
Now the library has matured and expermental tag is removed in
this patch.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Boris Pismenny <borisp@mellanox.com>
2018-11-18 22:31:30 +01:00
Akhil Goyal
8b593b8cbf security: support PDCP
Packet Data Convergence Protocol (PDCP) is added in rte_security
for 3GPP TS 36.323 for LTE.

The patchset provide the structure definitions for configuring the
PDCP sessions and relevant documentation is added.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
2018-10-24 15:12:33 +02:00
Radu Nicolau
8a29f519ef security: fix crash on destroy null session
rte_security_session_destroy should return -EINVAL if session is NULL,
but segfaults because of rte_mempool_from_obj(NULL) call.

Fixes: c261d1431b ("security: introduce security API and framework")
Cc: stable@dpdk.org

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-07-11 00:57:51 +02:00
Hemant Agrawal
92c210f0b4 security: change to SPDX license tags
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-07-11 00:57:51 +02:00
Anoob Joseph
2f533cb325 security: extend userdata for IPsec events
Extending 'userdata' to be used for IPsec events too.

IPsec events would have some metadata which would uniquely identify the
security session for which the event is raised. But application would
need some construct which it can understand. The 'userdata' solves a
similar problem for inline processed inbound traffic. Updating the
documentation to extend the usage of 'userdata'.

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-04-23 18:20:10 +01:00
Anoob Joseph
807b94b851 security: add ESN soft limit in config
Adding ESN soft limit in conf. This will be used in case of protocol
offload. Per SA, application could specify for what ESN the security
device need to notify application. In case of eth dev(inline protocol),
rte_eth_event framework would raise an IPsec event.

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-04-23 18:20:10 +01:00
Bruce Richardson
6c9457c279 build: replace license text with SPDX tag
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: Luca Boccassi <bluca@debian.org>
2018-01-30 21:58:59 +01:00
Bruce Richardson
5b9656b157 lib: build with meson
Add non-EAL libraries to DPDK build. The compat lib is a special case,
along with the previously-added EAL, but all other libs can be build using
the same set of commands, where the individual meson.build files only need
to specify their dependencies, source files, header files and ABI versions.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: Harry van Haaren <harry.van.haaren@intel.com>
Acked-by: Keith Wiles <keith.wiles@intel.com>
Acked-by: Luca Boccassi <luca.boccassi@gmail.com>
2018-01-30 17:49:16 +01:00
Zhiyong Yang
513942f07c cryptodev: fix session pointer cast
The wrong casts don't cause actual error, but they should conform to C
standard.

Fixes: c261d1431b ("security: introduce security API and framework")
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Cc: stable@dpdk.org

Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-01-29 20:22:33 +01:00
Neil Horman
a6ec31597a mk: add experimental tag check
Add checks during build to ensure that all symbols in the EXPERIMENTAL
version map section have __experimental tags on their definitions, and
enable the warnings needed to announce their use.  Also add an
ALLOW_EXPERIMENTAL_APIS define to allow individual libraries and files
to declare the acceptability of experimental api usage

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2018-01-29 23:35:29 +01:00
Neil Horman
77b7b81e32 add experimental tag to appropriate functions
Append the __rte_experimental tag to api calls appearing in the
EXPERIMENTAL section of their libraries version map

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2018-01-29 23:35:29 +01:00
Radu Nicolau
ba201f5547 security: get session size
Add function to get security session size.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-20 16:10:52 +01:00
Anoob Joseph
1a08c379b9 security: support user data retrieval
In case of inline protocol processed ingress traffic, the packet may not
have enough information to determine the security parameters with which
the packet was processed. In such cases, application could get metadata
from the packet which could be used to identify the security parameters
with which the packet was processed.

Application could register "userdata" with the security session, and
this could be retrieved from the metadata of inline processed packets.
The metadata returned by "rte_security_get_pkt_metadata()" will be
device specific. Also the driver is expected to return the application
registered "userdata" as is, without any modifications.

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-01-20 16:10:20 +01:00
Akhil Goyal
009ac7157c security: fix enum start value
enum should be initialized with 1 so that unitialized(memset)
memory may not be treated as a valid enum value.

Fixes: c261d1431b ("security: introduce security API and framework")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-20 16:08:34 +01:00
Nélio Laranjeiro
9ee625c2cf security: fix pedantic compilation
/x86_64-native-linuxapp-gcc/include/rte_security.h:229:8:
error: struct has no members [-Werror=pedantic]
  struct rte_security_macsec_xform {
         ^~~~~~~~~~~~~~~~~~~~~~~~~
/x86_64-native-linuxapp-gcc/include/rte_security.h:453:3:
error: struct has no members [-Werror=pedantic]
    struct {
    ^~~~~~

Fixes: c261d1431b ("security: introduce security API and framework")
Cc: stable@dpdk.org

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-01-20 16:08:34 +01:00
Nélio Laranjeiro
9265ef805d security: fix device operation type
Device operation pointers should be constant to avoid any modification
while it is in use.

Fixes: c261d1431b ("security: introduce security API and framework")
Cc: stable@dpdk.org

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-01-20 16:08:34 +01:00
Bruce Richardson
369991d997 lib: use SPDX tag for Intel copyright files
Replace the BSD license header with the SPDX tag for files
with only an Intel copyright on them.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2018-01-04 22:41:39 +01:00
Akhil Goyal
db1ae72336 security: fix anonymous unions in structure definitions
Fixes: c261d1431b ("security: introduce security API and framework")

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-11-10 02:53:05 +01:00
Akhil Goyal
c261d1431b security: introduce security API and framework
rte_security library provides APIs for security session
create/free for protocol offload or offloaded crypto
operation to ethernet device.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
2017-10-26 03:10:51 +02:00