d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/aesni_mb: add single operation functionality

Browse Source 
Update driver to use new AESNI Multibuffer IPSec library single
operation functionality (cipher only and authentication only).
This patch also adds tests for this new feature.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This commit is contained in:
Pablo de Lara 2016-12-19 17:29:02 +00:00
parent 21c0a80e11
commit 8772c3f713
7 changed files with 170 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
app/test/test_cryptodev.c
View File

@ -1465,6 +1465,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
return TEST_SUCCESS;
}
static int
test_AES_cipheronly_mb_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
int status;
status = test_blockcipher_all_tests(ts_params->mbuf_pool,
ts_params->op_mpool, ts_params->valid_devs[0],
RTE_CRYPTODEV_AESNI_MB_PMD,
BLKCIPHER_AES_CIPHERONLY_TYPE);
TEST_ASSERT_EQUAL(status, 0, "Test failed");
return TEST_SUCCESS;
}
static int
test_authonly_mb_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
int status;
status = test_blockcipher_all_tests(ts_params->mbuf_pool,
ts_params->op_mpool, ts_params->valid_devs[0],
RTE_CRYPTODEV_AESNI_MB_PMD,
BLKCIPHER_AUTHONLY_TYPE);
TEST_ASSERT_EQUAL(status, 0, "Test failed");
return TEST_SUCCESS;
}
static int
test_AES_chain_mb_all(void)
{
@ -6575,6 +6607,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = {
.teardown = testsuite_teardown,
.unit_test_cases = {
TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),
TEST_CASES_END() /**< NULL terminate unit test array */
}

36
app/test/test_cryptodev_aes_test_vectors.h
View File

@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
.test_data = &aes_test_data_4,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CBC Decryption",
.test_data = &aes_test_data_4,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CBC Encryption",
.test_data = &aes_test_data_10,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CBC Decryption",
.test_data = &aes_test_data_10,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CBC Encryption",
.test_data = &aes_test_data_11,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CBC Decryption",
.test_data = &aes_test_data_11,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CTR Encryption",
.test_data = &aes_test_data_1,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CTR Decryption",
.test_data = &aes_test_data_1,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CTR Encryption",
.test_data = &aes_test_data_2,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CTR Decryption",
.test_data = &aes_test_data_2,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CTR Encryption",
.test_data = &aes_test_data_3,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CTR Decryption",
.test_data = &aes_test_data_3,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_QAT
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
};

54
app/test/test_cryptodev_hash_test_vectors.h
View File

@ -97,7 +97,8 @@ hmac_md5_test_vector = {
0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE,
0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B
},
.len = 16
.len = 16,
.truncated_len = 12
}
};
@ -139,7 +140,8 @@ hmac_sha1_test_vector = {
0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
0x3F, 0x91, 0x64, 0x59
},
.len = 20
.len = 20,
.truncated_len = 12
}
};
@ -184,7 +186,8 @@ hmac_sha224_test_vector = {
0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F,
0x92, 0xF6, 0xAA, 0x19
},
.len = 28
.len = 28,
.truncated_len = 14
}
};
@ -229,7 +232,8 @@ hmac_sha256_test_vector = {
0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77,
0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17
},
.len = 32
.len = 32,
.truncated_len = 16
}
};
@ -280,7 +284,8 @@ hmac_sha384_test_vector = {
0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0,
0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E
},
.len = 48
.len = 48,
.truncated_len = 24
}
};
@ -337,7 +342,8 @@ hmac_sha512_test_vector = {
0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87,
0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20
},
.len = 64
.len = 64,
.truncated_len = 32
}
};
@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-MD5 Digest",
.test_data = &hmac_md5_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-MD5 Digest Verify",
.test_data = &hmac_md5_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA1 Digest",
@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA1 Digest",
.test_data = &hmac_sha1_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA1 Digest Verify",
.test_data = &hmac_sha1_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA224 Digest",
@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA224 Digest",
.test_data = &hmac_sha224_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA224 Digest Verify",
.test_data = &hmac_sha224_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA256 Digest",
@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA256 Digest",
.test_data = &hmac_sha256_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA256 Digest Verify",
.test_data = &hmac_sha256_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA384 Digest",
@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA384 Digest",
.test_data = &hmac_sha384_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA384 Digest Verify",
.test_data = &hmac_sha384_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA512 Digest",
@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA512 Digest",
.test_data = &hmac_sha512_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA512 Digest Verify",
.test_data = &hmac_sha512_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
BLOCKCIPHER_TEST_TARGET_PMD_MB
},
};

2
doc/guides/cryptodevs/aesni_mb.rst
View File

@ -62,8 +62,6 @@ Limitations
-----------
* Chained mbufs are not supported.
* Hash only is not supported.
* Cipher only is not supported.
* Only in-place is currently supported (destination address is the same as source address).
* Only supports session-oriented API implementation (session-less APIs are not supported).

1
doc/guides/rel_notes/release_17_02.rst
View File

@ -159,6 +159,7 @@ New Features
* The Intel(R) Multi Buffer Crypto for IPsec library used in
AESNI MB PMD has been moved to a new repository, in GitHub.
* Support for single operations (cipher only and authentication only).
* **Added Elastic Flow Distributor library (rte_efd).**

91
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
View File

@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
}
/** Get xform chain order */
static int
static enum aesni_mb_operation
aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
{
/*
* Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained
* operations, all other options are invalid, so we must have exactly
* 2 xform structs chained together
*/
if (xform->next == NULL || xform->next->next != NULL)
return -1;
if (xform == NULL)
return AESNI_MB_OP_NOT_SUPPORTED;
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
return HASH_CIPHER;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
if (xform->next == NULL)
return AESNI_MB_OP_CIPHER_ONLY;
if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
return AESNI_MB_OP_CIPHER_HASH;
}
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
return CIPHER_HASH;
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
if (xform->next == NULL)
return AESNI_MB_OP_HASH_ONLY;
if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
return AESNI_MB_OP_HASH_CIPHER;
}
return -1;
return AESNI_MB_OP_NOT_SUPPORTED;
}
/** Set session authentication parameters */
@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
{
hash_one_block_t hash_oneblock_fn;
if (xform == NULL) {
sess->auth.algo = NULL_HASH;
return 0;
}
if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
MB_LOG_ERR("Crypto xform struct not of type auth");
return -1;
}
/* Select auth generate/verify */
sess->auth.operation = xform->auth.op;
/* Set Authentication Parameters */
if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
sess->auth.algo = AES_XCBC;
@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
{
aes_keyexp_t aes_keyexp_fn;
if (xform == NULL) {
sess->cipher.mode = NULL_CIPHER;
return 0;
}
if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
MB_LOG_ERR("Crypto xform struct not of type cipher");
return -1;
@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
/* Select Crypto operation - hash then cipher / cipher then hash */
switch (aesni_mb_get_chain_order(xform)) {
case HASH_CIPHER:
case AESNI_MB_OP_HASH_CIPHER:
sess->chain_order = HASH_CIPHER;
auth_xform = xform;
cipher_xform = xform->next;
break;
case CIPHER_HASH:
case AESNI_MB_OP_CIPHER_HASH:
sess->chain_order = CIPHER_HASH;
auth_xform = xform->next;
cipher_xform = xform;
break;
case AESNI_MB_OP_HASH_ONLY:
sess->chain_order = HASH_CIPHER;
auth_xform = xform;
cipher_xform = NULL;
break;
case AESNI_MB_OP_CIPHER_ONLY:
/*
* Multi buffer library operates only at two modes,
* CIPHER_HASH and HASH_CIPHER. When doing ciphering only,
* chain order depends on cipher operation: encryption is always
* the first operation and decryption the last one.
*/
if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
sess->chain_order = CIPHER_HASH;
else
sess->chain_order = HASH_CIPHER;
auth_xform = NULL;
cipher_xform = xform;
break;
case AESNI_MB_OP_NOT_SUPPORTED:
default:
MB_LOG_ERR("Unsupported operation chain order parameter");
return -1;
@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
}
/* Set digest output location */
if (job->cipher_direction == DECRYPT) {
if (job->hash_alg != NULL_HASH &&
session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
get_digest_byte_length(job->hash_alg));
@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
(struct rte_crypto_op *)job->user_data;
struct rte_mbuf *m_dst =
(struct rte_mbuf *)job->user_data2;
struct aesni_mb_session *sess;
if (op == NULL || m_dst == NULL)
return NULL;
@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
if (unlikely(job->status != STS_COMPLETED)) {
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
return op;
} else if (job->chain_order == HASH_CIPHER) {
/* Verify digest if required */
if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
job->auth_tag_output_len_in_bytes) != 0)
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
} else if (job->hash_alg != NULL_HASH) {
sess = (struct aesni_mb_session *)op->sym->session->_private;
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
/* Verify digest if required */
if (memcmp(job->auth_tag_output,
op->sym->auth.digest.data,
job->auth_tag_output_len_in_bytes) != 0)
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
/* trim area used for digest from mbuf */
rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg));
/* trim area used for digest from mbuf */
rte_pktmbuf_trim(m_dst,
get_digest_byte_length(job->hash_alg));
}
}
/* Free session if a session-less crypto op */

9
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
View File

@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo)
return auth_digest_byte_lengths[algo];
}
enum aesni_mb_operation {
AESNI_MB_OP_HASH_CIPHER,
AESNI_MB_OP_CIPHER_HASH,
AESNI_MB_OP_HASH_ONLY,
AESNI_MB_OP_CIPHER_ONLY,
AESNI_MB_OP_NOT_SUPPORTED
};
/** private data structure for each virtual AESNI device */
struct aesni_mb_private {
@ -185,6 +192,8 @@ struct aesni_mb_session {
/** Authentication Parameters */
struct {
JOB_HASH_ALG algo; /**< Authentication Algorithm */
enum rte_crypto_auth_operation operation;
/**< auth operation generate or verify */
union {
struct {
uint8_t inner[128] __rte_aligned(16);