According to the API, AES-CCM has special requirements
when setting IV and AAD fields.
The L2fwd-crypto app is updated to set the nonce (IV)
and AAD in the right positions in these two fields
(1 byte after start of IV field and 18 bytes after start
of AAD).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
According to the API, AES-CCM has special requirements
when setting IV and AAD fields.
The L2fwd-crypto app is updated to set the nonce (IV)
and AAD in the right positions in these two fields
(1 byte after start of IV field and 18 bytes after start
of AAD).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
AES-CCM algorithm has some restrictions when
handling nonce (IV) and AAD information.
As the API stated, the nonce needs to be place 1 byte
after the start of the IV field. This field needs
to be 16 bytes long, regardless the length of the nonce,
but it is important to clarify that the first byte
and the padding added after the nonce may be modified
by the PMDs using this algorithm.
Same happens with the AAD. It needs to be placed 18 bytes
after the start of the AAD field. The field also needs
to be multiple of 16 bytes long and all memory reserved
(the first bytes and the padding (may be modified by the PMDs).
Lastly, nonce is not needed to be placed in the first 16 bytes
of the AAD, as the API stated, as that depends on the PMD
used, so the comment has been removed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
In order to improve memory utilization, a single mempool
is created, containing the crypto operation and mbufs
(one if operation is in-place, two if out-of-place).
This way, a single object is allocated and freed
per operation, reducing the amount of memory in cache,
which improves scalability.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for multiple queue pairs, when there are
more logical cores available than crypto devices enabled.
For instance, if there are 4 cores available and
2 crypto devices, each device will have two queue pairs.
This is useful to have multiple logical cores using
a single crypto device, without needing to initialize
a crypto device per core.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
For throughput and latency tests, it is not required
to populate the mbufs with any test vector.
For verify test, there is already a function that rewrites
the mbufs every time they are going to be used with
crypto operations.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
When running the verify test, mbufs in the pool were
populated with the test vector loaded from a file.
To avoid limiting the number of operations to the pool size,
mbufs will be rewritten with the test vector, before
linking them to the crypto operations.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Instead of parsing number of segments, from the command line,
parse segment size, as it is a more usual case to have
the segment size fixed and then different packet sizes
will require different number of segments.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Since DPDK 17.08, there is specific parameters
for AEAD algorithm, like AES-GCM. When verifying
crypto operations with test vectors, the parser
was not reading AEAD data (such as IV or key).
Fixes: 8a5b494a7f ("app/test-crypto-perf: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Instead of prepending the AAD (Additional Authenticated Data)
in the mbuf, it is easier to set after the crypto operation,
as it is a read-only value, like the IV, and then it is not
restricted to the size of the mbuf headroom.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Currently, there is some duplication in all the test types,
in the crypto performance application.
In order to improve maintainability of this code,
and ease future work on it, common functions have been separated
in a different file that gets included in all the tests.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Currently, in order to get the name of a crypto device,
a user needs to access to it using the crypto device structure.
It is a better practise to have a function to retrieve this
name, given a device id.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
When using DES-CBC, packet size has to be multiple
of 8 bytes, but if a list of packets is provided.
the check was not correct.
Fixes: fc4600fb25 ("app/crypto-perf: add extra option checks")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
The Multi-buffer library now supports DES-CBC
and DES-DOCSISBPI algorithms, so this commit
extends adds support for them in the PMD.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
IPSec Multi-buffer library v0.47 has been released,
which includes, among other features, support for DES-CBC
and DES-DOCSIS.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
Since the crypto perf application is flexible enough
to cover all the crypto performance tests, these are not needed
anymore, so they will be removed to avoid duplications.
Besides, the crypto perf application gives the user more options
to get performance, for every single supported algorithm,
such as varying the buffer size as the user wants.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Naming convention for crypto drivers is "rte_pmd_<name>_version.map"
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Naming convention for crypto drivers is "rte_pmd_<name>_version.map"
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This patch adds a new benchmarking mode, which is intended for
microbenchmarking individual parts of the cryptodev framework,
specifically crypto ops alloc-build-free, cryptodev PMD enqueue
and cryptodev PMD dequeue.
It works by first benchmarking crypto operation alloc-build-free
loop (no enqueues/dequeues happening), and then benchmarking
enqueue and dequeue separately, by first completely filling up the
TX queue, and then completely draining the RX queue.
Results are shown as cycle counts per alloc/build/free, PMD enqueue
and PMD dequeue.
One new test mode is added: "pmd-cyclecount"
(called with --ptest=pmd-cyclecount)
New command-line argument is also added:
--pmd-cyclecount-delay-ms: this is a pmd-cyclecount-specific parameter
that controls the delay between enqueue and dequeue. This is
useful for benchmarking hardware acceleration, as hardware may
not be able to keep up with enqueued packets. This parameter
can be increased if there are large amounts of dequeue
retries.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This parameter makes number of cryptodev descriptors adjustable
and defaults to earlier hardcoded default of 2048.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Don't write CSR tail until we processed enough TX descriptors.
To avoid crypto operations sitting in the TX ring indefinitely,
the "force write" threshold is used:
- on TX, no tail write coalescing will occur if number of inflights
is below force write threshold
- on RX, check if we have a number of crypto ops enqueued that is
below force write threshold that are not yet submitted to
processing.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Don't write CSR head until we processed enough RX descriptors.
Also delay marking them as free until we are writing CSR head.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Replacing atomics in the QAT driver with simple 16-bit integers for
number of inflight packets.
This adds a new limitation to the QAT driver: each queue pair is
now explicitly single-threaded.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Setting an invalid session in the crypto op results in SEGFAULT because
the JOB user_data was never set to the crypto op.
Fixes: 0f548b50a1 ("crypto/aesni_mb: process crypto op on dequeue")
Cc: stable@dpdk.org
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Now that PMDs do not need extra space in the mbuf
to store temporarily the digest when verifying
an authentication tag, it is not required to allocate
more memory in the mbufs passed to cryptodev.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When register a crypto driver, a cryptodev driver
structure was being allocated, using malloc.
Since this call may fail, it is safer to allocate
this memory statically in each PMD, so driver registration
will never fail.
Coverity issue: 158645
Fixes: 7a364faef1 ("cryptodev: remove crypto device type enumeration")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Reviewed-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
When data length passed to the PMD was zero,
the PMD was trying to get more data from a non-existent
next segment.
Fixes: 9c2a5775c0 ("crypto/aesni_gcm: migrate from MB library to ISA-L")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Reviewed-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Key and algo are added in the openssl ctx during
session initialization instead of adding it for
each packet, since it remains constant for that session,
improving the performance.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
in case of HMAC the openssl APIs HMAC_XXX give
better performance for all HMAC cases as compared with
EVP_XXX
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
errno should be initialized to 0 before calling strtol
Fixes: 1df9c0109f ("examples/l2fwd-crypto: parse key parameters")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Reviewed-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
This is not required to be printed for every mempool call.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Reviewed-by: Santosh Shukla <santosh.shukla@caviumnetworks.com>
In func ixgbe_dev_link_update(), "link.link_autoneg" is used in func
call rte_ixgbe_dev_atomic_write_link_status(), but is uninitialized.
Fixes: 82113036e4 ("ethdev: redesign link speed config")
Cc: stable@dpdk.org
Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
Acked-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
This reverts commit a1e7c17555.
Original commit assumes there is 1:1 mapping between physical device and
ethdev port, so that device name can be used per port instead of ethdev
name field.
But one physical device may have multiple ethdev ports and each port
needs its own unique name.
One issue reported here:
http://dpdk.org/ml/archives/users/2017-September/002484.html
So reverting back the commit to continue using ethdev name field per
port.
Fixes: a1e7c17555 ("ethdev: use device name from device structure")
Cc: stable@dpdk.org
Reported-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
This patch add a API configuration of queue region in rss.
It can parse the parameters of region index, queue number,
queue start index, user priority, traffic classes and so on.
According to commands from command line, it will call i40e
private API and start the process of set or flush queue region
configure. As this feature is specific for i40e, so private API
will be used. Aslo add a document for these new commands.
Queue region only support PF by now, so this document is
only for configuration of queue region on PF port.
Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
This feature enable queue regions configuration for RSS in PF,
so that different traffic classes or different packet
classification types can be separated to different queues in
different queue regions.This patch can set queue region range,
it include queue number in a region and the index of first queue.
This patch enable mapping between different priorities (UP) and
different traffic classes.It also enable mapping between a region
index and a sepcific flowtype(PCTYPE).It also provide the solution
of flush all configuration about queue region the above described.
Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
When a VF port is bound to VFIO-PIC, only miscellaneous interrupt
is mapped to VFIO vector 0 in eth_ixgbevf_dev_init( ).
In ixgbevf_dev_start(), if previous VFIO interrupt mapping set in
eth_ixgbevf_dev_init( ) is not cleard, it will fail when calling
rte_intr_enable( ) tries to map Rx queue interrupt to other VFIO
vectors. This patch clears the VFIO interrupt mappings before
setting both miscellaneous and Rx queue interrupt mappings again
to avoid failure.
Fixes: 77234603fb ("net/ixgbe: support VF mailbox interrupt for link up/down")
Cc: stable@dpdk.org
Signed-off-by: Wei Dai <wei.dai@intel.com>
Acked-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Tested-by: Jianwei Ma <jianwei.ma@intel.com>
When a VF port is bound to VFIO-PCI, miscellaneous interrupt is
mapped to MSI-X vector 0 and Rx queues interrupt are mapped to
other vectors in vfio_enable_msix( ). To simplify implementation,
all VFIO-PCI bound ixgbe VF Rx queue interrupts can be mapped in
vector 1. And as current igb_uio only support only one vector,
ixgbe VF PMD should use vector 0 for igb_uio and vector 1 for
VFIO-PCI. Without this patch, VF Rx queue interrupt is mapped
to vector 0 in register settings and mapped to VFIO vector 1
in vfio_enable_msix( ), and then all Rx queue interrupts will
be missed.
Fixes: b13bfab4cd ("eal: reserve VFIO vector zero for misc interrupt")
Cc: stable@dpdk.org
Signed-off-by: Wei Dai <wei.dai@intel.com>
Acked-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Tested-by: Jianwei Ma <jianwei.ma@intel.com>
