1553 Commits

Author SHA1 Message Date
Vladimir Medvedkin
e1143d7dbb examples/ipsec-secgw: get rid of maximum SA limitation
Get rid of maximum SA limitation.
Keep parsed SA's into the sorted by SPI value array.
Use binary search in the sorted SA array to find appropriate SA
for a given SPI.

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-02-05 15:20:51 +01:00
Vladimir Medvedkin
df3e1d9489 examples/ipsec-secgw: integrate inbound SAD
Integrate ipsec SAD support into secgw app:

1. Use SAD library for inbound SA lookup
2. Changes in struct sa_ctx:
  - sa array allocates dynamically depending on number of configured sa
  - All SA's are kept one by one without using SPI2IDX
3. SP's userdata now contain index of SA in sa_ctx instead of SPI
4. Get rid of SPI2IDX macro

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-02-05 15:20:51 +01:00
Vladimir Medvedkin
8e499dff73 examples/ipsec-secgw: implement inbound SAD
Add initial support for librte_ipsec SAD library

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2020-02-05 15:20:51 +01:00
Pavan Nikhilesh
7efe28bd07 examples: use common macro RTE_DIM
Use RTE_DIM macro to calculate array size.

Suggested-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: David Marchand <david.marchand@redhat.com>
2020-02-05 14:37:41 +01:00
Pavan Nikhilesh
af76ee5043 examples/l3fwd: add graceful teardown for eventdev
Add graceful teardown that addresses both event mode and poll mode.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:05:22 +01:00
Pavan Nikhilesh
a434a02d5c examples/l3fwd: add event em main loop
Add em main loop for handling events based on capabilities of the
event device.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:05:19 +01:00
Pavan Nikhilesh
99fc91d180 examples/l3fwd: add event lpm main loop
Add lpm main loop for handling events based on capabilities of the
event device.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:05:16 +01:00
Pavan Nikhilesh
8bd537e9c6 examples/l3fwd: add service core setup based on caps
Add service core setup when eventdev and Rx/Tx adapter don't have
internal port capability.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:05:13 +01:00
Pavan Nikhilesh
4eaf90cc18 examples/l3fwd: add event eth Rx/Tx adapter setup
Add event eth Rx/Tx adapter setup for both generic and internal port
event device pipelines.

Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:05:10 +01:00
Sunil Kumar Kori
aaf58cb85b examples/l3fwd: add event port and queue setup
Add event device queue and port setup based on event eth Tx adapter
capabilities.

Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:05:04 +01:00
Sunil Kumar Kori
a65bf3d724 examples/l3fwd: add ethdev setup based on eventdev
Add ethernet port Rx/Tx queue setup for event device which are later
used for setting up event eth Rx/Tx adapters.

Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:05:00 +01:00
Pavan Nikhilesh
ebc88e4e7f examples/l3fwd: add event device configuration
Add event device configuration based on the capabilities of the
probed event device.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:04:51 +01:00
Sunil Kumar Kori
9176e1fceb examples/l3fwd: split pipelines based on capability
Add infra to split eventdev framework based on event Tx adapter
capability.
If event Tx adapter has internal port capability then we use
`rte_event_eth_tx_adapter_enqueue` to transmitting packets else
we use a SINGLE_LINK event queue to enqueue packets to a service
core which is responsible for transmitting packets.

Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:04:44 +01:00
Sunil Kumar Kori
e2de1f7bb9 examples/l3fwd: add framework for event device
Add framework to enable event device as a producer of packets.
To switch between event mode and poll mode the following options
have been added:
	`--mode="eventdev"` or `--mode="poll"`
Allow the user to select the schedule type to be either
RTE_SCHED_TYPE_ORDERED, RTE_SCHED_TYPE_ATOMIC or RTE_SCHED_TYPE_PARALLEL
through:
	`--eventq-sched="ordered"` or `--eventq-sched="atomic"` or
		`--eventq-sched="parallel"`
Allow the user to specify the number of Rx queues to be connected to
event queue using:
	`--event-eth-rxqs`

Poll mode is still the default operation mode.

Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
2020-01-28 10:04:25 +01:00
Xiaoyun Li
28a2568f46 examples/ntb: fix mempool ops setting
Mempool ops may register in different order when compiling. The default
ops index is always zero but the wanted ops is ring_mp_mc. This patch
sets best mempool ops before generating mbuf pool to fix this issue.

Fixes: 5194299d6ef5 ("examples/ntb: support more functions")
Cc: stable@dpdk.org

Signed-off-by: Xiaoyun Li <xiaoyun.li@intel.com>
2020-01-20 10:39:06 +01:00
Jin Yu
1da2925f19 examples/vhost_blk: check unused value on init
Add the assert to handle error.

Coverity issue: 350592
Fixes: c19beb3f38cd ("examples/vhost_blk: introduce vhost storage sample")
Cc: stable@dpdk.org

Signed-off-by: Jin Yu <jin.yu@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
2020-01-17 19:46:01 +01:00
Savinay Dharmappa
71d9e6fb2a examples/ipsec-secgw: fix crash on unsupported algo
If algo is NULL set the status to error and return. This change
prevent crashing of ipsec-secgw application when a specific
cipher/auth/aead algo are not supported by application.

Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")
Cc: stable@dpdk.org

Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2020-01-15 16:45:04 +01:00
Pavan Nikhilesh
f09d45db53 examples/l2fwd-event: fix ethdev RSS setup
Setup RSS configuration based on underlying device capabilities.

Fixes: 4ff457986f76 ("examples/l2fwd-event: add default poll mode routines")
Cc: stable@dpdk.org

Signed-off-by: Satananda Burla <sburla@marvell.com>
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
2020-01-14 21:37:51 +01:00
Pavan Nikhilesh
345a22d5ec examples/l2fwd-event: fix event device config
Always enable implicit release since we don't support explicit release
in datapath.
Master lcore is used only for printing stats so don't allocate event
port for it.
Fix service launch for event device without distributed scheduling.

Fixes: bcb6f841d42a ("examples/l2fwd-event: setup service core")
Cc: stable@dpdk.org

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
2020-01-14 20:20:15 +01:00
Bruce Richardson
f26c2b39b2 build: fix soname info for 19.11 compatibility
The soname for each stable ABI version should be just the ABI version major
number without the minor number. Unfortunately both major and minor were
used causing version 20.1 to be incompatible with 20.0.

This patch fixes the issue by switching from 2-part to 3-part ABI version
numbers so that we can keep 20.0 as soname and using the final digits to
identify the 20.x releases which are ABI compatible. This requires changes
to both make and meson builds to handle the three-digit version and shrink
it to 2-digit for soname.

The final fix needed in this patch is to adjust the library version number
for the ethtool example library, which needs to be upped to 2-digits, as
external libraries using the DPDK build system also use the logic in this
file.

Fixes: cba806e07d6f ("build: change ABI versioning to global")

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Tested-by: Ray Kinsella <mdr@ashroe.eu>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Tested-by: Kevin Laatz <kevin.laatz@intel.com>
Tested-by: David Marchand <david.marchand@redhat.com>
2019-12-19 16:18:21 +01:00
Sucharitha Sarananaga
51b9292ee0 examples/fips_validation: fix vectors for AES-GCM
Test vectors for AES-GCM need to be populated by using aead member
and not cipher_auth. Using incorrect member would result in failures
when AES-GCM with non-zero AAD is tried.

Bugzilla ID: 360
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
2019-11-28 16:09:48 +01:00
Stephen Hemminger
66cb1916f6 examples/l2fwd-event: add missing SPDX license header
Add same tag as other files in this example.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
2019-11-28 03:12:55 +01:00
Bruce Richardson
1fe0bd0acd examples/ioat: fix possible null dereference
When searching for raw devices with the correct type, we check the driver
name using strcmp, without first checking that the call to info get
succeeded and assigned a value to that pointer.

If the call to get the device info fails, we can treat it as if the device
didn't match, and continue the loop, so the easiest fix is just to skip the
strcmp if the driver_name is null. [A non-null value from a previous failed
match is ok as it too causes the same behaviour of another loop iteration].

Coverity issue: 350353
Fixes: 2328542ed84e ("examples/ioat: add rawdev copy mode")

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-11-26 17:26:08 +01:00
Bruce Richardson
e1bc8c50fc examples/ioat: handle error when querying number of stats
To get the amount of memory needed for stats, we call the xstats_get_names
function with a NULL parameter, which can return -1 on error. This negative
value was not previously handled correctly, so we adjust things to quit the
stats printing routine if this basic call fails.

Coverity issue: 350346
Fixes: 632bcd9b5d4f ("examples/ioat: print statistics")

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-11-26 17:26:08 +01:00
Bruce Richardson
92c981637f examples/ioat: handle failure case for ioat dequeue
On a failure with the ioat dequeue, -1 is returned, which was not properly
handled. This could lead to out-of-bounds reads on a later loop which
assumed a positive return value. Fix this by treating an error as though a
dequeue of 0 had been encountered.

Coverity issue: 350342
Coverity issue: 350349
Fixes: 2328542ed84e ("examples/ioat: add rawdev copy mode")

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-11-26 17:26:08 +01:00
Pavan Nikhilesh
8b33aa7ee2 examples/l2fwd-event: check function errors
Validate `rte_eth_link_get_nowait`, `rte_service_map_lcore_set` and
`rte_eth_dev_info_get` return values.

Coverity issue: 350600
Coverity issue: 350601
Coverity issue: 350602

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
2019-11-26 07:49:30 +01:00
Stephen Hemminger
06710448c9 remove blank lines at end of file
Remove trailing blank lines. They serve no purpose and are just
editor leftovers.
These can cause git to complain about whitespace errors during merges.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
2019-11-26 00:12:08 +01:00
Stephen Hemminger
6b124806a3 examples/multi_process: fix client crash with sparse ports
The mp_client crashes if run on Azure or any system where ethdev
ports are owned. In that case, the tx_buffer and tx_stats for the
real port were initialized correctly, but the wrong port was used.

For example if the server has Ports 3 and 5. Then calling
rte_eth_tx_buffer_flush on any other buffer will dereference null
because the tx buffer for that port was not allocated.

Also:
   - the flush code is common enough that it should not be marked
     unlikely
   - combine conditions to reduce indentation
   - avoid unnecessary if() if sent is zero.

Fixes: e2366e74e029 ("examples: use buffered Tx")
Cc: stable@dpdk.org

Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Acked-by: Matan Azrad <matan@mellanox.com>
2019-11-25 23:52:00 +01:00
Stephen Hemminger
1f41d98c20 examples/multi_process: check server port validity
The mp_server incorrectly allows a port mask that included hidden
ports and which later caused either lost packets or failed initialization.

This fixes explicitly checking that each bit in portmask is a
valid port before using it.

Fixes: 5b7ba31148a8 ("ethdev: add port ownership")
Cc: stable@dpdk.org

Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Acked-by: Matan Azrad <matan@mellanox.com>
2019-11-25 23:51:55 +01:00
Shahaf Shuler
39a19ae03d mbuf: extend mbuf pool private structure
With the API and ABI freeze ahead, it will be good to reserve
some bits on the private structure for future use.

Otherwise we will potentially need to maintain two different
private structure during 2020 period.

There is already one use case for those reserved bits[1]

The reserved field should be set to 0 by the user.

[1] https://patches.dpdk.org/patch/63077/

Signed-off-by: Shahaf Shuler <shahafs@mellanox.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
2019-11-25 22:44:46 +01:00
Bruce Richardson
69b1bb49ed examples: hide error for missing pkg-config path flag
Some versions of pkg-config don't support the --path flag, which is not a
fatal error when building the apps. Without the flag, the makefile just
cannot track the .pc file of DPDK as a dependency of the build. Therefore,
we can ignore the error and suppress it by redirecting to /dev/null the
stderr from that call to pkg-config.

Fixes: 22119c4591a0 ("examples: use pkg-config in makefiles")
Cc: stable@dpdk.org

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-11-20 22:48:32 +01:00
Bruce Richardson
12a652a02b examples: fix build with old pkg-config
Not all versions of pkg-config in distros have support for the
--define-prefix flag [1], causing errors when building examples manually or
with test-meson-builds.sh script [2].

For the former case, we need to remove the hard-coded use of the flag in
the Makefiles.

For the latter case, the flag is necessary for builds to succeed, so we
skip the tests when it's not present, passing it as part of the pkg-config
command if it is supported.

[1]
CentOS Linux release 7.7.1908 (Core)
pkg-config version 0.27.1

[2]
 ## Building cmdline
Unknown option --define-prefix
gmake: Entering directory
`...ild-x86-default/install-root/usr/local/share/dpdk/examples/cmdline'
rm -f build/cmdline build/cmdline-static build/cmdline-shared
test -d build && rmdir -p build || true
Unknown option --define-prefix
Unknown option --define-prefix
gcc -O3  main.c commands.c parse_obj_list.c -o build/cmdline-shared
main.c:14:28: fatal error: cmdline_rdline.h: No such file or directory

Fixes: ca9268529d2b ("examples: support relocated DPDK install")
Fixes: 7f80a2102bbb ("devtools: test pkg-config file")
Cc: stable@dpdk.org

Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-11-20 22:47:15 +01:00
Reshma Pattan
5fde1a7592 net: use IPV4 VHL constant
Use new macro RTE_IPV4_VHL_DEF instead of IP_VHL_DEF
wherever applicable.

Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Hyong Youb Kim <hyonkim@cisco.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-11-20 17:36:06 +01:00
Fan Zhang
82cfb9c24f examples/fips_validation: fix auth verify
Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing")
Cc: stable@dpdk.org

This patch fixes the incorrect mbuf write and digest memory leak in
fips_validation authentication verify.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
2019-11-20 12:35:51 +01:00
Stephen Hemminger
1dc48bce51 examples/ipsec-segw: add SPDX license tag
Add missing BSD license tag to IPsec examples.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2019-11-20 12:35:51 +01:00
Lukasz Bartosik
742be57872 examples/ipsec-secgw: fix default configuration
Update default configuration of ipsec-secgw:
1.In ep0.cfg change SPI value used by two inbound IPv6 security
policies from 15 to 115 and 16 to 116 to point to existing inbound
SAs. There are no inbound SAs with SPI value 15, 16.
- In ep1.cfg change SPI value used by two outbound IPv6 security
policies from 15 to 115 and 16 to 116 to point to existing outbound
SAs. There are no outbound SAs with SPI value 15, 16. Add missing
priority parameter in two inbound IPv4 security policies.

Fixes: 60a94afefc84 ("examples/ipsec-secgw: add sample configuration files")
Cc: stable@dpdk.org

Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-20 12:35:51 +01:00
David Marchand
264a1598c5 examples/l2fwd: fix build warning with system wide install
Caught when compiling this example with pkg-config:

 ## Building l2fwd
 ...
 main.c: In function ‘main’:
 main.c:716:3: warning: ‘rte_eth_dev_set_ptypes’ is deprecated: Symbol
 is not yet part of stable ABI [-Wdeprecated-declarations]
   716 |   ret = rte_eth_dev_set_ptypes(portid, RTE_PTYPE_UNKNOWN, NULL,
       |   ^~~
 In file included from main.c:38:
 ...build-x86-default/install-root/usr/local/include/rte_ethdev.h:2661:5:
 note: declared here
  2661 | int rte_eth_dev_set_ptypes(uint16_t port_id, uint32_t
 ptype_mask,
       |     ^~~~~~~~~~~~~~~~~~~~~~
 ln -sf l2fwd-shared build/l2fwd

Fixes: 9731df2e7554 ("examples/l2fwd: disable packet type parsing")

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-11-12 18:16:20 +01:00
David Hunt
0f2f911deb examples/vm_power: fix no port in guest
If there are no ports available to the guest cli application, it will
exit when setting up the default policy because it fails to set the mac
address. This should not be the case, as this example can be used for
many other use cases that do not need ports.

If ports not found, simply set nb_mac_to_monitor in the policy to zero
and continue.

Fixes: 70febdcfd60f ("examples: check status of getting MAC address")

Signed-off-by: David Hunt <david.hunt@intel.com>
Acked-by: Lei Yao <lei.a.yao@intel.com>
2019-11-12 08:26:25 +01:00
David Hunt
31c9a66465 examples/vm_power: fix OOB frequency oscillations
The branch ratio algorithm in the vm_power_manager sample application
can be very sensitive at patricular loads in a workload, causing
oscillations between min and max frequency. For example, if a
workload is at 50%, scaling up may change the ratio
enough that it immediately thinks it needs to scale down again.

This patch introduces a sliding window recording the scale up/down
direction for the last 32 samples, and scales up if any samples indicate
we should scale up, otherwise scale down. Each core has it's own window.

Fixes: 4b1a631b8a8a ("examples/vm_power: add oob monitoring functions")
Cc: stable@dpdk.org

Signed-off-by: David Hunt <david.hunt@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
2019-11-12 08:21:57 +01:00
Pavan Nikhilesh
9731df2e75 examples/l2fwd: disable packet type parsing
Disable packet type parsing as l2fwd doesn't rely on packet types.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-11-11 16:15:37 +01:00
Pavan Nikhilesh
4c634d7392 examples/eventdev: add new Rx RSS hash offload
Since pipeline_generic uses `rte_mbuf:#️⃣:rss` add the new Rx offload
flag `DEV_RX_OFFLOAD_RSS_HASH` to inform PMD to copy the RSS hash result
into the mbuf.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-11-11 16:15:37 +01:00
Pavan Nikhilesh
5392ebc0e1 examples/eventdev: split port init sequence
Split port initialization sequence based on event device capabilities.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-11-11 16:15:37 +01:00
Jin Yu
c19beb3f38 examples/vhost_blk: introduce vhost storage sample
A Vhost-blk example that support inflight feature. It uses the
new APIs that introduced in the first patch, so it can show how these
APIs work to support inflight feature.

Signed-off-by: Jin Yu <jin.yu@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
2019-11-11 14:23:02 +01:00
Konstantin Ananyev
6909014946 examples/ipsec-secgw: fix library mode selection in tests
Right now majority of lib mode functional tests enable
library mode with '-w N' option.
It worked till recently, as legacy mode didn't support replay window.
Now it changed.
To fix - use '-l' option to enable library mode explicitly.

Fixes: 929784452094 ("examples/ipsec-secgw: add scripts for functional test")

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
0f56ca1aae ipsec: remove redundant replay window size
The rte_security lib has introduced replay_win_sz,
so it can be removed from the rte_ipsec lib.

The relevant tests, app are also update to reflect
the usages.

Note that esn and anti-replay fileds were earlier used
only for ipsec library, they were enabling the libipsec
by default. With this change esn and anti-replay setting
will not automatically enabled libipsec.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Vakul Garg
2fcf3f70d1 examples/ipsec-secgw: fix SHA256-HMAC digest length
As per RFC4868, SHA-256 should use 128 bits of ICV.
Fixes: b5350285ce6e ("examples/ipsec-secgw: support SHA256 HMAC")
Cc: stable@dpdk.org

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Marcin Smoczynski
ce00b504f1 examples/ipsec-secgw: fix GCM IV length
The example IPsec application does not work properly when using
AES-GCM with crypto_openssl.

ESP with AES-GCM uses standard 96bit long algorithm IV ([1]) which
later concatenated with be32(1) forms a J0 block. GCM specification
([2], chapter 7.1) states that when length of IV is different than
96b, in order to format a J0 block, GHASH function must be used.

According to specification ([2], chapter 5.1.1) GCM implementations
should support standard 96bit IVs, other lengths are optional. Every
DPDK cryptodev supports 96bit IV and few of them supports 128bit
IV as well (openssl, mrvl, ccp). When passing iv::length=16 to a
cryptodev which does support standard IVs only (e.g. qat) it
implicitly uses starting 96 bits. On the other hand, openssl follows
specification and uses GHASH to compute J0 for that case which results
in different than expected J0 values used for encryption/decryption.

Fix an inability to use AES-GCM with crypto_openssl by changing IV
length to the standard value of 12.

[1] RFC4106, section "4. Nonce format" and "3.1. Initialization Vector"
    https://tools.ietf.org/html/rfc4106
[2] NIST SP800-38D
    https://csrc.nist.gov/publications/detail/sp/800-38d/final

Fixes: 0fbd75a99f ("cryptodev: move IV parameters to session")
Cc: stable@dpdk.org

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Marcin Smoczynski
403e9d914b examples/ipsec-secgw: add offload fallback tests
Add tests for offload fallback feature; add inbound config modificator
SGW_CFG_XPRM_IN (offload fallback setting can be set only for inbound
SAs). Tests are using cryptodev for outbound SA.

To test fragmentation with QAT set:
MULTI_SEG_TEST="--reassemble=4096 --cryptodev_mask=0x5555"

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Bernard Iremonger <bernard.iremonger@intel.com>
2019-11-08 13:51:16 +01:00
Marcin Smoczynski
bba1db3520 examples/ipsec-secgw: add fragment TTL option
Due to fragment loss on highly saturated links and long fragment
lifetime, ipsec-secgw application quickly runs out of free reassembly
buckets. As a result new fragments are being dropped.

Introduce --frag-ttl option which allow user to lower default fragment
lifetime which solves problem of saturated reassembly buckets with high
bandwidth fragmented traffic.

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2019-11-08 13:51:16 +01:00
Marcin Smoczynski
ba66534fc7 examples/ipsec-secgw: support fallback session
Inline processing is limited to a specified subset of traffic. It is
often unable to handle more complicated situations, such as fragmented
traffic. When using inline processing such traffic is dropped.

Introduce fallback session for inline crypto processing allowing
handling packets that normally would be dropped. A fallback session is
configured by adding 'fallback' keyword with 'lookaside-none' parameter
to an SA configuration. Only 'inline-crypto-offload" as a primary
session and 'lookaside-none' as a fall-back session combination is
supported by this patch.

Fallback session feature is not available in the legacy mode.

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Bernard Iremonger <bernard.iremonger@intel.com>
2019-11-08 13:51:16 +01:00