Get rid of maximum SA limitation.
Keep parsed SA's into the sorted by SPI value array.
Use binary search in the sorted SA array to find appropriate SA
for a given SPI.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Integrate ipsec SAD support into secgw app:
1. Use SAD library for inbound SA lookup
2. Changes in struct sa_ctx:
- sa array allocates dynamically depending on number of configured sa
- All SA's are kept one by one without using SPI2IDX
3. SP's userdata now contain index of SA in sa_ctx instead of SPI
4. Get rid of SPI2IDX macro
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Add initial support for librte_ipsec SAD library
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Use RTE_DIM macro to calculate array size.
Suggested-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: David Marchand <david.marchand@redhat.com>
Add graceful teardown that addresses both event mode and poll mode.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add em main loop for handling events based on capabilities of the
event device.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add lpm main loop for handling events based on capabilities of the
event device.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add service core setup when eventdev and Rx/Tx adapter don't have
internal port capability.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add event eth Rx/Tx adapter setup for both generic and internal port
event device pipelines.
Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add event device queue and port setup based on event eth Tx adapter
capabilities.
Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add ethernet port Rx/Tx queue setup for event device which are later
used for setting up event eth Rx/Tx adapters.
Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add event device configuration based on the capabilities of the
probed event device.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add infra to split eventdev framework based on event Tx adapter
capability.
If event Tx adapter has internal port capability then we use
`rte_event_eth_tx_adapter_enqueue` to transmitting packets else
we use a SINGLE_LINK event queue to enqueue packets to a service
core which is responsible for transmitting packets.
Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add framework to enable event device as a producer of packets.
To switch between event mode and poll mode the following options
have been added:
`--mode="eventdev"` or `--mode="poll"`
Allow the user to select the schedule type to be either
RTE_SCHED_TYPE_ORDERED, RTE_SCHED_TYPE_ATOMIC or RTE_SCHED_TYPE_PARALLEL
through:
`--eventq-sched="ordered"` or `--eventq-sched="atomic"` or
`--eventq-sched="parallel"`
Allow the user to specify the number of Rx queues to be connected to
event queue using:
`--event-eth-rxqs`
Poll mode is still the default operation mode.
Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Mempool ops may register in different order when compiling. The default
ops index is always zero but the wanted ops is ring_mp_mc. This patch
sets best mempool ops before generating mbuf pool to fix this issue.
Fixes: 5194299d6ef5 ("examples/ntb: support more functions")
Cc: stable@dpdk.org
Signed-off-by: Xiaoyun Li <xiaoyun.li@intel.com>
If algo is NULL set the status to error and return. This change
prevent crashing of ipsec-secgw application when a specific
cipher/auth/aead algo are not supported by application.
Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")
Cc: stable@dpdk.org
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Always enable implicit release since we don't support explicit release
in datapath.
Master lcore is used only for printing stats so don't allocate event
port for it.
Fix service launch for event device without distributed scheduling.
Fixes: bcb6f841d42a ("examples/l2fwd-event: setup service core")
Cc: stable@dpdk.org
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
The soname for each stable ABI version should be just the ABI version major
number without the minor number. Unfortunately both major and minor were
used causing version 20.1 to be incompatible with 20.0.
This patch fixes the issue by switching from 2-part to 3-part ABI version
numbers so that we can keep 20.0 as soname and using the final digits to
identify the 20.x releases which are ABI compatible. This requires changes
to both make and meson builds to handle the three-digit version and shrink
it to 2-digit for soname.
The final fix needed in this patch is to adjust the library version number
for the ethtool example library, which needs to be upped to 2-digits, as
external libraries using the DPDK build system also use the logic in this
file.
Fixes: cba806e07d6f ("build: change ABI versioning to global")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Tested-by: Ray Kinsella <mdr@ashroe.eu>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Tested-by: Kevin Laatz <kevin.laatz@intel.com>
Tested-by: David Marchand <david.marchand@redhat.com>
Test vectors for AES-GCM need to be populated by using aead member
and not cipher_auth. Using incorrect member would result in failures
when AES-GCM with non-zero AAD is tried.
Bugzilla ID: 360
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Add same tag as other files in this example.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
When searching for raw devices with the correct type, we check the driver
name using strcmp, without first checking that the call to info get
succeeded and assigned a value to that pointer.
If the call to get the device info fails, we can treat it as if the device
didn't match, and continue the loop, so the easiest fix is just to skip the
strcmp if the driver_name is null. [A non-null value from a previous failed
match is ok as it too causes the same behaviour of another loop iteration].
Coverity issue: 350353
Fixes: 2328542ed84e ("examples/ioat: add rawdev copy mode")
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
To get the amount of memory needed for stats, we call the xstats_get_names
function with a NULL parameter, which can return -1 on error. This negative
value was not previously handled correctly, so we adjust things to quit the
stats printing routine if this basic call fails.
Coverity issue: 350346
Fixes: 632bcd9b5d4f ("examples/ioat: print statistics")
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
On a failure with the ioat dequeue, -1 is returned, which was not properly
handled. This could lead to out-of-bounds reads on a later loop which
assumed a positive return value. Fix this by treating an error as though a
dequeue of 0 had been encountered.
Coverity issue: 350342
Coverity issue: 350349
Fixes: 2328542ed84e ("examples/ioat: add rawdev copy mode")
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Remove trailing blank lines. They serve no purpose and are just
editor leftovers.
These can cause git to complain about whitespace errors during merges.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
The mp_client crashes if run on Azure or any system where ethdev
ports are owned. In that case, the tx_buffer and tx_stats for the
real port were initialized correctly, but the wrong port was used.
For example if the server has Ports 3 and 5. Then calling
rte_eth_tx_buffer_flush on any other buffer will dereference null
because the tx buffer for that port was not allocated.
Also:
- the flush code is common enough that it should not be marked
unlikely
- combine conditions to reduce indentation
- avoid unnecessary if() if sent is zero.
Fixes: e2366e74e029 ("examples: use buffered Tx")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Acked-by: Matan Azrad <matan@mellanox.com>
The mp_server incorrectly allows a port mask that included hidden
ports and which later caused either lost packets or failed initialization.
This fixes explicitly checking that each bit in portmask is a
valid port before using it.
Fixes: 5b7ba31148a8 ("ethdev: add port ownership")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Acked-by: Matan Azrad <matan@mellanox.com>
With the API and ABI freeze ahead, it will be good to reserve
some bits on the private structure for future use.
Otherwise we will potentially need to maintain two different
private structure during 2020 period.
There is already one use case for those reserved bits[1]
The reserved field should be set to 0 by the user.
[1] https://patches.dpdk.org/patch/63077/
Signed-off-by: Shahaf Shuler <shahafs@mellanox.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Some versions of pkg-config don't support the --path flag, which is not a
fatal error when building the apps. Without the flag, the makefile just
cannot track the .pc file of DPDK as a dependency of the build. Therefore,
we can ignore the error and suppress it by redirecting to /dev/null the
stderr from that call to pkg-config.
Fixes: 22119c4591a0 ("examples: use pkg-config in makefiles")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Not all versions of pkg-config in distros have support for the
--define-prefix flag [1], causing errors when building examples manually or
with test-meson-builds.sh script [2].
For the former case, we need to remove the hard-coded use of the flag in
the Makefiles.
For the latter case, the flag is necessary for builds to succeed, so we
skip the tests when it's not present, passing it as part of the pkg-config
command if it is supported.
[1]
CentOS Linux release 7.7.1908 (Core)
pkg-config version 0.27.1
[2]
## Building cmdline
Unknown option --define-prefix
gmake: Entering directory
`...ild-x86-default/install-root/usr/local/share/dpdk/examples/cmdline'
rm -f build/cmdline build/cmdline-static build/cmdline-shared
test -d build && rmdir -p build || true
Unknown option --define-prefix
Unknown option --define-prefix
gcc -O3 main.c commands.c parse_obj_list.c -o build/cmdline-shared
main.c:14:28: fatal error: cmdline_rdline.h: No such file or directory
Fixes: ca9268529d2b ("examples: support relocated DPDK install")
Fixes: 7f80a2102bbb ("devtools: test pkg-config file")
Cc: stable@dpdk.org
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing")
Cc: stable@dpdk.org
This patch fixes the incorrect mbuf write and digest memory leak in
fips_validation authentication verify.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Add missing BSD license tag to IPsec examples.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Update default configuration of ipsec-secgw:
1.In ep0.cfg change SPI value used by two inbound IPv6 security
policies from 15 to 115 and 16 to 116 to point to existing inbound
SAs. There are no inbound SAs with SPI value 15, 16.
- In ep1.cfg change SPI value used by two outbound IPv6 security
policies from 15 to 115 and 16 to 116 to point to existing outbound
SAs. There are no outbound SAs with SPI value 15, 16. Add missing
priority parameter in two inbound IPv4 security policies.
Fixes: 60a94afefc84 ("examples/ipsec-secgw: add sample configuration files")
Cc: stable@dpdk.org
Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Caught when compiling this example with pkg-config:
## Building l2fwd
...
main.c: In function ‘main’:
main.c:716:3: warning: ‘rte_eth_dev_set_ptypes’ is deprecated: Symbol
is not yet part of stable ABI [-Wdeprecated-declarations]
716 | ret = rte_eth_dev_set_ptypes(portid, RTE_PTYPE_UNKNOWN, NULL,
| ^~~
In file included from main.c:38:
...build-x86-default/install-root/usr/local/include/rte_ethdev.h:2661:5:
note: declared here
2661 | int rte_eth_dev_set_ptypes(uint16_t port_id, uint32_t
ptype_mask,
| ^~~~~~~~~~~~~~~~~~~~~~
ln -sf l2fwd-shared build/l2fwd
Fixes: 9731df2e7554 ("examples/l2fwd: disable packet type parsing")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
If there are no ports available to the guest cli application, it will
exit when setting up the default policy because it fails to set the mac
address. This should not be the case, as this example can be used for
many other use cases that do not need ports.
If ports not found, simply set nb_mac_to_monitor in the policy to zero
and continue.
Fixes: 70febdcfd60f ("examples: check status of getting MAC address")
Signed-off-by: David Hunt <david.hunt@intel.com>
Acked-by: Lei Yao <lei.a.yao@intel.com>
The branch ratio algorithm in the vm_power_manager sample application
can be very sensitive at patricular loads in a workload, causing
oscillations between min and max frequency. For example, if a
workload is at 50%, scaling up may change the ratio
enough that it immediately thinks it needs to scale down again.
This patch introduces a sliding window recording the scale up/down
direction for the last 32 samples, and scales up if any samples indicate
we should scale up, otherwise scale down. Each core has it's own window.
Fixes: 4b1a631b8a8a ("examples/vm_power: add oob monitoring functions")
Cc: stable@dpdk.org
Signed-off-by: David Hunt <david.hunt@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Since pipeline_generic uses `rte_mbuf:#️⃣:rss` add the new Rx offload
flag `DEV_RX_OFFLOAD_RSS_HASH` to inform PMD to copy the RSS hash result
into the mbuf.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
A Vhost-blk example that support inflight feature. It uses the
new APIs that introduced in the first patch, so it can show how these
APIs work to support inflight feature.
Signed-off-by: Jin Yu <jin.yu@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Right now majority of lib mode functional tests enable
library mode with '-w N' option.
It worked till recently, as legacy mode didn't support replay window.
Now it changed.
To fix - use '-l' option to enable library mode explicitly.
Fixes: 929784452094 ("examples/ipsec-secgw: add scripts for functional test")
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
The rte_security lib has introduced replay_win_sz,
so it can be removed from the rte_ipsec lib.
The relevant tests, app are also update to reflect
the usages.
Note that esn and anti-replay fileds were earlier used
only for ipsec library, they were enabling the libipsec
by default. With this change esn and anti-replay setting
will not automatically enabled libipsec.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
As per RFC4868, SHA-256 should use 128 bits of ICV.
Fixes: b5350285ce6e ("examples/ipsec-secgw: support SHA256 HMAC")
Cc: stable@dpdk.org
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The example IPsec application does not work properly when using
AES-GCM with crypto_openssl.
ESP with AES-GCM uses standard 96bit long algorithm IV ([1]) which
later concatenated with be32(1) forms a J0 block. GCM specification
([2], chapter 7.1) states that when length of IV is different than
96b, in order to format a J0 block, GHASH function must be used.
According to specification ([2], chapter 5.1.1) GCM implementations
should support standard 96bit IVs, other lengths are optional. Every
DPDK cryptodev supports 96bit IV and few of them supports 128bit
IV as well (openssl, mrvl, ccp). When passing iv::length=16 to a
cryptodev which does support standard IVs only (e.g. qat) it
implicitly uses starting 96 bits. On the other hand, openssl follows
specification and uses GHASH to compute J0 for that case which results
in different than expected J0 values used for encryption/decryption.
Fix an inability to use AES-GCM with crypto_openssl by changing IV
length to the standard value of 12.
[1] RFC4106, section "4. Nonce format" and "3.1. Initialization Vector"
https://tools.ietf.org/html/rfc4106
[2] NIST SP800-38D
https://csrc.nist.gov/publications/detail/sp/800-38d/final
Fixes: 0fbd75a99f ("cryptodev: move IV parameters to session")
Cc: stable@dpdk.org
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add tests for offload fallback feature; add inbound config modificator
SGW_CFG_XPRM_IN (offload fallback setting can be set only for inbound
SAs). Tests are using cryptodev for outbound SA.
To test fragmentation with QAT set:
MULTI_SEG_TEST="--reassemble=4096 --cryptodev_mask=0x5555"
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Bernard Iremonger <bernard.iremonger@intel.com>
Due to fragment loss on highly saturated links and long fragment
lifetime, ipsec-secgw application quickly runs out of free reassembly
buckets. As a result new fragments are being dropped.
Introduce --frag-ttl option which allow user to lower default fragment
lifetime which solves problem of saturated reassembly buckets with high
bandwidth fragmented traffic.
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Inline processing is limited to a specified subset of traffic. It is
often unable to handle more complicated situations, such as fragmented
traffic. When using inline processing such traffic is dropped.
Introduce fallback session for inline crypto processing allowing
handling packets that normally would be dropped. A fallback session is
configured by adding 'fallback' keyword with 'lookaside-none' parameter
to an SA configuration. Only 'inline-crypto-offload" as a primary
session and 'lookaside-none' as a fall-back session combination is
supported by this patch.
Fallback session feature is not available in the legacy mode.
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Bernard Iremonger <bernard.iremonger@intel.com>