Add new parser module which can parse a packet in binary
and generate information like ptype, protocol/offset pairs
and flags which can be used to feed the FXP profile creation
directly.
The patch added skeleton of the parser instance create and
destroy APIs:
ice_parser_create
ice_parser_destroy
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
Update ice_hw_autogen.h.
Remove duplicated one in ice_nvm.h.
Replace ICE_NVM_ACCESS_GL_HIBA_MAX with GL_HIBA_MAX_INDEX.
Signed-off-by: Scott W Taylor <scott.w.taylor@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
Add support for controlling SMA (SubMiniature version A) connectors
using GPIO get/set AQs.
Signed-off-by: Maciej Machnikowski <maciej.machnikowski@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
Add functions used by the driver for setting and getting the shared
driver parameters. These will be used by the driver in order to share
the PTP clock index identifier between PF drivers.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
Added the memory needed for the generic checksum offload (GCO)
feature, including the new flex descriptor ICE_RXDID_GSC.
Signed-off-by: Alice Michael <alice.michael@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
Add a helper function to check if the underlying part can
support 100M speeds.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
DDP package format is shared with different devices, for E810 device
we only support SEGMENT_TYPE_ICE_810.
Signed-off-by: Dan Nowlin <dan.nowlin@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
E810-T supports signed netlists and to support this, the NVM update
tool needs to be able to read the GL_MNG_DEF_DEVID register. Add
said register to the allowlist in ice_validate_nvm_rw_reg.
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
Change one of the input parameter (addr) in ice_read_cgu_reg_e822 and
ice_write_cgu_reg_e822 functions. This will avoid the shrink down
conversion from addr to cgu_msg.msg_addr_low.
Signed-off-by: Chinh T Cao <chinh.t.cao@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
Currently shared code API does not allow to set/unset lb_en
and lan_en flags for advanced rules during their creation.
Because of that we have to use a workaround in switchdev
which is to update rule immediately after its creation.
This change will allow us to set/unset those flags right
away.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
For some operating systems, 64-bit division requires using specific
implementations. Use the DIV_64BIT macro to replace open-coded division
so that the driver may convert this to the appropriate operating-system
specific implementation when necessary.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
In some devices, the function numbers used are non-contiguous. For
example, some two port devices will report as functions 0 and 2.
When distributing RSS and FDIR masks, which are global resources across
the active devices, it is required to have a contiguous PF id, which can
be described as a logical PF id. In the case above, function 0 would
have a logical PF id of 0, and function 2 would have a logical PF id of
1.
Using logical PF id can properly describe which slice of resources can
be used by a particular PF.
Cc: stable@dpdk.org
Signed-off-by: Dan Nowlin <dan.nowlin@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Junfeng Guo <junfeng.guo@intel.com>
Add missing initialisation of the accumulative SW xstat to
zero since it is sum of per-queue xstats.
Fixes: fdd7719eb3c1 ("net/sfc: add xstats for Rx/Tx doorbells")
Cc: stable@dpdk.org
Signed-off-by: Ivan Ilchenko <ivan.ilchenko@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
This patch defines new RSS offload types for IPv4 and
L4(TCP/UDP/SCTP) checksum, which are required when users want
to distribute packets based on the IPv4 or L4 checksum field.
For example "flow create 0 ingress pattern eth / ipv4 / end
actions rss types ipv4-chksum end queues end / end", this flow
causes all matching packets to be distributed to queues on
basis of IPv4 checksum.
Signed-off-by: Alvin Zhang <alvinx.zhang@intel.com>
Reviewed-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Acked-by: Aman Deep Singh <aman.deep.singh@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
If the bond device was created by vdev mode, the kvlist was not free
after the bond device was closed.
This patch fixes it.
Fixes: 144dc4739975 ("net/bonding: fix leak on remove")
Cc: stable@dpdk.org
Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
Acked-by: Min Hu (Connor) <humin29@huawei.com>
As per ABI policy, move the formerly experimental API's to the stable
section.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
As per ABI policy, move the formerly experimental API's to the stable
section.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
As per ABI policy, move the formerly experimental API's to the stable
section.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
As per ABI policy, move the formerly experimental API's to the stable
section.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
As per ABI policy, move the formerly experimental API's to the stable
section.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
As per ABI policy, move the formerly experimental API's to the stable
section.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
As per ABI policy, move the formerly experimental API's to the stable
section.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Add option to indicate whether outer header verification
need to be done as part of inbound IPsec processing.
With inline IPsec processing, SA lookup would be happening
in the Rx path of rte_ethdev. When rte_flow is configured to
support more than one SA, SPI would be used to lookup SA.
In such cases, additional verification would be required to
ensure duplicate SPIs are not getting processed in the inline path.
For lookaside cases, the same option can be used by application
to offload tunnel verification to the PMD.
These verifications would help in averting possible DoS attacks.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Soft expiry is not a mandatory IPsec feature. It is verified separately
with IPsec unit tests. So configuration of the same is not required.
Also, soft expiry tracking can cause perf degradation with some PMDs.
Since a separate UT is available and the same setting in ipsec-secgw is
not verifying the functionality, remove the same by clearing life
configuration.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Lifetime tracking is not supported by hardware and is not implemented in
software either. Return failure when lifetime is configured.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add support for SA lifetime configuration. Expiry can
be either in units of octets or packets.
Also, updated cryptodev dequeue path to update crypto op result to
indicate soft expiry.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add SA lifetime configuration to register soft and hard expiry limits.
Expiry can be in units of number of packets or bytes. Crypto op
status is also updated to include new field, aux_flags, which can be
used to indicate cases such as soft expiry in case of lookaside
protocol operations.
In case of soft expiry, the packets are successfully IPsec processed but
the soft expiry would indicate that SA needs to be reconfigured. For
inline protocol capable ethdev, this would result in an eth event while
for lookaside protocol capable cryptodev, this can be communicated via
`rte_crypto_op.aux_flags` field.
In case of hard expiry, the packets will not be IPsec processed and
would result in error.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Added outbound known vector test cases for IV generated
by app. The tests would be skipped on PMDs which do not
support IV provided by application.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Adding IV in SA in lookaside IPsec debug mode. It helps
to verify lookaside PMD using known outbound vectors in
lookaside autotest.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Enabled user to provide IV to be used per security
operation. This would be used with lookaside protocol
offload for comparing against known vectors.
By default, PMD would internally generate random IV.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Added tests to verify UDP encapsulation with IPsec.
The tests have IPsec packets generated from plain packets
and verifies that UDP header is added. Subsequently, the
packets are decapsulated and then resultant packet is
verified by comparing against original packet.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Added cases to verify IV generated by PMD for lookaside IPsec.
The tests compare IV generated for a batch of packets and ensures that
IV is not getting repeated in the batch.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Add negative test to validate IPsec inbound processing failure with ICV
corruption. The tests would first do IPsec encapsulation and corrupt
ICV of the generated IPsec packet. Then the packet is submitted to IPsec
outbound processing for decapsulation. Test case would validate that PMD
returns an error in such cases.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Add framework to test IPsec features with all supported
combinations of ciphers.
Combined mode tests are used to test all IPsec features against all
ciphers supported by the PMD. The framework is introduced to avoid
testing with any specific algo, thereby making it mandatory to be
supported. Also, testing with all supported combinations will help with
increasing coverage as well.
The tests would first do IPsec encapsulation and do sanity checks. Based
on flags, packet would be updated or additional checks are done,
followed by IPsec decapsulation. Since the encrypted packet is generated
by the test, known vectors are not required.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Fixes stack buffer overflow bug in compressdev autotest, which
was caused by the use of buf_idx in the debug logs. Originally, buf_idx
was treated as an array instead of the reference of an integer.
This was fixed by replacing the use of buf_idx[priv_data->orig_idx] with
the variable i.
Fixes: 466a2c4bb5f4 ("test/compress: improve debug logs")
Fixes: 6bbc5a923625 ("test/compress: refactor unit tests")
Cc: stable@dpdk.org
Signed-off-by: Rebecca Troy <rebecca.troy@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
The driver creates an indirect mkey per entry in the queue to manage the
crypto operation using the BSF fields.
The indirect mkeys were never released neither while error occurs in the
creation phase nor when the queue is released.
Clean the indirect mkeys in the above cases.
Fixes: c2a42d19d967 ("crypto/mlx5: add WQE set initialization")
Cc: stable@dpdk.org
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
The crypto QP consumer (ci) and producer (pi) indexes are increased
with each successful enqueue/dequeue operations.
However the QP pi index is calculated with a wraparound the number
of elements while the QP ci does not.
This is causing incorrect engine calculation for encqueued WQ values
(wq->pi - wq->ci) and eventually the device stops accepting new enqueue
operations.
Fixed by removing the wraparound on QP pi and using a temp calculation
where wraparound values are needed.
Fixes: 8e196c08ab53 ("crypto/mlx5: support enqueue/dequeue operations")
Cc: stable@dpdk.org
Signed-off-by: Tal Shnaiderman <talshn@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Replace pending queue with one that allows concurrent single producer and
single consumer. This relaxes the restriction of only allowing a single
lcore to operate on a given queue pair.
Signed-off-by: David George <david.george@sophos.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Documentation specifies that flow port & queue is provided as,
<...> port 0 queue 0
But code is expecting the same as,
<...> port 0 0
Fix the above to match documentation.
Fixes: 8e693616fcb2 ("examples/ipsec-secgw: enable flow based distribution")
Cc: stable@dpdk.org
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Added support for asymmetric crypto perf throughput test.
Only modex is supported for now.
One new optype has been added.
--optype modex
./dpdk-test-crypto-perf -c 0x3 -- --devtype crypto_cn9k --optype modex
--ptest throughput
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch fixes the PDCP short MAC-I test by removing them
from snow3g and kasumi test suite and move to PDCP test suite.
This is to prevent incorrect failure for crypto device not
support PDCP.
Fixes: c24489e479fd ("test/crypto: support PDCP short MAC-I")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Update mbuf.l2_len with L2 header size for outbound
inline processing.
This patch also fixes a bug in arg parsing.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Currently rte_security_set_pkt_metadata() and rte_security_get_userdata()
methods to set pkt metadata on Inline outbound and get userdata
after Inline inbound processing is always driver specific callbacks.
For drivers that do not have much to do in the callbacks but just
to update metadata in rte_security dynamic field and get userdata
from rte_security dynamic field, having to just to PMD specific
callback is costly per packet operation. This patch provides
a mechanism to do the same in inline function and avoid function
pointer jump if a driver supports the same.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Not all net PMD's/HW can parse packet and identify L2 header and
L3 header locations on Tx. This is inline with other Tx offloads
requirements such as L3 checksum, L4 checksum offload, etc,
where mbuf.l2_len, mbuf.l3_len etc, needs to be set for HW to be
able to generate checksum. Since Inline IPsec is also such a Tx
offload, some PMD's at least need mbuf.l2_len to be valid to
find L3 header and perform Outbound IPSec processing.
Hence, this patch updates documentation to enforce setting
mbuf.l2_len while setting PKT_TX_SEC_OFFLOAD in mbuf.ol_flags
for Inline IPsec Crypto / Protocol offload processing to
work on Tx.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
