Change the order of operations for esp inbound post-process:
- read mbuf metadata and esp tail first for all packets in the burst
first to minimize stalls due to load latency.
- move code that is common for both transport and tunnel modes into
separate functions to reduce code duplication.
- add extra check for packet consitency
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Right now check for packet length and padding is done inside cop_prepare().
It makes sense to have all necessary checks in one place at early stage:
inside pkt_prepare().
That allows to simplify (and later hopefully) optimize cop_prepare() part.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
sa.c becomes too big, so decided to split it into 3 chunks:
- sa.c - control path related functions (init/fini, etc.)
- esp_inb.c - ESP inbound packet processing
- esp_outb.c - ESP outbound packet processing
Plus few changes in internal function names to follow the same
code convention.
No functional changes introduced.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
As was pointed in one of previous reviews - we can avoid updating
contents of mbuf array for successfully processed packets.
Instead store indexes of failed packets, to move them beyond the good
ones later.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Right now we first fill crypto_sym_op part of crypto_op,
then in a separate cycle we fill crypto op fields.
It makes more sense to fill whole crypto-op in one go instead.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Operations to set/update bit-fields often cause compilers
to generate suboptimal code. To avoid such negative effect,
use tx_offload raw value and mask to update l2_len and l3_len
fields within mbufs.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Operations to set/update bit-fields often cause compilers
to generate suboptimal code.
To help avoid such situation for tx_offload fields:
introduce new enum for tx_offload bit-fields lengths and offsets,
and new function to generate raw tx_offload value.
Add new test-case into UT for introduced function.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Currently, compress-perf doesn't respect incompressible
data inside one operation.
This patch adds such a functionality. Now the output buffer
in one operation is big enough to store such a data after
compression. Also added segment size checking to pass
values in right range.
Signed-off-by: Tomasz Jozwiak <tomaszx.jozwiak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds query about CPU features
Fixes: 53a9baa98c36 ("compress/isal: add basic PMD ops")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Cel <tomaszx.cel@intel.com>
Acked-by: Lee Daly <lee.daly@intel.com>
This patch assigns QAT queue pair resources to the correct NUMA nodes.
Any DMA'able memory should use NUMA node of QAT device
rather than socket_id of the initializing process.
Fixes: 98c4a35c736f ("crypto/qat: move common qat files to common dir")
Fixes: a795248d740b ("compress/qat: add configure and clear functions")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Jozwiak <tomaszx.jozwiak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch will change the operation status when ISA-L returns because
of a recoverable out of space error, rather than a just generic fail.
Signed-off-by: Lee Daly <lee.daly@intel.com>
Tested-by: Tomasz Cel <tomaszx.cel@intel.com>
crypto pmds are queried to check if Sign and Decrypt
with CRT keys or exponent is supported, thus call
operation with relevant key type.
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
openssl PMD support RSA private key operation
using both qt and exp key type.
Set rsa key type feature flag
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add feature flag to reflect RSA private key
operation support using quintuple (crt) or
exponent type key. if PMD support both,
then it should set both.
App should query cryptodev feature flag to check
if Sign and Decryt with CRT keys or exponent is
supported, thus call operation with relevant
key type.
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
- fle pool allocations should be done for each process.
- cryptodev->data is shared across muliple processes but
cryptodev itself is allocated for each process. So any
information which needs to be shared between processes,
should be kept in cryptodev->data.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
session inq and qp are assigned for each core from which the
packets arrive. This was not correctly handled while supporting
multiple sessions per queue pair.
This patch fixes the attach and detach of queues for each core.
Fixes: e79416d10fa3 ("crypto/dpaa_sec: support multiple sessions per queue pair")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
SEC HW descriptor sharing mode can now be controlled
during Session preparation by the respective drivers
shared descriptors in case of non-protocol offload does not need
any sync between the subsequent jobs. Thus, changing it to
SHR_NEVER from SHR_SERIAL for cipher_only, auth_only, and gcm.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
In case of gcm, output buffer should have aad space
before the actual buffer which needs to be written.
CAAM will not write into the aad anything, it will skip
auth_only_len (aad) and write the buffer afterwards.
Fixes: 37f96eb01bce ("crypto/dpaa2_sec: support scatter gather")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
private data should be cleared instead of the complete session
Fixes: 8d1f3a5d751b ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds dynamic SGL allocation instead of static one.
The number of element in SGL can be adjusted in each operation
depend of the request.
Signed-off-by: Tomasz Jozwiak <tomaszx.jozwiak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
As stated in 19.02 deprecation notice, this patch updates the
aesni_mb PMD to remove the support of older Intel-ipsec-mb
library version earlier than 0.52.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch updates the unit test to enable AESNI-MB PMD
out-of-place tests. A special test type that swap both
the source and destination buffer is added for a more
comprehensive test set to take place.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Add out-of-place processing, i.e. different source and
destination m_bufs, plus related capability update, tests
and documentation.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Paul Luse <paul.e.luse@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds new test structure for modexp
and modinv for asymmetric cryptography.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This commit adds modular multiplicative inverse to Intel
QuickAssist Technology driver. For capabilities or limitations
please refer to qat.rst or qat_asym_capabilities.h.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This commit adds modular exponentiation to Intel QuickAssist
Technology driver. For capabilities or limitations please refer to
qat.rst or qat_asym_capabilities.h.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds Poll Mode Driver for asymmetric crypto
functions of Intel QuickAssist Technology hardware.
It contains plain driver with no functions implemented, specific
algorithms will be introduced in separate patches.
This patch depends on a QAT PF driver for device initialization. See
the file docs/guides/cryptodevs/qat.rst for configuration details.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This commit adds headers to be used in conjunction with asymmetric
cryptography operations using Intel QuickAssist Technology driver
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Add test case for encryption, decryption for snow3g when digest
is encrypted
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Add new field ff_disable in rte_cryptodev_config. This enables
applications to control the features enabled on the crypto device.
Proposed new layout:
/** Crypto device configuration structure */
struct rte_cryptodev_config {
int socket_id; /**< Socket to allocate resources on */
uint16_t nb_queue_pairs;
/**< Number of queue pairs to configure on device */
+ uint64_t ff_disable;
+ /**< Feature flags to be disabled. Only the following features are
+ * allowed to be disabled,
+ * - RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO
+ * - RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO
+ * - RTE_CRYTPODEV_FF_SECURITY
+ */
};
For eth devices, rte_eth_conf.rx_mode.offloads and
rte_eth_conf.tx_mode.offloads fields are used by applications to
control the offloads enabled on the eth device. This proposal adds a
similar ability for the crypto device.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used.
Fixes: 2a9c83ae3b ("test/eventdev: add multi-ports test")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Add option to provide a global dequeue timeout that is used to create
the eventdev.
The dequeue timeout provided will be common across all the worker
ports. If the eventdev hardware supports power management through
dequeue timeout then this option can be used for verifying power
demands at various packet rates.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
This patch fixes a number of instances of the same return
value mis-check, where previously we checked for a negative
return value as error, however the API returns an unsigned
integer, so these return value checks are invalid.
The rte_event_enqueue_burst() API returns the number of
events enqueued, so in order to identify the error case,
we must check for != the number of intended enqueues.
Fixes: cd1a9e3eab55 ("test/eventdev: add SW tests for load balancing")
Cc: stable@dpdk.org
Signed-off-by: Harry van Haaren <harry.van.haaren@intel.com>
Check if eventdev is open system eventdevs i.e. max_num_events = -1
before asserting.
Allow event timer adapter to adjust the resolution using
RTE_EVENT_TIMER_ADAPTER_F_ADJUST_RES and re-calculate timeout ticks
based on the adjusted resolution.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Erik Gabriel Carrillo <erik.g.carrillo@intel.com>
Check if timer adapter is already started before starting it.
Update the unit test accordingly.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Erik Gabriel Carrillo <erik.g.carrillo@intel.com>
baremetal execution environments may have a different
method to enable RTE_INIT instead of using compiler
constructor and/or OS specific linker scheme.
Allow an option to override RTE_INIT* macros using
rte_os.h or appropriate header file.
Signed-off-by: Jerin Jacob <jerinj@marvell.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
This operation can be used for non-blocking algorithms, such as a
non-blocking stack or ring.
It is available only for x86_64.
Signed-off-by: Gage Eads <gage.eads@intel.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
Add unit test to check for hash lookup and bulk-lookup perf for
extendable bucket feature.
It is tested with both lock-free enabled and lock-free disabled case.
Test includes:
- hash lookup on keys in ext bkt
- hash delete causing key-shifts of keys from ext bkt to secondary bkt
Suggested-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
Signed-off-by: Dharmik Thakkar <dharmik.thakkar@arm.com>
Acked-by: Yipeng Wang <yipeng1.wang@intel.com>
The commit below added an address hint as starting address for 64-bit
systems in case an explicit base virtual address was not set by the user.
The justification for such hint was to help devices that work in VA
mode and has a address range limitation to work smoothly with the eal
memory subsystem.
While the base address value selected may work fine for the eal
initialization, it easily breaks when trying to register external memory
using rte_extmem_register API.
Trying to register anonymous memory on RH x86_64 machine took several
minutes, during them the function eal_get_virtual_area repeatedly
scanned for a good VA candidate.
The attempt to guess which VA address will be free for mapping will
always result in not portable, error prone code:
* different application may use different libraries along w/ DPDK. One
can never guess which library was called first and how much virtual
memory it consumed.
* external memory can be registered at any time in the application run
time.
In order not to break the existing secondary process design, this patch
only limits the max number of tries that will be done with the
address hint.
When the number of tries exceeds the threshold the code
will use the suggested address from kernel.
Fixes: 1df21702873d ("mem: use address hint for mapping hugepages")
Cc: stable@dpdk.org
Signed-off-by: Shahaf Shuler <shahafs@mellanox.com>
Tested-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>
Log message should end with newline.
Fixes: 4e32101f9b01 ("ring: support freeing")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Rami Rosen <ramirose@gmail.com>
The hexdump code obviously came from somewhere else originally.
It is not formatted according to DPDK coding style.
Also, drop the comment which is not useful the docbock comment
is already in the rte_hexdump.h
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The divisor is not modified here. Doesn't really matter for optimizaton
since the function is inline already; but helps with expressing
intent.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
