Increase the internal limit for flow types from 32 to 64
to support future flow type extensions.
Change type of variables from uint32_t[] to uint64_t[]:
rte_eth_fdir_info.flow_types_mask
rte_eth_hash_global_conf.sym_hash_enable_mask
rte_eth_hash_global_conf.valid_bit_mask
This modification affects the following components:
net/i40e
net/ixgbe
app/testpmd
ABI versioning used to keep ABI stability.
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
With bonding, after sending sufficient ipv4 packets,
bond_ethdev_rx_burst_8023ad() no longer recognizes LACP packets
because the packet_type is set to RTE_PTYPE_L3_IPV4.
Ensure packet_type is reset for non-ipv4 packets in vmxnet3_rx_offload.
Signed-off-by: George Wilkie <george.wilkie@intl.att.com>
Acked-by: Shrikrishna Khare <skhare@vmware.com>
Move setting PCType after setting port's MAC type, which can resolve
the issue of PCType doesn't take effect on X722.
Fixes: a286ebeb07 ("net/i40e: add dynamic mapping of SW flow types to HW pctypes")
Cc: stable@dpdk.org
Signed-off-by: Rosen Xu <rosen.xu@intel.com>
Acked-by: Beilei Xing <beilei.xing@intel.com>
Current flag is in wrong byte order for i40e_aq_mac_address_write,
and just uses the well defined macro instead.
Fixes: e18e01e92c ("i40e: support default MAC address setting")
Cc: stable@dpdk.org
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Acked-by: Beilei Xing <beilei.xing@intel.com>
Add note about PMD expects the network interfaces provided to be up,
documented behavior to set expectations right.
Also added minor fix.
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
Ethdev Rx offloads API has changed since:
commit ce17eddefc ("ethdev: introduce Rx queue offloads API")
This commit adds support for the new Rx offloads API.
Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Ethdev Tx offloads API has changed since:
commit cba7f53b71 ("ethdev: introduce Tx queue offloads API")
This commit adds support for the new Tx offloads API.
Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Enabling hash results in FD requires setting DPNI_FLCTYPE_HASH in
dpni_set_offload API. Setting this FLCTYPE for DPNI sets the FD[SC]
to 0 for LS2 in the hardware thus disabling data/annotation stashing.
For LX2 this is fixed in hardware and thus hash result and parse
results can be received in FD using this option.
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch adds support for handling run-time driver arguments.
We have removed config option for per VF Tx switching and added
a run-time argument vf_txswitch. By default, the VF Tx switching is
enabled however it can be disabled using run-time argument.
Sample usage to disable per port VF Tx switching is something like...
-w 05:00.0,vf_txswitch=0 -w 05:00.1,vf_txswitch=0
Fixes: 1282943aa0 ("net/qede: fix default config option")
Cc: stable@dpdk.org
Signed-off-by: Rasesh Mody <rasesh.mody@cavium.com>
Some errors were seen with GCC 4.8 and 4.9.
It looks to be a bug fixed in GCC 5.
examples/eventdev_pipeline/pipeline_worker_generic.c:474:4: error:
missing initializer for field 'queue_id' of 'struct <anonymous>'
examples/eventdev_pipeline/pipeline_worker_generic.c:475:3: error:
missing initializer for field 'priority' of 'struct <anonymous>'
examples/eventdev_pipeline/pipeline_worker_tx.c:630:2: error:
missing initializer for field 'queue_id' of 'struct <anonymous>'
The workaround is to not use initializer statement,
but to use memset and standard assignment.
Fixes: 84dde5de10 ("examples/eventdev: support Rx adapter")
Fixes: fa8054c8c8 ("examples/eventdev: add thread safe Tx worker pipeline")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
After trying RSS and Queue also try End for flow action
to allow for HW that don't support flow features with
inline crypto.
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Two macros were defined in cryptodev, to serve the same
purpose: RTE_CRYPTODEV_NAME_LEN (in the config file) and
RTE_CRYPTODEV_NAME_MAX_LEN (in the rte_cryptodev.h file).
Since the second one is part of the external API,
the first one has been removed, avoiding duplications.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Tomasz Duszynski <tdu@semihalf.com>
SPI field is defined in the RFC2406 [1] as a big endian field it should be
provided in its final form to the drivers through RTE flow.
[1] https://tools.ietf.org/html/rfc2406
Fixes: ec17993a14 ("examples/ipsec-secgw: support security offload")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
ESP header is defined in the RFC2406 [1] as Big Endian fields it should use
the corresponding types in DPDK as well.
[1] https://tools.ietf.org/html/rfc2406
Fixes: d4b684f719 ("net: add ESP header to generic flow steering")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Mellanox INNOVA NIC needs to have final target queue actions to perform
inline crypto.
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Generic flow API have both direction bits, ingress and egress for rules
which may work on both sides.
Fixes: ec17993a14 ("examples/ipsec-secgw: support security offload")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
IPSec application is using index 0 of SA table as error,
with current value of IPSEC_SA_MAX_ENTRIES(128) it can
not support SA with spi = 128, as it uses sa_idx = 0
in the SA table.
With this patch, sa_idx = 0 can also be used.
PS: spi = 0 is an invalid SPI and application throws error
for it.
Fixes: d299106e8e ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Since the processing of crypto operations may take time
due to hardware offload, all the packets may not be available
in the single dequeue command.
So it may happen that there is leakage of cops, and there is
nobody to dequeue the packets because dequeue of crypto ops is
done only once for a particular queue pair even if it has more
packets in flight.
This patch dequeue the packets again if the inflight packets are
more than the max packet burst.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
When TTL is decremented or ecn is updated in IP header
before forwarding the packet, checksum needs to be updated.
In this patch an incremental checksum is added for ipv4 case.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Packet_type should be updated to remove/add L4 type for
encrypted/decrypted packet
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Context memory is allocated from mempool. Ideally
it will get all memory from single segment, so simple offset
calculation is used for address conversion for such addresses
from context memory.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Previously, ipsec-secgw application did not give user the
flexibility to decide which crypto device(s) will be used.
In this patch, a new cryptodev_mask option is added to the
application. Same as portmask, the cryptodev_mask avails the
user to mask out the unwanted crypto devices in the system.
This patch is similar to the support added in l2fwd-crypto
(d2797f51cc: examples/l2fwd-crypto: add cryptodev mask option)
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Adding support for inline protocol processing
In ingress side, application will receive regular IP packets, without
any IPsec related info. Application will do a selector check (SP-SA
check) by making use of the metadata from the packet. The
device-specific metadata in mbuf would aid in determing the security
session which processed the packet.
In egress side, the plain packet would be submitted to the driver. The
packet will have optional metadata, which could be used to identify the
security session associated with the packet.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
In case of inline protocol processed ingress traffic, the packet may not
have enough information to determine the security parameters with which
the packet was processed. In such cases, application could get metadata
from the packet which could be used to identify the security parameters
with which the packet was processed.
Application could register "userdata" with the security session, and
this could be retrieved from the metadata of inline processed packets.
The metadata returned by "rte_security_get_pkt_metadata()" will be
device specific. Also the driver is expected to return the application
registered "userdata" as is, without any modifications.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for IMIX performance tests, where a distribution
of various packet sizes can be submitted to a crypto
device, testing a closer to a real world scenario.
A sequence of packet sizes, selected randomly from a list of packet
sizes (with "buffer-sz" parameter) with a list of the weights
per packet size (using "imix" parameter), is generated
(the length of this sequence is the same length as the pool,
set with "pool-sz" parameter).
This sequence is used repeteadly for all the crypto
operations submitted to the crypto device (with "--total-ops" parameter).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
qp_detach_session function was using the attach_session_t
function prototype, instead of detach_session_t.
Since both of them have the same parameters, there were
no compilation issues, but it is not consistent.
Fixes: d816fdea55 ("cryptodev: add API to associate session with queue pair")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
CPU flag AVX512 was added in a previous release,
but it was not added in the list of strings.
Fixes: 84d7965866 ("crypto/aesni_mb: support AVX512")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
enum should be initialized with 1 so that unitialized(memset)
memory may not be treated as a valid enum value.
Fixes: c261d1431b ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
/x86_64-native-linuxapp-gcc/include/rte_security.h:229:8:
error: struct has no members [-Werror=pedantic]
struct rte_security_macsec_xform {
^~~~~~~~~~~~~~~~~~~~~~~~~
/x86_64-native-linuxapp-gcc/include/rte_security.h:453:3:
error: struct has no members [-Werror=pedantic]
struct {
^~~~~~
Fixes: c261d1431b ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
/x86_64-native-linuxapp-gcc/include/rte_crypto.h:126:28:
error: ISO C forbids zero-size array ‘sym’ [-Werror=pedantic]
struct rte_crypto_sym_op sym[0];
^~~
Zero-size array is an extension to the language it cannot be replaced by a
empty size array i.e. [] because structure is inside a union.
Fixes: d2a4223c4c ("cryptodev: do not store pointer to op specific params")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Device operation pointers should be constant to avoid any modification
while it is in use.
Fixes: c261d1431b ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
IPSec Multi-buffer library v0.48 has been released,
which includes, among other features, support for AES-CCM.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
When security offload is enabled, the packet should be forwarded on the
port configured in the SA. Security session will be configured on that
port only, and sending the packet on other ports could result in
unencrypted packets being sent out.
This would have performance improvements too, as the per packet LPM
lookup would be avoided for IPsec packets, in inline mode.
Fixes: ec17993a14 ("examples/ipsec-secgw: support security offload")
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
time() is defined in time.h
Fixes: ffbe3be0d4 ("app/test: add libcrypto")
Cc: stable@dpdk.org
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
