If the crypto operation pool size is too small,
the pool might run out of operations, if all the crypto operations
are still being used and have not been freed.
To inform the user about this, the application should display
an error message, asking the user to increase the pool size
through the app parameters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Documentation of some virtual crypto PMDs have a sample command line
to show how to initialize the device on a specific application,
L2fwd-crypto.
This was meant to be used as a reference, but these lines themselves
do not work, as the sample application used required more parameters,
which are added in this commit to have a fully functional example.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
The function rte_cryptodev_create_vdev is an alias
for rte_vdev_init() which is scheduled to move out of the
rte_eal library. Lets deprecate this function to be able to
remove it from the cryptodev library in 17.11.
Signed-off-by: Jan Blunck <jblunck@infradead.org>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
When calling rte_crypto_op_bulk_alloc, the function may
return either a 0, if not enough objects are available
in the mempool or the number of operations requested,
it there are enough available. However, the Doxygen comments
were not matching these two cases.
Fixes: c0f87eb525 ("cryptodev: change burst API to be crypto op oriented")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
L2fwd-crypto app was modified with various changes
in its code. The application user guide contains
some code snippets that needed to be updated.
Fixes: 2661f4fbe9 ("examples/l2fwd-crypto: add AEAD parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
When calling rte_cryptodev_sym_session_init(),
if there was an error, it returned -1, instead
of returning the specific error code, which can
be valuable for the application for error handling.
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Block size of SHA384-HMAC algorithm is 128 bytes,
and not 64 bytes.
Fixes: d905ee32d0 ("crypto/qat: add aes-sha384-hmac capability")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: 26c2e4ad5a ("cryptodev: add capabilities discovery")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: 26c2e4ad5a ("cryptodev: add capabilities discovery")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: 623326dded ("crypto/dpaa2_sec: introduce poll mode driver")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
A new version of the LibSSO ZUC library has been released.
This version includes shared library support and bug fixes.
This commit extends the instructions to install and initialize
the PMD with the new library, enabling also the PMD to be
compiled as a shared library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Commit 8a04cb6125 ("pci: set default numa node for broken systems")
added logic to default to NUMA node 0 when sysfs numa_node information
was wrong or not available.
Unfortunately there are many devices with wrong NUMA node information
that DPDK does not care about but still show warnings for them.
Instead, only check for invalid NUMA node information for devices
managed by the DPDK.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
The _rte_eth_dev_callback_process function has been modified.
The return value has been changed form void to int and an
extra parameter "void *ret_param" has been added.
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
APP_MAX_LCORES is hardcoded as 64.
This will cause build err when RTE_MAX_LCORE is less then 64.
"args.c:127:22: error: iteration 8 invokes undefined behavior
[-Werror=aggressive-loop-optimizations]
if (cfg->lcore_role[i] == ROLE_RTE)
~~~~~~~~~~~~~~~^~~
args.c:126:2: note: within this loop
for (i = 0; i < APP_MAX_LCORE; i++) {"
Fixes: d52b5e735a ("examples/qos_sched: fix lcore limit")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
load_balancer app can also work for lower number of cores.
Limit the cores Worker and IO cores to 16 as defined in original
App. Otherwise use the actual number of lcores as MAX.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
when creating a bond device in testpmd, a name for a device must meet
the correct convention described in the documentation:
The device name must start with the net_bonding prefix
followed by numbers or letters.
Change for ALB mempool allocation - mem_name was too long.
Fixes: 9bf4901d1a ("bus/vdev: remove probe with driver name option")
Cc: stable@dpdk.org
Signed-off-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>
Reviewed-by: Jingjing Wu <jingjing.wu@intel.com>
The dpaa2_bp_list is being allocated using "rte_malloc",
but the free is done using "free". Fixing it to use
"rte_free".
Fixes: 5dc43d22b5 ("mempool/dpaa2: add hardware offloaded mempool")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Reviewed-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
In case the alloc api is not able to allocate the required
number of buffer, it can return '0', which will not indicate
the failure to the calling function.
This patch fix the return value to indicate the failure.
Fixes: 5dc43d22b5 ("mempool/dpaa2: add hardware offloaded mempool")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Reviewed-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
In order to support multiprocess applications, pool data is to be
allocated on dynamic memory instead of existing usages of global
variable.
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
There were mising :: so file was parsed in wrong way
Fixes: c735b831b0 ("app/testpmd: add cmd for dedicated LACP Rx/Tx queues")
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Set UIO info device file operations open and release. Call pci reset
function inside open and release to clear device state at start and end.
Copied this behaviour from vfio_pci kernel module code. With this patch,
it is not mandatory to issue FLR by PMD's during init and close.
Bus master enable and disable are added in open and release respectively
to take care of device DMA.
Signed-off-by: Shijith Thotton <shijith.thotton@caviumnetworks.com>
Reviewed-by: Jianfeng Tan <jianfeng.tan@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Gregory Etelson <gregory@weka.io>
While matching user input against a token name or any other fixed string,
comparison stops at the end of user input if shorter (e.g. "foo" matches
token name "foobar").
Although the unintended consequence of this behavior allows users to
abbreviate command names and various parameters yet generate valid
commands, the parser was not designed to support this and does not prevent
ambiguous tokens.
For instance, entering "i" for a pattern item matches "ipv4", "ipv6" and
"icmp" then defaults to one of them in an unspecified manner.
Prevent this behavior by taking the length of fixed strings into account.
Fixes: 19c90af628 ("app/testpmd: add flow command")
Fixes: 5ac3502ed1 ("app/testpmd: add flow query command")
Fixes: abc3d81aca ("app/testpmd: add item raw to flow command")
Fixes: 05d34c6e9d ("app/testpmd: add queue actions to flow command")
Cc: stable@dpdk.org
Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Support for dynamic tokens was added in order to implement the flow command
in testpmd, for which static tokens were not versatile enough due to the
large number of possible parameter combinations.
However, due to its reliance on a temporary array to store dynamic tokens,
this interface suffers from various limitations that need to be addressed
in order to implement more commands in the future:
- The maximum number of dynamic tokens is determined at compilation time
(CMDLINE_PARSE_DYNAMIC_TOKENS). The larger this value, the more stack
space is wasted (one pointer per potential token, i.e. 1kB of stack space
on 64-bit architectures with the default value).
- This temporary array is actually a cache in which entries already present
are not regenerated. This behavior is not documented, which makes dynamic
tokens practically unusable by applications as they do not know which
token is current.
- The cache does not really reduce the number of function calls needed to
retrieve tokens, it was mainly deemed useful to provide context about
other tokens to the generator callback.
- Like testpmd, most users will likely use repeated pointers to a fixed
token header structure (cmdline_token_hdr_t), with internal context-aware
callbacks that do not need to look at other entries; knowing the index of
the current token is enough.
Getting rid of the temporary array and properly documenting usage of the
token generator callback greatly simplifies this interface.
Fixes: 4fffc05a2b ("cmdline: support dynamic tokens")
Fixes: 19c90af628 ("app/testpmd: add flow command")
Cc: stable@dpdk.org
Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
To avoid redundant calls to the token-generating function and provide it
with helpful context, a temporary fixed-size array allocated on the stack
of cmdline_parse() and cmdline_complete() keeps the address of preceding
tokens for the command instance being processed (cmdline_parse_inst_t).
Like the static tokens array in cmdline_parse_inst_t, it must be
NULL-terminated, however this is not properly enforced as it is initialized
once at the beginning of each function and a NULL terminator is never
appended once replaced with generated tokens.
When several commands rely on dynamic tokens, subsequent ones inherit an
already initialized array whose tokens are not regenerated, which causes
various issues such as mixed and repeated tokens from the first command.
Enforcing NULL termination of the dynamic tokens array and reinitializing
its first entry at each iteration solves these issues. Doing so is also
less expensive than a full memset() at each iteration.
Fixes: 4fffc05a2b ("cmdline: support dynamic tokens")
Cc: stable@dpdk.org
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
ctype.h is not compilable in BSD 10 on GCC 4.8 in C11 mode.
CC failsafe.o
In file included from /usr/include/_ctype.h:94:0,
from /usr/include/ctype.h:46,
from /root/dpdk.org/build/include/rte_common.h:50,
from /root/dpdk.org/build/include/rte_memory.h:57,
from /root/dpdk.org/build/include/rte_malloc.h:45,
from /root/dpdk.org/drivers/net/failsafe/failsafe.c:35:
/usr/include/runetype.h:92:22: error: expected '=', ',', ';', 'asm' or
'__attribute__' before 'const'
extern _Thread_local const _RuneLocale *_ThreadRuneLocale;
^
/usr/include/runetype.h: In function '__getCurrentRuneLocale':
/usr/include/runetype.h:96:6: error: '_ThreadRuneLocale' undeclareds
(first use in this function)
if (_ThreadRuneLocale)
^
The fix is to put GCC in gnu99 mode instead.
Fixes: a46f8d584e ("net/failsafe: add fail-safe PMD")
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
This patch adds a new option to enable/disable the
MAC addresses updating done at forwarding time: --[no-]mac-updating
By default, MAC address updating remains enabled, to keep consistency
with previous usage.
Signed-off-by: Kuba Kozak <kubax.kozak@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Operations can be dequeued from the reordering ring only after they
were dequeued from the crypto pmd with rte_cryptodev_dequeue_burst()
function. It is not correct to dequeue them when status just changed
from RTE_CRYPTO_OP_STATUS_NOT_PROCESSED to any other value, as the
operations still can be processed by crypto pmd internally.
Now multicore scheduler workers mark status of all dequeued from
crypto pmd operations with CRYPTO_OP_STATUS_BIT_COMPLETE bit set.
Scheduler will dequeue crypto operations from reordering ring only
when this status bit is set. Prior to put this operation to output
buffer, scheduler clears this bit, so the application gets
unmodified status from crypto pmd.
Fixes: 4c07e0552f ("crypto/scheduler: add multicore scheduling mode")
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Crypto operation status RTE_CRYPTO_OP_STATUS_ENQUEUED is removed
from rte_crypto.h as it is not needed for crypto operation processing.
This status value is redundant to RTE_CRYPTO_OP_STATUS_NOT_PROCESSED value
and it was not intended to be part of public API.
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
When creating a session, if there is a failure when
setting some of the parameters, QAT was not propagating
the error to the session initialization function.
Therefore, it was reporting a success, when it should
be report a failure.
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Call of rte_cryptodev_stop() function from test destructors
is added.
Fixes: f8be1786b1 ("app/crypto-perf: introduce performance test application")
Cc: stable@dpdk.org
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
AEAD key was being set using the cipher key parameters,
instead of the AEAD key parameters.
Fixes: 2661f4fbe9 ("examples/l2fwd-crypto: add AEAD parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
IV was not being set for AEAD algorithms.
Fixes: 2661f4fbe9 ("examples/l2fwd-crypto: add AEAD parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Digest length was not being set when using authentication
algorithms.
Fixes: 2661f4fbe9 ("examples/l2fwd-crypto: add AEAD parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The corelist parameter for the multi-core scheduling mode
needed some extra explanation on how to use it.
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
IV was positioned differently in authentication
transform structure, compared to the other two
transforms (cipher and AEAD).
To keep consistency, digest length is moved to
the end of the transform.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Additional Authenticated Data (AAD) is called "aad" in most
places of cryptodev, but it was called "add_auth_data"
in the AEAD transform transform (aead_xform).
This field is renamed to "aad_length" in order to keep
consistency.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Crypto keys and digests are not expected
to be big, so using a uint16_t to store
their lengths should be enough.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Older generations of QuickAssist hardware
may not support all algorithms supported by newer
generations. When sessions were specific to the device
this only needed to be handled on session creation.
With device-agnostic sessions, a session created
for a newer device may get routed to an older device which
can't support it.
This patch adds an enum to define QAT device generations
and uses this to detect and handle the above case on the
data path.
It also renames the capabilities structures and #defines
to match the generation names and adds the generation
to the device table in the documentation.
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
In the unlikely scenario that an application
calls rte_cryptodev_dequeue_burst with nb_ops = 0,
there was a job leak, as a job would be created
but would not be populated, as no operation is passed.
Fixes: 0f548b50a1 ("crypto/aesni_mb: process crypto op on dequeue")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
For KASUMI F9 algorithm, COUNT, FRESH and DIRECTION
input values need to be contiguous with
the message, as described in the KASUMI and QAT PMD
documentation.
Before, the COUNT and FRESH values were set
as part of the AAD (now IV), but always set before
the beginning of the message.
Since now the IV is set after the crypto operation,
it is not possible to have these values in the
expected location.
Therefore, as these are required to be contiguous,
cryptodev API will expect these them to be passed
as a single buffer, already constructed, so
authentication IV parameters not needed anymore.
Fixes: 681f540da5 ("cryptodev: do not use AAD in wireless algorithms")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
SNOW3G and KASUMI SW libraries encrypt buffers
assuming that they are padded to a specific block size.
This behaviour can be changed to avoid buffer overflow,
by modifying the Makefile of these libraries.
Therefore, the Installation section in the SNOW3G and
KASUMI documentation has been extended, to document
this case.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
