Commit Graph

101 Commits

Author SHA1 Message Date
Reshma Pattan
ae943ebe1e examples/ipsec-secgw: replace strncpy with strlcpy
Use strlcpy instead of strncpy.
Use strcpy where boundchecks on destination is not needed.

Fixes: 0d547ed037 ("examples/ipsec-secgw: support configuration file")
Fixes: 07b156199f ("examples/ipsec-secgw: fix configuration string termination")
Fixes: a1469c319f ("examples/ipsec-secgw: fix configuration parsing")
Cc: stable@dpdk.org

Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-05-13 23:54:28 +02:00
Radu Nicolau
833e36b870 examples/ipsec-secgw: limit inflight packets count
Revert previous patch that introduce a performance
degradation in certain scenarios and add a configurable
limit for number inflight packets.

Revert
commit 84d4b5e4ec ("examples/ipsec-secgw: improve IPsec dequeue logic")
Cc: stable@dpdk.org

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-05-10 17:46:20 +01:00
Adrien Mazarguil
ac8d22de23 ethdev: flatten RSS configuration in flow API
Since its inception, the rte_flow RSS action has been relying in part on
external struct rte_eth_rss_conf for compatibility with the legacy RSS API.
This structure lacks parameters such as the hash algorithm to use, and more
recently, a method to tell which layer RSS should be performed on [1].

Given struct rte_eth_rss_conf will never be flexible enough to represent a
complete RSS configuration (e.g. RETA table), this patch supersedes it by
extending the rte_flow RSS action directly.

A subsequent patch will add a field to use a non-default RSS hash
algorithm. To that end, a field named "types" replaces the field formerly
known as "rss_hf" and standing for "RSS hash functions" as it was
confusing. Actual RSS hash function types are defined by enum
rte_eth_hash_function.

This patch updates all PMDs and example applications accordingly.

It breaks ABI compatibility for the following public functions:

- rte_flow_copy()
- rte_flow_create()
- rte_flow_query()
- rte_flow_validate()

[1] commit 676b605182 ("doc: announce ethdev API change for RSS
    configuration")

Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
2018-04-27 18:00:53 +01:00
Adrien Mazarguil
19b3bc47c6 ethdev: fix C99 flexible arrays from flow API
This patch replaces C99-style flexible arrays in struct rte_flow_action_rss
and struct rte_flow_item_raw with standard pointers to the same data.

They proved difficult to use in the field (e.g. no possibility of static
initialization) and unsuitable for C++ applications.

Affected PMDs and examples are updated accordingly.

This breaks ABI compatibility for the following public functions:

- rte_flow_copy()
- rte_flow_create()
- rte_flow_query()
- rte_flow_validate()

Fixes: b1a4b4cbc0 ("ethdev: introduce generic flow API")

Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
2018-04-27 18:00:53 +01:00
Anoob Joseph
fa4de2cc4c examples/ipsec-secgw: handle ESN soft limit event
For inline protocol processing, the PMD/device is required to maintain
the ESN. But the application is required to monitor ESN overflow to
initiate SA expiry.

For such cases, application would set the ESN soft limit. An IPsec event
would be raised by rte_eth_event framework, when ESN hits the soft limit
set by the application.

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-04-23 18:20:10 +01:00
Anoob Joseph
ae43ebbe93 examples/ipsec-secgw: fix usage print
The usage print was not updated when jumbo frames & crypto_dev mask
support was added. Fixing that. Also, the optional arguments were not
properly highlighted in the usage header. This is also fixed.

General cleanup of the usage print was also done to make it look more
cleaner and similar to what is existing in other applications like
l3fwd.

Fixes: bbabfe6e4e ("examples/ipsec_secgw: support jumbo frames")
Fixes: 2c68fe7915 ("examples/ipsec-secgw: add cryptodev mask option")
Fixes: d299106e8e ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-04-23 18:20:10 +01:00
Anoob Joseph
c52273503c examples/ipsec-secgw: remove redundant string compare
Removing redundant strncmp in parsing long arguments. The getopt library
provides means to identify long options using the "val" field of
structure option. The existing code gets 0 as "val" for all long
arguments and then uses strncmp to figure out which long option was
being referred to. Fixing this.

In addition, the macros and enums used for long arguments have been
renamed and repositioned adhering to the general convention followed in
various other apps, like l3fwd.

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-04-23 17:01:50 +01:00
Thomas Monjalon
a9dbe18022 fix ethdev port id validation
Some DPDK applications wrongly assume these requirements:
    - no hotplug, i.e. ports are never detached
    - all allocated ports are available to the application

Such application assume a valid port index is in the range [0..count[.

There are three consequences when using such wrong design:
    - new ports having an index higher than the port count won't be valid
    - old ports being detached (RTE_ETH_DEV_UNUSED) can be valid

Such mistake will be less common with growing hotplug awareness.
All applications and examples inside this repository - except testpmd -
must be fixed to use the function rte_eth_dev_is_valid_port.

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
2018-04-18 00:37:05 +02:00
Thomas Monjalon
8728ccf376 fix ethdev ports enumeration
Some DPDK applications wrongly assume these requirements:
    - no hotplug, i.e. ports are never detached
    - all allocated ports are available to the application

Such application iterates over ports by its own mean.
The most common pattern is to request the port count and
assume ports with index in the range [0..count[ can be used.

There are three consequences when using such wrong design:
    - new ports having an index higher than the port count won't be seen
    - old ports being detached (RTE_ETH_DEV_UNUSED) can be seen as ghosts
    - failsafe sub-devices (RTE_ETH_DEV_DEFERRED) will be seen by the application

Such mistake will be less common with growing hotplug awareness.
All applications and examples inside this repository - except testpmd -
must be fixed to use the iterator RTE_ETH_FOREACH_DEV.

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
2018-04-18 00:25:27 +02:00
Radu Nicolau
63f6da4d0a examples/ipsec-secgw: fix printed crypto name
When AES-256 was used aes-128 was printed in the console

Fixes: fa9088849e ("examples/ipsec-secgw: support AES 256")

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
2018-02-13 23:21:33 +01:00
Anoob Joseph
fa9088849e examples/ipsec-secgw: support AES 256
Adding support for AES 256 algorithm in ipsec-secgw application

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-02-08 22:31:17 +01:00
Kevin Laatz
867a6c66ec examples: increase default ring sizes to 1024
Increase the default RX/TX ring sizes to 1024/1024 to
accommodate for NICs with higher throughput (25G, 40G etc)

Signed-off-by: Kevin Laatz <kevin.laatz@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
2018-02-01 00:10:42 +01:00
Bruce Richardson
6c9457c279 build: replace license text with SPDX tag
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: Luca Boccassi <bluca@debian.org>
2018-01-30 21:58:59 +01:00
Bruce Richardson
1842d194c9 examples: enable linking both static and shared
Since the DPDK build now includes both static and shared libraries, we need
a new way to enable building the examples using either method from the one
installation. To do this, we add in a default "shared" target, and a
separate "static" target which links in the DPDK static libraries. In both
cases, the final application name is symlinked to the last-built static or
shared target, with both binaries able to co-exist in the build directory.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
2018-01-30 21:58:59 +01:00
Bruce Richardson
22119c4591 examples: use pkg-config in makefiles
Change the example app Makefiles to query if DPDK is installed and
registered using pkg-config. If so, build directly using pkg-config info,
otherwise fall back to using the original build system with RTE_SDK and
RTE_TARGET

This commit changes the makefiles for the basic examples, i.e. those which
do not have multiple subdirectories underneath the main examples dir.
Examples not covered are:

* ethtool
* multi_process
* performance-thread
* quota_watermark
* netmap_compat
* server_node_efd
* vm_power_manager

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: Luca Boccassi <bluca@debian.org>
2018-01-30 21:58:59 +01:00
Bruce Richardson
0eba4ade65 examples: put app name and sources at top of makefiles
Reorder the text in the makefiles, so that the app name and the source
files are listed first. This then will allow them to be shared later in a
combined makefile building with pkg-config and RTE_SDK-based build system.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: Luca Boccassi <bluca@debian.org>
2018-01-30 21:58:59 +01:00
Bruce Richardson
89f0711f9d examples: build some samples with meson
Add support for having selected example apps built as part of a meson,
ninja build. By default none are built, and those to be built should be
named directly in the -Dexamples='' meson configuration argument.

This is useful for developers working on a feature who want to use a
suitable example, or examples, to test that feature, as they can compile
everything up in one go, and run the example without having to do a ninja
install first.

This commit adds examples which don't consist of multiple apps in
subdirectories to the meson build, so they can be built by default by
passing -Dexamples parameter to meson.

Not included are the following examples:
* ethtool
* multi-process
* netmap_compat
* performance-thread
* quota_watermark
* server_node_efd
* vm_power_manager

To test the apps added here, use the following command, merged to one line,
to add them to your meson build (command to be run inside the build
directory):

meson configure -Dexamples=bbdev_app,bond,cmdline,distributor,\
	eventdev_pipeline_sw_pmd, exception_path,helloworld,\
	ip_fragmentation,ip_pipeline,ip_reassembly, ipsec-secgw,\
	ipv4_multicast,kni,l2fwd-cat,l2fwd-crypto,l2fwd-jobstats,\
	l2fwd-keepalive,l2fwd,l3fwd-acl,l3fwd-power,l3fwd-vf,l3fwd,\
	link_status_interrupt,load_balancer,packet_ordering,ptpclient,\
	qos_meter,qos_sched,rxtx_callbacks,skeleton,tep_termination,\
	timer,vhost,vhost_scsi,vmdq,vmdq_dcb

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: Luca Boccassi <bluca@debian.org>
2018-01-30 21:58:59 +01:00
Fan Zhang
a6b57a534d examples/ipsec_secgw: fix security session
Fixes: 3da37f6821 ("examples/ipsec_secgw: create session mempools for ethdevs")

Some NICs do not have the rte_security context, this patch fixes the segment fault
caused by this.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-29 20:22:33 +01:00
Neil Horman
a6ec31597a mk: add experimental tag check
Add checks during build to ensure that all symbols in the EXPERIMENTAL
version map section have __experimental tags on their definitions, and
enable the warnings needed to announce their use.  Also add an
ALLOW_EXPERIMENTAL_APIS define to allow individual libraries and files
to declare the acceptability of experimental api usage

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2018-01-29 23:35:29 +01:00
Radu Nicolau
6138c2daec examples/ipsec-secgw: try end in flow actions before fail
After trying RSS and Queue also try End for flow action
to allow for HW that don't support flow features with
inline crypto.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-01-20 16:10:53 +01:00
Nélio Laranjeiro
0bca1d2678 examples/ipsec-secgw: fix SPI byte order in flow item
SPI field is defined in the RFC2406 [1] as a big endian field it should be
provided in its final form to the drivers through RTE flow.

[1] https://tools.ietf.org/html/rfc2406

Fixes: ec17993a14 ("examples/ipsec-secgw: support security offload")
Cc: stable@dpdk.org

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-01-20 16:10:53 +01:00
Radu Nicolau
3da37f6821 examples/ipsec_secgw: create session mempools for ethdevs
Also moved offloaded packets from cryptodev queues

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-01-20 16:10:53 +01:00
Nélio Laranjeiro
a90e6ce62b examples/ipsec-secgw: add egress flow actions
Add egress flow create for devices supporting
RTE_SECURITY_TX_HW_TRAILER_OFFLOAD.

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-20 16:10:52 +01:00
Nélio Laranjeiro
a4677f7836 examples/ipsec-secgw: add target queues in flow actions
Mellanox INNOVA NIC needs to have final target queue actions to perform
inline crypto.

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
2018-01-20 16:10:52 +01:00
Nélio Laranjeiro
a4cde424aa examples/ipsec-secgw: fix missing ingress flow attribute
Generic flow API have both direction bits, ingress and egress for rules
which may work on both sides.

Fixes: ec17993a14 ("examples/ipsec-secgw: support security offload")
Cc: stable@dpdk.org

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
2018-01-20 16:10:52 +01:00
Akhil Goyal
2a5106af13 examples/ipsec-secgw: fix corner case for SPI value
IPSec application is using index 0 of SA table as error,
with current value of IPSEC_SA_MAX_ENTRIES(128) it can
not support SA with spi = 128, as it uses sa_idx = 0
in the SA table.

With this patch, sa_idx = 0 can also be used.

PS: spi = 0 is an invalid SPI and application throws error
for it.

Fixes: d299106e8e ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-20 16:10:52 +01:00
Akhil Goyal
84d4b5e4ec examples/ipsec-secgw: improve IPsec dequeue logic
Since the processing of crypto operations may take time
due to hardware offload, all the packets may not be available
in the single dequeue command.
So it may happen that there is leakage of cops, and there is
nobody to dequeue the packets because dequeue of crypto ops is
done only once for a particular queue pair even if it has more
packets in flight.

This patch dequeue the packets again if the inflight packets are
more than the max packet burst.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-20 16:10:52 +01:00
Akhil Goyal
27d822e88e examples/ipsec-secgw: update incremental checksum
When TTL is decremented or ecn is updated in IP header
before forwarding the packet, checksum needs to be updated.

In this patch an incremental checksum is added for ipv4 case.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-20 16:10:52 +01:00
Akhil Goyal
9ebafd1e3c examples/ipsec-secgw: update mbuf packet type
Packet_type should be updated to remove/add L4 type for
encrypted/decrypted packet

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-20 16:10:52 +01:00
Akhil Goyal
2c68fe7915 examples/ipsec-secgw: add cryptodev mask option
Previously, ipsec-secgw application did not give user the
flexibility to decide which crypto device(s) will be used.

In this patch, a new cryptodev_mask option is added to the
application. Same as portmask, the cryptodev_mask avails the
user to mask out the unwanted crypto devices in the system.

This patch is similar to the support added in l2fwd-crypto
(d2797f51cc: examples/l2fwd-crypto: add cryptodev mask option)

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-01-20 16:10:20 +01:00
Anoob Joseph
0ccfd14bc1 examples/ipsec-secgw: support inline protocol
Adding support for inline protocol processing

In ingress side, application will receive regular IP packets, without
any IPsec related info. Application will do a selector check (SP-SA
check) by making use of the metadata from the packet. The
device-specific metadata in mbuf would aid in determing the security
session which processed the packet.

In egress side, the plain packet would be submitted to the driver. The
packet will have optional metadata, which could be used to identify the
security session associated with the packet.

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-01-20 16:10:20 +01:00
Anoob Joseph
3de3a0418c examples/ipsec-secgw: fix usage of incorrect port
When security offload is enabled, the packet should be forwarded on the
port configured in the SA. Security session will be configured on that
port only, and sending the packet on other ports could result in
unencrypted packets being sent out.

This would have performance improvements too, as the per packet LPM
lookup would be avoided for IPsec packets, in inline mode.

Fixes: ec17993a14 ("examples/ipsec-secgw: support security offload")

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-20 16:08:34 +01:00
Shahaf Shuler
6162b8b376 examples/ipsec-secgw: convert to new ethdev offloads API
Ethdev offloads API has changed since:

commit ce17eddefc ("ethdev: introduce Rx queue offloads API")
commit cba7f53b71 ("ethdev: introduce Tx queue offloads API")

This commit support the new API.

Signed-off-by: Shahaf Shuler <shahafs@mellanox.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-16 18:47:49 +01:00
Bruce Richardson
3998e2a072 examples: use SPDX tag for Intel copyright files
Replace the BSD license header with the SPDX tag for files
with only an Intel copyright on them.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2018-01-04 22:41:39 +01:00
Radu Nicolau
376ee1dee8 examples/ipsec-secgw: fix build with gcc 4.5.1
On SUSE11 with gcc 4.5.1 the following build error occurred,
most likely because of improper handling of annonymous unions:

examples/ipsec-secgw/ipsec.c:87:4 error:
	unknown field ‘ipsec’ specified in initializer

Fixes: ec17993a14 ("examples/ipsec-secgw: support security offload")

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-11-10 02:48:33 +01:00
Bruce Richardson
015f9489c4 examples: remove dependency on PCI
All PCI functionality should be hidden from apps via the PCI bus driver,
the EAL and individual device drivers. Therefore remove the inclusion of
rte_pci.h from sample apps.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2017-11-07 21:55:36 +01:00
Thomas Monjalon
bfa9a8a460 mbuf: rename data address helpers to IOVA
The following inline functions and macros have been renamed to be
consistent with the IOVA wording:

rte_mbuf_data_dma_addr         -> rte_mbuf_data_iova
rte_mbuf_data_dma_addr_default -> rte_mbuf_data_iova_default
rte_pktmbuf_mtophys            -> rte_pktmbuf_iova
rte_pktmbuf_mtophys_offset     -> rte_pktmbuf_iova_offset

The deprecated functions and macros are kept to avoid breaking the API.

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
2017-11-06 22:44:26 +01:00
Radu Nicolau
1b028d5e81 examples/ipsec-secgw: fix build without security lib
Build fails when rte_security is disabled; make rte_security mandatory

Fixes: ec17993a14 ("examples/ipsec-secgw: support security offload")

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Tested-by: David Marchand <david.marchand@6wind.com>
2017-10-26 22:33:22 +02:00
Akhil Goyal
ec17993a14 examples/ipsec-secgw: support security offload
Ipsec-secgw application is modified so that it can support
following type of actions for crypto operations
1. full protocol offload using crypto devices.
2. inline ipsec using ethernet devices to perform crypto operations
3. full protocol offload using ethernet devices.
4. non protocol offload

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
2017-10-26 03:12:56 +02:00
Aviad Yehezkel
2a41fb7c65 examples/ipsec-secgw: convert IV to big endian
According to rfc4106 the IV should be unique and can be implemented
as counter.
The changed was created because putting an analyzer on wire and
comparing packets generated by this application and Linux kernel.
Linux kernel sets IV as BE, so it is worth to do the same for
future debug / comparison.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2017-10-25 18:11:01 +02:00
Aviad Yehezkel
4040126053 examples/ipsec-secgw: fix AAD length setting
Fixes: 501e9c226a ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Aviad Yehezkel
d00f38905c examples/ipsec-secgw: fix session creation
Search for session also with AEAD algorithms.

Fixes: 501e9c226a ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Aviad Yehezkel
15f81cbf65 examples/ipsec-secgw: fix crypto device mapping
AEAD algorithms were not being added in the mapping
between algorithms and crypto devices, only cipher and
authentication chained algorithms.

Fixes: 501e9c226a ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Radu Nicolau
bbabfe6e4e examples/ipsec_secgw: support jumbo frames
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Radu Nicolau
065179e483 examples/ipsec_secgw: switch to new offload API
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Tomasz Duszynski
b43a81319b examples/ipsec-secgw: fix IPv6 payload length
IPv6 payload length header field should contain only the number of bytes
following the IPv6 header and not the entire packet size.

Fixes: f159e70b09 ("examples/ipsec-secgw: support transport mode")
Fixes: 906257e965 ("examples/ipsec-secgw: support IPv6")
Cc: stable@dpdk.org

Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-10-25 18:10:42 +02:00
Tomasz Duszynski
3417350e7f examples/ipsec-secgw: fix IP version check
Since new_ip and ip4 are overlapping buffers copying ip4 over new_ip
using memmove() might overwrite memory at ip4. This could happen if
following condition holds:

ip_hdr_len > sizeof(struct esp_hdr) + sa->iv_len

Thus using ip4 to check ip version is wrong as it might not contain
proper value.

Fixes: f159e70b09 ("examples/ipsec-secgw: support transport mode")
Cc: stable@dpdk.org

Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Reviewed-by: Aviad Yehezkel <aviadye@mellanox.com>
2017-10-25 18:10:32 +02:00
Zhiyong Yang
47523597ff examples: fix port id type
Fixes: f8244c6399 ("ethdev: increase port id range")

Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2017-10-13 21:57:49 +02:00
Pablo de Lara
46a0547f9f cryptodev: rename ADD field
Additional Authenticated Data (AAD) is called "aad" in most
places of cryptodev, but it was called "add_auth_data"
in the AEAD transform transform (aead_xform).

This field is renamed to "aad_length" in order to keep
consistency.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2017-07-19 14:10:41 +03:00
Roman Zhukov
60efb44f73 examples: adjust Rx and Tx descriptors to device limits
Signed-off-by: Roman Zhukov <roman.zhukov@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
2017-07-08 18:47:00 +02:00