The functions rte_service_may_be_active(), rte_service_lcore_attr_get(),
and rte_service_attr_reset_all() were introduced nearly a year ago in DPDK
18.08. They can be considered non-experimental for the 19.08 release.
rte_service_may_be_active() is used by the sw PMD, and this commit allows
it to not need any experimental API.
Signed-off-by: Gage Eads <gage.eads@intel.com>
Fix npa pool range errors observed while creating mempool, this issue
happens when mempool objects are from different mem segments.
During mempool creation, octeontx2 mempool driver populates pool range
fields before enqueuing the buffers. If any enqueue or dequeue operation
reaches npa hardware prior to the range field's HW context update,
those ops result in npa range errors. Patch adds a routine to read back
HW context and verify if range fields are updated or not.
Fixes: e5271c507aeb ("mempool/octeontx2: add remaining slow path ops")
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
As per the documentation to use any IP offload features, application
must set required offload flags into mbuf->ol_flags.
Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
As per the documentation to use any IP offload features, application
must set required offload flags into mbuf->ol_flags.
Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Currently PKT_TX_IP_CKSUM is being set into mbuf->ol_flags
during fragmentation and reassemble operation implicitly.
Because of this, application is forced to use checksum offload
whether it is supported by platform or not.
Also documentation does not provide any expected value of ol_flags
in returned mbuf (reassembled or fragmented) so application will never
come to know that which offloads are enabled. So transmission may be failed
for the platforms which does not support checksum offload.
Also, IPv6 does not contain any checksum field in header so setting
mbuf->ol_flags with PKT_TX_IP_CKSUM is itself invalid.
So removing mentioned flag from the library.
Signed-off-by: Sunil Kumar Kori <skori@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Unit test and perf test for MCS queued lock.
Signed-off-by: Phil Yang <phil.yang@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
If there are multiple threads contending, they all attempt to take the
spinlock lock at the same time once it is released. This results in a
huge amount of processor bus traffic, which is a huge performance
killer. Thus, if we somehow order the lock-takers so that they know who
is next in line for the resource we can vastly reduce the amount of bus
traffic.
This patch added MCS lock library. It provides scalability by spinning
on a CPU/thread local variable which avoids expensive cache bouncings.
It provides fairness by maintaining a list of acquirers and passing the
lock to each CPU/thread in the order they acquired the lock.
Signed-off-by: Phil Yang <phil.yang@arm.com>
Reviewed-by: Steve Capper <steve.capper@arm.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
sPAPR allows only page_shift from VFIO_IOMMU_SPAPR_TCE_GET_INFO ioctl.
However, Linux 4.17 or before returns incorrect page_shift for Power9.
I added the code for retrying creation of sPAPR DMA window.
Signed-off-by: Takeshi Yoshimura <tyos@jp.ibm.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
The existing code is enabling the Tx queues as per
the number of lcore count, which is causing issue
in case of secondary process running on different number
of cores.
This patch fixes the Tx queues to number of DPAA cores,
which helps in using fixed number of Tx queues across
processes access.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
1. need to use the bpool with rte_malloc instead of rte_free
2. Option to give portal to the secondary process thread.
Signed-off-by: Radu Bulie <radu-andrei.bulie@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Tested-by: Akhil Goyal <akhil.goyal@nxp.com>
Parse and find_device have specific function - former is for parsing a
string passed as argument, whereas the later is for iterating over all
the devices in the bus and calling a callback/handler. They have been
corrected with their right operations to support hotplugging/devargs
plug/unplug calls.
Support for plug/unplug too has been added.
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch updates the ipsec-secgw application to support
header reconstruction. In addition a series of tests have
been added to prove the implementation's correctness.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Add support for RFC 4301(5.1.2) to update of
Type of service field and Traffic class field
bits inside ipv4/ipv6 packets for outbound cases
and inbound cases which deals with the update of
the DSCP/ENC bits inside each of the fields.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Adding LDPC vectors for UT verification, coverage,
and profiling for 5GNR encode/decode operations.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
Extending test framework for FEC 5GNR operations
for UT verification and profiling.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
This now includes steps to build with either
libraries for AVX2, or AVX512 or no dependency.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
Implementation still based on Intel SDK libraries
optimized for AVX512 instructions set and 5GNR.
This can be also build for AVX2 for 4G capability or
without SDK dependency for maintenance.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
The documentation captures the related change in
BBDEV API to support 5GNR encode/decode operations.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
Extension to BBDEV operations to support 5G
on top of existing 4G operations.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
Renaming of the enums and structure which were LTE specific to
allow for extension and support for 5GNR operations.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
This patch makes unsupported tests visible in
the testsuite summary.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds test cases for wireless in-place
and out-of-place auth-cipher operations with
scatter-gather lists as input and output mbufs.
Test cases include buffer appended digest
generation with encryption and buffer decryption
with appended digest verification.
It also adds cases where digest is encrypted
only partially.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds test cases for kasumi in-place
and out-of-place auth-cipher operations. Test
cases include buffer appended digest generation
with encryption and buffer decryption with
appended digest verification.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds test cases for zuc in-place
and out-of-place auth-cipher operations. Test
cases include buffer appended digest generation
with encryption and buffer decryption with
appended digest verification.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds test cases for snow3g in-place
and out-of-place auth-cipher operations. Test
cases include buffer appended digest generation
with encryption and buffer decryption with
appended digest verification.
It also adds cases where digest is encrypted
only partially.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds condition to be met when using
out-of-place auth-cipher operations. It checks
if the digest location overlaps with the data to
be encrypted or decrypted and if so, treats as a
digest-encrypted case.
Patch adds checking, if the digest is being
encrypted or decrypted partially and extends PMD
buffers accordingly.
It also adds feature flag for QuickAssist
Technology to emphasize it's support for digest
appended auth-cipher operations.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Some PMDs can only support digest being
encrypted separately in auth-cipher operations.
Thus it is required to add feature flag in PMD
to reflect if it does support digest-appended
both: digest generation with encryption and
decryption with digest verification.
This patch also adds information about new
feature flag to the release notes.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch explains what are the conditions
and how to use digest appended for auth-cipher
operations.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
In case big number need to be freed, data it contains should
also be cleared before especially if it is critical data like
private keys.
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
When a cryptodev is created in a primary process,
rte_cryptodev_data_alloc reserves a memzone.
However, this memzone was not released when the cryptodev
is uninitialized. After that, new cryptodev cannot be
created due to memzone name conflict.
This commit frees the memzone when a cryptodev is
uninitialized, fixing this bug. This approach is chosen
instead of keeping and reusing the old memzone, because
the new cryptodev could belong to a different NUMA socket.
Also, rte_cryptodev_data pointer is now properly recorded
in cryptodev_globals.data array.
Bugzilla ID: 105
Signed-off-by: Junxiao Shi <git@mail1.yoursunny.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Set freed cop pointers to NULL
Set other freed pointers to NULL instead of 0
Fixes: 05fe65eb66b2 ("test/ipsec: introduce functional test")
Cc: stable@dpdk.org
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add simple test-case with all traffic in BYPASS mode.
Useful for some basic test of your network environment.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Add optional ability to fragment packet bigger then mtu,
and reassemble fragmented packet.
To minimize possible performance effect, reassembly is
implemented as RX callback.
To support these features ipsec-secgw relies on librte_ipsec ability
to handle multi-segment packets.
Also when reassemble/fragmentation support is enabled, attached
crypto devices have to support 'In Place SGL' offload capability.
To enable/disable this functionality, two new optional command-line
options are introduced:
--reassemble <val> - number of entries in reassemble table
--mtu <val> - MTU value for all attached ports
As separate '--mtu' option is introduced, '-j <val>' option is now used
to specify mbuf data buffer size only.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
for packets smaller then 64B some NICs reports pkt_len=64B.
As ipsec-secgw (and librte_ipsec) relies on pkt_len value to determine
payload length, that causes problems for small packets.
To fix the issue, check that pkt_len matches values in IPv4/IPv6 header
and re-adjust pkt_len if necessary.
Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Application ipsec-secgw is not working for IPv4 transport mode and for
IPv6 both transport and tunnel mode.
IPv6 tunnel mode is not working due to wrongly assigned fields of
security association patterns, as it was IPv4, during creation of
inline crypto session.
IPv6 and IPv4 transport mode is iterating through security capabilities
until it reaches tunnel, which causes session to be created as tunnel,
instead of transport. Another issue, is that config file does not
provide source and destination ip addresses for transport mode, which
are required by NIC to perform inline crypto. It uses default addresses
stored in security association (all zeroes), which causes dropped
packages.
To fix that, reorganization of code in create_session() is needed,
to behave appropriately to given protocol (IPv6/IPv4). Change in
iteration through security capabilities is also required, to check
for expected mode (not only tunnel).
For lack of addresses issue, some resolving mechanism is needed.
Approach is to store addresses in security association, as it is
for tunnel mode. Difference is that they are obtained from sp rules,
instead of config file. To do that, sp[4/6]_spi_present() function
is used to find addresses based on spi value, and then stored in
corresponding sa rule. This approach assumes, that every sp rule
for inline crypto have valid addresses, as well as range of addresses
is not supported.
New flags for ipsec_sa structure are required to distinguish between
IPv4 and IPv6 transport modes. Because of that, there is need to
change all checks done on these flags, so they work as expected.
Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload")
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: stable@dpdk.org
Signed-off-by: Mariusz Drost <mariuszx.drost@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
When ixgbe_crypto_add_sa() is called, it checks whether the ip type is
IPv6 or IPv4 to write correct addresses to the registers. Type itself
is never specified, and act as IPv4, which is the default value.
It causes lack of support for IPv6.
To fix that, ip type needs to be stored in device private data, based on
crypto session ip type field, before the checking is done.
Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload")
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: stable@dpdk.org
Signed-off-by: Mariusz Drost <mariuszx.drost@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Currently, there's no return status check from lcore's jobs.
In case of fail - crypto-perf tool returns success anyway.
This patch adds such a detection and returns proper status at the end.
Fixes: ce8af1a4398d ("app/crypto-perf: wait for cores launched by app")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Jozwiak <tjozwiakgm@gmail.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch changes 'only_once' variable to 'display_once',
which should be atomic type due to fact, that all runner functions
can be executed in paraller way on different lcores.
Fixes: df52cb3b6e13 ("app/crypto-perf: move verify as single test type")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Jozwiak <tjozwiakgm@gmail.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Turbo_sw PMD driver now building with meson/ninja
with or without SDK libraries.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Kamil Chalupnik <kamilx.chalupnik@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Adding compile flag to allow to build the turbo_sw PMD
without dependency to have the SDK libraries installed.
Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Add dump_grp_pkt() function.
Dump invalid mbuf data in case of error in group tests 12 and 13.
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Add extra test configuration for BURST_SIZE packets
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Error log messages after the create_sa() function calls
were using the wrong function name.
The function name is replaced with create_sa.
Fixes: 05fe65eb66b2 ("test/ipsec: introduce functional test")
Cc: stable@dpdk.org
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
