It's by design that APP can add a TM node without shaper
profile. But ixgbe doesn't support it currently.
Fixes: e0ff4d304c ("net/ixgbe: support adding TM node")
Fixes: 5713ade697 ("net/ixgbe: support committing TM hierarchy")
Cc: stable@dpdk.org
Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
It's by design that APP can add a TM node without shaper
profile. But i40e doesn't support it currently.
Fixes: 03a249b62b ("net/i40e: support adding TM node")
Fixes: cac29c3c00 ("net/i40e: support committing TM hierarchy")
Cc: stable@dpdk.org
Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Only queue nodes should be taken as leaf nodes, all
the other nodes are non-leaf nodes.
Correct it when getting the TM level capability.
Fixes: 596988e193 ("net/ixgbe: support getting TM level capability")
Cc: stable@dpdk.org
Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Only queue nodes should be taken as leaf nodes, all
the other nodes are non-leaf nodes.
Correct it when checking the parameters of the TM nodes.
Fixes: e0ff4d304c ("net/ixgbe: support adding TM node")
Cc: stable@dpdk.org
Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Only queue nodes should be taken as leaf nodes, all
the other nodes are non-leaf nodes.
Correct it when getting the TM level capability.
Fixes: 0fb1ef1e79 ("net/i40e: support getting TM level capability")
Cc: stable@dpdk.org
Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Only queue nodes should be taken as leaf nodes, all
the other nodes are non-leaf nodes.
Correct it when checking the parameters of the TM nodes.
Fixes: 03a249b62b ("net/i40e: support adding TM node")
Cc: stable@dpdk.org
Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
The four function declarations have no function implementation,
remove them.
Fixes: 0db70a8030 ("app/testpmd: add commands for filters")
Cc: stable@dpdk.org
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Ipsec-secgw application is modified so that it can support
following type of actions for crypto operations
1. full protocol offload using crypto devices.
2. inline ipsec using ethernet devices to perform crypto operations
3. full protocol offload using ethernet devices.
4. non protocol offload
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
The crypto action is specified by an application to request
crypto offload for a flow.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Reviewed-by: John McNamara <john.mcnamara@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
rte_flow_action type and ethdev updated to support rte_security
sessions for crypto offload to ethernet device.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Add security crypto flags and update mbuf fields to support
IPsec crypto offload for transmitted packets, and to indicate
crypto result for received packets.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
The ESP header is required for IPsec crypto actions.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Extend the Doxygen documentation of rte_cryptodev_info_get,
to describe how it returns the capabilities of a device.
Signed-off-by: Billy O'Mahony <billy.o.mahony@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Removes any dependency of librte_cryptodev on the PCI device
infrastructure code and removes the functions which were virtual
device specific.
Updates QAT crypto PMD to remove dependencies on rte_cryptodev_pci.h
and replaces those calls with the new bus independent functions.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Removes any dependency of librte_cryptodev on the virtual device
infrastructure code and removes the functions which were virtual
device specific.
Updates all virtual PMDs to remove dependencies on rte_cryptodev_vdev.h
and replaces those calls with the new bus independent functions.
Due to these changes, the cryptodev ABI version gets bumped.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Tomasz Duszynski <tdu@semihalf.com>
Adds new PMD assist functions which are bus independent for driver to
create and destroy new device instances.
Also includes function to parse parameters which can be passed to
driver on device initialisation.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
digest sizes are not a fixed value, but a range between
1 and the maximum digest size for those algorithms.
Fixes: 26c2e4ad5a ("cryptodev: add capabilities discovery")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
For AEAD algorithms, the physical address for the digest
was being set incorrectly.
Fixes: 2661f4fbe9 ("examples/l2fwd-crypto: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
According to rfc4106 the IV should be unique and can be implemented
as counter.
The changed was created because putting an analyzer on wire and
comparing packets generated by this application and Linux kernel.
Linux kernel sets IV as BE, so it is worth to do the same for
future debug / comparison.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Search for session also with AEAD algorithms.
Fixes: 501e9c226a ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
AEAD algorithms were not being added in the mapping
between algorithms and crypto devices, only cipher and
authentication chained algorithms.
Fixes: 501e9c226a ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Enable out of place buffer test cases in nxp dpaa2_sec
Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
IPv6 payload length header field should contain only the number of bytes
following the IPv6 header and not the entire packet size.
Fixes: f159e70b09 ("examples/ipsec-secgw: support transport mode")
Fixes: 906257e965 ("examples/ipsec-secgw: support IPv6")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
When compiling with an application that includes rte_cryptodev.h with
Ofast, an error is reported regarding enumeration
RTE_CRYPTO_OP_TYPE_UNDEFINED not handled in switch case in function
__rte_crypto_op_reset().
Fix this by adding a case for RTE_CRYPTO_OP_TYPE_UNDEFINED.
Fixes: c0f87eb525 ("cryptodev: change burst API to be crypto op oriented")
Cc: stable@dpdk.org
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Fix port id issues and keep variables related to port ids in
consistent data type definition "uint16_t".
Remove unnecessary cast in the meanwhile.
Fixes: f8244c6399 ("ethdev: increase port id range")
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
In case MUSDK dma memory has been already initialized by a different
driver (and perhaps do the different size) mv_sys_dma_mem_init()
will return -EEXIST error code.
Printing extra message makes it clear.
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Using non-existent configuration option for enabling debug
messages will actually never enable them.
Fixes: 8a61c83af2 ("crypto/mrvl: add mrvl crypto driver")
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Since CRYPTODEV_NAME_MRVL_CRYPTO_PMD is undefined RTE_STR() expands
it to "CRYPTODEV_NAME_MRVL_CRYPTO_PMD" instead of "crypto_mrvl".
This patch fixes that by using proper name definition in debug logs.
Fixes: 8a61c83af2 ("crypto/mrvl: add mrvl crypto driver")
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Since new_ip and ip4 are overlapping buffers copying ip4 over new_ip
using memmove() might overwrite memory at ip4. This could happen if
following condition holds:
ip_hdr_len > sizeof(struct esp_hdr) + sa->iv_len
Thus using ip4 to check ip version is wrong as it might not contain
proper value.
Fixes: f159e70b09 ("examples/ipsec-secgw: support transport mode")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Reviewed-by: Aviad Yehezkel <aviadye@mellanox.com>
The code would crash for segmented buffer if no check.
Fixes: 8d1f3a5d75 ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org
Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The code would crash in case of segmented buffer if no check
Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Since the packet lengths are modified, it is not required to
explicitly reset the ICV.
Fixes: 13273250ee ("crypto/dpaa2_sec: support AES-GCM and CTR")
Fixes: 8d1f3a5d75 ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org
Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Since the packet lengths are modified, it is not required to
explicitly reset the ICV.
Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
The unit test for flow classify should be disabled
if the library is disabled in the configuration.
Fixes: 9c9befea4f ("test: add flow classify unit tests")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bernard Iremonger <bernard.iremonger@intel.com>
Fixes: c711ccb309 ("ivshmem: remove library and its EAL integration")
Fixes: e8009a077d ("doc: group classification libraries in doxygen index")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: John McNamara <john.mcnamara@intel.com>
