Commit Graph

27783 Commits

Author SHA1 Message Date
Qi Zhang
03ed3e8b78 net/ice/base: support removing VSI from flow profile
Adding a function ice_flow_rem_vsi_prof() to remove flow entries
associated to the SW VSI handle. Once complete, clear the vsi index from
the flow profile bitmap. This will ensure that a VSI once removed
can be re-added and the package block rules will be added again.

Signed-off-by: Vignesh Sridhar <vignesh.sridhar@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Qiming Yang <qiming.yang@intel.com>
2021-04-13 16:25:24 +02:00
Qi Zhang
8ae24eff3e net/ice/base: cleanup code
1. There are a lots of function header mismatch its function name.
2. remove unnecessary header file include.
3. remove unnecessary macro.
4. remove unnecessary comment.

Signed-off-by: Dave Ertman <david.m.ertman@intel.com>
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Qiming Yang <qiming.yang@intel.com>
2021-04-13 16:19:01 +02:00
Radu Nicolau
3dc4a4d7e9 net/ice: use write combining store for tail on AVX512
Performance improvement: use a write combining store
instead of a regular mmio write to update queue tail
registers.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
2021-04-13 16:18:40 +02:00
Haiyue Wang
2ee14c8905 net/ixgbe: fix Rx errors statistics for UDP checksum
Restrict the "remove l3_l4_xsum_errors from rx_errors" to 82599 only for
hardware errata.

Fixes: 256ff05a9c ("ixgbe: fix Rx errors statistics for UDP checksum")
Cc: stable@dpdk.org

Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
2021-04-13 16:18:27 +02:00
Jiawei Wang
ca5eb60ecd net/mlx5: fix resource release for mirror flow
The mlx5 PMD allocated the resources of the sample actions, and then
moved these ones to the destination actions array. The original indices
were not cleared and the resources were referenced twice in the
flow object - as the fate actions and in the destination actions array.

This causes the failure on flow destroy because PMD tried to release the
same objects twice.

The patch clears the original indices, add the missed checking for zero
and eliminates multiple object releasing.

Fixes: 00c10c2211 ("net/mlx5: update translate function for mirroring")
Cc: stable@dpdk.org

Signed-off-by: Jiawei Wang <jiaweiw@nvidia.com>
Reviewed-by: Suanming Mou <suanmingm@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
2021-04-13 13:38:16 +02:00
Viacheslav Ovsiienko
4a750d2992 net/mlx4: fix RSS action with null hash key
If RSS action contains non zero hash key length and NULL
key buffer pointer the default hash key should be used.
The check for the NULL pointer this was missing in the mlx4
PMD causing crash, for example, in testpmd with command:

flow validate 0 ingress group 0
  pattern eth / ipv4 / end
  actions rss queues 0 end key_len 40 / end

Fixes: ac8d22de23 ("ethdev: flatten RSS configuration in flow API")
Cc: stable@dpdk.org

Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
2021-04-13 13:38:13 +02:00
Dong Zhou
cb299214a6 doc: update push/pop VLAN support in mlx5 guide
Updates the documentation for push/pop VLAN support. In E-Switch
mode, push VLAN on ingress traffic and pop VLAN in egress traffic
are both support.

Signed-off-by: Dong Zhou <dongzhou@nvidia.com>
Reviewed-by: Asaf Penso <asafp@nvidia.com>
2021-04-13 13:37:50 +02:00
Xiaoyu Min
c1d397a67e net/mlx5: fix redundant flow after RSS expansion
When RSS expand, if there is no expansion happened but completion
happened because user only input next protocol field instead of item
i.e, ether type == 0x8100 instead of VLAN, an extra flow is created with
missing item in order to filter traffic strictly.

However, after [1] and [2] the rte_flow_item_eth itself is enough to
filter out VLAN traffic, the VLAN item is not needed.

[1]: commit 09315fc838 ("ethdev: add VLAN attributes to ethernet and VLAN items")
[2]: commit 86b59a1af6 ("net/mlx5: support VLAN matching fields")

This redundant flow will cause failure in some scenarios on group 0 due
to they are the same FTE.

Fixes: fc2dd8dd49 ("ethdev: fix expand RSS flows")
Cc: stable@dpdk.org

Signed-off-by: Xiaoyu Min <jackmin@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
2021-04-13 13:23:01 +02:00
Alexander Kozyrev
61cfa035d3 net/mlx5: support 64-bit for modify field action
Extend the range of immediate value used in the MODIFY_FIELD action
from 32 to 64 bits to conform to the rte_flow_action_modify_data spec.
Apply appropriate big endian conversion to the immediate value
according to a destination field bit width.

Fixes: 641dbe4fb0 ("net/mlx5: support modify field flow action")
Cc: stable@dpdk.org

Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
2021-04-13 13:22:59 +02:00
Alexander Kozyrev
f70dcb2bab net/mlx5: fix modify field action endianness
Converting modify_field action masks to the big endian format is wrong
for small (less than 4 bytes) fields. Use the BE conversions appropriate
for a field size, not rte_cpu_to_be_32 for everything.

Fixes: 144127ba56 ("net/mlx5: adjust modify field action endianness")
Cc: stable@dpdk.org

Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
2021-04-13 13:22:57 +02:00
Alexander Kozyrev
102b46965d net/mlx5: fix modify field action order for IPv6
Mellanox hardware can only modify any packet field in 32-bit chunks,
which means 4 such chunks are needed to modify an IPv6 address.
The modification order of these chunks starts from the most significant
bits for the IPv6 address. That leads to confusing results when trying
to modify either source or destination address via the MODIFY_FIELD
action. Fix the order of 32-bit chunks for IPv6 addresses modification
by starting from the least significant bits.

Fixes: 641dbe4fb0 ("net/mlx5: support modify field flow action")
Cc: stable@dpdk.org

Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
2021-04-13 13:22:55 +02:00
Tal Shnaiderman
d5003573ac net/mlx5: fix link speed calculation on Windows
In Windows DevX returns the rate of the current link speed
in bit/s, this rate was converted to Mibit/s instead of the Mbit/s
rate expected by DPDK resulting in wrong link speed reporting.

Fixes: 6fbd73709e ("net/mlx5: support link update on Windows")
Cc: stable@dpdk.org

Signed-off-by: Tal Shnaiderman <talshn@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
2021-04-13 13:22:54 +02:00
Alexander Kozyrev
edf325d421 net/mlx5: check extended metadata for meta modification
The MODIFY_FIELD action requires the extended metadata support
in order to manipulate on METADATA register as well as on MARK register.
Check if it is supported and reject the MODIFY_FIELD action if it is not
just like it was done before for the MARK register modifications.

Fixes: 0588d64ffd ("net/mlx5: check extended metadata for mark modification")
Cc: stable@dpdk.org

Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
2021-04-13 13:22:44 +02:00
Jeff Guo
3334513ef4 net/iavf: support flow director for IP fragment
New FDIR parsing are added to handle the fragmented IPv4/IPv6 packet.

Signed-off-by: Ting Xu <ting.xu@intel.com>
Signed-off-by: Jeff Guo <jia.guo@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
2021-04-13 11:32:37 +02:00
Jeff Guo
1f937190cf net/iavf: support RSS hash for IP fragment
New pattern and RSS hash flow parsing are added to handle fragmented
IPv4/IPv6 packets.

Signed-off-by: Ting Xu <ting.xu@intel.com>
Signed-off-by: Jeff Guo <jia.guo@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
2021-04-13 11:31:57 +02:00
Jeff Guo
e6a42fd915 common/iavf: add protocol header for IP fragment
Add new virtchnl protocol header type and fields for IP fragment packets
to support RSS hash and FDIR.

Signed-off-by: Ting Xu <ting.xu@intel.com>
Signed-off-by: Jeff Guo <jia.guo@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
2021-04-13 11:31:25 +02:00
Wenwu Ma
f4b6eb2b91 net/ice: fix illegal access when removing MAC filter
When removing the mac filter in ice_remove_all_mac_vlan_filters(),
TAILQ_FOREACH_SAFE should be used instead of TAILQ_FOREACH,
Otherwise, it will result in a illegal pointer access.

Fixes: e0dcf94a0d ("net/ice: support VLAN ops")
Cc: stable@dpdk.org

Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
Tested-by: Zhihong Peng <zhihongx.peng@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
2021-04-13 08:43:02 +02:00
Alvin Zhang
ddbc8c16a9 net/e1000: fix max Rx packet size
According to E1000_ETH_OVERHEAD definition, max_rx_pkt_len contains
one VLAN tag size. Therefore when config RLPML register, if dual VLAN
not enabled there is no need to add VLAN tag size to max_rx_pkt_len,
otherwise only one another VLAN tag size should be added to.

Fixes: e51abef393 ("igb: fix max RX packet size and support dual VLAN")
Cc: stable@dpdk.org

Signed-off-by: Alvin Zhang <alvinx.zhang@intel.com>
Tested-by: Lingli Chen <linglix.chen@intel.com>
Acked-by: Haiyue Wang <haiyue.wang@intel.com>
2021-04-13 07:27:57 +02:00
Lingyu Liu
b0e539f260 net/ice: extend invalid RSS combinations
When create a rule with following invalid RSS type combinations,
it should fail.

Invalid RSS combinations list:
- ETH_RSS_IPV4 | ETH_RSS_NONFRAG_IPV4_TCP
- ETH_RSS_IPV6 | ETH_RSS_NONFRAG_IPV6_TCP

This patch adds these combinations in 'invalid_rss_comb' array to
do valid check, if the combination check failed, the rule will be
created failed.

Signed-off-by: Lingyu Liu <lingyu.liu@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
2021-04-13 07:14:30 +02:00
John Daley
68b6e6e694 net/enic: fix completion pointer calculation
The completion queue index could be implicitly extended past its
uint16_t size when multiplied by the size of the descriptor. While
this should not be a problem, coverity flags it. Do the extension
explicitly by casting the index to uintptr_t.

Coverity issue: 161317
Fixes: 8b428cb5a9 ("net/enic: use 64B completion queue entries if available")
Cc: stable@dpdk.org

Signed-off-by: John Daley <johndale@cisco.com>
Reviewed-by: Hyong Youb Kim <hyonkim@cisco.com>
2021-04-13 12:30:41 +02:00
Ivan Malov
8076e40cde common/sfc_efx/base: fix indication of MAE encap support
The indication fields in the MCDI response are individual
bits, but the current code mistakenly compares the larger
dword with 1. This breaks encap. type discovery. Fix that.

Fixes: 891408c45a ("common/sfc_efx/base: indicate MAE support for encapsulation")
Cc: stable@dpdk.org

Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>
2021-04-13 12:00:22 +02:00
Chengchang Tang
6d360284df net/hns3: fix configure FEC when concurrent with reset
Currently, after the reset is complete, the PMD restores the FEC
according to the FEC configuration reserved in the driver. If there is a
concurrency between the FEC setup operation and the restore operation
after a reset, the FEC status of the last hardware may be unknown.

This patch adds the step of obtaining the lock when setting the FEC to
avoid concurrency between restore operation and setting operation.

Fixes: 9bf2ea8dbc ("net/hns3: support FEC")
Cc: stable@dpdk.org

Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 11:13:41 +02:00
Chengchang Tang
18da3c854b net/hns3: fix queue state when concurrent with reset
At the end of the reset, the state of queues need to be restored
according to the states saved in the driver. If the start and stop
operations of the queues are concurrent at this time, it may cause the
final status to be uncertain.

This patch requires queues to acquire the hw lock before starting and
stopping. If the device is being restored due to reset at this time, it
will block until the reset is completed.

Fixes: fa29fe45a7 ("net/hns3: support queue start and stop")
Cc: stable@dpdk.org

Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 11:13:41 +02:00
Chengchang Tang
fde636caf4 net/hns3: fix timing in resetting queues
During the task queue pairs reset, the getimeofday is used to obtain the
timestamp to determine whether the command execution times out. But
gettimeofday is not monotonous, it can be modified by system
administrators, so the timing may not be accurate or even cause the loop
to wait consistently.
And actually, in this scenario, it is not necessary to obtain the
timestamp.

This patch removes the operation of obtaining the timestamp from the task
queue pairs reset function.

Fixes: bba6366983 ("net/hns3: support Rx/Tx and related operations")
Cc: stable@dpdk.org

Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 11:13:41 +02:00
Chengwen Feng
1f303606e8 net/hns3: fix some packet types
Currently, the packet type calculated by
vlan/ovlan/l3id/l4id/ol3id/ol4id fields have the following problems:
1) Identify error when exist VLAN strip which will lead to the data
   buffer has non VLAN header but mbuf's ptype have L2_ETHER_VLAN flag.
2) Some packet identifies error, eg: hardware report it's RARP or
   unknown packet, but ptype will marked with L2_ETHER .

So driver will calculate packet type only by l3id/l4id/ol3id/ol4id
fields.

Fixes: 0e98d5e6d9 ("net/hns3: fix packet type report in Rx")
Fixes: bba6366983 ("net/hns3: support Rx/Tx and related operations")
Cc: stable@dpdk.org

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 11:13:41 +02:00
Hongbo Zheng
f9f24ecd79 net/hns3: fix concurrent interrupt handling
Currently, if RAS interrupt and FLR occurred at the same time, FLR will
be detected and corresponding schedule state will be set during RAS
interrupt processing. However, the schedule state value will be
overridden in subsequent RAS processing, resulting in FLR processing
failure. This patch solves this problem.

Fixes: 2790c64647 ("net/hns3: support device reset")
Cc: stable@dpdk.org

Signed-off-by: Hongbo Zheng <zhenghongbo3@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 11:13:41 +02:00
Min Hu (Connor)
dfca14a3a5 net/hns3: fix rollback in PF init
This patch adds rollback processing when updating imissed
stats failed in PF init.

Fixes: 3e9f3042d7 ("net/hns3: add imissed packet stats")

Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 11:13:41 +02:00
Chengwen Feng
7e2e162ed0 net/hns3: simplify selecting Rx/Tx function
Currently, there are four control variables (rx_simple_allowed,
rx_vec_allowed, tx_simple_allowed and tx_vec_allowed) which are used
to impact the selection of Rx/Tx burst function.

The purpose of the design is to provide a way to control the selection
of Rx/Tx burst function by modifying it's values, but these variables
have no entry to modify unless make intrusive modifications.

Now we already support runtime config to select Rx/Tx function, these
variables could be removed.

Fixes: a124f9e959 ("net/hns3: add runtime config to select IO burst function")

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 11:13:41 +02:00
Chengwen Feng
7feb2aee0e net/hns3: log selected datapath
This patch adds debug info for Rx/Tx burst function which was choosing.

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 11:11:08 +02:00
Chengwen Feng
3b37cbe617 net/hns3: refactor PF LSC event report
Currently, PF driver will report lsc when it detects the link status
change, it's not a generic implementation.

We refactor PF lsc event report by following scheme:
1. PF driver marks RTE_PCI_DRV_INTR_LSC in rte_pci_driver by default.
2. In the init stage, PF driver will detect whether firmware supports
   lsc interrupt or not, driver will clear RTE_ETH_DEV_INTR_LSC flag if
   firmware doesn't support lsc interrupt.
3. PF driver will report lsc event only when dev_conf.intr_conf.lsc is
   set.

Note: If the firmware supports lsc interrupt, we also keep periodic
polling to deal with the interrupt loss.

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 02:44:20 +02:00
Chengwen Feng
9bc2289fe5 net/hns3: refactor VF LSC event report
Currently, VF driver periodically obtains link status from PF kernel
driver, and reports lsc event when detects link status change. Because
the period is 1 second, it's probably too late to report especially
in such as bonding scenario.

To solve this problem we use the following scheme:
1. PF kernel driver support immediate push link status to all VFs when
   it detects the link status changes.
2. VF driver will detect PF kernel driver whether support push link
   status in device init stage by sending request link info mailbox
   message to PF, PF then tell VF the push capability by extend
   HNS3_MBX_LINK_STAT_CHANGE mailbox message.
3. VF driver marks RTE_PCI_DRV_INTR_LSC in rte_pci_driver by default,
   when it detects PF doesn't support push link status then it will clear
   RTE_ETH_DEV_INTR_LSC flag.

So if PF kernel driver supports push link status to VF, then VF driver
will have RTE_ETH_DEV_INTR_LSC capability.

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-13 02:44:20 +02:00
Lance Richardson
9fdba32788 test: fix TCP header initialization
Initialize TCP data offset field with TCP header length, this
field is used to derive L4 header length and by hardware to
validate a TCP header.

Fixes: 41f72ec940 ("test: add packet burst generator functions")
Cc: stable@dpdk.org

Signed-off-by: Lance Richardson <lance.richardson@broadcom.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2021-04-09 12:43:25 +02:00
Hemant Agrawal
d2df6e2cc5 app/testpmd: fix missing MPLS tokens for RSS
This patch adds missing MPLS tokens in for RSS config.

Fixes: d810252857 ("ethdev: add MPLS RSS offload type")
Cc: stable@dpdk.org

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2021-04-09 11:58:03 +02:00
Gregory Etelson
f8e7132572 ethdev: fix VXLAN mask initialization
In GCC compiler, __builtin_constant_p(exp) is a function.
The function returns the integer 1 if the argument is known to be
a compile-time constant.
Therefore, __builtin_constant_p(0xffffff << 8) returned 1.
As the result, rte_flow_item_vxlan_mask was initiated to
{{
  {flags = 0x0, rsvd0 = {0x0, 0x0, 0x0},
   vni = {0x0, 0x0, 0x0}, rsvd1 = 0x1},
  hdr = {vx_flags = 0x0, vx_vni = 0x1000000}}}
}}
GCC fails initialization
rte_flow_item_vxlan_mask.hdr.vni = (0xffffff << 8)
with "initializer element is not a constant expression" error.
Use immediate 0xffffff00 value instead.

Fixes: 43af98e687 ("ethdev: reuse VXLAN header definition in flow item")

Signed-off-by: Gregory Etelson <getelson@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Reviewed-by: Ivan Malov <ivan.malov@oktetlabs.ru>
2021-04-09 11:27:40 +02:00
Dmitry Kozlyuk
74299cc759 buildtools: fix all drivers disabled on Windows
buildtools/list-dir-globs.py printed paths with OS directory separator,
which is "/" on Unices and "\" on Windows, while Meson code always
expected "/". This resulted in all drivers being disabled on Windows.

Replace "\" with "/" in script output. Forward slash is a valid,
although non-default, separator on Windows, so no paths can be broken
by this substitution.

Fixes: ab9407c3ad ("build: allow using wildcards to disable drivers")
Cc: stable@dpdk.org

Signed-off-by: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
2021-04-17 12:49:23 +02:00
Asaf Penso
d1355fcc46 doc: add links for build requirements per OS
To compile with meson some dependencies should be installed.
Section "Getting the Tools" describes what needed, but per
OS there are additional steps to do.

Add links to Linux, FreeBSD, and Windows guide for more info.

Signed-off-by: Asaf Penso <asafp@nvidia.com>
2021-04-17 12:37:38 +02:00
Jie Zhou
b729b3c039 doc: update minimum required Meson version for Windows
Meson with Windows clang generates incorrect linker flag
"--subsystem,console" instead of "/subsystem:console" which
will fail the DPDK build. This is discovered at porting testpmd.

Meson 0.57.0 has the fix and should be used for DPDK Windows build.
Update the WindowsGSG DPDK Build document for the proper meson version.

Signed-off-by: Jie Zhou <jizh@microsoft.com>
Acked-by: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
2021-04-16 19:52:58 +02:00
Gabriel Ganne
8c10530836 build: update minimum required Meson version
Bump Meson required version to 0.49.2 which is chosen so as
to be provided by both redhat-8 and debian-10.

Update documentation and travis setup script accordingly.

This fixes the following warning:
WARNING: Project targeting '>= 0.47.1' but tried to use feature introduced
         in '0.48.0': console arg in custom_target

'console' argument is used within kernel/linux/kni/meson.build

Signed-off-by: Gabriel Ganne <gabriel.ganne@6wind.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
2021-04-16 18:51:51 +02:00
Shiri Kuzin
3ea6ee38ec examples/l2fwd-crypto: remove key size validation
In the example application the key can be provided by the user or
generated randomly by the example application.

Then a validation is done in order to check if the key size is
supported in the algorithm capabilities.

A new feature flag is added in crypto PMDs to allow wrapped keys,
hence, to allow wrapped keys, app should remove the validation of
key size in the application and rely on a PMD key size validation.

The validation is removed in case the key is provided by user and
the RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY feature flag is set, and
kept in case the key should be generated by the application or
RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY is not set.

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Matan Azrad
07b0b75370 cryptodev: formalize key wrap method in API
The Key Wrap approach is used by applications in order to protect keys
located in untrusted storage or transmitted over untrusted
communications networks. The constructions are typically built from
standard primitives such as block ciphers and cryptographic hash
functions.

The Key Wrap method and its parameters are a secret between the keys
provider and the device, means that the device is preconfigured for
this method using very secured way.

The key wrap method may change the key length and layout.

Add a description for the cipher transformation key to allow wrapped key
to be forwarded by the same API.

Add a new feature flag RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY to be enabled
by PMDs support wrapped key in cipher trasformation.

Signed-off-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Fan Zhang
c21574edc5 cryptodev: add dequeue count parameter in raw API
This patch changes the experimental raw data path dequeue burst API.
Originally the API enforces the user to provide callback function
to get maximum dequeue count. This change gives the user one more
option to pass directly the expected dequeue count.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Tejasree Kondoj
398b70cbbb crypto/octeontx2: support lookaside IPv4 transport mode
Adding support for IPv4 lookaside IPsec transport mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Tejasree Kondoj
9a1cc8f1ed examples/ipsec-secgw: support UDP encapsulation
Adding lookaside IPsec UDP encapsulation support
for NAT traversal.
Application has to add udp-encap option to sa config file
to enable UDP encapsulation on the SA.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2021-04-16 12:43:33 +02:00
Tejasree Kondoj
0ff065d096 crypto/octeontx2: support UDP encapsulation
Adding UDP encapsulation support for IPsec in
lookaside protocol mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Matan Azrad
d014dddb2d cryptodev: support multiple cipher data-units
In cryptography, a block cipher is a deterministic algorithm operating
on fixed-length groups of bits, called blocks.

A block cipher consists of two paired algorithms, one for encryption
and the other for decryption. Both algorithms accept two inputs:
an input block of size n bits and a key of size k bits; and both yield
an n-bit output block. The decryption algorithm is defined to be the
inverse function of the encryption.

For AES standard the block size is 16 bytes.
For AES in XTS mode, the data to be encrypted\decrypted does not have to
be multiple of 16B size, the unit of data is called data-unit.
The data-unit size can be any size in range [16B, 2^24B], so, in this
case, a data stream is divided into N amount of equal data-units and
must be encrypted\decrypted in the same data-unit resolution.

For ABI compatibility reason, the size is limited to 64K (16-bit field).
The new field dataunit_len is inserted in a struct padding hole,
which is only 2 bytes long in 32-bit build.
It could be moved and extended later during an ABI-breakage window.

The current cryptodev API doesn't allow the user to select a specific
data-unit length supported by the devices.
In addition, there is no definition how the IV is detected per data-unit
when single operation includes more than one data-unit.

That causes applications to use single operation per data-unit even though
all the data is continuous in memory what reduces datapath performance.

Add a new feature flag to support multiple data-unit sizes, called
RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS.
Add a new field in cipher capability, called dataunit_set,
where the devices can report the range of the supported data-unit sizes.
Add a new cipher transformation field, called dataunit_len, where the user
can select the data-unit length for all the operations.

All the new fields do not change the size of their structures,
by filling some struct padding holes.
They are added as exceptions in the ABI check file libabigail.abignore.

Using a bitmap to report the supported data-unit sizes capability allows
the devices to report a range simply as same as the user to read it
simply. also, thus sizes are usually common and probably will be shared
among different devices.

Signed-off-by: Matan Azrad <matan@nvidia.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Arek Kusztal
935da450b4 crypto/qat: fix offset for out-of-place scatter-gather
This commit fixes problem with to small offset when both offsets
(auth, cipher) are non zero in digest encrypt case,
when using out-of-place and sgl.

Fixes: 40002f6c2a ("crypto/qat: extend support for digest-encrypted auth-cipher")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
2021-04-16 12:43:33 +02:00
Adam Dybkowski
45fe9ea971 crypto/qat: support single-pass GMAC on GEN3
This patch implements Single-Pass AES-GMAC possible on QAT GEN3
which improves the performance. On GEN1 and GEN2 the previous
chained method is used.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
2021-04-16 12:43:33 +02:00
Adam Dybkowski
abc64f1075 app/crypto-perf: close device after benchmark run
This patch adds closing of the PMD after running the benchmark.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Adam Dybkowski
97f13c97eb test/crypto: close device after tests
This patch adds closing of the PMD after running the tests.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Rohit Raj
62c0b4484c examples/l2fwd-crypto: fix packet length while decryption
There were some padding left when a packet gets decrypted. This
patch removes those padding.
This patch also removes the padding left after verifying auth of
the packet.

Fixes: e2cdfbd07c ("examples/l2fwd-crypto: fix port id type")
Cc: stable@dpdk.org

Signed-off-by: Rohit Raj <rohit.raj@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00