Commit Graph

10453 Commits

Author SHA1 Message Date
Zhiyong Yang
84656cb7c9 app/testpmd: remove useless function declarations
The four function declarations have no function implementation,
remove them.

Fixes: 0db70a8030 ("app/testpmd: add commands for filters")
Cc: stable@dpdk.org

Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2017-10-26 02:33:00 +02:00
Akhil Goyal
ec17993a14 examples/ipsec-secgw: support security offload
Ipsec-secgw application is modified so that it can support
following type of actions for crypto operations
1. full protocol offload using crypto devices.
2. inline ipsec using ethernet devices to perform crypto operations
3. full protocol offload using ethernet devices.
4. non protocol offload

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
2017-10-26 03:12:56 +02:00
Akhil Goyal
0a23d4b6f4 crypto/dpaa2_sec: support protocol offload IPsec
Driver implementation to support rte_security APIs

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2017-10-26 03:12:41 +02:00
Radu Nicolau
9a0752f498 net/ixgbe: enable inline IPsec
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
2017-10-26 03:12:34 +02:00
Akhil Goyal
40ff8c99ea doc: add details of security library
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
2017-10-26 03:11:06 +02:00
Akhil Goyal
c261d1431b security: introduce security API and framework
rte_security library provides APIs for security session
create/free for protocol offload or offloaded crypto
operation to ethernet device.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
2017-10-26 03:10:51 +02:00
Boris Pismenny
60fb11ff05 ethdev: add flow action for crypto
The crypto action is specified by an application to request
crypto offload for a flow.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Reviewed-by: John McNamara <john.mcnamara@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
2017-10-26 03:10:41 +02:00
Declan Doherty
4c270218aa ethdev: support security APIs
rte_flow_action type and ethdev updated to support rte_security
sessions for crypto offload to ethernet device.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2017-10-26 03:10:32 +02:00
Boris Pismenny
1e84afd390 mbuf: add security crypto flags and fields
Add security crypto flags and update mbuf fields to support
IPsec crypto offload for transmitted packets, and to indicate
crypto result for received packets.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
2017-10-26 03:10:13 +02:00
Boris Pismenny
d4b684f719 net: add ESP header to generic flow steering
The ESP header is required for IPsec crypto actions.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
2017-10-26 03:09:59 +02:00
Akhil Goyal
eadb4fa1e1 cryptodev: support security APIs
Security ops are added to crypto device to support
protocol offloaded security operations.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
2017-10-26 03:09:51 +02:00
Billy O'Mahony
e297a47fb3 cryptodev: extend info get function documentation
Extend the Doxygen documentation of rte_cryptodev_info_get,
to describe how it returns the capabilities of a device.

Signed-off-by: Billy O'Mahony <billy.o.mahony@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2017-10-25 18:11:27 +02:00
Declan Doherty
b1ce0ad9e8 cryptodev: break dependency on PCI device bus
Removes any dependency of librte_cryptodev on the PCI device
infrastructure code and removes the functions which were virtual
device specific.

Updates QAT crypto PMD to remove dependencies on rte_cryptodev_pci.h
and replaces those calls with the new bus independent functions.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:01 +02:00
Declan Doherty
f2f020d210 cryptodev: break dependency on virtual device bus
Removes any dependency of librte_cryptodev on the virtual device
infrastructure code and removes the functions which were virtual
device specific.

Updates all virtual PMDs to remove dependencies on rte_cryptodev_vdev.h
and replaces those calls with the new bus independent functions.

Due to these changes, the cryptodev ABI version gets bumped.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Tomasz Duszynski <tdu@semihalf.com>
2017-10-25 18:11:01 +02:00
Declan Doherty
9e6edea418 cryptodev: add APIs to assist PMD initialisation
Adds new PMD assist functions which are bus independent for driver to
create and destroy new device instances.

Also includes function to parse parameters which can be passed to
driver on device initialisation.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:01 +02:00
Pablo de Lara
0ef45a9ae8 crypto/qat: fix HMAC supported digest sizes
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
digest sizes are not a fixed value, but a range between
1 and the maximum digest size for those algorithms.

Fixes: 26c2e4ad5a ("cryptodev: add capabilities discovery")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
2017-10-25 18:11:01 +02:00
Jan Blunck
a51bb9d8b4 cryptodev: move user callback initialization
Signed-off-by: Jan Blunck <jblunck@infradead.org>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:01 +02:00
Jan Blunck
fc116fa14f cryptodev: remove obsolete vdev include
Signed-off-by: Jan Blunck <jblunck@infradead.org>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:01 +02:00
Pablo de Lara
f12a5b5b27 examples/l2fwd-crypto: fix physical address setting
For AEAD algorithms, the physical address for the digest
was being set incorrectly.

Fixes: 2661f4fbe9 ("examples/l2fwd-crypto: add AEAD parameters")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:01 +02:00
Aviad Yehezkel
2a41fb7c65 examples/ipsec-secgw: convert IV to big endian
According to rfc4106 the IV should be unique and can be implemented
as counter.
The changed was created because putting an analyzer on wire and
comparing packets generated by this application and Linux kernel.
Linux kernel sets IV as BE, so it is worth to do the same for
future debug / comparison.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
2017-10-25 18:11:01 +02:00
Aviad Yehezkel
4040126053 examples/ipsec-secgw: fix AAD length setting
Fixes: 501e9c226a ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Aviad Yehezkel
d00f38905c examples/ipsec-secgw: fix session creation
Search for session also with AEAD algorithms.

Fixes: 501e9c226a ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Aviad Yehezkel
15f81cbf65 examples/ipsec-secgw: fix crypto device mapping
AEAD algorithms were not being added in the mapping
between algorithms and crypto devices, only cipher and
authentication chained algorithms.

Fixes: 501e9c226a ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Alok Makhariya
a389434efc crypto/dpaa_sec: support out of place buffers
Enable out of place buffer test cases in dpaa_sec

Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2017-10-25 18:11:00 +02:00
Alok Makhariya
dbd0df5611 crypto/dpaa2_sec: support out of place buffers
Enable out of place buffer test cases in nxp dpaa2_sec

Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2017-10-25 18:11:00 +02:00
Radu Nicolau
bbabfe6e4e examples/ipsec_secgw: support jumbo frames
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Radu Nicolau
065179e483 examples/ipsec_secgw: switch to new offload API
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:11:00 +02:00
Tomasz Duszynski
b43a81319b examples/ipsec-secgw: fix IPv6 payload length
IPv6 payload length header field should contain only the number of bytes
following the IPv6 header and not the entire packet size.

Fixes: f159e70b09 ("examples/ipsec-secgw: support transport mode")
Fixes: 906257e965 ("examples/ipsec-secgw: support IPv6")
Cc: stable@dpdk.org

Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-10-25 18:10:42 +02:00
Ian Stokes
812f48370f cryptodev: fix build with -Ofast
When compiling with an application that includes rte_cryptodev.h with
Ofast, an error is reported regarding enumeration
RTE_CRYPTO_OP_TYPE_UNDEFINED not handled in switch case in function
 __rte_crypto_op_reset().

Fix this by adding a case for RTE_CRYPTO_OP_TYPE_UNDEFINED.

Fixes: c0f87eb525 ("cryptodev: change burst API to be crypto op oriented")
Cc: stable@dpdk.org

Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:10:40 +02:00
Tomasz Duszynski
cdea34452b crypto/mrvl: update copyright holders
Add Marvell International Ltd. to the copyright holders.

Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
2017-10-25 18:10:40 +02:00
Zhiyong Yang
e2cdfbd07c examples/l2fwd-crypto: fix port id type
Fix port id issues and keep variables related to port ids in
consistent data type definition "uint16_t".

Remove unnecessary cast in the meanwhile.

Fixes: f8244c6399 ("ethdev: increase port id range")

Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-10-25 18:10:40 +02:00
Radu Nicolau
44aafbc902 maintainers: update for IPsec application
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-10-25 18:10:40 +02:00
Tomasz Duszynski
5f4a38008d crypto/mrvl: print message if DMA mem is initialized
In case MUSDK dma memory has been already initialized by a different
driver (and perhaps do the different size) mv_sys_dma_mem_init()
will return -EEXIST error code.

Printing extra message makes it clear.

Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
2017-10-25 18:10:40 +02:00
Tomasz Duszynski
4816fb37ce crypto/mrvl: fix enabling debug logs
Using non-existent configuration option for enabling debug
messages will actually never enable them.

Fixes: 8a61c83af2 ("crypto/mrvl: add mrvl crypto driver")

Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
2017-10-25 18:10:40 +02:00
Tomasz Duszynski
238fba5b97 crypto/mrvl: fix driver name in debug log
Since CRYPTODEV_NAME_MRVL_CRYPTO_PMD is undefined RTE_STR() expands
it to "CRYPTODEV_NAME_MRVL_CRYPTO_PMD" instead of "crypto_mrvl".

This patch fixes that by using proper name definition in debug logs.

Fixes: 8a61c83af2 ("crypto/mrvl: add mrvl crypto driver")

Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
2017-10-25 18:10:40 +02:00
Tomasz Duszynski
3417350e7f examples/ipsec-secgw: fix IP version check
Since new_ip and ip4 are overlapping buffers copying ip4 over new_ip
using memmove() might overwrite memory at ip4. This could happen if
following condition holds:

ip_hdr_len > sizeof(struct esp_hdr) + sa->iv_len

Thus using ip4 to check ip version is wrong as it might not contain
proper value.

Fixes: f159e70b09 ("examples/ipsec-secgw: support transport mode")
Cc: stable@dpdk.org

Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Reviewed-by: Aviad Yehezkel <aviadye@mellanox.com>
2017-10-25 18:10:32 +02:00
Alok Makhariya
9b0b95a48c crypto/dpaa2_sec: add check for segmented buffer
The code would crash for segmented buffer if no check.

Fixes: 8d1f3a5d75 ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org

Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2017-10-25 18:10:15 +02:00
Alok Makhariya
cf6f70eea4 crypto/dpaa_sec: add check for segmented buffer
The code would crash in case of segmented buffer if no check

Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")

Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2017-10-25 18:10:15 +02:00
Alok Makhariya
6d93f7cff0 crypto/dpaa2_sec: remove ICV memset on decryption side
Since the packet lengths are modified, it is not required to
explicitly reset the ICV.

Fixes: 13273250ee ("crypto/dpaa2_sec: support AES-GCM and CTR")
Fixes: 8d1f3a5d75 ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org

Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2017-10-25 18:10:02 +02:00
Alok Makhariya
74658bda33 crypto/dpaa_sec: remove ICV memset on decryption side
Since the packet lengths are modified, it is not required to
explicitly reset the ICV.

Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")

Signed-off-by: Alok Makhariya <alok.makhariya@nxp.com>
2017-10-25 18:09:26 +02:00
Thomas Monjalon
91230d0cff test: fix build without flow classify
The unit test for flow classify should be disabled
if the library is disabled in the configuration.

Fixes: 9c9befea4f ("test: add flow classify unit tests")

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bernard Iremonger <bernard.iremonger@intel.com>
2017-10-26 00:37:50 +02:00
Thomas Monjalon
a266b3133d doc: remove trailing commas in API index
Fixes: c711ccb309 ("ivshmem: remove library and its EAL integration")
Fixes: e8009a077d ("doc: group classification libraries in doxygen index")

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: John McNamara <john.mcnamara@intel.com>
2017-10-26 00:00:01 +02:00
Harry van Haaren
b17b952ec3 service: allow to disable core check
This commit adds a new function to disable the runtime mapped
service-cores check. This allows an application to take responsibility
of running unmapped services.

This feature is useful in cases like unit tests, where the application
code (or unit test in this case) requires accurate control over when
the service function is called to ensure correct behaviour, and when
an application has an advanced use-case and wishes to manage services
manually.

Signed-off-by: Harry van Haaren <harry.van.haaren@intel.com>
Acked-by: Pavan Nikhilesh <pbhagavatula@caviumnetworks.com>
2017-10-25 17:05:38 +02:00
Harry van Haaren
e9139a32f6 service: add function to run on app lcore
This commit adds a new function which allows an application lcore
(aka; *not* a dedicated service-lcore) to run a service. This
function is required to allow applications to gradually port
functionality to using services, while still being able to run
ordinary application functions.

This requirement became clear when a patch to the existing
eventdev/pipeline sample app was modified to use a service-core
for scheduling - and that same core should be capable of running
the "worker()" function from the application too.

This patch refactors the existing running code into a smaller
"service_run" function, which can be called by the dedicated
service-core loop, and the newly added function.

[1] http://dpdk.org/ml/archives/dev/2017-October/079876.html

Signed-off-by: Harry van Haaren <harry.van.haaren@intel.com>
Acked-by: Pavan Nikhilesh <pbhagavatula@caviumnetworks.com>
2017-10-25 17:04:52 +02:00
Pavan Nikhilesh
45a914c5bd event/octeontx: support event Rx adapter
Add Rx adapter queue add and delete API for both generic eth_devices as
well as HW backed eth_octeontx which supports direct event injection to
event device.
The HW injected event needs to be converted into mbuf, previously this
was done in eth_octeontx during rx_burst now it is moved to
event_octeontx as events from Rx adapter are dequeued directly from
event device.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@caviumnetworks.com>
Reviewed-by: Nikhil Rao <nikhil.rao@intel.com>
2017-10-25 14:03:43 +02:00
Pavan Nikhilesh
d0d6549860 net/octeontx: support event Rx adapter
Add functions to modify and delete qos responsible for mapping eth queues
to event queues used for configuring event Rx adapter.
The mbox functions have been moved from octeontx_pkivf.c to
octeontx_pkivf.h to allow event_octeontx to access them.

Signed-off-by: Pavan Nikhilesh <pbhagavatula@caviumnetworks.com>
2017-10-25 14:03:43 +02:00
Nipun Gupta
49ccbfb634 event/dpaa2: improve error handling and logs
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2017-10-25 14:03:43 +02:00
Nipun Gupta
120843bda5 event/dpaa2: support event Rx adapter
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Reviewed-by: Nikhil Rao <nikhil.rao@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2017-10-25 14:03:43 +02:00
Nipun Gupta
18fe5c1cf5 drivers: add net as dependency for event drivers
With the introduction of eventdev-ethdev RX adapter support in event
device, some of the event device will have dependency on their respective
ethernet drivers. This patch adds the net as a dependency for eventdevs.

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
2017-10-25 14:03:43 +02:00
Nipun Gupta
b677d4c6d2 net/dpaa2: add API for event Rx adapter
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2017-10-25 14:03:43 +02:00