Commit Graph

29941 Commits

Author SHA1 Message Date
Ivan Ilchenko
993040daca net/sfc: fix cleanup order of SW stats
Fix cleanup order of SW stats structures to be reversed
to initialization order.

Fixes: fdd7719eb3 ("net/sfc: add xstats for Rx/Tx doorbells")
Cc: stable@dpdk.org

Signed-off-by: Ivan Ilchenko <ivan.ilchenko@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
2021-10-11 18:35:57 +02:00
Ivan Ilchenko
e00c3a0c1b net/sfc: rename SW stats structures
Delete 'x' in:
    1. per-adapter 'struct sfc_sw_xstats' with corresponding
       field 'sw_xstats'.
    2. 'struct sfc_sw_xstat_descr' and callback prototype
       'sfc_get_sw_xstat_val_t' with its implementations.

The 'x' stands for 'extended' in RTE but from sfc point of
view these are just SW stats.

Signed-off-by: Ivan Ilchenko <ivan.ilchenko@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
2021-10-11 18:35:57 +02:00
Ivan Ilchenko
a7bc71d113 net/sfc: rename accumulative SW stats to total
This is a better word used in RTE docs.

Signed-off-by: Ivan Ilchenko <ivan.ilchenko@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
2021-10-11 18:35:57 +02:00
Ivan Ilchenko
f024333949 net/sfc: rename array of SW stats descriptions
Rename global array of SW stats descriptions declared as
'struct sfc_sw_xstat_descr sfc_sw_xstats[]' to
'sfc_sw_stats_descr[]' to avoid ambiguity since there is
structure declared as 'struct sfc_sw_xstats'.

Signed-off-by: Ivan Ilchenko <ivan.ilchenko@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
2021-10-11 18:35:57 +02:00
Ferruh Yigit
7a4edfd7bb net/ena: remove useless address check
Reported by "gcc (GCC) 12.0.0 20211003 (experimental)":

./drivers/net/ena/ena_rss.c: In function ‘ena_rss_reta_query’:
./drivers/net/ena/ena_rss.c:140:66:
	error: the comparison will always evaluate as ‘false’ for the
	pointer operand in ‘reta_conf + 136’ must not be NULL
	[-Werror=address]
  140 |  (reta_size > RTE_RETA_GROUP_SIZE && ((reta_conf + 1) == NULL)))
      |                                                       ^~

Fixing it by removing useless check.

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Michal Krawczyk <mk@semihalf.com>
2021-10-11 17:47:31 +02:00
Chengchang Tang
efcaa81e0b net/hns3: remove similar macro function definitions
For different capabilities, we declare different macro functions to
determine whether the capabilities are supported.

This patch declare a unified macro function to judge capabilities.

Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-10-11 17:40:38 +02:00
Huisong Li
c1ba6c325c app/testpmd: retain all original dev conf when config DCB
When configuring DCB, testpmd retains the rx_mode/tx_mode configuration in
rte_port->dev_conf. But some configurations, such as the link_speed, were
not saved if they were set before configuring DCB.

Fixes: 1a572499be ("app/testpmd: setup DCB forwarding based on traffic class")
Cc: stable@dpdk.org

Signed-off-by: Huisong Li <lihuisong@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
Acked-by: Xiaoyun Li <xiaoyun.li@intel.com>
2021-10-11 17:26:30 +02:00
Andrew Rybchenko
6c31a8c20a ethdev: remove legacy Rx descriptor done API
rte_eth_rx_descriptor_status() should be used as a replacement.

Signed-off-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2021-10-11 16:44:57 +02:00
Chengchang Tang
1dc6665d36 app/testpmd: add command to show LACP bonding info
Add a new cmdline to help diagnostic the bonding mode 4 in testpmd.

Show the lacp information about the bonded device and its slaves:
show bonding lacp info <bonded device port_id>

Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
Acked-by: Xiaoyun Li <xiaoyun.li@intel.com>
2021-10-11 15:37:53 +02:00
Chengchang Tang
6b1a001ec5 net/bonding: fix RSS key length
Currently the hash_key_size information has not been set. So, apps can
not get the key size from dev_info(), this make some problem.

e.g, in testpmd, the hash_key_size will be checked before configure
or get the hash key:
testpmd> show port 4 rss-hash
dev_info did not provide a valid hash key size
testpmd> show port 4 rss-hash key
dev_info did not provide a valid hash key size
testpmd> port config 4 rss-hash-key ipv4 (hash key)
dev_info did not provide a valid hash key size

In this patch, the meaning of rss_key_len has been modified. It only
indicated the length of the configured hash key before. Therefore,
its value depends on the user's configuration. This seems unreasonable.
And now, it indicates the minimum hash key length required by the
bonded device. Its value will be the shortest hash key among all slave
drivers.

Fixes: 734ce47f71 ("bonding: support RSS dynamic configuration")
Cc: stable@dpdk.org

Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-10-08 19:23:32 +02:00
Chengchang Tang
b8cfca26ae net/bonding: fix dedicated queue mode in vector burst
If the vector burst mode is selected, the dedicated queue mode will not
take effect on some PMDs because these PMDs may have some limitations
in vector burst mode. For example, the limit on burst size. Currently,
both hns3 and intel I40E require four alignments when receiving packets
in vector mode. As a result, they can't accept packets if burst size
below four. However, in dedicated queue mode, the burst size of periodic
packets processing is one.

This patch fixes the above problem by modifying the burst size to 32.
This approach also makes the packet processing of the dedicated queue
mode more reasonable. Currently, if multiple LACP protocol packets are
received in the hardware queue in a cycle, only one LACP packet will be
processed in this cycle, and the left packets will be processed in the
following cycle. After the modification, all the LACP packets will be
processed at one time, which seems more reasonable and closer to the
behavior of the bonding driver when the dedicated queue is not turned on.

Fixes: 112891cd27 ("net/bonding: add dedicated HW queues for LACP control")
Cc: stable@dpdk.org

Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
2021-10-08 19:23:19 +02:00
Alvin Zhang
02220e5305 app/testpmd: fix txonly forwarding
When random number of Tx segments is enabled, because the actual
number of segments may be only one, the first segment of the Tx
packets must accommodate a complete being sending Eth/IP/UDP packet.

Besides, if multiple flow is enabled, the forwarding will update
the IP and UDP header, these headers shouldn't cross segments.
This also requires the first Tx segment can accommodate a complete
Eth/IP/UDP packet.

In addition, if time stamp is enabled, the forwarding needs more
Tx segment space for time stamp information.

This patch adds checks in beginning of forward engine to make sure
all above conditions are met.

Bugzilla ID: 797
Fixes: 79bec05b32 ("app/testpmd: add ability to split outgoing packets")
Cc: stable@dpdk.org

Signed-off-by: Alvin Zhang <alvinx.zhang@intel.com>
Acked-by: Xiaoyun Li <xiaoyun.li@intel.com>
2021-10-08 18:57:48 +02:00
Alvin Zhang
a78040c990 app/testpmd: update forward engine beginning
For each forward engine, there may be some special conditions
must be met before the forwarding runs.

Adding checks for these conditions in configuring is not suitable,
because one condition may rely on multiple configurations, and the
conditions required by each forward engine is not general.

The best solution is each forward engine has a callback to check
whether these conditions are met, and then testpmd can call the
callback to determine whether the forwarding can be started.

There was a void callback 'port_fwd_begin' in forward engine,
it did some initialization for forwarding, this patch updates its
return value then we can add some checks in it to confirm whether
the forwarding can be started. In addition, this patch calls the
callback before the forwarding stats is reset and then launches the
forwarding engine.

Bugzilla ID: 797
Cc: stable@dpdk.org

Signed-off-by: Alvin Zhang <alvinx.zhang@intel.com>
Acked-by: Xiaoyun Li <xiaoyun.li@intel.com>
2021-10-08 18:57:48 +02:00
Ciara Loftus
0668d82908 net/af_xdp: disable secondary process support
Since the AF_XDP PMD does not work for secondary processes as reported
in Bugzilla 805, check for the process type at the beginning of probe
and return ENOTSUP if the process type is secondary.

It is planned that secondary processes will be supported by the PMD in
full in a future release by using rte_mp_msg to pass the state to the
secondary process that it requires in order to work.

Bugzilla ID: 805
Fixes: f1debd77ef ("net/af_xdp: introduce AF_XDP PMD")
Cc: stable@dpdk.org

Reported-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
2021-10-08 13:06:55 +02:00
Konstantin Ananyev
3ac2dffae8 test/bpf: fix undefined behavior with clang
test_shift1_check() function fails with clang build.
The reason for that is that clang uses 64-bit shift instruction for
what expected to be 32-bit operation.
To be more specific, this C code:
r2 = (uint32_t)r2 >> r4;
With clang produces:
41a4eb:       48 d3 ef                shr    %cl,%rdi
In that particular case it is an allowed choice, as from one side
left-operand value is known to fit into 32 bits, from other side
according to 'C' standard:
"...if the value of the right operand is negative or is greater than
or equal to the width of the promoted left operand, the behavior is
undefined."
The problem is that on x86 behavior for 64-bit and 32-bit shift
operation might differ.
The fix avoids undefined behavior by making sure
that right operand will not exceed width of the promoted left operand.

Bugzilla ID: 811
Fixes: 9f8f9d91a7 ("test/bpf: introduce functional test")
Cc: stable@dpdk.org

Reported-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
2021-10-20 21:07:47 +02:00
Akhil Goyal
28dde5da50 app/crypto-perf: support lookaside IPsec
Added support for lookaside IPsec protocol offload.
Supported cases:
-AEAD
-Cipher+auth

Command used for testing:
./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest
throughput --optype ipsec --cipher-algo aes-cbc --pool-sz 16384
--cipher-op encrypt --cipher-key-sz 16 --cipher-iv-sz 16 --auth-algo
sha1-hmac --auth-op generate --digest-sz 16 --total-ops 10000000
--burst-sz 32 --buffer-sz 64,128,256,512,1024,1280,2048

./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest
throughput --optype ipsec --aead-algo aes-gcm --pool-sz 16384
--aead-op encrypt --aead-key-sz 32 --aead-iv-sz 12 --aead-aad-sz 16
--digest-sz 16 --total-ops 10000000 --burst-sz 32
--buffer-sz 64,128,256,512,1024,1280,2048

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
2021-10-18 20:12:19 +02:00
Akhil Goyal
fb545457ed security: add reserved bit fields
In struct rte_security_ipsec_sa_options, for every new option
added, there is an ABI breakage, to avoid, a reserved_opts
bitfield is added to for the remaining bits available in the
structure.
Now for every new sa option, these reserved_opts can be reduced
and new option can be added.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
2021-10-18 20:12:19 +02:00
Akhil Goyal
3867ed0280 security: hide internal API
rte_security_dynfield_register() is an internal
API to be used by the driver, hence moving it to internal.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
2021-10-18 20:12:19 +02:00
Nipun Gupta
441ac2e07b app/bbdev: handle endianness of test data
With data input, output and harq also supported in big
endian format, this patch updates the testbbdev application
to handle the endianness conversion as directed by the
the driver being used.

The test vectors assumes the data in the little endian order, and
thus if the driver supports big endian data processing, conversion
from little endian to big is handled by the testbbdev application.

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
2021-10-18 20:12:15 +02:00
Hemant Agrawal
2b504721bf app/bbdev: enable la12xx
Enabled NXP la12xx bbdev driver in test bbdev app
for unit testing.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
2021-10-18 20:12:11 +02:00
Hemant Agrawal
b73d2f34b7 baseband/la12xx: support enqueue and dequeue
Add support for enqueue and dequeue the LDPC enc/dec
from the modem device.

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
2021-10-18 20:12:08 +02:00
Hemant Agrawal
24d0ba2254 baseband/la12xx: add queue and modem config
This patch add support for connecting with modem
and creating the ipc channel as queues with modem
for the exchange of data.

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
2021-10-18 20:12:04 +02:00
Hemant Agrawal
915cdc075d baseband/la12xx: support multiple modems
This patch add support for multiple modems by assigning
a modem id as dev args in vdev creation.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
2021-10-18 20:12:00 +02:00
Hemant Agrawal
ee36ba0f30 baseband/la12xx: add devargs option for max queues
This patch adds dev args to take  max queues as input

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
2021-10-18 20:11:56 +02:00
Nipun Gupta
f218a1f920 baseband/la12xx: introduce NXP LA12xx driver
This patch introduce the baseband device drivers for NXP's
LA1200 series software defined baseband modem.

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
2021-10-18 20:11:23 +02:00
Nicolas Chautru
ab4e19097b bbdev: add device info for data endianness
Added device information to capture explicitly the assumption
of the input/output data byte endianness being processed.

Signed-off-by: Nicolas Chautru <nicolas.chautru@intel.com>
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-18 20:11:16 +02:00
Hemant Agrawal
a16cbb9838 test/crypto: add raw API support in 5G algos
This patch add support for RAW API testing with ZUC
and SNOW test cases.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Hemant Agrawal
cd8166c28c test/crypto: add raw API test for dpaax
This patch add support for raw API tests for
dpaa_sec and dpaa2_sec platforms.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
fe6a8ee275 crypto/dpaa_sec: support AEAD and proto with raw API
This add support for AEAD and proto offload with raw APIs
for dpaa_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
78156d38e1 crypto/dpaa_sec: support authonly and chain with raw API
This patch improves the raw vector support in dpaa_sec driver
for authonly and chain usecase.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
9d5f73c2d2 crypto/dpaa_sec: support raw datapath API
This patch add raw vector API framework for dpaa_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
3da64325d6 crypto/dpaa2_sec: enhance error checks with raw buffer API
This patch improves error conditions and support of
Wireless algos with raw buffers.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
6bb2ce7344 crypto/dpaa2_sec: support OOP with raw buffer API
add support for out of order processing with raw vector APIs.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
f393cd8e85 crypto/dpaa2_sec: support AEAD with raw buffer API
add raw vector API support for AEAD algos.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
aa6ec1fd84 crypto/dpaa2_sec: support authenc with raw buffer API
This patch supports AUTHENC with raw buufer APIs

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
d9d36d6ff5 crypto/dpaa2_sec: support auth only with raw buffer API
Auth only with raw buffer APIs has been supported in this patch.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
4a81d34a03 crypto/dpaa2_sec: support raw datapath API
This path add framework for raw API support.
The initial patch only test cipher only part.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Gagandeep Singh
8edcb68fd0 cryptodev: fix multi-segment raw vector processing
If no next segment available the “for” loop will fail and it still
returns i+1 i.e. 2, which is wrong as it has filled only 1 buffer.

Fixes: 7adf992fb9 ("cryptodev: introduce CPU crypto API")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 19:32:13 +02:00
Hemant Agrawal
68f5d3d320 cryptodev: add field for out-of-place in raw vector
The structure rte_crypto_sym_vec is updated to
add dest_sgl to support out of place processing.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2021-10-17 19:32:01 +02:00
Gagandeep Singh
6afd461f9f cryptodev: add total raw buffer length
The current crypto raw data vectors is extended to support
rte_security usecases, where we need total data length to know
how much additional memory space is available in buffer other
than data length so that driver/HW can write expanded size
data after encryption.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2021-10-17 19:32:01 +02:00
Hemant Agrawal
10488d59ae cryptodev: rename field in vector struct
This patch renames the sgl to src_sgl in struct rte_crypto_sym_vec
to help differentiating between source and destination sgl.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2021-10-17 19:31:15 +02:00
Radu Nicolau
ef7629ae8d doc: remove unneeded security structs extension notice
The new fields regarding TSO support were not implemented following
feedback, it was decided to implement TSO support by using existing
mbuf fields.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 14:13:40 +02:00
Radu Nicolau
0082a0e1b9 doc: remove unneeded IPsec new field notice
The deprecation notice regarding extending rte_ipsec_sa_prm with a
new field hdr_l3_len is no longer applicable.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 14:12:50 +02:00
Radu Nicolau
2ed40da848 ipsec: support setting initial ESN value
Update IPsec library to support initial ESN value.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 14:11:59 +02:00
Radu Nicolau
68977baa75 ipsec: support SA telemetry
Add telemetry support for ipsec SAs.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 14:08:03 +02:00
Radu Nicolau
64df4712ce mbuf: add IPsec ESP tunnel type
Add ESP tunnel type to the tunnel types list that can be specified
for TSO or checksum on the inner part of tunnel packets.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
2021-10-17 14:07:03 +02:00
Radu Nicolau
01eef5907f ipsec: support NAT-T
Add support for the IPsec NAT-Traversal use case for Tunnel mode
packets.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 14:06:24 +02:00
Radu Nicolau
17344c0278 security: add UDP parameters for IPsec NAT-T
Add support for specifying UDP port params for UDP encapsulation option.
RFC3948 section-2.1 does not enforce using specific the UDP ports for
UDP-Encapsulated ESP Header

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 14:03:43 +02:00
Radu Nicolau
c99d26197c ipsec: support more AEAD algorithms
Added support for AES_CCM, CHACHA20_POLY1305 and AES_GMAC.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 14:03:13 +02:00
Radu Nicolau
199fcba1bd security: add ESN field to IPsec xform
Update ipsec_xform definition to include ESN field.
This allows the application to control the ESN starting value.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-17 13:08:35 +02:00