Context memory is allocated from mempool. Ideally
it will get all memory from single segment, so simple offset
calculation is used for address conversion for such addresses
from context memory.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Previously, ipsec-secgw application did not give user the
flexibility to decide which crypto device(s) will be used.
In this patch, a new cryptodev_mask option is added to the
application. Same as portmask, the cryptodev_mask avails the
user to mask out the unwanted crypto devices in the system.
This patch is similar to the support added in l2fwd-crypto
(d2797f51cc63: examples/l2fwd-crypto: add cryptodev mask option)
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Adding support for inline protocol processing
In ingress side, application will receive regular IP packets, without
any IPsec related info. Application will do a selector check (SP-SA
check) by making use of the metadata from the packet. The
device-specific metadata in mbuf would aid in determing the security
session which processed the packet.
In egress side, the plain packet would be submitted to the driver. The
packet will have optional metadata, which could be used to identify the
security session associated with the packet.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
In case of inline protocol processed ingress traffic, the packet may not
have enough information to determine the security parameters with which
the packet was processed. In such cases, application could get metadata
from the packet which could be used to identify the security parameters
with which the packet was processed.
Application could register "userdata" with the security session, and
this could be retrieved from the metadata of inline processed packets.
The metadata returned by "rte_security_get_pkt_metadata()" will be
device specific. Also the driver is expected to return the application
registered "userdata" as is, without any modifications.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for IMIX performance tests, where a distribution
of various packet sizes can be submitted to a crypto
device, testing a closer to a real world scenario.
A sequence of packet sizes, selected randomly from a list of packet
sizes (with "buffer-sz" parameter) with a list of the weights
per packet size (using "imix" parameter), is generated
(the length of this sequence is the same length as the pool,
set with "pool-sz" parameter).
This sequence is used repeteadly for all the crypto
operations submitted to the crypto device (with "--total-ops" parameter).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
qp_detach_session function was using the attach_session_t
function prototype, instead of detach_session_t.
Since both of them have the same parameters, there were
no compilation issues, but it is not consistent.
Fixes: d816fdea557c ("cryptodev: add API to associate session with queue pair")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
CPU flag AVX512 was added in a previous release,
but it was not added in the list of strings.
Fixes: 84d796586604 ("crypto/aesni_mb: support AVX512")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
enum should be initialized with 1 so that unitialized(memset)
memory may not be treated as a valid enum value.
Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
/x86_64-native-linuxapp-gcc/include/rte_security.h:229:8:
error: struct has no members [-Werror=pedantic]
struct rte_security_macsec_xform {
^~~~~~~~~~~~~~~~~~~~~~~~~
/x86_64-native-linuxapp-gcc/include/rte_security.h:453:3:
error: struct has no members [-Werror=pedantic]
struct {
^~~~~~
Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
/x86_64-native-linuxapp-gcc/include/rte_crypto.h:126:28:
error: ISO C forbids zero-size array ‘sym’ [-Werror=pedantic]
struct rte_crypto_sym_op sym[0];
^~~
Zero-size array is an extension to the language it cannot be replaced by a
empty size array i.e. [] because structure is inside a union.
Fixes: d2a4223c4c6d ("cryptodev: do not store pointer to op specific params")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Device operation pointers should be constant to avoid any modification
while it is in use.
Fixes: c261d1431bd8 ("security: introduce security API and framework")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
IPSec Multi-buffer library v0.48 has been released,
which includes, among other features, support for AES-CCM.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
When security offload is enabled, the packet should be forwarded on the
port configured in the SA. Security session will be configured on that
port only, and sending the packet on other ports could result in
unencrypted packets being sent out.
This would have performance improvements too, as the per packet LPM
lookup would be avoided for IPsec packets, in inline mode.
Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload")
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
time() is defined in time.h
Fixes: ffbe3be0d4 ("app/test: add libcrypto")
Cc: stable@dpdk.org
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
List of supported OpenSSL versions and code block with dependencies were
not properly formatted.
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Andrea Grandi <andrea.grandi@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add a missing space must before the first item of the list to display it
correctly in the User Guide.
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Fixes: b79e4c00af0e ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
Cc: stable@dpdk.org
Signed-off-by: Andrea Grandi <andrea.grandi@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
A warning is issued when using an argument to likely() or unlikely()
builtins which is evaluated to a pointer value, as __builtin_expect()
expects a 'long int' type for its first argument. With this fix
a pointer value is converted to an integer with the value of 0 or 1.
Signed-off-by: Aleksey Baulin <aleksey.baulin@gmail.com>
This patch provides an option to do rte_memcpy() using 'restrict'
qualifier, which can induce GCC to do optimizations by using more
efficient instructions, providing some performance gain over memcpy()
on some ARM64 platforms/enviroments.
The memory copy performance differs between different ARM64
platforms. And a more recent glibc (e.g. 2.23 or later)
can provide a better memcpy() performance compared to old glibc
versions. It's always suggested to use a more recent glibc if
possible, from which the entire system can get benefit. If for some
reason an old glibc has to be used, this patch is provided for an
alternative.
This implementation can improve memory copy on some ARM64
platforms, when an old glibc (e.g. 2.19, 2.17...) is being used.
It is disabled by default and needs "RTE_ARCH_ARM64_MEMCPY"
defined to activate. It's not always proving better performance
than memcpy() so users need to run DPDK unit test
"memcpy_perf_autotest" and customize parameters in "customization
section" in rte_memcpy_64.h for best performance.
Compiler version will also impact the rte_memcpy() performance.
It's observed on some platforms and with the same code, GCC 7.2.0
compiled binary can provide better performance than GCC 4.8.5. It's
suggested to use GCC 5.4.0 or later.
Signed-off-by: Herbert Guan <herbert.guan@arm.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Intel VT-d supports different address widths for the IOVAs, from
39 bits to 56 bits.
While recent processors support at least 48 bits, VT-d emulation
currently only supports 39 bits. It makes DMA mapping to fail in this
case when using VA as IOVA mode, as user-space virtual addresses uses
up to 47 bits (see kernel's Documentation/x86/x86_64/mm.txt).
This patch parses VT-d CAP register value available in sysfs, and
forbid VA as IOVA mode if the GAW is 39 bits or unknown.
Fixes: f37dfab21c98 ("drivers/net: enable IOVA mode for Intel PMDs")
Cc: stable@dpdk.org
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Tested-by: Chas Williams <chas3@att.com>
Kernels v4.4 and earlier does have vfio, but not
the noiommu mode, so the file does not exist.
Check and report errors on open/read in noiommu check.
Signed-off-by: Jonas Pfefferle <jpf@zurich.ibm.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Compile-time function selection can potentially lead to
lower performance on generic builds done by distros.
Replaced compile time flag checks with run-time function
selection.
Signed-off-by: Elza Mathew <elza.mathew@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Compile-time function selection can potentially lead to
lower performance on generic builds done by distros.
Replaced compile time flag checks with run-time function
selection.
Signed-off-by: Elza Mathew <elza.mathew@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
In the info get API we were returning number of event
ports as MAX number of LCORE's. After this change actual
number of event ports (i.e. number of DPIO's) is provided
in the info get API.
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Given ethernet Rx queues can be attached with event queue in
parallel or atomic mode. Patch imlmplements Rx queue
configuration, attachment/detachment with given event queue and their
corresponding callbacks to handle events from respective queues.
Signed-off-by: Sunil Kumar Kori <sunil.kori@nxp.com>
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
To receive events from given event port, corresponding
function needs to be added which receives events
from portal. Also added function to consume received
events based on entry index.
Signed-off-by: Sunil Kumar Kori <sunil.kori@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
With the current QBMAN multi-tx API, we need to create separate
enqueue descriptors for each of the packet which is required to
be enqueued to the hardware, once we support Atomic Queues
(with DCA) in dpaa2 drivers. Creating enqueue descriptor for
each packet is costly and have significant performance impact.
This patch introduces a flag parameter in the QBMAN multi-tx API,
so that DCA configuration (and later on ORP/ODP for ordered queues)
can be passed using flags and be updated in the EQCR using this flag.
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch provides cleaner approach to store the DQRR entries,
which are yet to be consumed in case of atomic queues.
Also, this patch changes the storage of the DQRR entry index
into the mbuf->seqn instead of ev->opaque
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
A new API qbman_swp_dqrr_idx_consume is defined which takes
input as DQRR index to consume corresponding DQRR entry.
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
This is a pipeline test case that aims at testing the following with
``all types queue`` eventdev scheme.
1. Measure the end-to-end performance of an event dev with a ethernet dev.
2. Maintain packet ordering from Rx to Tx.
The atq queue test functions as same as ``pipeline_queue`` test.
The difference is, It uses, ``all type queue scheme`` instead of separate
queues for each stage and thus reduces the number of queues required to
realize the use case.
Note: The --prod_type_ethdev is mandatory for running the application.
Example command to run pipeline atq test:
sudo build/app/dpdk-test-eventdev -c 0xf -s 0x8 --vdev=event_sw0 -- \
--test=pipeline_atq --wlcore=1 --prod_type_ethdev --stlist=ao
Signed-off-by: Pavan Nikhilesh <pbhagavatula@caviumnetworks.com>
Acked-by: Harry van Haaren <harry.van.haaren@intel.com>
