IV was positioned differently in authentication
transform structure, compared to the other two
transforms (cipher and AEAD).
To keep consistency, digest length is moved to
the end of the transform.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Additional Authenticated Data (AAD) is called "aad" in most
places of cryptodev, but it was called "add_auth_data"
in the AEAD transform transform (aead_xform).
This field is renamed to "aad_length" in order to keep
consistency.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Crypto keys and digests are not expected
to be big, so using a uint16_t to store
their lengths should be enough.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Older generations of QuickAssist hardware
may not support all algorithms supported by newer
generations. When sessions were specific to the device
this only needed to be handled on session creation.
With device-agnostic sessions, a session created
for a newer device may get routed to an older device which
can't support it.
This patch adds an enum to define QAT device generations
and uses this to detect and handle the above case on the
data path.
It also renames the capabilities structures and #defines
to match the generation names and adds the generation
to the device table in the documentation.
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
In the unlikely scenario that an application
calls rte_cryptodev_dequeue_burst with nb_ops = 0,
there was a job leak, as a job would be created
but would not be populated, as no operation is passed.
Fixes: 0f548b50a1 ("crypto/aesni_mb: process crypto op on dequeue")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
For KASUMI F9 algorithm, COUNT, FRESH and DIRECTION
input values need to be contiguous with
the message, as described in the KASUMI and QAT PMD
documentation.
Before, the COUNT and FRESH values were set
as part of the AAD (now IV), but always set before
the beginning of the message.
Since now the IV is set after the crypto operation,
it is not possible to have these values in the
expected location.
Therefore, as these are required to be contiguous,
cryptodev API will expect these them to be passed
as a single buffer, already constructed, so
authentication IV parameters not needed anymore.
Fixes: 681f540da5 ("cryptodev: do not use AAD in wireless algorithms")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
SNOW3G and KASUMI SW libraries encrypt buffers
assuming that they are padded to a specific block size.
This behaviour can be changed to avoid buffer overflow,
by modifying the Makefile of these libraries.
Therefore, the Installation section in the SNOW3G and
KASUMI documentation has been extended, to document
this case.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
For KASUMI, SNOW3G and ZUC algorithms, offsets and lengths
of the data to cipher or authenticate is provided in bits,
but QAT does not support non-byte aligned values,
although only KASUMI and SNOW3G were mentioned.
Fixes: d9b7d5bbc8 ("crypto/qat: add ZUC EEA3/EIA3 capability")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
AESNI MB PMD supports sessionless operations,
but the documentation was stating that only
operations with session were supported.
Fixes: 924e84f873 ("aesni_mb: add driver for multi buffer based crypto")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
QAT supports authentication only operations,
for any authentication algorithm (such as SHA1-HMAC),
as long as it is supported by QAT, so it means
that it is not necessary to create a chained operation
in order to use these algorithms.
Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")
CC: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
AESNI GCM PMD now supports 192-bit keys for AES-GCM,
so the supported algorithm table should be updated.
Fixes: 6f16aab09a ("crypto/aesni_gcm: migrate to Multi-buffer library")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Session was NULL as test_crypto_session not initialised.
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Signed-off-by: Srisivasubramanian S <ssrinivasan@caviumnetworks.com>
Authentication length and offset need to be set like for any other
authentication algorithms as it no longer uses aad pointer
Fixes: b79e4c00af ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Additional Authenticated Data (AAD) was removed from the
authentication parameters, but still the supported size
was part of the authentication capabilities of a PMD.
Fixes: 4428eda8bb ("cryptodev: remove AAD from authentication structure")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
When dequeueing operations from an AESNI-MB device,
crypto jobs are dequeued from the internal scheduler
in the Multi-buffer library.
If the number of jobs available to retrieve
are higher than the number of crypto operations
that are required, then an extra job is retrieved
(due to an incorrect conditional), but not used.
This leads to a job leak and the operation associated
to that job will not be ever dequeued.
Fixes: 0f548b50a1 ("crypto/aesni_mb: process crypto op on dequeue")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
crypto_armv8, crypto_scheduler and crypto_dpaa2_sec
are added in the documentation
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Comment for device name is corrected.
Also the name string is made similar to other pmds.
Fixes: a3277ad47f ("cryptodev: remove crypto device driver name")
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
dpseci is allocated using rte_calloc() but it is freed
using free(). Fixing it to use rte_free()
Fixes: e5cbdfc537 ("crypto/dpaa2_sec: add basic operations")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
To avoid a possible HW problem when dealing with
NULL authentication case, the state sizes
in the request descriptor are set.
Fixes: db0e952a5c ("crypto/qat: add NULL capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch fixes the incorrect index checking in parse_slave
function.
Fixes: 503e9c5afb ("crypto/scheduler: register as vdev driver")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Crypto driver names were changed in 16.11,
but some guides were still using the old ones
(which are still valid, only kept for compatibility
reasons).
To keep consistency and avoid confusion, all guides
should be using the same driver names.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Sample command lines for crypto scheduler were not correct,
due to:
- Typo in "crypto_scheduler" driver name
- Multiple virtual devices require having unique names,
driver name + a suffix, otherwise, just a single device is
created.
Fixes: d58a3f3125 ("crypto/scheduler: add documentation")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
This commit fixes the check to use the just reallocated
links_map variable, instead of stale dev->data->links_map.
Later the new variable is written to the dev->data->links_map,
so the stale-ness is only temporary.
Coverity issue: 143456
Fixes: 4f0804bbdf ("eventdev: implement the northbound APIs")
Signed-off-by: Harry van Haaren <harry.van.haaren@intel.com>
Reviewed-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Burst mode capability flag was introduced in 73e6b8c9 for event drivers.
DPAA2 event driver supports burst mode so this patch adds this capability
flag in DPAA2 event driver
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Reviewed-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
This patch add support for different aggregator modes in similar manner
that is provided in linux kernel.
testpmd> set bonding agg_mode <port_id> <agg_name>
testpmd> show bonding config <port_id>
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This patch add support for setting additional aggregator modes for
IEEE802.3AD in similar manner that are supported in kernel mode.
This will add support for other manner:
stable - default mode taken from IEEE802.11AX this is default
aggregator mode
bandwidth - takes aggregator with highest bandwidth
count - takes aggregator with biggest number of slaves
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
i40e VF close would stop the VF first, if VF already stopped this
result duplicate add/del MAC address which cause failure in executing
admin command.
Fix this by adding VF stop status check and sync up VF MAC address count
during add/del.
Fixes: d42aaf3000 ("i40e: support port hotplug")
Cc: stable@dpdk.org
Signed-off-by: Jeff Guo <jia.guo@intel.com>
Acked-by: Beilei Xing <beilei.xing@intel.com>
x550 devices don't map interrupt vector before enabling Rx/Tx queue
interrupt.
Because of this interrupt mode is not working for x550 devices.
Fixes: d2e72774e5 ("ixgbe/base: support X550")
Cc: stable@dpdk.org
Signed-off-by: Qiming Yang <qiming.yang@intel.com>
Acked-by: Wei Dai <wei.dai@intel.com>
Add queue index check when create filter rule, or
filter with invalid queue id can be created successfully.
Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
Listen to INTR_RMV events issued by slaves.
Add atomic flags on slave queues to detect use of slave bursts function.
If a removal is detected, set the recollection flag on this slave.
During a slave upkeep round, if its recollection flag is set and its
burst functions are not in use by any thread, remove that slave.
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Acked-by: Olga Shern <olgas@mellanox.com>
Add the "exec" device type.
The parameters given to this type of device will be executed in a shell.
The output of this command is then used as a definition for a device.
That command can be re-interpreted if the related device is not
plugged-in. It allows for a device definition to react to system
changes (e.g. changing PCI bus for a given device).
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Acked-by: Olga Shern <olgas@mellanox.com>
Periodically check for the existence of a device.
If a device has not been initialized and exists on the system, then it
is probed and configured.
The configuration process strives to synchronize the states between the
plugged-in sub-device and the fail-safe device.
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Acked-by: Olga Shern <olgas@mellanox.com>
Introduce the fail-safe poll mode driver initialization and enable its
build infrastructure.
This PMD allows for applications to benefit from true hot-plugging
support without having to implement it.
It intercepts and manages Ethernet device removal events issued by
slave PMDs and re-initializes them transparently when brought back.
It also allows defining a contingency to the removal of a device, by
designating a fail-over device that will take on transmitting operations
if the preferred device is removed.
Applications only see a fail-safe instance, without caring for
underlying activity ensuring their continued operations.
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Acked-by: Olga Shern <olgas@mellanox.com>
Make the rte_eth_dev_count() return the number of available devices even
after some are detached by the hotplug API or put in a deferred state.
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
This device state means that the device is managed externally, by
whichever party has set this state (PMD or application).
Note: this new device state is only an information. The related device
structure and operators are still valid and can be used normally.
It is however made private by device management helpers within ethdev,
making the device invisible to applications.
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
VF performance is limited by the kernel PCI extended tag setting.
Update the document to explain the known issue and the workaround.
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
The x550 family does not support ipv6-other flow as well as
ipv4-other flow, so add this limitation.
Fixes: 7d629caced ("net/ixgbe: enable IPv6 for consistent API")
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
82599ES can support SCTP packet drop action, but the
configuration is different from TCP or UDP packet, so
it need to rework some FDIR related code to adapt
drop action rule of SCTP packet.
Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
Previously SW workaround for GL_SWR_PRI_JOIN_MAP is added for X710
performance. As new FW version 6.0 supports ADQ,
value for GL_SWR_PRI_JOIN_MAP should be changed, otherwise
ehtertype filter will be impacted.
Fixes: 973273c7a4 ("i40e: workaround for X710 performance")
Cc: stable@dpdk.org
Signed-off-by: Beilei Xing <beilei.xing@intel.com>
Remove checks of Linux kernel version
in order to support kernel with backported features.
the expected behavior with a kernel that doesn't support flower
and other bits is the following:
-flow validate can return successfully
-flow create using the same rule fails.
Using the "remote" feature without kernel flower does not fail silently.
The TAP instance is not initialized if the requested parameters cannot
be satisfied.
it has been tested on an old kernel without required support:
PMD: Kernel refused TC filter rule creation (2): No such file or directory
PMD: tap0 failed to create implicit rules.
PMD: Can't set up remote feature: No such file of directory(2)
PMD: TAP Unable to initialize net_tap0
Signed-off-by: Raslan Darawsheh <rasland@mellanox.com>
Acked-by: Pascal Mazon <pascal.mazon@6wind.com>
Drop action is not supported by signature match, should return
error when try to create a signature match flow with drop action.
Fixes: a948d33bc0 ("net/ixgbe: enable signature match for consistent API")
Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
