Add support of IP and IP6 tunnels in rte_net_get_ptype().
We need to duplicate some code because the packet types do not have the
same value for a given protocol between inner and outer.
Signed-off-by: Jean Dao <jean.dao@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Add a new RTE_PTYPE_L2_ETHER_QINQ packet type, and its support in
rte_net_get_ptype().
Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Add a new RTE_PTYPE_L2_ETHER_VLAN packet type, and its support in
rte_net_get_ptype().
Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Introduce the function rte_net_get_ptype() that parses a mbuf and
returns its packet type. For now, the following packet types are parsed:
L2: Ether
L3: IPv4, IPv6
L4: TCP, UDP, SCTP
The goal here is to provide a reference implementation for packet type
parsing. This function will be used by testpmd in next commits, allowing
to compare its result with the value given by the hardware.
This function will also be useful when implementing Rx offload support
in virtio pmd. Indeed, the virtio protocol gives the csum start and
offset, but it does not give the L4 protocol nor it tells if the
checksum is relevant for inner or outer. This information has to be
known to properly set the ol_flags in mbuf.
Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Signed-off-by: Jean Dao <jean.dao@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Previously, librte_net only contained header files. Add a C file
(empty for now) and generate a library. It will contain network helpers
like checksum calculation, software packet type parser, ...
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
The file rte_mbuf.h starts to be quite big, and next commits
will introduce more functions related to packet types. Let's
move them in a new file.
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
The proper place for rte_ether.h is in librte_net because it defines
network headers.
Moving it will also prevent to have circular references in the following
patches that will require the Ethernet header definition in rte_mbuf.c.
By the way, fix minor checkpatch issues.
Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Introduce a new function to read the packet data from an mbuf chain. It
linearizes the data if required, and also ensures that the mbuf is large
enough.
This function is used in next commits that add a software parser to
retrieve the packet type.
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
If a pci probe operation creates a port but, for any reason, fails to
finish this operation and decides to delete the newly created port, then
the last created port id can not be trusted anymore and any subsequent
attach operations will fail.
This problem was noticed while working on a vm that had a virtio-net
management interface bound to the virtio-net kernel driver and no port
whitelisted in the commandline:
root@ubuntu1404:~/dpdk# ./build/app/testpmd -c 0x6 --
-i --total-num-mbufs=2049
EAL: Detected 3 lcore(s)
EAL: Probing VFIO support...
EAL: Debug logs available - lower performance
EAL: WARNING: cpu flags constant_tsc=yes nonstop_tsc=no -> using
unreliable clock cycles !
EAL: PCI device 0000:00:03.0 on NUMA socket -1
EAL: probe driver: 1af4:1000 (null)
rte_eth_dev_pci_probe: driver (null): eth_dev_init(vendor_id=0x6900
device_id=0x1000) failed
EAL: No probed ethernet devices
^
|
Here, rte_eth_dev_pci_probe() fails since vtpci_init() reports an
error. This results in a rte_eth_dev_release_port() right after a
rte_eth_dev_allocate().
Then, if we try to attach a port using rte_eth_dev_attach:
testpmd> port attach net_ring0
Attaching a new port...
PMD: Initializing pmd_ring for net_ring0
PMD: Creating rings-backed ethdev on numa socket 0
Two solutions:
- either update the last created port index to something invalid
(when freeing a ethdev port),
- or rely on the port count, before and after the eal attach.
The latter solution seems (well not really more robust but at least)
less fragile than the former.
We still have some issues with drivers that create multiple ethdev
ports with a single probe operation, but this was already the case.
Fixes: b0fb26685570 ("ethdev: convert to EAL hotplug")
Reported-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Signed-off-by: David Marchand <david.marchand@6wind.com>
Add a new command "tunnel_tso set <tso_segsz> <port>" to enable
segmentation offload and set MSS to tso_segsz. Another command,
"tunnel_tso show <port>" is added to show tunneled packet MSS.
Result 0 means tunnel_tso is disabled.
The original commands, "tso set <tso_segsz> <port>" and "tso show
<port>" are only reponsible for non-tunneled packets. And the new
commands are for tunneled packets.
Below conditions are needed to make it work:
a. tunnel TSO is supported by the NIC;
b. "csum parse_tunnel" must be set so that tunneled pkts are
recognized;
c. for tunneled pkts with outer L3 is IPv4, "csum set outer-ip"
must be set to hw, because after tso, total_len of outer IP
header is changed, and the checksum of outer IP header calculated
by sw should be wrong; that is not necessary for IPv6 tunneled
pkts because there's no checksum field to be filled anymore.
Suggested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Zhe Tao <zhe.tao@intel.com>
Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
To enable Tx side offload on tunneling packet, driver should set
correct tunneling parameters: (1) EIPT, External IP header type;
(2) EIPLEN, External IP; (3) L4TUNT; (4) L4TUNLEN. This parsing
behavior is based on (ol_flag & PKT_TX_TUNNEL_MASK). And when
it's a tunneling packet, MACLEN defines the outer L2 header.
Also, we define TSO on each kind of tunneling type as a capabilities.
Now only i40e declares to support them.
Signed-off-by: Zhe Tao <zhe.tao@intel.com>
Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
To support tunneling packet offload capabilities on Tx side, PMDs
(e.g., i40e) need to know what kind of tunneling type of this packet.
Instead of analyzing the packet itself, we depend on applications to
correctly set the tunneling type. These flags are defined inside
rte_mbuf.ol_flags.
Signed-off-by: Zhe Tao <zhe.tao@intel.com>
Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
ts_params->conf.nb_queue_pairs should not be hard coded with device
specific number. It should be retrieved from the device info.
Any test which changes it should restore it to orig value.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Removed obsolete comments re inability to free and re-allocate
queue memory and obsolete workaround for it
which used to create maximum size queues first, then later
create smaller queues.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Free ring memory on queue_pair release, else
releasing and setting up queue-pair of a different size fails.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Fixes: 1d0c90e6cf0b ("doc: update build instructions for libsso_snow3g")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
This commit fixes following build error, which happens in SUSE 11 SP2,
with gcc 4.5.1:
In file included from lib/librte_cryptodev/rte_cryptodev.c:70:0:
lib/librte_cryptodev/rte_cryptodev.h:772:7:
error: flexible array member in otherwise empty struct
Fixes: 347a1e037fd3 ("lib: use C99 syntax for zero-size arrays")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
This patch initializes the salt value used by the following cipher
algorithms:
- CBC: random salt
- GCM/CTR: the key required is 20B, and the last 4B are used as salt.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Introduce a specific cryptodev queue size macro.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Application will segfault if there is IPv4 or IPv6 and no SP/ACL rules
for IPv4 or IPv6 respectively.
Avoid checking the ACL/SP in such cases.
Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
RFC3686: Using AES Counter (CTR) Mode With IPsec ESP.`
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add support for AES-GCM (Galois-Counter Mode).
RFC4106: The Use of Galois-Counter Mode (GCM) in IPSec ESP.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
NIST SP800-38A recommends two methods to generate unpredictable IVs
(Initilisation Vector) for CBC mode:
1) Apply the forward function to a nonce (ie. counter)
2) Use a FIPS-approved random number generator
This patch implements the first recommended method by using the forward
function to generate the IV.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch contains unit tests for libcrypto PMD. User can
use app/test application to check how to use this pmd and to
verify crypto processing.
Test name is cryptodev_libcrypto_autotest.
For performance test cryptodev_libcrypto_perftest can be used.
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch rework AES tests .
In general - rename AES-named functions to blockcipher functions pattern.
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This code provides the initial implementation of the libcrypto
poll mode driver. All cryptography operations are using Openssl
library crypto API. Each algorithm uses EVP_ interface from
openssl API - which is recommended by Openssl maintainers.
This patch adds libcrypto poll mode driver support to librte_cryptodev
library.
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch enables ZUC EEA3 cipher algorithm and
ZUC EIA3 authentication algorithm support to
l2fwd-crypto sample application.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Before adding the new ZUC tests, since they will use
the existing common functions for SNOW3G and KASUMI,
these functions are renamed to *_wireless_algo_*,
instead of *_snow3g_kasumi_*, as they are common
functions for all the three wireless algorithms.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Added new SW PMD which makes use of the libsso SW library,
which provides wireless algorithms ZUC EEA3 and EIA3
in software.
This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_ZUC_EEA3
- RTE_CRYPTO_SYM_AUTH_ZUC_EIA3
The ZUC hash and cipher algorithms, which are enabled
by this crypto PMD are implemented by Intel's libsso software
library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Improve error message if crypto PMD build is not enabled in config file
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds AES Galois Counter Mode performance test case
for cryptodev QAT and AESNI GCM. Test is performed with different
buffer sizes, burst size of 32 and 128b key. Test vectors
are placed in app/test/test_cryptodev_perf_vectors.h file.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
This commit fixes a compilation error on icc,
due to unallowed conversion from int to enum:
drivers/crypto/snow3g/rte_snow3g_pmd.c(155):
error #188: enumerated type mixed with another type
sess->op = mode;
^
drivers/crypto/kasumi/rte_kasumi_pmd.c(155):
error #188: enumerated type mixed with another type
sess->op = mode;
^
Fixes: 3aafc423cf4d ("snow3g: add driver for SNOW 3G library")
Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Regardless the result of the conditional, the true and false
statements were the same, so the conditional can be removed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds two sample configuration files to ipsec-secgw sample
application. The sample configuration files show how to setup
back-to-back systems that would forward traffic through an IPsec
tunnel.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
This patch adds the configuration file support to ipsec_secgw
sample application. Instead of hard-coded rules, the users can
specify their own SP, SA, and routing rules in the configuration
file. A command line option "-f" is added to pass the
configuration file location to the application.
Configuration item formats:
SP rule format:
sp <ip_ver> <dir> esp <action> <priority> <src_ip> <dst_ip> \
<proto> <sport> <dport>
SA rule format:
sa <dir> <spi> <cipher_algo> <cipher_key> <auth_algo> <auth_key> \
<mode> <src_ip> <dst_ip>
Routing rule format:
rt <ip_ver> <src_ip> <dst_ip> <port>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
This patch moves computing of pre-counter block into the AESNI-GCM
driver so it can be moved from test files.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
3DES support added to QuickAssist PMD with CTR and CBC mode.
Both cipher-only and chained with HMAC_SHAx.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Cleanup of unused code.
Rename and simplify a badly named struct element, was aes, but
used for all types of ciphers.
Print correct error msg (Unsupported rather than Undefined)
for all ciphers not supported by QAT PMD.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Adding the support to bind/unbind crypto devices with
dpdk-devbind.py script, as now it is not restricted
to network devices anymore.
Signed-off-by: Eoin Breen <eoin.breen@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
KASUMI algorithm has all uppercase letters,
but some references of it had some lowercase letters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
SNOW 3G algorithm has all uppercase letters in its name
and a space between SNOW and 3G, but some references of it
had some lowercase letters or no space.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Using sys/types.h instead of linux/types.h
so as to compile QAT_PMD on FreeBSD.
Fixes: 1703e94ac5ce ("qat: add driver for QuickAssist devices")
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
In file rte_crypto_sym.h, GMAC API comments need to be changed
to comply with the GMAC specification. Main areas of change are
aad pointer and aad len, which now will be used to
provide plaintext.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>