Underlying IPSec Multi buffer library implements
DOCSIS specification, so this commit adds support
for this new feature, which combines AES-CBC for full
AES blocks (16 bytes) and AES-CFB for last runt block
(less than 16 bytes).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
IPSec Multi-buffer library v0.45 has been released,
which includes, among other features, support for DOCSIS BPI
specification and include AVX512 optimizations.
This new version added const qualifiers to some of the function
prototypes, so the PMD has been updated to include these changes.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Moving the crypto processing from the enqueue burst to the dequeue burst,
to remove the requirement to continually call the
rte_cryptodev_burst_enqueue function to guarantee that all operations get
flushed from the multi-buffer managers buffers.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
There is bug when more crypto ops are enqueued than dequeued.
The return value is not checked when trying to enqueue the
processed crypto op into the internal ring, which in the case of being
full will results in crypto ops and mbufs being leaked.
The issue is more obvious with different cores doing enqueue/dequeue.
This patch moves the crypto operation to the dequeue function which
fixes the above issue without having to check for the number of free
entries in the ring.
Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Fail-over mode works with 2 slaves, primary slave and secondary slave.
In this mode, the scheduler will enqueue the incoming crypto op burst
to the primary slave. When one or more crypto ops are failed to be
enqueued, they then will be enqueued to the secondary slave.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Packet-size based distribution mode is a scheduling mode works with 2
slaves, primary slave and secondary slave, and distribute the enqueued
crypto ops to them based on their data lengths. A crypto op will be
distributed to the primary slave if its data length equals or bigger
than the designated threshold, otherwise it will be handled by the
secondary slave.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Reorganize options structure, to have all the parameters
used in a single run in the first bytes of the structure,
so all fit in a single cache line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
When using the verify test, test name is necessary
to be passed when digest is needed.
Also, when using an block cipher algorithm (CBC, ECB),
the buffer size has to be aligned to the block size.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
So far, the crypto performance application was only able to
test one buffer size and one burst size.
With this commit, multiple sizes can be passed, either as a range
of values or as a list of values.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Instead of printing the test results in the destructor
function, print them just after each run.
This will be useful for after the commit that allows
a range of buffer and burst sizes.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
When testing cipher only operations, there is no need to append digest
at the end of the buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
In order to simplify throughput and latency tests,
verify option has been removed from these and moved
as a separate test.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Ciphertext and digests for different buffer sizes
were incorrect.
Fixes: 5f1d85c5a8 ("app/crypto-perf: add test vectors files")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Cyclecount test was not implemented, so it is removed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
adding support for attaching session to queue pairs.
This is required as underlying crypto driver may only
support limited number of sessions per queue pair
if max_nb_sessions_per_qp > 0, session should be
attached to a particular qp.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
HW based crypto drivers may only support limited number of
sessions per queue pair. This requires support for attaching
sessions to specific queue pair. New APIs are introduced to
attach/detach a session with/from a particular queue pair.
These are optional APIs.
Application can call attach API after creating a session
and can call detach API before deleting a session.
Application needs to check if max_nb_sessions_per_qp > 0,
then it should call the attach API.
max_nb_sessions_per_qp = 0 means infinite sessions per qp
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Remove DPDK QAT sample app, in favour of the newer applications
that use the cryptodev library: ipsec-gw and l2fwd-crypto,
which has support for Intel QuickAssist devices.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Since the new device configuration API is updated, we can make use of
this feature to the crypto scheduler PMD to configure its slaves
automatically with the same configurations it got. As originally the
slaves have to be manually configured one by one, this patch should
help reducing the coding complexity.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This patch changes the device configuration API for rte_cryptodev_ops
function prototype, and update all cryptodev PMDs for this change.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Follow the approach in the network devices overview,
for the feature matrix, so it improves readibility
and maintainability.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
This patch optimizes the crypto op ordering by replacing the
ordering method from using rte_reorder library to using rte_ring
to avoid unnecessary crypto op storing and recovering cost.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This patch changes the enqueue and dequeue methods to cryptodev
scheduler PMD. Originally a 2-layer function call is carried out
upon enqueuing or dequeuing a burst of crypto ops. This patch
removes one layer to improve the performance.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Some values are uninitialized for "cipher null" and "auth null"
operations. It may cause unpredictable results for some crypto pmd
drivers, or even segmentation fault.
This patch sets values for null operations to zero.
Fixes: f8be1786b1 ("app/crypto-perf: introduce performance test application")
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
When somebody use bad --optype with aead algorithms
segmentation fault could happen.
Fixes: f8be1786b1 ("app/crypto-perf: introduce performance test application")
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Fixes invalid latency result when using the performance application and
hardware QAT PMD. It occurred when the number of processed packets was
higher then the size of the internal QAT PMD ring buffer and the buffer
was overflowed.
Fixed by correcting the registration of the enqueued packets and freeing
memory space for not enqueued packets.
Fixes: f8be1786b1 ("app/crypto-perf: introduce performance test application")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Extend the DPDK cryptodev API to enable processing of packets according
to the Baseline Privacy Interface Plus (BPI+) Specification described in
the security specification of the Cablelabs Data-over-Cable Service
Interface Specification (DOCSIS).
Brief summary of BPI+ symmetric cryptography requirements:
BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to encrypt/decrypt
all the whole blocks in the packet. However the data length is not always
a block-multiple, so where there is a final block less than the full block
size this residual block requires special handling using AES-CFB/DES-CFB
mode. Similar special handling is specified where there is only one block,
smaller than the block size for the cipher. See spec for further details.
https://apps.cablelabs.com/specification/docsis-3-1-security-specification/
Two new elements are added to the enum rte_crypto_cipher_algorithm.
Note elements of this enum are actually a combination of an algorithm (AES,
3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to
convey to the PMD that the mode applied should be the specific combination
of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
L2fwd-crypto app was creating an array of strings for the
supported algorithms, which was different from the strings
that are now in cryptodev.
Use the new API in cryptodev to parse the string from the user,
to get the algorithm enum, instead, so it is not necessary to add
a new supported algorithm in the cryptodev library and this app.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Instead of going through the array of supported algorithms
in the app, to get the algorithm enum, use the new API in
cryptodev to parse this string, so it is not necessary to add
a new supported algorithm in the cryptodev library and this app.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Adds functions to get the cipher/authentication
algorithm enums, given a string. This is useful for applications
which gets the algorithm required from the user, to have a common
string-enum mapping.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
DES-CBC and AUTH NULL algorithms were missing in
the array of algorithm strings.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
There is a compilation error in the following case:
make config T=x86_64-native-linuxapp-gcc
sed -i 's,CONFIG_RTE_LIBRTE_CRYPTODEV=y,CONFIG_RTE_LIBRTE_CRYPTODEV=n,' \
build/.config
sed -i 's,CONFIG_RTE_APP_CRYPTO_PERF=y,CONFIG_RTE_APP_CRYPTO_PERF=n,' \
build/.config
make -j4
make -j4 test-build
test_eventdev.c:39:27: fatal error:
rte_cryptodev.h: No such file or directory
#include <rte_cryptodev.h>
^
Removing the include induces a new error, (missing declaration of
rte_eal_vdev_init()), which is fixed by including rte_dev.h.
Fixes: f8f9d233ea ("test/eventdev: add unit tests")
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
build error:
include/rte_ring.h:459:22: error: invalid conversion from ‘void*’
to ‘void**’ [-fpermissive]
ENQUEUE_PTRS(r, &r[1], prod_head, obj_table, n, void *);
Implicit casts of void* to void** are considered warnings in some
compilers. E.g. g++ version 5.8. Cast directly to object types
Fixes: a6619414 ("ring: make struct and macros type agnostic")
Signed-off-by: Ed Czeck <ed.czeck@atomicrules.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
I get the following error when linking the test application:
build/lib/librte_pmd_thunderx_nicvf.a(nicvf_hw.o):
In function `nicvf_qsize_regbit':
drivers/net/thunderx/base/nicvf_hw.c:451: undefined reference to `log2'
build/lib/librte_pmd_thunderx_nicvf.a(nicvf_hw.o):
In function `nicvf_rss_reta_update':
drivers/net/thunderx/base/nicvf_hw.c:804: undefined reference to `log2'
build/lib/librte_pmd_thunderx_nicvf.a(nicvf_hw.o):
In function `nicvf_rss_reta_query':
drivers/net/thunderx/base/nicvf_hw.c:825: undefined reference to `log2'
While I don't know why it does not happen for a default build, the error
can be explained. The link command line is:
gcc -o test ... *.o ... -Wl,-lm ... -Wl,-lrte_pmd_thunderx_nicvf ...
rte_pmd_thunderx_nicvf needs the math library, and it should be
added after. This is not the case because the test application also
adds the math library.
The makefile already filters the libraries, but it keeps the first
occurrence of the lib. Instead, the last one should be kept.
Fixes: edf4d331dc ("mk: eliminate duplicates from libraries list")
Cc: stable@dpdk.org
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Thomas Monjalon <thomas.monjalon@6wind.com>
On my system, the version of the compiler is not properly retrieved,
resulting in strange logs when building the dpdk:
/bin/sh: line 0: test: too many arguments
This happens when mk/toolchain/clang/rte.toolchain-compat.mk is included
from a directory that use gcc to build (ex: kernel modules). In that
case, the CLANG_VERSION variable contains spaces that breaks some shell
calls to the test program.
The error is because the output of "gcc -v" on my system contains 2 lines
that matches the "version" string:
Configured with: ../src/configure -v \
--with-pkgversion='Debian 6.3.0-6' [...]
gcc version 6.3.0 20170205 (Debian 6.3.0-6)
This may be specific to Debian. Fix it by specializing the grep.
Fixes: 2ef6eea891 ("mk: add clang toolchain")
Cc: stable@dpdk.org
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Thomas Monjalon <thomas.monjalon@6wind.com>
The file examples.dox was not re-generated when a file
is added or removed from examples/.
It is now removed on clean operation.
The ordering of operations (clean before generation) is also
better defined.
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
The macro RTE_PMD_TAP_MAX_QUEUES was defined twice.
On machines with kernel < 3.8, IFF_MULTI_QUEUE didn't exist, and thus
both definitions used different values.
Fixes: cf56436611 ("net/tap: move private elements to external header")
Signed-off-by: Pascal Mazon <pascal.mazon@6wind.com>
Since patch "mbuf: structure reorganization" the compiler complains
sometimes (in some conditions):
.../drivers/net/mlx5/mlx5_rxtx.c: In function ‘mlx5_rx_burst’:
.../drivers/net/mlx5/mlx5_rxtx.c:2082:17: error: ‘len’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
len is not initialised as it will be at the first segment of a received
packet, but it remains hard for the compiler to determine it.
Fixes: 9964b965ad ("net/mlx5: re-add Rx scatter support")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
The function rte_eth_find_next is missing in the map file, which causes
errors with shared library builds.
.../test-pmd/testpmd.c:1693: undefined reference to `rte_eth_find_next'
Adding function to map file fixes the issue.
Fixes: 5588909af2 ("ethdev: add device iterator")
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Pascal has added many features to the Tap PMD and the code
is now mostly his code. We talked and he suggested I send
the patch to change ownership.
Signed-off-by: Keith Wiles <keith.wiles@intel.com>
Acked-by: Pascal Mazon <pascal.mazon@6wind.com>
This patch provides a set of tests for verifying the functional
correctness of 16-bit and 32-bit CRC APIs.
Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
APIs for selecting the architecure specific implementation and computing
the crc (16-bit and 32-bit CRCs) are added. For CRCs calculation, scalar
as well as x86 intrinsic(sse4.2) versions are implemented.
The scalar version is based on generic Look-Up Table(LUT) algorithm,
while x86 intrinsic version uses carry-less multiplication for
fast CRC computation.
Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This iterator helps applications iterate over the device list and skip
holes caused by invalid or detached devices.
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
The hotplug API introduced multiple states for a device with possible
values defined internally, while the related field in struct rte_eth_dev
was made public.
Exposing those states improves consistency because applications have to
deal with the device list directly.
"DEV_DETACHED" is renamed "RTE_ETH_DEV_UNUSED" to better reflect that
the emptiness of a slot is not necessarily the result of detaching a
device.
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
build error:
.../drivers/event/octeontx/ssovf_worker.c(212):
error #592: variable "get_work0" is used before its value is set
RTE_SET_USED(get_work0);
^
.../drivers/event/octeontx/ssovf_worker.c(213):
error #592: variable "get_work1" is used before its value is set
RTE_SET_USED(get_work1);
^
For x86 these variables set but not used, move macros below
where values assigned.
Fixes: f61808eaa9 ("event/octeontx: add start function")
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
build error:
In file included from .../lib/librte_ring/rte_ring.c(90):
.../lib/librte_ring/rte_ring.h(162):
error #1366: a reduction in alignment without the "packed" attribute
is ignored
} __rte_cache_aligned;
^
Alignment attribute moved to first element of the struct
Fixes: a6619414e0 ("ring: make struct and macros type agnostic")
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
