Patch adds new event subtypes for notifying expiry
events upon reaching IPsec SA soft packet expiry and
hard packet/byte expiry limits.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
The structs are directly indexed for generating standard vectors. Add
asserts to make sure structs are not updated in isolation.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch sets the max length of dst in OpenSSL 3.0 lib EVP MAC final
routine to ensure enough space for the result.
Fixes: 75adf1eae4 ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Cc: stable@dpdk.org
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
SHA3 family algorithms were missing in the array of algorithm strings.
Fixes: 1df800f895 ("crypto/ccp: support SHA3 family")
Cc: stable@dpdk.org
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Update ether type for outbound SA processing based on tunnel header
information in both NEON functions for poll mode and event mode worker
functions.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Update L2 header based on tunnel IP version in the application
as driver/HW is not expected to update L2 ether type post
Outbound Inline protocol offload processing.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Remove L2 header update for outbound inline packets as
application is already taking care of the same.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Clarify that for Outbound Inline IPsec processing, L2 header
needs to be up to date with ether type which will be applicable
post IPsec processing as the IPsec offload only touches L3 and above.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Clarify mbuf meta data needed for Outbound Inline IPsec processing.
Application needs to provide mbuf.l3_len and L3 type in
mbuf.ol_flags so that like tunnel mode using mbuf.l2_len, transport mode
can make use of l3_len and l3_type to determine perform
proper transport mode IPsec processing.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add support for offloading RTE_CRYPTO_CIPHER_AES_DOCSISBPI and
RTE_CRYPTO_CIPHER_DES_DOCSISBPI algorithms to symmetric crypto session.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Errors in crypto adapter datapath can be handled gracefully. So the
error print can be moved under debug.
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
'struct roc_se_buf_ptr ctx_buf' has fields for a pointer and len.
The field for len was unused.
It is removed and the required pointer is added in the parent struct.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Identify the datapath thread to be used during session create. This can
be used to call right function early on to avoid multiple session
specific checks in datapath functions.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Change engine group of Chacha20-Poly1305 as it is
supported on IE engines also.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Auth IV is not applicable for kasumi cipher operation.
Removed the same.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Field op_minor is required only for digest encrypted cases
with chained ops, hence removed from AES-GCM path.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
When the flag ROC_SE_VALID_MAC_BUF is set, digest length will be
non-zero. Remove extra check in datapath.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Fill FC params routine now caters to only KASUMI & FC_GEN.
Call appropriate functions directly.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
For both AES-GCM and ChaChaPoly, digest size must be non-zero.
So remove the conditional handling in the datapath.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Limit meta buf pool cache size as 128. Having 512 as
the cache size would cause more time for refill.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Zeroising AES-CMAC IV would be done in microcode.
Clearing in DPDK is not redundant.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Added support for burst enqueue for cn10k event crypto adapter.
Instructions will be grouped based on the queue pair and sent in a burst.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Typecasting uint32_t array to uint16_t and accessing it as max array
size(at time of declaration of uint32_t array) causes gcc-12 to
throw an error.
GCC 12 raises the following warning:
In function 'send_multi_pkts',
inlined from 'route6_pkts_neon' at
../examples/ipsec-secgw/ipsec_lpm_neon.h:170:2,
inlined from 'ipsec_poll_mode_wrkr_inl_pr' at
../examples/ipsec-secgw/ipsec_worker.c:1257:4:
../examples/ipsec-secgw/ipsec_neon.h:261:21: error: 'dst_port' may be used
uninitialized [-Werror=maybe-uninitialized]
261 | dlp = dst_port[i - 1];
| ~~~~^~~~~~~~~~~~~~~~~
In file included from ../examples/ipsec-secgw/ipsec_worker.c:16:
../examples/ipsec-secgw/ipsec_worker.c: In function
'ipsec_poll_mode_wrkr_inl_pr':
../examples/ipsec-secgw/ipsec_lpm_neon.h:118:17:
note: 'dst_port' declared here
118 | int32_t dst_port[MAX_PKT_BURST];
| ^~~~~~~~
Fixes: 6eb3ba0399 ("examples/ipsec-secgw: support poll mode NEON LPM lookup")
Fixes: dcbf9ad5fd ("examples/ipsec-secgw: move fast path helper functions")
Cc: stable@dpdk.org
Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
GCC 12 raises the following warning:
In function '_mm_storeu_si128',
inlined from 'rte_mov16' at
../lib/eal/x86/include/rte_memcpy.h:508:2,
inlined from 'rte_mov128' at
../lib/eal/x86/include/rte_memcpy.h:542:2,
inlined from 'rte_memcpy_generic' at
../lib/eal/x86/include/rte_memcpy.h:732:4,
inlined from 'rte_memcpy' at
../lib/eal/x86/include/rte_memcpy.h:882:10,
inlined from 'qat_sym_do_precomputes.constprop' at
../drivers/crypto/qat/qat_sym_session.c:1434:2:
/usr/lib/gcc/x86_64-pc-linux-gnu/12.1.1/include/emmintrin.h:739:8: error:
array subscript 8 is outside array bounds of 'unsigned char[128]'
[-Werror=array-bounds]
739 | *__P = __B;
| ~~~~~^~~~~
../drivers/crypto/qat/qat_sym_session.c:
In function 'qat_sym_do_precomputes.constprop':
../drivers/crypto/qat/qat_sym_session.c:1305:17: note:
at offset 192 into object 'opad.750' of size 128
1305 | uint8_t
opad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
| ^~~~
../drivers/crypto/qat/qat_sym_session.c:
In function 'qat_sym_do_precomputes.constprop':
../drivers/crypto/qat/qat_sym_session.c:1304:17: note:
at offset 128 into object 'ipad.749' of size 128
1304 | uint8_t
ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
| ^~~~
Added a check to prevent compiler warnings.
Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")
Cc: stable@dpdk.org
Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
GCC 12 raises the following warning:
In function '_mm_loadu_si128',
inlined from 'rte_mov16' at
../lib/eal/x86/include/rte_memcpy.h:507:9,
inlined from 'rte_mov128' at
../lib/eal/x86/include/rte_memcpy.h:549:2,
inlined from 'rte_memcpy_generic' at
../lib/eal/x86/include/rte_memcpy.h:732:4,
inlined from 'rte_memcpy' at
../lib/eal/x86/include/rte_memcpy.h:882:10,
inlined from 'outb_tun_pkt_prepare' at
../lib/ipsec/esp_outb.c:224:2:
/usr/lib/gcc/x86_64-pc-linux-gnu/12.1.1/include/emmintrin.h:703:10: error:
array subscript '__m128i_u[15]' is partly outside array bounds of
'const uint8_t[255]' {aka 'const unsigned char[255]'}
[-Werror=array-bounds]
703 | return *__P;
| ^~~~
In file included from ../lib/ipsec/esp_outb.c:17:
../lib/ipsec/pad.h: In function 'outb_tun_pkt_prepare':
../lib/ipsec/pad.h:10:22: note: at offset 240 into object 'esp_pad_bytes'
of size 255
10 | static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
| ^~~~~~~~~~~~~
This patch restrict copy to minimum size.
Bugzilla ID: 1060
Fixes: 6015e6a133 ("ipsec: move inbound and outbound code")
Cc: stable@dpdk.org
Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>
GCC-12 raises following warning:
In function '_mm_loadu_si128',
inlined from 'rte_mov16' at
../lib/eal/x86/include/rte_memcpy.h:507:9,
inlined from 'rte_mov128' at
../lib/eal/x86/include/rte_memcpy.h:549:2,
inlined from 'rte_memcpy_generic' at
../lib/eal/x86/include/rte_memcpy.h:732:4,
inlined from 'rte_memcpy' at
../lib/eal/x86/include/rte_memcpy.h:882:10,
inlined from 'setup_test_string_tunneled' at
../app/test/test_ipsec.c:617:3:
/usr/lib/gcc/x86_64-pc-linux-gnu/12.1.1/include/emmintrin.h:703:10: error:
array subscript '__m128i_u[15]' is partly outside array bounds of
'const uint8_t[255]' {aka 'const unsigned char[255]'}
[-Werror=array-bounds]
703 | return *__P;
| ^~~~
../app/test/test_ipsec.c: In function 'setup_test_string_tunneled':
../app/test/test_ipsec.c:491:22: note: at offset 240 into object
'esp_pad_bytes' of size 255
491 | static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
This patch restrict the copy to minimum size.
Fixes: 05fe65eb66 ("test/ipsec: introduce functional test")
Cc: stable@dpdk.org
Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This commit fixes answer sent to physical device in
vf2pf communication.
Fixes: b17d16fb47 ("common/qat: add PF to VF communication")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When the queue_ops_rsa_enc_dec function is called, the plaintext will
be printed twice instead of both plaintext and ciphertext. When the
create_aead_operation function is called, the contents of iv and aad
will be printed incorrectly. This patch fixes the issues above.
Fixes: 77a217a19b ("test/crypto: add AES-CCM tests")
Fixes: 5ae36995f1 ("test/crypto: move RSA enqueue/dequeue into functions")
Cc: stable@dpdk.org
Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
Reviewed-by: Joey Xing <joey.xing@jaguarmicro.com>
Reviewed-by: Qingmin Liu <qingmin.liu@jaguarmicro.com>
Reviewed-by: Lei Cai <lei.cai@jaguarmicro.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Use Tx checksum offload only when all the ports have it enabled as
the qconf for a particular lcore stores ipv4_offloads for all the
Tx ports and each lcore can Tx to any port.
Fixes: 03128be4cd ("examples/ipsec-secgw: allow disabling some Rx/Tx offloads")
Cc: stable@dpdk.org
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch fixes the patterns buffer overrun issue reported
by Coverity.
Coverity issue: 379236
Fixes: b3a4baf87f ("examples/ipsec-secgw: support more flow patterns and actions")
Cc: stable@dpdk.org
Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Akhil Goyal <gakhil@marvell.com>
Remove redundant function return value. The function is used in datapath
and the return value is not checked in any of the existing callers.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
ipsec_autotest is now skipped if no compatible crypto devices are found.
Fixes issue where if at least one crypto device was found but no
compatible crypto devices for the ipsec_autotest test case are present,
the case would fail with no error message. Now, when this situation is
encountered, the test case will be skipped with an explanation.
Fixes: 59d7353b0d ("test/ipsec: fix test suite setup")
Cc: stable@dpdk.org
Signed-off-by: Jeremy Spewock <jspewock@iol.unh.edu>
Signed-off-by: Owen Hilyard <ohilyard@iol.unh.edu>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Some cryptographic algorithms such as MD5 and DES are now considered legacy
and not enabled by default in OpenSSL 3.0. Load up legacy provider as MD5
DES are needed in QAT session pre-computes and secure session creation.
Fixes: 3227bc7138 ("crypto/qat: use intel-ipsec-mb for partial hash and AES")
Cc: stable@dpdk.org
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Arm port of ipsec_mb library [1] has different header file name than
the Intel ipsec_mb library. Proper header name is picked according to
the architecture to get the code compile when ipsec_mb is installed on
Arm platform.
And the Arm port currently supports ZUC and SNOW3g. Call to other
algorithms will be blocked.
[1] https://gitlab.arm.com/arm-reference-solutions/ipsec-mb/-/tree/main
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Ashwin Sekhar T K <asekhar@marvell.com>
The intel-ipsec-mb header is included by ipsec_mb_private header file.
Hence removed intel-ipsec-mb from files that have ipsec_mb_private
included.
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Enable support for arm64 architecture in ipsec_mb. x86
specific code is conditionally compiled only for x86
architecture builds. Other architectures will be unsupported.
Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This patch add in libcrypto version check before enable libipsec-mb for
QAT. The intel-ipsec-mb lib for partial hash and AES calculation should
only be enabled when both OpensSSL 3.0 and IPSec_MB 1.2.0 are installed
on the system.
Fixes: 3227bc7138 ("crypto/qat: use intel-ipsec-mb for partial hash and AES")
Cc: stable@dpdk.org
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Fix stale XAQ depth check pointers in workslot memory after
XAQ pool resize.
Fixes: bd64a963d2 ("event/cnxk: use common XAQ pool functions")
Cc: stable@dpdk.org
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Added new fields to represent event queue weight and affinity in
rte_event_queue_conf structure. Internal op to get queue attribute is
removed as it is no longer needed. Updated driver to use the new field.
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add support to configure and use periodic event timers in
software timer adapter.
The structure ``rte_event_timer_adapter_stats`` is extended
by adding a new field, ``evtim_drop_count``. This stat
represents the number of times an event_timer expiry event
is dropped by the event timer adapter.
Updated the software eventdev pmd timer_adapter_caps_get
callback function to report the support of periodic
event timer capability.
Signed-off-by: Naga Harish K S V <s.v.naga.harish.k@intel.com>
Acked-by: Erik Gabriel Carrillo <erik.g.carrillo@intel.com>
In rte_event_eth_rx_adapter_queue_add(), sub_event_type of
rte_event structure is reset which can be used by the
application to determine the processing function.
Removed resetting of rte_event::sub_event_type
Signed-off-by: Ganapati Kundapura <ganapati.kundapura@intel.com>
Acked-by: Jay Jayatheerthan <jay.jayatheerthan@intel.com>
Add the support of reassembly functions callback
assignment to eventdev dequeue and dequeue_burst.
Fixes: c062f5726f ("net/cnxk: support IP reassembly")
Cc: stable@dpdk.org
Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>