Commit Graph

16402 Commits

Author SHA1 Message Date
Moti Haimovsky
f5bf91de73 net/mlx5: support flow counters using devx
This commit adds counters support when creating flows via direct
verbs. The implementation uses devx interface in order to create
query and delete the counters.
This support requires MLNX_OFED_LINUX-4.5-0.1.0.1 installation.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Shahaf Shuler <shahafs@mellanox.com>
2019-01-14 17:44:29 +01:00
Moti Haimovsky
6de1ffaa41 net/mlx5: add devx functions to glue
This patch adds glue functions for operations:
  - dv_open_device.
  - devx object create, destroy, query and modify.
  - devx general command
The new operations depend on HAVE_IBV_DEVX_OBJ.

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Shahaf Shuler <shahafs@mellanox.com>
2019-01-14 17:44:29 +01:00
Moti Haimovsky
5f09e80cf8 net/mlx5: fix shared counter allocation logic
This commit fixes the logic for searching and allocating a shared
counter in mlx5_flow_verbs.
Now only the shared counters in the counters list are checked for
a match and not all the counters as before.

Fixes: 84c406e745 ("net/mlx5: add flow translate function")
Cc: stable@dpdk.org

Signed-off-by: Moti Haimovsky <motih@mellanox.com>
Acked-by: Shahaf Shuler <shahafs@mellanox.com>
2019-01-14 17:44:29 +01:00
Alejandro Lucero
dc205cc57c config: remove NFP PMD from 32-bit builds
Signed-off-by: Alejandro Lucero <alejandro.lucero@netronome.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
2019-01-14 20:07:18 +01:00
Ilya Maximets
9726aa9907 eal: fix build of external app with clang on armv8
In case DPDK built using GCC, RTE_TOOLCHAIN_CLANG is not defined.
But 'rte_atomic.h' is a generic header that included to the
external apps like OVS while building with DPDK. As a result,
clang build of OVS fails on armv8 if DPDK built using gcc:

    include/generic/rte_atomic.h:215:9: error:
            implicit declaration of function '__atomic_exchange_2'
            is invalid in C99
    include/generic/rte_atomic.h:494:9: error:
            implicit declaration of function '__atomic_exchange_4'
            is invalid in C99
    include/generic/rte_atomic.h:772:9: error:
            implicit declaration of function '__atomic_exchange_8'
            is invalid in C99

We need to check for current compiler, not the compiler used for
DPDK build.

Fixes: 7bdccb9307 ("eal: fix ARM build with clang")
Cc: stable@dpdk.org

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2019-01-14 19:49:48 +01:00
Ferruh Yigit
a32ca9a4eb mk: fix scope of disabling AVX512F support
AVX512 was disabled for GCC because of Bugzilla issue 97 [1],
the GCC defect submitted for the issue [2] highlighted that this is
a known binutils version 2.30 issue.

Narrowed the scope of no-avx512 to the this specific binutils version.

[1]
https://bugs.dpdk.org/show_bug.cgi?id=97

[2]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88096

Fixes: 8d07c82b23 ("mk: disable gcc AVX512F support")
Cc: stable@dpdk.org

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2019-01-14 17:27:48 +01:00
Yongseok Koh
bf78d4dc2b mbuf: remove experimental tag for external attachment
Remove the experimental tag of rte_pktmbuf_attach_extbuf() which was
introduced in 18.05.

Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
2019-01-14 16:37:59 +01:00
Yongseok Koh
952f4cf5f0 mbuf: remove deprecated macro
RTE_MBUF_INDIRECT() is replaced with RTE_MBUF_CLONED() and removed.
This macro was deprecated in release 18.05 when EXT_ATTACHED_MBUF was
introduced.

Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
2019-01-14 16:37:36 +01:00
Harry van Haaren
6af649a44c mbuf: fix C++ compatibility by making sched struct visible
Although C compilation works with the struct rte_mbuf_sched
declared inside the struct rte_mbuf namespace, C++ fails to
compile. This fix moves the rte_mbuf_sched struct up to the
global namespace, instead of declaring it inside the struct
mbuf namespace.

The struct rte_mbuf_sched is being used on the stack in
rte_mbuf_sched_get() and as a cast in _set(). For this
reason, it must be exposed as an available type.

Fixes: 5d3f721009 ("mbuf: implement generic format for sched field")

Signed-off-by: Harry van Haaren <harry.van.haaren@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
2019-01-14 16:03:28 +01:00
Anatoly Burakov
ba07193e03 mem: fix storing old policy
The original code was supposed to overwrite the value pointed to
by the pointer, but the new one is instead overwriting the
pointer value itself, which has no effect outside that function.
Fix it by adding a pointer dereference.

Fixes: 582bed1e1d ("mem: support mapping hugepages at runtime")
Cc: stable@dpdk.org

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
2019-01-14 15:50:52 +01:00
Anatoly Burakov
199629022c mem: fix variable shadowing
A local variable ``flags`` was shadowing another variable from outer
scope. Fix this by renaming the variable and make it const.

Fixes: c127be93f6 ("mem: support using memfd segments for in-memory mode")
Cc: stable@dpdk.org

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
2019-01-14 15:42:40 +01:00
Anatoly Burakov
c0f8d50d1c vfio: do not unregister callback in secondary process
Callbacks are only registered in the primary, so do not attempt to
unregister callbacks in secondary processes.

Fixes: 43e4631371 ("vfio: support memory event callbacks")
Cc: stable@dpdk.org

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
2019-01-14 15:31:51 +01:00
Anatoly Burakov
97257eee2d eal/bsd: remove clean up of files at startup
On FreeBSD, closing the file descriptor drops the lock even if the
file descriptor was mmap'ed. This leads to the cleanup at the end
of EAL init to remove fbarray files that are still in use by the
process itself.

However, instead of working around this issue, we can take advantage
of the fact that FreeBSD doesn't really create any per-process
files in the first place, so no cleanup is actually needed.

Fixes: 0a529578f1 ("eal: clean up unused files on initialization")
Cc: stable@dpdk.org

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
2019-01-14 15:23:12 +01:00
Anatoly Burakov
66d9f61de0 eal: fix strdup usages in internal config
Currently, we use strdup in a few places to store command-line
parameter values for certain internal config values. There are
several issues with that.

First of all, they're never freed, so memory ends up leaking
either after EAL exit, or when these command-line options are
supplied multiple times.

Second of all, they're defined as `const char *`, so they
*cannot* be freed even if we wanted to.

Finally, strdup may return NULL, which will be stored in the
config. For most fields, NULL is a valid value, but for the
default prefix, the value is always expected to be valid.

To fix all of this, three things are done. First, we change
the definitions of these values to `char *` as opposed to
`const char *`. This does not break the ABI, and previous
code assumes constness (which is more restrictive), so it's
safe to do so.

Then, fix all usages of strdup to check return value, and add
a cleanup function that will free the memory occupied by
these strings, as well as freeing them before assigning a new
value to prevent leaks when parameter is specified multiple
times.

And finally, add an internal API to query hugefile prefix, so
that, absent of a valid value, a default value will be
returned, and also fix up all usages of hugefile prefix to
use this API instead of accessing hugefile prefix directly.

Bugzilla ID: 108

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
2019-01-14 15:05:19 +01:00
Konstantin Ananyev
b73cec26cd ipsec: fix assert condition
fix invalid RTE_ASSERT condition in rsn_update_finish()

Fixes: c0308cd895 ("ipsec: rework SA replay window/SQN for MT environment")

Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-01-14 14:45:02 +01:00
David Zeng
3d5501d568 kni: fix build on RHEL8 for arm and Power9
Signed-off-by: David Zeng <zengxhsh@cn.ibm.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-01-14 14:33:04 +01:00
Xiao Liang
4c820b22c0 kni: fix build on RHEL 8
'ndo_change_mtu_rh74' was changed to 'ndo_change_mtu' in RHEL8.

Build error log:
/home/dpdk-18.11/kernel/linux/kni/compat.h:107:24: error: ‘const struct
net_device_ops’ has no member named ‘ndo_change_mtu_rh74’; did you mean
‘ndo_change_mtu’?
 #define ndo_change_mtu ndo_change_mtu_rh74
                        ^~~~~~~~~~~~~~~~~~~

Cc: stable@dpdk.org

Signed-off-by: Xiao Liang <xiliang@redhat.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-01-14 14:02:16 +01:00
Yipeng Wang
bca59f1a08 maintainers: claim maintainership of hash library
Add Yipeng and Sameh as additional maintainers.

Signed-off-by: Yipeng Wang <yipeng1.wang@intel.com>
Signed-off-by: Sameh Gobriel <sameh.gobriel@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
2019-01-14 13:09:36 +01:00
Bruce Richardson
42f0631a10 maintainers: resign from maintainership of distributor lib
The distributor library doesn't see much in the way of changes, and Dave
is well able to manage the library on his own, so remove my name against
it in the MAINTAINERS file.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-01-14 12:41:52 +01:00
Yongseok Koh
d14e4e976f config: add Mellanox BlueField armv8 SoC
BlueField is Mellanox's new SoC based on armv8. BlueField integrates
Mellanox ConnectX-5 interconnect and Cortex-A72 cores into a single device.

http://www.mellanox.com/page/products_dyn?product_family=256&mtag=soc_overview

Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
2019-01-14 12:24:57 +01:00
Bruce Richardson
85e5fd8be0 devtools: fix build check for whether meson has run
The current check to see whether we need to call meson or just ninja
simply checked if the build directory existed. However, if meson was run
but failed, the build directory would still exist. We can fix this by
instead checking for the build.ninja file inside the directory. Once that
is present, we can use ninja safely and let it worry about rerunning
meson if necessary.

Fixes: a55277a788 ("devtools: add test script for meson builds")
Cc: stable@dpdk.org

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
2019-01-14 12:24:57 +01:00
Bruce Richardson
efa8088663 build: fix variable name in dependency error message
The variable name in the error message had an extra '_' which caused
an actual meson error when the message would otherwise be printed to
give meaningful information about what was going wrong.

Fixes: 203b61dc5e ("build: improve error message for missing dependency")
Cc: stable@dpdk.org

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
2019-01-14 12:24:57 +01:00
Luca Boccassi
d358817671 build: use static deps for pkg-config libs.private
Dependencies of the RTE libraries were not being added to the
Requires.private field of the pc file since the variable used for
dynamic linking was passed to the related field of pkg.generate.
Use the static one so that dependencies are included.

Fixes: 57ae0ec626 ("build: add dependency on telemetry to apps with meson")
Cc: stable@dpdk.org

Signed-off-by: Luca Boccassi <bluca@debian.org>
2019-01-14 12:24:57 +01:00
Fiona Trahe
a89fbda489 test/crypto: remove unsupported SGL tests on AESNI_MB PMD
Remove AESNI_MB flag from SGL test cases which it doesn't support.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-01-11 03:57:13 +01:00
Akhil Goyal
2932ee2ad8 crypto/dpaa2_sec: fix FLC address for physical mode
Fixes: 547a4d40e7 ("crypto/dpaa2_sec: support out of place protocol offload")
Fixes: 0a23d4b6f4 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Akhil Goyal
4e694fe511 crypto/dpaa_sec: support same session flows on multi-cores
In dpaa_sec, each session should have a separate in-queue,
and each in-queue should be mapped to an outq.
So if multiple flows of same SA comes to different cores
due to rss distribution of NIC, enqueue from any core will
try to do re-assignment of inq - outq mapping which will fail.

In this patch, for each core a separate inq is allocated and
used from each of the core. But the number of outq will remain
the same and we save the pointer to outq in session for each
of the cores.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Hemant Agrawal
a1173d5559 crypto/dpaa_sec: support PDCP offload
PDCP session configuration for lookaside protocol offload
and data path is added.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Anoob Joseph
f8b36984a6 crypto/octeontx: remove usage of DEPDIRS
DEPDIRS is no longer used in DPDK driver makefiles. Removing it.

Suggested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
2019-01-10 16:57:22 +01:00
Amr Mokhtar
4280cd350b app/bbdev: fix return value check
Added assert check for rte_bbdev_*_op_alloc_bulk in bbdev test app

Coverity issue: 328516, 328525
Fixes: f714a18885 ("app/testbbdev: add test application for bbdev")
Cc: stable@dpdk.org

Signed-off-by: Amr Mokhtar <amr.mokhtar@intel.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
02dc5b7d58 doc: update ipsec-secgw guide and release notes
Update ipsec-secgw guide and release notes to reflect latest changes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
9297844520 examples/ipsec-secgw: add scripts for functional test
The purpose of these scripts is to automate ipsec-secgw functional testing.
The scripts require two machines (SUT and DUT) connected through
at least 2 NICs and running linux (so far tested only on Ubuntu 18.04).
Introduced test-cases for the following scenarios:
- Transport/Tunnel modes
- AES-CBC SHA1
- AES-GCM
- ESN on/off
- legacy/librte_ipsec code path

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
3e5f4625dc examples/ipsec-secgw: make data-path to use IPsec library
Changes to make ipsec-secgw data-path code to utilize librte_ipsec library.
Note that right now by default current (non-librte_ipsec) code-path will
be used. User has to run application with new command-line option ('-l')
to enable new codepath.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
5a032a71c6 examples/ipsec-secgw: make app to use IPsec library
Changes to make ipsec-secgw to utilize librte_ipsec library.
That patch provides:
 - changes in the related data structures.
 - changes in the initialization code.
 - new command-line parameters to enable librte_ipsec codepath
   and related features.

Note that right now by default current (non-librte_ipsec) code-path will
be used. User has to run application with new command-line option ('-l')
to enable new codepath.
The main reason for that:
 - current librte_ipsec doesn't support all ipsec algorithms
   and features that the app does.
 - allow users to run both versions in parallel for some time
   to figure out any functional or performance degradation with the
   new code.

It is planned to deprecate and remove non-librte_ipsec code path
in future releases.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
e0dac065f2 examples/ipsec-secgw: fix inbound SA checking
In the inbound_sa_check() make sure that sa pointer stored
inside mbuf private area is not NULL.

Fixes: d299106e8e ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
d92fc70e14 examples/ipsec-secgw: make local variables static
in sp4.c and sp6.c there are few globals that used only locally.
Define them as static ones.

Cc: stable@dpdk.org

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
aed6eb10ed examples/ipsec-secgw: fix outbound codepath for single SA
Looking at process_pkts_outbound_nosp() there seems few issues:
- accessing mbuf after it was freed
- invoking ipsec_outbound() for ipv4 packets only
- copying number of packets, but not the mbuf pointers itself

that patch provides fixes for that issues.

Fixes: 906257e965 ("examples/ipsec-secgw: support IPv6")
Cc: stable@dpdk.org

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
d87152e796 examples/ipsec-secgw: fix crypto-op might never get dequeued
In some cases crypto-ops could never be dequeued from the crypto-device.
The easiest way to reproduce:
start ipsec-secgw with crypto-dev and send to it less then 32 packets.
none packets will be forwarded.
Reason for that is that the application does dequeue() from crypto-queues
only when new packets arrive.
This patch makes the app to call dequeue() on a regular basis.
Also to make code cleaner and easier to understand,
it separates crypto-dev enqueue() and dequeue() code paths.
pkt_process() now only enqueues packets into crypto device,
dequeuing and final processing is done by drain_crypto_queues().

Fixes: c64278c0c1 ("examples/ipsec-secgw: rework processing loop")
Cc: stable@dpdk.org

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
7622291b64 examples/ipsec-secgw: allow to specify neighbour MAC address
In some cases it is useful to allow user to specify destination
ether address for outgoing packets.
This patch adds such ability by introducing new 'neigh' config
file option.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
03128be4cd examples/ipsec-secgw: allow disabling some Rx/Tx offloads
Right now ipsec-secgw always enables TX offloads
(DEV_TX_OFFLOAD_MULTI_SEGS, DEV_TX_OFFLOAD_SECURITY),
even when they are not requested by the config.
That causes many PMD to choose full-featured TX function,
which in many cases is much slower then one without offloads.
That patch adds ability for the user to disable unneeded HW offloads.
If DEV_TX_OFFLOAD_IPV4_CKSUM is disabled by user, then
SW version of ip cksum calculation is used.
That allows to use vector TX function, when inline-ipsec is not
requested.

Signed-off-by: Remy Horton <remy.horton@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
9ef6cb1a15 doc: add IPsec library guide
Add IPsec library guide and update release notes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
05fe65eb66 test/ipsec: introduce functional test
Create functional test for librte_ipsec.
Note that the test requires null crypto pmd to pass successfully.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
f901d9c826 ipsec: add helpers to group completed crypto-ops
Introduce helper functions to process completed crypto-ops
and group related packets by sessions they belong to.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
c0308cd895 ipsec: rework SA replay window/SQN for MT environment
With these changes functions:
  - rte_ipsec_pkt_crypto_prepare
  - rte_ipsec_pkt_process
 can be safely used in MT environment, as long as the user can guarantee
 that they obey multiple readers/single writer model for SQN+replay_window
 operations.
 To be more specific:
 for outbound SA there are no restrictions.
 for inbound SA the caller has to guarantee that at any given moment
 only one thread is executing rte_ipsec_pkt_process() for given SA.
 Note that it is caller responsibility to maintain correct order
 of packets to be processed.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
4d7ea3e145 ipsec: implement SA data-path API
Provide implementation for rte_ipsec_pkt_crypto_prepare() and
rte_ipsec_pkt_process().
Current implementation:
 - supports ESP protocol tunnel mode.
 - supports ESP protocol transport mode.
 - supports ESN and replay window.
 - supports algorithms: AES-CBC, AES-GCM, HMAC-SHA1, NULL.
 - covers all currently defined security session types:
        - RTE_SECURITY_ACTION_TYPE_NONE
        - RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO
        - RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
        - RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL

For first two types SQN check/update is done by SW (inside the library).
For last two type it is HW/PMD responsibility.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
1e0ad1e36d ipsec: add SA data-path API
Introduce Security Association (SA-level) data-path API
Operates at SA level, provides functions to:
    - initialize/teardown SA object
    - process inbound/outbound ESP/AH packets associated with the given SA
      (decrypt/encrypt, authenticate, check integrity,
      add/remove ESP/AH related headers and data, etc.).

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
9f7b43141c lib: introduce IPsec library
Introduce librte_ipsec library.
The library is supposed to utilize existing DPDK crypto-dev and
security API to provide application with transparent IPsec processing API.
That initial commit provides some base API to manage
IPsec Security Association (SA) object.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
19b08e5406 net: add ESP trailer structure definition
define esp_tail structure.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Konstantin Ananyev
58a8e49a98 security: add opaque userdata pointer into security session
Add 'uint64_t opaque_data' inside struct rte_security_session.
That allows upper layer to easily associate some user defined
data with the session.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
41d561cbdd examples/fips_validation: add power on self test
This patch adds a sample power on self-test to fips_validate
sample application.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
b1d978fc7b cryptodev: add opaque data field to symmetric session
This patch adds a opaque data field to cryptodev symmetric session.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00