git.droids-corp.org - dpdk.git/log

ethdev: move egress metadata to dynamic field

The dynamic mbuf fields were introduced by [1]. The egress metadata is
good candidate to be moved from statically allocated field tx_metadata to
dynamic one. Because mbufs are used in half-duplex fashion only, it is
safe to share this dynamic field with ingress metadata.

The shared dynamic field contains either egress (if application going to
transmit mbuf with tx_burst) or ingress (if mbuf is received with rx_burst)
metadata and can be accessed by RTE_FLOW_DYNF_METADATA() macro or with
rte_flow_dynf_metadata_set() and rte_flow_dynf_metadata_get() helper
routines. PKT_TX_DYNF_METADATA/PKT_RX_DYNF_METADATA flag will be set
along with the data.

The mbuf dynamic field must be registered by calling
rte_flow_dynf_metadata_register() prior accessing the data.

The availability of dynamic mbuf metadata field can be checked with
rte_flow_dynf_metadata_avail() routine.

DEV_TX_OFFLOAD_MATCH_METADATA offload and configuration flag is removed.
The metadata support in PMDs is engaged on dynamic field registration.

Metadata feature is getting complex. We might have some set of actions
and items that might be supported by PMDs in multiple combinations,
the supported values and masks are the subjects to query by perfroming
trials (with rte_flow_validate).

[1] http://patches.dpdk.org/patch/62040/

Signed-off-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Ori Kam <orika@mellanox.com>

ethdev: extend flow metadata

Currently, metadata can be set on egress path via mbuf tx_metadata field
with PKT_TX_METADATA flag and RTE_FLOW_ITEM_TYPE_META matches metadata.

This patch extends the metadata feature usability.

1) RTE_FLOW_ACTION_TYPE_SET_META

When supporting multiple tables, Tx metadata can also be set by a rule and
matched by another rule. This new action allows metadata to be set as a
result of flow match.

2) Metadata on ingress

There's also need to support metadata on ingress. Metadata can be set by
SET_META action and matched by META item like Tx. The final value set by
the action will be delivered to application via metadata dynamic field of
mbuf which can be accessed by RTE_FLOW_DYNF_METADATA() macro or with
rte_flow_dynf_metadata_set() and rte_flow_dynf_metadata_get() helper
routines. PKT_RX_DYNF_METADATA flag will be set along with the data.

The mbuf dynamic field must be registered by calling
rte_flow_dynf_metadata_register() prior to use SET_META action.

The availability of dynamic mbuf metadata field can be checked
with rte_flow_dynf_metadata_avail() routine.

If application is going to engage the metadata feature it registers
the metadata dynamic fields, then PMD checks the metadata field
availability and handles the appropriate fields in datapath.

For loopback/hairpin packet, metadata set on Rx/Tx may or may not be
propagated to the other path depending on hardware capability.

MARK and METADATA look similar and might operate in similar way,
but not interacting.

Initially, there were proposed two metadata related actions:

- RTE_FLOW_ACTION_TYPE_FLAG
- RTE_FLOW_ACTION_TYPE_MARK

These actions set the special flag in the packet metadata, MARK action
stores some specified value in the metadata storage, and, on the packet
receiving PMD puts the flag and value to the mbuf and applications can
see the packet was threated inside flow engine according to the appropriate
RTE flow(s). MARK and FLAG are like some kind of gateway to transfer some
per-packet information from the flow engine to the application via
receiving datapath. Also, there is the item of type RTE_FLOW_ITEM_TYPE_MARK
provided. It allows us to extend the flow match pattern with the capability
to match the metadata values set by MARK/FLAG actions on other flows.

From the datapath point of view, the MARK and FLAG are related to the
receiving side only. It would useful to have the same gateway on the
transmitting side and there was the feature of type RTE_FLOW_ITEM_TYPE_META
was proposed. The application can fill the field in mbuf and this value
will be transferred to some field in the packet metadata inside the flow
engine. It did not matter whether these metadata fields are shared because
of MARK and META items belonged to different domains (receiving and
transmitting) and could be vendor-specific.

So far, so good, DPDK proposes some entities to control metadata inside
the flow engine and gateways to exchange these values on a per-packet basis
via datapaths.

As we can see, the MARK and META means are not symmetric, there is absent
action which would allow us to set META value on the transmitting path.
So, the action of type:

- RTE_FLOW_ACTION_TYPE_SET_META was proposed.

The next, applications raise the new requirements for packet metadata.
The flow ngines are getting more complex, internal switches are introduced,
multiple ports might be supported within the same flow engine namespace.
From the DPDK points of view, it means the packets might be sent on one
eth_dev port and received on the other one, and the packet path inside
the flow engine entirely belongs to the same hardware device. The simplest
example is SR-IOV with PF, VFs and the representors. And there is a
brilliant opportunity to provide some out-of-band channel to transfer
some extra data from one port to another one, besides the packet data
itself. And applications would like to use this opportunity.

It is supposed for application to use trials (with rte_flow_validate)
to detect which metadata features (FLAG, MARK, META) actually supported
by PMD and underlying hardware. It might depend on PMD configuration,
system software, hardware settings, etc., and should be detected
in run time.

Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Ori Kam <orika@mellanox.com>

ethdev: enhance burst mode information API

Change the type of burst mode information from bit field to free string
data, so that each PMD can describe the Rx/Tx busrt functions flexibly.

Fixes: eb5902504a13 ("ethdev: add API for getting burst mode information")
Fixes: 6b6609f68ccd ("net/i40e: support Rx/Tx burst mode info")
Fixes: e9a10e6c2102 ("net/ice: support Rx/Tx burst mode info")
Fixes: 7fe108edcf53 ("app/testpmd: show Rx/Tx burst mode description")

Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
Acked-by: Ray Kinsella <ray.kinsella@intel.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

doc: replace license text with SPDX tag for nfp

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>

net/octeontx2: fix 32-bit build

x86_x32 compilation failing due to incorrect format specifiers in logs.

Fixes: a78b9246723b ("net/octeontx2: add remaining PTP operations")
Cc: stable@dpdk.org
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

net/bnxt: fix Rx queue start/stop for Thor based NICs

Controller-specific handling is required for Thor-based NICs when
stopping or starting a receive queue, otherwise packet reception
may not be reliably resumed when a stopped receive queue is
restarted:
  - The VNIC default receive ring needs to be recomputed when a
    receive queue is stopped or started.
  - When stopping the last (or only) receive queue for a given
    VNIC, ensure that no packets can reach the default receive
    ring by temporarily setting the VNIC MRU to zero.

Fixes: f8168ca0e690 ("net/bnxt: support thor controller")
Cc: stable@dpdk.org
Signed-off-by: Lance Richardson <lance.richardson@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>

net/bnxt: release HWRM lock before returning

The function bnxt_vnic_rss_configure_thor() returns early when
all receive queues are stopped without releasing the hwrm
spinlock, which causes subsequent HWRM operations to hang. Fix
by ensuring that the lock is released before returning from
this function.

Fixes: 38412304b50a ("net/bnxt: enable RSS for thor-based controllers")
Cc: stable@dpdk.org
Signed-off-by: Lance Richardson <lance.richardson@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>

net/bnxt: keep consistent Rx queue start/stop state

Receive queue state needs to reflect "started" state when rebuilding
the RSS table for Thor-based NICs. Move state update so that receive
queues being started are included in the RSS table.

Fixes: 38412304b50a ("net/bnxt: enable RSS for thor-based controllers")
Cc: stable@dpdk.org
Signed-off-by: Lance Richardson <lance.richardson@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>

net/bnxt: fix RSS table update for start/stop Rx queue

A previous commit made updating of the RSS table when a receive
queue is stopped/started conditional on vnic->rx_queue_cnt being
nonzero. This count is only nonzero for dynamically created VNICs,
so the RSS table was not being updated in the normal path.
Fix by restoring the original logic.

Also ensure that vnic->rx_queue_cnt is initialized to zero when
reinitializing the VNIC array.

Fixes: 36024b2e7fe5 ("net/bnxt: allow dynamic creation of VNIC")

Signed-off-by: Lance Richardson <lance.richardson@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>

net/bnxt: fix COS queue mapping

While issuing hwrm_queue_qportcfg command, we are setting the
drv_qmap_cap bit which is causing the firmware to return incorrect COS
queue mapping.
This bit is not required when COS classification is enabled.

Fixes: 698aa7e95325 ("net/bnxt: add code to determine the Tx COS queue")
Cc: stable@dpdk.org
Signed-off-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>

net/bnxt: fix initialization

During initialization sequence in bnxt_alloc_mem()
if bnxt_alloc_async_cp_ring() fails, driver invokes bnxt_free_mem()
which in turn call bnxt_free_vnic_mem() which causes the error logs
"bnxt_free_vnic_mem(): VNIC is not freed yet!". This is because
vnic memory is allocated but not initialized yet.

Fix this by moving bnxt_init_vnics() from bnxt_init_nic() to
bnxt_alloc_vnic_mem(). Also get rid of bnxt_init_nic() as the
initialization is done in respective functions now.

Fixes: 1bf01f5135f8 ("net/bnxt: prevent device access when device is in reset")

Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Santoshkumar Karanappa Rastapur <santosh.rastapur@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>

net/bnxt: fix VNIC allocation on port toggle

bnxt_init_chip called on port start keeps incrementing rx_cosq_cnt.
Hence more vnics are allocated with less number of rings on each port
stop/start operation. Eventually vnic allocation fails due to incorrect
ring group as no ring gets allocated to the vnic.

Fixes: 84d49664b5b2 ("net/bnxt: support CoS classification")

Signed-off-by: Santoshkumar Karanappa Rastapur <santosh.rastapur@broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>

net/bnxt: fix redundant MAC address check

filter->mac_index is used to check, if a same mac is
already programmed. Hence, filter->dflt member is not
needed which is also used for mac addr redundancy check.

This patch fixes it by moving mac_index based redundant
check from bnxt_mac_addr_add_op to bnxt_add_mac_filter

Fixes: 6118503d8071 ("net/bnxt: fix VLAN filtering")
Cc: stable@dpdk.org
Signed-off-by: Venkat Duvvuru <venkatkumar.duvvuru@broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>

net/bnxt: fix L4 checksum indication in non-vector Rx

Update "mbuf->ol_flags" correctly for inner and ourter ip checksum
errors in case of tunnel and non-tunnel packets.

Fixes: 65ee636872eb ("net/bnxt: fix Rx checksum flags")
Cc: stable@dpdk.org
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>

net/bnxt: fix debug log level

Creating a flow is a normal event; should not be logged at error level.

Fixes: 5c1171c97216 ("net/bnxt: refactor filter/flow")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>

net/mlx5: check port ID and VLAN actions ordering

Rdma-core needs the dst_vport (port_id) action be after push/pop VLAN
and modify hdr actions otherwise it will reject to create rule.

This pach validates the port_id is after push/pop VLAN and set VLAN
VID/PCP otherwise PMD spits out errors.

Fixes: 5f163d520cff ("net/mlx5: support modify VLAN ID on existing VLAN header")

Signed-off-by: Xiaoyu Min <jackmin@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>

net/mlx5: fix set VLAN ID/PCP in new header

Currently if user want to set VLAN id/pcp on an about to be pushed VLAN
header, the of_set_vlan_vid/of_set_vlan_pcp must be present _before_
action of_push_vlan:

[1] ... actions of_set_vlan_vid vlan_vid 2 / of_push_vlan ...

This is misleading because people think rule [1] intends to set VLAN id
on the existing VLAN header and then push one new VLAN header on top of
it.

A more natual way to set VLAN id/pcp on an to be pushed VLAN header
should be:

[2] ... actions of_push_vlan / of_set_vlan_vid vlan_vid 2 / ...

Fixes: a5f2da0b816b ("net/mlx5: support modify VLAN ID on new VLAN header")
Fixes: 68fad3635042 ("net/mlx5: support modifying VLAN priority on VLAN header")

Signed-off-by: Xiaoyu Min <jackmin@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: remove redundant new line in logs

DRV_LOG macro is used to print log messages, one per line.
In several locations this macro is used with redundant '\n' character
at the end of the log message, causing blank lines between log lines.

This patch removes the '\n' character where it is redundant.

Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/ice: fix setting max frame size

Max frame size is not set to HW, so packets above the MTU
do not get dropped by HW. The patch fixed the issue.

Fixes: 50370662b727 ("net/ice: support device and queue ops")
Cc: stable@dpdk.org
Signed-off-by: Jiaqi Min <jiaqix.min@intel.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ixgbe: fix link status

The link status for 82599eb got from link status register was not
correct, check the enable/disable flag of tx laser when getting the link
status, set the link status down if tx laser disabled since the tx laser
flag could be set correctly when up/down the link status.

Fixes: dc66e5fd01b9 ("net/ixgbe: improve link state check on VF")
Cc: stable@dpdk.org
Signed-off-by: Xiao Zhang <xiao.zhang@intel.com>
Reviewed-by: Wei Zhao <wei.zhao1@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ixgbe: fix port close in FreeBSD

FreeBSD OS doesn't support igb_uio interrupt, so it will fail when
unregister the interrupt callback in port close. We can fix the issue by
passing -ENOENT when check the return value of unregister interrupt
callback function.

Fixes: f2f4990eff94 ("net/ixgbe: release port upon close")

Signed-off-by: Chenxu Di <chenxux.di@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/i40e: handle QinQ strip

Qinq strip is not supported by i40e. When user tries to turn on
QinQ strip, the driver gives unsupported return value and log.

Signed-off-by: Tao Zhu <taox.zhu@intel.com>
Acked-by: Beilei Xing <beilei.xing@intel.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ice/base: fix symmetric hash configure

When a new hash profile is created, we need to reset all related
GLQF_HSYMM registers, otherwise unexpected hash behaviour may happen
on packet that hits that profile.

The patch fixes the issue that we only do reset when symmetric hash
is required, but actually for non symmetric hash we also need this,
since GLQF_HSYMM might be polluted by previous configuration.

Fixes: ddae0440353f ("net/ice/base: enable symmetric hash for RSS")

Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Tested-by: Simei Su <simei.su@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ixgbe: fix MACsec setting

MACsec setting is not valid when port is stopped.
In order to make it valid, the patch changes the setting
to where port is started.

Fixes: 597f9fafe13b ("app/testpmd: convert to new Tx offloads API")
Cc: stable@dpdk.org
Signed-off-by: Guinan Sun <guinanx.sun@intel.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ice: remove GTPU tunnel support for inner L4

The current code doesn't support L4 matching, it only supports L3
matching so remove the code for inner L4.

Fixes: efc16c621415 ("net/ice: support flow director GTPU tunnel")

Signed-off-by: Yahui Cao <yahui.cao@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ixgbe: remove unused macro in NEON path

Fixes: ed838a5fe957 ("net/ixgbe: use intrinsics to count packet in NEON Rx")
Cc: stable@dpdk.org
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

net/ixgbe: support packet type with NEON

Ptype parse is missing in aarch64 vector PMD. It makes packet type info
provided by NIC get lost, thus requires extra CPU cycles to do this.
Add the parse process to utilize NIC hardware capability.

In test with l3fwd (removed port conf DEV_RX_OFFLOAD_CHECKSUM),
observed over 3% performance gain.

Fixes: b20971b6cca0 ("net/ixgbe: implement vector driver for ARM")
Cc: stable@dpdk.org
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

doc: remove flow director feature from hns3

This patch removes deprecated feature 'Flow Director' from hns3.ini
and hns3_vf.ini because the feature has been removed from the
feature list in the following commit:
Commit 030febb6642c ("doc: remove deprecated ethdev features")

Signed-off-by: Wei Hu (Xavier) <xavier.huwei@huawei.com>
Signed-off-by: Chunsong Feng <fengchunsong@huawei.com>

ethdev: add flow tag

A tag is a transient data which can be used during flow match. This can be
used to store match result from a previous table so that the same pattern
need not be matched again on the next table. Even if outer header is
decapsulated on the previous match, the match result can be kept.

Some device expose internal registers of its flow processing pipeline and
those registers are quite useful for stateful connection tracking as it
keeps status of flow matching. Multiple tags are supported by specifying
index.

Example testpmd commands are:

  flow create 0 ingress pattern ... / end
    actions set_tag index 2 value 0xaa00bb mask 0xffff00ff /
            set_tag index 3 value 0x123456 mask 0xffffff /
            vxlan_decap / jump group 1 / end

  flow create 0 ingress pattern ... / end
    actions set_tag index 2 value 0xcc00 mask 0xff00 /
            set_tag index 3 value 0x123456 mask 0xffffff /
            vxlan_decap / jump group 1 / end

  flow create 0 ingress group 1
    pattern tag index is 2 value spec 0xaa00bb value mask 0xffff00ff /
            eth ... / end
    actions ... jump group 2 / end

  flow create 0 ingress group 1
    pattern tag index is 2 value spec 0xcc00 value mask 0xff00 /
            tag index is 3 value spec 0x123456 value mask 0xffffff /
            eth ... / end
    actions ... / end

  flow create 0 ingress group 2
    pattern tag index is 3 value spec 0x123456 value mask 0xffffff /
            eth ... / end
    actions ... / end

Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Acked-by: Ori Kam <orika@mellanox.com>

ethdev: remove deprecated port count function

The function rte_eth_dev_count() was marked as deprecated in DPDK 18.05
in commit d9a42a69febf ("ethdev: deprecate port count function").
It was planned to be removed after 19.11 LTS release,
but given we must not break ABI between 19.11 and 20.11,
it is removed now.

Note the ABI version is not dumped in this commit
because other changes already did.

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>

mk: fix dpaax library dependency

This patch fixes dpaax library dependency for
NXP's PMDs.

Fixes: e56463ec47f0 ("net/enetc: enable dpaax library")
Fixes: 67fc3ff97c39 ("net/pfe: introduce basic functions")
Fixes: 9e727d4a3fd4 ("crypto/caam_jr: integrate DPAAX table")

Suggested-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

net/mlx5: split hairpin flows

Since the encap action is not supported in RX, we need to split the
hairpin flow into RX and TX.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: add default flows for hairpin

When using hairpin all traffic from TX hairpin queues should jump
to dedecated table where matching can be done using regesters.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: add ID generation

When splitting flows for example in hairpin / metering, there is a need
to combine the flows. This is done using ID.
This commit introduce a simple way to generate such IDs.

The reason why bitmap was not used is due to fact that the release and
allocation are O(n) while in the chosen approch the allocation and
release are O(1)

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: add internal tag item and action

This commit introduce the setting and matching on registers.
This item and and action will be used with number of different
features like hairpin, metering, metadata.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: support RSS on hairpin

Add support for rss on hairpin queues.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: add hairpin binding function

When starting the port, in addition to creating the queues
we need to bind the hairpin queues.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: get hairpin capabilities

This commits adds the hairpin get capabilities function.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: support Tx hairpin queues

This commit adds the support for creating Tx hairpin queues.
Hairpin queue is a queue that is created using DevX and only used
by the HW.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: prepare Tx queues to have different types

Currently all Tx queues are created using Verbs.
This commit modify the naming so it will not include verbs,
since in next commit a new type will be introduce (hairpin)

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: support Rx hairpin queues

This commit adds the support for creating Rx hairpin queues.
Hairpin queue is a queue that is created using DevX and only used
by the HW. This results in that all the data part of the RQ is not being
used.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: query hairpin capabilities

This commit query and store the hairpin capabilities from the device.

Those capabilities will be used when creating the hairpin queue.

Signed-off-by: Ori Kam <orika@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

ethdev: add hairpin queue

This commit introduce hairpin queue type.

The hairpin queue in build from Rx queue binded to Tx queue.
It is used to offload traffic coming from the wire and redirect it back
to the wire.

There are 3 new functions:
- rte_eth_dev_hairpin_capability_get
- rte_eth_rx_hairpin_queue_setup
- rte_eth_tx_hairpin_queue_setup

In order to use the queue, there is a need to create rte_flow
with queue / RSS action that targets one or more of the Rx queues.

Signed-off-by: Ori Kam <orika@mellanox.com>
Reviewed-by: Andrew Rybchenko <arybchenko@solarflare.com>

ethdev: move queue state defines to private file

The queue state defines are internal to the DPDK.
This commit moves them to a private header file.

Signed-off-by: Ori Kam <orika@mellanox.com>
Reviewed-by: Andrew Rybchenko <arybchenko@solarflare.com>

net/octeontx2: support HIGIG2

Adding support to parse higig2 header in RTE flow for octeontx2.
And added devargs to configure port for higig2.

Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

net/octeontx2: support enabling switch type

Adding support to configure specific switch types like high2 and dsa
on a port. When this switch type is configured, it is expected that
all the traffic on that port should be of specific type only.

Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

net/octeontx2: skip flow control on LBK ports

LBK interface does not support any flow control related
HW configurations.

Skip flow control set requests on LBK bound ethports.

Signed-off-by: Harman Kalra <hkalra@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

net/octeontx2: fix VF index in VF action

VF index needs to be checked against maxvf count
before incrementing it for preparing pf_func.

Fixes: 520270d5184a ("net/octeontx2: support PF and VF action")
Cc: stable@dpdk.org
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

net/qede: fix setting VLAN strip mode

Commit 9a6d30ae6d46 ("net/qede: refactoring vport handling code")
deleted the code as part of refactoring which sets vlan strip mode.
Revert it back and fix vlan strip feature.

Fixes: 9a6d30ae6d46 ("net/qede: refactoring vport handling code")
Cc: stable@dpdk.org
Signed-off-by: Shahed Shaikh <shshaikh@marvell.com>
Reviewed-by: Rasesh Mody <rmody@marvell.com>

net/qede: fix setting MTU

New MTU value is not propagated to vport in HW when MTU update request
is sent while ports are stopped.

This patch fixes the logic error for above mentioned condition.

Fixes: d121a6b5f781 ("net/qede: fix VF MTU update")
Cc: stable@dpdk.org
Signed-off-by: Shahed Shaikh <shshaikh@marvell.com>
Reviewed-by: Rasesh Mody <rmody@marvell.com>

net/qede/base: update FW to 8.40.33.0

In our testing we have identified a critical FW bug. Performance
is degraded significantly for certain packet sizes with 8.40.25.0 FW.

This patch updates the FW to version 8.40.33.0. The updated FW has a
fix to performance issue.

The patch also adds initialization for FW overlay RAM as part of
hardware initialization which is required by the new FW.

Fixes: 3b307c55f2ac ("net/qede/base: update FW to 8.40.25.0")
Cc: stable@dpdk.org
Signed-off-by: Rasesh Mody <rmody@marvell.com>

net/ena: fix indication of bad L4 Rx checksums

Add checking of l4_csum_checked and frag flags before checking the
l4_csum_error flag.

In case of IP fragment/unchecked L4 csum - add PKT_RX_L4_CKSUM_UNKNOWN
flag to the indicated mbuf.

Fixes: 1173fca25af9 ("ena: add polling-mode driver")
Cc: stable@dpdk.org
Signed-off-by: Igor Chauskin <igorch@amazon.com>
Reviewed-by: Maciej Bielski <mba@semihalf.com>
Reviewed-by: Michal Krawczyk <mk@semihalf.com>

net/ice: fix flow director

Flow director rule can't be created when the flow table is nearly full.
The patch fixed this issue to enable created flows reaching the maximum
number.

Fixes: 1a2fc1799f09 ("net/ice: reject duplicated flow for flow director")

Signed-off-by: Ying A Wang <ying.a.wang@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ice: correct key length and queues check for RSS

This patch corrects key_len and queues check. The key_len and queues
are not supported to configure for RSS in rte_flow.

Fixes: 5ad3db8d4bdd ("net/ice: enable advanced RSS")

Signed-off-by: Simei Su <simei.su@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ice/base: fix ptype mapping pollution from GTP flow

A new gtp flow's profile will capture other profile's non-gtp ptypes
which is unexpected. For example, a RSS flow for inner IP / UDP on
regular tunnel packet's behaviour will be changed by a following GTP RSS
rule where inner IP is the only inputset, since all tunnel ptypes have
been shifted from the first profile to the second one.

The patch fixes the issue by correcting the ptype mapping that prevents
the ptype shift.

Fixes: d1c2f76b440a ("net/ice/base: support GTP and PPPoE protocols")

Signed-off-by: Qi Zhang <qi.z.zhang@intel.com>
Tested-by: Simei Su <simei.su@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ice: fix RSS types check

This patch corrects logic error for checking rss->types to match
pattern in RSS action parser.

Fixes: 5ad3db8d4bdd ("net/ice: enable advanced RSS")

Signed-off-by: Simei Su <simei.su@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/bonding: fix port ID check

Port validation should be prior to getting device data
to avoid segment fault. This patch fixed the segment fault
caused by invalid port using.

Fixes: 6d72657ce379 ("net/bonding: add other aggregator modes")
Fixes: 112891cd27e5 ("net/bonding: add dedicated HW queues for LACP control")
Cc: stable@dpdk.org
Signed-off-by: Junyu Jiang <junyux.jiang@intel.com>
Acked-by: Chas Williams <chas3@att.com>

net/mlx5: fix LRO dependency to include DV flow

Rx queue for LRO is created using DevX. Flows created on this queue
must use the DV flow engine.

This patch adds check of dv_flow_en=1 when configuring LRO support
on device spawn.
Documentation is updated accordingly.

Fixes: 175f1c21d033 ("net/mlx5: check conditions to enable LRO")
Cc: stable@dpdk.org
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>

net/mlx5: fix compilation directive

Glue function mlx5_glue_devx_qp_query() uses wrong directive
HAVE_IBV_DEVX_ASYNC by mistake.
This patch replaces the directive to HAVE_IBV_DEVX_OBJ, as required.

Fixes: 62d6f70f30f4 ("net/mlx5: add glue for queue query via DevX")
Cc: stable@dpdk.org
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>

net/ice: fix flow API framework

In non-pipeline mode, switch should be used as FDIR'S backup.
The patch fixed rule can't be created when FDIR'S flow table is full.

Fixes: 7615a6895009 ("net/ice: rework for generic flow enabling")

Signed-off-by: Ying A Wang <ying.a.wang@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/igb: fix PHY status if PHY reset is not blocked

When PHY reset is blocked as is the case when BMC is connected via NC-SI
do not set GO_LINKD bit in PHY power management register in dev_stop as
this will disconnect the PHY. Also, in dev_close clear the GO_LINKD
bit only if PHY reset is not blocked

Fixes: 3af34dec0b41 ("igb: force phy power up/down")
Cc: stable@dpdk.org
Signed-off-by: Shweta Choudaha <shweta.choudaha@att.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/ice: fix packet type table

The original packet type table's hw-ptype index to sw-ptype
mapping is wrong. This patch fixed the issue.

Fixes: ab9dccf09af9 ("net/ice: support packet type getting")
Cc: stable@dpdk.org
Signed-off-by: Ying A Wang <ying.a.wang@intel.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>

net/fm10k: fix mbuf free in vector Rx

There's a corner case that all the Rx queue mbufs are allocated but none
of them is used, this patch fixes mbuf free for this case.

Fixes: b6719f8a04bb ("fm10k: release mbuf for vector Rx")
Cc: stable@dpdk.org
Signed-off-by: Xiao Wang <xiao.w.wang@intel.com>
Signed-off-by: Anna Lukin <annal@silicom.co.il>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>

drivers: process shared link dependencies as for libs

For the public APIs of DPDK libraries we run checks for correct use of
experimental tags, and also do dynamic generation of the version file to
its window's equivalent. Although must drivers don't export APIs, some do,
so these checks are relevant and should be copied from lib/meson.build to
drivers/meson.build.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>

lib: check experimental symbols with meson

Call check-experimental-syms.sh script as part of the meson build to ensure
that all functions are correctly tagged.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>

buildtools: remove make-specific from symbols check

The check-experimental-syms.sh script was finding the map-list-symbol.sh
script using $RTE_SDK, which is the variable set when using the "make"
build system. To make this script more independent, we just use the current
path of the script as the location to find its companion script.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>

test/compress: refactor unit tests

Core engine refactoring (test_deflate_comp_decomp function).
Smaller specialized functions created.

Signed-off-by: Artur Trybula <arturx.trybula@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>

crypto/openssl: use local copy for session contexts

Session contexts are used for temporary storage when processing a
packet.
If packets for the same session are to be processed simultaneously on
multiple cores, separate contexts must be used.

Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a
variable on the stack: it must be allocated. This in turn reduces the
performance.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>

crypto/dpaa2_sec: add enqueue retry timeout

This patch adds retry in the DPAA2 SEC packet enqueue API

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaax_sec: enable anti replay window config

This patch usages the anti replay window size to config
the anti replay checking in decap path for lookaside
IPSEC offload

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

examples/ipsec-secgw: fix library mode selection in tests

Right now majority of lib mode functional tests enable
library mode with '-w N' option.
It worked till recently, as legacy mode didn't support replay window.
Now it changed.
To fix - use '-l' option to enable library mode explicitly.

Fixes: 929784452094 ("examples/ipsec-secgw: add scripts for functional test")

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

ipsec: remove redundant replay window size

The rte_security lib has introduced replay_win_sz,
so it can be removed from the rte_ipsec lib.

The relevant tests, app are also update to reflect
the usages.

Note that esn and anti-replay fileds were earlier used
only for ipsec library, they were enabling the libipsec
by default. With this change esn and anti-replay setting
will not automatically enabled libipsec.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

security: add anti replay window size

At present the ipsec xfrom is missing the important step
to configure the anti replay window size.
The newly added field will also help in to enable or disable
the anti replay checking, if available in offload by means
of non-zero or zero value.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

examples/ipsec-secgw: fix SHA256-HMAC digest length

As per RFC4868, SHA-256 should use 128 bits of ICV.
Fixes: b5350285ce6e ("examples/ipsec-secgw: support SHA256 HMAC")
Cc: stable@dpdk.org
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaax_sec: enable IPsec AES-CTR to use nonce

The protocol aware ipsec descriptor has been modified to
use ctr_initial value of 1 and salt configured for ipsec SA.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaax_sec: use AES-CTR initial counter as 1

As per RFC3686, the initial aes-ctr counter value should be '1' for use
in ipsec. The patches changes SEC descriptor for using correct counter
value. In addition, it drops a redundant parameter for passing IV while
creating the descriptor.

This patch adds changes for all NXP crypto PMDs

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa_sec: use macros in queue attach and detach

Align the cleanup and allocation for the queues.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa2_sec: remove redundant checks

This patch remove redundant context type checks.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaax_sec: warn on truncated SHA-256

This patch throw the warning when using truncated digest
len for SHA256 case.
As per RFC4868, SHA-256 should use 128 bits of ICV.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

test/crypto: enable additional cases for dpaax

This patch enables short buffer and 12 bit IV AES-CTR cases
for dpaax_sec pmds.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa_sec: support AES-GCM for lookaside protocol

This patch add support for AES-128-GCM, when used in
lookaside protocol offload case.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa2_sec: support AES-GCM for lookaside protocol

AES-GCM is now supported for lookaside protocol offload also.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa_sec: support null cipher and null auth

These are supported when using protocol offload mode or when
in chain mode.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa2_sec: support null cipher and null auth

These are supported when using protocol offload mode or in chain mode.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa_sec: add check for session validity

Check if the session is not null during processing.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa2_sec: add check for session validity

Check if the session is not null during processing.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa_sec: fix PDCP capability flags

set the pdcp capa_flags to 0 by default.

Fixes: a1173d55598c ("crypto/dpaa_sec: support PDCP offload")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/aesni_gcm: support in-place chained mbufs

IPSec Multi buffer library supports encryption on multiple segments.
When dealing with chained buffers (multiple segments), as long as
the operation is in-place, the destination buffer does not have to
be contiguous (unlike in the case of out-of-place operation).
Therefore, the limitation of not supporting in-place chained mbuf
can be removed.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

doc: support IPsec Multi-buffer lib v0.53

Updated AESNI MB and AESNI GCM PMD documentation guides
with information about the latest Intel IPSec Multi-buffer
library supported.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

examples/ipsec-secgw: fix GCM IV length

The example IPsec application does not work properly when using
AES-GCM with crypto_openssl.

ESP with AES-GCM uses standard 96bit long algorithm IV ([1]) which
later concatenated with be32(1) forms a J0 block. GCM specification
([2], chapter 7.1) states that when length of IV is different than
96b, in order to format a J0 block, GHASH function must be used.

According to specification ([2], chapter 5.1.1) GCM implementations
should support standard 96bit IVs, other lengths are optional. Every
DPDK cryptodev supports 96bit IV and few of them supports 128bit
IV as well (openssl, mrvl, ccp). When passing iv::length=16 to a
cryptodev which does support standard IVs only (e.g. qat) it
implicitly uses starting 96 bits. On the other hand, openssl follows
specification and uses GHASH to compute J0 for that case which results
in different than expected J0 values used for encryption/decryption.

Fix an inability to use AES-GCM with crypto_openssl by changing IV
length to the standard value of 12.

[1] RFC4106, section "4. Nonce format" and "3.1. Initialization Vector"
https://tools.ietf.org/html/rfc4106
[2] NIST SP800-38D
https://csrc.nist.gov/publications/detail/sp/800-38d/final

Fixes: 0fbd75a99f ("cryptodev: move IV parameters to session")
Cc: stable@dpdk.org
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

crypto/dpaa2_sec: fix length retrieved from hardware

FD retrieved from SEC after crypto processing provides
an updated length of the buffer which need to be updated
in mbuf. The difference in length can be negative hence
changing diff to int32_t from uint32_t.

Fixes: 0a23d4b6f4c2 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>

app/test-sad: add sanity checks

Coverity reported about two division by zero:
*** CID 350344: Incorrect expression (DIVIDE_BY_ZERO)
Although in fact these dividers will never be equal to 0,
adding explicit checks in lookup() to make coverity happy
will not affect the execution speed.

Fixes: 908be0651a5a ("app/test-sad: add test application for IPsec SAD")

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

examples/ipsec-secgw: add offload fallback tests

Add tests for offload fallback feature; add inbound config modificator
SGW_CFG_XPRM_IN (offload fallback setting can be set only for inbound
SAs). Tests are using cryptodev for outbound SA.

To test fragmentation with QAT set:
MULTI_SEG_TEST="--reassemble=4096 --cryptodev_mask=0x5555"

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Bernard Iremonger <bernard.iremonger@intel.com>

examples/ipsec-secgw: add fragment TTL option

Due to fragment loss on highly saturated links and long fragment
lifetime, ipsec-secgw application quickly runs out of free reassembly
buckets. As a result new fragments are being dropped.

Introduce --frag-ttl option which allow user to lower default fragment
lifetime which solves problem of saturated reassembly buckets with high
bandwidth fragmented traffic.

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

examples/ipsec-secgw: support fallback session

Inline processing is limited to a specified subset of traffic. It is
often unable to handle more complicated situations, such as fragmented
traffic. When using inline processing such traffic is dropped.

Introduce fallback session for inline crypto processing allowing
handling packets that normally would be dropped. A fallback session is
configured by adding 'fallback' keyword with 'lookaside-none' parameter
to an SA configuration. Only 'inline-crypto-offload" as a primary
session and 'lookaside-none' as a fall-back session combination is
supported by this patch.

Fallback session feature is not available in the legacy mode.

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Bernard Iremonger <bernard.iremonger@intel.com>

examples/ipsec-secgw: clean SA structure

Cleanup ipsec_sa structure by removing every field that is already in
the rte_ipsec_session structure:
* cryptodev/security session union
* action type
* offload flags
* security context
References to abovementioned fields are changed to direct references
to matching fields of rte_ipsec_session structure.

Such refactoring is needed to introduce many sessions per SA feature,
e.g. fallback session for inline offload processing.

Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Bernard Iremonger <bernard.iremonger@intel.com>

ci: remove LTO job

The LTO job using gcc-7 has two issues at the moment:
- warnings about implicit fallthroughs trigger build errors:

In file included from ...common/include/rte_memory.h:22:0,
                 from ...linux/eal/eal_hugepage_info.c:24:
...common/include/rte_common.h: In function ‘rte_str_to_size’:
...common/include/rte_common.h:744:27: error: this statement may
  fall through [-Werror=implicit-fallthrough=]
  case 'G': case 'g': size *= 1024; /* fall-through */
                      ~~~~~^~~~~~~

- if we disable this warning, linking the binaries takes too much time
  and the job is terminated by Travis because it reaches the maximum
  time limit

Fixes: 098cc0fea3be ("build: add option to enable LTO")

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>

mk: disable OCTEON TX2 on old compilers

This disables OCTEON TX2 for gcc 4.8.5 as the compiler is
emitting "internal compiler error" for aarch64.

Fixes: 9a8864c8b5da ("net/octeontx2: add build and doc infrastructure")
Cc: stable@dpdk.org
Signed-off-by: Ali Alnubani <alialnu@mellanox.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>

mk: fix build on arm64

OcteonTx was disabled for causing an internal compiler error on old gcc
versions.
See commit 4f760550a093 ("mk: disable OcteonTx for buggy compilers").

The condition that was added later to apply disabling OcteonTx
only on arm64 caused the condition to never be obeyed because it
compares ["arm64"] to [arm64].

This fixes the condition by using RTE_ARCH instead of CONFIG_RTE_ARCH,
because the former has the quotes removed, while the later doesn't.

Fixes: f3af3e44a444 ("mk: disable OcteonTx for buggy compilers only on arm64")
Cc: stable@dpdk.org
Signed-off-by: Ali Alnubani <alialnu@mellanox.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Jerin Jacob <jerinj@marvell.com>

doc: disable dot graph in doxygen

Ubuntu ships with a patched version of doxygen that enables
HAVE_DOT (disabled by default). Enabling this option causes the warning:
"""
warning: Included by graph for 'rte_common.h' not generated,
too many nodes. Consider increasing DOT_GRAPH_MAX_NODES
"""
This reproduces with doxygen version 1.8.13 and
dot - graphviz version 2.40.1 on Ubuntu 18.04.

This will force doxygen not to assume that dot (part of Graphviz)
is installed, and will result in dot not being used for visualization.

If someone still needs to generate the graphs, the following can
be considered:
- Increase DOT_GRAPH_MAX_NODES to a large value.
- Set HAVE_DOT for more powerful graphs.
- Set DOT_IMAGE_FORMAT=svg to generate svg images.
- Set INTERACTIVE_SVG=YES to allow zooming and panning.

See:
- http://changelogs.ubuntu.com/changelogs/pool/main/d/doxygen/doxygen_1.8.13-10/changelog
- http://www.doxygen.nl/manual/config.html#cfg_have_dot
- https://github.com/doxygen/doxygen/issues/7345

Signed-off-by: Ali Alnubani <alialnu@mellanox.com>
Acked-by: John McNamara <john.mcnamara@intel.com>