Ophir Munk [Sat, 20 Jan 2018 21:11:36 +0000 (21:11 +0000)]
net/tap: implement RSS using eBPF
TAP PMD is required to support RSS queue mapping based on rte_flow API. An
example usage for this requirement is failsafe transparent switching from a
PCI device to TAP device while keep redirecting packets to the same RSS
queues on both devices.
TAP RSS implementation is based on eBPF programs sent to Linux kernel
through BPF system calls and using netlink messages to reference the
programs as part of traffic control commands.
TC uses eBPF programs as classifiers and actions.
eBPF classification: packets marked with an RSS queue will be directed
to this queue using TC with "skbedit" action.
BPF classifiers are downloaded to the kernel once on TAP creation for
each TAP Rx queue.
eBPF action: calculate the Toeplitz RSS hash based on L3 addresses and
L4 ports. Mark the packet with the RSS queue according the resulting
RSS hash, then reclassify the packet.
BPF actions are downloaded to the kernel for each new RSS rule.
TAP eBPF requires Linux version 4.9 configured with BPF. TAP PMD will
successfully compile on systems with old or non-BPF configured kernels but
RSS rules creation on TAP devices will not be successful
Ophir Munk [Sat, 20 Jan 2018 21:11:35 +0000 (21:11 +0000)]
net/tap: add eBPF API
This commit include BPF API to be used by TAP.
tap_flow_bpf_cls_q() - download to kernel BPF program that classifies
packets to their matching queues
tap_flow_bpf_calc_l3_l4_hash() - download to kernel BPF program that
calculates per packet layer 3 and layer 4 RSS hash
tap_flow_bpf_rss_map_create() - create BPF RSS map for storing RSS
parameters per RSS rule
tap_flow_bpf_update_rss_elem() - update BPF map entry with RSS rule
parameters
Ophir Munk [Sat, 20 Jan 2018 21:11:34 +0000 (21:11 +0000)]
net/tap: add eBPF bytes code
File tap_bpf_insns.h was added. It includes eBPF bytes code
which corresponds to source file tap_bpf_program.c
(see "net/tap: add eBPF program file").
The bytes code is in the format of C arrays of struct bpf_insn and
was generated from the C file tap_bpf_program.c
1. The C file was compiled via LLVM into an object file in ELF
format as:
clang -O2 -emit-llvm -c tap_bpf_program.c -o - | llc -march=bpf \
-filetype=obj -o <tap_bpf_program.o>
clang version must be 3.7 and above
The C functions are under different ELF sections and are considered
different BPF programs to be downloaded to the kernel
2. Using an external tool the ELF sections are parsed and the C arrays
of struct bpf_insn are generated. Each C array (corresponding to a
different function under an ELF section) is downloaded to the kernel
using an BPF systm call. The external tool that generates the C arrays
will be added in separate commits.
Ophir Munk [Sat, 20 Jan 2018 21:11:33 +0000 (21:11 +0000)]
net/tap: add eBPF program file
File tap_bpf_program.c was added with two ELF sections
corresponding to two BPF programs and one BPF map.
Section cls_q - BPF classifier to classify packets to their
corresponding queue after an RSS hash was calculated on the packet
and saved in skb->cb[1]
Section l3_l4 - BPF action to calculate RSS hash on packet
layers 3 and 4
This file is not part of DPDK tree compilation.
Ophir Munk [Sat, 20 Jan 2018 21:11:32 +0000 (21:11 +0000)]
net/tap: support actions for different classifiers
Add a generic TC actions handling for TC actions: "mirred",
"gact", "skbedit". This will be useful when introducing
BPF actions, as it uses TCA_BPF_ACT instead of TCA_FLOWER_ACT
Yongseok Koh [Fri, 19 Jan 2018 07:52:55 +0000 (23:52 -0800)]
net/mlx5: fix memory region lookup
This patch reverts:
commit 3a6f2eb8c5c5 ("net/mlx5: fix Memory Region registration")
Although granularity of chunks in a mempool is a cacheline, addresses are
extended to align to page boundary for performance reason in device when
registering a MR (Memory Region). This could make some regions overlap,
then can cause Tx completion error due to incorrect LKEY search. If the
error occurs, the Tx queue will get stuck. It is because buffer address is
compared against aligned addresses for Memory Region. Saving original
addresses of mempool for comparison doesn't create any overlap.
Fixes: b0b093845793 ("net/mlx5: use buffer address for LKEY search") Fixes: 3a6f2eb8c5c5 ("net/mlx5: fix Memory Region registration") Cc: stable@dpdk.org Reported-by: Xueming Li <xuemingl@mellanox.com> Signed-off-by: Xueming Li <xuemingl@mellanox.com> Signed-off-by: Yongseok Koh <yskoh@mellanox.com> Acked-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Beilei Xing [Fri, 19 Jan 2018 07:50:04 +0000 (15:50 +0800)]
net/i40e: fix fail to update packet type table
Fail to update SW ptype mapping table when loading
PPP profile, though profile can be loaded successfully.
It will cause fail to parse SW ptype during receiving
packets. This patch fixes this issue.
Beilei Xing [Fri, 19 Jan 2018 05:23:44 +0000 (13:23 +0800)]
net/i40e: fix flow director Rx resource defect
FDIR Rx ring isn't initialized and Rx queue HW tail isn't updated
when there's error detected during programming FDIR flow. There'll
be some potential risk.
This patch updates FDIR Rx resource.
Fixes: a778a1fa2e4e ("i40e: set up and initialize flow director") Fixes: 05999aab4ca6 ("i40e: add or delete flow director") Cc: stable@dpdk.org Signed-off-by: Beilei Xing <beilei.xing@intel.com> Acked-by: Jingjing Wu <jingjing.wu@intel.com>
Matan Azrad [Thu, 18 Jan 2018 13:51:43 +0000 (13:51 +0000)]
net/vdev_netvsc: implement core functionality
As described in more details in the attached documentation (see patch
contents), this virtual device driver manages NetVSC interfaces in virtual
machines hosted by Hyper-V/Azure platforms.
This driver does not manage traffic nor Ethernet devices directly; it acts
as a thin configuration layer that automatically instantiates and controls
fail-safe PMD instances combining tap and PCI sub-devices, so that each
NetVSC interface is exposed as a single consolidated port to DPDK
applications.
PCI sub-devices being hot-pluggable (e.g. during VM migration),
applications automatically benefit from increased throughput when present
and automatic fallback on NetVSC otherwise without interruption thanks to
fail-safe's hot-plug handling.
Once initialized, the sole job of the vdev_netvsc driver is to regularly
scan for PCI devices to associate with NetVSC interfaces and feed their
addresses to corresponding fail-safe instances.
This patch lays the groundwork for this driver (draft documentation,
copyright notices, code base skeleton and build system hooks). While it can
be successfully compiled and invoked, it's an empty shell at this stage.
Andy Moreton [Fri, 19 Jan 2018 06:47:06 +0000 (06:47 +0000)]
net/sfc/base: fix unused argument warning
The type_data argument to ef10_rx_qcreate is only used
in builds with EFSYS_OPT_RX_PACKED_STREAM. note this as
an unused argument to avoid warnings in builds without
packed stream support.
Fixes: b749646dade4 ("net/sfc/base: add function to create packed stream RxQ") Signed-off-by: Andy Moreton <amoreton@solarflare.com> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
Yong Wang [Thu, 18 Jan 2018 11:48:56 +0000 (06:48 -0500)]
net/dpaa: fix potential memory leak
There are several func calls to rte_zmalloc() which don't do null
pointer check on the return value. And before return, the memory is not
freed. Fix it by adding null pointer check and rte_free().
Fixes: 37f9b54bd3cf ("net/dpaa: support Tx and Rx queue setup") Fixes: 62f53995caaf ("net/dpaa: add frame count based tail drop with CGR") Cc: stable@dpdk.org Signed-off-by: Yong Wang <wang.yong19@zte.com.cn> Reviewed-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Yongseok Koh [Wed, 17 Jan 2018 17:44:13 +0000 (09:44 -0800)]
net/mlx5: fix handling link status event
Even though link of a port gets down, device still can receive traffic.
That is the reason why mlx5_set_link_up/down() switches rx/tx_pkt_burst().
However, if link gets down by an external command (e.g. ifconfig), it isn't
effective. It is better to change burst functions when link status change
is detected.
Fixes: 62072098b54e ("mlx5: support setting link up or down") Cc: stable@dpdk.org Signed-off-by: Yongseok Koh <yskoh@mellanox.com> Acked-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Victor Kaplansky [Wed, 17 Jan 2018 13:49:25 +0000 (15:49 +0200)]
vhost: protect active rings from async ring changes
When performing live migration or memory hot-plugging,
the changes to the device and vrings made by message handler
done independently from vring usage by PMD threads.
This causes for example segfaults during live-migration
with MQ enable, but in general virtually any request
sent by qemu changing the state of device can cause
problems.
These patches fixes all above issues by adding a spinlock
to every vring and requiring message handler to start operation
only after ensuring that all PMD threads related to the device
are out of critical section accessing the vring data.
Each vring has its own lock in order to not create contention
between PMD threads of different vrings and to prevent
performance degradation by scaling queue pair number.
See https://bugzilla.redhat.com/show_bug.cgi?id=1450680
Cc: stable@dpdk.org Signed-off-by: Victor Kaplansky <victork@redhat.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> Acked-by: Yuanhan Liu <yliu@fridaylinux.org>
Junjie Chen [Wed, 17 Jan 2018 15:45:53 +0000 (10:45 -0500)]
vhost: fix mbuf free
dequeue zero copy change buf_addr and buf_iova of mbuf, and return
to mbuf pool without restore them, it breaks vm memory if others allocate
mbuf from same pool since mbuf reset doesn't reset buf_addr and buf_iova.
Fixes: b0a985d1f340 ("vhost: add dequeue zero copy") Cc: stable@dpdk.org Signed-off-by: Junjie Chen <junjie.j.chen@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> Acked-by: Yuanhan Liu <yliu@fridaylinux.org>
Xiao Wang [Thu, 18 Jan 2018 02:20:38 +0000 (10:20 +0800)]
net/virtio: support guest announce
When live migration is done, for the backup VM, either the virtio
frontend or the vhost backend needs to send out gratuitous RARP packet
to announce its new network location.
This patch enables VIRTIO_NET_F_GUEST_ANNOUNCE feature to support live
migration scenario where the vhost backend doesn't have the ability to
generate RARP packet.
Brief introduction of the work flow:
1. QEMU finishes live migration, pokes the backup VM with an interrupt.
2. Virtio interrupt handler reads out the interrupt status value, and
realizes it needs to send out RARP packet to announce its location.
3. Pause device to stop worker thread touching the queues.
4. Inject a RARP packet into a Tx Queue.
5. Ack the interrupt via control queue.
6. Resume device to continue packet processing.
Signed-off-by: Xiao Wang <xiao.w.wang@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> Acked-by: Yuanhan Liu <yliu@fridaylinux.org>
Xiao Wang [Thu, 18 Jan 2018 02:32:24 +0000 (10:32 +0800)]
net: fix RARP generation
Due to a mistake operation from me, older version (v10) was merged to
master branch. It's the v11 should be applied. However, the master branch
is not rebase-able. Thus, this patch is made, from the diff between v10
and v11.
The diffs are:
- Add check for parameter and tailroom in rte_net_make_rarp_packet
- Allocate mbuf in rte_net_make_rarp_packet
Besides that, a link error is fixed when shared lib is enabled.
Fixes: 45ae05df824c ("net: add a helper for making RARP packet") Fixes: c3ffdba0e88a ("vhost: use API to make RARP packet") Signed-off-by: Xiao Wang <xiao.w.wang@intel.com> Signed-off-by: Yuanhan Liu <yliu@fridaylinux.org>
Junjie Chen [Mon, 15 Jan 2018 11:32:19 +0000 (06:32 -0500)]
vhost: do deep copy while reallocating queue
When vhost reallocate dev and vq for NUMA enabled case, it doesn't perform
deep copy, which lead to 1) zmbuf list not valid 2) remote memory access.
This patch is to re-initlize the zmbuf list and also do the deep copy.
Signed-off-by: Junjie Chen <junjie.j.chen@intel.com> Reviewed-by: Zhiyong Yang <zhiyong.yang@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> Acked-by: Yuanhan Liu <yliu@fridaylinux.org>
Tomasz Duszynski [Thu, 18 Jan 2018 10:57:36 +0000 (11:57 +0100)]
net/mrvl: allow changing MTU before port init
DPDK updates MTU once mtu_set() callback returns success.
Since PMD changes port's MTU to dev->mtu every time device is
started it is safe to call mtu_set() before MUSDK ppio was initialized.
Fixes: c0511a8f741f ("net/mrvl: check if ppio is initialized") Cc: stable@dpdk.org Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Ivan Malov [Thu, 18 Jan 2018 09:44:31 +0000 (09:44 +0000)]
net/sfc: convert to new Tx offload API
Ethdev Tx offloads API has changed since:
commit cba7f53b717d ("ethdev: introduce Tx queue offloads API")
This commit support the new Tx offloads API.
The code which fills in txq_flags in default_txconf is preserved
because rte_eth_dev_info_get() lacks conversion between offloads
and txq_flags fields which means that a legacy application which
relies on default_txconf will fail to configure Tx queues in the
case when some bits in txq_flags are mandatory.
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Ivan Malov [Thu, 18 Jan 2018 09:44:30 +0000 (09:44 +0000)]
net/sfc: factor out function to report Tx capabilities
The patch adds a separate function to report supported
Tx capabilities because this function will be required
in more places across the code in the upcoming patches.
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Ivan Malov [Thu, 18 Jan 2018 09:44:28 +0000 (09:44 +0000)]
net/sfc: factor out function to report Rx capabilities
The patch adds a separate function to report supported
Rx capabilities because this function will be required
in more places across the code in the upcoming patches.
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Ivan Malov [Thu, 18 Jan 2018 09:44:27 +0000 (09:44 +0000)]
ethdev: add function to look up Tx offload names
Commonly, drivers converted to the new offload API
may need to log unsupported offloads as a response
to wrong settings. From this perspective, it would
be convenient to have generic functions to look up
offload names. The patch adds such a helper for Tx.
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com> Acked-by: Thomas Monjalon <thomas@monjalon.net>
Ivan Malov [Thu, 18 Jan 2018 09:44:26 +0000 (09:44 +0000)]
ethdev: add function to look up Rx offload names
Commonly, drivers converted to the new offload API
may need to log unsupported offloads as a response
to wrong settings. From this perspective, it would
be convenient to have generic functions to look up
offload names. The patch adds such a helper for Rx.
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com> Acked-by: Thomas Monjalon <thomas@monjalon.net>
Roman Zhukov [Thu, 18 Jan 2018 07:32:56 +0000 (07:32 +0000)]
net/sfc: fix flow RSS check in error handling
RSS is a local variable with address which is never NULL.
Fixes: d77d07391d4d ("net/sfc: support flow API RSS action") Cc: stable@dpdk.org Signed-off-by: Roman Zhukov <roman.zhukov@oktetlabs.ru> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
Roman Zhukov [Thu, 18 Jan 2018 07:32:55 +0000 (07:32 +0000)]
net/sfc: fix initialization of flow structure
The rte_flow is already filled in with zeros in the
case of create. So memset() with zeros is needed only
in validation.
Fixes: a9825ccf5bb8 ("net/sfc: support flow API filters") Cc: stable@dpdk.org Signed-off-by: Roman Zhukov <roman.zhukov@oktetlabs.ru> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
Moti Haimovsky [Wed, 17 Jan 2018 14:04:34 +0000 (16:04 +0200)]
net/tap: use new Rx offloads API
Ethdev Rx offloads API has changed since:
commit ce17eddefc20 ("ethdev: introduce Rx queue offloads API")
This commit adds support for the new Rx offloads API.
Moti Haimovsky [Wed, 17 Jan 2018 14:04:33 +0000 (16:04 +0200)]
net/tap: use new Tx offloads API
Ethdev Tx offloads API has changed since:
commit cba7f53b717d ("ethdev: introduce Tx queue offloads API")
This commit adds support for the new Tx offloads API.
This commit support the new Tx offloads API. Queue configuration
is stored in ena_ring.offloads. During preparing mbufs for tx, offloads are
allowed only if appropriate flags in this field are set.
Increase the internal limit for flow types from 32 to 64
to support future flow type extensions.
Change type of variables from uint32_t[] to uint64_t[]:
rte_eth_fdir_info.flow_types_mask
rte_eth_hash_global_conf.sym_hash_enable_mask
rte_eth_hash_global_conf.valid_bit_mask
This modification affects the following components:
net/i40e
net/ixgbe
app/testpmd
George Wilkie [Wed, 10 Jan 2018 17:08:52 +0000 (17:08 +0000)]
net/vmxnet3: reset packet type for non-IPv4 packets
With bonding, after sending sufficient ipv4 packets,
bond_ethdev_rx_burst_8023ad() no longer recognizes LACP packets
because the packet_type is set to RTE_PTYPE_L3_IPV4.
Ensure packet_type is reset for non-ipv4 packets in vmxnet3_rx_offload.
Signed-off-by: George Wilkie <george.wilkie@intl.att.com> Acked-by: Shrikrishna Khare <skhare@vmware.com>
Moti Haimovsky [Wed, 17 Jan 2018 14:30:13 +0000 (16:30 +0200)]
net/failsafe: use new Rx offloads API
Ethdev Rx offloads API has changed since:
commit ce17eddefc20 ("ethdev: introduce Rx queue offloads API")
This commit adds support for the new Rx offloads API.
Moti Haimovsky [Wed, 17 Jan 2018 14:30:12 +0000 (16:30 +0200)]
net/failsafe: use new Tx offloads API
Ethdev Tx offloads API has changed since:
commit cba7f53b717d ("ethdev: introduce Tx queue offloads API")
This commit adds support for the new Tx offloads API.
Nipun Gupta [Mon, 15 Jan 2018 11:38:05 +0000 (17:08 +0530)]
net/dpaa2: use hash FLCTYPE only for LX2
Enabling hash results in FD requires setting DPNI_FLCTYPE_HASH in
dpni_set_offload API. Setting this FLCTYPE for DPNI sets the FD[SC]
to 0 for LS2 in the hardware thus disabling data/annotation stashing.
For LX2 this is fixed in hardware and thus hash result and parse
results can be received in FD using this option.
Rasesh Mody [Fri, 12 Jan 2018 21:50:01 +0000 (13:50 -0800)]
net/qede: replace config option with run-time arg
This patch adds support for handling run-time driver arguments.
We have removed config option for per VF Tx switching and added
a run-time argument vf_txswitch. By default, the VF Tx switching is
enabled however it can be disabled using run-time argument.
Sample usage to disable per port VF Tx switching is something like...
Pablo de Lara [Wed, 13 Dec 2017 15:54:08 +0000 (15:54 +0000)]
cryptodev: remove duplicated device name length
Two macros were defined in cryptodev, to serve the same
purpose: RTE_CRYPTODEV_NAME_LEN (in the config file) and
RTE_CRYPTODEV_NAME_MAX_LEN (in the rte_cryptodev.h file).
Since the second one is part of the external API,
the first one has been removed, avoiding duplications.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Tomasz Duszynski <tdu@semihalf.com>
Akhil Goyal [Thu, 11 Jan 2018 11:55:36 +0000 (17:25 +0530)]
examples/ipsec-secgw: fix corner case for SPI value
IPSec application is using index 0 of SA table as error,
with current value of IPSEC_SA_MAX_ENTRIES(128) it can
not support SA with spi = 128, as it uses sa_idx = 0
in the SA table.
With this patch, sa_idx = 0 can also be used.
PS: spi = 0 is an invalid SPI and application throws error
for it.
Akhil Goyal [Thu, 14 Dec 2017 07:19:23 +0000 (12:49 +0530)]
examples/ipsec-secgw: improve IPsec dequeue logic
Since the processing of crypto operations may take time
due to hardware offload, all the packets may not be available
in the single dequeue command.
So it may happen that there is leakage of cops, and there is
nobody to dequeue the packets because dequeue of crypto ops is
done only once for a particular queue pair even if it has more
packets in flight.
This patch dequeue the packets again if the inflight packets are
more than the max packet burst.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Context memory is allocated from mempool. Ideally
it will get all memory from single segment, so simple offset
calculation is used for address conversion for such addresses
from context memory.
Akhil Goyal [Thu, 14 Dec 2017 06:52:02 +0000 (12:22 +0530)]
examples/ipsec-secgw: add cryptodev mask option
Previously, ipsec-secgw application did not give user the
flexibility to decide which crypto device(s) will be used.
In this patch, a new cryptodev_mask option is added to the
application. Same as portmask, the cryptodev_mask avails the
user to mask out the unwanted crypto devices in the system.
This patch is similar to the support added in l2fwd-crypto
(d2797f51cc63: examples/l2fwd-crypto: add cryptodev mask option)
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Anoob Joseph [Mon, 18 Dec 2017 07:15:05 +0000 (07:15 +0000)]
examples/ipsec-secgw: support inline protocol
Adding support for inline protocol processing
In ingress side, application will receive regular IP packets, without
any IPsec related info. Application will do a selector check (SP-SA
check) by making use of the metadata from the packet. The
device-specific metadata in mbuf would aid in determing the security
session which processed the packet.
In egress side, the plain packet would be submitted to the driver. The
packet will have optional metadata, which could be used to identify the
security session associated with the packet.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com> Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Anoob Joseph [Mon, 18 Dec 2017 07:15:04 +0000 (07:15 +0000)]
security: support user data retrieval
In case of inline protocol processed ingress traffic, the packet may not
have enough information to determine the security parameters with which
the packet was processed. In such cases, application could get metadata
from the packet which could be used to identify the security parameters
with which the packet was processed.
Application could register "userdata" with the security session, and
this could be retrieved from the metadata of inline processed packets.
The metadata returned by "rte_security_get_pkt_metadata()" will be
device specific. Also the driver is expected to return the application
registered "userdata" as is, without any modifications.
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Pablo de Lara [Wed, 13 Dec 2017 13:14:08 +0000 (13:14 +0000)]
app/crypto-perf: support IMIX
Add support for IMIX performance tests, where a distribution
of various packet sizes can be submitted to a crypto
device, testing a closer to a real world scenario.
A sequence of packet sizes, selected randomly from a list of packet
sizes (with "buffer-sz" parameter) with a list of the weights
per packet size (using "imix" parameter), is generated
(the length of this sequence is the same length as the pool,
set with "pool-sz" parameter).
This sequence is used repeteadly for all the crypto
operations submitted to the crypto device (with "--total-ops" parameter).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Pablo de Lara [Wed, 13 Dec 2017 15:55:00 +0000 (15:55 +0000)]
cryptodev: fix function prototype
qp_detach_session function was using the attach_session_t
function prototype, instead of detach_session_t.
Since both of them have the same parameters, there were
no compilation issues, but it is not consistent.
Fixes: d816fdea557c ("cryptodev: add API to associate session with queue pair") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Nélio Laranjeiro [Thu, 23 Nov 2017 10:02:39 +0000 (11:02 +0100)]
security: fix pedantic compilation
/x86_64-native-linuxapp-gcc/include/rte_security.h:229:8:
error: struct has no members [-Werror=pedantic]
struct rte_security_macsec_xform {
^~~~~~~~~~~~~~~~~~~~~~~~~
/x86_64-native-linuxapp-gcc/include/rte_security.h:453:3:
error: struct has no members [-Werror=pedantic]
struct {
^~~~~~
Fixes: c261d1431bd8 ("security: introduce security API and framework") Cc: stable@dpdk.org Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Nélio Laranjeiro [Thu, 23 Nov 2017 10:02:38 +0000 (11:02 +0100)]
crypto: fix pedantic compilation
/x86_64-native-linuxapp-gcc/include/rte_crypto.h:126:28:
error: ISO C forbids zero-size array ‘sym’ [-Werror=pedantic]
struct rte_crypto_sym_op sym[0];
^~~
Zero-size array is an extension to the language it cannot be replaced by a
empty size array i.e. [] because structure is inside a union.
Fixes: d2a4223c4c6d ("cryptodev: do not store pointer to op specific params") Cc: stable@dpdk.org Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Anoob Joseph [Tue, 12 Dec 2017 08:32:25 +0000 (08:32 +0000)]
examples/ipsec-secgw: fix usage of incorrect port
When security offload is enabled, the packet should be forwarded on the
port configured in the SA. Security session will be configured on that
port only, and sending the packet on other ports could result in
unencrypted packets being sent out.
This would have performance improvements too, as the per packet LPM
lookup would be avoided for IPsec packets, in inline mode.
Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload") Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Andrea Grandi [Wed, 22 Nov 2017 18:03:12 +0000 (10:03 -0800)]
doc: fix format in OpenSSL installation guide
List of supported OpenSSL versions and code block with dependencies were
not properly formatted.
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Cc: stable@dpdk.org Signed-off-by: Andrea Grandi <andrea.grandi@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Andrea Grandi [Wed, 22 Nov 2017 18:03:11 +0000 (10:03 -0800)]
doc: fix lists of supported crypto algorithms
Add a missing space must before the first item of the list to display it
correctly in the User Guide.
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Fixes: b79e4c00af0e ("cryptodev: use AES-GCM/CCM as AEAD algorithms") Cc: stable@dpdk.org Signed-off-by: Andrea Grandi <andrea.grandi@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Aleksey Baulin [Sun, 19 Nov 2017 22:16:04 +0000 (01:16 +0300)]
eal: improve likely and unlikely macros
A warning is issued when using an argument to likely() or unlikely()
builtins which is evaluated to a pointer value, as __builtin_expect()
expects a 'long int' type for its first argument. With this fix
a pointer value is converted to an integer with the value of 0 or 1.
git.droids-corp.org / dpdk.git / log