From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-f171.google.com (mail-wr0-f171.google.com [209.85.128.171]) by dpdk.org (Postfix) with ESMTP id 5FB5E2C54 for ; Wed, 29 Nov 2017 13:50:46 +0100 (CET) Received: by mail-wr0-f171.google.com with SMTP id o2so3281756wro.5 for ; Wed, 29 Nov 2017 04:50:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=CaVwEo/6++65nvEmoemC7fVaYqJQzBA3aQvqy9wQ1/c=; b=DiA9gpqlJJ1DSn8MIhq8PFfHG/Ax0TpVuh0s46yPd7DheEsHFS4RpDeqoeXsCsANSd YgFS76PZOKB6Cd6aZjjxEsUyz/cXDSNYiI0MNHCj1LGpYZIM425NKTHUuMo3+Ih+WIls v1hokmG1I+gNxhO/WNR2shSco2nS/ERRmFruZIRThGTr8kJVR9kNCjpjxm88wSmYjjWY c8O2N6XJvPnOebMu4UDoBQx6GZ6NNESFVYu+0vZt3GPhsouUQ+Kbf1TU98Vufnjd+W1/ OuPo/83DjaxFS7KukjcA9UFlSh5Mzu0kTJPsEygLmFc0EDm1mF2Sq2/d6PCLptbnDGok pNtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=CaVwEo/6++65nvEmoemC7fVaYqJQzBA3aQvqy9wQ1/c=; b=bN0sU/VV1bvU8P+qrxP9vNY/VOKELFXStDO1kV0I+pJqVvdwh0Z0FjWTLSOwe40qpl ZzvQELkUw0kwTGepGzHE3M9w2oSDhBMOqq8VmZSdWP2FgRpGHJoD7egz3oHfSL0iY1mY Ygs2gKYdSY5v18/al8nAP+ijdOkaxCSkNtwGGo10FfdGjehbuCobVtbO9rY734cZOjOo MigT84rOhjPPfgoO1NnBAxhIHZCEyyJ3AC9zVB/hHdXMApWE4e+UDtDplfJqS+te7Nmx Pu5uKpz48p3lwTNHAkpJa4YAybSZg2I5NqFEUbYYJ8ZcAuQ5CpEFjDRDpBqEJ5vcNmSH blWg== X-Gm-Message-State: AJaThX4GwQ7a997/LtdNARrJ+2UsMwTooQwbdgidKUFK68KWoZLhMGmI TN1QL3o99CrxEsqpBe50CW/k X-Google-Smtp-Source: AGs4zMaFYWU4FHx0lXqq7sV2OLbqGDF9Ke0oBxRuVHQzBGgb6uI69utTUhaR48IEapmQEkZOFMOsow== X-Received: by 10.223.153.100 with SMTP id x91mr2254383wrb.189.1511959846001; Wed, 29 Nov 2017 04:50:46 -0800 (PST) Received: from laranjeiro-vm.dev.6wind.com (host.78.145.23.62.rev.coltfrance.com. [62.23.145.78]) by smtp.gmail.com with ESMTPSA id q15sm1347587wra.91.2017.11.29.04.50.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 29 Nov 2017 04:50:45 -0800 (PST) Date: Wed, 29 Nov 2017 13:50:45 +0100 From: Nelio Laranjeiro To: Anoob Cc: Sergio Gonzalez Monroy , Radu Nicolau , dev@dpdk.org Message-ID: <20171129125045.lqfs6xmqradolz4x@laranjeiro-vm.dev.6wind.com> References: <6ac80a2be156911ee35c894924a02f04c43f49fc.1511449894.git.nelio.laranjeiro@6wind.com> <532499c2-b00e-870e-625d-9aa13302a8a3@caviumnetworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <532499c2-b00e-870e-625d-9aa13302a8a3@caviumnetworks.com> User-Agent: NeoMutt/20170113 (1.7.2) Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add target queues in flow actions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 12:50:46 -0000 Hi Anoob, On Wed, Nov 29, 2017 at 06:00:38PM +0530, Anoob wrote: > Hi Nelio, > > Since support of RSS with inline crypto/protocol is hardware > implementation dependent, it would be better if there is some sort of > capability check before setting the flow parameters in the application. > > If the hardware doesn't support RSS with inline processing, then the RSS > flow action will have to be ignored in the driver. This wouldn't look > right from application's point of view. And also the PMD would need > application-specific logic to handle such cases, which may not scale well. There is a real issue here, RTE_FLOW API needs a terminal action, security is not one [1] you must have one of the followings: QUEUE, DROP, RSS, PF, VF or PASSTHRU. Flow API does not work with "capabilities" as the application can verify the rule using the validate(). If it cannot be validated the application can test another kind of rule until the PMD returns a success. Here, I am proposing the RSS as RSS with a single queue is equivalent to queue. On Mellanox NIC we need the RSS or QUEUE in ingress and for Egress PASSTHRU is good. What are your needs? Regards, > Thanks, > Anoob > > On 11/23/2017 08:42 PM, Nelio Laranjeiro wrote: > > Mellanox INNOVA NIC needs to have final target queue actions to perform > inline crypto. > > Signed-off-by: Nelio Laranjeiro [1] > --- > examples/ipsec-secgw/ipsec.c | 27 ++++++++++++++++++++++++++- > examples/ipsec-secgw/ipsec.h | 2 +- > 2 files changed, 27 insertions(+), 2 deletions(-) > > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index 17bd7620d..e967f88b3 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -142,6 +142,22 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > rte_eth_dev_get_sec_ctx( > sa->portid); > const struct rte_security_capability *sec_cap; > + uint8_t rss_key[40]; > + struct rte_eth_rss_conf rss_conf = { > + .rss_key = rss_key, > + .rss_key_len = 40, > + }; > + struct rte_eth_dev *eth_dev; > + union { > + struct rte_flow_action_rss rss; > + struct { > + const struct rte_eth_rss_conf *rss_conf; > + uint16_t num; > + uint16_t queue[RTE_MAX_QUEUES_PER_PORT]; > + } local; > + } action_rss; > + unsigned int i; > + unsigned int j; > > sa->sec_session = rte_security_session_create(ctx, > &sess_conf, ipsec_ctx->session_pool); > @@ -201,7 +217,16 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; > sa->action[0].conf = sa->sec_session; > > - sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; > + sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS; > + sa->action[1].conf = &action_rss; > + eth_dev = ctx->device; > + rte_eth_dev_rss_hash_conf_get(sa->portid, &rss_conf); > + for (i = 0, j = 0; i < eth_dev->data->nb_rx_queues; ++i) > + if (eth_dev->data->rx_queues[i]) > + action_rss.local.queue[j++] = i; > + action_rss.local.num = j; > + action_rss.local.rss_conf = &rss_conf; > + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; > > sa->attr.egress = (sa->direction == > RTE_SECURITY_IPSEC_SA_DIR_EGRESS); > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index 775b316ff..82ffc1c6d 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -133,7 +133,7 @@ struct ipsec_sa { > uint32_t ol_flags; > > #define MAX_RTE_FLOW_PATTERN (4) > -#define MAX_RTE_FLOW_ACTIONS (2) > +#define MAX_RTE_FLOW_ACTIONS (4) > struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN]; > struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS]; > struct rte_flow_attr attr; > > References > > Visible links > 1. mailto:nelio.laranjeiro@6wind.com [1] http://dpdk.org/doc/guides/prog_guide/rte_flow.html?highlight=rte_flow#actions -- Nélio Laranjeiro 6WIND