From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-f195.google.com (mail-wr0-f195.google.com [209.85.128.195]) by dpdk.org (Postfix) with ESMTP id 39B9F2B89 for ; Thu, 7 Dec 2017 13:21:47 +0100 (CET) Received: by mail-wr0-f195.google.com with SMTP id l22so7255625wrc.11 for ; Thu, 07 Dec 2017 04:21:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=/ma9FJlJ0lbkmu2TBYhiM2o26UBWCa9uf26qBzkmcSI=; b=nzRUy9r/ELWgSF5YWlNSWCav4tav1HWwJ6nmeg9nfxfcvffhRp27HnaTJ0XEqSmJhF +SHr4/po29umPjbDfdZ7VGrrbkOHpVbKY3xxgY4973kvhkRy+VegOGOT7h5yowzUcXIC KJb9DtrqLyN5n5YmLZwfBhVTFNu8N3tlhQCyGNQcnEZbx/mxu8a2gqYX+h2p6NLI+dcE zU31loaOt7hk7e77+HnvQrDtFcztNZ0eFRe4eQe2AP49NY5SP4l4p/0+MPwxA79cZ3uA n8sfRQn2NGJVekQCRyTg4ruBwa0t1Mn/ErmCJ8nyoeuTVEoMNXy4DOEt1saTgJkYfUHE kYlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=/ma9FJlJ0lbkmu2TBYhiM2o26UBWCa9uf26qBzkmcSI=; b=YzFwfI/Wl3KG5WdI2l4S3HjpytXR14wz3eaYwNVAGJQMatAlPk4ScNLKDla/nFb6aQ SJLSlbDZKKlDonpx3ttloG1J/St0IOjQlfRU41oVN/Z03y56LtPMDvfzwxcbprvMRXAF KOo5KDeWYvX9dn5M+gPxol8YU3DVc/p0vHGMfK2El2PiecQ7yO9Q7RV2AclCa+CjGQ5J PDm9kP90zP+kd83VRvgMjI0PzNAAB57yC9QkMxKSxb24LhDpPHz7QsXeGlaJ3+RzYQ5X JYU7JxpK+NsdS4qu2N0LUTMrEjCZduk+70cM/Y7O5p3+//NtaDhf1Bv73MBd1/KeYwJS wtiQ== X-Gm-Message-State: AKGB3mIih+ROJL4a3VP/6gmSX29NK1tmGpwKByR3nfZimelEOfchlYsr XUnhVTQyFj7LdoY4ReycGnXL X-Google-Smtp-Source: AGs4zMZ0qpv3kdWLkNDiNtWzg11fadW8A619VJwYl4EJtNX2asR4wfoTG8yCnhrijN4BDAxoGNgv1Q== X-Received: by 10.223.191.13 with SMTP id p13mr17475372wrh.69.1512649306908; Thu, 07 Dec 2017 04:21:46 -0800 (PST) Received: from laranjeiro-vm.dev.6wind.com (host.78.145.23.62.rev.coltfrance.com. [62.23.145.78]) by smtp.gmail.com with ESMTPSA id y2sm5164936wrd.3.2017.12.07.04.21.46 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 07 Dec 2017 04:21:46 -0800 (PST) Date: Thu, 7 Dec 2017 13:22:04 +0100 From: Nelio Laranjeiro To: Anoob Cc: Sergio Gonzalez Monroy , Radu Nicolau , dev@dpdk.org, Narayana Prasad , Jerin Jacob Message-ID: <20171207122204.6vcejs5lb5pjs4lw@laranjeiro-vm.dev.6wind.com> References: <6ac80a2be156911ee35c894924a02f04c43f49fc.1511449894.git.nelio.laranjeiro@6wind.com> <62e7634a-3375-ac55-fffe-a5b22eb39e0e@caviumnetworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <62e7634a-3375-ac55-fffe-a5b22eb39e0e@caviumnetworks.com> User-Agent: NeoMutt/20170113 (1.7.2) Subject: Re: [dpdk-dev] [PATCH v2 2/2] examples/ipsec-secgw: add target queues in flow actions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2017 12:21:47 -0000 Hi Anoob, On Thu, Dec 07, 2017 at 03:17:40PM +0530, Anoob wrote: > Hi Nelio, > > > On 12/04/2017 07:41 PM, Nelio Laranjeiro wrote: > > Mellanox INNOVA NIC needs to have final target queue actions to perform > > inline crypto. > > > > Signed-off-by: Nelio Laranjeiro > > > > --- > > > > Changes in v2: > > > > * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated. > > --- > > examples/ipsec-secgw/ipsec.c | 81 ++++++++++++++++++++++++++++++++++++++++---- > > examples/ipsec-secgw/ipsec.h | 2 +- > > 2 files changed, 76 insertions(+), 7 deletions(-) > > > > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > > index 17bd7620d..f8823fb94 100644 > > --- a/examples/ipsec-secgw/ipsec.c > > +++ b/examples/ipsec-secgw/ipsec.c > > @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > > rte_eth_dev_get_sec_ctx( > > sa->portid); > > const struct rte_security_capability *sec_cap; > > + int ret = 0; > > sa->sec_session = rte_security_session_create(ctx, > > &sess_conf, ipsec_ctx->session_pool); > > @@ -173,6 +174,10 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > > return -1; > > } > > + sa->attr.egress = (sa->direction == > > + RTE_SECURITY_IPSEC_SA_DIR_EGRESS); > > + sa->attr.ingress = (sa->direction == > > + RTE_SECURITY_IPSEC_SA_DIR_INGRESS); > > sa->ol_flags = sec_cap->ol_flags; > > sa->security_ctx = ctx; > > sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH; > > @@ -201,15 +206,79 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > > sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; > > sa->action[0].conf = sa->sec_session; > > - sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; > > - > > - sa->attr.egress = (sa->direction == > > - RTE_SECURITY_IPSEC_SA_DIR_EGRESS); > > - sa->attr.ingress = (sa->direction == > > - RTE_SECURITY_IPSEC_SA_DIR_INGRESS); > > + if (sa->attr.ingress) { > > + uint8_t rss_key[40]; > > + struct rte_eth_rss_conf rss_conf = { > > + .rss_key = rss_key, > > + .rss_key_len = 40, > > + }; > > + struct rte_eth_dev *eth_dev; > > + union { > > + struct rte_flow_action_rss rss; > > + struct { > > + const struct rte_eth_rss_conf *rss_conf; > > + uint16_t num; > > + uint16_t queue[RTE_MAX_QUEUES_PER_PORT]; > > + } local; > > + } action_rss; > > + unsigned int i; > > + unsigned int j; > > + > > + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; > > + /* > > + * Try implicitly PASSTHRU, it can also be > > + * explicit. > > + */ > May be we can get rid of this check. You can do the check with RSS and then > QUEUE. That should be fine. SECURITY is terminating on Cavium hardware, but > according to the spec it is a non-terminating meta action. We can stick to > that. For Cavium hardware the PMD will give success to SECURITY+QUEUE. That > should resolve the issue. I'll remove it in a v3, I will send it tomorrow to let a little more time for other people to review. Thanks, -- Nélio Laranjeiro 6WIND