From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 8DEC32C38 for ; Mon, 23 Jan 2017 03:30:41 +0100 (CET) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga103.fm.intel.com with ESMTP; 22 Jan 2017 18:30:40 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,272,1477983600"; d="scan'208";a="56321518" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga005.fm.intel.com with ESMTP; 22 Jan 2017 18:30:39 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 22 Jan 2017 18:30:39 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX103.ccr.corp.intel.com ([10.239.4.69]) with mapi id 14.03.0248.002; Mon, 23 Jan 2017 10:30:38 +0800 From: "Peng, Yuan" To: "Bie, Tiwei" , "dev@dpdk.org" CC: "adrien.mazarguil@6wind.com" , "Lu, Wenzhuo" , "Mcnamara, John" , "olivier.matz@6wind.com" , "thomas.monjalon@6wind.com" , "Ananyev, Konstantin" , "Zhang, Helin" , "Dai, Wei" , "Wang, Xiao W" Thread-Topic: [dpdk-dev] [PATCH v7 0/6] Add MACsec offload support for ixgbe Thread-Index: AQHSbZCRZlqqVN3t5ECbTGidD6ivhKFFXQwQ Date: Mon, 23 Jan 2017 02:30:37 +0000 Message-ID: <67D543A150B29E4CAAE53918F64EDAEA369B18C8@shsmsx102.ccr.corp.intel.com> References: <1484109098-8936-1-git-send-email-tiwei.bie@intel.com> <1484306501-164565-1-git-send-email-tiwei.bie@intel.com> In-Reply-To: <1484306501-164565-1-git-send-email-tiwei.bie@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYjc2MDUzZjYtNjY2YS00YjA1LTlkODctZDJmODVlY2I2OTg1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX1BVQkxJQyJ9XX1dfSwiU3ViamVjdExhYmVscyI6W10sIlRNQ1ZlcnNpb24iOiIxNS45LjYuNiIsIlRydXN0ZWRMYWJlbEhhc2giOiJrcGNnMkROQTk2TTBxZHc2K3BmcUVqd3ZZSHpJa3JSalBIQWs4bE1PMytNPSJ9 x-ctpclassification: CTP_PUBLIC x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v7 0/6] Add MACsec offload support for ixgbe X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2017 02:30:42 -0000 Tested-by: Peng Yuan - version: 17.02-rc1 - OS/Kernel: 4.5.5-300.fc24.x86_64 - GCC: gcc (GCC) 5.3.1 20151207 (Red Hat 5.3.1-2) - NIC: 82599 Test cases: 5 Passed: 5 Test steps: Test Case 1: MACsec packets send and receive =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1. connect the two ixgbe ports with a cable, and bind the two ports to dpdk driver:: ./tools/dpdk-devbind.py -b igb_uio 07:00.0 07:00.1 2. config the rx port 1). start the testpmd of rx port:: ./testpmd -c 0xc --socket-mem 1024,1024 --file-prefix=3Drx -w 0000:07:00.1= \ -- --port-topology=3Dchained -i --crc-strip 2). set MACsec offload on:: testpmd>set macsec offload 0 on encrypt on replay-protect on 3). set MACsec parameters as rx_port:: testpmd>set macsec sc rx 0 00:00:00:00:00:01 0 testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000 4). set MACsec parameters as tx_port:: testpmd>set macsec sc tx 0 00:00:00:00:00:02 0 testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000 5). set rxonly:: testpmd>set fwd rxonly 6). start:: testpmd>set promisc all on testpmd>start 3. config the tx port 1). start the testpmd of tx port:: ./testpmd -c 0x30 --socket-mem 1024,1024 --file-prefix=3Dtx -w 0000:07:00.= 0 \ -- --port-topology=3Dchained -i --crc-strip --txqflags=3D0x0 2). set MACsec offload on:: testpmd>set macsec offload 0 on encrypt on replay-protect on 3). set MACsec parameters as tx_port:: testpmd>set macsec sc tx 0 00:00:00:00:00:01 0 testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000 4). set MACsec parameters as rx_port:: testpmd>set macsec sc rx 0 00:00:00:00:00:02 0 testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000 5). set txonly:: testpmd>set fwd txonly 6). start:: testpmd>start 4. check the result:: testpmd>stop testpmd>show port xstats 0 stop the packet transmiting on tx_port first, then stop the packet receivin= g on rx_port. check the rx data and tx data: tx_good_packets =3D=3D rx_good_packets out_pkts_encrypted =3D=3D in_pkts_ok =3D=3D tx_good_packets =3D=3D rx_good_= packets out_octets_encrypted =3D=3D in_octets_decrypted out_octets_protected =3D=3D in_octets_validated if you want to check the content of the packet, use the command:: testpmd>set verbose 1 the received packets are Decrypted. check the ol_flags:PKT_RX_IP_CKSUM_GOOD check the content of the packet: type=3D0x0800, the ptype of L2,L3,L4: L2_ETHER L3_IPV4 L4_UDP Test Case 2: MACsec packets send and normal receive =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D 1. disable MACsec offload on rx port:: testpmd>set macsec offload 0 off 2. start the the packets transfer 3. check the result:: testpmd>stop testpmd>show port xstats 0 stop the testpmd on tx_port first, then stop the testpmd on rx_port. the received packets are encrypted. check the content of the packet: type=3D0x88e5 sw ptype: L2_ETHER - l2_len=3D14 - Receive queue=3D0x0 you can't find L3 and L4 infomation in the packet in_octets_decrypted and in_octets_validated doesn't increase on last data transfer. Test Case 3: normal packet send and MACsec receive =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1. enable MACsec offload on rx port:: testpmd>set macsec offload 0 on encrypt on replay-protect on 2. disable MACsec offload on tx port:: testpmd>set macsec offload 0 off 3. start the the packets transfer 4. check the result:: testpmd>stop testpmd>show port xstats 0 stop the testpmd on tx_port first, then stop the testpmd on rx_port. the received packets are not encrypted. check the content of the packet: type=3D0x0800, the ptype of L2,L3,L4: L2_ETHER L3_IPV4 L4_UDP in_octets_decrypted and out_pkts_encrypted doesn't increase on last data transfer. Test Case 4: MACsec send and receive with wrong parameters =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D 1. don't add "--txqflags=3D0x0" in the tx_port command line. the MACsec offload can't work. the tx packets are normal packets. 2. set different pn on rx and tx port, then start the data transfer. 1) set the parameters as test case 1, start and stop the data transfer. check the result, rx port can receive and decrypt the packets normally. 2) reset the pn of tx port to 0:: testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000 rx port can receive the packets until the pn equals the pn of tx port:: out_pkts_encrypted =3D in_pkts_late + in_pkts_ok 3. set different keys on rx and tx port, then start the data transfer:: the RX-packets=3D0, in_octets_decrypted =3D=3D out_octets_encrypted, in_pkts_notvalid =3D=3D out_pkts_encrypted, in_pkts_ok=3D0, rx_good_packets=3D0 4. set different pi on rx and tx port(reset on rx_port), then start the dat= a transfer:: in_octets_decrypted =3D=3D out_octets_encrypted, in_pkts_ok =3D 0, in_pkts_nosci =3D=3D out_pkts_encrypted 5. set different an on rx and tx port, then start the data transfer:: rx_good_packets=3D0, in_octets_decrypted =3D=3D out_octets_encrypted, in_pkts_notusingsa =3D=3D out_pkts_encrypted, in_pkts_ok=3D0, rx_good_packets=3D0 6. set different index on rx and tx port, then start the data transfer:: in_octets_decrypted =3D=3D out_octets_encrypted, in_pkts_ok =3D=3D out_pkts_encrypted Test Case 5: performance test of MACsec offload packets =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D 1. tx linerate port0 connected to IXIA port5, port1 connected to IXIA port6, set port0 MACsec offload on, set fwd mac:: ./x86_64-native-linuxapp-gcc/app/testpmd -c 0xc -- -i \ --port-topology=3Dchained --crc-strip --txqflags=3D0x0 on IXIA side, start IXIA port6 transmit, start the IXIA capture. view the IXIA port5 captrued packet, the protocol is MACsec, the EtherTy= pe is 0x88E5, and the packet length is 96bytes, more than the normal packet 32 bytes. The valid frames received rate is 10.78Mpps, and the %linerate is 100%. 2. rx linerate there are three ports 05:00.0 07:00.0 07:00.1. connect 07:00.0 to 07:00.= 1 with cable, connect 05:00.0 to IXIA. bind the three ports to dpdk driver= . start two testpmd:: ./testpmd -c 0x3 --socket-mem 1024,1024 --file-prefix=3Drx -w 0000:07:0= 0.1 \ -- --port-topology=3Dchained -i --crc-strip --txqflags=3D0x0 testpmd>set macsec offload 0 on encrypt on replay-protect on testpmd>set macsec sc rx 0 00:00:00:00:00:01 0 testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000 testpmd>set macsec sc tx 0 00:00:00:00:00:02 0 testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000 testpmd>set fwd rxonly ./testpmd -c 0xc --socket-mem 1024,1024 --file-prefix=3Dtx -b 0000:07:0= 0.1 \ -- --port-topology=3Dchained -i --crc-strip --txqflags=3D0x0 testpmd>set macsec offload 1 on encrypt on replay-protect on testpmd>set macsec sc rx 1 00:00:00:00:00:02 0 testpmd>set macsec sa rx 1 0 0 0 00112200000000000000000000000000 testpmd>set macsec sc tx 1 00:00:00:00:00:01 0 testpmd>set macsec sa tx 1 0 0 0 00112200000000000000000000000000 testpmd>set fwd mac start on both two testpmd. start data transmit from IXIA port, the frame size is 64bytes, the Ethertype is 0x0800. the rate is 14.88Mpps. check the linerate on rxonly port:: testpmd>show port stats 0 It shows "Rx-pps: 10775697", so the rx %linerate is 100%. check the MACsec packets number on tx side:: testpmd>show port xstats 1 on rx side:: testpmd>show port xstats 0 in_pkts_ok =3D=3D out_pkts_encrypted Thank you. Yuan. -----Original Message----- From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Tiwei Bie Sent: Friday, January 13, 2017 7:22 PM To: dev@dpdk.org Cc: adrien.mazarguil@6wind.com; Lu, Wenzhuo ; Mcnamar= a, John ; olivier.matz@6wind.com; thomas.monjalon@= 6wind.com; Ananyev, Konstantin ; Zhang, Helin= ; Dai, Wei ; Wang, Xiao W Subject: [dpdk-dev] [PATCH v7 0/6] Add MACsec offload support for ixgbe This patch set adds the MACsec offload support for ixgbe. The testpmd is also updated to support MACsec cmds. v2: - Update the documents for testpmd; - Update the release notes; - Reuse the functions provided by base code; v3: - Add the missing parts of MACsec mbuf flag and reorganize the patch set; - Add an ethdev event type for MACsec; - Advertise the MACsec offload capabilities based on the mac type; - Minor fixes and improvements; v4: - Reserve bits in mbuf and ethdev for PMD specific API; - Use the reserved bits in PMD specific API; v5: - Add MACsec offload in the NIC feature list; - Minor improvements on comments; v6: - Revert the changes related to the reserved flags; - Rebase the patch set on the latest branch, xstats code is changed recentl= y; - Update the feature list when adding the MACsec support for ixgbe; v7: - Fix clang build; Tiwei Bie (6): mbuf: add flag for MACsec ethdev: add event type for MACsec ethdev: add MACsec offload capability flags net/ixgbe: add MACsec offload support app/testpmd: add MACsec offload commands doc: add ixgbe specific APIs app/test-pmd/cmdline.c | 389 ++++++++++++++++++++++ app/test-pmd/macfwd.c | 2 + app/test-pmd/macswap.c | 2 + app/test-pmd/testpmd.h | 2 + app/test-pmd/txonly.c | 2 + doc/guides/nics/features/default.ini | 1 + doc/guides/nics/features/ixgbe.ini | 1 + doc/guides/rel_notes/release_17_02.rst | 10 + doc/guides/testpmd_app_ug/testpmd_funcs.rst | 32 ++ drivers/net/ixgbe/ixgbe_ethdev.c | 482 ++++++++++++++++++++++++= +++- drivers/net/ixgbe/ixgbe_ethdev.h | 45 +++ drivers/net/ixgbe/ixgbe_rxtx.c | 3 + drivers/net/ixgbe/rte_pmd_ixgbe.h | 100 ++++++ drivers/net/ixgbe/rte_pmd_ixgbe_version.map | 11 + lib/librte_ether/rte_ethdev.h | 3 + lib/librte_mbuf/rte_mbuf.c | 2 + lib/librte_mbuf/rte_mbuf.h | 6 + 17 files changed, 1088 insertions(+), 5 deletions(-) --=20 2.7.4