DPDK patches and discussions
 help / color / mirror / Atom feed
From: Anoob Joseph <anoobj@marvell.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>,
	Akhil Goyal <akhil.goyal@nxp.com>
Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
	"Narayana Prasad Raju Athreya" <pathreya@marvell.com>,
	Ankur Dwivedi <adwivedi@marvell.com>,
	Archana Muniganti <marchana@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>,
	Vamsi Krishna Attunuru <vattunuru@marvell.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	Thomas Monjalon <thomas@monjalon.net>,
	"Nicolau, Radu" <radu.nicolau@intel.com>,
	Lukas Bartosik <lbartosik@marvell.com>
Subject: Re: [dpdk-dev] [EXT] RE: [PATCH v4 12/15] examples/ipsec-secgw: add app mode worker
Date: Wed, 26 Feb 2020 04:33:15 +0000	[thread overview]
Message-ID: <MN2PR18MB2877679084C3811C64797AA4DFEA0@MN2PR18MB2877.namprd18.prod.outlook.com> (raw)
In-Reply-To: <SN6PR11MB2558FCCC6E8FCF199E8AC60B9AED0@SN6PR11MB2558.namprd11.prod.outlook.com>

Hi Konstantin,

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: Ananyev, Konstantin <konstantin.ananyev@intel.com>
> Sent: Tuesday, February 25, 2020 9:34 PM
> To: Anoob Joseph <anoobj@marvell.com>; Akhil Goyal
> <akhil.goyal@nxp.com>
> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Narayana Prasad Raju
> Athreya <pathreya@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; Archana Muniganti <marchana@marvell.com>;
> Tejasree Kondoj <ktejasree@marvell.com>; Vamsi Krishna Attunuru
> <vattunuru@marvell.com>; dev@dpdk.org; Thomas Monjalon
> <thomas@monjalon.net>; Nicolau, Radu <radu.nicolau@intel.com>; Lukas
> Bartosik <lbartosik@marvell.com>
> Subject: RE: [EXT] RE: [PATCH v4 12/15] examples/ipsec-secgw: add app
> mode worker
> 
> > > >> Add application inbound/outbound worker thread and IPsec
> > > >> application processing code for event mode.
> > > >>
> > > >> Example ipsec-secgw command in app mode:
> > > >> ipsec-secgw -w 0002:02:00.0,ipsec_in_max_spi=128 -w
> > > >> 0002:03:00.0,ipsec_in_max_spi=128 -w 0002:0e:00.0 -w 0002:10:00.1
> > > >> --log-level=8 -c 0x1 -- -P -p 0x3 -u 0x1 --config "(1,0,0),(0,0,0)"
> > > >> -f aes-gcm.cfg --transfer-mode event --event-schedule-type
> > > >> parallel
> > > >>
> > > >> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> > > >> Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
> > > >> Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
> > > >> ---
> > > >
> > > > ...
> > > >
> > > >> +static inline enum pkt_type
> > > >> +process_ipsec_get_pkt_type(struct rte_mbuf *pkt, uint8_t **nlp) {
> > > >> +	struct rte_ether_hdr *eth;
> > > >> +
> > > >> +	eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
> > > >> +	if (eth->ether_type ==
> rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) {
> > > >> +		*nlp = RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN +
> > > >> +				offsetof(struct ip, ip_p));
> > > >> +		if (**nlp == IPPROTO_ESP)
> > > >> +			return PKT_TYPE_IPSEC_IPV4;
> > > >> +		else
> > > >> +			return PKT_TYPE_PLAIN_IPV4;
> > > >> +	} else if (eth->ether_type ==
> > > >> +rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6))
> > > >> {
> > > >> +		*nlp = RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN +
> > > >> +				offsetof(struct ip6_hdr, ip6_nxt));
> > > >> +		if (**nlp == IPPROTO_ESP)
> > > >> +			return PKT_TYPE_IPSEC_IPV6;
> > > >> +		else
> > > >> +			return PKT_TYPE_PLAIN_IPV6;
> > > >> +	}
> > > >> +
> > > >> +	/* Unknown/Unsupported type */
> > > >> +	return PKT_TYPE_INVALID;
> > > >> +}
> > > >> +
> > > >> +static inline void
> > > >> +update_mac_addrs(struct rte_mbuf *pkt, uint16_t portid) {
> > > >> +	struct rte_ether_hdr *ethhdr;
> > > >> +
> > > >> +	ethhdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
> > > >> +	memcpy(&ethhdr->s_addr, &ethaddr_tbl[portid].src,
> > > >> RTE_ETHER_ADDR_LEN);
> > > >> +	memcpy(&ethhdr->d_addr, &ethaddr_tbl[portid].dst,
> > > >> RTE_ETHER_ADDR_LEN);
> > > >> +}
> > > >>
> > > >>  static inline void
> > > >>  ipsec_event_pre_forward(struct rte_mbuf *m, unsigned int
> > > >> port_id) @@
> > > >> -61,6 +101,290 @@ prepare_out_sessions_tbl(struct sa_ctx *sa_out,
> > > >>  	}
> > > >>  }
> > > >>
> > > >> +static inline int
> > > >> +check_sp(struct sp_ctx *sp, const uint8_t *nlp, uint32_t *sa_idx) {
> > > >> +	uint32_t res;
> > > >> +
> > > >> +	if (unlikely(sp == NULL))
> > > >> +		return 0;
> > > >> +
> > > >> +	rte_acl_classify((struct rte_acl_ctx *)sp, &nlp, &res, 1,
> > > >> +			DEFAULT_MAX_CATEGORIES);
> > > >> +
> > > >> +	if (unlikely(res == 0)) {
> > > >> +		/* No match */
> > > >> +		return 0;
> > > >> +	}
> > > >> +
> > > >> +	if (res == DISCARD)
> > > >> +		return 0;
> > > >> +	else if (res == BYPASS) {
> > > >> +		*sa_idx = -1;
> > > >> +		return 1;
> > > >> +	}
> > > >> +
> > > >> +	*sa_idx = res - 1;
> > > >> +	return 1;
> > > >> +}
> > > >> +
> > > >> +static inline uint16_t
> > > >> +route4_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx) {
> > > >> +	uint32_t dst_ip;
> > > >> +	uint16_t offset;
> > > >> +	uint32_t hop;
> > > >> +	int ret;
> > > >> +
> > > >> +	offset = RTE_ETHER_HDR_LEN + offsetof(struct ip, ip_dst);
> > > >> +	dst_ip = *rte_pktmbuf_mtod_offset(pkt, uint32_t *, offset);
> > > >> +	dst_ip = rte_be_to_cpu_32(dst_ip);
> > > >> +
> > > >> +	ret = rte_lpm_lookup((struct rte_lpm *)rt_ctx, dst_ip,
> &hop);
> > > >> +
> > > >> +	if (ret == 0) {
> > > >> +		/* We have a hit */
> > > >> +		return hop;
> > > >> +	}
> > > >> +
> > > >> +	/* else */
> > > >> +	return RTE_MAX_ETHPORTS;
> > > >> +}
> > > >> +
> > > >> +/* TODO: To be tested */
> > > >> +static inline uint16_t
> > > >> +route6_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx) {
> > > >> +	uint8_t dst_ip[16];
> > > >> +	uint8_t *ip6_dst;
> > > >> +	uint16_t offset;
> > > >> +	uint32_t hop;
> > > >> +	int ret;
> > > >> +
> > > >> +	offset = RTE_ETHER_HDR_LEN + offsetof(struct ip6_hdr,
> ip6_dst);
> > > >> +	ip6_dst = rte_pktmbuf_mtod_offset(pkt, uint8_t *, offset);
> > > >> +	memcpy(&dst_ip[0], ip6_dst, 16);
> > > >> +
> > > >> +	ret = rte_lpm6_lookup((struct rte_lpm6 *)rt_ctx, dst_ip,
> &hop);
> > > >> +
> > > >> +	if (ret == 0) {
> > > >> +		/* We have a hit */
> > > >> +		return hop;
> > > >> +	}
> > > >> +
> > > >> +	/* else */
> > > >> +	return RTE_MAX_ETHPORTS;
> > > >> +}
> > > >> +
> > > >> +static inline uint16_t
> > > >> +get_route(struct rte_mbuf *pkt, struct route_table *rt, enum
> > > >> +pkt_type type) {
> > > >> +	if (type == PKT_TYPE_PLAIN_IPV4 || type ==
> PKT_TYPE_IPSEC_IPV4)
> > > >> +		return route4_pkt(pkt, rt->rt4_ctx);
> > > >> +	else if (type == PKT_TYPE_PLAIN_IPV6 || type ==
> PKT_TYPE_IPSEC_IPV6)
> > > >> +		return route6_pkt(pkt, rt->rt6_ctx);
> > > >> +
> > > >> +	return RTE_MAX_ETHPORTS;
> > > >> +}
> > > >
> > > > Is it not possible to use the existing functions for finding
> > > > routes, checking
> > > packet types and checking security policies.
> > > > It will be very difficult to manage two separate functions for
> > > > same work. I can see that the pkt->data_offs Are not required to
> > > > be updated in the inline case, but can we split the existing
> > > > functions in two so that they can
> > > be Called in the appropriate cases.
> > > >
> > > > As you have said in the cover note as well to add lookaside
> > > > protocol support. I also tried adding it, and it will get very
> > > > Difficult to manage separate
> > > functions for separate code paths.
> > > >
> > >
> > > [Lukasz] This was also Konstantin's comment during review of one of
> > > previous revisions.
> > > The prepare_one_packet() and prepare_tx_pkt() do much more than we
> > > need and for performance reasons we crafted new functions. For
> > > example, process_ipsec_get_pkt_type function returns nlp and whether
> > > packet type is plain or IPsec. That's all. Prepare_one_packet()
> > > process packets in chunks and does much more - it adjusts mbuf and
> > > packet length then it demultiplex packets into plain and IPsec flows
> > > and finally does inline checks. This is similar for
> > > update_mac_addrs() vs prepare_tx_pkt() and check_sp() vs
> > > inbound_sp_sa() that
> > > prepare_tx_pkt() and inbound_sp_sa() do more that we need in event
> mode.
> > >
> > > I understand your concern from the perspective of code maintenance
> > > but on the other hand we are concerned with performance.
> > > The current code is not optimized to support multiple mode
> > > processing introduced with rte_security. We can work on a common
> > > routines once we have other modes also added, so that we can come up
> > > with a better solution than what we have today.
> > >
> > > >> +
> > > >> +static inline int
> > > >> +process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table
> *rt,
> > > >> +		struct rte_event *ev)
> > > >> +{
> > > >> +	struct ipsec_sa *sa = NULL;
> > > >> +	struct rte_mbuf *pkt;
> > > >> +	uint16_t port_id = 0;
> > > >> +	enum pkt_type type;
> > > >> +	uint32_t sa_idx;
> > > >> +	uint8_t *nlp;
> > > >> +
> > > >> +	/* Get pkt from event */
> > > >> +	pkt = ev->mbuf;
> > > >> +
> > > >> +	/* Check the packet type */
> > > >> +	type = process_ipsec_get_pkt_type(pkt, &nlp);
> > > >> +
> > > >> +	switch (type) {
> > > >> +	case PKT_TYPE_PLAIN_IPV4:
> > > >> +		if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) {
> > > >> +			if (unlikely(pkt->ol_flags &
> > > >> +				     PKT_RX_SEC_OFFLOAD_FAILED)) {
> > > >> +				RTE_LOG(ERR, IPSEC,
> > > >> +					"Inbound security offload
> failed\n");
> > > >> +				goto drop_pkt_and_exit;
> > > >> +			}
> > > >> +			sa = pkt->userdata;
> > > >> +		}
> > > >> +
> > > >> +		/* Check if we have a match */
> > > >> +		if (check_sp(ctx->sp4_ctx, nlp, &sa_idx) == 0) {
> > > >> +			/* No valid match */
> > > >> +			goto drop_pkt_and_exit;
> > > >> +		}
> > > >> +		break;
> > > >> +
> > > >> +	case PKT_TYPE_PLAIN_IPV6:
> > > >> +		if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) {
> > > >> +			if (unlikely(pkt->ol_flags &
> > > >> +				     PKT_RX_SEC_OFFLOAD_FAILED)) {
> > > >> +				RTE_LOG(ERR, IPSEC,
> > > >> +					"Inbound security offload
> failed\n");
> > > >> +				goto drop_pkt_and_exit;
> > > >> +			}
> > > >> +			sa = pkt->userdata;
> > > >> +		}
> > > >> +
> > > >> +		/* Check if we have a match */
> > > >> +		if (check_sp(ctx->sp6_ctx, nlp, &sa_idx) == 0) {
> > > >> +			/* No valid match */
> > > >> +			goto drop_pkt_and_exit;
> > > >> +		}
> > > >> +		break;
> > > >> +
> > > >> +	default:
> > > >> +		RTE_LOG(ERR, IPSEC, "Unsupported packet type =
> %d\n", type);
> > > >> +		goto drop_pkt_and_exit;
> > > >> +	}
> > > >> +
> > > >> +	/* Check if the packet has to be bypassed */
> > > >> +	if (sa_idx == BYPASS)
> > > >> +		goto route_and_send_pkt;
> > > >> +
> > > >> +	/* Validate sa_idx */
> > > >> +	if (sa_idx >= ctx->sa_ctx->nb_sa)
> > > >> +		goto drop_pkt_and_exit;
> > > >> +
> > > >> +	/* Else the packet has to be protected with SA */
> > > >> +
> > > >> +	/* If the packet was IPsec processed, then SA pointer should
> be set */
> > > >> +	if (sa == NULL)
> > > >> +		goto drop_pkt_and_exit;
> > > >> +
> > > >> +	/* SPI on the packet should match with the one in SA */
> > > >> +	if (unlikely(sa->spi != ctx->sa_ctx->sa[sa_idx].spi))
> > > >> +		goto drop_pkt_and_exit;
> > > >> +
> > > >> +route_and_send_pkt:
> > > >> +	port_id = get_route(pkt, rt, type);
> > > >> +	if (unlikely(port_id == RTE_MAX_ETHPORTS)) {
> > > >> +		/* no match */
> > > >> +		goto drop_pkt_and_exit;
> > > >> +	}
> > > >> +	/* else, we have a matching route */
> > > >> +
> > > >> +	/* Update mac addresses */
> > > >> +	update_mac_addrs(pkt, port_id);
> > > >> +
> > > >> +	/* Update the event with the dest port */
> > > >> +	ipsec_event_pre_forward(pkt, port_id);
> > > >> +	return 1;
> > > >> +
> > > >> +drop_pkt_and_exit:
> > > >> +	RTE_LOG(ERR, IPSEC, "Inbound packet dropped\n");
> > > >> +	rte_pktmbuf_free(pkt);
> > > >> +	ev->mbuf = NULL;
> > > >> +	return 0;
> > > >> +}
> > > >> +
> > > >> +static inline int
> > > >> +process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct
> route_table *rt,
> > > >> +		struct rte_event *ev)
> > > >> +{
> > > >> +	struct rte_ipsec_session *sess;
> > > >> +	struct sa_ctx *sa_ctx;
> > > >> +	struct rte_mbuf *pkt;
> > > >> +	uint16_t port_id = 0;
> > > >> +	struct ipsec_sa *sa;
> > > >> +	enum pkt_type type;
> > > >> +	uint32_t sa_idx;
> > > >> +	uint8_t *nlp;
> > > >> +
> > > >> +	/* Get pkt from event */
> > > >> +	pkt = ev->mbuf;
> > > >> +
> > > >> +	/* Check the packet type */
> > > >> +	type = process_ipsec_get_pkt_type(pkt, &nlp);
> > > >> +
> > > >> +	switch (type) {
> > > >> +	case PKT_TYPE_PLAIN_IPV4:
> > > >> +		/* Check if we have a match */
> > > >> +		if (check_sp(ctx->sp4_ctx, nlp, &sa_idx) == 0) {
> > > >> +			/* No valid match */
> > > >> +			goto drop_pkt_and_exit;
> > > >> +		}
> > > >> +		break;
> > > >> +	case PKT_TYPE_PLAIN_IPV6:
> > > >> +		/* Check if we have a match */
> > > >> +		if (check_sp(ctx->sp6_ctx, nlp, &sa_idx) == 0) {
> > > >> +			/* No valid match */
> > > >> +			goto drop_pkt_and_exit;
> > > >> +		}
> > > >> +		break;
> > > >> +	default:
> > > >> +		/*
> > > >> +		 * Only plain IPv4 & IPv6 packets are allowed
> > > >> +		 * on protected port. Drop the rest.
> > > >> +		 */
> > > >> +		RTE_LOG(ERR, IPSEC, "Unsupported packet type =
> %d\n", type);
> > > >> +		goto drop_pkt_and_exit;
> > > >> +	}
> > > >> +
> > > >> +	/* Check if the packet has to be bypassed */
> > > >> +	if (sa_idx == BYPASS) {
> > > >> +		port_id = get_route(pkt, rt, type);
> > > >> +		if (unlikely(port_id == RTE_MAX_ETHPORTS)) {
> > > >> +			/* no match */
> > > >> +			goto drop_pkt_and_exit;
> > > >> +		}
> > > >> +		/* else, we have a matching route */
> > > >> +		goto send_pkt;
> > > >> +	}
> > > >> +
> > > >> +	/* Validate sa_idx */
> > > >> +	if (sa_idx >= ctx->sa_ctx->nb_sa)
> > > >> +		goto drop_pkt_and_exit;
> > > >> +
> > > >> +	/* Else the packet has to be protected */
> > > >> +
> > > >> +	/* Get SA ctx*/
> > > >> +	sa_ctx = ctx->sa_ctx;
> > > >> +
> > > >> +	/* Get SA */
> > > >> +	sa = &(sa_ctx->sa[sa_idx]);
> > > >> +
> > > >> +	/* Get IPsec session */
> > > >> +	sess = ipsec_get_primary_session(sa);
> > > >> +
> > > >> +	/* Allow only inline protocol for now */
> > > >> +	if (sess->type !=
> RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
> > > >> +		RTE_LOG(ERR, IPSEC, "SA type not supported\n");
> > > >> +		goto drop_pkt_and_exit;
> > > >> +	}
> > > >> +
> > > >> +	if (sess->security.ol_flags &
> RTE_SECURITY_TX_OLOAD_NEED_MDATA)
> > > >> +		pkt->userdata = sess->security.ses;
> > > >> +
> > > >> +	/* Mark the packet for Tx security offload */
> > > >> +	pkt->ol_flags |= PKT_TX_SEC_OFFLOAD;
> > > >> +
> > > >> +	/* Get the port to which this pkt need to be submitted */
> > > >> +	port_id = sa->portid;
> > > >> +
> > > >> +send_pkt:
> > > >> +	/* Update mac addresses */
> > > >> +	update_mac_addrs(pkt, port_id);
> > > >> +
> > > >> +	/* Update the event with the dest port */
> > > >> +	ipsec_event_pre_forward(pkt, port_id);
> > > >
> > > > How is IP checksum getting updated for the processed packet.
> > > > If the hardware is not updating it, should we add a fallback
> > > > mechanism for SW based Checksum update.
> > > >
> > >
> > > [Lukasz] In case of outbound inline protocol checksum has to be
> > > calculated by HW as final packet is formed by crypto device. There
> > > is no need to calculate it in SW.
> > >
> > > >> +	return 1;
> > > >
> > > > It will be better to use some MACROS while returning Like
> > > > #define PKT_FORWARD   1
> > > > #define PKT_DROPPED     0
> > > > #define PKT_POSTED       2  /*may be for lookaside cases */
> > > >
> > > >> +
> > > >> +drop_pkt_and_exit:
> > > >> +	RTE_LOG(ERR, IPSEC, "Outbound packet dropped\n");
> > > >> +	rte_pktmbuf_free(pkt);
> > > >> +	ev->mbuf = NULL;
> > > >> +	return 0;
> > > >> +}
> > > >> +
> > > >>  /*
> > > >>   * Event mode exposes various operating modes depending on the
> > > >>   * capabilities of the event device and the operating mode @@
> > > >> -68,7
> > > >> +392,7 @@ prepare_out_sessions_tbl(struct sa_ctx *sa_out,
> > > >>   */
> > > >>
> > > >>  /* Workers registered */
> > > >> -#define IPSEC_EVENTMODE_WORKERS		1
> > > >> +#define IPSEC_EVENTMODE_WORKERS		2
> > > >>
> > > >>  /*
> > > >>   * Event mode worker
> > > >> @@ -146,7 +470,7 @@
> ipsec_wrkr_non_burst_int_port_drv_mode(struct
> > > >> eh_event_link_info *links,
> > > >>  			}
> > > >>
> > > >>  			/* Save security session */
> > > >> -			pkt->udata64 = (uint64_t) sess_tbl[port_id];
> > > >> +			pkt->userdata = sess_tbl[port_id];
> > > >>
> > > >>  			/* Mark the packet for Tx security offload */
> > > >>  			pkt->ol_flags |= PKT_TX_SEC_OFFLOAD; @@ -165,6
> > > +489,94 @@
> > > >> ipsec_wrkr_non_burst_int_port_drv_mode(struct
> > > >> eh_event_link_info *links,
> > > >>  	}
> > > >>  }
> > > >>
> > > >> +/*
> > > >> + * Event mode worker
> > > >> + * Operating parameters : non-burst - Tx internal port - app
> > > >> +mode */ static void
> > > >> +ipsec_wrkr_non_burst_int_port_app_mode(struct
> > > >> +eh_event_link_info *links,
> > > >> +		uint8_t nb_links)
> > > >> +{
> > > >> +	struct lcore_conf_ev_tx_int_port_wrkr lconf;
> > > >> +	unsigned int nb_rx = 0;
> > > >> +	struct rte_event ev;
> > > >> +	uint32_t lcore_id;
> > > >> +	int32_t socket_id;
> > > >> +	int ret;
> > > >> +
> > > >> +	/* Check if we have links registered for this lcore */
> > > >> +	if (nb_links == 0) {
> > > >> +		/* No links registered - exit */
> > > >> +		return;
> > > >> +	}
> > > >> +
> > > >> +	/* We have valid links */
> > > >> +
> > > >> +	/* Get core ID */
> > > >> +	lcore_id = rte_lcore_id();
> > > >> +
> > > >> +	/* Get socket ID */
> > > >> +	socket_id = rte_lcore_to_socket_id(lcore_id);
> > > >> +
> > > >> +	/* Save routing table */
> > > >> +	lconf.rt.rt4_ctx = socket_ctx[socket_id].rt_ip4;
> > > >> +	lconf.rt.rt6_ctx = socket_ctx[socket_id].rt_ip6;
> > > >> +	lconf.inbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_in;
> > > >> +	lconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
> > > >> +	lconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;
> > > >> +	lconf.inbound.session_pool =
> > > >> +socket_ctx[socket_id].session_pool;
> > > >
> > > > Session_priv_pool should also be added for both inbound and
> > > > outbound
> > > >
> > >
> > > [Lukasz] I will add it in V5.
> >
> > [Anoob] Actually, why do need both session_pool and private_pool? I
> > think it's a remnant from the time we had session being created when the
> first packet arrives.
> >
> > @Konstantin, thoughts?
> 
> I think we do need it for lksd sessions.
> See create_lookaside_session() in ipsec.c

[Anoob] You are right. It seems for lookaside, we still create session only when first packet arrives. The fix was done only for inline.

Said that, do you think we should fix the same for lookaside as well? Often, session creation is treated as a control path entity, and ipsec-secgw doesn't support changing sessions on the fly as well. But in ipsec-secgw, we create sessions in the data path. Also, once we do this, both inline & lookaside will have similar kind of treatment as well.

Do you think there is any value in retaining the current behavior? If not I can take this up following the merge.
 
> 
> >
> > >
> > > >> +	lconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
> > > >> +	lconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
> > > >> +	lconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;
> > > >> +	lconf.outbound.session_pool =
> > > >> +socket_ctx[socket_id].session_pool;
> > > >> +
> > > >> +	RTE_LOG(INFO, IPSEC,
> > > >> +		"Launching event mode worker (non-burst - Tx
> internal port - "
> > > >> +		"app mode) on lcore %d\n", lcore_id);
> > > >> +
> > > >> +	/* Check if it's single link */
> > > >> +	if (nb_links != 1) {
> > > >> +		RTE_LOG(INFO, IPSEC,
> > > >> +			"Multiple links not supported. Using first
> link\n");
> > > >> +	}
> > > >> +
> > > >> +	RTE_LOG(INFO, IPSEC, " -- lcoreid=%u event_port_id=%u\n",
> lcore_id,
> > > >> +		links[0].event_port_id);
> > > >> +
> > > >> +	while (!force_quit) {
> > > >> +		/* Read packet from event queues */
> > > >> +		nb_rx =
> rte_event_dequeue_burst(links[0].eventdev_id,
> > > >> +				links[0].event_port_id,
> > > >> +				&ev,     /* events */
> > > >> +				1,       /* nb_events */
> > > >> +				0        /* timeout_ticks */);
> > > >> +
> > > >> +		if (nb_rx == 0)
> > > >> +			continue;
> > > >> +
> > > >
> > > > Event type should be checked here before dereferencing it.
> > > >
> > >
> > > [Lukasz] I will add event type check in V5.
> > >
> > > >> +		if (is_unprotected_port(ev.mbuf->port))
> > > >> +			ret =
> process_ipsec_ev_inbound(&lconf.inbound,
> > > >> +							&lconf.rt,
> &ev);
> > > >> +		else
> > > >> +			ret =
> process_ipsec_ev_outbound(&lconf.outbound,
> > > >> +							&lconf.rt,
> &ev);
> > > >> +		if (ret != 1)
> > > >> +			/* The pkt has been dropped */
> > > >> +			continue;
> > > >> +
> > > >> +		/*
> > > >> +		 * Since tx internal port is available, events can be
> > > >> +		 * directly enqueued to the adapter and it would be
> > > >> +		 * internally submitted to the eth device.
> > > >> +		 */
> > > >> +
> 	rte_event_eth_tx_adapter_enqueue(links[0].eventdev_id,
> > > >> +				links[0].event_port_id,
> > > >> +				&ev,	/* events */
> > > >> +				1,	/* nb_events */
> > > >> +				0	/* flags */);
> > > >> +	}
> > > >> +}
> > > >> +
> > > >>  static uint8_t
> > > >>  ipsec_eventmode_populate_wrkr_params(struct
> eh_app_worker_params
> > > >> *wrkrs)
> > > >>  {
> > > >> @@ -180,6 +592,14 @@
> ipsec_eventmode_populate_wrkr_params(struct
> > > >> eh_app_worker_params *wrkrs)
> > > >>  	wrkr->cap.ipsec_mode = EH_IPSEC_MODE_TYPE_DRIVER;
> > > >>  	wrkr->worker_thread = ipsec_wrkr_non_burst_int_port_drv_mode;
> > > >>  	wrkr++;
> > > >> +	nb_wrkr_param++;
> > > >> +
> > > >> +	/* Non-burst - Tx internal port - app mode */
> > > >> +	wrkr->cap.burst = EH_RX_TYPE_NON_BURST;
> > > >> +	wrkr->cap.tx_internal_port = EH_TX_TYPE_INTERNAL_PORT;
> > > >> +	wrkr->cap.ipsec_mode = EH_IPSEC_MODE_TYPE_APP;
> > > >> +	wrkr->worker_thread =
> ipsec_wrkr_non_burst_int_port_app_mode;
> > > >> +	nb_wrkr_param++;
> > > >>
> > > >>  	return nb_wrkr_param;
> > > >>  }
> > > >> diff --git a/examples/ipsec-secgw/ipsec_worker.h
> > > >> b/examples/ipsec- secgw/ipsec_worker.h new file mode 100644
> index
> > > >> 0000000..87b4f22
> > > >> --- /dev/null
> > > >> +++ b/examples/ipsec-secgw/ipsec_worker.h
> > > >> @@ -0,0 +1,35 @@
> > > >> +/* SPDX-License-Identifier: BSD-3-Clause
> > > >> + * Copyright (C) 2020 Marvell International Ltd.
> > > >> + */
> > > >> +#ifndef _IPSEC_WORKER_H_
> > > >> +#define _IPSEC_WORKER_H_
> > > >> +
> > > >> +#include "ipsec.h"
> > > >> +
> > > >> +enum pkt_type {
> > > >> +	PKT_TYPE_PLAIN_IPV4 = 1,
> > > >> +	PKT_TYPE_IPSEC_IPV4,
> > > >> +	PKT_TYPE_PLAIN_IPV6,
> > > >> +	PKT_TYPE_IPSEC_IPV6,
> > > >> +	PKT_TYPE_INVALID
> > > >> +};
> > > >> +
> > > >> +struct route_table {
> > > >> +	struct rt_ctx *rt4_ctx;
> > > >> +	struct rt_ctx *rt6_ctx;
> > > >> +};
> > > >> +
> > > >> +/*
> > > >> + * Conf required by event mode worker with tx internal port  */
> > > >> +struct lcore_conf_ev_tx_int_port_wrkr {
> > > >> +	struct ipsec_ctx inbound;
> > > >> +	struct ipsec_ctx outbound;
> > > >> +	struct route_table rt;
> > > >> +} __rte_cache_aligned;
> > > >> +
> > > >> +void ipsec_poll_mode_worker(void);
> > > >> +
> > > >> +int ipsec_launch_one_lcore(void *args);
> > > >> +
> > > >> +#endif /* _IPSEC_WORKER_H_ */
> > > >> --
> > > >> 2.7.4
> > > >

  reply	other threads:[~2020-02-26  4:33 UTC|newest]

Thread overview: 147+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-08 12:30 [dpdk-dev] [PATCH 00/14] add eventmode to ipsec-secgw Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 01/14] examples/ipsec-secgw: add default rte_flow for inline Rx Anoob Joseph
2019-12-16 14:20   ` Ananyev, Konstantin
2019-12-16 15:58     ` Anoob Joseph
2020-01-09 12:01       ` Lukas Bartosik
2020-01-09 19:09         ` Ananyev, Konstantin
2020-01-13 11:40           ` Ananyev, Konstantin
2019-12-08 12:30 ` [dpdk-dev] [PATCH 02/14] examples/ipsec-secgw: add framework for eventmode helper Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 03/14] examples/ipsec-secgw: add eventdev port-lcore link Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 04/14] examples/ipsec-secgw: add Rx adapter support Anoob Joseph
2019-12-11 11:33   ` Akhil Goyal
2019-12-12  5:18     ` Anoob Joseph
2019-12-23 18:48   ` Ananyev, Konstantin
2020-01-07  6:12     ` Anoob Joseph
2020-01-07 14:32       ` Ananyev, Konstantin
2019-12-08 12:30 ` [dpdk-dev] [PATCH 05/14] examples/ipsec-secgw: add Tx " Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 06/14] examples/ipsec-secgw: add routines to display config Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 07/14] examples/ipsec-secgw: add routines to launch workers Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 08/14] examples/ipsec-secgw: add support for internal ports Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 09/14] examples/ipsec-secgw: add eventmode to ipsec-secgw Anoob Joseph
2019-12-23 16:43   ` Ananyev, Konstantin
2020-01-03 10:18     ` Anoob Joseph
2020-01-06 15:45       ` Ananyev, Konstantin
2020-01-09  6:17         ` Anoob Joseph
2019-12-24 12:47   ` Ananyev, Konstantin
2020-01-03 10:20     ` Anoob Joseph
2020-01-06 16:50       ` Ananyev, Konstantin
2020-01-07  6:56         ` Anoob Joseph
2020-01-07 14:38           ` Ananyev, Konstantin
2019-12-08 12:30 ` [dpdk-dev] [PATCH 10/14] examples/ipsec-secgw: add app inbound worker Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 11/14] examples/ipsec-secgw: add app processing code Anoob Joseph
2019-12-23 16:49   ` Ananyev, Konstantin
2020-01-10 14:28     ` [dpdk-dev] [EXT] " Lukas Bartosik
2019-12-24 13:13   ` [dpdk-dev] " Ananyev, Konstantin
2020-01-10 14:36     ` [dpdk-dev] [EXT] " Lukas Bartosik
2019-12-25 15:18   ` [dpdk-dev] " Ananyev, Konstantin
2020-01-07  6:16     ` Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 12/14] examples/ipsec-secgw: add driver outbound worker Anoob Joseph
2019-12-23 17:28   ` Ananyev, Konstantin
2020-01-04 10:58     ` Anoob Joseph
2020-01-06 17:46       ` Ananyev, Konstantin
2020-01-07  4:32         ` Anoob Joseph
2020-01-07 14:30           ` Ananyev, Konstantin
2020-01-09 11:49             ` Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 13/14] examples/ipsec-secgw: add app " Anoob Joseph
2019-12-08 12:30 ` [dpdk-dev] [PATCH 14/14] examples/ipsec-secgw: add cmd line option for bufs Anoob Joseph
2019-12-23 16:14   ` Ananyev, Konstantin
2019-12-23 16:16     ` Ananyev, Konstantin
2020-01-03  5:42       ` Anoob Joseph
2020-01-06 15:21         ` Ananyev, Konstantin
2020-01-20 13:45 ` [dpdk-dev] [PATCH v2 00/12] add eventmode to ipsec-secgw Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 01/12] examples/ipsec-secgw: add default rte_flow for inline Rx Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 02/12] examples/ipsec-secgw: add framework for eventmode helper Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 03/12] examples/ipsec-secgw: add eventdev port-lcore link Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 04/12] examples/ipsec-secgw: add Rx adapter support Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 05/12] examples/ipsec-secgw: add Tx " Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 06/12] examples/ipsec-secgw: add routines to display config Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 07/12] examples/ipsec-secgw: add routines to launch workers Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 08/12] examples/ipsec-secgw: add support for internal ports Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 09/12] examples/ipsec-secgw: add eventmode to ipsec-secgw Anoob Joseph
2020-01-29 23:31     ` Ananyev, Konstantin
2020-01-30 11:04       ` [dpdk-dev] [EXT] " Lukas Bartosik
2020-01-30 11:13         ` Ananyev, Konstantin
2020-01-30 22:21           ` Ananyev, Konstantin
2020-01-31  1:09             ` Lukas Bartosik
2020-02-02 23:00               ` Lukas Bartosik
2020-02-03  7:50                 ` Ananyev, Konstantin
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 10/12] examples/ipsec-secgw: add driver mode worker Anoob Joseph
2020-01-29 22:22     ` Ananyev, Konstantin
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 11/12] examples/ipsec-secgw: add app " Anoob Joseph
2020-01-29 15:34     ` Ananyev, Konstantin
2020-01-29 17:18       ` Anoob Joseph
2020-01-20 13:45   ` [dpdk-dev] [PATCH v2 12/12] examples/ipsec-secgw: add cmd line option for bufs Anoob Joseph
2020-01-29 14:40     ` Ananyev, Konstantin
2020-01-29 17:14       ` Anoob Joseph
2020-01-28  5:02   ` [dpdk-dev] [PATCH v2 00/12] add eventmode to ipsec-secgw Anoob Joseph
2020-01-28 13:00     ` Ananyev, Konstantin
2020-02-04 13:58   ` [dpdk-dev] [PATCH v3 00/13] " Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 01/13] examples/ipsec-secgw: add default rte flow for inline Rx Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 02/13] examples/ipsec-secgw: add framework for eventmode helper Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 03/13] examples/ipsec-secgw: add eventdev port-lcore link Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 04/13] examples/ipsec-secgw: add Rx adapter support Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 05/13] examples/ipsec-secgw: add Tx " Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 06/13] examples/ipsec-secgw: add routines to display config Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 07/13] examples/ipsec-secgw: add routines to launch workers Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 08/13] examples/ipsec-secgw: add support for internal ports Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 09/13] examples/ipsec-secgw: add event helper config init/uninit Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 10/13] examples/ipsec-secgw: add eventmode to ipsec-secgw Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 11/13] examples/ipsec-secgw: add driver mode worker Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 12/13] examples/ipsec-secgw: add app " Lukasz Bartosik
2020-02-04 13:58     ` [dpdk-dev] [PATCH v3 13/13] examples/ipsec-secgw: make number of buffers dynamic Lukasz Bartosik
2020-02-05 13:42       ` Ananyev, Konstantin
2020-02-05 16:08         ` [dpdk-dev] [EXT] " Lukas Bartosik
2020-02-20  8:01     ` [dpdk-dev] [PATCH v4 00/15] add eventmode to ipsec-secgw Lukasz Bartosik
2020-02-20  8:01       ` [dpdk-dev] [PATCH v4 01/15] examples/ipsec-secgw: add default rte flow for inline Rx Lukasz Bartosik
2020-02-20  8:01       ` [dpdk-dev] [PATCH v4 02/15] examples/ipsec-secgw: add framework for eventmode helper Lukasz Bartosik
2020-02-20  8:01       ` [dpdk-dev] [PATCH v4 03/15] examples/ipsec-secgw: add eventdev port-lcore link Lukasz Bartosik
2020-02-20  8:01       ` [dpdk-dev] [PATCH v4 04/15] examples/ipsec-secgw: add Rx adapter support Lukasz Bartosik
2020-02-20  8:01       ` [dpdk-dev] [PATCH v4 05/15] examples/ipsec-secgw: add Tx " Lukasz Bartosik
2020-02-20  8:01       ` [dpdk-dev] [PATCH v4 06/15] examples/ipsec-secgw: add routines to display config Lukasz Bartosik
2020-02-20  8:01       ` [dpdk-dev] [PATCH v4 07/15] examples/ipsec-secgw: add routines to launch workers Lukasz Bartosik
2020-02-20  8:02       ` [dpdk-dev] [PATCH v4 08/15] examples/ipsec-secgw: add support for internal ports Lukasz Bartosik
2020-02-20  8:02       ` [dpdk-dev] [PATCH v4 09/15] examples/ipsec-secgw: add event helper config init/uninit Lukasz Bartosik
2020-02-20  8:02       ` [dpdk-dev] [PATCH v4 10/15] examples/ipsec-secgw: add eventmode to ipsec-secgw Lukasz Bartosik
2020-02-20  8:02       ` [dpdk-dev] [PATCH v4 11/15] examples/ipsec-secgw: add driver mode worker Lukasz Bartosik
2020-02-20  8:02       ` [dpdk-dev] [PATCH v4 12/15] examples/ipsec-secgw: add app " Lukasz Bartosik
2020-02-24 14:13         ` Akhil Goyal
2020-02-25 11:50           ` [dpdk-dev] [EXT] " Lukas Bartosik
2020-02-25 12:13             ` Anoob Joseph
2020-02-25 16:03               ` Ananyev, Konstantin
2020-02-26  4:33                 ` Anoob Joseph [this message]
2020-02-26  5:55                   ` Akhil Goyal
2020-02-26 12:36                     ` Ananyev, Konstantin
2020-02-26  6:04             ` Akhil Goyal
2020-02-26 10:32               ` Lukas Bartosik
2020-02-27 12:07               ` Akhil Goyal
2020-02-27 14:31                 ` Lukas Bartosik
2020-02-20  8:02       ` [dpdk-dev] [PATCH v4 13/15] examples/ipsec-secgw: make number of buffers dynamic Lukasz Bartosik
2020-02-20  8:02       ` [dpdk-dev] [PATCH v4 14/15] doc: add event mode support to ipsec-secgw Lukasz Bartosik
2020-02-20  8:02       ` [dpdk-dev] [PATCH v4 15/15] examples/ipsec-secgw: reserve crypto queues in event mode Lukasz Bartosik
2020-02-24  5:20       ` [dpdk-dev] [PATCH v4 00/15] add eventmode to ipsec-secgw Anoob Joseph
2020-02-24 13:40       ` Akhil Goyal
2020-02-25 12:09         ` [dpdk-dev] [EXT] " Lukas Bartosik
2020-02-27 16:18       ` [dpdk-dev] [PATCH v5 " Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 01/15] examples/ipsec-secgw: add default rte flow for inline Rx Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 02/15] examples/ipsec-secgw: add framework for eventmode helper Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 03/15] examples/ipsec-secgw: add eventdev port-lcore link Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 04/15] examples/ipsec-secgw: add Rx adapter support Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 05/15] examples/ipsec-secgw: add Tx " Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 06/15] examples/ipsec-secgw: add routines to display config Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 07/15] examples/ipsec-secgw: add routines to launch workers Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 08/15] examples/ipsec-secgw: add support for internal ports Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 09/15] examples/ipsec-secgw: add event helper config init/uninit Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 10/15] examples/ipsec-secgw: add eventmode to ipsec-secgw Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 11/15] examples/ipsec-secgw: add driver mode worker Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 12/15] examples/ipsec-secgw: add app " Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 13/15] examples/ipsec-secgw: make number of buffers dynamic Lukasz Bartosik
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 14/15] doc: add event mode support to ipsec-secgw Lukasz Bartosik
2020-04-12 16:37           ` Thomas Monjalon
2020-02-27 16:18         ` [dpdk-dev] [PATCH v5 15/15] examples/ipsec-secgw: reserve crypto queues in event mode Lukasz Bartosik
2020-03-02  8:47         ` [dpdk-dev] [PATCH v5 00/15] add eventmode to ipsec-secgw Anoob Joseph
2020-03-02  8:57           ` Akhil Goyal
2020-03-03 18:00         ` Ananyev, Konstantin
2020-03-12  5:32           ` Anoob Joseph
2020-03-12  5:55             ` Akhil Goyal
2020-03-12  9:57               ` [dpdk-dev] [EXT] " Lukas Bartosik
2020-03-12 13:25                 ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MN2PR18MB2877679084C3811C64797AA4DFEA0@MN2PR18MB2877.namprd18.prod.outlook.com \
    --to=anoobj@marvell.com \
    --cc=adwivedi@marvell.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    --cc=jerinj@marvell.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=ktejasree@marvell.com \
    --cc=lbartosik@marvell.com \
    --cc=marchana@marvell.com \
    --cc=pathreya@marvell.com \
    --cc=radu.nicolau@intel.com \
    --cc=thomas@monjalon.net \
    --cc=vattunuru@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).