From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 7B470A04B3;
	Mon, 16 Dec 2019 15:20:41 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 362301BFAD;
	Mon, 16 Dec 2019 15:20:40 +0100 (CET)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by dpdk.org (Postfix) with ESMTP id 98CCC1BFA9
 for <dev@dpdk.org>; Mon, 16 Dec 2019 15:20:38 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 16 Dec 2019 06:20:37 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,321,1571727600"; d="scan'208";a="209316279"
Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128])
 by orsmga008.jf.intel.com with ESMTP; 16 Dec 2019 06:20:37 -0800
Received: from orsmsx161.amr.corp.intel.com (10.22.240.84) by
 ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 16 Dec 2019 06:20:36 -0800
Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by
 ORSMSX161.amr.corp.intel.com (10.22.240.84) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 16 Dec 2019 06:20:36 -0800
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 16 Dec 2019 06:20:36 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=R9uxr93869O2AQEg/bn1LBPFWYfkeHDDTcvRF79hPHxSKZrCiIY4DDIktDwHczhCBNs5UxzSMmlJLWHaC6PPE1cWBg/8tlQx4QBdWnrMthHC4qPkDxnDOTn6aMtXH1RUdEwJcBojQZ+7mWb6susdNXnBErINRDHUneAEMmxK06qNqcqYrBy2m6eiIcD0Z7+waw6Md/LJdHxG1DoBYKKvt/phjt9imQRF4mJeqspTdA1Pc/cld91oQcqgJ0u/UOH8Z2ky6X6vJUCxi3Dsxs4YD/Gdx+v+tmC5CgCLEKu4W5Y6wXj1zBg4PTyFCPTbeA8s0xrfnyBG95AQbPn7mzToZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=W5XtnFYB6kGLBW3wTTs8YUUodMC2bEVbwayPgPMdlGY=;
 b=ZrGjKcZK3nss/ZsuPzJRE91hE6lIbg+fQLDO6nTaCQAGG/0q6yot34SHFhD01vzxydpnPK1tddJQeoL5RqSEBHjofWpLQsKvlShct2pM/nhpo7UNScI9+s7tthKlZzjMfOEhkyA9HbvlvptHewk2GowpRrR96q+DsYAGF17t4gMCqcmlo4WnQtBlllJQOyHX4GyJhxkvsV48XutL//Cr8AMyeT/ZW2lYqGw4K4QCOzjOCe5EyJSiOwfJPfAiKAh6zax6phGZ+4sYL6EArYhCYB72+WJB2wrufWkAwTYzSmS4Td0MUY+J8FnDM9UNFA5GHrcCmlG8c5vJ0OBgVgqkXg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; 
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=W5XtnFYB6kGLBW3wTTs8YUUodMC2bEVbwayPgPMdlGY=;
 b=IVS0Io56ULYdTeeNlWXLBoZrLCWI4sZAU/uyReD7kx2SPDtVLTDeWSK7ZNz9L81M+a1owvQuwiidTlQMe5zHHFLa2ua0Tp4xMhQbCT9vj/Xp/xhMQLLiHoiYYF9PTLC2lXrrRA+bTPrcvMn0NXMfKOSegaGjZFg4BQ9qE9VhU+8=
Received: from SN6PR11MB2558.namprd11.prod.outlook.com (52.135.94.19) by
 SN6PR11MB3408.namprd11.prod.outlook.com (52.135.111.150) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2538.19; Mon, 16 Dec 2019 14:20:34 +0000
Received: from SN6PR11MB2558.namprd11.prod.outlook.com
 ([fe80::4d86:362a:13c3:8386]) by SN6PR11MB2558.namprd11.prod.outlook.com
 ([fe80::4d86:362a:13c3:8386%7]) with mapi id 15.20.2538.019; Mon, 16 Dec 2019
 14:20:34 +0000
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Anoob Joseph <anoobj@marvell.com>, Akhil Goyal <akhil.goyal@nxp.com>,
 "Nicolau, Radu" <radu.nicolau@intel.com>, Thomas Monjalon
 <thomas@monjalon.net>
CC: Ankur Dwivedi <adwivedi@marvell.com>, Jerin Jacob <jerinj@marvell.com>,
 Narayana Prasad <pathreya@marvell.com>, Archana Muniganti
 <marchana@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>, "Vamsi
 Attunuru" <vattunuru@marvell.com>, Lukasz Bartosik <lbartosik@marvell.com>,
 "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [PATCH 01/14] examples/ipsec-secgw: add default rte_flow for
 inline Rx
Thread-Index: AQHVrcN0v5nQcwSJYEeOWpEDVKjiJqe81dqQ
Date: Mon, 16 Dec 2019 14:20:34 +0000
Message-ID: <SN6PR11MB2558EE0CE8A7066ED9C7385E9A510@SN6PR11MB2558.namprd11.prod.outlook.com>
References: <1575808249-31135-1-git-send-email-anoobj@marvell.com>
 <1575808249-31135-2-git-send-email-anoobj@marvell.com>
In-Reply-To: <1575808249-31135-2-git-send-email-anoobj@marvell.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTA4Y2M5Y2UtNmU5NC00M2ZjLWE0ZTAtYzRkZThkYzg1NWU1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiSWM5djg2aHJPZ1ZEb0lnRU1GOWZuQ2piZkNhODdSeWk1VEJlV0o4NkhBYzMxNE4wcWswYUhOVTVkekxzV0VVRSJ9
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.2.0.6
x-ctpclassification: CTP_NT
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=konstantin.ananyev@intel.com; 
x-originating-ip: [192.198.151.184]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2f53e828-d31c-4a2f-09b4-08d782331d4f
x-ms-traffictypediagnostic: SN6PR11MB3408:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <SN6PR11MB34080686B0F8B6DC964915819A510@SN6PR11MB3408.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6108;
x-forefront-prvs: 02530BD3AA
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10019020)(396003)(39860400002)(136003)(366004)(346002)(376002)(199004)(189003)(55016002)(110136005)(4326008)(66446008)(64756008)(66556008)(26005)(66476007)(316002)(66946007)(33656002)(8936002)(7416002)(81166006)(52536014)(81156014)(86362001)(966005)(71200400001)(186003)(2906002)(6506007)(7696005)(9686003)(5660300002)(76116006)(54906003)(8676002)(478600001)(83323001);
 DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR11MB3408;
 H:SN6PR11MB2558.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; A:1; MX:1; 
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CDcxZdSL9r/H5A5hBb8O3uWcaNwNgT1grYu4biVgItstN7UQMzcnggbvk2KykFUbixdFDHEXd99Hl7vvqwejh/xpmAfbJFPxTOfDO5m1JFSZwf0TQDesLDqW4rLACTFyRCWIGAmFyIujsDbWfMaCuT2EtDD2F4VwpotaINVH0voJnOONWYm0cP4Agep8++A3kUwO+ARZraqIopyFdZcoPug059ofXwQ0Z2dMgdTJ4n6RJn+geMlweVTtxni4CxtURASmK17qpvbWro9TZfyNi64CSu6iWtk62AaXW4qJVSNYakmmhFQYwMhLuLB1jW36co34pJNb/eiMMQ0XEt0vWR9bwUsiAk8ePZUrvnGCVTqfvjCHEhhSK3L07262/JBvfJihR77xb9JeHg7uipZfTsOISNUR/N5qBXsh6S/f1JJToYabhTC023MCJNfn+7IL4fY9Z9S3Fm98PjOhJ/KKKq86tsFx3V2NjtgqEFVkBMxAFCu726IoV+yIRgHgZVUFvbFun3WHpKdpCOHkwCp4U76kFcUoegk6UMsLWcvjzxc=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f53e828-d31c-4a2f-09b4-08d782331d4f
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2019 14:20:34.1487 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gzGFSz/UPyul2eNCKEC/FtDAPzodxw4mxQLsXNye57ukpzZSl1aJljpORzldJbZzTsY5zPP+blSOf7zC+ldPt2TThpZFTORk9o7/ulrOiOk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3408
X-OriginatorOrg: intel.com
Subject: Re: [dpdk-dev] [PATCH 01/14] examples/ipsec-secgw: add default
 rte_flow for inline Rx
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

=20
> From: Ankur Dwivedi <adwivedi@marvell.com>
>=20
> The default flow created would enable security processing on all ESP
> packets. If the default flow is created, SA based rte_flow creation
> would be skipped.

I suppose that one depends on:
http://patches.dpdk.org/patch/63621/
http://patches.dpdk.org/cover/63625/
to work as expected?
If so probably worth to mention in that header
or in cover letter (or both).=20

>=20
> Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> ---
>  examples/ipsec-secgw/ipsec-secgw.c | 56 ++++++++++++++++++++++++++++++++=
++++++
>  examples/ipsec-secgw/ipsec.c       |  8 ++++++
>  examples/ipsec-secgw/ipsec.h       |  6 ++++
>  3 files changed, 70 insertions(+)
>=20
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ip=
sec-secgw.c
> index 3b5aaf6..7506922 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -128,6 +128,8 @@ struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] =3D=
 {
>  	{ 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) }
>  };
>=20
> +struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS];

Need to be initialized with zeroes somewhere.

> +
>  #define CMD_LINE_OPT_CONFIG		"config"
>  #define CMD_LINE_OPT_SINGLE_SA		"single-sa"
>  #define CMD_LINE_OPT_CRYPTODEV_MASK	"cryptodev_mask"
> @@ -2406,6 +2408,55 @@ reassemble_init(void)
>  	return rc;
>  }
>=20
> +static int
> +create_default_ipsec_flow(uint16_t port_id, uint64_t rx_offloads)
> +{
> +	int ret =3D 0;
> +
> +	/* Add the default ipsec flow to detect all ESP packets for rx */
> +	if (rx_offloads & DEV_RX_OFFLOAD_SECURITY) {
> +		struct rte_flow_action action[2];
> +		struct rte_flow_item pattern[2];
> +		struct rte_flow_attr attr =3D {0};
> +		struct rte_flow_error err;
> +		struct rte_flow *flow;
> +
> +		pattern[0].type =3D RTE_FLOW_ITEM_TYPE_ESP;
> +		pattern[0].spec =3D NULL;
> +		pattern[0].mask =3D NULL;
> +		pattern[0].last =3D NULL;
> +		pattern[1].type =3D RTE_FLOW_ITEM_TYPE_END;
> +
> +		action[0].type =3D RTE_FLOW_ACTION_TYPE_SECURITY;
> +		action[0].conf =3D NULL;
> +		action[1].type =3D RTE_FLOW_ACTION_TYPE_END;
> +		action[1].conf =3D NULL;
> +
> +		attr.egress =3D 0;
> +		attr.ingress =3D 1;
> +
> +		ret =3D rte_flow_validate(port_id, &attr, pattern, action, &err);
> +		if (ret) {

As I understand, flow_validate() is used here to query does this capability
(multiple security sessions for same flow) is supported by PMD/HW?
If so, then probably no need for error message if it doesn't.=20

> +			RTE_LOG(ERR, IPSEC,
> +				"Failed to validate ipsec flow %s\n",
> +				err.message);
> +			goto exit;
> +		}
> +
> +		flow =3D rte_flow_create(port_id, &attr, pattern, action, &err);

Same question as for http://patches.dpdk.org/patch/63621/,
why do you need it at all?
What it will enable/disable?=20

> +		if (flow =3D=3D NULL) {
> +			RTE_LOG(ERR, IPSEC,
> +				"Failed to create ipsec flow %s\n",
> +				err.message);
> +			ret =3D -rte_errno;
> +			goto exit;

Why not just 'return ret;' here?

> +		}
> +		flow_info_tbl[port_id].rx_def_flow =3D flow;
> +	}
> +exit:
> +	return ret;
> +}
> +
>  int32_t
>  main(int32_t argc, char **argv)
>  {
> @@ -2478,6 +2529,11 @@ main(int32_t argc, char **argv)
>=20
>  		sa_check_offloads(portid, &req_rx_offloads, &req_tx_offloads);
>  		port_init(portid, req_rx_offloads, req_tx_offloads);
> +		/* Create default ipsec flow for the ethernet device */
> +		ret =3D create_default_ipsec_flow(portid, req_rx_offloads);
> +		if (ret)
> +			printf("Cannot create default flow, err=3D%d, port=3D%d\n",
> +					ret, portid);

Again it is an optional feature, so not sure if we need to report it for ev=
ery port.
Might be better to do visa-versa: LOG(INFO, ...) when  create_default() was=
 successfull.

>  	}
>=20
>  	cryptodevs_init();
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index d4b5712..e529f68 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -261,6 +261,12 @@ create_inline_session(struct socket_ctx *skt_ctx, st=
ruct ipsec_sa *sa,
>  			unsigned int i;
>  			unsigned int j;
>=20
> +			/*
> +			 * Don't create flow if default flow is already created
> +			 */
> +			if (flow_info_tbl[sa->portid].rx_def_flow)
> +				goto set_cdev_id;

As a nit: would be great to avoid introducing extra gotos.

> +

As I can see, that block of code is for RTE_SECURITY_ACTION_TYPE_INLINE_CRY=
PTO only.
Is that what intended?
BTW, for RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, it seems rte_flow is=20
never created anyway inside that function.=20

>  			ret =3D rte_eth_dev_info_get(sa->portid, &dev_info);
>  			if (ret !=3D 0) {
>  				RTE_LOG(ERR, IPSEC,
> @@ -396,6 +402,8 @@ create_inline_session(struct socket_ctx *skt_ctx, str=
uct ipsec_sa *sa,
>  		ips->security.ol_flags =3D sec_cap->ol_flags;
>  		ips->security.ctx =3D sec_ctx;
>  	}
> +
> +set_cdev_id:
>  	sa->cdev_id_qp =3D 0;
>=20
>  	return 0;
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 8e07521..28ff07d 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -81,6 +81,12 @@ struct app_sa_prm {
>=20
>  extern struct app_sa_prm app_sa_prm;
>=20
> +struct flow_info {
> +	struct rte_flow *rx_def_flow;
> +};
> +
> +extern struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS];
> +
>  enum {
>  	IPSEC_SESSION_PRIMARY =3D 0,
>  	IPSEC_SESSION_FALLBACK =3D 1,
> --
> 2.7.4