From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7B470A04B3; Mon, 16 Dec 2019 15:20:41 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 362301BFAD; Mon, 16 Dec 2019 15:20:40 +0100 (CET) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 98CCC1BFA9 for ; Mon, 16 Dec 2019 15:20:38 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Dec 2019 06:20:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,321,1571727600"; d="scan'208";a="209316279" Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128]) by orsmga008.jf.intel.com with ESMTP; 16 Dec 2019 06:20:37 -0800 Received: from orsmsx161.amr.corp.intel.com (10.22.240.84) by ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 16 Dec 2019 06:20:36 -0800 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX161.amr.corp.intel.com (10.22.240.84) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 16 Dec 2019 06:20:36 -0800 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 16 Dec 2019 06:20:36 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R9uxr93869O2AQEg/bn1LBPFWYfkeHDDTcvRF79hPHxSKZrCiIY4DDIktDwHczhCBNs5UxzSMmlJLWHaC6PPE1cWBg/8tlQx4QBdWnrMthHC4qPkDxnDOTn6aMtXH1RUdEwJcBojQZ+7mWb6susdNXnBErINRDHUneAEMmxK06qNqcqYrBy2m6eiIcD0Z7+waw6Md/LJdHxG1DoBYKKvt/phjt9imQRF4mJeqspTdA1Pc/cld91oQcqgJ0u/UOH8Z2ky6X6vJUCxi3Dsxs4YD/Gdx+v+tmC5CgCLEKu4W5Y6wXj1zBg4PTyFCPTbeA8s0xrfnyBG95AQbPn7mzToZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W5XtnFYB6kGLBW3wTTs8YUUodMC2bEVbwayPgPMdlGY=; b=ZrGjKcZK3nss/ZsuPzJRE91hE6lIbg+fQLDO6nTaCQAGG/0q6yot34SHFhD01vzxydpnPK1tddJQeoL5RqSEBHjofWpLQsKvlShct2pM/nhpo7UNScI9+s7tthKlZzjMfOEhkyA9HbvlvptHewk2GowpRrR96q+DsYAGF17t4gMCqcmlo4WnQtBlllJQOyHX4GyJhxkvsV48XutL//Cr8AMyeT/ZW2lYqGw4K4QCOzjOCe5EyJSiOwfJPfAiKAh6zax6phGZ+4sYL6EArYhCYB72+WJB2wrufWkAwTYzSmS4Td0MUY+J8FnDM9UNFA5GHrcCmlG8c5vJ0OBgVgqkXg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W5XtnFYB6kGLBW3wTTs8YUUodMC2bEVbwayPgPMdlGY=; b=IVS0Io56ULYdTeeNlWXLBoZrLCWI4sZAU/uyReD7kx2SPDtVLTDeWSK7ZNz9L81M+a1owvQuwiidTlQMe5zHHFLa2ua0Tp4xMhQbCT9vj/Xp/xhMQLLiHoiYYF9PTLC2lXrrRA+bTPrcvMn0NXMfKOSegaGjZFg4BQ9qE9VhU+8= Received: from SN6PR11MB2558.namprd11.prod.outlook.com (52.135.94.19) by SN6PR11MB3408.namprd11.prod.outlook.com (52.135.111.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.19; Mon, 16 Dec 2019 14:20:34 +0000 Received: from SN6PR11MB2558.namprd11.prod.outlook.com ([fe80::4d86:362a:13c3:8386]) by SN6PR11MB2558.namprd11.prod.outlook.com ([fe80::4d86:362a:13c3:8386%7]) with mapi id 15.20.2538.019; Mon, 16 Dec 2019 14:20:34 +0000 From: "Ananyev, Konstantin" To: Anoob Joseph , Akhil Goyal , "Nicolau, Radu" , Thomas Monjalon CC: Ankur Dwivedi , Jerin Jacob , Narayana Prasad , Archana Muniganti , Tejasree Kondoj , "Vamsi Attunuru" , Lukasz Bartosik , "dev@dpdk.org" Thread-Topic: [PATCH 01/14] examples/ipsec-secgw: add default rte_flow for inline Rx Thread-Index: AQHVrcN0v5nQcwSJYEeOWpEDVKjiJqe81dqQ Date: Mon, 16 Dec 2019 14:20:34 +0000 Message-ID: References: <1575808249-31135-1-git-send-email-anoobj@marvell.com> <1575808249-31135-2-git-send-email-anoobj@marvell.com> In-Reply-To: <1575808249-31135-2-git-send-email-anoobj@marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTA4Y2M5Y2UtNmU5NC00M2ZjLWE0ZTAtYzRkZThkYzg1NWU1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiSWM5djg2aHJPZ1ZEb0lnRU1GOWZuQ2piZkNhODdSeWk1VEJlV0o4NkhBYzMxNE4wcWswYUhOVTVkekxzV0VVRSJ9 dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.2.0.6 x-ctpclassification: CTP_NT authentication-results: spf=none (sender IP is ) smtp.mailfrom=konstantin.ananyev@intel.com; x-originating-ip: [192.198.151.184] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2f53e828-d31c-4a2f-09b4-08d782331d4f x-ms-traffictypediagnostic: SN6PR11MB3408: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-forefront-prvs: 02530BD3AA x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(136003)(366004)(346002)(376002)(199004)(189003)(55016002)(110136005)(4326008)(66446008)(64756008)(66556008)(26005)(66476007)(316002)(66946007)(33656002)(8936002)(7416002)(81166006)(52536014)(81156014)(86362001)(966005)(71200400001)(186003)(2906002)(6506007)(7696005)(9686003)(5660300002)(76116006)(54906003)(8676002)(478600001)(83323001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR11MB3408; H:SN6PR11MB2558.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: CDcxZdSL9r/H5A5hBb8O3uWcaNwNgT1grYu4biVgItstN7UQMzcnggbvk2KykFUbixdFDHEXd99Hl7vvqwejh/xpmAfbJFPxTOfDO5m1JFSZwf0TQDesLDqW4rLACTFyRCWIGAmFyIujsDbWfMaCuT2EtDD2F4VwpotaINVH0voJnOONWYm0cP4Agep8++A3kUwO+ARZraqIopyFdZcoPug059ofXwQ0Z2dMgdTJ4n6RJn+geMlweVTtxni4CxtURASmK17qpvbWro9TZfyNi64CSu6iWtk62AaXW4qJVSNYakmmhFQYwMhLuLB1jW36co34pJNb/eiMMQ0XEt0vWR9bwUsiAk8ePZUrvnGCVTqfvjCHEhhSK3L07262/JBvfJihR77xb9JeHg7uipZfTsOISNUR/N5qBXsh6S/f1JJToYabhTC023MCJNfn+7IL4fY9Z9S3Fm98PjOhJ/KKKq86tsFx3V2NjtgqEFVkBMxAFCu726IoV+yIRgHgZVUFvbFun3WHpKdpCOHkwCp4U76kFcUoegk6UMsLWcvjzxc= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 2f53e828-d31c-4a2f-09b4-08d782331d4f X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2019 14:20:34.1487 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: gzGFSz/UPyul2eNCKEC/FtDAPzodxw4mxQLsXNye57ukpzZSl1aJljpORzldJbZzTsY5zPP+blSOf7zC+ldPt2TThpZFTORk9o7/ulrOiOk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3408 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH 01/14] examples/ipsec-secgw: add default rte_flow for inline Rx X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" =20 > From: Ankur Dwivedi >=20 > The default flow created would enable security processing on all ESP > packets. If the default flow is created, SA based rte_flow creation > would be skipped. I suppose that one depends on: http://patches.dpdk.org/patch/63621/ http://patches.dpdk.org/cover/63625/ to work as expected? If so probably worth to mention in that header or in cover letter (or both).=20 >=20 > Signed-off-by: Ankur Dwivedi > Signed-off-by: Anoob Joseph > --- > examples/ipsec-secgw/ipsec-secgw.c | 56 ++++++++++++++++++++++++++++++++= ++++++ > examples/ipsec-secgw/ipsec.c | 8 ++++++ > examples/ipsec-secgw/ipsec.h | 6 ++++ > 3 files changed, 70 insertions(+) >=20 > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ip= sec-secgw.c > index 3b5aaf6..7506922 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -128,6 +128,8 @@ struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] =3D= { > { 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) } > }; >=20 > +struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS]; Need to be initialized with zeroes somewhere. > + > #define CMD_LINE_OPT_CONFIG "config" > #define CMD_LINE_OPT_SINGLE_SA "single-sa" > #define CMD_LINE_OPT_CRYPTODEV_MASK "cryptodev_mask" > @@ -2406,6 +2408,55 @@ reassemble_init(void) > return rc; > } >=20 > +static int > +create_default_ipsec_flow(uint16_t port_id, uint64_t rx_offloads) > +{ > + int ret =3D 0; > + > + /* Add the default ipsec flow to detect all ESP packets for rx */ > + if (rx_offloads & DEV_RX_OFFLOAD_SECURITY) { > + struct rte_flow_action action[2]; > + struct rte_flow_item pattern[2]; > + struct rte_flow_attr attr =3D {0}; > + struct rte_flow_error err; > + struct rte_flow *flow; > + > + pattern[0].type =3D RTE_FLOW_ITEM_TYPE_ESP; > + pattern[0].spec =3D NULL; > + pattern[0].mask =3D NULL; > + pattern[0].last =3D NULL; > + pattern[1].type =3D RTE_FLOW_ITEM_TYPE_END; > + > + action[0].type =3D RTE_FLOW_ACTION_TYPE_SECURITY; > + action[0].conf =3D NULL; > + action[1].type =3D RTE_FLOW_ACTION_TYPE_END; > + action[1].conf =3D NULL; > + > + attr.egress =3D 0; > + attr.ingress =3D 1; > + > + ret =3D rte_flow_validate(port_id, &attr, pattern, action, &err); > + if (ret) { As I understand, flow_validate() is used here to query does this capability (multiple security sessions for same flow) is supported by PMD/HW? If so, then probably no need for error message if it doesn't.=20 > + RTE_LOG(ERR, IPSEC, > + "Failed to validate ipsec flow %s\n", > + err.message); > + goto exit; > + } > + > + flow =3D rte_flow_create(port_id, &attr, pattern, action, &err); Same question as for http://patches.dpdk.org/patch/63621/, why do you need it at all? What it will enable/disable?=20 > + if (flow =3D=3D NULL) { > + RTE_LOG(ERR, IPSEC, > + "Failed to create ipsec flow %s\n", > + err.message); > + ret =3D -rte_errno; > + goto exit; Why not just 'return ret;' here? > + } > + flow_info_tbl[port_id].rx_def_flow =3D flow; > + } > +exit: > + return ret; > +} > + > int32_t > main(int32_t argc, char **argv) > { > @@ -2478,6 +2529,11 @@ main(int32_t argc, char **argv) >=20 > sa_check_offloads(portid, &req_rx_offloads, &req_tx_offloads); > port_init(portid, req_rx_offloads, req_tx_offloads); > + /* Create default ipsec flow for the ethernet device */ > + ret =3D create_default_ipsec_flow(portid, req_rx_offloads); > + if (ret) > + printf("Cannot create default flow, err=3D%d, port=3D%d\n", > + ret, portid); Again it is an optional feature, so not sure if we need to report it for ev= ery port. Might be better to do visa-versa: LOG(INFO, ...) when create_default() was= successfull. > } >=20 > cryptodevs_init(); > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index d4b5712..e529f68 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -261,6 +261,12 @@ create_inline_session(struct socket_ctx *skt_ctx, st= ruct ipsec_sa *sa, > unsigned int i; > unsigned int j; >=20 > + /* > + * Don't create flow if default flow is already created > + */ > + if (flow_info_tbl[sa->portid].rx_def_flow) > + goto set_cdev_id; As a nit: would be great to avoid introducing extra gotos. > + As I can see, that block of code is for RTE_SECURITY_ACTION_TYPE_INLINE_CRY= PTO only. Is that what intended? BTW, for RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, it seems rte_flow is=20 never created anyway inside that function.=20 > ret =3D rte_eth_dev_info_get(sa->portid, &dev_info); > if (ret !=3D 0) { > RTE_LOG(ERR, IPSEC, > @@ -396,6 +402,8 @@ create_inline_session(struct socket_ctx *skt_ctx, str= uct ipsec_sa *sa, > ips->security.ol_flags =3D sec_cap->ol_flags; > ips->security.ctx =3D sec_ctx; > } > + > +set_cdev_id: > sa->cdev_id_qp =3D 0; >=20 > return 0; > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index 8e07521..28ff07d 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -81,6 +81,12 @@ struct app_sa_prm { >=20 > extern struct app_sa_prm app_sa_prm; >=20 > +struct flow_info { > + struct rte_flow *rx_def_flow; > +}; > + > +extern struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS]; > + > enum { > IPSEC_SESSION_PRIMARY =3D 0, > IPSEC_SESSION_FALLBACK =3D 1, > -- > 2.7.4