From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by dpdk.org (Postfix) with ESMTP id E559F7CE2 for ; Mon, 4 Dec 2017 15:11:25 +0100 (CET) Received: by mail-wm0-f65.google.com with SMTP id n138so6049614wmg.2 for ; Mon, 04 Dec 2017 06:11:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=GBmzyp+H4LUKZrS3YTx6njJkc7Y+JyFz8Sjub73wBSM=; b=Tc3k94jyatuiddsLdyXNi2EjIfim2IpLEEJ09zpcZLWD4cyEqN/Uuzl4qmaYuDv7WJ sinPm/Ft1AxId3hGr8xmWqogue4FRf05HaOF3c6jRY094lAHPcdw2FddjM6EsfChfahz 78k2Uywjrpr1S+Vo45qSiszwQqvHzGJhdgPcsb4QOHZAPiQjeLIiOFvKt857X+jyoqNR 2OLiqflPFsoFKGclLdwFNm5X+d6yTUTg+ECABsZRcjNDjSiv7hzfEwOemyXa1MNsaDD/ cYlDuPR7E31YF+4TCZD6TrKdDOTv8g5ZOZYdXYWhdA4QxNqOld8H3XzMpo3tUPWBZ158 /ibg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=GBmzyp+H4LUKZrS3YTx6njJkc7Y+JyFz8Sjub73wBSM=; b=XVYDhHoSqhLG6ZtvSoYNUQM3oHVYXgDYRzwCr4z9E2+gc7K78wOvBs6fRK7yfT8Q97 WRzMho/jkdCZ/F628gMeoarzX8Ytl18Gdqs+eBS+MkKQFYziRHVK8PEfSsEDVZOG7xyM bGuf4G0CEguj2ElDKH/gdBOXwgaKWNvw6NiGo6X0Xk9sDVzB+hbY6ufWL0aU1WM0ZF6m aMSfx8ksd5t/UFS+sMkBwILTlhYsNniTsW/4rf8dveRJn9fvaf/jKzNmTFxBF/9G32LM w7s41Wcz2yUpriJID/kuJx7OWzNF7oeWbi40OPmw7Yc96YmxV/IhKkAhzklY1i0cJpN7 nuhQ== X-Gm-Message-State: AKGB3mJL4VmbjBEjXmTvgoHPIi3Kl6h/9/mku2SkVRc2ppRzdE+uOApD 5hkU6DNmXA/xlFr0zw93mOre X-Google-Smtp-Source: AGs4zMamHEPTKSbgAqG5n9ihL3GdrPtStj+nfc4ZTJMmXOZoRpaWSLgMT04XPFsMHSHfi/ymjv1grA== X-Received: by 10.28.143.12 with SMTP id r12mr3146198wmd.44.1512396685555; Mon, 04 Dec 2017 06:11:25 -0800 (PST) Received: from laranjeiro-vm.dev.6wind.com. (host.78.145.23.62.rev.coltfrance.com. [62.23.145.78]) by smtp.gmail.com with ESMTPSA id h7sm14135528wrb.35.2017.12.04.06.11.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Dec 2017 06:11:24 -0800 (PST) From: Nelio Laranjeiro To: Sergio Gonzalez Monroy , Radu Nicolau , Anoob Joseph Cc: dev@dpdk.org Date: Mon, 4 Dec 2017 15:11:28 +0100 Message-Id: X-Mailer: git-send-email 2.11.0 In-Reply-To: <8fd6c8881517f9d6bd5dfbef9cfb2071891c0cb1.1512396570.git.nelio.laranjeiro@6wind.com> References: <8fd6c8881517f9d6bd5dfbef9cfb2071891c0cb1.1512396570.git.nelio.laranjeiro@6wind.com> In-Reply-To: <6ac80a2be156911ee35c894924a02f04c43f49fc.1511449894.git.nelio.laranjeiro@6wind.com> References: <6ac80a2be156911ee35c894924a02f04c43f49fc.1511449894.git.nelio.laranjeiro@6wind.com> Subject: [dpdk-dev] [PATCH v2 2/2] examples/ipsec-secgw: add target queues in flow actions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 14:11:26 -0000 Mellanox INNOVA NIC needs to have final target queue actions to perform inline crypto. Signed-off-by: Nelio Laranjeiro --- Changes in v2: * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated. --- examples/ipsec-secgw/ipsec.c | 81 ++++++++++++++++++++++++++++++++++++++++---- examples/ipsec-secgw/ipsec.h | 2 +- 2 files changed, 76 insertions(+), 7 deletions(-) diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 17bd7620d..f8823fb94 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) rte_eth_dev_get_sec_ctx( sa->portid); const struct rte_security_capability *sec_cap; + int ret = 0; sa->sec_session = rte_security_session_create(ctx, &sess_conf, ipsec_ctx->session_pool); @@ -173,6 +174,10 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) return -1; } + sa->attr.egress = (sa->direction == + RTE_SECURITY_IPSEC_SA_DIR_EGRESS); + sa->attr.ingress = (sa->direction == + RTE_SECURITY_IPSEC_SA_DIR_INGRESS); sa->ol_flags = sec_cap->ol_flags; sa->security_ctx = ctx; sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH; @@ -201,15 +206,79 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; sa->action[0].conf = sa->sec_session; - sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; - - sa->attr.egress = (sa->direction == - RTE_SECURITY_IPSEC_SA_DIR_EGRESS); - sa->attr.ingress = (sa->direction == - RTE_SECURITY_IPSEC_SA_DIR_INGRESS); + if (sa->attr.ingress) { + uint8_t rss_key[40]; + struct rte_eth_rss_conf rss_conf = { + .rss_key = rss_key, + .rss_key_len = 40, + }; + struct rte_eth_dev *eth_dev; + union { + struct rte_flow_action_rss rss; + struct { + const struct rte_eth_rss_conf *rss_conf; + uint16_t num; + uint16_t queue[RTE_MAX_QUEUES_PER_PORT]; + } local; + } action_rss; + unsigned int i; + unsigned int j; + + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; + /* + * Try implicitly PASSTHRU, it can also be + * explicit. + */ + sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; + ret = rte_flow_validate(sa->portid, &sa->attr, + sa->pattern, sa->action, + &err); + if (!ret) + goto flow_create; + /* Try RSS. */ + sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS; + sa->action[1].conf = &action_rss; + eth_dev = ctx->device; + rte_eth_dev_rss_hash_conf_get(sa->portid, + &rss_conf); + for (i = 0, j = 0; + i < eth_dev->data->nb_rx_queues; ++i) + if (eth_dev->data->rx_queues[i]) + action_rss.local.queue[j++] = i; + action_rss.local.num = j; + action_rss.local.rss_conf = &rss_conf; + ret = rte_flow_validate(sa->portid, &sa->attr, + sa->pattern, sa->action, + &err); + if (!ret) + goto flow_create; + /* Try Queue. */ + for (i = 0; + i < eth_dev->data->nb_rx_queues; ++i) + if (eth_dev->data->rx_queues[i]) + break; + if (i != eth_dev->data->nb_rx_queues) + return -1; + sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE; + sa->action[1].conf = + &(struct rte_flow_action_queue){ + .index = i, + }; + ret = rte_flow_validate(sa->portid, &sa->attr, + sa->pattern, sa->action, + &err); + if (ret) + goto flow_create_failure; + } else { + sa->action[1].type = + RTE_FLOW_ACTION_TYPE_PASSTHRU; + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; + } +flow_create: sa->flow = rte_flow_create(sa->portid, &sa->attr, sa->pattern, sa->action, &err); if (sa->flow == NULL) { +flow_create_failure: RTE_LOG(ERR, IPSEC, "Failed to create ipsec flow msg: %s\n", err.message); diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 775b316ff..82ffc1c6d 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -133,7 +133,7 @@ struct ipsec_sa { uint32_t ol_flags; #define MAX_RTE_FLOW_PATTERN (4) -#define MAX_RTE_FLOW_ACTIONS (2) +#define MAX_RTE_FLOW_ACTIONS (4) struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN]; struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS]; struct rte_flow_attr attr; -- 2.11.0