From: Hemant Agrawal <hemant.agrawal@oss.nxp.com>
To: Akhil Goyal <gakhil@marvell.com>, dev@dpdk.org
Cc: thomas@monjalon.net, david.marchand@redhat.com,
hemant.agrawal@nxp.com, anoobj@marvell.com,
pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
declan.doherty@intel.com, matan@nvidia.com, g.singh@nxp.com,
roy.fan.zhang@intel.com, jianjay.zhou@huawei.com,
asomalap@amd.com, ruifeng.wang@arm.com,
konstantin.ananyev@intel.com, radu.nicolau@intel.com,
ajit.khaparde@broadcom.com, rnagadheeraj@marvell.com,
adwivedi@marvell.com, ciara.power@intel.com
Subject: Re: [dpdk-dev] [PATCH v2] test/crypto-perf: support lookaside IPsec
Date: Wed, 20 Oct 2021 18:40:52 +0530 [thread overview]
Message-ID: <43bb7b32-ab2b-3482-25b5-cca5e501dbb6@oss.nxp.com> (raw)
In-Reply-To: <20211008201546.3496585-1-gakhil@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
On 10/9/2021 1:45 AM, Akhil Goyal wrote:
> Added support for lookaside IPsec protocol offload.
> Supported cases:
> -AEAD
> -Cipher+auth
>
> Command used for testing:
> ./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest
> throughput --optype ipsec --cipher-algo aes-cbc --pool-sz 16384
> --cipher-op encrypt --cipher-key-sz 16 --cipher-iv-sz 16 --auth-algo
> sha1-hmac --auth-op generate --digest-sz 16 --total-ops 10000000
> --burst-sz 32 --buffer-sz 64,128,256,512,1024,1280,2048
>
> ./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest
> throughput --optype ipsec --aead-algo aes-gcm --pool-sz 16384
> --aead-op encrypt --aead-key-sz 32 --aead-iv-sz 12 --aead-aad-sz 16
> --digest-sz 16 --total-ops 10000000 --burst-sz 32
> --buffer-sz 64,128,256,512,1024,1280,2048
>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
> v2: added release notes.
>
> app/test-crypto-perf/cperf_ops.c | 179 ++++++++++++++++---
> app/test-crypto-perf/cperf_options.h | 1 +
> app/test-crypto-perf/cperf_options_parsing.c | 4 +
> app/test-crypto-perf/cperf_test_throughput.c | 3 +-
> app/test-crypto-perf/cperf_test_vectors.c | 6 +-
> app/test-crypto-perf/main.c | 3 +-
> doc/guides/rel_notes/release_21_11.rst | 1 +
> 7 files changed, 166 insertions(+), 31 deletions(-)
>
> diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
> index 4b7d66edb2..b2073f0738 100644
> --- a/app/test-crypto-perf/cperf_ops.c
> +++ b/app/test-crypto-perf/cperf_ops.c
> @@ -62,7 +62,13 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
> sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
> src_buf_offset);
>
> - if (options->op_type == CPERF_PDCP) {
> + if (options->op_type == CPERF_PDCP ||
> + options->op_type == CPERF_IPSEC) {
> + /* In case of IPsec, headroom is consumed by PMD,
> + * hence resetting it.
> + */
> + sym_op->m_src->data_off = options->headroom_sz;
> +
> sym_op->m_src->buf_len = options->segment_sz;
> sym_op->m_src->data_len = options->test_buffer_size;
> sym_op->m_src->pkt_len = sym_op->m_src->data_len;
> @@ -565,6 +571,123 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
> return 0;
> }
>
> +static struct rte_cryptodev_sym_session *
> +create_ipsec_session(struct rte_mempool *sess_mp,
> + struct rte_mempool *priv_mp,
> + uint8_t dev_id,
> + const struct cperf_options *options,
> + const struct cperf_test_vector *test_vector,
> + uint16_t iv_offset)
> +{
> + struct rte_crypto_sym_xform xform = {0};
> + struct rte_crypto_sym_xform auth_xform = {0};
> +
> + if (options->aead_algo != 0) {
> + /* Setup AEAD Parameters */
> + xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
> + xform.next = NULL;
> + xform.aead.algo = options->aead_algo;
> + xform.aead.op = options->aead_op;
> + xform.aead.iv.offset = iv_offset;
> + xform.aead.key.data = test_vector->aead_key.data;
> + xform.aead.key.length = test_vector->aead_key.length;
> + xform.aead.iv.length = test_vector->aead_iv.length;
> + xform.aead.digest_length = options->digest_sz;
> + xform.aead.aad_length = options->aead_aad_sz;
> + } else if (options->cipher_algo != 0 && options->auth_algo != 0) {
> + /* Setup Cipher Parameters */
> + xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
> + xform.next = NULL;
> + xform.cipher.algo = options->cipher_algo;
> + xform.cipher.op = options->cipher_op;
> + xform.cipher.iv.offset = iv_offset;
> + xform.cipher.iv.length = test_vector->cipher_iv.length;
> + /* cipher different than null */
> + if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
> + xform.cipher.key.data = test_vector->cipher_key.data;
> + xform.cipher.key.length =
> + test_vector->cipher_key.length;
> + } else {
> + xform.cipher.key.data = NULL;
> + xform.cipher.key.length = 0;
> + }
> +
> + /* Setup Auth Parameters */
> + auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
> + auth_xform.next = NULL;
> + auth_xform.auth.algo = options->auth_algo;
> + auth_xform.auth.op = options->auth_op;
> + auth_xform.auth.iv.offset = iv_offset +
> + xform.cipher.iv.length;
> + /* auth different than null */
> + if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
> + auth_xform.auth.digest_length = options->digest_sz;
> + auth_xform.auth.key.length =
> + test_vector->auth_key.length;
> + auth_xform.auth.key.data = test_vector->auth_key.data;
> + auth_xform.auth.iv.length = test_vector->auth_iv.length;
> + } else {
> + auth_xform.auth.digest_length = 0;
> + auth_xform.auth.key.length = 0;
> + auth_xform.auth.key.data = NULL;
> + auth_xform.auth.iv.length = 0;
> + }
> +
> + xform.next = &auth_xform;
> + } else {
> + return NULL;
> + }
> +
> +#define CPERF_IPSEC_SRC_IP 0x01010101
> +#define CPERF_IPSEC_DST_IP 0x02020202
> +#define CPERF_IPSEC_SALT 0x0
> +#define CPERF_IPSEC_DEFTTL 64
> + struct rte_security_ipsec_tunnel_param tunnel = {
> + .type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
> + {.ipv4 = {
> + .src_ip = { .s_addr = CPERF_IPSEC_SRC_IP},
> + .dst_ip = { .s_addr = CPERF_IPSEC_DST_IP},
> + .dscp = 0,
> + .df = 0,
> + .ttl = CPERF_IPSEC_DEFTTL,
> + } },
> + };
> + struct rte_security_session_conf sess_conf = {
> + .action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> + .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
> + {.ipsec = {
> + .spi = rte_lcore_id(),
> + /**< For testing sake, lcore_id is taken as SPI so that
> + * for every core a different session is created.
> + */
> + .salt = CPERF_IPSEC_SALT,
> + .options = { 0 },
> + .replay_win_sz = 0,
> + .direction =
> + ((options->cipher_op ==
> + RTE_CRYPTO_CIPHER_OP_ENCRYPT) &&
> + (options->auth_op ==
> + RTE_CRYPTO_AUTH_OP_GENERATE)) ||
> + (options->aead_op ==
> + RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
> + RTE_SECURITY_IPSEC_SA_DIR_EGRESS :
> + RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
> + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
> + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
> + .tunnel = tunnel,
> + } },
> + .userdata = NULL,
> + .crypto_xform = &xform
> + };
> +
> + struct rte_security_ctx *ctx = (struct rte_security_ctx *)
> + rte_cryptodev_get_sec_ctx(dev_id);
> +
> + /* Create security session */
> + return (void *)rte_security_session_create(ctx,
> + &sess_conf, sess_mp, priv_mp);
> +}
> +
> static struct rte_cryptodev_sym_session *
> cperf_create_session(struct rte_mempool *sess_mp,
> struct rte_mempool *priv_mp,
> @@ -675,6 +798,12 @@ cperf_create_session(struct rte_mempool *sess_mp,
> return (void *)rte_security_session_create(ctx,
> &sess_conf, sess_mp, priv_mp);
> }
> +
> + if (options->op_type == CPERF_IPSEC) {
> + return create_ipsec_session(sess_mp, priv_mp, dev_id,
> + options, test_vector, iv_offset);
> + }
> +
> if (options->op_type == CPERF_DOCSIS) {
> enum rte_security_docsis_direction direction;
>
> @@ -872,44 +1001,40 @@ cperf_get_op_functions(const struct cperf_options *options,
>
> op_fns->sess_create = cperf_create_session;
>
> - if (options->op_type == CPERF_ASYM_MODEX) {
> - op_fns->populate_ops = cperf_set_ops_asym;
> - return 0;
> - }
> -
> - if (options->op_type == CPERF_AEAD) {
> + switch (options->op_type) {
> + case CPERF_AEAD:
> op_fns->populate_ops = cperf_set_ops_aead;
> - return 0;
> - }
> + break;
>
> - if (options->op_type == CPERF_AUTH_THEN_CIPHER
> - || options->op_type == CPERF_CIPHER_THEN_AUTH) {
> + case CPERF_AUTH_THEN_CIPHER:
> + case CPERF_CIPHER_THEN_AUTH:
> op_fns->populate_ops = cperf_set_ops_cipher_auth;
> - return 0;
> - }
> - if (options->op_type == CPERF_AUTH_ONLY) {
> + break;
> + case CPERF_AUTH_ONLY:
> if (options->auth_algo == RTE_CRYPTO_AUTH_NULL)
> op_fns->populate_ops = cperf_set_ops_null_auth;
> else
> op_fns->populate_ops = cperf_set_ops_auth;
> - return 0;
> - }
> - if (options->op_type == CPERF_CIPHER_ONLY) {
> + break;
> + case CPERF_CIPHER_ONLY:
> if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL)
> op_fns->populate_ops = cperf_set_ops_null_cipher;
> else
> op_fns->populate_ops = cperf_set_ops_cipher;
> - return 0;
> - }
> + break;
> + case CPERF_ASYM_MODEX:
> + op_fns->populate_ops = cperf_set_ops_asym;
> + break;
> #ifdef RTE_LIB_SECURITY
> - if (options->op_type == CPERF_PDCP) {
> + case CPERF_PDCP:
> + case CPERF_IPSEC:
> + case CPERF_DOCSIS:
> op_fns->populate_ops = cperf_set_ops_security;
> - return 0;
> - }
> - if (options->op_type == CPERF_DOCSIS) {
> - op_fns->populate_ops = cperf_set_ops_security;
> - return 0;
> - }
> + break;
> #endif
> - return -1;
> + default:
> + return -1;
> + }
> +
> + return 0;
> }
> diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
> index f5ea2b90a5..031b238b20 100644
> --- a/app/test-crypto-perf/cperf_options.h
> +++ b/app/test-crypto-perf/cperf_options.h
> @@ -80,6 +80,7 @@ enum cperf_op_type {
> CPERF_AEAD,
> CPERF_PDCP,
> CPERF_DOCSIS,
> + CPERF_IPSEC,
> CPERF_ASYM_MODEX
> };
>
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
> index 2a7acb0111..c244f81bbf 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -458,6 +458,10 @@ parse_op_type(struct cperf_options *opts, const char *arg)
> cperf_op_type_strs[CPERF_DOCSIS],
> CPERF_DOCSIS
> },
> + {
> + cperf_op_type_strs[CPERF_IPSEC],
> + CPERF_IPSEC
> + },
> {
> cperf_op_type_strs[CPERF_ASYM_MODEX],
> CPERF_ASYM_MODEX
> diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
> index 76fcda47ff..ca65c3c883 100644
> --- a/app/test-crypto-perf/cperf_test_throughput.c
> +++ b/app/test-crypto-perf/cperf_test_throughput.c
> @@ -42,7 +42,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
> }
> #ifdef RTE_LIB_SECURITY
> else if (ctx->options->op_type == CPERF_PDCP ||
> - ctx->options->op_type == CPERF_DOCSIS) {
> + ctx->options->op_type == CPERF_DOCSIS ||
> + ctx->options->op_type == CPERF_IPSEC) {
> struct rte_security_ctx *sec_ctx =
> (struct rte_security_ctx *)
> rte_cryptodev_get_sec_ctx(ctx->dev_id);
> diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
> index 4bba405961..e944583089 100644
> --- a/app/test-crypto-perf/cperf_test_vectors.c
> +++ b/app/test-crypto-perf/cperf_test_vectors.c
> @@ -448,7 +448,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
> t_vec->modex.elen = sizeof(perf_mod_e);
> }
>
> - if (options->op_type == CPERF_PDCP) {
> + if (options->op_type == CPERF_PDCP ||
> + options->op_type == CPERF_IPSEC) {
> if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {
> t_vec->cipher_key.length = 0;
> t_vec->ciphertext.data = plaintext;
> @@ -579,7 +580,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
> t_vec->auth_iv.length = options->auth_iv_sz;
> }
>
> - if (options->op_type == CPERF_AEAD) {
> + if (options->op_type == CPERF_AEAD ||
> + options->op_type == CPERF_IPSEC) {
> t_vec->aead_key.length = options->aead_key_sz;
> t_vec->aead_key.data = aead_key;
>
> diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> index 390380898e..6fdb92fb7c 100644
> --- a/app/test-crypto-perf/main.c
> +++ b/app/test-crypto-perf/main.c
> @@ -41,6 +41,7 @@ const char *cperf_op_type_strs[] = {
> [CPERF_AEAD] = "aead",
> [CPERF_PDCP] = "pdcp",
> [CPERF_DOCSIS] = "docsis",
> + [CPERF_IPSEC] = "ipsec",
> [CPERF_ASYM_MODEX] = "modex"
> };
>
> @@ -278,9 +279,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
> /* Fall through */
> case CPERF_PDCP:
> case CPERF_DOCSIS:
> + case CPERF_IPSEC:
> /* Fall through */
> default:
> -
> conf.ff_disable |= RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
> }
>
> diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
> index dfaf7bdf38..84266aba7c 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -134,6 +134,7 @@ New Features
>
> * Added support for asymmetric crypto throughput performance measurement.
> Only modex is supported for now.
> + * Added support for lookaside IPsec protocol offload throughput measurement.
>
> * **Added lookaside protocol (IPsec) tests in dpdk-test.**
>
prev parent reply other threads:[~2021-10-20 13:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-17 17:48 [dpdk-dev] [PATCH] " Akhil Goyal
2021-10-08 20:15 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2021-10-20 13:10 ` Hemant Agrawal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43bb7b32-ab2b-3482-25b5-cca5e501dbb6@oss.nxp.com \
--to=hemant.agrawal@oss.nxp.com \
--cc=adwivedi@marvell.com \
--cc=ajit.khaparde@broadcom.com \
--cc=anoobj@marvell.com \
--cc=asomalap@amd.com \
--cc=ciara.power@intel.com \
--cc=david.marchand@redhat.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
--cc=g.singh@nxp.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jianjay.zhou@huawei.com \
--cc=konstantin.ananyev@intel.com \
--cc=matan@nvidia.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=rnagadheeraj@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=ruifeng.wang@arm.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).