From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
by inbox.dpdk.org (Postfix) with ESMTP id 9C3FDA04F1;
Sun, 8 Dec 2019 13:31:25 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
by dpdk.org (Postfix) with ESMTP id 387001BEC4;
Sun, 8 Dec 2019 13:31:20 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
[67.231.148.174]) by dpdk.org (Postfix) with ESMTP id A14C01BEC4
for <dev@dpdk.org>; Sun, 8 Dec 2019 13:31:18 +0100 (CET)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
xB8CVBOP021889; Sun, 8 Dec 2019 04:31:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
h=from : to : cc :
subject : date : message-id : in-reply-to : references : mime-version :
content-transfer-encoding : content-type; s=pfpt0818;
bh=bdpAbJGAUZmwhK0fyTu6t4Ve36s202Pqxqe2AjDt0Gc=;
b=E3z3M/HyJAFE7XzytmD5v/MvD1kAvBGLISOMNJpxIG7WvXxfiqMgh0U1OmIZa4rbhnLh
trEmhM7Nh+Bngtk8FZvA852KrtKy9Pry2YhTR9AaPiZXwgFTNQuaVjwqrobSTgyd7Yma
Qyk65hkLiMuG7aLSyk8YVQp9Jd65ydHRyX0z8Qy2h0qmWmGbhIW/YHlpQ3YrJ1PXKQNe
cxRW60o5Z2qAgVrG1PbQGjCetjHZQ0Ft5/Pz7jJ6zyU6p2BC4DhBaT5ij9iQlBGHLz1h
jF2ffqw0L55tu8q8a8Gsu0HB4c7m4BSNjG+xxfLNDw4tqaZvxBI2P6UnOGy/QMVPFaWa vg==
Received: from sc-exch02.marvell.com ([199.233.58.182])
by mx0a-0016f401.pphosted.com with ESMTP id 2wrbawjm4g-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
Sun, 08 Dec 2019 04:31:17 -0800
Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH02.marvell.com
(10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Sun, 8 Dec
2019 04:31:16 -0800
Received: from maili.marvell.com (10.93.176.43) by SC-EXCH03.marvell.com
(10.93.176.83) with Microsoft SMTP Server id 15.0.1367.3 via Frontend
Transport; Sun, 8 Dec 2019 04:31:16 -0800
Received: from ajoseph83.caveonetworks.com.com (unknown [10.29.45.60])
by maili.marvell.com (Postfix) with ESMTP id 9DC193F703F;
Sun, 8 Dec 2019 04:31:11 -0800 (PST)
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, Radu Nicolau <radu.nicolau@intel.com>,
Thomas Monjalon <thomas@monjalon.net>
CC: Ankur Dwivedi <adwivedi@marvell.com>, Jerin Jacob <jerinj@marvell.com>,
Narayana Prasad <pathreya@marvell.com>, Anoob Joseph <anoobj@marvell.com>,
Archana Muniganti <marchana@marvell.com>, Tejasree Kondoj
<ktejasree@marvell.com>, Vamsi Attunuru <vattunuru@marvell.com>, "Lukasz
Bartosik" <lbartosik@marvell.com>, Konstantin Ananyev
<konstantin.ananyev@intel.com>, <dev@dpdk.org>
Date: Sun, 8 Dec 2019 18:00:36 +0530
Message-ID: <1575808249-31135-2-git-send-email-anoobj@marvell.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1575808249-31135-1-git-send-email-anoobj@marvell.com>
References: <1575808249-31135-1-git-send-email-anoobj@marvell.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572
definitions=2019-12-08_03:2019-12-05,2019-12-08 signatures=0
Subject: [dpdk-dev] [PATCH 01/14] examples/ipsec-secgw: add default rte_flow
for inline Rx
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>
From: Ankur Dwivedi <adwivedi@marvell.com>
The default flow created would enable security processing on all ESP
packets. If the default flow is created, SA based rte_flow creation
would be skipped.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 56 ++++++++++++++++++++++++++++++++++++++
examples/ipsec-secgw/ipsec.c | 8 ++++++
examples/ipsec-secgw/ipsec.h | 6 ++++
3 files changed, 70 insertions(+)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 3b5aaf6..7506922 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -128,6 +128,8 @@ struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = {
{ 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) }
};
+struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS];
+
#define CMD_LINE_OPT_CONFIG "config"
#define CMD_LINE_OPT_SINGLE_SA "single-sa"
#define CMD_LINE_OPT_CRYPTODEV_MASK "cryptodev_mask"
@@ -2406,6 +2408,55 @@ reassemble_init(void)
return rc;
}
+static int
+create_default_ipsec_flow(uint16_t port_id, uint64_t rx_offloads)
+{
+ int ret = 0;
+
+ /* Add the default ipsec flow to detect all ESP packets for rx */
+ if (rx_offloads & DEV_RX_OFFLOAD_SECURITY) {
+ struct rte_flow_action action[2];
+ struct rte_flow_item pattern[2];
+ struct rte_flow_attr attr = {0};
+ struct rte_flow_error err;
+ struct rte_flow *flow;
+
+ pattern[0].type = RTE_FLOW_ITEM_TYPE_ESP;
+ pattern[0].spec = NULL;
+ pattern[0].mask = NULL;
+ pattern[0].last = NULL;
+ pattern[1].type = RTE_FLOW_ITEM_TYPE_END;
+
+ action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
+ action[0].conf = NULL;
+ action[1].type = RTE_FLOW_ACTION_TYPE_END;
+ action[1].conf = NULL;
+
+ attr.egress = 0;
+ attr.ingress = 1;
+
+ ret = rte_flow_validate(port_id, &attr, pattern, action, &err);
+ if (ret) {
+ RTE_LOG(ERR, IPSEC,
+ "Failed to validate ipsec flow %s\n",
+ err.message);
+ goto exit;
+ }
+
+ flow = rte_flow_create(port_id, &attr, pattern, action, &err);
+ if (flow == NULL) {
+ RTE_LOG(ERR, IPSEC,
+ "Failed to create ipsec flow %s\n",
+ err.message);
+ ret = -rte_errno;
+ goto exit;
+ }
+ flow_info_tbl[port_id].rx_def_flow = flow;
+ }
+exit:
+ return ret;
+}
+
int32_t
main(int32_t argc, char **argv)
{
@@ -2478,6 +2529,11 @@ main(int32_t argc, char **argv)
sa_check_offloads(portid, &req_rx_offloads, &req_tx_offloads);
port_init(portid, req_rx_offloads, req_tx_offloads);
+ /* Create default ipsec flow for the ethernet device */
+ ret = create_default_ipsec_flow(portid, req_rx_offloads);
+ if (ret)
+ printf("Cannot create default flow, err=%d, port=%d\n",
+ ret, portid);
}
cryptodevs_init();
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index d4b5712..e529f68 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -261,6 +261,12 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
unsigned int i;
unsigned int j;
+ /*
+ * Don't create flow if default flow is already created
+ */
+ if (flow_info_tbl[sa->portid].rx_def_flow)
+ goto set_cdev_id;
+
ret = rte_eth_dev_info_get(sa->portid, &dev_info);
if (ret != 0) {
RTE_LOG(ERR, IPSEC,
@@ -396,6 +402,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
ips->security.ol_flags = sec_cap->ol_flags;
ips->security.ctx = sec_ctx;
}
+
+set_cdev_id:
sa->cdev_id_qp = 0;
return 0;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 8e07521..28ff07d 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -81,6 +81,12 @@ struct app_sa_prm {
extern struct app_sa_prm app_sa_prm;
+struct flow_info {
+ struct rte_flow *rx_def_flow;
+};
+
+extern struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS];
+
enum {
IPSEC_SESSION_PRIMARY = 0,
IPSEC_SESSION_FALLBACK = 1,
--
2.7.4