From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8165EA0528; Mon, 20 Jan 2020 14:45:56 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 88C5A2C2B; Mon, 20 Jan 2020 14:45:52 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 5255B2C28 for ; Mon, 20 Jan 2020 14:45:50 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00KDjYeK023766; Mon, 20 Jan 2020 05:45:49 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=/CFhkwXk340IIDa3WUwXgXCwiYnLBF4j2Gr9LIKSQ4Y=; b=O1qWjiUlX90E1AQcMGOiXijUVfIxao0PEffDcgR8tvkGyW0SIdQu73YXeIpOkT4/mT2x H/Py9p12xcUkwjnU3Ehqw0nB/yTqNpkFqBKUUnQyhvMmvW12cVH0cuVNplaXt0w7vgMf 4S4uAY9EO2VzIGxfOkfu7FXo2JSeyAodxa0xenDRUd/91pJmDV2ag5cNwMYJyRgn9+ZD kVm+gqk9gY6D0d8DYyP7Zi68coIVLhTff9LnetkNwkrzCrrh74B8mgfHPDzszImYWYNB qZW+yCU3FwPPd1+aeZv1BnHayoyLnscxs/YXJOgBmuf+8W7pMjqbl6RM83AaZnPpeKu2 Zw== Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0b-0016f401.pphosted.com with ESMTP id 2xm2dsx45f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 20 Jan 2020 05:45:49 -0800 Received: from SC-EXCH01.marvell.com (10.93.176.81) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 20 Jan 2020 05:45:47 -0800 Received: from maili.marvell.com (10.93.176.43) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 20 Jan 2020 05:45:47 -0800 Received: from ajoseph83.caveonetworks.com (unknown [10.29.45.60]) by maili.marvell.com (Postfix) with ESMTP id 6C7753F703F; Mon, 20 Jan 2020 05:45:43 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Radu Nicolau , Thomas Monjalon CC: Ankur Dwivedi , Jerin Jacob , Narayana Prasad , Anoob Joseph , Archana Muniganti , Tejasree Kondoj , Vamsi Attunuru , "Lukasz Bartosik" , Konstantin Ananyev , Date: Mon, 20 Jan 2020 19:15:07 +0530 Message-ID: <1579527918-360-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1579527918-360-1-git-send-email-anoobj@marvell.com> References: <1575808249-31135-1-git-send-email-anoobj@marvell.com> <1579527918-360-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-20_02:2020-01-20, 2020-01-20 signatures=0 Subject: [dpdk-dev] [PATCH v2 01/12] examples/ipsec-secgw: add default rte_flow for inline Rx X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Ankur Dwivedi The default flow created would enable security processing on all ESP packets. If the default flow is created, SA based rte_flow creation would be skipped. Signed-off-by: Ankur Dwivedi Signed-off-by: Anoob Joseph --- examples/ipsec-secgw/ipsec-secgw.c | 61 +++++++++++++++++++++++++++++++++----- examples/ipsec-secgw/ipsec.c | 7 +++++ examples/ipsec-secgw/ipsec.h | 6 ++++ 3 files changed, 66 insertions(+), 8 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 3b5aaf6..d5e8fe5 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -128,6 +128,8 @@ struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = { { 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) } }; +struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS]; + #define CMD_LINE_OPT_CONFIG "config" #define CMD_LINE_OPT_SINGLE_SA "single-sa" #define CMD_LINE_OPT_CRYPTODEV_MASK "cryptodev_mask" @@ -2406,6 +2408,48 @@ reassemble_init(void) return rc; } +static void +create_default_ipsec_flow(uint16_t port_id, uint64_t rx_offloads) +{ + struct rte_flow_action action[2]; + struct rte_flow_item pattern[2]; + struct rte_flow_attr attr = {0}; + struct rte_flow_error err; + struct rte_flow *flow; + int ret; + + if (!(rx_offloads & DEV_RX_OFFLOAD_SECURITY)) + return; + + /* Add the default rte_flow to enable SECURITY for all ESP packets */ + + pattern[0].type = RTE_FLOW_ITEM_TYPE_ESP; + pattern[0].spec = NULL; + pattern[0].mask = NULL; + pattern[0].last = NULL; + pattern[1].type = RTE_FLOW_ITEM_TYPE_END; + + action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; + action[0].conf = NULL; + action[1].type = RTE_FLOW_ACTION_TYPE_END; + action[1].conf = NULL; + + attr.ingress = 1; + + ret = rte_flow_validate(port_id, &attr, pattern, action, &err); + if (ret) + return; + + flow = rte_flow_create(port_id, &attr, pattern, action, &err); + if (flow == NULL) + return; + + flow_info_tbl[port_id].rx_def_flow = flow; + RTE_LOG(INFO, IPSEC, + "Created default flow enabling SECURITY for all ESP traffic on port %d\n", + port_id); +} + int32_t main(int32_t argc, char **argv) { @@ -2414,7 +2458,8 @@ main(int32_t argc, char **argv) uint32_t i; uint8_t socket_id; uint16_t portid; - uint64_t req_rx_offloads, req_tx_offloads; + uint64_t req_rx_offloads[RTE_MAX_ETHPORTS]; + uint64_t req_tx_offloads[RTE_MAX_ETHPORTS]; size_t sess_sz; /* init EAL */ @@ -2476,8 +2521,10 @@ main(int32_t argc, char **argv) if ((enabled_port_mask & (1 << portid)) == 0) continue; - sa_check_offloads(portid, &req_rx_offloads, &req_tx_offloads); - port_init(portid, req_rx_offloads, req_tx_offloads); + sa_check_offloads(portid, &req_rx_offloads[portid], + &req_tx_offloads[portid]); + port_init(portid, req_rx_offloads[portid], + req_tx_offloads[portid]); } cryptodevs_init(); @@ -2487,11 +2534,9 @@ main(int32_t argc, char **argv) if ((enabled_port_mask & (1 << portid)) == 0) continue; - /* - * Start device - * note: device must be started before a flow rule - * can be installed. - */ + /* Create flow before starting the device */ + create_default_ipsec_flow(portid, req_rx_offloads[portid]); + ret = rte_eth_dev_start(portid); if (ret < 0) rte_exit(EXIT_FAILURE, "rte_eth_dev_start: " diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index d4b5712..58f6e8c 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -261,6 +261,12 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, unsigned int i; unsigned int j; + /* Don't create flow if default flow is created */ + if (flow_info_tbl[sa->portid].rx_def_flow) { + sa->cdev_id_qp = 0; + return 0; + } + ret = rte_eth_dev_info_get(sa->portid, &dev_info); if (ret != 0) { RTE_LOG(ERR, IPSEC, @@ -396,6 +402,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, ips->security.ol_flags = sec_cap->ol_flags; ips->security.ctx = sec_ctx; } + sa->cdev_id_qp = 0; return 0; diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 8e07521..28ff07d 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -81,6 +81,12 @@ struct app_sa_prm { extern struct app_sa_prm app_sa_prm; +struct flow_info { + struct rte_flow *rx_def_flow; +}; + +extern struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS]; + enum { IPSEC_SESSION_PRIMARY = 0, IPSEC_SESSION_FALLBACK = 1, -- 2.7.4