From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0061.outbound.protection.outlook.com [104.47.40.61]) by dpdk.org (Postfix) with ESMTP id 329E5200 for ; Tue, 12 Dec 2017 13:43:18 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xsScTcxqH8u6wzW9/MWvYg6xcN2Wxv85zyQlK+rCZOw=; b=KwYlILSA2E2IrZuqs1e7njGielZ5pJz8u7Y8Y84uI1lZI/u/2iDIX+OHl0UyjEekDyeeQsCXQ9a76GarBVt+puAw3XvjRUtL/BNE9rH7NVSi1qHBXKum6K7ufcDEH5bpjN4CrQ7sBVqKPQRGl3X6aDI/qu/RTjB8zcqoQmmxnkI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from hyd1ajoseph-dt.caveonetworks.com (115.113.156.2) by CY4PR0701MB3636.namprd07.prod.outlook.com (2603:10b6:910:93::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Tue, 12 Dec 2017 12:43:14 +0000 Cc: anoob.joseph@caviumnetworks.com, dev@dpdk.org To: Nelio Laranjeiro , Sergio Gonzalez Monroy , Radu Nicolau References: <5d3fdd0c05d5f8afd3f8e38ca03eaf25187d5c98.1513000931.git.nelio.laranjeiro@6wind.com> From: Anoob Joseph Message-ID: <5777791b-3dd6-f746-aa37-d572c108f042@caviumnetworks.com> Date: Tue, 12 Dec 2017 18:13:08 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <5d3fdd0c05d5f8afd3f8e38ca03eaf25187d5c98.1513000931.git.nelio.laranjeiro@6wind.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: CO2PR07CA0079.namprd07.prod.outlook.com (2603:10b6:100::47) To CY4PR0701MB3636.namprd07.prod.outlook.com (2603:10b6:910:93::11) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9916e30c-a4d3-42a7-18bd-08d5415dea3a X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(7168020)(4627115)(201703031133081)(201702281549075)(2017052603307); SRVR:CY4PR0701MB3636; X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3636; 3:0VBDD4hZVwjynxYbTRk89gAzUSaNPlhpotAbaJwpRywXDsNmBagY/HxNMqEVp6W+t9zg/PxTxRmraQzheVu5XW0fjHTgGrLvloORNd8KEu5ob7Dgizu/BMDP+TyBRwqzrBJEgRzibv0LEnkZSjOIkoTeGI9aoLiK8x0NvC1YbBpXg1117msNOts5+3+WDyt5G0xatB57s1It0tRPXVzWhBxmKFs91MzDq/GGXiCtkvRBHNprk5m8R/Pkg2vYUdJZ; 25:7siZ7o726oA3M4wwRjYTmte9cxZxw+zp9I1PvRNe7PHT4FXE3s+TmQReOJKVMbixHdTREE/0fKjgMiMTnhH+PiBg6z0lDQzMzA0ILxnpIZbCw5Nfm65xpWcZwqRJSRqXw4XWWzaltNwXSwUwSWcZFxxABLm7Zb31w0H/lzWDHw5S6VhhpDdvWI57RRPpv/s5HaaKPSStfhiTQTwX4lYz8n5AkAuHB5t5YTiron1MqF7s9CrViWE1AEHyA5TuH1m+RwLkpizrrvW4W5hXVaaW+/ZTVEM8dTy/kuCz1bmNxmSoPJbKtxYmn4ZBViPLo11SSR+xhwPq6/gwSWO1LsresVLQ7aDkAIVlEU2toky0zrM=; 31:GLlsH474JC0/8QwnYI4Q7MmAsnc3EA1MqlmfCzLbyP1MUNc/39Fnyrz2FLzgZlQz2SEeq5+3J8jKgyPNInSNkMbJkdk0AkEenVZV1LDYGdvDutRLx+8Thgz5VGl+jNtEM4uXQcCYxVsIPlCHn/R/mi/dwuPAusMzm14X1PmC6P15JM8edVjCkNdPZDKu8MlHR3eLfn7odZppaEZFc3KrHWUKduto1WMcyqDLtQ6OYh4= X-MS-TrafficTypeDiagnostic: CY4PR0701MB3636: X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3636; 20:HOCu2zMI1LI80HpZX+BhezFVO4Q37MZ9bt0TdEUmF4Ypld/SJZobA4j1M2bWe1WOcbxN9DIh8c8ug9Ycvnl8BDHh7qgirALukkO6Vl+M1sstUT6hEVmrxsNIeo6FessunKhLAKUPxOOCBDtKG+A27Pofvv04PIgW6aFmVDjcMKBV4cayaYdRyDvwAI14IBUQ0zFEVOTsJwsNlI0zGcZHgM1dfIt15kbGPkX9repEQwrdTl3ECM8nQos1PmX3lcpCtlIAYlb3fOtWCE+xZWbuXqIRNRHEGb4AYbBpEwD1Aph7F7KPBdkWLMhwNi4DNbo16fCaI3K66hpMIyvrs6B0K9k9qYVK9Q418Fyl4Q5ok3PSIE+hcAj7fuS5/+mxoJLt9aJ8dXkNDy2eIYfqgqQ9vmEQEoDcnBPe+IeMhIbdr3SxsZEMKKBxM5ziQZw2nCNSXDyDto+RGJ2th2agHvZ2LweRhD1/qkef+sFikOuPcI9yuGkg0NCdDwoUjK9qq4B6xyc1NWM17Dpjp3YWhE3ToP097ArZusCE1bHmipN904jD4Pf6Q0gUi8Uv9jRZJdy2HcwASsVYocKs58CGDFmylcZWcVSRUCM9t+1a6REyROo=; 4:sDtpQuJ6otfZtvxweH4hjyeF46dFXrv8XL2UjRkNGTT51T2h2YAW8zljD1hvb9SzCw+8Uswj/BpIJYI1g45hDowpOIAXsYWLWPPWUsS0TaaAzDBXHETSHJz1Ufg8LNGVNnpDTcRaDKp+3n5Dp5vL/LuKOldav4FKEAgea/QOUFLW5JXRBioJNvd39wcy3y3yz2itNn3zhvHq6So2co0z8zwfO5l/JlJT9MiUzuZxDEGCDYi14xTi+iBLZlzbBggX1ZqHWNoOwwg5MEz01Vc52g== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(10201501046)(93006095)(3002001)(3231023)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123555025)(20161123562025)(6072148)(201708071742011); SRVR:CY4PR0701MB3636; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR0701MB3636; X-Forefront-PRVS: 051900244E X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(376002)(366004)(24454002)(199004)(189003)(2906002)(230700001)(59450400001)(6246003)(316002)(106356001)(4326008)(31686004)(53416004)(105586002)(5660300001)(58126008)(72206003)(53936002)(50466002)(36756003)(16526018)(83506002)(6512007)(6506006)(7736002)(110136005)(305945005)(478600001)(53546010)(6486002)(229853002)(76176011)(65806001)(2950100002)(66066001)(65956001)(31696002)(42882006)(6666003)(2486003)(23676004)(52146003)(47776003)(52116002)(65826007)(25786009)(67846002)(97736004)(81166006)(8676002)(55236003)(64126003)(81156014)(6116002)(3846002)(8936002)(69596002)(68736007); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR0701MB3636; H:hyd1ajoseph-dt.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjA3MDFNQjM2MzY7MjM6ZTFOcTlxMGI2WDNCeVlML2Zscis2MFhU?= =?utf-8?B?VHRCNVV1UVVmZksxTHlUQkd2QnFpK1VlVFRmeFBBWUoxelFDV3hEeGw0T29S?= =?utf-8?B?aDFJbmd1V2g1UWIwalo5N0pYL2lLR3dwemEwUlJSckR4bEdGc3N2ZkRQY0tR?= =?utf-8?B?WlFXbG9RSlM1dis0MDdEemJHRCtXelZrVFBOQ0JKTUdUQUdTQmpsaVdkMU5t?= =?utf-8?B?dU5CUks1TUlPak4xUk9VUHB3YmwrUjBaY0Y4cEFIQ0IzTGtMYk80RlhtUnJk?= =?utf-8?B?eVhDL1ZQaVhhRlNZZTNQQ2F2dU9KUFkyR3pTNStKOW01Sjk1UXVqUmVnMXdp?= =?utf-8?B?ZDNiVTQ5Y0YvWis5S2labXN3WDNjejArS2UxLzhzd2hHRlRRNGI1MVBxV0dV?= =?utf-8?B?VFpUYnVjQitOVXo2dWROS251Z0RSdUVMME5vMWdvSVRmb0NUTzZmOFV5UlhR?= =?utf-8?B?eDFqeSsxQkFqb3U1MGR5SW14dmIxMmhJL01PU3FWTTdZSjFjenY0cDdqSito?= =?utf-8?B?VDBLT1hTdllXVndGVVlsbUdhSlpvdE1idmV1WHhCTTQrdUlPS1BMNHRUQ3k5?= =?utf-8?B?bGlKM2U3OVVsZ3BwSUZQcjVwYkgzaHFwTU1ZcVppejloUFRUVlRrWjZpdmUv?= =?utf-8?B?azE4aHYvbERiQkk4bUdhc21IUWVhQ1RRNkg0SmVPOGpwMU5RTzI2TFF6Wll5?= =?utf-8?B?aXVhaEJWMit5YkJqSndpY3ppRHpXRlhZWGowaFBHS3I5Zjl5SjVtOEpaT04z?= =?utf-8?B?ZW9LWVY1TURlQ0pnT1BGZndycDNxNW5wWVF2V2Nyc3RDSEtxY0ZOYXlJdUxU?= =?utf-8?B?T284VEsxcTNSUENWQ3FLOVZrQlNJUncvK2JzNGVKSVo4QzV4VVhPdTFxRm9x?= =?utf-8?B?SDJ4dzQwaSs3T1NGRDkzMC9zTGVhQjJ4KzVpRmJqWlZEc0hXaUs1V3ZsY3No?= =?utf-8?B?TUxyU25XOFRqTmtNOEN4N0Y1bXVqdDNwOUJnVFZDZTd2ZHNhVFNKZGlRdlVq?= =?utf-8?B?aVFzelE3b0F0cC9aWGlBZk01MGlaWUJFTkxTUkV2UTVoYWhKYi9YTlIzSW9Q?= =?utf-8?B?N29xMVZVNGJjK01aNzJ3RDZxVlFDY1QxTGxKZkd1TTJnRjNwTXAwWFA2Qnds?= =?utf-8?B?dFdsSDhlVEk5YkIyRnp0NkJjSms4Z0pXZlVOVDN2RGgrU2FOTzJNSHd1WmE2?= =?utf-8?B?NVI2bSthNjNuQzBSSmQwcklVYWpJV0UvZTkyQ2tTMFB6c0RsUGR2WFphUldF?= =?utf-8?B?ZlBBZmNmSHZjWExxUmxWVkZjUmxaSlFiUy9kMkFLYWJyMFg3eSswUjNvdDA5?= =?utf-8?B?dithVTlXNGFSOGIrc0I5V1Q3UHdncmNrOGVIMnpiYmtFWXd6ams2cnhiQXF4?= =?utf-8?B?WldVcE9nYzBFbjdXSFFVTzBNYm8xYTJrU3lYcUFvcm42bkV5RUwzUUhvTjli?= =?utf-8?B?ajBqc2poc1A2Qmo5OHUvbUI0dFBlNVVQUkFRY3A1NENCRU5neVJEOVpTVEox?= =?utf-8?B?dktQdm0wYVFVaWcvWW1NS1BPTDZydVNGUFcwMHdERlBGdGZvMmpDb1NhbzFE?= =?utf-8?B?bFM1bkY4Mit3YlVQSG1FbXZwaWcyZUtxV1cxOVdVWnVaVlo5bmZZbEtJZGNm?= =?utf-8?B?SEJFSTBoOFZMVnE4T3IzN2Jhd0toaWtCTHZrM05hWEpvYjJVa1UzcGhSR1hv?= =?utf-8?B?SGs0em12dGE1VlJMcCt2blNXQzNjTU5paWl0dWtQN09PTUVkL3JLbUE0REFW?= =?utf-8?B?R2JtdXJaMnY2R05zcU1XOXN3Lzk5ZDJyQjc3Sk5ieTZTYUJHTDBmWU5zeVFq?= =?utf-8?B?ajZyT2FCR1d6aE4yZ2M5TlVuM1p5aE9ZOUxuWmpia0FYVHh2RFREK01YZi8v?= =?utf-8?Q?V4CYJPdr33eL0=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3636; 6:itArR2iJ0vEcebs0Or1zvXiVYA8T7VeT9OXCiU7bHPrOIpooeA4CNpmZal/0+nQoc9ldnCf9uJ3fGiU3d3q4h9UGaY1Yi6ISkLhrjE7Rh0az6RFIRyDKxkAnoifjKSonv985739eKy06pkgMOBB9H28gaMrZx3WKRCT2ADRT8EFMl4Z8PfgVsmXSv2N2uv/tG/WY+yqjYm+o54ylBwMguxMRosc6IBGEZ9Zx94oP1SE71y9RZC/j22ME13Mo9FcHp3dstLxD0bMYVD4faOz6J0q/hko6lyC2g6Kf0m9ISUqxkz1dMTeUiUn5t2aKpTBnBEfeI6Xwb96UxtoJ3Q7I4aY5yrCzrPkXtqdn4+JTViM=; 5:s4eCzCqIETHm0+zxpkfwiNnbw48ICWygkEpu1lKtoYj2dfJZB898U5YrsnDOo0I0kpotuoUU6Bv3XwK+NLcNjexX8mUV1h3s3qnMF1ro2SufCvP5h2CavBp5y4wyNeKkyhVcJ0DTNR5mcRtCJMtCDNC2HfKoD+5rzQH5qZCnKSw=; 24:nLWCQ1tjRudCfwq8zROwTw4ShNI3vDNhfDRgJN6sx26oAZJAPKMC+GbMx0IdN1t3ghFFatWGiMma7cytOsU3y8WJKnMbytpvefZiahCR81Q=; 7:Gx4s6httuDSR89eCekULRd0Sj6kHMTzsHIsKGe2ahri/+hhr+kYFkBVBmvoUF1lkxN7uOiNR/FLP3NyUtxF526aPK0mGah1crgVYQz5IKuHjj3h1WovvYA7bomTh/eLgUL2uMTdnfvqPrZhWYEQjw4MRdSiBj8J1QHt2qeNcmfIiM/AXniuGSjfofEj5kRDNBWgkAe8/bNOA3p7M/VPbwvaEMHb9II8vSD6qtCVDschoHeKU6Pai10zG5GO9I3Rg SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2017 12:43:14.1795 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9916e30c-a4d3-42a7-18bd-08d5415dea3a X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR0701MB3636 Subject: Re: [dpdk-dev] [PATCH v3 2/2] examples/ipsec-secgw: add target queues in flow actions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 12:43:18 -0000 Hi Nelio, On 12/11/2017 07:34 PM, Nelio Laranjeiro wrote: > Mellanox INNOVA NIC needs to have final target queue actions to perform > inline crypto. > > Signed-off-by: Nelio Laranjeiro > > --- > > Changes in v3: > > * removed PASSTHRU test for ingress. > * removed check on configured queues for the queue action. > > Changes in v2: > > * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated. > --- > examples/ipsec-secgw/ipsec.c | 57 ++++++++++++++++++++++++++++++++++++++++++-- > examples/ipsec-secgw/ipsec.h | 2 +- > 2 files changed, 56 insertions(+), 3 deletions(-) > > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index 17bd7620d..1b8b251c8 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > rte_eth_dev_get_sec_ctx( > sa->portid); > const struct rte_security_capability *sec_cap; > + int ret = 0; > > sa->sec_session = rte_security_session_create(ctx, > &sess_conf, ipsec_ctx->session_pool); > @@ -201,15 +202,67 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; > sa->action[0].conf = sa->sec_session; > > - sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; > - > sa->attr.egress = (sa->direction == > RTE_SECURITY_IPSEC_SA_DIR_EGRESS); > sa->attr.ingress = (sa->direction == > RTE_SECURITY_IPSEC_SA_DIR_INGRESS); > + if (sa->attr.ingress) { > + uint8_t rss_key[40]; > + struct rte_eth_rss_conf rss_conf = { > + .rss_key = rss_key, > + .rss_key_len = 40, > + }; > + struct rte_eth_dev *eth_dev; > + union { > + struct rte_flow_action_rss rss; > + struct { > + const struct rte_eth_rss_conf *rss_conf; > + uint16_t num; > + uint16_t queue[RTE_MAX_QUEUES_PER_PORT]; > + } local; > + } action_rss; > + unsigned int i; > + unsigned int j; > + > + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; > + /* Try RSS. */ > + sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS; > + sa->action[1].conf = &action_rss; > + eth_dev = ctx->device; > + rte_eth_dev_rss_hash_conf_get(sa->portid, > + &rss_conf); > + for (i = 0, j = 0; > + i < eth_dev->data->nb_rx_queues; ++i) > + if (eth_dev->data->rx_queues[i]) > + action_rss.local.queue[j++] = i; > + action_rss.local.num = j; > + action_rss.local.rss_conf = &rss_conf; > + ret = rte_flow_validate(sa->portid, &sa->attr, > + sa->pattern, sa->action, > + &err); > + if (!ret) > + goto flow_create; > + /* Try Queue. */ > + sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE; > + sa->action[1].conf = > + &(struct rte_flow_action_queue){ > + .index = 0, > + }; > + ret = rte_flow_validate(sa->portid, &sa->attr, > + sa->pattern, sa->action, > + &err); > + if (ret) > + goto flow_create_failure; > + } else { > + sa->action[1].type = > + RTE_FLOW_ACTION_TYPE_PASSTHRU; > + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; We would need flow validate here also. And, for egress, the application will be able to set metadata (set_pkt_metadata API) per packet. So flow may not be required for such cases. But if the flow create fails, the session create would also fail. It might be better if we check whether the PMD would need metadata (part of the sec_cap->ol_flags). If the driver doesn't need metadata and the flow create fails, then the create session should fail. Any thoughts? > + } > +flow_create: > sa->flow = rte_flow_create(sa->portid, > &sa->attr, sa->pattern, sa->action, &err); > if (sa->flow == NULL) { > +flow_create_failure: > RTE_LOG(ERR, IPSEC, > "Failed to create ipsec flow msg: %s\n", > err.message); > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index 775b316ff..3c367d392 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -133,7 +133,7 @@ struct ipsec_sa { > uint32_t ol_flags; > > #define MAX_RTE_FLOW_PATTERN (4) > -#define MAX_RTE_FLOW_ACTIONS (2) > +#define MAX_RTE_FLOW_ACTIONS (3) > struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN]; > struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS]; > struct rte_flow_attr attr;