From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0083.outbound.protection.outlook.com [104.47.34.83]) by dpdk.org (Postfix) with ESMTP id 867251C00 for ; Thu, 7 Dec 2017 10:47:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0ZfzzmjUKxWIG3tJFNCwWBnimJS+TZaDT770Dymjd28=; b=cjcqpcJt4CWterW0B0sjMcq+mkTYbq7A4aArVv1zOop3TN7Ta1Z9u/Mgwber3itx4UlvTjtz85uIsQcF0TtUSI9JdhSxZaJ8nj02jXQR2dgknxKdd3FHfj18vpivT9Eb17MGuh8qM72QPJBrMJOyKBzbzwFa4l6rnLzLOQVFTZs= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from hyd1ajoseph-dt.caveonetworks.com (115.113.156.2) by MWHPR0701MB3641.namprd07.prod.outlook.com (2603:10b6:301:7d::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Thu, 7 Dec 2017 09:47:45 +0000 To: Nelio Laranjeiro , Sergio Gonzalez Monroy , Radu Nicolau Cc: dev@dpdk.org, Narayana Prasad , Jerin Jacob References: <6ac80a2be156911ee35c894924a02f04c43f49fc.1511449894.git.nelio.laranjeiro@6wind.com> From: Anoob Message-ID: <62e7634a-3375-ac55-fffe-a5b22eb39e0e@caviumnetworks.com> Date: Thu, 7 Dec 2017 15:17:40 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: DM5PR12CA0024.namprd12.prod.outlook.com (2603:10b6:4:1::34) To MWHPR0701MB3641.namprd07.prod.outlook.com (2603:10b6:301:7d::34) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b30ef767-146d-4f9e-2bb3-08d53d57933e X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(7168020)(4627115)(201703031133081)(201702281549075)(2017052603286); SRVR:MWHPR0701MB3641; X-Microsoft-Exchange-Diagnostics: 1; MWHPR0701MB3641; 3:11EhN76Ez6XxUlemf7IMX8oRS6272EMxwzKtYg60I4d2cfPQnYoyFki3yidChWWnmJuKNOPmRS0nYunbQ4cDru3of0rfY9XaR1IKpI5+mW3xLpennOR6tngaoLQuyQyw7M/YFVxX1wfBhtZL7hdLfhXviMKMQOqGxBSVJ84FpAFFGnf6HAcDfYjFc7/byH/ZZG6A5QqqJEPxWJ2URNsLSB2JJY0NVFK1VOq6BIo39uYGHXRE6iaLZDX9XexDwV3T; 25:XMwNL7kqMBTWh8yFzJQuMqI35qMNVe9B0SWqXB0TYgQSgz7jzRYRvdglqJGs/yr+iwxp851Kx9euXK8BoIW83kZvAjrQgwhlLnrbBnFHXv10NNdToRS143VMfBbhISAjyoOmVJq1wRQu04CDnWtoNqJTxS0nuvrHh+YVb/BjdQiA7nVuC0yNEPd4rtTdXSx4/6oSgzcg0Jxkk2froFDtgXdZ1sbNoVa4Jp4oXylCItmsdbeVaUrrmbfSDz0wozXLXoawDk0/vbQfFaUwazutaHogPFzTQOBjJnGCBaBMmVu07Ikg2xAi9KjzCrvMQUmb7J+81uhDfqQyJl9Ev8TPuw==; 31:vq/ACFsKFVEctWqeaYQRhg2NvctzMrjBzw7Q3/ILUlqJr5KZvmh6AvysC8L9ZZppXl3l1dxwnkZ9kktFbN+iimMf+k111EyZ7xhXz0fBdIFuUqAwT5HAsJZ/+60GJOeq+NbZ73jeCm4DM9jW3bjv+TL9VKvjhk4uVL9t9sPizdr4ju+156XjgR5oK4Ol0Cgyg/MQxuGoPXX84tzAWPlnzdPZMrDLAnC86BjURT9WyQY= X-MS-TrafficTypeDiagnostic: MWHPR0701MB3641: X-Microsoft-Exchange-Diagnostics: 1; MWHPR0701MB3641; 20:2/pqG71WNonyajA0n0X2voXHO4/HPIWcanWa9bmR46G6QqrKx762BnZ+2zlRZF6qgXUUuOPbflVvFfsjM7yUPf3mVj4wo8ggLx+b2SQf4oJx1FwhCuX41DexI2f2CBBgtRgBdCgNbXqJXFlLO1nxXKT7cTpKX21Ly+A7lVwHCP0e2oYYB+oIgD1ZUnlUirXkSX5avMiDirEz6mUJ58VkM1Zpgf1baq9rrlVCESV7Wasw9tuq3NGpWaxkVPVYg1LGwyN/ZnUuVa7S6tc1XfFlEP2RKmqVdjKoUEUIwpBZPUe9m4mjsejFsSLj5JRw7XR8+FmbLDfgC1mXVhLELsP05F6yekejYPRzI2NbapRYxz28zLZl1YP6JYLd5CEnt9y63UaCodm6E9swPdDNHIRxXdJg4EJwb8FLTnPKFViCrET65vk+iYRIw3g0CLwUL0jIFHJV5/6JJwJBlRP4+s/76crWXEZwZ6h4ss3ON6amjccD5in0m72ewEwMH3WqMquWzTV/YXPtdZZ5Y+6JafsWc3uJjMozQIHgybtQ0LKPCyQ59MsgY7ZfyZ8ahCb893fTuLjjRNk21Ko3XtFOG6+LWDAnAo8ThO039Ew+mcsqAQs=; 4:o0RjC/QkWVtVG8SsmpkllpJ0lQSITxzENq0R57tMlA3VlwQGsGJ09LZh5A5E2LE45bPJi6MbL8e6d0MkTpAN5dqOYBvd9SCbExAWU3EQHs6+Qpze4V6UjVIbhvpLFdxA5F0wRX87gnk8xlXzAiwUbM6JIQbPDohFpH6EBDnkRXehQymz6qXYubLLPd7/f1h0qKENL03LGCRGc+rXkKahxC6rBI7ywcMdMVGigjOb8pM3PZBd0PiYQEAA2qw7hW673vuFX3nyCsna2SPJPOJ2nJTcDDTbcWC2KSaCwYMULnW/oVRx8UjHGL5oaG0K3CLH X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(3231022)(3002001)(10201501046)(93006095)(6041248)(20161123558100)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(6072148)(201708071742011); SRVR:MWHPR0701MB3641; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:MWHPR0701MB3641; X-Forefront-PRVS: 05143A8241 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(366004)(376002)(24454002)(199004)(189003)(110136005)(36756003)(101416001)(68736007)(69596002)(8936002)(230700001)(53546010)(3846002)(6116002)(478600001)(47776003)(66066001)(31686004)(65956001)(65806001)(97736004)(72206003)(33646002)(54906003)(106356001)(316002)(53416004)(58126008)(105586002)(16526018)(52146003)(6512007)(5660300001)(6506006)(6486002)(42882006)(52116002)(83506002)(55236003)(67846002)(50466002)(23676004)(81166006)(107886003)(2950100002)(6666003)(81156014)(2486003)(65826007)(229853002)(6246003)(8676002)(64126003)(53936002)(7736002)(25786009)(4326008)(305945005)(2906002)(76176011)(31696002); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR0701MB3641; H:hyd1ajoseph-dt.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjA3MDFNQjM2NDE7MjM6bGdMbWlPVStNa0pPckx6eEd4M1JPVDZs?= =?utf-8?B?MktEM2cxc1dSc1JPWmtiVytCdTZIZVQzTnErSm9IMVBRMEY2eEVKdnVCWlcy?= =?utf-8?B?ZnlYc3ZveGFGRUs5M3IzUTloOVRmcTJrSlhsNU1xQzBSMlZIS2dPTnZKV0tM?= =?utf-8?B?RmMrbUZrK1NyRHY4d2dReHhoT3Vzb1pOVWI2NkN6cXZJMnRSZmRPMDhvNldH?= =?utf-8?B?eVJZL3pCWVNiSEhBSWRQUkcyamNUdWM2K0cxczRSVjUzeUovb0dJakl5ZDN2?= =?utf-8?B?ZGd4dHdndnNTUVBPaGtMVmxUKzdNVThqWW52VklRZ2FUTUlVcjRLSHlzUVBD?= =?utf-8?B?aVU4V0RqWmJzSEZZS2hBMmJWTnZJRElJd0J0VXRzRkNaZWdyU0tGS3poTWxB?= =?utf-8?B?b2Z5T3QxL2c5RFVuMXZTZjFuZi9ia0hPUjBISSttYmhUSlF2ZjB4RGJ5bElq?= =?utf-8?B?ajhCcjR3eDZzWWFVRit1SUszY2JlSFl1RkhONEthWXdwWitjZHZWM0t6dmU0?= =?utf-8?B?bUYrQXo3VEo5UjVmcGVHb1ZRQ2F3N0FOdnpQWnZQa29kUC9XRm9OTklrZDB0?= =?utf-8?B?VXc4dXVJaWpVTk9yeXJyRWJsbzA4T0dqNEJKQ0cyU1lHbUpJZnN3Tkc4NzJO?= =?utf-8?B?MllFKzkvR2dWQVVwNksxQXorYUo1Y1RXbHk2QlMxeEhqLzhWVHpJVWxKY0g4?= =?utf-8?B?YlBTN0c1c25PNHMxc3FkK09WMU0vck55c2I3bTVxQzl3endCbStTT1ZkSkRz?= =?utf-8?B?NE9sbzBWdW5yZS9kRHJZd1d5OXJKTVRyR3d5V1JsczMxNks3RFhQNEk3R2cy?= =?utf-8?B?bUViejh1MGJyd3BRTE5MSXUxZ2NSbUFITlpJWTV4ekhhU1RYb3ZjUW9WU01z?= =?utf-8?B?Z2NzSzBuZGpKVlg3bkU0NUpHeDFMYXg0SEJ1VE5qekovaytOSTZkSTB6cVFY?= =?utf-8?B?aHRkaHJ1eUl1SzR1eXFFTG9OMmo1R2daNVlTV1cvSHcyMTRpVWxrditRVkxk?= =?utf-8?B?T1U4UitEZ09mMUZud0ZLR2ZKTDVHSVdpc2FuMFJ2SXNjR09HMmVTbmdXU01i?= =?utf-8?B?SlFHU1BXRElnSkZtelRHUHJWQlIwYi9QcFByeFZWMWRBZ21lZDMwbCtyM3Na?= =?utf-8?B?MmtxOWxBcXhRR3RlaFRpU0xodU03R05oelZEWWoxSmJuTVZaY096OFViR0VN?= =?utf-8?B?UWlLeFQxNzk0QlhoZTlCQkNlSDZDbzVSOS93TzVaaCtJeFEwVW9VZ3AyMitu?= =?utf-8?B?UnpBbnFsd1JWOGwySDMxNTNrd1FzTU5EdzVOSnZWS1hRZ1kvMEIyN2oxamhR?= =?utf-8?B?NVFQQmM1UGVzT0wrOXdKSmxCZnJlcjJ3N1dtV0lVeUlMNDE0N2hQeDJhZzcx?= =?utf-8?B?RGZQZVo2cXBrNTRTeDNYaUhmYml1YkJ5TUpoT3hvMmxUMWFtdmhtT1Mxcmw4?= =?utf-8?B?ZWNxZ2h0SkZYbW5pNG9WWlZLOXV5ZVZ6dnpCd0VyTlJtcEJ2WUQ5cWRxMDBR?= =?utf-8?B?RDlVVVJtT3cxOG5oQlVDZzEzV2ZwTFdsRVArMlQwUWdLMHljWUxnbEp2djBl?= =?utf-8?B?SVRISmcvZ1B5akdpMDBJRllWM2lXYytiK0xEZlI1MnBOZ3EyTGFXRVZVd1Nm?= =?utf-8?B?R2orcnNvaGxhRWF1Nm80b0FmeWt5UjNuQzE5Y1RSbFFaUVRWNEljbmNOZ2dI?= =?utf-8?B?MkZaNm4zN0dVcDRoQzNJbGpVNWxqbmpRRnRwVDVKdHZiR3FNR2ZlMDdsbTRB?= =?utf-8?B?SXZYclcrcTlsWDM3ZGpCdGh0OFBpN2VreC92emNyTmpXNnRJbUIwZ3pSMy83?= =?utf-8?B?QVpSUGxmbHVaeGM5UnBYNlN5cGtBcEthT2taakZ4ZEI0RFIxTHFSUUkvUmwv?= =?utf-8?B?eHNjUE93M09Kc0R4OUk0RTB2ZEJjU2l4V0xNaWl5VnhqTG5GTnhJUU1SQm1Y?= =?utf-8?Q?jG4kFeXgoKFEUV+u83Gb+yzaosBIMlEY=3D?= X-Microsoft-Exchange-Diagnostics: 1; MWHPR0701MB3641; 6:97IVVB0APf0M/PNQX/HaFTXZGCAEN3kL/7l6pOsU+KMzb7ceL2qVonvGDPIDIYj2Xejlp51utzB/FeqK6TBMzcJTAWoaGhC96il3qnIgE3tuJyDG64gC+77BuGcwP9+LkaOjdKmduTNWsh+T/OPQco3Lj4+CBPITkJXAvylP2xslLc5dj/ElPRrBjOzIN0e6apjfHaYzKc7nY4CfxwHgCskmq/5m5l1iZlop6sYoUiBS9Xjw9vrsQIM0KCMkqZugXSAjVaYYa2Zyd11G8pqTerShAj4EX3oxHjHIvLhFXrvqkSRhBWD1HNAHT65969vB+g8VAe14/ZaQpTKVS2G7L2vSjcDnhEmqXNmkek4VtT0=; 5:fk5ZV7L7JDDl2P43RSIusS9pEWlusHvS5xVCBOCLAalovTiV0roNOlVnUEeFRVIHT9r1FvevW5VVB5nzJttutrVJCkLT0hjv+cZSZTVIMPs8ucl2YjR/ZvoLYy+Ojm43ROXGt2fSuVTYf280Po+Ex6Rd3HN8Qke6iA1mV0KOxMY=; 24:CoBHrFydYG2CvEBk+HJSuojuojUpe86YsI4e2n0irHCOdf5vTtPTl4tMe7+UllHNpO6+ZW9lTepTkIPVffrNNQlmeDIu+OUJoSsazcMsyWI=; 7:oNn8fndejUUTay/ooP99NxiU1nQeyVgdKja/7gNkWBKxGkKYwIoTmVVd/TQgX8EC+43OBXNb2t+FSJ3Kh3crW5RtEkY+rahgWP00VIAgUVCOF1MIw/Yx/zDuWcoAxW59qmcRhYeVuEQBXdJDaMhV5hISHq1tOciDzGlYwkYBkj7icVP8X4j0BYnWWD/rPgYfxkumM+UTBQKITSRwOIWjgylJ8nCw6PhKFH1NNyZyZrfPyvCqZm+s+oRv5w1i2ljA SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Dec 2017 09:47:45.9564 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b30ef767-146d-4f9e-2bb3-08d53d57933e X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR0701MB3641 Subject: Re: [dpdk-dev] [PATCH v2 2/2] examples/ipsec-secgw: add target queues in flow actions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2017 09:47:51 -0000 Hi Nelio, On 12/04/2017 07:41 PM, Nelio Laranjeiro wrote: > Mellanox INNOVA NIC needs to have final target queue actions to perform > inline crypto. > > Signed-off-by: Nelio Laranjeiro > > --- > > Changes in v2: > > * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated. > --- > examples/ipsec-secgw/ipsec.c | 81 ++++++++++++++++++++++++++++++++++++++++---- > examples/ipsec-secgw/ipsec.h | 2 +- > 2 files changed, 76 insertions(+), 7 deletions(-) > > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index 17bd7620d..f8823fb94 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > rte_eth_dev_get_sec_ctx( > sa->portid); > const struct rte_security_capability *sec_cap; > + int ret = 0; > > sa->sec_session = rte_security_session_create(ctx, > &sess_conf, ipsec_ctx->session_pool); > @@ -173,6 +174,10 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > return -1; > } > > + sa->attr.egress = (sa->direction == > + RTE_SECURITY_IPSEC_SA_DIR_EGRESS); > + sa->attr.ingress = (sa->direction == > + RTE_SECURITY_IPSEC_SA_DIR_INGRESS); > sa->ol_flags = sec_cap->ol_flags; > sa->security_ctx = ctx; > sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH; > @@ -201,15 +206,79 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) > sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; > sa->action[0].conf = sa->sec_session; > > - sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; > - > - sa->attr.egress = (sa->direction == > - RTE_SECURITY_IPSEC_SA_DIR_EGRESS); > - sa->attr.ingress = (sa->direction == > - RTE_SECURITY_IPSEC_SA_DIR_INGRESS); > + if (sa->attr.ingress) { > + uint8_t rss_key[40]; > + struct rte_eth_rss_conf rss_conf = { > + .rss_key = rss_key, > + .rss_key_len = 40, > + }; > + struct rte_eth_dev *eth_dev; > + union { > + struct rte_flow_action_rss rss; > + struct { > + const struct rte_eth_rss_conf *rss_conf; > + uint16_t num; > + uint16_t queue[RTE_MAX_QUEUES_PER_PORT]; > + } local; > + } action_rss; > + unsigned int i; > + unsigned int j; > + > + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; > + /* > + * Try implicitly PASSTHRU, it can also be > + * explicit. > + */ May be we can get rid of this check. You can do the check with RSS and then QUEUE. That should be fine. SECURITY is terminating on Cavium hardware, but according to the spec it is a non-terminating meta action. We can stick to that. For Cavium hardware the PMD will give success to SECURITY+QUEUE. That should resolve the issue. > + sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; > + ret = rte_flow_validate(sa->portid, &sa->attr, > + sa->pattern, sa->action, > + &err); > + if (!ret) > + goto flow_create; > + /* Try RSS. */ > + sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS; > + sa->action[1].conf = &action_rss; > + eth_dev = ctx->device; > + rte_eth_dev_rss_hash_conf_get(sa->portid, > + &rss_conf); > + for (i = 0, j = 0; > + i < eth_dev->data->nb_rx_queues; ++i) > + if (eth_dev->data->rx_queues[i]) > + action_rss.local.queue[j++] = i; > + action_rss.local.num = j; > + action_rss.local.rss_conf = &rss_conf; > + ret = rte_flow_validate(sa->portid, &sa->attr, > + sa->pattern, sa->action, > + &err); > + if (!ret) > + goto flow_create; > + /* Try Queue. */ > + for (i = 0; > + i < eth_dev->data->nb_rx_queues; ++i) > + if (eth_dev->data->rx_queues[i]) > + break; > + if (i != eth_dev->data->nb_rx_queues) > + return -1; > + sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE; > + sa->action[1].conf = > + &(struct rte_flow_action_queue){ > + .index = i, > + }; > + ret = rte_flow_validate(sa->portid, &sa->attr, > + sa->pattern, sa->action, > + &err); > + if (ret) > + goto flow_create_failure; > + } else { > + sa->action[1].type = > + RTE_FLOW_ACTION_TYPE_PASSTHRU; > + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; > + } > +flow_create: > sa->flow = rte_flow_create(sa->portid, > &sa->attr, sa->pattern, sa->action, &err); > if (sa->flow == NULL) { > +flow_create_failure: > RTE_LOG(ERR, IPSEC, > "Failed to create ipsec flow msg: %s\n", > err.message); > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index 775b316ff..82ffc1c6d 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -133,7 +133,7 @@ struct ipsec_sa { > uint32_t ol_flags; > > #define MAX_RTE_FLOW_PATTERN (4) > -#define MAX_RTE_FLOW_ACTIONS (2) > +#define MAX_RTE_FLOW_ACTIONS (4) > struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN]; > struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS]; > struct rte_flow_attr attr;