From: "Peng, Yuan" <yuan.peng@intel.com>
To: "Bie, Tiwei" <tiwei.bie@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "adrien.mazarguil@6wind.com" <adrien.mazarguil@6wind.com>,
"Lu, Wenzhuo" <wenzhuo.lu@intel.com>,
"Mcnamara, John" <john.mcnamara@intel.com>,
"olivier.matz@6wind.com" <olivier.matz@6wind.com>,
"thomas.monjalon@6wind.com" <thomas.monjalon@6wind.com>,
"Ananyev, Konstantin" <konstantin.ananyev@intel.com>,
"Zhang, Helin" <helin.zhang@intel.com>,
"Dai, Wei" <wei.dai@intel.com>,
"Wang, Xiao W" <xiao.w.wang@intel.com>
Subject: Re: [dpdk-dev] [PATCH v5 0/8] Add MACsec offload support for ixgbe
Date: Wed, 4 Jan 2017 08:29:39 +0000 [thread overview]
Message-ID: <67D543A150B29E4CAAE53918F64EDAEA369A9B26@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <1483514502-32841-1-git-send-email-tiwei.bie@intel.com>
Tested-by: Peng Yuan <yuan.peng@intel.com>
- Tested Branch: master
- Tested Commit: eac901ce29be559b1bb5c5da33fe2bf5c0b4bfd6
- OS: Fedora24 4.5.5-300.fc24.x86_64
- GCC: gcc version 5.3.1 20151207
- CPU: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
- NIC: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection [8086:10fb]
- Default x86_64-native-linuxapp-gcc configuration
- Total 5 cases, 5 passed, 0 failed
- Prerequisites:
1x Niantic NIC (2x 10G)
2x IXIA ports (10G)
- Added commands:
testpmd>set macsec offload (port_id) on encrypt (on|off) replay-protect (on|off)
" Enable MACsec offload. "
testpmd>set macsec offload (port_id) off
" Disable MACsec offload. "
testpmd>set macsec sc (tx|rx) (port_id) (mac) (pi)
" Configure MACsec secure connection (SC). "
testpmd>set macsec sa (tx|rx) (port_id) (idx) (an) (pn) (key)
" Configure MACsec secure association (SA). "
- Test Case 1: MACsec packets send and receive
============================================
1. bind two ports to dpdk driver::
./tools/dpdk-devbind.py -b igb_uio 07:00.0 07:00.1
2. config the rx port
1). start the testpmd of rx port::
./testpmd -c 0xc --socket-mem 1024,1024 --file-prefix=rx -w 0000:07:00.1 \
-- --port-topology=chained -i --crc-strip
2). set MACsec offload on::
testpmd>set macsec offload 0 on encrypt on replay-protect on
3). set MACsec parameters as rx_port::
testpmd>set macsec sc rx 0 00:00:00:00:00:01 0
testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000
4). set MACsec parameters as tx_port::
testpmd>set macsec sc tx 0 00:00:00:00:00:02 0
testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000
5). set rxonly::
testpmd>set fwd rxonly
6). start::
testpmd>set promisc all on
testpmd>start
3. config the tx port
1). start the testpmd of tx port::
./testpmd -c 0x30 --socket-mem 1024,1024 --file-prefix=tx -w 0000:07:00.0 \
-- --port-topology=chained -i --crc-strip --txqflags=0x0
2). set MACsec offload on::
testpmd>set macsec offload 0 on encrypt on replay-protect on
3). set MACsec parameters as tx_port::
testpmd>set macsec sc tx 0 00:00:00:00:00:01 0
testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000
4). set MACsec parameters as rx_port::
testpmd>set macsec sc rx 0 00:00:00:00:00:02 0
testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000
5). set txonly::
testpmd>set fwd txonly
6). start::
testpmd>start
4. check the result::
testpmd>stop
testpmd>show port xstats 0
stop the packet transmiting on tx_port first, then stop the packet receiving
on rx_port.
check the rx data and tx data:
tx_good_packets == rx_good_packets
out_pkts_encrypted == in_pkts_ok == tx_good_packets == rx_good_packets
out_octets_encrypted == in_octets_decrypted
out_octets_protected == in_octets_validated
if you want to check the content of the packet, use the command::
testpmd>set verbose 1
the received packets are Decrypted.
check the ol_flags:PKT_RX_IP_CKSUM_GOOD
check the content of the packet:
type=0x0800, the ptype of L2,L3,L4: L2_ETHER L3_IPV4 L4_UDP
Test Case 2: MACsec packets send and normal receive
===================================================
1. disable MACsec offload on rx port::
testpmd>set macsec offload 0 off
2. start the the packets transfer
3. check the result::
testpmd>stop
testpmd>show port xstats 0
stop the testpmd on tx_port first, then stop the testpmd on rx_port.
the received packets are encrypted.
check the content of the packet:
type=0x88e5 sw ptype: L2_ETHER - l2_len=14 - Receive queue=0x0
you can't find L3 and L4 infomation in the packet
in_octets_decrypted and in_octets_validated doesn't increase on last data
transfer.
Test Case 3: normal packet send and MACsec receive
==================================================
1. enable MACsec offload on rx port::
testpmd>set macsec offload 0 on encrypt on replay-protect on
2. disable MACsec offload on tx port::
testpmd>set macsec offload 0 off
3. start the the packets transfer
4. check the result::
testpmd>stop
testpmd>show port xstats 0
stop the testpmd on tx_port first, then stop the testpmd on rx_port.
the received packets are not encrypted.
check the content of the packet:
type=0x0800, the ptype of L2,L3,L4: L2_ETHER L3_IPV4 L4_UDP
in_octets_decrypted and out_pkts_encrypted doesn't increase on last data
transfer.
Test Case 4: MACsec send and receive with wrong parameters
==========================================================
1. don't add "--txqflags=0x0" in the tx_port command line.
the MACsec offload can't work. the tx packets are normal packets.
2. set different pn on rx and tx port, then start the data transfer.
1) set the parameters as test case 1, start and stop the data transfer.
check the result, rx port can receive and decrypt the packets normally.
2) reset the pn of tx port to 0::
testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000
rx port can receive the packets until the pn equals the pn of tx port::
out_pkts_encrypted = in_pkts_late + in_pkts_ok
2. set different keys on rx and tx port, then start the data transfer::
the RX-packets=0,
in_octets_decrypted == out_octets_encrypted,
in_pkts_notvalid == out_pkts_encrypted,
in_pkts_ok=0,
rx_good_packets=0
3. set different pi on rx and tx port(reset on rx_port), then start the data
transfer::
in_octets_decrypted == out_octets_encrypted,
in_pkts_ok = 0,
in_pkts_nosci == out_pkts_encrypted
4. set different an on rx and tx port, then start the data transfer::
rx_good_packets=0,
in_octets_decrypted == out_octets_encrypted,
in_pkts_notusingsa == out_pkts_encrypted,
in_pkts_ok=0,
rx_good_packets=0
5. set different index on rx and tx port, then start the data transfer::
in_octets_decrypted == out_octets_encrypted,
in_pkts_ok == out_pkts_encrypted
Test Case 5: performance test of MACsec offload packets
==========================================================
1. tx linerate
port0 connected to IXIA port5, port1 connected to IXIA port6, set port0
MACsec offload on, set fwd mac.
on IXIA side, start IXIA port6 transmit, start the IXIA capture.
view the IXIA port5 captrued packet, the protocol is MACsec, the EtherType
is 0x88E5, and the packet length is 96bytes, more than the normal packet
32 bytes.
The valid frames received rate is 10.78Mpps, and the %linerate is 100%.
2. rx linerate
there are three ports 05:00.0 07:00.0 07:00.1. connect 07:00.0 to 07:00.1
with cable, connect 05:00.0 to IXIA. bind the three ports to dpdk driver.
start two testpmd::
./testpmd -c 0x3 --socket-mem 1024,1024 --file-prefix=rx -w 0000:07:00.1 \
-- --port-topology=chained -i --crc-strip --txqflags=0x0
testpmd>set macsec offload 0 on encrypt on replay-protect on
testpmd>set macsec sc rx 0 00:00:00:00:00:01 0
testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000
testpmd>set macsec sc tx 0 00:00:00:00:00:02 0
testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000
testpmd>set fwd rxonly
./testpmd -c 0xc --socket-mem 1024,1024 --file-prefix=tx -b 0000:07:00.1 \
-- --port-topology=chained -i --crc-strip --txqflags=0x0
testpmd>set macsec offload 1 on encrypt on replay-protect on
testpmd>set macsec sc rx 1 00:00:00:00:00:02 0
testpmd>set macsec sa rx 1 0 0 0 00112200000000000000000000000000
testpmd>set macsec sc tx 1 00:00:00:00:00:01 0
testpmd>set macsec sa tx 1 0 0 0 00112200000000000000000000000000
testpmd>set fwd mac
start on both two testpmd.
start data transmit from IXIA port, the frame size is 64bytes,
the Ethertype is 0x0800. the rate is 14.88Mpps.
check the linerate on rxonly port::
testpmd>show port stats 0
It shows "Rx-pps: 10775697", so the rx %linerate is 100%.
check the MACsec packets number on tx side::
testpmd>show port xstats 1
on rx side::
testpmd>show port xstats 0
in_pkts_ok == out_pkts_encrypted
-----Original Message-----
From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Tiwei Bie
Sent: Wednesday, January 4, 2017 3:22 PM
To: dev@dpdk.org
Cc: adrien.mazarguil@6wind.com; Lu, Wenzhuo <wenzhuo.lu@intel.com>; Mcnamara, John <john.mcnamara@intel.com>; olivier.matz@6wind.com; thomas.monjalon@6wind.com; Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhang, Helin <helin.zhang@intel.com>; Dai, Wei <wei.dai@intel.com>; Wang, Xiao W <xiao.w.wang@intel.com>
Subject: [dpdk-dev] [PATCH v5 0/8] Add MACsec offload support for ixgbe
This patch set adds the MACsec offload support for ixgbe.
The testpmd is also updated to support MACsec cmds.
v2:
- Update the documents for testpmd;
- Update the release notes;
- Reuse the functions provided by base code;
v3:
- Add the missing parts of MACsec mbuf flag and reorganize the patch set;
- Add an ethdev event type for MACsec;
- Advertise the MACsec offload capabilities based on the mac type;
- Minor fixes and improvements;
v4:
- Reserve bits in mbuf and ethdev for PMD specific API;
- Use the reserved bits in PMD specific API;
v5:
- Add MACsec offload in the NIC feature list;
- Minor improvements on comments;
Tiwei Bie (8):
mbuf: reserve a Tx offload flag for PMD-specific API
ethdev: reserve an event type for PMD-specific API
ethdev: reserve capability flags for PMD-specific API
net/ixgbe: add MACsec offload support
app/testpmd: add MACsec offload commands
doc: add ixgbe specific APIs
doc: update the release notes for the reserved flags
doc: add MACsec offload into NIC feature list
app/test-pmd/cmdline.c | 389 ++++++++++++++++++++++
app/test-pmd/macfwd.c | 7 +
app/test-pmd/macswap.c | 7 +
app/test-pmd/testpmd.h | 2 +
app/test-pmd/txonly.c | 7 +
doc/guides/nics/features/default.ini | 1 +
doc/guides/nics/features/ixgbe.ini | 1 +
doc/guides/rel_notes/release_17_02.rst | 18 ++
doc/guides/testpmd_app_ug/testpmd_funcs.rst | 32 ++
drivers/net/ixgbe/ixgbe_ethdev.c | 481 +++++++++++++++++++++++++++-
drivers/net/ixgbe/ixgbe_ethdev.h | 45 +++
drivers/net/ixgbe/ixgbe_rxtx.c | 5 +
drivers/net/ixgbe/rte_pmd_ixgbe.h | 122 +++++++
drivers/net/ixgbe/rte_pmd_ixgbe_version.map | 11 +
lib/librte_ether/rte_ethdev.h | 4 +
lib/librte_mbuf/rte_mbuf.c | 2 +
lib/librte_mbuf/rte_mbuf.h | 5 +
17 files changed, 1134 insertions(+), 5 deletions(-)
--
2.7.4
next prev parent reply other threads:[~2017-01-04 8:29 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-03 14:59 [dpdk-dev] [PATCH 0/3] " Tiwei Bie
2016-12-03 14:59 ` [dpdk-dev] [PATCH 1/3] lib: add MACsec offload flags Tiwei Bie
2016-12-03 14:59 ` [dpdk-dev] [PATCH 2/3] net/ixgbe: add MACsec offload support Tiwei Bie
2016-12-03 14:59 ` [dpdk-dev] [PATCH 3/3] app/testpmd: add ixgbe " Tiwei Bie
2016-12-16 1:43 ` [dpdk-dev] [PATCH v2 0/4] Add MACsec offload support for ixgbe Tiwei Bie
2016-12-16 1:43 ` [dpdk-dev] [PATCH v2 1/4] lib: add MACsec offload flags Tiwei Bie
2016-12-16 1:43 ` [dpdk-dev] [PATCH v2 2/4] net/ixgbe: add MACsec offload support Tiwei Bie
2016-12-16 1:43 ` [dpdk-dev] [PATCH v2 3/4] app/testpmd: add ixgbe " Tiwei Bie
2016-12-16 1:43 ` [dpdk-dev] [PATCH v2 4/4] doc: add ixgbe specific APIs Tiwei Bie
2016-12-16 10:29 ` Mcnamara, John
2016-12-25 14:57 ` [dpdk-dev] [PATCH v3 0/6] Add MACsec offload support for ixgbe Tiwei Bie
2016-12-25 14:57 ` [dpdk-dev] [PATCH v3 1/6] mbuf: add flag for MACsec Tiwei Bie
2016-12-25 14:57 ` [dpdk-dev] [PATCH v3 2/6] ethdev: add event type " Tiwei Bie
2016-12-25 14:57 ` [dpdk-dev] [PATCH v3 3/6] ethdev: add MACsec offload capability flags Tiwei Bie
2016-12-25 14:57 ` [dpdk-dev] [PATCH v3 4/6] net/ixgbe: add MACsec offload support Tiwei Bie
2016-12-25 14:57 ` [dpdk-dev] [PATCH v3 5/6] app/testpmd: add MACsec offload commands Tiwei Bie
2016-12-25 14:58 ` [dpdk-dev] [PATCH v3 6/6] doc: add ixgbe specific APIs Tiwei Bie
2016-12-26 15:15 ` [dpdk-dev] [PATCH v3 0/6] Add MACsec offload support for ixgbe Adrien Mazarguil
2016-12-27 1:33 ` Tiwei Bie
2016-12-27 14:37 ` Adrien Mazarguil
2016-12-27 17:42 ` Tiwei Bie
2016-12-28 15:41 ` [dpdk-dev] [PATCH v4 0/7] " Tiwei Bie
2016-12-28 15:41 ` [dpdk-dev] [PATCH v4 1/7] mbuf: reserve a Tx offload flag for PMD-specific API Tiwei Bie
2016-12-28 15:41 ` [dpdk-dev] [PATCH v4 2/7] ethdev: reserve an event type " Tiwei Bie
2016-12-28 15:41 ` [dpdk-dev] [PATCH v4 3/7] ethdev: reserve capability flags " Tiwei Bie
2016-12-28 15:41 ` [dpdk-dev] [PATCH v4 4/7] net/ixgbe: add MACsec offload support Tiwei Bie
2016-12-28 15:41 ` [dpdk-dev] [PATCH v4 5/7] app/testpmd: add MACsec offload commands Tiwei Bie
2016-12-28 15:41 ` [dpdk-dev] [PATCH v4 6/7] doc: add ixgbe specific APIs Tiwei Bie
2016-12-28 15:41 ` [dpdk-dev] [PATCH v4 7/7] doc: update the release notes for the reserved flags Tiwei Bie
2017-01-03 6:15 ` [dpdk-dev] [PATCH v4 0/7] Add MACsec offload support for ixgbe Lu, Wenzhuo
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 0/8] " Tiwei Bie
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 1/8] mbuf: reserve a Tx offload flag for PMD-specific API Tiwei Bie
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 2/8] ethdev: reserve an event type " Tiwei Bie
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 3/8] ethdev: reserve capability flags " Tiwei Bie
2017-01-04 14:21 ` Ananyev, Konstantin
2017-01-04 14:39 ` Tiwei Bie
2017-01-04 15:14 ` Ananyev, Konstantin
2017-01-04 17:00 ` Tiwei Bie
2017-01-04 17:44 ` Ananyev, Konstantin
2017-01-04 23:56 ` Tiwei Bie
2017-01-05 8:33 ` Adrien Mazarguil
2017-01-05 10:05 ` Tiwei Bie
2017-01-05 11:32 ` Ananyev, Konstantin
2017-01-05 18:21 ` Adrien Mazarguil
2017-01-08 12:39 ` Ananyev, Konstantin
2017-01-09 3:57 ` Tiwei Bie
2017-01-09 11:26 ` Thomas Monjalon
2017-01-10 2:08 ` Tiwei Bie
2017-01-11 17:32 ` Olivier MATZ
2017-01-12 2:08 ` Tiwei Bie
2017-01-12 2:42 ` Yuanhan Liu
2017-01-09 14:41 ` Adrien Mazarguil
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 4/8] net/ixgbe: add MACsec offload support Tiwei Bie
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 5/8] app/testpmd: add MACsec offload commands Tiwei Bie
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 6/8] doc: add ixgbe specific APIs Tiwei Bie
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 7/8] doc: update the release notes for the reserved flags Tiwei Bie
2017-01-04 7:21 ` [dpdk-dev] [PATCH v5 8/8] doc: add MACsec offload into NIC feature list Tiwei Bie
2017-01-04 8:29 ` Peng, Yuan [this message]
2017-01-11 4:31 ` [dpdk-dev] [PATCH v6 0/6] Add MACsec offload support for ixgbe Tiwei Bie
2017-01-11 4:31 ` [dpdk-dev] [PATCH v6 1/6] mbuf: add flag for MACsec Tiwei Bie
2017-01-11 17:41 ` Olivier MATZ
2017-01-11 4:31 ` [dpdk-dev] [PATCH v6 2/6] ethdev: add event type " Tiwei Bie
2017-01-11 4:31 ` [dpdk-dev] [PATCH v6 3/6] ethdev: add MACsec offload capability flags Tiwei Bie
2017-01-11 4:31 ` [dpdk-dev] [PATCH v6 4/6] net/ixgbe: add MACsec offload support Tiwei Bie
2017-01-11 4:31 ` [dpdk-dev] [PATCH v6 5/6] app/testpmd: add MACsec offload commands Tiwei Bie
2017-01-13 9:07 ` Thomas Monjalon
2017-01-13 9:16 ` Tiwei Bie
2017-01-11 4:31 ` [dpdk-dev] [PATCH v6 6/6] doc: add ixgbe specific APIs Tiwei Bie
2017-01-13 11:21 ` [dpdk-dev] [PATCH v7 0/6] Add MACsec offload support for ixgbe Tiwei Bie
2017-01-13 11:21 ` [dpdk-dev] [PATCH v7 1/6] mbuf: add flag for MACsec Tiwei Bie
2017-01-13 11:21 ` [dpdk-dev] [PATCH v7 2/6] ethdev: add event type " Tiwei Bie
2017-01-16 2:31 ` Ananyev, Konstantin
2017-01-13 11:21 ` [dpdk-dev] [PATCH v7 3/6] ethdev: add MACsec offload capability flags Tiwei Bie
2017-01-16 2:33 ` Ananyev, Konstantin
2017-01-13 11:21 ` [dpdk-dev] [PATCH v7 4/6] net/ixgbe: add MACsec offload support Tiwei Bie
2017-01-13 11:21 ` [dpdk-dev] [PATCH v7 5/6] app/testpmd: add MACsec offload commands Tiwei Bie
2017-01-13 11:21 ` [dpdk-dev] [PATCH v7 6/6] doc: add ixgbe specific APIs Tiwei Bie
2017-01-15 18:19 ` [dpdk-dev] [PATCH v7 0/6] Add MACsec offload support for ixgbe Thomas Monjalon
2017-01-23 2:30 ` Peng, Yuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67D543A150B29E4CAAE53918F64EDAEA369A9B26@shsmsx102.ccr.corp.intel.com \
--to=yuan.peng@intel.com \
--cc=adrien.mazarguil@6wind.com \
--cc=dev@dpdk.org \
--cc=helin.zhang@intel.com \
--cc=john.mcnamara@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=olivier.matz@6wind.com \
--cc=thomas.monjalon@6wind.com \
--cc=tiwei.bie@intel.com \
--cc=wei.dai@intel.com \
--cc=wenzhuo.lu@intel.com \
--cc=xiao.w.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).