From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 72265A0540; Thu, 22 Sep 2022 07:05:25 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1641B4067C; Thu, 22 Sep 2022 07:05:25 +0200 (CEST) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150049.outbound.protection.outlook.com [40.107.15.49]) by mails.dpdk.org (Postfix) with ESMTP id D7D0840156 for ; Thu, 22 Sep 2022 07:05:23 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N4DEppqlvfr1xtq0n2+U0hW68ppDvL2jv5wcOMwysIWk8JkRxRWREXpDI8LJXmkGsdEAKwkOXlijvQV3lE0Db6MXU/NXUd2K0KfcXPVTQ0fjNNq/UXRhTf0KKjJaWMxMDqBXDH8ugyZ7gT1sVit/g8AwBrSZhGOv67GCvcBEkTSfiL5pBxSgUsHfn9Q/ySkou+1WMwtrwoART5NgEfYGSkMsqGqkk12nvViCzYf3lvWtIjcLpJxLABRhOSYTTEEuhtnLDXo5XySbhQZeYvHqwg7MiiN8vy+P827wuWfYCrpoYJ0CJDkvg30+Is9fcNk3HLuSnnlq9XbjnByh+eGn9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=q10xjScXIizYVWlcc2vv4H7T1VcDyBEhi04CwNEMpfQ=; b=JV0oU/9szGZyx4YdPteBbQv+PjI6gbIiW8/x38NbmXpscW4jTXKhLoGvq4jNz8WqCQ+rAf3/xox6lQsqBP5c1q3aaYUMxOnTkqUCbfq0Kqd5LfofRDZNji764uS67oLfaFStZRYqFK21a3eYZgyx1Jgwpd1ceUXvro6fjtQCFKZD3/0laOl6P5v9eMnOg3cDyo7kiGD/szyBO2TtOSrhgXGNTG7+Nl1Ce9AKRsImAdBXBHOXkWqDKOQcTdrfQpz77ujm5Wo1x5jQUPdNWgFUXa/CJU5gjFTun5aaIe76kZ5oF79rfE8keIwv4U18ZhJbZRLDYrCbZzooTWT05gT4Ag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q10xjScXIizYVWlcc2vv4H7T1VcDyBEhi04CwNEMpfQ=; b=n+jr4rlTQLZbfX4uLj/myQtf5psscdR8QvjrjE+aavhYayw35FxymzHoU2glJqeHTPDrZ00WT+y7xdmOzqYQlVoDdnJwTHcZd1bncoKaGK8gWAt1R0CFNm3wrr0jpubSgy+PZ4DjKod6DSPWRAZMiG9nT9Gw5N27ck8PAXtm8lE= Received: from AS8PR04MB8198.eurprd04.prod.outlook.com (2603:10a6:20b:3b0::14) by AS8PR04MB7734.eurprd04.prod.outlook.com (2603:10a6:20b:2a6::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.18; Thu, 22 Sep 2022 05:05:21 +0000 Received: from AS8PR04MB8198.eurprd04.prod.outlook.com ([fe80::7fa1:7edf:58d8:6c0a]) by AS8PR04MB8198.eurprd04.prod.outlook.com ([fe80::7fa1:7edf:58d8:6c0a%5]) with mapi id 15.20.5654.018; Thu, 22 Sep 2022 05:05:21 +0000 From: Gagandeep Singh To: Volodymyr Fialko , "dev@dpdk.org" , Radu Nicolau , Akhil Goyal CC: "jerinj@marvell.com" , "anoobj@marvell.com" Subject: RE: [PATCH 3/6] examples/ipsec-secgw: add lookaside event mode Thread-Topic: [PATCH 3/6] examples/ipsec-secgw: add lookaside event mode Thread-Index: AQHYp+4iHtrLA8wp7U+tRL0hUfa31q3rL2OA Date: Thu, 22 Sep 2022 05:05:21 +0000 Message-ID: References: <20220804103626.102688-1-vfialko@marvell.com> <20220804103626.102688-4-vfialko@marvell.com> In-Reply-To: <20220804103626.102688-4-vfialko@marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AS8PR04MB8198:EE_|AS8PR04MB7734:EE_ x-ms-office365-filtering-correlation-id: 4bf6a5ea-7eea-4ddf-5082-08da9c580d0a x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Hy+LCnTk4tkG0va1PzpcsuSDK34rQQNI04E7LuF20pkV2fJNFr9ser2jR1kG8Z4AhYrkqAEP1Uay/3MwfGl161Qb5d2IsxiWBDi+vJPdUs5CWos7FaY3CwhzdnkL8E0j3WxbUDIpFLSaHLS/at8kp0/bF6H6VVCT00CslIZJwQRO5ohpfgF6F1G6mI8r7B6IPIj9mM6Ph9/UwyAvdWXHPGFQ4Q6mkRLk85kadGCzXo2iZfvBtQzQtXPlEQ4uBkJlc6PQ9JPBBzQlIAWMJMgfdUYon6OUYHtaMUhgyBtwmOwzYsEWvfxd78qBgYP1LOe33Qw5rKfNTGyNPrmJSmnTiWw+nSGMb3PbbTJSOtA/xiiSuGE3wvKI2XdiIykBx47fiMtJHJ/6cypi1RPnb3YA0cG1YQuW2iCYA8yKmZCPbI/kyY7D2pmLIZTPq+7xRCQL42dMw/1q6Yq940YQYZfnoeL+G7YTr3vLVP4OxN1X1hbFGUHEMR/U1XCCo0keVSz57SynRyB7w+VzZk2vWakveGAGhwKihWKLmsPBNogA/wvBhB7x8Ta57YLO8O5NzagH1KwcPwuhozoSnitzebP6GCwSM4EHtF6d0V0yu8A2nHanbOCO7h0Nz3y4csNwMP6B1YznM5QZpHSrinHqQSK00t4XzOJDr8uvoFyhI/S06uyFacHVIUzqO/gUEol1C34rHN7xkkrXy0qihwR2qxeRkPIsgp7PvU2BPwdDjTpdrkAw00QhJVftC/wn958eK+2hgr3h+0Q7+ZAGAkOUKbulYw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR04MB8198.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(39860400002)(396003)(376002)(346002)(136003)(451199015)(71200400001)(66556008)(4326008)(478600001)(76116006)(66946007)(66476007)(66446008)(64756008)(52536014)(41300700001)(8936002)(316002)(54906003)(110136005)(33656002)(8676002)(38070700005)(122000001)(55016003)(38100700002)(86362001)(186003)(6506007)(7696005)(53546011)(9686003)(26005)(55236004)(83380400001)(30864003)(2906002)(5660300002)(579004); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?pjfak1Vk+Ppt7MEKNCPR2WbWVZff2eW2R1jnhqsFPwGucdZhLIl3yqVSsVyb?= =?us-ascii?Q?nFdZirdOeznjUIqiit+b+fnCYKjAR/hUPxkG5k4QSDY2glA1ugpISkiGdK/h?= =?us-ascii?Q?PyOc0s4WD+zjLQYxONxNtleD1js0jJ2yB3X5UcIjYeZVcj7nE/hhtbpp0dyW?= =?us-ascii?Q?uyZnGimrkKYKtje+CEdxc32q1nQWoMJ6++Kk+JbkApywxiMCOuZWZrN/durS?= =?us-ascii?Q?3KRjfDsoEslEMyjIHvjjm3QzDt5+PoqdAWJDAC6fgxay8Ur35uXsQkwHxnh8?= =?us-ascii?Q?xY2QfY2fvVOmlzK6tRc5ZOY33LFLRIy4qerNko6oGSK/a+3vE1JP5dq9JZZE?= =?us-ascii?Q?wizyNtqG+I9rMKiAeazfnW1BVsaJjykf5OBy8/SDPgP4jzzIcyfN3MD0zkt+?= =?us-ascii?Q?jS+OGmS34PVk+2hSzkFOtXJymYV9VAOM13/tCcSMgOrLKspb0ZUb9/j924yp?= =?us-ascii?Q?bSBIrVwe+cZD8wLs62HESBihBWCKnJxj2G1SiscgLpV0xeAp92qRklvVYV1N?= =?us-ascii?Q?gWWbsTnWM7KL1uxbEWSpXsDFOj0r8f9DJleO7/qLar0HWf2Q67I8YAVEpjuQ?= =?us-ascii?Q?cU7YcSkEDsHyaCgxPCwOqSVBAhnGu4igQbnfvchxksSG9QVbpMoqcoPm1YCd?= =?us-ascii?Q?GhCcjLf28Le29jP0lxLrjnahh4la49jrzteHp96UNE+AFlsRFEbDB1YLq5OP?= =?us-ascii?Q?1FDG0h2BJV22wT4deVAPnZS/S6helUIXpBcKvIlu37nfDs55mkcWMdkQYYzt?= =?us-ascii?Q?neuYZQbEr80eZsqyUy8w6wKhPdJUDWdSRrWqJiWx1vxFzmV3carLP0upVTJZ?= =?us-ascii?Q?graAYcck73DgFX9RCUu1OsM7Trmh3EBdnRW4o6/rmBYT+nAor5eXIkGBG1zb?= =?us-ascii?Q?DwAvIN+F9i4WqXZfRPKWui6rE7XtTOABg5345Kfa6vPr3YMVnKODUA1zGj6p?= =?us-ascii?Q?X+9CHZfQQA940mf+usId/CfIUeTTanWzD7kV/IiUda0jjACwQZMMykT0NAGx?= =?us-ascii?Q?Rz2BSN5LzeFrw5zfIuZvynLjVUAUG6UFto/OWdIfYd2TodoK+Ldzqgxe5wBj?= =?us-ascii?Q?wqemT9sdOMoxCoVx79/D0Tmb1fycMJQsCDl6/ksHKKUPb+sDYCttNOARDAhU?= =?us-ascii?Q?vroTqWNKGWJH/ynBArJfysQ0s4NDVYAH7zJ2CkHr32p0daPGDBK/ex7Dro+v?= =?us-ascii?Q?qPFjvk7lLLQE0xG6LmmPlwBreii8uz+F4e79oSwuN+825hN1Eyo9pHK5OCvC?= =?us-ascii?Q?twKM7RNEecnGhFzTqMTUOvaggQxtW/3uhUjxxkjeEzGFGyZGesgyerK1P7OQ?= =?us-ascii?Q?7cG7usNAfe69x+Jie1q1letNNHn0M/keM3s8SIXKPXWqmFyhqOcCtQWJwv35?= =?us-ascii?Q?zh7SW4n9YK+881qYxLJPiEC/Tifd/J4cG5r9JUJsdE8xyVeY4qJkX6VgELPu?= =?us-ascii?Q?S33P2Bs3ODKXCsz27qWm2tWYqRHu4TKqsaM2nSOItvu6FFfV/fIngVWUCFk3?= =?us-ascii?Q?5Vh3ZO8ItZUBrOwyuYFGUoSiRz8Rp6n5086To8Gs+EzlhKAtLlvwK9DLN3KD?= =?us-ascii?Q?7X7Fl6enh9NujUKfPdA=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB8198.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4bf6a5ea-7eea-4ddf-5082-08da9c580d0a X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2022 05:05:21.5556 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CM6aD2DZ+Npf6D+EjxsOOOg7y+yFBw0f/IEMEPla1bxBABh8JtO5tXxi7cUmaSjd X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB7734 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi Volodymyr, I found these patches do not support "RTE_EVENT_CRYPTO_ADAPTER_CAP_INTERNAL= _PORT_QP_EV_BIND" capability in ipsec-secgw application. Will you also plan= to add this support?=20 > -----Original Message----- > From: Volodymyr Fialko > Sent: Thursday, August 4, 2022 4:06 PM > To: dev@dpdk.org; Radu Nicolau ; Akhil Goyal > > Cc: jerinj@marvell.com; anoobj@marvell.com; Volodymyr Fialko > > Subject: [PATCH 3/6] examples/ipsec-secgw: add lookaside event mode >=20 > Add base support for lookaside event mode. Events that are coming from > ethdev will be enqueued to the event crypto adapter, processed and > enqueued back to ethdev for the transmission. >=20 > Signed-off-by: Volodymyr Fialko > --- > doc/guides/sample_app_ug/ipsec_secgw.rst | 4 +- > examples/ipsec-secgw/ipsec-secgw.c | 3 +- > examples/ipsec-secgw/ipsec.c | 35 +++- > examples/ipsec-secgw/ipsec.h | 8 +- > examples/ipsec-secgw/ipsec_worker.c | 224 +++++++++++++++++++++-- > examples/ipsec-secgw/sa.c | 23 ++- > 6 files changed, 262 insertions(+), 35 deletions(-) >=20 > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst > b/doc/guides/sample_app_ug/ipsec_secgw.rst > index 07686d2285..c7b87889f1 100644 > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -83,8 +83,8 @@ The application supports two modes of operation: poll > mode and event mode. > every type of event device without affecting existing paths/use cases.= The > worker > to be used will be determined by the operating conditions and the > underlying device > capabilities. **Currently the application provides non-burst, internal= port > worker > - threads and supports inline protocol only.** It also provides infrastr= ucture > for > - non-internal port however does not define any worker threads. > + threads.** It also provides infrastructure for non-internal port > + however does not define any worker threads. >=20 > Event mode also supports event vectorization. The event devices, ether= net > device > pairs which support the capability > ``RTE_EVENT_ETH_RX_ADAPTER_CAP_EVENT_VECTOR`` can diff --git > a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec- > secgw.c > index 4ca5936bdf..0bd1f15ae5 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -3121,7 +3121,8 @@ main(int32_t argc, char **argv) > if ((socket_ctx[socket_id].session_pool !=3D NULL) && > (socket_ctx[socket_id].sa_in =3D=3D NULL) && > (socket_ctx[socket_id].sa_out =3D=3D NULL)) { > - sa_init(&socket_ctx[socket_id], socket_id, > lcore_conf); > + sa_init(&socket_ctx[socket_id], socket_id, > lcore_conf, > + eh_conf->mode_params); > sp4_init(&socket_ctx[socket_id], socket_id); > sp6_init(&socket_ctx[socket_id], socket_id); > rt_init(&socket_ctx[socket_id], socket_id); diff --git > a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index > 7b7bfff696..030cfe7a82 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -6,6 +6,7 @@ > #include >=20 > #include > +#include > #include > #include > #include > @@ -56,14 +57,17 @@ set_ipsec_conf(struct ipsec_sa *sa, struct > rte_security_ipsec_xform *ipsec) >=20 > int > create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[], > - struct socket_ctx *skt_ctx, struct ipsec_sa *sa, > - struct rte_ipsec_session *ips) > + struct socket_ctx *skt_ctx, const struct eventmode_conf *em_conf, > + struct ipsec_sa *sa, struct rte_ipsec_session *ips) > { > uint16_t cdev_id =3D RTE_CRYPTO_MAX_DEVS; > + enum rte_crypto_op_sess_type sess_type; > struct rte_cryptodev_info cdev_info; > + enum rte_crypto_op_type op_type; > unsigned long cdev_id_qp =3D 0; > - struct cdev_key key =3D { 0 }; > struct ipsec_ctx *ipsec_ctx; > + struct cdev_key key =3D { 0 }; > + void *sess =3D NULL; > uint32_t lcore_id; > int32_t ret =3D 0; >=20 > @@ -159,6 +163,10 @@ create_lookaside_session(struct ipsec_ctx > *ipsec_ctx_lcore[], > return -1; > } > ips->security.ctx =3D ctx; > + > + sess =3D ips->security.ses; > + op_type =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC; > + sess_type =3D RTE_CRYPTO_OP_SECURITY_SESSION; > } else { > RTE_LOG(ERR, IPSEC, "Inline not supported\n"); > return -1; > @@ -183,6 +191,27 @@ create_lookaside_session(struct ipsec_ctx > *ipsec_ctx_lcore[], > rte_cryptodev_info_get(cdev_id, &cdev_info); > } >=20 > + /* Setup meta data required by event crypto adapter */ > + if (em_conf->enable_event_crypto_adapter && sess !=3D NULL) { > + union rte_event_crypto_metadata m_data =3D {0}; > + const struct eventdev_params *eventdev_conf; > + > + eventdev_conf =3D &(em_conf->eventdev_config[0]); > + > + /* Fill in response information */ > + m_data.response_info.sched_type =3D em_conf- > >ext_params.sched_type; > + m_data.response_info.op =3D RTE_EVENT_OP_NEW; > + m_data.response_info.queue_id =3D eventdev_conf- > >ev_cpt_queue_id; > + > + /* Fill in request information */ > + m_data.request_info.cdev_id =3D cdev_id; > + m_data.request_info.queue_pair_id =3D 0; > + > + /* Attach meta info to session */ > + rte_cryptodev_session_event_mdata_set(cdev_id, sess, > op_type, > + sess_type, &m_data, sizeof(m_data)); > + } > + > return 0; > } >=20 > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index 2005ae8fec..5ef63e8fc4 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -14,6 +14,7 @@ > #include > #include >=20 > +#include "event_helper.h" > #include "ipsec-secgw.h" >=20 > #define RTE_LOGTYPE_IPSEC_ESP RTE_LOGTYPE_USER2 > @@ -424,7 +425,8 @@ sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, > int inbound); >=20 > void > sa_init(struct socket_ctx *ctx, int32_t socket_id, > - struct lcore_conf *lcore_conf); > + struct lcore_conf *lcore_conf, > + const struct eventmode_conf *em_conf); >=20 > void > rt_init(struct socket_ctx *ctx, int32_t socket_id); @@ -441,8 +443,8 @@ > enqueue_cop_burst(struct cdev_qp *cqp); >=20 > int > create_lookaside_session(struct ipsec_ctx *ipsec_ctx[], > - struct socket_ctx *skt_ctx, struct ipsec_sa *sa, > - struct rte_ipsec_session *ips); > + struct socket_ctx *skt_ctx, const struct eventmode_conf *em_conf, > + struct ipsec_sa *sa, struct rte_ipsec_session *ips); >=20 > int > create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, d= iff -- > git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec- > secgw/ipsec_worker.c > index 803157d8ee..2661f0275f 100644 > --- a/examples/ipsec-secgw/ipsec_worker.c > +++ b/examples/ipsec-secgw/ipsec_worker.c > @@ -3,6 +3,7 @@ > * Copyright (C) 2020 Marvell International Ltd. > */ > #include > +#include > #include > #include > #include > @@ -11,6 +12,7 @@ > #include "ipsec.h" > #include "ipsec-secgw.h" > #include "ipsec_worker.h" > +#include "sad.h" >=20 > #if defined(__ARM_NEON) > #include "ipsec_lpm_neon.h" > @@ -228,6 +230,43 @@ check_sp_sa_bulk(struct sp_ctx *sp, struct sa_ctx > *sa_ctx, > ip->num =3D j; > } >=20 > +static inline void > +pkt_l3_len_set(struct rte_mbuf *pkt) > +{ > + struct rte_ipv4_hdr *ipv4; > + struct rte_ipv6_hdr *ipv6; > + size_t l3len, ext_len; > + uint32_t l3_type; > + int next_proto; > + uint8_t *p; > + > + l3_type =3D pkt->packet_type & RTE_PTYPE_L3_MASK; > + if (l3_type =3D=3D RTE_PTYPE_L3_IPV4) { > + ipv4 =3D rte_pktmbuf_mtod(pkt, struct rte_ipv4_hdr *); > + pkt->l3_len =3D ipv4->ihl * 4; > + } else if (l3_type & RTE_PTYPE_L3_IPV6) { > + ipv6 =3D rte_pktmbuf_mtod(pkt, struct rte_ipv6_hdr *); > + l3len =3D sizeof(struct rte_ipv6_hdr); > + if (l3_type =3D=3D RTE_PTYPE_L3_IPV6_EXT || > + l3_type =3D=3D RTE_PTYPE_L3_IPV6_EXT_UNKNOWN) { > + p =3D rte_pktmbuf_mtod(pkt, uint8_t *); > + next_proto =3D ipv6->proto; > + while (next_proto !=3D IPPROTO_ESP && > + l3len < pkt->data_len && > + (next_proto =3D rte_ipv6_get_next_ext(p + l3len, > + next_proto, &ext_len)) >=3D 0) > + l3len +=3D ext_len; > + > + /* Drop pkt when IPv6 header exceeds first seg size > */ > + if (unlikely(l3len > pkt->data_len)) { > + free_pkts(&pkt, 1); > + return; > + } > + } > + pkt->l3_len =3D l3len; > + } > +} > + > static inline uint16_t > route4_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx) { @@ -287,9 +32= 6,67 > @@ get_route(struct rte_mbuf *pkt, struct route_table *rt, enum pkt_type > type) > return RTE_MAX_ETHPORTS; > } >=20 > +static inline void > +crypto_op_reset(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[= ], > + struct rte_crypto_op *cop[], uint16_t num) { > + struct rte_crypto_sym_op *sop; > + uint32_t i; > + > + const struct rte_crypto_op unproc_cop =3D { > + .type =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC, > + .status =3D RTE_CRYPTO_OP_STATUS_NOT_PROCESSED, > + .sess_type =3D RTE_CRYPTO_OP_SECURITY_SESSION, > + }; > + > + for (i =3D 0; i !=3D num; i++) { > + cop[i]->raw =3D unproc_cop.raw; > + sop =3D cop[i]->sym; > + sop->m_src =3D mb[i]; > + sop->m_dst =3D NULL; > + __rte_security_attach_session(sop, ss->security.ses); > + } > +} > + > +static inline int > +event_crypto_enqueue(struct ipsec_ctx *ctx __rte_unused, struct rte_mbuf > *pkt, > + struct ipsec_sa *sa, const struct eh_event_link_info *ev_link) > { > + struct ipsec_mbuf_metadata *priv; > + struct rte_ipsec_session *sess; > + struct rte_crypto_op *cop; > + struct rte_event cev; > + int ret; > + > + /* Get IPsec session */ > + sess =3D ipsec_get_primary_session(sa); > + > + /* Get pkt private data */ > + priv =3D get_priv(pkt); > + cop =3D &priv->cop; > + > + /* Reset crypto operation data */ > + crypto_op_reset(sess, &pkt, &cop, 1); > + > + /* Update event_ptr with rte_crypto_op */ > + cev.event =3D 0; > + cev.event_ptr =3D cop; > + > + /* Enqueue event to crypto adapter */ > + ret =3D rte_event_crypto_adapter_enqueue(ev_link->eventdev_id, > + ev_link->event_port_id, &cev, 1); > + if (unlikely(ret <=3D 0)) { > + /* pkt will be freed by the caller */ > + RTE_LOG_DP(DEBUG, IPSEC, "Cannot enqueue event: %i > (errno: %i)\n", ret, rte_errno); > + return rte_errno; > + } > + > + return 0; > +} > + > static inline int > process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt, > - struct rte_event *ev) > + const struct eh_event_link_info *ev_link, struct rte_event *ev) > { > struct ipsec_sa *sa =3D NULL; > struct rte_mbuf *pkt; > @@ -340,7 +437,22 @@ process_ipsec_ev_inbound(struct ipsec_ctx *ctx, > struct route_table *rt, > goto drop_pkt_and_exit; > } > break; > + case PKT_TYPE_IPSEC_IPV4: > + case PKT_TYPE_IPSEC_IPV6: > + rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); > + pkt_l3_len_set(pkt); > + > + sad_lookup(&ctx->sa_ctx->sad, &pkt, (void **)&sa, 1); > + sa =3D ipsec_mask_saptr(sa); > + if (unlikely(sa =3D=3D NULL)) { > + RTE_LOG_DP(DEBUG, IPSEC, "Cannot find sa\n"); > + goto drop_pkt_and_exit; > + } >=20 > + if (unlikely(event_crypto_enqueue(ctx, pkt, sa, ev_link))) > + goto drop_pkt_and_exit; > + > + return PKT_POSTED; > default: > RTE_LOG_DP(DEBUG, IPSEC_ESP, "Unsupported packet type > =3D %d\n", > type); > @@ -389,7 +501,7 @@ process_ipsec_ev_inbound(struct ipsec_ctx *ctx, > struct route_table *rt, >=20 > static inline int > process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct route_table *rt, > - struct rte_event *ev) > + const struct eh_event_link_info *ev_link, struct rte_event > *ev) > { > struct rte_ipsec_session *sess; > struct sa_ctx *sa_ctx; > @@ -456,11 +568,9 @@ process_ipsec_ev_outbound(struct ipsec_ctx *ctx, > struct route_table *rt, > /* Get IPsec session */ > sess =3D ipsec_get_primary_session(sa); >=20 > - /* Allow only inline protocol for now */ > - if (unlikely(sess->type !=3D > RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)) { > - RTE_LOG(ERR, IPSEC, "SA type not supported\n"); > - goto drop_pkt_and_exit; > - } > + /* Determine protocol type */ > + if (sess->type =3D=3D > RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) > + goto lookaside; >=20 > rte_security_set_pkt_metadata(sess->security.ctx, > sess->security.ses, pkt, NULL); @@ - > 482,6 +592,13 @@ process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct > route_table *rt, > ipsec_event_pre_forward(pkt, port_id); > return PKT_FORWARDED; >=20 > +lookaside: > + /* prepare pkt - advance start to L3 */ > + rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); > + > + if (likely(event_crypto_enqueue(ctx, pkt, sa, ev_link) =3D=3D 0)) > + return PKT_POSTED; > + > drop_pkt_and_exit: > RTE_LOG(ERR, IPSEC, "Outbound packet dropped\n"); > rte_pktmbuf_free(pkt); > @@ -737,6 +854,67 @@ ipsec_ev_vector_drv_mode_process(struct > eh_event_link_info *links, > rte_mempool_put(rte_mempool_from_obj(vec), vec); } >=20 > +static inline int > +ipsec_ev_cryptodev_process(const struct lcore_conf_ev_tx_int_port_wrkr > *lconf, > + struct rte_event *ev) > +{ > + struct rte_ether_hdr *ethhdr; > + struct rte_crypto_op *cop; > + struct rte_mbuf *pkt; > + uint16_t port_id; > + struct ip *ip; > + > + /* Get pkt data */ > + cop =3D ev->event_ptr; > + pkt =3D cop->sym->m_src; > + > + /* If operation was not successful, drop the packet */ > + if (unlikely(cop->status !=3D RTE_CRYPTO_OP_STATUS_SUCCESS)) { > + RTE_LOG_DP(INFO, IPSEC, "Crypto operation failed\n"); > + free_pkts(&pkt, 1); > + return PKT_DROPPED; > + } > + > + ip =3D rte_pktmbuf_mtod(pkt, struct ip *); > + > + /* Prepend Ether layer */ > + ethhdr =3D (struct rte_ether_hdr *)rte_pktmbuf_prepend(pkt, > +RTE_ETHER_HDR_LEN); > + > + /* Route pkt and update required fields */ > + if (ip->ip_v =3D=3D IPVERSION) { > + pkt->ol_flags |=3D lconf->outbound.ipv4_offloads; > + pkt->l3_len =3D sizeof(struct ip); > + pkt->l2_len =3D RTE_ETHER_HDR_LEN; > + > + ethhdr->ether_type =3D > rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4); > + > + port_id =3D route4_pkt(pkt, lconf->rt.rt4_ctx); > + } else { > + pkt->ol_flags |=3D lconf->outbound.ipv6_offloads; > + pkt->l3_len =3D sizeof(struct ip6_hdr); > + pkt->l2_len =3D RTE_ETHER_HDR_LEN; > + > + ethhdr->ether_type =3D > rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6); > + > + port_id =3D route6_pkt(pkt, lconf->rt.rt6_ctx); > + } > + > + if (unlikely(port_id =3D=3D RTE_MAX_ETHPORTS)) { > + RTE_LOG_DP(DEBUG, IPSEC, "Cannot route processed > packet\n"); > + free_pkts(&pkt, 1); > + return PKT_DROPPED; > + } > + > + /* Update Ether with port's MAC addresses */ > + memcpy(ðhdr->src_addr, ðaddr_tbl[port_id].src, sizeof(struct > rte_ether_addr)); > + memcpy(ðhdr->dst_addr, ðaddr_tbl[port_id].dst, sizeof(struct > +rte_ether_addr)); > + > + /* Update event */ > + ev->mbuf =3D pkt; > + > + return PKT_FORWARDED; > +} > + > /* > * Event mode exposes various operating modes depending on the > * capabilities of the event device and the operating mode @@ -924,6 > +1102,14 @@ ipsec_wrkr_non_burst_int_port_app_mode(struct > eh_event_link_info *links, > "Launching event mode worker (non-burst - Tx internal port - > " > "app mode) on lcore %d\n", lcore_id); >=20 > + ret =3D ipsec_sad_lcore_cache_init(app_sa_prm.cache_sz); > + if (ret !=3D 0) { > + RTE_LOG(ERR, IPSEC, > + "SAD cache init on lcore %u, failed with code: %d\n", > + lcore_id, ret); > + return; > + } > + > /* Check if it's single link */ > if (nb_links !=3D 1) { > RTE_LOG(INFO, IPSEC, > @@ -950,6 +1136,20 @@ ipsec_wrkr_non_burst_int_port_app_mode(struct > eh_event_link_info *links, > ipsec_ev_vector_process(&lconf, links, &ev); > continue; > case RTE_EVENT_TYPE_ETHDEV: > + if (is_unprotected_port(ev.mbuf->port)) > + ret =3D > process_ipsec_ev_inbound(&lconf.inbound, > + &lconf.rt, > links, &ev); > + else > + ret =3D > process_ipsec_ev_outbound(&lconf.outbound, > + &lconf.rt, > links, &ev); > + if (ret !=3D 1) > + /* The pkt has been dropped or posted */ > + continue; > + break; > + case RTE_EVENT_TYPE_CRYPTODEV: > + ret =3D ipsec_ev_cryptodev_process(&lconf, &ev); > + if (unlikely(ret !=3D PKT_FORWARDED)) > + continue; > break; > default: > RTE_LOG(ERR, IPSEC, "Invalid event type %u", @@ - > 957,16 +1157,6 @@ ipsec_wrkr_non_burst_int_port_app_mode(struct > eh_event_link_info *links, > continue; > } >=20 > - if (is_unprotected_port(ev.mbuf->port)) > - ret =3D process_ipsec_ev_inbound(&lconf.inbound, > - &lconf.rt, &ev); > - else > - ret =3D process_ipsec_ev_outbound(&lconf.outbound, > - &lconf.rt, &ev); > - if (ret !=3D 1) > - /* The pkt has been dropped */ > - continue; > - > /* > * Since tx internal port is available, events can be > * directly enqueued to the adapter and it would be diff --git > a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index > 5dca578790..7a0c528f75 100644 > --- a/examples/ipsec-secgw/sa.c > +++ b/examples/ipsec-secgw/sa.c > @@ -1235,7 +1235,8 @@ static int > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], > uint32_t nb_entries, uint32_t inbound, > struct socket_ctx *skt_ctx, > - struct ipsec_ctx *ips_ctx[]) > + struct ipsec_ctx *ips_ctx[], > + const struct eventmode_conf *em_conf) > { > struct ipsec_sa *sa; > uint32_t i, idx; > @@ -1408,7 +1409,8 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct > ipsec_sa entries[], > return -EINVAL; > } > } else { > - rc =3D create_lookaside_session(ips_ctx, skt_ctx, sa, > ips); > + rc =3D create_lookaside_session(ips_ctx, skt_ctx, > + em_conf, sa, ips); > if (rc !=3D 0) { > RTE_LOG(ERR, IPSEC_ESP, > "create_lookaside_session() > failed\n"); @@ -1431,17 +1433,19 @@ sa_add_rules(struct sa_ctx *sa_ctx, > const struct ipsec_sa entries[], static inline int sa_out_add_rules(str= uct > sa_ctx *sa_ctx, const struct ipsec_sa entries[], > uint32_t nb_entries, struct socket_ctx *skt_ctx, > - struct ipsec_ctx *ips_ctx[]) > + struct ipsec_ctx *ips_ctx[], > + const struct eventmode_conf *em_conf) > { > - return sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx, ips_ctx); > + return sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx, ips_ctx, > +em_conf); > } >=20 > static inline int > sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], > uint32_t nb_entries, struct socket_ctx *skt_ctx, > - struct ipsec_ctx *ips_ctx[]) > + struct ipsec_ctx *ips_ctx[], > + const struct eventmode_conf *em_conf) > { > - return sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx, ips_ctx); > + return sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx, ips_ctx, > +em_conf); > } >=20 > /* > @@ -1673,7 +1677,8 @@ sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, > int inbound) >=20 > void > sa_init(struct socket_ctx *ctx, int32_t socket_id, > - struct lcore_conf *lcore_conf) > + struct lcore_conf *lcore_conf, > + const struct eventmode_conf *em_conf) > { > int32_t rc; > const char *name; > @@ -1705,7 +1710,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id, > rte_exit(EXIT_FAILURE, "failed to init SAD\n"); > RTE_LCORE_FOREACH(lcore_id) > ipsec_ctx[lcore_id] =3D &lcore_conf[lcore_id].inbound; > - sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx, ipsec_ctx); > + sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx, ipsec_ctx, > +em_conf); >=20 > if (app_sa_prm.enable !=3D 0) { > rc =3D ipsec_satbl_init(ctx->sa_in, nb_sa_in, @@ - > 1727,7 +1732,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id, >=20 > RTE_LCORE_FOREACH(lcore_id) > ipsec_ctx[lcore_id] =3D > &lcore_conf[lcore_id].outbound; > - sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx, > ipsec_ctx); > + sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx, > ipsec_ctx, > +em_conf); >=20 > if (app_sa_prm.enable !=3D 0) { > rc =3D ipsec_satbl_init(ctx->sa_out, nb_sa_out, > -- > 2.25.1