From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 13841A04F0; Mon, 16 Dec 2019 16:58:33 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D9D26330; Mon, 16 Dec 2019 16:58:32 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id C09A41F5 for ; Mon, 16 Dec 2019 16:58:31 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBGFot3N014624; Mon, 16 Dec 2019 07:58:31 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0818; bh=2ondddO5il6B1lJjbGPlWPqcDS+u6LMqB7SAhPQ2ShE=; b=KZH+CMekgLtzdPriYtD6SPBYq4+dFuJojRu7bJRicL2/yorWY/BFA/BSrGmKkfCGNlTN 5UAJ0XVATMN81dXkACHHHaoYA48bJyk08tqyTuosehanRcvVm2pP3ll6wvouZwmtSEzU eUS5F6SWhc3IZwg52aBL0+LXNvgebf8mAlPUrzB8JCbWsJawANgeum/LkV+cYHwMjbYY 53CesDihUOeN57Js711Zs6Mca+xcujlw+8fy9DYk63tVKpCcWQstMSall3G3rILPBmt6 4Q8YqZKpdWu5YWnXEbZFVeBLTRXg2tv9okUGNXaSDZ3Yt08BRVH0bf/qjA8ipMmfkoPs hw== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0b-0016f401.pphosted.com with ESMTP id 2ww04tpjm4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 16 Dec 2019 07:58:30 -0800 Received: from SC-EXCH04.marvell.com (10.93.176.84) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 16 Dec 2019 07:58:29 -0800 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.103) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 16 Dec 2019 07:58:29 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GG/8TF2a+U/6ID1Ex9kA/PaSutyhpWeeiE0GfMx2Z+nNkM19LGoXaUl7xKWyawjNP0CkCzl7REi1yW7ANVZw0c2VT13k9Evr9drrGZC/kpLO8gPLJGJnHJ8C3Jije6QwbOWlDpgWldQEwc+p8aygt0BvlKV0uFa+HBG0JHltqRpAnE0jyFVNAHfoGJGCx4gRciR9h0UvNfHwYV5xpiQL9iJWoAOgwYimk9JflIrLVCm/WEhkfKyAjbpRychihWCZqaIowqjoF50k7TV53YsrDu+6WqVQtraugsyb2jrR314LxXOWRPuSUWQ+HexcCcPpZYpukFRH6AVZwCSBAzvWMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2ondddO5il6B1lJjbGPlWPqcDS+u6LMqB7SAhPQ2ShE=; b=jNpA9gNbbZdly64lW+b9myI4SycTlt/ItuuO+MavM2ylpb7r/D4eH1s3jeyriIFwcnrZVU5f4rbTFE50gr97i6vxH/QygCro3bbn+sGauXOmQ2fH+Dc1b90tGeToJlE5UVjJqdhbLtqM+dn9aJSpp5yC10+ySgaj3nCuqOmEtLYBe8zdkssLP9MXhsOUC2/L9KHQ/xbk7IzW+ZkhTv1Xh8H2fb0hSXfa1OEj+tAVCrb3QnxLDOjBY5YqJMhYBZZWaXRvTrzu1wUOTZXLWd8t71GILMXMELTpivEVSo5jTr8bW/LOlejBHtnIjoVs/ELNuHz8fe6VDuPAOqGbShaODA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2ondddO5il6B1lJjbGPlWPqcDS+u6LMqB7SAhPQ2ShE=; b=X6Bjd3J7yqaH1cJyVuEHDlPkdDtqvV7ZAUWdKFzwbAWi3qeh5vDdS73n+NdbZBd90NJbpv7uMN3uQSKQCIc8hzoxgyTGfMmiAFjTGDIZYRfW6hoaisWKm9bWlKVtqGMF+T3xMpzUeEzfwvB/Jyo4ZdCIIC4AZwmkuxG0ApPvOhc= Received: from MN2PR18MB2877.namprd18.prod.outlook.com (20.179.20.218) by MN2PR18MB2430.namprd18.prod.outlook.com (20.179.84.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.14; Mon, 16 Dec 2019 15:58:25 +0000 Received: from MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::358a:10f1:5e8e:f6f]) by MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::358a:10f1:5e8e:f6f%7]) with mapi id 15.20.2538.019; Mon, 16 Dec 2019 15:58:25 +0000 From: Anoob Joseph To: "Ananyev, Konstantin" , Akhil Goyal , "Nicolau, Radu" , "Thomas Monjalon" CC: Ankur Dwivedi , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Archana Muniganti , Tejasree Kondoj , Vamsi Krishna Attunuru , Lukas Bartosik , "dev@dpdk.org" Thread-Topic: [PATCH 01/14] examples/ipsec-secgw: add default rte_flow for inline Rx Thread-Index: AQHVrcNklLYn7ofZGkSTd6yGeBjHTae83G4AgAAPlHA= Date: Mon, 16 Dec 2019 15:58:24 +0000 Message-ID: References: <1575808249-31135-1-git-send-email-anoobj@marvell.com> <1575808249-31135-2-git-send-email-anoobj@marvell.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [111.125.206.217] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c75ba117-2d4a-44d9-0cbe-08d78240c892 x-ms-traffictypediagnostic: MN2PR18MB2430: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 02530BD3AA x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(39860400002)(366004)(396003)(346002)(136003)(189003)(199004)(13464003)(51914003)(478600001)(81156014)(81166006)(86362001)(316002)(8676002)(966005)(55236004)(33656002)(54906003)(64756008)(66446008)(66946007)(110136005)(9686003)(66556008)(2906002)(66476007)(53546011)(6506007)(76116006)(8936002)(26005)(7696005)(5660300002)(186003)(4326008)(71200400001)(52536014)(55016002)(83323001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR18MB2430; H:MN2PR18MB2877.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:3; A:1; received-spf: None (protection.outlook.com: marvell.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 7klnu0nhoCqy4/Sq+GpN5im0ON6hgzxPSZ95nCiCkX3YobSyW0W0s1Hxyo79Lo4CkzwsvSKith49SEDmKJvJ+rmS7QVoYP8cRfRZYb1u/yfQFK5kDnPuW7P4PfhhPOpFMusD1FBEH6Pa/mmMAu5ifANzagQICqr5I42wdyRfhwuQb2PnTzbtAmwDNxdeMkb8jnovSE2I0C1/PKizvsbOhbDYB1GHRrekl51JBTnXWb8watVjQWOHfsblbH8+QCvIRoLgH2Jvx6bQLQGQ8cKO6TD3wsc7ctg035pgpsPY0d+mklZ8x+Mmjcg46SD28ufad04LgsWtviN7rxBKsgn7acD1khKRLj78lqLRUgCteRETflUWc0hXyvVDhbFunEbPIcJJYbd+q4ZHt6Lm3SfbdQyJlI1ouddSgN5vZsDPBWRFsWORZqeDeWpBAOZRd6UBXjb5MN6jtkCQ7AHSe/T1R6gM36DaB8ppY/Lv0GqHk+37++CIxy/7K3nwRGvvK1bLsKlZRy3RWWr097Nij3vdYY5Pt5hB8scmP5dv03K2vrX3lN5F/hsznlvMJzjFR2ePirlqSZH81YvcirunxomDfA== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: c75ba117-2d4a-44d9-0cbe-08d78240c892 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2019 15:58:24.9078 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: AYNR9/rM2W+dlI9MnFBDRRhF6u5N220wKglW4PLL8VIJsQ84L6QCTjwbMfQu60HVP/Y9W9A11Tfe0WKIgUR9hg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB2430 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-16_05:2019-12-16,2019-12-16 signatures=0 Subject: Re: [dpdk-dev] [PATCH 01/14] examples/ipsec-secgw: add default rte_flow for inline Rx X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Konstantin, Thanks for the review. Please see inline. Thanks, Anoob > -----Original Message----- > From: Ananyev, Konstantin > Sent: Monday, December 16, 2019 7:51 PM > To: Anoob Joseph ; Akhil Goyal ; > Nicolau, Radu ; Thomas Monjalon > > Cc: Ankur Dwivedi ; Jerin Jacob Kollanukkaran > ; Narayana Prasad Raju Athreya > ; Archana Muniganti ; > Tejasree Kondoj ; Vamsi Krishna Attunuru > ; Lukas Bartosik ; > dev@dpdk.org > Subject: [EXT] RE: [PATCH 01/14] examples/ipsec-secgw: add default rte_fl= ow > for inline Rx >=20 > External Email >=20 > ---------------------------------------------------------------------- >=20 > > From: Ankur Dwivedi > > > > The default flow created would enable security processing on all ESP > > packets. If the default flow is created, SA based rte_flow creation > > would be skipped. >=20 > I suppose that one depends on: > http://patches.dpdk.org/patch/63621/ > http://patches.dpdk.org/cover/63625/ > to work as expected? > If so probably worth to mention in that header or in cover letter (or bot= h). [Anoob] Yes. Usually the dependency is not added in the commit header. I'll= update the v2 cover letter with such details. =20 >=20 > > > > Signed-off-by: Ankur Dwivedi > > Signed-off-by: Anoob Joseph > > --- > > examples/ipsec-secgw/ipsec-secgw.c | 56 > ++++++++++++++++++++++++++++++++++++++ > > examples/ipsec-secgw/ipsec.c | 8 ++++++ > > examples/ipsec-secgw/ipsec.h | 6 ++++ > > 3 files changed, 70 insertions(+) > > > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c > > b/examples/ipsec-secgw/ipsec-secgw.c > > index 3b5aaf6..7506922 100644 > > --- a/examples/ipsec-secgw/ipsec-secgw.c > > +++ b/examples/ipsec-secgw/ipsec-secgw.c > > @@ -128,6 +128,8 @@ struct ethaddr_info > ethaddr_tbl[RTE_MAX_ETHPORTS] =3D { > > { 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) } }; > > > > +struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS]; >=20 > Need to be initialized with zeroes somewhere. [Anoob] Will add it in v2. =20 >=20 > > + > > #define CMD_LINE_OPT_CONFIG "config" > > #define CMD_LINE_OPT_SINGLE_SA "single-sa" > > #define CMD_LINE_OPT_CRYPTODEV_MASK "cryptodev_mask" > > @@ -2406,6 +2408,55 @@ reassemble_init(void) > > return rc; > > } > > > > +static int > > +create_default_ipsec_flow(uint16_t port_id, uint64_t rx_offloads) { > > + int ret =3D 0; > > + > > + /* Add the default ipsec flow to detect all ESP packets for rx */ > > + if (rx_offloads & DEV_RX_OFFLOAD_SECURITY) { > > + struct rte_flow_action action[2]; > > + struct rte_flow_item pattern[2]; > > + struct rte_flow_attr attr =3D {0}; > > + struct rte_flow_error err; > > + struct rte_flow *flow; > > + > > + pattern[0].type =3D RTE_FLOW_ITEM_TYPE_ESP; > > + pattern[0].spec =3D NULL; > > + pattern[0].mask =3D NULL; > > + pattern[0].last =3D NULL; > > + pattern[1].type =3D RTE_FLOW_ITEM_TYPE_END; > > + > > + action[0].type =3D RTE_FLOW_ACTION_TYPE_SECURITY; > > + action[0].conf =3D NULL; > > + action[1].type =3D RTE_FLOW_ACTION_TYPE_END; > > + action[1].conf =3D NULL; > > + > > + attr.egress =3D 0; > > + attr.ingress =3D 1; > > + > > + ret =3D rte_flow_validate(port_id, &attr, pattern, action, &err); > > + if (ret) { >=20 > As I understand, flow_validate() is used here to query does this capabili= ty > (multiple security sessions for same flow) is supported by PMD/HW? > If so, then probably no need for error message if it doesn't. [Anoob] Yes. Will remove the error log. =20 >=20 > > + RTE_LOG(ERR, IPSEC, > > + "Failed to validate ipsec flow %s\n", > > + err.message); > > + goto exit; > > + } > > + > > + flow =3D rte_flow_create(port_id, &attr, pattern, action, &err); >=20 > Same question as for http://patches.dpdk.org/patch/63621/ , why do you ne= ed it at all? > What it will enable/disable? [Anoob] Your followup question there accurately describes the usage. If the= application wants to enable H/w IPsec processing only on a specific SPI ra= nge, it will be allowed so with this kind of flow. Let's say, application wants to allow H/w processing only for SPI 1-8192. I= n that case, either 8192 rte_flows need to be created, or one rte_flow rule= with SPI 1-8192 range can be created. Any SPI outside the range won't matc= h the rule and rte_flow could have further rules to act on such packets. >=20 > > + if (flow =3D=3D NULL) { > > + RTE_LOG(ERR, IPSEC, > > + "Failed to create ipsec flow %s\n", > > + err.message); > > + ret =3D -rte_errno; > > + goto exit; >=20 > Why not just 'return ret;' here? [Anoob] Will fix in v2. =20 >=20 > > + } > > + flow_info_tbl[port_id].rx_def_flow =3D flow; > > + } > > +exit: > > + return ret; > > +} > > + > > int32_t > > main(int32_t argc, char **argv) > > { > > @@ -2478,6 +2529,11 @@ main(int32_t argc, char **argv) > > > > sa_check_offloads(portid, &req_rx_offloads, > &req_tx_offloads); > > port_init(portid, req_rx_offloads, req_tx_offloads); > > + /* Create default ipsec flow for the ethernet device */ > > + ret =3D create_default_ipsec_flow(portid, req_rx_offloads); > > + if (ret) > > + printf("Cannot create default flow, err=3D%d, > port=3D%d\n", > > + ret, portid); >=20 > Again it is an optional feature, so not sure if we need to report it for = every port. > Might be better to do visa-versa: LOG(INFO, ...) when create_default() w= as > successfull. [Anoob] Will update in v2. =20 >=20 > > } > > > > cryptodevs_init(); > > diff --git a/examples/ipsec-secgw/ipsec.c > > b/examples/ipsec-secgw/ipsec.c index d4b5712..e529f68 100644 > > --- a/examples/ipsec-secgw/ipsec.c > > +++ b/examples/ipsec-secgw/ipsec.c > > @@ -261,6 +261,12 @@ create_inline_session(struct socket_ctx *skt_ctx, > struct ipsec_sa *sa, > > unsigned int i; > > unsigned int j; > > > > + /* > > + * Don't create flow if default flow is already created > > + */ > > + if (flow_info_tbl[sa->portid].rx_def_flow) > > + goto set_cdev_id; >=20 > As a nit: would be great to avoid introducing extra gotos. [Anoob] So, set the cdev_id and return here itself? Will make that change in v2. =20 >=20 > > + >=20 > As I can see, that block of code is for > RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO only. > Is that what intended?=20 [Anoob] Yes > BTW, for RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, it seems rte_flow > is never created anyway inside that function. [Anoob] Yes. Current ipsec-secgw doesn't have rte_flow creation for inline = protocol. It is done only for inline crypto. The default flow that we are a= dding is applicable for both inline crypto & inline protocol. Hence adding = the extra check in inline crypto path to avoid creating duplicate rte_flows= .=20 =20 >=20 > > ret =3D rte_eth_dev_info_get(sa->portid, &dev_info); > > if (ret !=3D 0) { > > RTE_LOG(ERR, IPSEC, > > @@ -396,6 +402,8 @@ create_inline_session(struct socket_ctx *skt_ctx, > struct ipsec_sa *sa, > > ips->security.ol_flags =3D sec_cap->ol_flags; > > ips->security.ctx =3D sec_ctx; > > } > > + > > +set_cdev_id: > > sa->cdev_id_qp =3D 0; > > > > return 0; > > diff --git a/examples/ipsec-secgw/ipsec.h > > b/examples/ipsec-secgw/ipsec.h index 8e07521..28ff07d 100644 > > --- a/examples/ipsec-secgw/ipsec.h > > +++ b/examples/ipsec-secgw/ipsec.h > > @@ -81,6 +81,12 @@ struct app_sa_prm { > > > > extern struct app_sa_prm app_sa_prm; > > > > +struct flow_info { > > + struct rte_flow *rx_def_flow; > > +}; > > + > > +extern struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS]; > > + > > enum { > > IPSEC_SESSION_PRIMARY =3D 0, > > IPSEC_SESSION_FALLBACK =3D 1, > > -- > > 2.7.4