From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60072.outbound.protection.outlook.com [40.107.6.72]) by dpdk.org (Postfix) with ESMTP id 915AA1B41B; Tue, 23 Apr 2019 13:14:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qFAv2LTTz9Jk8cyG7rqGrvbfKPt1htCc/zFWYbZl2wA=; b=OdJZ78osHcHiqMSneqGtnvJTlvtruyPTps7X/GEvpKkeUcAj842ZciNrr6txg9rvGVsMQxXv39dakrjDEpsAp01F0Wdku5PwA/07OzvEyHuNLFItJLTG+AcA5xSBBh6nQlfSy+nwvIaeYmSWtcy95mF9DyaVlCMTvhRraNcOGKw= Received: from VI1PR04MB4893.eurprd04.prod.outlook.com (20.177.49.154) by VI1PR04MB6144.eurprd04.prod.outlook.com (20.179.27.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.12; Tue, 23 Apr 2019 11:14:54 +0000 Received: from VI1PR04MB4893.eurprd04.prod.outlook.com ([fe80::98b0:84a6:1c08:57c7]) by VI1PR04MB4893.eurprd04.prod.outlook.com ([fe80::98b0:84a6:1c08:57c7%3]) with mapi id 15.20.1813.017; Tue, 23 Apr 2019 11:14:54 +0000 From: Akhil Goyal To: Bernard Iremonger , "dev@dpdk.org" , "konstantin.ananyev@intel.com" CC: "stable@dpdk.org" Thread-Topic: [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto Thread-Index: AdT17cOXKHHL5EBLSxux3RG5b2/emQD1mybg Date: Tue, 23 Apr 2019 11:14:54 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.65] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4dec43ed-1775-43bd-1fe8-08d6c7dce9ae x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:VI1PR04MB6144; x-ms-traffictypediagnostic: VI1PR04MB6144: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-forefront-prvs: 0016DEFF96 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(396003)(366004)(376002)(39860400002)(13464003)(189003)(199004)(66066001)(966005)(186003)(53546011)(26005)(110136005)(73956011)(6506007)(66946007)(102836004)(14454004)(7696005)(478600001)(97736004)(76176011)(86362001)(256004)(14444005)(99286004)(316002)(2201001)(53936002)(6246003)(446003)(52536014)(4326008)(55016002)(6436002)(476003)(6306002)(8936002)(11346002)(229853002)(305945005)(486006)(74316002)(44832011)(5660300002)(9686003)(7736002)(81166006)(68736007)(66446008)(66556008)(71190400001)(6116002)(33656002)(66476007)(2906002)(2501003)(8676002)(3846002)(64756008)(71200400001)(76116006)(81156014)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR04MB6144; H:VI1PR04MB4893.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: DTKgMsDlMZYh/NIClKlNYst9JdJOYKzXAPNOkiRZFvf6bmxfwBd6Cggin5hDcbp6CsT1yuVy+iROrH28/nlNTDwvzi4faErAQfJnaUQJn64wEpp0dwOjIqK/qVHRow94Zb9lrcroxr3WH7a7v1EJ4X85w5AVdPLFuDQltRJcYIXvL/ZVK0e5/eo01JovZQ5HHdTC7uLDy7/WaEFfK2tYUsl+JtzpUrZ8QMBbjUbPJiVwULZ0s6E8xnNwRhE0liOvIOHQy9q8UqCJnhITUqRNOOrGXHD4JZr8RWjuxeDoy9ENM10LV2QZ8j6iXSVnNCiKBniStA0wZ2tKPpd2Dd3uhp3hYZA+4sHlsMxjdfkYrPHobobty3PQLplKGBy9XyJ9Lp+bp6FGz5caJv7Lw2JVta10MR26TEAgoXjNW+M7RCQ= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4dec43ed-1775-43bd-1fe8-08d6c7dce9ae X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2019 11:14:54.5688 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB6144 Subject: Re: [dpdk-dev] [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 11:14:56 -0000 Hi Bernard, > -----Original Message----- > From: Akhil Goyal > Sent: Thursday, April 18, 2019 7:21 PM > To: Bernard Iremonger ; dev@dpdk.org; > konstantin.ananyev@intel.com > Cc: stable@dpdk.org > Subject: RE: [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped = for > inline crypto >=20 > Hi Bernard, >=20 > > - RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on crypt= odev " > > - "%u qp %u\n", sa->spi, > > - ipsec_ctx->tbl[cdev_id_qp].id, > > - ipsec_ctx->tbl[cdev_id_qp].qp); > > + if ((sa =3D=3D NULL) || (pool =3D=3D NULL)) > > + return -EINVAL; > > > > - if (sa->type !=3D RTE_SECURITY_ACTION_TYPE_NONE) { > > - struct rte_security_session_conf sess_conf =3D { > > + struct rte_security_session_conf sess_conf =3D { > > .action_type =3D sa->type, > > .protocol =3D RTE_SECURITY_PROTOCOL_IPSEC, > > {.ipsec =3D { > > @@ -90,247 +65,340 @@ create_session(struct ipsec_ctx *ipsec_ctx, struc= t > > ipsec_sa *sa) > > } }, > > .crypto_xform =3D sa->xforms, > > .userdata =3D NULL, > > - > > }; > > > > - if (sa->type =3D=3D > RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) > > { > > - struct rte_security_ctx *ctx =3D (struct rte_se= curity_ctx *) > > - rte_cryptodev_g= et_sec_ctx( > > - ipsec_ctx->tbl[= cdev_id_qp].id); > > - > > - /* Set IPsec parameters in conf */ > > - set_ipsec_conf(sa, &(sess_conf.ipsec)); > > - > > - sa->sec_session =3D rte_security_session_create= (ctx, > > - &sess_conf, ipsec_ctx->session_= pool); > > - if (sa->sec_session =3D=3D NULL) { > > - RTE_LOG(ERR, IPSEC, > > - "SEC Session init failed: err: %d\n", r= et); > > - return -1; > > - } > > - } else if (sa->type =3D=3D RTE_SECURITY_ACTION_TYPE_INL= INE_CRYPTO) > { > > - struct rte_flow_error err; > > - struct rte_security_ctx *ctx =3D (struct rte_se= curity_ctx *) > > - rte_eth_dev_get= _sec_ctx( > > - sa->portid); > > - const struct rte_security_capability *sec_cap; > > - int ret =3D 0; > > - > > - sa->sec_session =3D rte_security_session_create= (ctx, > > - &sess_conf, ipsec_ctx->session_= pool); > > - if (sa->sec_session =3D=3D NULL) { > > - RTE_LOG(ERR, IPSEC, > > - "SEC Session init failed: err: %d\n", r= et); > > - return -1; > > - } > > + if (sa->type =3D=3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL= ) { > > + ctx =3D (struct rte_security_ctx *) > > + rte_eth_dev_get_sec_ctx(sa->portid); >=20 > This is breaking the lookaside mode. Ctx was retrieved using the ipsec_ct= x->tbl > struct rte_security_ctx *ctx =3D (struct rte_security_ctx *) > rte_cryptodev_get_sec_ctx( > ipsec_ctx->tbl[cdev_id_qp].id); >=20 > I am looking into it, but I don't have time left to get it integrated in = RC2. So this > has to be pushed to RC3 It looks like there are multiple issues in this patch wrt lookaside and non= e cases. Only the inline cases seem to be working. 1. the patch removes the cdev_mapping concept completely. Cdev_id_qp is not= getting used. The port_id cannot be used in case of crypto, the mapping of cdev/qp/co= re is done differently for inbound and outbound ports which is missed in th= is patch. 2. crypto sessions are created using the session mempool and the private da= ta is allocated using the session priv_mempool which is removed in this pat= ch. This will break cases where the priv data is more than the size of sess= _mp element size. Also the security sessions need to be allocated using the session_priv_= mp instead of the session_mp. Please check this one. http://patches.dpdk.org/patch/52981/ Ideally this issue should be resolved by adding another parameter in rte_se= curity_session_create which can take another mempool pointer for private da= ta allocation. But this cannot be done in this release as it would need a d= eprecation notice. With the above issues I don't see your patch going in 19.05 release cycle. Regards, Akhil >=20 >=20 >=20 > > > > - sec_cap =3D rte_security_capabilities_get(ctx); > > + /* Set IPsec parameters in conf */ > > + set_ipsec_conf(sa, &(sess_conf.ipsec)); > > > > - /* iterate until ESP tunnel*/ > > - while (sec_cap->action !=3D > > - RTE_SECURITY_ACTION_TYPE_NONE) = { > > + sa->sec_session =3D rte_security_session_create(ctx, > > + &sess_conf, pool); > > + if (sa->sec_session =3D=3D NULL) { > > + RTE_LOG(ERR, IPSEC, > > + "SEC Session init failed: err: %d\n", > > + ret); > > + return -1; > > + } From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 4DE04A05D3 for ; Tue, 23 Apr 2019 13:15:00 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D94C41B435; Tue, 23 Apr 2019 13:14:57 +0200 (CEST) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60072.outbound.protection.outlook.com [40.107.6.72]) by dpdk.org (Postfix) with ESMTP id 915AA1B41B; Tue, 23 Apr 2019 13:14:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qFAv2LTTz9Jk8cyG7rqGrvbfKPt1htCc/zFWYbZl2wA=; b=OdJZ78osHcHiqMSneqGtnvJTlvtruyPTps7X/GEvpKkeUcAj842ZciNrr6txg9rvGVsMQxXv39dakrjDEpsAp01F0Wdku5PwA/07OzvEyHuNLFItJLTG+AcA5xSBBh6nQlfSy+nwvIaeYmSWtcy95mF9DyaVlCMTvhRraNcOGKw= Received: from VI1PR04MB4893.eurprd04.prod.outlook.com (20.177.49.154) by VI1PR04MB6144.eurprd04.prod.outlook.com (20.179.27.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.12; Tue, 23 Apr 2019 11:14:54 +0000 Received: from VI1PR04MB4893.eurprd04.prod.outlook.com ([fe80::98b0:84a6:1c08:57c7]) by VI1PR04MB4893.eurprd04.prod.outlook.com ([fe80::98b0:84a6:1c08:57c7%3]) with mapi id 15.20.1813.017; Tue, 23 Apr 2019 11:14:54 +0000 From: Akhil Goyal To: Bernard Iremonger , "dev@dpdk.org" , "konstantin.ananyev@intel.com" CC: "stable@dpdk.org" Thread-Topic: [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto Thread-Index: AdT17cOXKHHL5EBLSxux3RG5b2/emQD1mybg Date: Tue, 23 Apr 2019 11:14:54 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.65] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4dec43ed-1775-43bd-1fe8-08d6c7dce9ae x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:VI1PR04MB6144; x-ms-traffictypediagnostic: VI1PR04MB6144: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-forefront-prvs: 0016DEFF96 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(396003)(366004)(376002)(39860400002)(13464003)(189003)(199004)(66066001)(966005)(186003)(53546011)(26005)(110136005)(73956011)(6506007)(66946007)(102836004)(14454004)(7696005)(478600001)(97736004)(76176011)(86362001)(256004)(14444005)(99286004)(316002)(2201001)(53936002)(6246003)(446003)(52536014)(4326008)(55016002)(6436002)(476003)(6306002)(8936002)(11346002)(229853002)(305945005)(486006)(74316002)(44832011)(5660300002)(9686003)(7736002)(81166006)(68736007)(66446008)(66556008)(71190400001)(6116002)(33656002)(66476007)(2906002)(2501003)(8676002)(3846002)(64756008)(71200400001)(76116006)(81156014)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR04MB6144; H:VI1PR04MB4893.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: DTKgMsDlMZYh/NIClKlNYst9JdJOYKzXAPNOkiRZFvf6bmxfwBd6Cggin5hDcbp6CsT1yuVy+iROrH28/nlNTDwvzi4faErAQfJnaUQJn64wEpp0dwOjIqK/qVHRow94Zb9lrcroxr3WH7a7v1EJ4X85w5AVdPLFuDQltRJcYIXvL/ZVK0e5/eo01JovZQ5HHdTC7uLDy7/WaEFfK2tYUsl+JtzpUrZ8QMBbjUbPJiVwULZ0s6E8xnNwRhE0liOvIOHQy9q8UqCJnhITUqRNOOrGXHD4JZr8RWjuxeDoy9ENM10LV2QZ8j6iXSVnNCiKBniStA0wZ2tKPpd2Dd3uhp3hYZA+4sHlsMxjdfkYrPHobobty3PQLplKGBy9XyJ9Lp+bp6FGz5caJv7Lw2JVta10MR26TEAgoXjNW+M7RCQ= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4dec43ed-1775-43bd-1fe8-08d6c7dce9ae X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2019 11:14:54.5688 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB6144 Subject: Re: [dpdk-dev] [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Message-ID: <20190423111454.nC4jfnPG9vs_XgvwYzV8LALIa4cnKV3kOJhaW1prx2w@z> Hi Bernard, > -----Original Message----- > From: Akhil Goyal > Sent: Thursday, April 18, 2019 7:21 PM > To: Bernard Iremonger ; dev@dpdk.org; > konstantin.ananyev@intel.com > Cc: stable@dpdk.org > Subject: RE: [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped = for > inline crypto >=20 > Hi Bernard, >=20 > > - RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on crypt= odev " > > - "%u qp %u\n", sa->spi, > > - ipsec_ctx->tbl[cdev_id_qp].id, > > - ipsec_ctx->tbl[cdev_id_qp].qp); > > + if ((sa =3D=3D NULL) || (pool =3D=3D NULL)) > > + return -EINVAL; > > > > - if (sa->type !=3D RTE_SECURITY_ACTION_TYPE_NONE) { > > - struct rte_security_session_conf sess_conf =3D { > > + struct rte_security_session_conf sess_conf =3D { > > .action_type =3D sa->type, > > .protocol =3D RTE_SECURITY_PROTOCOL_IPSEC, > > {.ipsec =3D { > > @@ -90,247 +65,340 @@ create_session(struct ipsec_ctx *ipsec_ctx, struc= t > > ipsec_sa *sa) > > } }, > > .crypto_xform =3D sa->xforms, > > .userdata =3D NULL, > > - > > }; > > > > - if (sa->type =3D=3D > RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) > > { > > - struct rte_security_ctx *ctx =3D (struct rte_se= curity_ctx *) > > - rte_cryptodev_g= et_sec_ctx( > > - ipsec_ctx->tbl[= cdev_id_qp].id); > > - > > - /* Set IPsec parameters in conf */ > > - set_ipsec_conf(sa, &(sess_conf.ipsec)); > > - > > - sa->sec_session =3D rte_security_session_create= (ctx, > > - &sess_conf, ipsec_ctx->session_= pool); > > - if (sa->sec_session =3D=3D NULL) { > > - RTE_LOG(ERR, IPSEC, > > - "SEC Session init failed: err: %d\n", r= et); > > - return -1; > > - } > > - } else if (sa->type =3D=3D RTE_SECURITY_ACTION_TYPE_INL= INE_CRYPTO) > { > > - struct rte_flow_error err; > > - struct rte_security_ctx *ctx =3D (struct rte_se= curity_ctx *) > > - rte_eth_dev_get= _sec_ctx( > > - sa->portid); > > - const struct rte_security_capability *sec_cap; > > - int ret =3D 0; > > - > > - sa->sec_session =3D rte_security_session_create= (ctx, > > - &sess_conf, ipsec_ctx->session_= pool); > > - if (sa->sec_session =3D=3D NULL) { > > - RTE_LOG(ERR, IPSEC, > > - "SEC Session init failed: err: %d\n", r= et); > > - return -1; > > - } > > + if (sa->type =3D=3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL= ) { > > + ctx =3D (struct rte_security_ctx *) > > + rte_eth_dev_get_sec_ctx(sa->portid); >=20 > This is breaking the lookaside mode. Ctx was retrieved using the ipsec_ct= x->tbl > struct rte_security_ctx *ctx =3D (struct rte_security_ctx *) > rte_cryptodev_get_sec_ctx( > ipsec_ctx->tbl[cdev_id_qp].id); >=20 > I am looking into it, but I don't have time left to get it integrated in = RC2. So this > has to be pushed to RC3 It looks like there are multiple issues in this patch wrt lookaside and non= e cases. Only the inline cases seem to be working. 1. the patch removes the cdev_mapping concept completely. Cdev_id_qp is not= getting used. The port_id cannot be used in case of crypto, the mapping of cdev/qp/co= re is done differently for inbound and outbound ports which is missed in th= is patch. 2. crypto sessions are created using the session mempool and the private da= ta is allocated using the session priv_mempool which is removed in this pat= ch. This will break cases where the priv data is more than the size of sess= _mp element size. Also the security sessions need to be allocated using the session_priv_= mp instead of the session_mp. Please check this one. http://patches.dpdk.org/patch/52981/ Ideally this issue should be resolved by adding another parameter in rte_se= curity_session_create which can take another mempool pointer for private da= ta allocation. But this cannot be done in this release as it would need a d= eprecation notice. With the above issues I don't see your patch going in 19.05 release cycle. Regards, Akhil >=20 >=20 >=20 > > > > - sec_cap =3D rte_security_capabilities_get(ctx); > > + /* Set IPsec parameters in conf */ > > + set_ipsec_conf(sa, &(sess_conf.ipsec)); > > > > - /* iterate until ESP tunnel*/ > > - while (sec_cap->action !=3D > > - RTE_SECURITY_ACTION_TYPE_NONE) = { > > + sa->sec_session =3D rte_security_session_create(ctx, > > + &sess_conf, pool); > > + if (sa->sec_session =3D=3D NULL) { > > + RTE_LOG(ERR, IPSEC, > > + "SEC Session init failed: err: %d\n", > > + ret); > > + return -1; > > + }