From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nelio.laranjeiro@6wind.com>
Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65])
 by dpdk.org (Postfix) with ESMTP id E559F7CE2
 for <dev@dpdk.org>; Mon,  4 Dec 2017 15:11:25 +0100 (CET)
Received: by mail-wm0-f65.google.com with SMTP id n138so6049614wmg.2
 for <dev@dpdk.org>; Mon, 04 Dec 2017 06:11:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=6wind-com.20150623.gappssmtp.com; s=20150623;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :in-reply-to:references;
 bh=GBmzyp+H4LUKZrS3YTx6njJkc7Y+JyFz8Sjub73wBSM=;
 b=Tc3k94jyatuiddsLdyXNi2EjIfim2IpLEEJ09zpcZLWD4cyEqN/Uuzl4qmaYuDv7WJ
 sinPm/Ft1AxId3hGr8xmWqogue4FRf05HaOF3c6jRY094lAHPcdw2FddjM6EsfChfahz
 78k2Uywjrpr1S+Vo45qSiszwQqvHzGJhdgPcsb4QOHZAPiQjeLIiOFvKt857X+jyoqNR
 2OLiqflPFsoFKGclLdwFNm5X+d6yTUTg+ECABsZRcjNDjSiv7hzfEwOemyXa1MNsaDD/
 cYlDuPR7E31YF+4TCZD6TrKdDOTv8g5ZOZYdXYWhdA4QxNqOld8H3XzMpo3tUPWBZ158
 /ibg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:in-reply-to:references;
 bh=GBmzyp+H4LUKZrS3YTx6njJkc7Y+JyFz8Sjub73wBSM=;
 b=XVYDhHoSqhLG6ZtvSoYNUQM3oHVYXgDYRzwCr4z9E2+gc7K78wOvBs6fRK7yfT8Q97
 WRzMho/jkdCZ/F628gMeoarzX8Ytl18Gdqs+eBS+MkKQFYziRHVK8PEfSsEDVZOG7xyM
 bGuf4G0CEguj2ElDKH/gdBOXwgaKWNvw6NiGo6X0Xk9sDVzB+hbY6ufWL0aU1WM0ZF6m
 aMSfx8ksd5t/UFS+sMkBwILTlhYsNniTsW/4rf8dveRJn9fvaf/jKzNmTFxBF/9G32LM
 w7s41Wcz2yUpriJID/kuJx7OWzNF7oeWbi40OPmw7Yc96YmxV/IhKkAhzklY1i0cJpN7
 nuhQ==
X-Gm-Message-State: AKGB3mJL4VmbjBEjXmTvgoHPIi3Kl6h/9/mku2SkVRc2ppRzdE+uOApD
 5hkU6DNmXA/xlFr0zw93mOre
X-Google-Smtp-Source: AGs4zMamHEPTKSbgAqG5n9ihL3GdrPtStj+nfc4ZTJMmXOZoRpaWSLgMT04XPFsMHSHfi/ymjv1grA==
X-Received: by 10.28.143.12 with SMTP id r12mr3146198wmd.44.1512396685555;
 Mon, 04 Dec 2017 06:11:25 -0800 (PST)
Received: from laranjeiro-vm.dev.6wind.com.
 (host.78.145.23.62.rev.coltfrance.com. [62.23.145.78])
 by smtp.gmail.com with ESMTPSA id h7sm14135528wrb.35.2017.12.04.06.11.24
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 04 Dec 2017 06:11:24 -0800 (PST)
From: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
To: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>,
 Radu Nicolau <radu.nicolau@intel.com>,
 Anoob Joseph <anoob.joseph@caviumnetworks.com>
Cc: dev@dpdk.org
Date: Mon,  4 Dec 2017 15:11:28 +0100
Message-Id: <cd13bbdab7f86507e1928805a93c4e5c4491aa6d.1512396570.git.nelio.laranjeiro@6wind.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <8fd6c8881517f9d6bd5dfbef9cfb2071891c0cb1.1512396570.git.nelio.laranjeiro@6wind.com>
References: <8fd6c8881517f9d6bd5dfbef9cfb2071891c0cb1.1512396570.git.nelio.laranjeiro@6wind.com>
In-Reply-To: <6ac80a2be156911ee35c894924a02f04c43f49fc.1511449894.git.nelio.laranjeiro@6wind.com>
References: <6ac80a2be156911ee35c894924a02f04c43f49fc.1511449894.git.nelio.laranjeiro@6wind.com>
Subject: [dpdk-dev] [PATCH v2 2/2] examples/ipsec-secgw: add target queues
	in flow actions
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2017 14:11:26 -0000

Mellanox INNOVA NIC needs to have final target queue actions to perform
inline crypto.

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>

---

Changes in v2:

 * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated.
---
 examples/ipsec-secgw/ipsec.c | 81 ++++++++++++++++++++++++++++++++++++++++----
 examples/ipsec-secgw/ipsec.h |  2 +-
 2 files changed, 76 insertions(+), 7 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 17bd7620d..f8823fb94 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
 							rte_eth_dev_get_sec_ctx(
 							sa->portid);
 			const struct rte_security_capability *sec_cap;
+			int ret = 0;
 
 			sa->sec_session = rte_security_session_create(ctx,
 					&sess_conf, ipsec_ctx->session_pool);
@@ -173,6 +174,10 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
 				return -1;
 			}
 
+			sa->attr.egress = (sa->direction ==
+					RTE_SECURITY_IPSEC_SA_DIR_EGRESS);
+			sa->attr.ingress = (sa->direction ==
+					RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
 			sa->ol_flags = sec_cap->ol_flags;
 			sa->security_ctx = ctx;
 			sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;
@@ -201,15 +206,79 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
 			sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
 			sa->action[0].conf = sa->sec_session;
 
-			sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
-
-			sa->attr.egress = (sa->direction ==
-					RTE_SECURITY_IPSEC_SA_DIR_EGRESS);
-			sa->attr.ingress = (sa->direction ==
-					RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
+			if (sa->attr.ingress) {
+				uint8_t rss_key[40];
+				struct rte_eth_rss_conf rss_conf = {
+					.rss_key = rss_key,
+					.rss_key_len = 40,
+				};
+				struct rte_eth_dev *eth_dev;
+				union {
+					struct rte_flow_action_rss rss;
+					struct {
+					const struct rte_eth_rss_conf *rss_conf;
+					uint16_t num;
+					uint16_t queue[RTE_MAX_QUEUES_PER_PORT];
+					} local;
+				} action_rss;
+				unsigned int i;
+				unsigned int j;
+
+				sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
+				/*
+				 * Try implicitly PASSTHRU, it can also be
+				 * explicit.
+				 */
+				sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
+				ret = rte_flow_validate(sa->portid, &sa->attr,
+							sa->pattern, sa->action,
+							&err);
+				if (!ret)
+					goto flow_create;
+				/* Try RSS. */
+				sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
+				sa->action[1].conf = &action_rss;
+				eth_dev = ctx->device;
+				rte_eth_dev_rss_hash_conf_get(sa->portid,
+							      &rss_conf);
+				for (i = 0, j = 0;
+				     i < eth_dev->data->nb_rx_queues; ++i)
+					if (eth_dev->data->rx_queues[i])
+						action_rss.local.queue[j++] = i;
+				action_rss.local.num = j;
+				action_rss.local.rss_conf = &rss_conf;
+				ret = rte_flow_validate(sa->portid, &sa->attr,
+							sa->pattern, sa->action,
+							&err);
+				if (!ret)
+					goto flow_create;
+				/* Try Queue. */
+				for (i = 0;
+				     i < eth_dev->data->nb_rx_queues; ++i)
+					if (eth_dev->data->rx_queues[i])
+						break;
+				if (i != eth_dev->data->nb_rx_queues)
+					return -1;
+				sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;
+				sa->action[1].conf =
+					&(struct rte_flow_action_queue){
+					.index = i,
+				};
+				ret = rte_flow_validate(sa->portid, &sa->attr,
+							sa->pattern, sa->action,
+							&err);
+				if (ret)
+					goto flow_create_failure;
+			} else {
+				sa->action[1].type =
+					RTE_FLOW_ACTION_TYPE_PASSTHRU;
+				sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
+			}
+flow_create:
 			sa->flow = rte_flow_create(sa->portid,
 				&sa->attr, sa->pattern, sa->action, &err);
 			if (sa->flow == NULL) {
+flow_create_failure:
 				RTE_LOG(ERR, IPSEC,
 					"Failed to create ipsec flow msg: %s\n",
 					err.message);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 775b316ff..82ffc1c6d 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -133,7 +133,7 @@ struct ipsec_sa {
 	uint32_t ol_flags;
 
 #define MAX_RTE_FLOW_PATTERN (4)
-#define MAX_RTE_FLOW_ACTIONS (2)
+#define MAX_RTE_FLOW_ACTIONS (4)
 	struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN];
 	struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS];
 	struct rte_flow_attr attr;
-- 
2.11.0