* [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
@ 2017-10-14 13:27 aviadye
2017-10-14 13:27 ` [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices aviadye
` (13 more replies)
0 siblings, 14 replies; 72+ messages in thread
From: aviadye @ 2017-10-14 13:27 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
As agreed with Sergio and Pablo
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
MAINTAINERS | 1 +
1 file changed, 1 insertion(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index c00d6d8..d814ac1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -919,6 +919,7 @@ F: examples/helloworld/
F: doc/guides/sample_app_ug/hello_world.rst
M: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
+M: Aviad Shaul Yehezkel <aviadye@mellanox.com>
F: examples/ipsec-secgw/
F: doc/guides/sample_app_ug/ipsec_secgw.rst
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
@ 2017-10-14 13:27 ` aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-14 13:27 ` [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead aviadye
` (12 subsequent siblings)
13 siblings, 1 reply; 72+ messages in thread
From: aviadye @ 2017-10-14 13:27 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
This was broken since new aead xfrom was introduced
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++++++----------
examples/ipsec-secgw/ipsec.h | 1 +
2 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 99dc270..7bf692c 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1113,7 +1113,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
uint16_t qp, struct lcore_params *params,
struct ipsec_ctx *ipsec_ctx,
const struct rte_cryptodev_capabilities *cipher,
- const struct rte_cryptodev_capabilities *auth)
+ const struct rte_cryptodev_capabilities *auth,
+ const struct rte_cryptodev_capabilities *aead)
{
int32_t ret = 0;
unsigned long i;
@@ -1124,6 +1125,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
key.cipher_algo = cipher->sym.cipher.algo;
if (auth)
key.auth_algo = auth->sym.auth.algo;
+ if (aead)
+ key.aead_algo = aead->sym.aead.algo;
ret = rte_hash_lookup(map, &key);
if (ret != -ENOENT)
@@ -1192,19 +1195,25 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
continue;
- if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+ if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ ret |= add_mapping(map, str, cdev_id, qp, params,
+ ipsec_ctx, NULL, NULL, i);
continue;
+ }
- for (j = dev_info->capabilities;
- j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
- if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
- continue;
+ if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ for (j = dev_info->capabilities;
+ j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
+ if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ continue;
- if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
- continue;
+ if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
+ continue;
- ret |= add_mapping(map, str, cdev_id, qp, params,
- ipsec_ctx, i, j);
+ ret |= add_mapping(map, str, cdev_id, qp, params,
+ ipsec_ctx, i, j, NULL);
+ }
+ continue;
}
}
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index da1fb1b..7d057ae 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -150,6 +150,7 @@ struct cdev_key {
uint16_t lcore_id;
uint8_t cipher_algo;
uint8_t auth_algo;
+ uint8_t aead_algo;
};
struct socket_ctx {
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
2017-10-14 13:27 ` [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices aviadye
@ 2017-10-14 13:27 ` aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-16 15:33 ` De Lara Guarch, Pablo
2017-10-14 13:27 ` [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support aviadye
` (11 subsequent siblings)
13 siblings, 2 replies; 72+ messages in thread
From: aviadye @ 2017-10-14 13:27 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Search for session also with aead key
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/ipsec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 0afb9d6..daa1d7b 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -56,13 +56,17 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
key.cipher_algo = (uint8_t)sa->cipher_algo;
key.auth_algo = (uint8_t)sa->auth_algo;
+ key.aead_algo = (uint8_t)sa->aead_algo;
ret = rte_hash_lookup_data(ipsec_ctx->cdev_map, &key,
(void **)&cdev_id_qp);
if (ret < 0) {
RTE_LOG(ERR, IPSEC, "No cryptodev: core %u, cipher_algo %u, "
- "auth_algo %u\n", key.lcore_id, key.cipher_algo,
- key.auth_algo);
+ "auth_algo %u aead_algo %u\n",
+ key.lcore_id,
+ key.cipher_algo,
+ key.auth_algo,
+ key.aead_algo);
return -1;
}
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
2017-10-14 13:27 ` [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices aviadye
2017-10-14 13:27 ` [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead aviadye
@ 2017-10-14 13:27 ` aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-14 13:27 ` [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport aviadye
` (10 subsequent siblings)
13 siblings, 1 reply; 72+ messages in thread
From: aviadye @ 2017-10-14 13:27 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
This cause auth failure issue
Seems like this was broken for aes-gcm for a long time
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/sa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 7be0e62..ef94475 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -431,7 +431,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
rule->aead_algo = algo->algo;
rule->cipher_key_len = algo->key_len;
rule->digest_len = algo->digest_len;
- rule->aad_len = algo->key_len;
+ rule->aad_len = algo->aad_len;
rule->block_size = algo->block_size;
rule->iv_len = algo->iv_len;
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (2 preceding siblings ...)
2017-10-14 13:27 ` [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support aviadye
@ 2017-10-14 13:27 ` aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:30 ` Sergio Gonzalez Monroy
2017-10-14 13:27 ` [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode aviadye
` (9 subsequent siblings)
13 siblings, 2 replies; 72+ messages in thread
From: aviadye @ 2017-10-14 13:27 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Seems like transport was broken for a long time
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/esp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 70bb81f..56ad7a0 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -306,8 +306,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
sizeof(struct esp_hdr) + sa->iv_len);
memmove(new_ip, ip4, ip_hdr_len);
esp = (struct esp_hdr *)(new_ip + ip_hdr_len);
+ ip4 = (struct ip *)new_ip;
if (likely(ip4->ip_v == IPVERSION)) {
- ip4 = (struct ip *)new_ip;
ip4->ip_p = IPPROTO_ESP;
ip4->ip_len = htons(rte_pktmbuf_data_len(m));
} else {
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (3 preceding siblings ...)
2017-10-14 13:27 ` [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport aviadye
@ 2017-10-14 13:27 ` aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:36 ` Sergio Gonzalez Monroy
2017-10-14 13:27 ` [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad aviadye
` (8 subsequent siblings)
13 siblings, 2 replies; 72+ messages in thread
From: aviadye @ 2017-10-14 13:27 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/esp.c | 51 ++++++++++++++++++++++++++--------------------
1 file changed, 29 insertions(+), 22 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 56ad7a0..689e917 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -229,25 +229,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
uint8_t *padding, *new_ip, nlp;
struct rte_crypto_sym_op *sym_cop;
int32_t i;
- uint16_t pad_payload_len, pad_len, ip_hdr_len;
+ uint16_t pad_payload_len, pad_len = 0;
+ uint16_t inner_ip_hdr_len = 0, ip_hdr_len = 0;
RTE_ASSERT(m != NULL);
RTE_ASSERT(sa != NULL);
+ RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
+ sa->flags == TRANSPORT);
RTE_ASSERT(cop != NULL);
- ip_hdr_len = 0;
-
ip4 = rte_pktmbuf_mtod(m, struct ip *);
if (likely(ip4->ip_v == IPVERSION)) {
- if (unlikely(sa->flags == TRANSPORT)) {
- ip_hdr_len = ip4->ip_hl * 4;
+ ip_hdr_len = ip4->ip_hl * 4;
+ if (unlikely(sa->flags == TRANSPORT))
nlp = ip4->ip_p;
- } else
+ else
nlp = IPPROTO_IPIP;
} else if (ip4->ip_v == IP6_VERSION) {
+ /* XXX No option headers supported */
+ ip_hdr_len = sizeof(struct ip6_hdr);
if (unlikely(sa->flags == TRANSPORT)) {
- /* XXX No option headers supported */
- ip_hdr_len = sizeof(struct ip6_hdr);
ip6 = (struct ip6_hdr *)ip4;
nlp = ip6->ip6_nxt;
} else
@@ -259,22 +260,28 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
}
/* Padded payload length */
- pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) -
- ip_hdr_len + 2, sa->block_size);
- pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
-
- RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
- sa->flags == TRANSPORT);
-
- if (likely(sa->flags == IP4_TUNNEL))
+ if (unlikely(sa->flags == TRANSPORT)) {
+ pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
+ sizeof(nlp) + 1 - ip_hdr_len,
+ sa->block_size);
+ pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
+ } else {
+ inner_ip_hdr_len = ip_hdr_len;
ip_hdr_len = sizeof(struct ip);
- else if (sa->flags == IP6_TUNNEL)
- ip_hdr_len = sizeof(struct ip6_hdr);
- else if (sa->flags != TRANSPORT) {
- RTE_LOG(ERR, IPSEC_ESP, "Unsupported SA flags: 0x%x\n",
- sa->flags);
- return -EINVAL;
+ if (sa->flags == IP6_TUNNEL)
+ ip_hdr_len = sizeof(struct ip6_hdr);
+
+ pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
+ sizeof(nlp) + 1,
+ sa->block_size);
+ pad_len = pad_payload_len - rte_pktmbuf_pkt_len(m);
}
+ RTE_LOG(DEBUG, IPSEC_ESP, "rte_pktmbuf_pkt_len=%u "
+ "inner_ip_hdr_len=%u ip_hdr_len=%u "
+ "pad_payload_len=%u pad_len=%u\n",
+ rte_pktmbuf_pkt_len(m),
+ inner_ip_hdr_len, ip_hdr_len,
+ pad_payload_len, pad_len);
/* Check maximum packet size */
if (unlikely(ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len +
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (4 preceding siblings ...)
2017-10-14 13:27 ` [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode aviadye
@ 2017-10-14 13:27 ` aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:39 ` Sergio Gonzalez Monroy
2017-10-14 13:28 ` [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64 aviadye
` (7 subsequent siblings)
13 siblings, 2 replies; 72+ messages in thread
From: aviadye @ 2017-10-14 13:27 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/esp.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 689e917..aa2233d 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -355,8 +355,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
aad = get_aad(m);
memcpy(aad, esp, 8);
sym_cop->aead.aad.data = aad;
- sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
- aad - rte_pktmbuf_mtod(m, uint8_t *));
+ sym_cop->aead.aad.phys_addr = rte_mem_virt2phy(aad);
sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
rte_pktmbuf_pkt_len(m) - sa->digest_len);
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (5 preceding siblings ...)
2017-10-14 13:27 ` [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad aviadye
@ 2017-10-14 13:28 ` aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:42 ` Sergio Gonzalez Monroy
2017-10-14 13:28 ` [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport aviadye
` (6 subsequent siblings)
13 siblings, 2 replies; 72+ messages in thread
From: aviadye @ 2017-10-14 13:28 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
To be compatibile with Linux kernel
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/esp.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index aa2233d..81ebf55 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
uint8_t *aad;
- *iv = sa->seq;
+ *iv = rte_cpu_to_be_64(sa->seq);
sym_cop->aead.data.offset = ip_hdr_len +
sizeof(struct esp_hdr) + sa->iv_len;
sym_cop->aead.data.length = pad_payload_len;
@@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct cnt_blk *icb = get_cnt_blk(m);
icb->salt = sa->salt;
- icb->iv = sa->seq;
+ icb->iv = rte_cpu_to_be_64(sa->seq);
icb->cnt = rte_cpu_to_be_32(1);
aad = get_aad(m);
@@ -371,7 +371,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
- *iv = sa->seq;
+ *iv = rte_cpu_to_be_64(sa->seq);
sym_cop->cipher.data.offset = ip_hdr_len +
sizeof(struct esp_hdr) + sa->iv_len;
sym_cop->cipher.data.length = pad_payload_len;
@@ -390,7 +390,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct cnt_blk *icb = get_cnt_blk(m);
icb->salt = sa->salt;
- icb->iv = sa->seq;
+ icb->iv = rte_cpu_to_be_64(sa->seq);
icb->cnt = rte_cpu_to_be_32(1);
switch (sa->auth_algo) {
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (6 preceding siblings ...)
2017-10-14 13:28 ` [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64 aviadye
@ 2017-10-14 13:28 ` aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-16 9:43 ` Sergio Gonzalez Monroy
2017-10-14 13:28 ` [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling aviadye
` (5 subsequent siblings)
13 siblings, 2 replies; 72+ messages in thread
From: aviadye @ 2017-10-14 13:28 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
IP length was incorrect causing corrupted ICMP packets for example
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/esp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 81ebf55..12c6f8c 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -205,13 +205,13 @@ esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
if (likely(ip->ip_v == IPVERSION)) {
memmove(ip4, ip, ip->ip_hl * 4);
ip4->ip_p = *nexthdr;
- ip4->ip_len = htons(rte_pktmbuf_data_len(m));
+ ip4->ip_len = htons(rte_pktmbuf_pkt_len(m));
} else {
ip6 = (struct ip6_hdr *)ip4;
/* XXX No option headers supported */
memmove(ip6, ip, sizeof(struct ip6_hdr));
ip6->ip6_nxt = *nexthdr;
- ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
+ ip6->ip6_plen = htons(rte_pktmbuf_pkt_len(m));
}
} else
ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len);
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (7 preceding siblings ...)
2017-10-14 13:28 ` [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport aviadye
@ 2017-10-14 13:28 ` aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-16 9:44 ` Sergio Gonzalez Monroy
2017-10-14 13:28 ` [dpdk-dev] [PATCH 11/11] examples/ipsec-secgw: Ethernet MAC configuration is now dynamic throw conf file aviadye
` (4 subsequent siblings)
13 siblings, 2 replies; 72+ messages in thread
From: aviadye @ 2017-10-14 13:28 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Nicolai Radu <radu.nicolai@intel.com>
---
app/test-pmd/cmdline.c | 13 ++++++++++---
app/test-pmd/config.c | 12 +++++++++++-
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
index bb19d72..e4a636e 100644
--- a/app/test-pmd/cmdline.c
+++ b/app/test-pmd/cmdline.c
@@ -7377,11 +7377,17 @@ struct cmd_set_vf_rxmode {
};
static void
-cmd_set_vf_rxmode_parsed(void *parsed_result,
- __attribute__((unused)) struct cmdline *cl,
- __attribute__((unused)) void *data)
+cmd_set_vf_rxmode_parsed(
+#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
+ void *parsed_result,
+#else
+ __attribute__((unused)) void *parsed_result,
+#endif
+ __attribute__((unused)) struct cmdline *cl,
+ __attribute__((unused)) void *data)
{
int ret = -ENOTSUP;
+#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
uint16_t rx_mode = 0;
struct cmd_set_vf_rxmode *res = parsed_result;
@@ -7396,6 +7402,7 @@ cmd_set_vf_rxmode_parsed(void *parsed_result,
else if (!strncmp(res->mode, "MPE",3))
rx_mode |= ETH_VMDQ_ACCEPT_MULTICAST;
}
+#endif
#ifdef RTE_LIBRTE_IXGBE_PMD
if (ret == -ENOTSUP)
diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c
index bafe76c..d38ba82 100644
--- a/app/test-pmd/config.c
+++ b/app/test-pmd/config.c
@@ -3181,7 +3181,17 @@ set_queue_rate_limit(portid_t port_id, uint16_t queue_idx, uint16_t rate)
}
int
-set_vf_rate_limit(portid_t port_id, uint16_t vf, uint16_t rate, uint64_t q_msk)
+set_vf_rate_limit(
+ portid_t port_id,
+#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
+ uint16_t vf,
+ uint16_t rate,
+ uint64_t q_msk)
+#else
+ __attribute__((unused)) uint16_t vf,
+ __attribute__((unused)) uint16_t rate,
+ __attribute__((unused)) uint64_t q_msk)
+#endif
{
int diag = -ENOTSUP;
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH 11/11] examples/ipsec-secgw: Ethernet MAC configuration is now dynamic throw conf file
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (8 preceding siblings ...)
2017-10-14 13:28 ` [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling aviadye
@ 2017-10-14 13:28 ` aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-15 12:53 ` [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file Aviad Yehezkel
` (3 subsequent siblings)
13 siblings, 1 reply; 72+ messages in thread
From: aviadye @ 2017-10-14 13:28 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
examples/ipsec-secgw/Makefile | 1 +
examples/ipsec-secgw/ep0.cfg | 6 +
examples/ipsec-secgw/ep1.cfg | 6 +
examples/ipsec-secgw/eth.c | 238 +++++++++++++++++++++++++++++++++++++
examples/ipsec-secgw/ipsec-secgw.c | 79 +++---------
examples/ipsec-secgw/ipsec.h | 8 ++
examples/ipsec-secgw/parser.c | 69 +++++++++++
examples/ipsec-secgw/parser.h | 35 ++++++
8 files changed, 378 insertions(+), 64 deletions(-)
create mode 100644 examples/ipsec-secgw/eth.c
diff --git a/examples/ipsec-secgw/Makefile b/examples/ipsec-secgw/Makefile
index 17e9155..0dacd3c 100644
--- a/examples/ipsec-secgw/Makefile
+++ b/examples/ipsec-secgw/Makefile
@@ -60,6 +60,7 @@ SRCS-y += sp4.c
SRCS-y += sp6.c
SRCS-y += sa.c
SRCS-y += rt.c
+SRCS-y += eth.c
SRCS-y += ipsec-secgw.c
include $(RTE_SDK)/mk/rte.extapp.mk
diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg
index 299aa9e..eda4499 100644
--- a/examples/ipsec-secgw/ep0.cfg
+++ b/examples/ipsec-secgw/ep0.cfg
@@ -158,3 +158,9 @@ rt ipv6 dst ffff:0000:0000:0000:5555:5555:0000:0000/116 port 2
rt ipv6 dst ffff:0000:0000:0000:6666:6666:0000:0000/116 port 3
rt ipv6 dst ffff:0000:1111:1111:0000:0000:0000:0000/116 port 2
rt ipv6 dst ffff:0000:1111:1111:1111:1111:0000:0000/116 port 3
+
+#ETH Addresses
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:7e:94:9a port 0
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:22:a1:d9 port 1
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:08:69:26 port 2
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:49:9e:dd port 3
diff --git a/examples/ipsec-secgw/ep1.cfg b/examples/ipsec-secgw/ep1.cfg
index 3f6ff81..e6d4e26 100644
--- a/examples/ipsec-secgw/ep1.cfg
+++ b/examples/ipsec-secgw/ep1.cfg
@@ -158,3 +158,9 @@ rt ipv6 dst 0000:0000:0000:0000:5555:5555:0000:0000/116 port 2
rt ipv6 dst 0000:0000:0000:0000:6666:6666:0000:0000/116 port 3
rt ipv6 dst 0000:0000:1111:1111:0000:0000:0000:0000/116 port 2
rt ipv6 dst 0000:0000:1111:1111:1111:1111:0000:0000/116 port 3
+
+#ETH Addresses
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:7e:94:9a port 0
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:22:a1:d9 port 1
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:08:69:26 port 2
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:49:9e:dd port 3
diff --git a/examples/ipsec-secgw/eth.c b/examples/ipsec-secgw/eth.c
new file mode 100644
index 0000000..b4f7120
--- /dev/null
+++ b/examples/ipsec-secgw/eth.c
@@ -0,0 +1,238 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Ethernet Address
+ */
+#include <stdint.h>
+#include <sys/types.h>
+#include <rte_ether.h>
+#include <rte_errno.h>
+#include <rte_ethdev.h>
+
+#include "ipsec.h"
+#include "parser.h"
+
+#define ETH_DST_MAX_RULES 1024
+
+struct addr {
+ uint8_t port;
+ struct ether_addr src;
+ struct ether_addr dst;
+};
+
+struct addr eth_addr[ETH_DST_MAX_RULES];
+uint32_t nb_eth_addr;
+
+void
+parse_eth_tokens(char **tokens, uint32_t n_tokens,
+ struct parse_status *status)
+{
+ uint32_t ti;
+ uint32_t *n_addr = NULL;
+ struct addr *addr = NULL;
+
+ if (strcmp(tokens[0], "addr") == 0) {
+ n_addr = &nb_eth_addr;
+ addr = ð_addr[*n_addr];
+
+ APP_CHECK(*n_addr <= ETH_DST_MAX_RULES - 1, status,
+ "too many eth dst rules, abort insertion\n");
+ if (status->status < 0)
+ return;
+ } else {
+ APP_CHECK(0, status, "unrecognized input \"%s\"",
+ tokens[0]);
+ return;
+ }
+
+ for (ti = 1; ti < n_tokens; ti++) {
+ if (strcmp(tokens[ti], "src") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+
+ if (addr != NULL) {
+ APP_CHECK(parse_eth_addr(tokens[ti],
+ &addr->src) == 0, status,
+ "unrecognized input \"%s\", "
+ "expect valid src addr",
+ tokens[ti]);
+ if (status->status < 0)
+ return;
+ } else {
+ APP_CHECK(0, status, "addr is NULL");
+ }
+ }
+
+ if (strcmp(tokens[ti], "dst") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+
+ if (addr != NULL) {
+ APP_CHECK(parse_eth_addr(tokens[ti],
+ &addr->dst) == 0, status,
+ "unrecognized input \"%s\", "
+ "expect valid dst addr",
+ tokens[ti]);
+ if (status->status < 0)
+ return;
+ } else {
+ APP_CHECK(0, status, "addr is NULL");
+ }
+ }
+
+ if (strcmp(tokens[ti], "port") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+
+ APP_CHECK_TOKEN_IS_NUM(tokens, ti, status);
+ if (status->status < 0)
+ return;
+
+ if (addr != NULL)
+ addr->port = atoi(tokens[ti]);
+ else
+ APP_CHECK(0, status, "addr is NULL");
+ }
+ }
+
+ *n_addr = *n_addr + 1;
+}
+
+static struct eth_ctx *
+eth_create(const char *name, int32_t socket_id)
+{
+ char s[PATH_MAX];
+ struct eth_ctx *eth_ctx;
+ uint32_t mz_size;
+ const struct rte_memzone *mz;
+
+ snprintf(s, sizeof(s), "%s_%u", name, socket_id);
+
+ /* Create SA array table */
+ printf("Creating ETH context with %u maximum entries\n",
+ RTE_MAX_ETHPORTS);
+
+ mz_size = sizeof(struct eth_ctx) * RTE_MAX_ETHPORTS;
+ mz = rte_memzone_reserve(s, mz_size, socket_id,
+ RTE_MEMZONE_1GB | RTE_MEMZONE_SIZE_HINT_ONLY);
+ if (mz == NULL) {
+ printf("Failed to allocate SA DB memory\n");
+ rte_errno = -ENOMEM;
+ return NULL;
+ }
+ memset(mz->addr, 0, mz_size);
+
+ eth_ctx = (struct eth_ctx *)mz->addr;
+ return eth_ctx;
+}
+
+static void
+eth_ctx_dump(struct eth_ctx *eth_addr, uint32_t mask)
+{
+ char name[256];
+ uint32_t nb_ports;
+ uint8_t port;
+
+ nb_ports = rte_eth_dev_count();
+ for (port = 0; port < nb_ports; ++port) {
+ if ((mask & (1 << port)) == 0)
+ continue;
+
+ if (rte_eth_dev_get_name_by_port(port, name) < 0)
+ rte_exit(EXIT_FAILURE, "Unable to find name "
+ "to port=%d\n", port);
+
+ printf("%s-dst-0x%lx\n", name, eth_addr[port].dst);
+ printf("%s-src-0x%lx\n", name, eth_addr[port].src);
+ }
+}
+
+void
+eth_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t mask)
+{
+ const char *name;
+ uint32_t i, nb_ports;
+ uint8_t port;
+ struct ether_addr ethaddr;
+
+ if (ctx == NULL)
+ rte_exit(EXIT_FAILURE, "NULL context.\n");
+
+ if (ctx->eth_addr != NULL)
+ rte_exit(EXIT_FAILURE, "ETH Address Table for socket %u "
+ "already initialized\n", socket_id);
+
+ if (nb_eth_addr == 0)
+ RTE_LOG(WARNING, IPSEC, "No ETH address rule specified\n");
+
+ /* create the ETH table */
+ name = "eth_addr";
+ ctx->eth_addr = eth_create(name, socket_id);
+ if (ctx->eth_addr == NULL)
+ rte_exit(EXIT_FAILURE, "Error [%d] creating ETH "
+ "context %s in socket %d\n", rte_errno,
+ name, socket_id);
+
+ /* populate the ETH table */
+ for (i = 0; i < nb_eth_addr; ++i) {
+ port = eth_addr[i].port;
+
+ if (ctx->eth_addr[port].dst != 0)
+ rte_exit(EXIT_FAILURE, "ETH destination address "
+ "for port %u already in use\n",
+ port);
+ if (ctx->eth_addr[port].src != 0)
+ rte_exit(EXIT_FAILURE, "ETH source address "
+ "for port %u already in use\n",
+ port);
+
+ ctx->eth_addr[port].dst = ETHADDR_TO_UINT64(eth_addr[i].dst);
+ ctx->eth_addr[port].src = ETHADDR_TO_UINT64(eth_addr[i].src);
+ }
+
+ nb_ports = rte_eth_dev_count();
+ for (port = 0; port < nb_ports; ++port) {
+ if ((mask & (1 << port)) == 0)
+ continue;
+
+ if (ctx->eth_addr[port].src == 0) {
+ rte_eth_macaddr_get(port, ðaddr);
+ ctx->eth_addr[port].src = ETHADDR_TO_UINT64(ethaddr);
+ }
+ }
+ eth_ctx_dump(ctx->eth_addr, mask);
+}
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 7bf692c..787e14a 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -112,47 +112,6 @@
static uint16_t nb_rxd = IPSEC_SECGW_RX_DESC_DEFAULT;
static uint16_t nb_txd = IPSEC_SECGW_TX_DESC_DEFAULT;
-#if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN
-#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
- (((uint64_t)((a) & 0xff) << 56) | \
- ((uint64_t)((b) & 0xff) << 48) | \
- ((uint64_t)((c) & 0xff) << 40) | \
- ((uint64_t)((d) & 0xff) << 32) | \
- ((uint64_t)((e) & 0xff) << 24) | \
- ((uint64_t)((f) & 0xff) << 16) | \
- ((uint64_t)((g) & 0xff) << 8) | \
- ((uint64_t)(h) & 0xff))
-#else
-#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
- (((uint64_t)((h) & 0xff) << 56) | \
- ((uint64_t)((g) & 0xff) << 48) | \
- ((uint64_t)((f) & 0xff) << 40) | \
- ((uint64_t)((e) & 0xff) << 32) | \
- ((uint64_t)((d) & 0xff) << 24) | \
- ((uint64_t)((c) & 0xff) << 16) | \
- ((uint64_t)((b) & 0xff) << 8) | \
- ((uint64_t)(a) & 0xff))
-#endif
-#define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0))
-
-#define ETHADDR_TO_UINT64(addr) __BYTES_TO_UINT64( \
- addr.addr_bytes[0], addr.addr_bytes[1], \
- addr.addr_bytes[2], addr.addr_bytes[3], \
- addr.addr_bytes[4], addr.addr_bytes[5], \
- 0, 0)
-
-/* port/source ethernet addr and destination ethernet addr */
-struct ethaddr_info {
- uint64_t src, dst;
-};
-
-struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = {
- { 0, ETHADDR(0x00, 0x16, 0x3e, 0x7e, 0x94, 0x9a) },
- { 0, ETHADDR(0x00, 0x16, 0x3e, 0x22, 0xa1, 0xd9) },
- { 0, ETHADDR(0x00, 0x16, 0x3e, 0x08, 0x69, 0x26) },
- { 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) }
-};
-
/* mask of enabled ports */
static uint32_t enabled_port_mask;
static uint32_t unprotected_port_mask;
@@ -195,6 +154,7 @@ struct lcore_conf {
struct ipsec_ctx outbound;
struct rt_ctx *rt4_ctx;
struct rt_ctx *rt6_ctx;
+ struct eth_ctx *eth_addr;
} __rte_cache_aligned;
static struct lcore_conf lcore_conf[RTE_MAX_LCORE];
@@ -290,7 +250,7 @@ prepare_traffic(struct rte_mbuf **pkts, struct ipsec_traffic *t,
}
static inline void
-prepare_tx_pkt(struct rte_mbuf *pkt, uint8_t port)
+prepare_tx_pkt(struct rte_mbuf *pkt, uint64_t *src, uint64_t *dst)
{
struct ip *ip;
struct ether_hdr *ethhdr;
@@ -313,25 +273,24 @@ prepare_tx_pkt(struct rte_mbuf *pkt, uint8_t port)
ethhdr->ether_type = rte_cpu_to_be_16(ETHER_TYPE_IPv6);
}
- memcpy(ðhdr->s_addr, ðaddr_tbl[port].src,
- sizeof(struct ether_addr));
- memcpy(ðhdr->d_addr, ðaddr_tbl[port].dst,
- sizeof(struct ether_addr));
+ memcpy(ðhdr->s_addr, src, sizeof(struct ether_addr));
+ memcpy(ðhdr->d_addr, dst, sizeof(struct ether_addr));
}
static inline void
-prepare_tx_burst(struct rte_mbuf *pkts[], uint16_t nb_pkts, uint8_t port)
+prepare_tx_burst(struct rte_mbuf *pkts[], uint64_t *src, uint64_t *dst,
+ uint16_t nb_pkts)
{
int32_t i;
const int32_t prefetch_offset = 2;
for (i = 0; i < (nb_pkts - prefetch_offset); i++) {
rte_mbuf_prefetch_part2(pkts[i + prefetch_offset]);
- prepare_tx_pkt(pkts[i], port);
+ prepare_tx_pkt(pkts[i], src, dst);
}
/* Process left packets */
for (; i < nb_pkts; i++)
- prepare_tx_pkt(pkts[i], port);
+ prepare_tx_pkt(pkts[i], src, dst);
}
/* Send burst of packets on an output interface */
@@ -341,11 +300,14 @@ send_burst(struct lcore_conf *qconf, uint16_t n, uint8_t port)
struct rte_mbuf **m_table;
int32_t ret;
uint16_t queueid;
+ uint64_t *src, *dst;
queueid = qconf->tx_queue_id[port];
m_table = (struct rte_mbuf **)qconf->tx_mbufs[port].m_table;
+ src = &qconf->eth_addr[port].src;
+ dst = &qconf->eth_addr[port].dst;
- prepare_tx_burst(m_table, n, port);
+ prepare_tx_burst(m_table, src, dst, n);
ret = rte_eth_tx_burst(port, queueid, m_table, n);
if (unlikely(ret < n)) {
@@ -706,6 +668,7 @@ main_loop(__attribute__((unused)) void *dummy)
qconf->rt4_ctx = socket_ctx[socket_id].rt_ip4;
qconf->rt6_ctx = socket_ctx[socket_id].rt_ip6;
+ qconf->eth_addr = socket_ctx[socket_id].eth_addr;
qconf->inbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_in;
qconf->inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
@@ -1045,14 +1008,6 @@ parse_args(int32_t argc, char **argv)
return ret;
}
-static void
-print_ethaddr(const char *name, const struct ether_addr *eth_addr)
-{
- char buf[ETHER_ADDR_FMT_SIZE];
- ether_format_addr(buf, ETHER_ADDR_FMT_SIZE, eth_addr);
- printf("%s%s", name, buf);
-}
-
/* Check the link status of all ports in up to 9s, and print them finally */
static void
check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
@@ -1339,17 +1294,11 @@ port_init(uint8_t portid)
uint16_t tx_queueid, rx_queueid, queue, lcore_id;
int32_t ret, socket_id;
struct lcore_conf *qconf;
- struct ether_addr ethaddr;
rte_eth_dev_info_get(portid, &dev_info);
printf("Configuring device port %u:\n", portid);
- rte_eth_macaddr_get(portid, ðaddr);
- ethaddr_tbl[portid].src = ETHADDR_TO_UINT64(ethaddr);
- print_ethaddr("Address: ", ðaddr);
- printf("\n");
-
nb_rx_queue = get_port_nb_rx_queues(portid);
nb_tx_queue = nb_lcores;
@@ -1499,6 +1448,8 @@ main(int32_t argc, char **argv)
rt_init(&socket_ctx[socket_id], socket_id);
+ eth_init(&socket_ctx[socket_id], socket_id, enabled_port_mask);
+
pool_init(&socket_ctx[socket_id], socket_id, NB_MBUF);
}
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 7d057ae..9e22b1b 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -153,6 +153,10 @@ struct cdev_key {
uint8_t aead_algo;
};
+struct eth_ctx {
+ uint64_t src, dst;
+};
+
struct socket_ctx {
struct sa_ctx *sa_in;
struct sa_ctx *sa_out;
@@ -162,6 +166,7 @@ struct socket_ctx {
struct sp_ctx *sp_ip6_out;
struct rt_ctx *rt_ip4;
struct rt_ctx *rt_ip6;
+ struct eth_ctx *eth_addr;
struct rte_mempool *mbuf_pool;
struct rte_mempool *session_pool;
};
@@ -237,4 +242,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id);
void
rt_init(struct socket_ctx *ctx, int32_t socket_id);
+void
+eth_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t mask);
+
#endif /* __IPSEC_H__ */
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index 9d0ea46..24ca8c2 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -292,6 +292,30 @@ parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask)
}
int
+parse_eth_addr(const char *token, struct ether_addr *addr)
+{
+ char addr_str[256] = {0};
+ int i, values[6];
+
+ if (strlen(token) >= 256)
+ return -EINVAL;
+
+ strncpy(addr_str, token, strlen(token));
+
+ if (6 != sscanf(addr_str, "%02X:%02X:%02X:%02X:%02X:%02X",
+ &values[0], &values[1],
+ &values[2], &values[3],
+ &values[4], &values[5])) {
+ return -EINVAL;
+ }
+
+ for (i = 0; i < 6; ++i)
+ addr->addr_bytes[i] = (uint8_t)values[i];
+
+ return 0;
+}
+
+int
parse_range(const char *token, uint16_t *low, uint16_t *high)
{
char ch;
@@ -469,11 +493,55 @@ cmdline_parse_inst_t cfg_rt_add_rule = {
},
};
+/* eth add parse */
+struct cfg_eth_add_cfg_item {
+ cmdline_fixed_string_t eth_keyword;
+ cmdline_multi_string_t multi_string;
+};
+
+static void
+cfg_eth_add_cfg_item_parsed(void *parsed_result,
+ __rte_unused struct cmdline *cl, void *data)
+{
+ struct cfg_eth_add_cfg_item *params = parsed_result;
+ char *tokens[32];
+ uint32_t n_tokens = RTE_DIM(tokens);
+ struct parse_status *status = (struct parse_status *)data;
+
+ APP_CHECK(parse_tokenize_string(
+ params->multi_string, tokens, &n_tokens) == 0,
+ status, "too many arguments\n");
+ if (status->status < 0)
+ return;
+
+ parse_eth_tokens(tokens, n_tokens, status);
+}
+
+static cmdline_parse_token_string_t cfg_eth_add_eth_str =
+ TOKEN_STRING_INITIALIZER(struct cfg_eth_add_cfg_item,
+ eth_keyword, "eth");
+
+static cmdline_parse_token_string_t cfg_eth_add_multi_str =
+ TOKEN_STRING_INITIALIZER(struct cfg_eth_add_cfg_item, multi_string,
+ TOKEN_STRING_MULTI);
+
+cmdline_parse_inst_t cfg_eth_add_rule = {
+ .f = cfg_eth_add_cfg_item_parsed,
+ .data = NULL,
+ .help_str = "",
+ .tokens = {
+ (void *) &cfg_eth_add_eth_str,
+ (void *) &cfg_eth_add_multi_str,
+ NULL,
+ },
+};
+
/** set of cfg items */
cmdline_parse_ctx_t ipsec_ctx[] = {
(cmdline_parse_inst_t *)&cfg_sp_add_rule,
(cmdline_parse_inst_t *)&cfg_sa_add_rule,
(cmdline_parse_inst_t *)&cfg_rt_add_rule,
+ (cmdline_parse_inst_t *)&cfg_eth_add_rule,
NULL,
};
@@ -499,6 +567,7 @@ parse_cfg_file(const char *cfg_filename)
cfg_sp_add_rule.data = &status;
cfg_sa_add_rule.data = &status;
cfg_rt_add_rule.data = &status;
+ cfg_eth_add_rule.data = &status;
do {
char oneline[1024];
diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h
index d31ae01..daa7997 100644
--- a/examples/ipsec-secgw/parser.h
+++ b/examples/ipsec-secgw/parser.h
@@ -85,6 +85,34 @@ do { \
index++; \
} while (0)
+#if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN
+#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
+ (((uint64_t)((a) & 0xff) << 56) | \
+ ((uint64_t)((b) & 0xff) << 48) | \
+ ((uint64_t)((c) & 0xff) << 40) | \
+ ((uint64_t)((d) & 0xff) << 32) | \
+ ((uint64_t)((e) & 0xff) << 24) | \
+ ((uint64_t)((f) & 0xff) << 16) | \
+ ((uint64_t)((g) & 0xff) << 8) | \
+ ((uint64_t)(h) & 0xff))
+#else
+#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
+ (((uint64_t)((h) & 0xff) << 56) | \
+ ((uint64_t)((g) & 0xff) << 48) | \
+ ((uint64_t)((f) & 0xff) << 40) | \
+ ((uint64_t)((e) & 0xff) << 32) | \
+ ((uint64_t)((d) & 0xff) << 24) | \
+ ((uint64_t)((c) & 0xff) << 16) | \
+ ((uint64_t)((b) & 0xff) << 8) | \
+ ((uint64_t)(a) & 0xff))
+#endif
+
+#define ETHADDR_TO_UINT64(addr) __BYTES_TO_UINT64( \
+ addr.addr_bytes[0], addr.addr_bytes[1], \
+ addr.addr_bytes[2], addr.addr_bytes[3], \
+ addr.addr_bytes[4], addr.addr_bytes[5], \
+ 0, 0)
+
int
parse_ipv4_addr(const char *token, struct in_addr *ipv4, uint32_t *mask);
@@ -92,6 +120,9 @@ int
parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask);
int
+parse_eth_addr(const char *token, struct ether_addr *addr);
+
+int
parse_range(const char *token, uint16_t *low, uint16_t *high);
void
@@ -110,6 +141,10 @@ void
parse_rt_tokens(char **tokens, uint32_t n_tokens,
struct parse_status *status);
+void
+parse_eth_tokens(char **tokens, uint32_t n_tokens,
+ struct parse_status *status);
+
int
parse_cfg_file(const char *cfg_filename);
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (9 preceding siblings ...)
2017-10-14 13:28 ` [dpdk-dev] [PATCH 11/11] examples/ipsec-secgw: Ethernet MAC configuration is now dynamic throw conf file aviadye
@ 2017-10-15 12:53 ` Aviad Yehezkel
2017-10-16 7:33 ` De Lara Guarch, Pablo
2017-10-16 9:27 ` Sergio Gonzalez Monroy
` (2 subsequent siblings)
13 siblings, 1 reply; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:53 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> As agreed with Sergio and Pablo
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> MAINTAINERS | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index c00d6d8..d814ac1 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -919,6 +919,7 @@ F: examples/helloworld/
> F: doc/guides/sample_app_ug/hello_world.rst
>
> M: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> +M: Aviad Shaul Yehezkel <aviadye@mellanox.com>
> F: examples/ipsec-secgw/
> F: doc/guides/sample_app_ug/ipsec_secgw.rst
>
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices
2017-10-14 13:27 ` [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices aviadye
@ 2017-10-15 12:54 ` Aviad Yehezkel
2017-10-16 15:23 ` De Lara Guarch, Pablo
0 siblings, 1 reply; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:54 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> This was broken since new aead xfrom was introduced
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++++++----------
> examples/ipsec-secgw/ipsec.h | 1 +
> 2 files changed, 20 insertions(+), 10 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 99dc270..7bf692c 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -1113,7 +1113,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
> uint16_t qp, struct lcore_params *params,
> struct ipsec_ctx *ipsec_ctx,
> const struct rte_cryptodev_capabilities *cipher,
> - const struct rte_cryptodev_capabilities *auth)
> + const struct rte_cryptodev_capabilities *auth,
> + const struct rte_cryptodev_capabilities *aead)
> {
> int32_t ret = 0;
> unsigned long i;
> @@ -1124,6 +1125,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
> key.cipher_algo = cipher->sym.cipher.algo;
> if (auth)
> key.auth_algo = auth->sym.auth.algo;
> + if (aead)
> + key.aead_algo = aead->sym.aead.algo;
>
> ret = rte_hash_lookup(map, &key);
> if (ret != -ENOENT)
> @@ -1192,19 +1195,25 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
> if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
> continue;
>
> - if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
> + if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
> + ret |= add_mapping(map, str, cdev_id, qp, params,
> + ipsec_ctx, NULL, NULL, i);
> continue;
> + }
>
> - for (j = dev_info->capabilities;
> - j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
> - if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
> - continue;
> + if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> + for (j = dev_info->capabilities;
> + j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
> + if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
> + continue;
>
> - if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
> - continue;
> + if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
> + continue;
>
> - ret |= add_mapping(map, str, cdev_id, qp, params,
> - ipsec_ctx, i, j);
> + ret |= add_mapping(map, str, cdev_id, qp, params,
> + ipsec_ctx, i, j, NULL);
> + }
> + continue;
> }
> }
>
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index da1fb1b..7d057ae 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -150,6 +150,7 @@ struct cdev_key {
> uint16_t lcore_id;
> uint8_t cipher_algo;
> uint8_t auth_algo;
> + uint8_t aead_algo;
> };
>
> struct socket_ctx {
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead
2017-10-14 13:27 ` [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead aviadye
@ 2017-10-15 12:54 ` Aviad Yehezkel
2017-10-16 15:33 ` De Lara Guarch, Pablo
1 sibling, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:54 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Search for session also with aead key
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/ipsec.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 0afb9d6..daa1d7b 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -56,13 +56,17 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
>
> key.cipher_algo = (uint8_t)sa->cipher_algo;
> key.auth_algo = (uint8_t)sa->auth_algo;
> + key.aead_algo = (uint8_t)sa->aead_algo;
>
> ret = rte_hash_lookup_data(ipsec_ctx->cdev_map, &key,
> (void **)&cdev_id_qp);
> if (ret < 0) {
> RTE_LOG(ERR, IPSEC, "No cryptodev: core %u, cipher_algo %u, "
> - "auth_algo %u\n", key.lcore_id, key.cipher_algo,
> - key.auth_algo);
> + "auth_algo %u aead_algo %u\n",
> + key.lcore_id,
> + key.cipher_algo,
> + key.auth_algo,
> + key.aead_algo);
> return -1;
> }
>
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support
2017-10-14 13:27 ` [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support aviadye
@ 2017-10-15 12:54 ` Aviad Yehezkel
0 siblings, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:54 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> This cause auth failure issue
> Seems like this was broken for aes-gcm for a long time
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/sa.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 7be0e62..ef94475 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -431,7 +431,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
> rule->aead_algo = algo->algo;
> rule->cipher_key_len = algo->key_len;
> rule->digest_len = algo->digest_len;
> - rule->aad_len = algo->key_len;
> + rule->aad_len = algo->aad_len;
> rule->block_size = algo->block_size;
> rule->iv_len = algo->iv_len;
>
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport
2017-10-14 13:27 ` [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport aviadye
@ 2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:30 ` Sergio Gonzalez Monroy
1 sibling, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:55 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Seems like transport was broken for a long time
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 70bb81f..56ad7a0 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -306,8 +306,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> sizeof(struct esp_hdr) + sa->iv_len);
> memmove(new_ip, ip4, ip_hdr_len);
> esp = (struct esp_hdr *)(new_ip + ip_hdr_len);
> + ip4 = (struct ip *)new_ip;
> if (likely(ip4->ip_v == IPVERSION)) {
> - ip4 = (struct ip *)new_ip;
> ip4->ip_p = IPPROTO_ESP;
> ip4->ip_len = htons(rte_pktmbuf_data_len(m));
> } else {
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode
2017-10-14 13:27 ` [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode aviadye
@ 2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:36 ` Sergio Gonzalez Monroy
1 sibling, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:55 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 51 ++++++++++++++++++++++++++--------------------
> 1 file changed, 29 insertions(+), 22 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 56ad7a0..689e917 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -229,25 +229,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> uint8_t *padding, *new_ip, nlp;
> struct rte_crypto_sym_op *sym_cop;
> int32_t i;
> - uint16_t pad_payload_len, pad_len, ip_hdr_len;
> + uint16_t pad_payload_len, pad_len = 0;
> + uint16_t inner_ip_hdr_len = 0, ip_hdr_len = 0;
>
> RTE_ASSERT(m != NULL);
> RTE_ASSERT(sa != NULL);
> + RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> + sa->flags == TRANSPORT);
> RTE_ASSERT(cop != NULL);
>
> - ip_hdr_len = 0;
> -
> ip4 = rte_pktmbuf_mtod(m, struct ip *);
> if (likely(ip4->ip_v == IPVERSION)) {
> - if (unlikely(sa->flags == TRANSPORT)) {
> - ip_hdr_len = ip4->ip_hl * 4;
> + ip_hdr_len = ip4->ip_hl * 4;
> + if (unlikely(sa->flags == TRANSPORT))
> nlp = ip4->ip_p;
> - } else
> + else
> nlp = IPPROTO_IPIP;
> } else if (ip4->ip_v == IP6_VERSION) {
> + /* XXX No option headers supported */
> + ip_hdr_len = sizeof(struct ip6_hdr);
> if (unlikely(sa->flags == TRANSPORT)) {
> - /* XXX No option headers supported */
> - ip_hdr_len = sizeof(struct ip6_hdr);
> ip6 = (struct ip6_hdr *)ip4;
> nlp = ip6->ip6_nxt;
> } else
> @@ -259,22 +260,28 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> }
>
> /* Padded payload length */
> - pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) -
> - ip_hdr_len + 2, sa->block_size);
> - pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> -
> - RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> - sa->flags == TRANSPORT);
> -
> - if (likely(sa->flags == IP4_TUNNEL))
> + if (unlikely(sa->flags == TRANSPORT)) {
> + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> + sizeof(nlp) + 1 - ip_hdr_len,
> + sa->block_size);
> + pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> + } else {
> + inner_ip_hdr_len = ip_hdr_len;
> ip_hdr_len = sizeof(struct ip);
> - else if (sa->flags == IP6_TUNNEL)
> - ip_hdr_len = sizeof(struct ip6_hdr);
> - else if (sa->flags != TRANSPORT) {
> - RTE_LOG(ERR, IPSEC_ESP, "Unsupported SA flags: 0x%x\n",
> - sa->flags);
> - return -EINVAL;
> + if (sa->flags == IP6_TUNNEL)
> + ip_hdr_len = sizeof(struct ip6_hdr);
> +
> + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> + sizeof(nlp) + 1,
> + sa->block_size);
> + pad_len = pad_payload_len - rte_pktmbuf_pkt_len(m);
> }
> + RTE_LOG(DEBUG, IPSEC_ESP, "rte_pktmbuf_pkt_len=%u "
> + "inner_ip_hdr_len=%u ip_hdr_len=%u "
> + "pad_payload_len=%u pad_len=%u\n",
> + rte_pktmbuf_pkt_len(m),
> + inner_ip_hdr_len, ip_hdr_len,
> + pad_payload_len, pad_len);
>
> /* Check maximum packet size */
> if (unlikely(ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len +
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad
2017-10-14 13:27 ` [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad aviadye
@ 2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:39 ` Sergio Gonzalez Monroy
1 sibling, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:55 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 689e917..aa2233d 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -355,8 +355,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> aad = get_aad(m);
> memcpy(aad, esp, 8);
> sym_cop->aead.aad.data = aad;
> - sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
> - aad - rte_pktmbuf_mtod(m, uint8_t *));
> + sym_cop->aead.aad.phys_addr = rte_mem_virt2phy(aad);
>
> sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
> rte_pktmbuf_pkt_len(m) - sa->digest_len);
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64
2017-10-14 13:28 ` [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64 aviadye
@ 2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:42 ` Sergio Gonzalez Monroy
1 sibling, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:55 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:28 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> To be compatibile with Linux kernel
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index aa2233d..81ebf55 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> uint8_t *aad;
>
> - *iv = sa->seq;
> + *iv = rte_cpu_to_be_64(sa->seq);
> sym_cop->aead.data.offset = ip_hdr_len +
> sizeof(struct esp_hdr) + sa->iv_len;
> sym_cop->aead.data.length = pad_payload_len;
> @@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
>
> struct cnt_blk *icb = get_cnt_blk(m);
> icb->salt = sa->salt;
> - icb->iv = sa->seq;
> + icb->iv = rte_cpu_to_be_64(sa->seq);
> icb->cnt = rte_cpu_to_be_32(1);
>
> aad = get_aad(m);
> @@ -371,7 +371,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
> break;
> case RTE_CRYPTO_CIPHER_AES_CTR:
> - *iv = sa->seq;
> + *iv = rte_cpu_to_be_64(sa->seq);
> sym_cop->cipher.data.offset = ip_hdr_len +
> sizeof(struct esp_hdr) + sa->iv_len;
> sym_cop->cipher.data.length = pad_payload_len;
> @@ -390,7 +390,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
>
> struct cnt_blk *icb = get_cnt_blk(m);
> icb->salt = sa->salt;
> - icb->iv = sa->seq;
> + icb->iv = rte_cpu_to_be_64(sa->seq);
> icb->cnt = rte_cpu_to_be_32(1);
>
> switch (sa->auth_algo) {
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport
2017-10-14 13:28 ` [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport aviadye
@ 2017-10-15 12:56 ` Aviad Yehezkel
2017-10-16 9:43 ` Sergio Gonzalez Monroy
1 sibling, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:56 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:28 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> IP length was incorrect causing corrupted ICMP packets for example
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 81ebf55..12c6f8c 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -205,13 +205,13 @@ esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
> if (likely(ip->ip_v == IPVERSION)) {
> memmove(ip4, ip, ip->ip_hl * 4);
> ip4->ip_p = *nexthdr;
> - ip4->ip_len = htons(rte_pktmbuf_data_len(m));
> + ip4->ip_len = htons(rte_pktmbuf_pkt_len(m));
> } else {
> ip6 = (struct ip6_hdr *)ip4;
> /* XXX No option headers supported */
> memmove(ip6, ip, sizeof(struct ip6_hdr));
> ip6->ip6_nxt = *nexthdr;
> - ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
> + ip6->ip6_plen = htons(rte_pktmbuf_pkt_len(m));
> }
> } else
> ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len);
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling
2017-10-14 13:28 ` [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling aviadye
@ 2017-10-15 12:56 ` Aviad Yehezkel
2017-10-16 9:44 ` Sergio Gonzalez Monroy
1 sibling, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:56 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:28 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> Signed-off-by: Nicolai Radu <radu.nicolai@intel.com>
> ---
> app/test-pmd/cmdline.c | 13 ++++++++++---
> app/test-pmd/config.c | 12 +++++++++++-
> 2 files changed, 21 insertions(+), 4 deletions(-)
>
> diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
> index bb19d72..e4a636e 100644
> --- a/app/test-pmd/cmdline.c
> +++ b/app/test-pmd/cmdline.c
> @@ -7377,11 +7377,17 @@ struct cmd_set_vf_rxmode {
> };
>
> static void
> -cmd_set_vf_rxmode_parsed(void *parsed_result,
> - __attribute__((unused)) struct cmdline *cl,
> - __attribute__((unused)) void *data)
> +cmd_set_vf_rxmode_parsed(
> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
> + void *parsed_result,
> +#else
> + __attribute__((unused)) void *parsed_result,
> +#endif
> + __attribute__((unused)) struct cmdline *cl,
> + __attribute__((unused)) void *data)
> {
> int ret = -ENOTSUP;
> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
> uint16_t rx_mode = 0;
> struct cmd_set_vf_rxmode *res = parsed_result;
>
> @@ -7396,6 +7402,7 @@ cmd_set_vf_rxmode_parsed(void *parsed_result,
> else if (!strncmp(res->mode, "MPE",3))
> rx_mode |= ETH_VMDQ_ACCEPT_MULTICAST;
> }
> +#endif
>
> #ifdef RTE_LIBRTE_IXGBE_PMD
> if (ret == -ENOTSUP)
> diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c
> index bafe76c..d38ba82 100644
> --- a/app/test-pmd/config.c
> +++ b/app/test-pmd/config.c
> @@ -3181,7 +3181,17 @@ set_queue_rate_limit(portid_t port_id, uint16_t queue_idx, uint16_t rate)
> }
>
> int
> -set_vf_rate_limit(portid_t port_id, uint16_t vf, uint16_t rate, uint64_t q_msk)
> +set_vf_rate_limit(
> + portid_t port_id,
> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
> + uint16_t vf,
> + uint16_t rate,
> + uint64_t q_msk)
> +#else
> + __attribute__((unused)) uint16_t vf,
> + __attribute__((unused)) uint16_t rate,
> + __attribute__((unused)) uint64_t q_msk)
> +#endif
> {
> int diag = -ENOTSUP;
>
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 11/11] examples/ipsec-secgw: Ethernet MAC configuration is now dynamic throw conf file
2017-10-14 13:28 ` [dpdk-dev] [PATCH 11/11] examples/ipsec-secgw: Ethernet MAC configuration is now dynamic throw conf file aviadye
@ 2017-10-15 12:56 ` Aviad Yehezkel
0 siblings, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-15 12:56 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/14/2017 4:28 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/Makefile | 1 +
> examples/ipsec-secgw/ep0.cfg | 6 +
> examples/ipsec-secgw/ep1.cfg | 6 +
> examples/ipsec-secgw/eth.c | 238 +++++++++++++++++++++++++++++++++++++
> examples/ipsec-secgw/ipsec-secgw.c | 79 +++---------
> examples/ipsec-secgw/ipsec.h | 8 ++
> examples/ipsec-secgw/parser.c | 69 +++++++++++
> examples/ipsec-secgw/parser.h | 35 ++++++
> 8 files changed, 378 insertions(+), 64 deletions(-)
> create mode 100644 examples/ipsec-secgw/eth.c
>
> diff --git a/examples/ipsec-secgw/Makefile b/examples/ipsec-secgw/Makefile
> index 17e9155..0dacd3c 100644
> --- a/examples/ipsec-secgw/Makefile
> +++ b/examples/ipsec-secgw/Makefile
> @@ -60,6 +60,7 @@ SRCS-y += sp4.c
> SRCS-y += sp6.c
> SRCS-y += sa.c
> SRCS-y += rt.c
> +SRCS-y += eth.c
> SRCS-y += ipsec-secgw.c
>
> include $(RTE_SDK)/mk/rte.extapp.mk
> diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg
> index 299aa9e..eda4499 100644
> --- a/examples/ipsec-secgw/ep0.cfg
> +++ b/examples/ipsec-secgw/ep0.cfg
> @@ -158,3 +158,9 @@ rt ipv6 dst ffff:0000:0000:0000:5555:5555:0000:0000/116 port 2
> rt ipv6 dst ffff:0000:0000:0000:6666:6666:0000:0000/116 port 3
> rt ipv6 dst ffff:0000:1111:1111:0000:0000:0000:0000/116 port 2
> rt ipv6 dst ffff:0000:1111:1111:1111:1111:0000:0000/116 port 3
> +
> +#ETH Addresses
> +eth addr src 00:00:00:00:00:00 dst 00:16:3e:7e:94:9a port 0
> +eth addr src 00:00:00:00:00:00 dst 00:16:3e:22:a1:d9 port 1
> +eth addr src 00:00:00:00:00:00 dst 00:16:3e:08:69:26 port 2
> +eth addr src 00:00:00:00:00:00 dst 00:16:3e:49:9e:dd port 3
> diff --git a/examples/ipsec-secgw/ep1.cfg b/examples/ipsec-secgw/ep1.cfg
> index 3f6ff81..e6d4e26 100644
> --- a/examples/ipsec-secgw/ep1.cfg
> +++ b/examples/ipsec-secgw/ep1.cfg
> @@ -158,3 +158,9 @@ rt ipv6 dst 0000:0000:0000:0000:5555:5555:0000:0000/116 port 2
> rt ipv6 dst 0000:0000:0000:0000:6666:6666:0000:0000/116 port 3
> rt ipv6 dst 0000:0000:1111:1111:0000:0000:0000:0000/116 port 2
> rt ipv6 dst 0000:0000:1111:1111:1111:1111:0000:0000/116 port 3
> +
> +#ETH Addresses
> +eth addr src 00:00:00:00:00:00 dst 00:16:3e:7e:94:9a port 0
> +eth addr src 00:00:00:00:00:00 dst 00:16:3e:22:a1:d9 port 1
> +eth addr src 00:00:00:00:00:00 dst 00:16:3e:08:69:26 port 2
> +eth addr src 00:00:00:00:00:00 dst 00:16:3e:49:9e:dd port 3
> diff --git a/examples/ipsec-secgw/eth.c b/examples/ipsec-secgw/eth.c
> new file mode 100644
> index 0000000..b4f7120
> --- /dev/null
> +++ b/examples/ipsec-secgw/eth.c
> @@ -0,0 +1,238 @@
> +/*-
> + * BSD LICENSE
> + *
> + * Copyright(c) 2016 Intel Corporation. All rights reserved.
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + *
> + * * Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * * Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer in
> + * the documentation and/or other materials provided with the
> + * distribution.
> + * * Neither the name of Intel Corporation nor the names of its
> + * contributors may be used to endorse or promote products derived
> + * from this software without specific prior written permission.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + */
> +
> +/*
> + * Ethernet Address
> + */
> +#include <stdint.h>
> +#include <sys/types.h>
> +#include <rte_ether.h>
> +#include <rte_errno.h>
> +#include <rte_ethdev.h>
> +
> +#include "ipsec.h"
> +#include "parser.h"
> +
> +#define ETH_DST_MAX_RULES 1024
> +
> +struct addr {
> + uint8_t port;
> + struct ether_addr src;
> + struct ether_addr dst;
> +};
> +
> +struct addr eth_addr[ETH_DST_MAX_RULES];
> +uint32_t nb_eth_addr;
> +
> +void
> +parse_eth_tokens(char **tokens, uint32_t n_tokens,
> + struct parse_status *status)
> +{
> + uint32_t ti;
> + uint32_t *n_addr = NULL;
> + struct addr *addr = NULL;
> +
> + if (strcmp(tokens[0], "addr") == 0) {
> + n_addr = &nb_eth_addr;
> + addr = ð_addr[*n_addr];
> +
> + APP_CHECK(*n_addr <= ETH_DST_MAX_RULES - 1, status,
> + "too many eth dst rules, abort insertion\n");
> + if (status->status < 0)
> + return;
> + } else {
> + APP_CHECK(0, status, "unrecognized input \"%s\"",
> + tokens[0]);
> + return;
> + }
> +
> + for (ti = 1; ti < n_tokens; ti++) {
> + if (strcmp(tokens[ti], "src") == 0) {
> + INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
> + if (status->status < 0)
> + return;
> +
> + if (addr != NULL) {
> + APP_CHECK(parse_eth_addr(tokens[ti],
> + &addr->src) == 0, status,
> + "unrecognized input \"%s\", "
> + "expect valid src addr",
> + tokens[ti]);
> + if (status->status < 0)
> + return;
> + } else {
> + APP_CHECK(0, status, "addr is NULL");
> + }
> + }
> +
> + if (strcmp(tokens[ti], "dst") == 0) {
> + INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
> + if (status->status < 0)
> + return;
> +
> + if (addr != NULL) {
> + APP_CHECK(parse_eth_addr(tokens[ti],
> + &addr->dst) == 0, status,
> + "unrecognized input \"%s\", "
> + "expect valid dst addr",
> + tokens[ti]);
> + if (status->status < 0)
> + return;
> + } else {
> + APP_CHECK(0, status, "addr is NULL");
> + }
> + }
> +
> + if (strcmp(tokens[ti], "port") == 0) {
> + INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
> + if (status->status < 0)
> + return;
> +
> + APP_CHECK_TOKEN_IS_NUM(tokens, ti, status);
> + if (status->status < 0)
> + return;
> +
> + if (addr != NULL)
> + addr->port = atoi(tokens[ti]);
> + else
> + APP_CHECK(0, status, "addr is NULL");
> + }
> + }
> +
> + *n_addr = *n_addr + 1;
> +}
> +
> +static struct eth_ctx *
> +eth_create(const char *name, int32_t socket_id)
> +{
> + char s[PATH_MAX];
> + struct eth_ctx *eth_ctx;
> + uint32_t mz_size;
> + const struct rte_memzone *mz;
> +
> + snprintf(s, sizeof(s), "%s_%u", name, socket_id);
> +
> + /* Create SA array table */
> + printf("Creating ETH context with %u maximum entries\n",
> + RTE_MAX_ETHPORTS);
> +
> + mz_size = sizeof(struct eth_ctx) * RTE_MAX_ETHPORTS;
> + mz = rte_memzone_reserve(s, mz_size, socket_id,
> + RTE_MEMZONE_1GB | RTE_MEMZONE_SIZE_HINT_ONLY);
> + if (mz == NULL) {
> + printf("Failed to allocate SA DB memory\n");
> + rte_errno = -ENOMEM;
> + return NULL;
> + }
> + memset(mz->addr, 0, mz_size);
> +
> + eth_ctx = (struct eth_ctx *)mz->addr;
> + return eth_ctx;
> +}
> +
> +static void
> +eth_ctx_dump(struct eth_ctx *eth_addr, uint32_t mask)
> +{
> + char name[256];
> + uint32_t nb_ports;
> + uint8_t port;
> +
> + nb_ports = rte_eth_dev_count();
> + for (port = 0; port < nb_ports; ++port) {
> + if ((mask & (1 << port)) == 0)
> + continue;
> +
> + if (rte_eth_dev_get_name_by_port(port, name) < 0)
> + rte_exit(EXIT_FAILURE, "Unable to find name "
> + "to port=%d\n", port);
> +
> + printf("%s-dst-0x%lx\n", name, eth_addr[port].dst);
> + printf("%s-src-0x%lx\n", name, eth_addr[port].src);
> + }
> +}
> +
> +void
> +eth_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t mask)
> +{
> + const char *name;
> + uint32_t i, nb_ports;
> + uint8_t port;
> + struct ether_addr ethaddr;
> +
> + if (ctx == NULL)
> + rte_exit(EXIT_FAILURE, "NULL context.\n");
> +
> + if (ctx->eth_addr != NULL)
> + rte_exit(EXIT_FAILURE, "ETH Address Table for socket %u "
> + "already initialized\n", socket_id);
> +
> + if (nb_eth_addr == 0)
> + RTE_LOG(WARNING, IPSEC, "No ETH address rule specified\n");
> +
> + /* create the ETH table */
> + name = "eth_addr";
> + ctx->eth_addr = eth_create(name, socket_id);
> + if (ctx->eth_addr == NULL)
> + rte_exit(EXIT_FAILURE, "Error [%d] creating ETH "
> + "context %s in socket %d\n", rte_errno,
> + name, socket_id);
> +
> + /* populate the ETH table */
> + for (i = 0; i < nb_eth_addr; ++i) {
> + port = eth_addr[i].port;
> +
> + if (ctx->eth_addr[port].dst != 0)
> + rte_exit(EXIT_FAILURE, "ETH destination address "
> + "for port %u already in use\n",
> + port);
> + if (ctx->eth_addr[port].src != 0)
> + rte_exit(EXIT_FAILURE, "ETH source address "
> + "for port %u already in use\n",
> + port);
> +
> + ctx->eth_addr[port].dst = ETHADDR_TO_UINT64(eth_addr[i].dst);
> + ctx->eth_addr[port].src = ETHADDR_TO_UINT64(eth_addr[i].src);
> + }
> +
> + nb_ports = rte_eth_dev_count();
> + for (port = 0; port < nb_ports; ++port) {
> + if ((mask & (1 << port)) == 0)
> + continue;
> +
> + if (ctx->eth_addr[port].src == 0) {
> + rte_eth_macaddr_get(port, ðaddr);
> + ctx->eth_addr[port].src = ETHADDR_TO_UINT64(ethaddr);
> + }
> + }
> + eth_ctx_dump(ctx->eth_addr, mask);
> +}
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 7bf692c..787e14a 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -112,47 +112,6 @@
> static uint16_t nb_rxd = IPSEC_SECGW_RX_DESC_DEFAULT;
> static uint16_t nb_txd = IPSEC_SECGW_TX_DESC_DEFAULT;
>
> -#if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN
> -#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
> - (((uint64_t)((a) & 0xff) << 56) | \
> - ((uint64_t)((b) & 0xff) << 48) | \
> - ((uint64_t)((c) & 0xff) << 40) | \
> - ((uint64_t)((d) & 0xff) << 32) | \
> - ((uint64_t)((e) & 0xff) << 24) | \
> - ((uint64_t)((f) & 0xff) << 16) | \
> - ((uint64_t)((g) & 0xff) << 8) | \
> - ((uint64_t)(h) & 0xff))
> -#else
> -#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
> - (((uint64_t)((h) & 0xff) << 56) | \
> - ((uint64_t)((g) & 0xff) << 48) | \
> - ((uint64_t)((f) & 0xff) << 40) | \
> - ((uint64_t)((e) & 0xff) << 32) | \
> - ((uint64_t)((d) & 0xff) << 24) | \
> - ((uint64_t)((c) & 0xff) << 16) | \
> - ((uint64_t)((b) & 0xff) << 8) | \
> - ((uint64_t)(a) & 0xff))
> -#endif
> -#define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0))
> -
> -#define ETHADDR_TO_UINT64(addr) __BYTES_TO_UINT64( \
> - addr.addr_bytes[0], addr.addr_bytes[1], \
> - addr.addr_bytes[2], addr.addr_bytes[3], \
> - addr.addr_bytes[4], addr.addr_bytes[5], \
> - 0, 0)
> -
> -/* port/source ethernet addr and destination ethernet addr */
> -struct ethaddr_info {
> - uint64_t src, dst;
> -};
> -
> -struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = {
> - { 0, ETHADDR(0x00, 0x16, 0x3e, 0x7e, 0x94, 0x9a) },
> - { 0, ETHADDR(0x00, 0x16, 0x3e, 0x22, 0xa1, 0xd9) },
> - { 0, ETHADDR(0x00, 0x16, 0x3e, 0x08, 0x69, 0x26) },
> - { 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) }
> -};
> -
> /* mask of enabled ports */
> static uint32_t enabled_port_mask;
> static uint32_t unprotected_port_mask;
> @@ -195,6 +154,7 @@ struct lcore_conf {
> struct ipsec_ctx outbound;
> struct rt_ctx *rt4_ctx;
> struct rt_ctx *rt6_ctx;
> + struct eth_ctx *eth_addr;
> } __rte_cache_aligned;
>
> static struct lcore_conf lcore_conf[RTE_MAX_LCORE];
> @@ -290,7 +250,7 @@ prepare_traffic(struct rte_mbuf **pkts, struct ipsec_traffic *t,
> }
>
> static inline void
> -prepare_tx_pkt(struct rte_mbuf *pkt, uint8_t port)
> +prepare_tx_pkt(struct rte_mbuf *pkt, uint64_t *src, uint64_t *dst)
> {
> struct ip *ip;
> struct ether_hdr *ethhdr;
> @@ -313,25 +273,24 @@ prepare_tx_pkt(struct rte_mbuf *pkt, uint8_t port)
> ethhdr->ether_type = rte_cpu_to_be_16(ETHER_TYPE_IPv6);
> }
>
> - memcpy(ðhdr->s_addr, ðaddr_tbl[port].src,
> - sizeof(struct ether_addr));
> - memcpy(ðhdr->d_addr, ðaddr_tbl[port].dst,
> - sizeof(struct ether_addr));
> + memcpy(ðhdr->s_addr, src, sizeof(struct ether_addr));
> + memcpy(ðhdr->d_addr, dst, sizeof(struct ether_addr));
> }
>
> static inline void
> -prepare_tx_burst(struct rte_mbuf *pkts[], uint16_t nb_pkts, uint8_t port)
> +prepare_tx_burst(struct rte_mbuf *pkts[], uint64_t *src, uint64_t *dst,
> + uint16_t nb_pkts)
> {
> int32_t i;
> const int32_t prefetch_offset = 2;
>
> for (i = 0; i < (nb_pkts - prefetch_offset); i++) {
> rte_mbuf_prefetch_part2(pkts[i + prefetch_offset]);
> - prepare_tx_pkt(pkts[i], port);
> + prepare_tx_pkt(pkts[i], src, dst);
> }
> /* Process left packets */
> for (; i < nb_pkts; i++)
> - prepare_tx_pkt(pkts[i], port);
> + prepare_tx_pkt(pkts[i], src, dst);
> }
>
> /* Send burst of packets on an output interface */
> @@ -341,11 +300,14 @@ send_burst(struct lcore_conf *qconf, uint16_t n, uint8_t port)
> struct rte_mbuf **m_table;
> int32_t ret;
> uint16_t queueid;
> + uint64_t *src, *dst;
>
> queueid = qconf->tx_queue_id[port];
> m_table = (struct rte_mbuf **)qconf->tx_mbufs[port].m_table;
> + src = &qconf->eth_addr[port].src;
> + dst = &qconf->eth_addr[port].dst;
>
> - prepare_tx_burst(m_table, n, port);
> + prepare_tx_burst(m_table, src, dst, n);
>
> ret = rte_eth_tx_burst(port, queueid, m_table, n);
> if (unlikely(ret < n)) {
> @@ -706,6 +668,7 @@ main_loop(__attribute__((unused)) void *dummy)
>
> qconf->rt4_ctx = socket_ctx[socket_id].rt_ip4;
> qconf->rt6_ctx = socket_ctx[socket_id].rt_ip6;
> + qconf->eth_addr = socket_ctx[socket_id].eth_addr;
> qconf->inbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_in;
> qconf->inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
> qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
> @@ -1045,14 +1008,6 @@ parse_args(int32_t argc, char **argv)
> return ret;
> }
>
> -static void
> -print_ethaddr(const char *name, const struct ether_addr *eth_addr)
> -{
> - char buf[ETHER_ADDR_FMT_SIZE];
> - ether_format_addr(buf, ETHER_ADDR_FMT_SIZE, eth_addr);
> - printf("%s%s", name, buf);
> -}
> -
> /* Check the link status of all ports in up to 9s, and print them finally */
> static void
> check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
> @@ -1339,17 +1294,11 @@ port_init(uint8_t portid)
> uint16_t tx_queueid, rx_queueid, queue, lcore_id;
> int32_t ret, socket_id;
> struct lcore_conf *qconf;
> - struct ether_addr ethaddr;
>
> rte_eth_dev_info_get(portid, &dev_info);
>
> printf("Configuring device port %u:\n", portid);
>
> - rte_eth_macaddr_get(portid, ðaddr);
> - ethaddr_tbl[portid].src = ETHADDR_TO_UINT64(ethaddr);
> - print_ethaddr("Address: ", ðaddr);
> - printf("\n");
> -
> nb_rx_queue = get_port_nb_rx_queues(portid);
> nb_tx_queue = nb_lcores;
>
> @@ -1499,6 +1448,8 @@ main(int32_t argc, char **argv)
>
> rt_init(&socket_ctx[socket_id], socket_id);
>
> + eth_init(&socket_ctx[socket_id], socket_id, enabled_port_mask);
> +
> pool_init(&socket_ctx[socket_id], socket_id, NB_MBUF);
> }
>
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 7d057ae..9e22b1b 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -153,6 +153,10 @@ struct cdev_key {
> uint8_t aead_algo;
> };
>
> +struct eth_ctx {
> + uint64_t src, dst;
> +};
> +
> struct socket_ctx {
> struct sa_ctx *sa_in;
> struct sa_ctx *sa_out;
> @@ -162,6 +166,7 @@ struct socket_ctx {
> struct sp_ctx *sp_ip6_out;
> struct rt_ctx *rt_ip4;
> struct rt_ctx *rt_ip6;
> + struct eth_ctx *eth_addr;
> struct rte_mempool *mbuf_pool;
> struct rte_mempool *session_pool;
> };
> @@ -237,4 +242,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id);
> void
> rt_init(struct socket_ctx *ctx, int32_t socket_id);
>
> +void
> +eth_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t mask);
> +
> #endif /* __IPSEC_H__ */
> diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
> index 9d0ea46..24ca8c2 100644
> --- a/examples/ipsec-secgw/parser.c
> +++ b/examples/ipsec-secgw/parser.c
> @@ -292,6 +292,30 @@ parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask)
> }
>
> int
> +parse_eth_addr(const char *token, struct ether_addr *addr)
> +{
> + char addr_str[256] = {0};
> + int i, values[6];
> +
> + if (strlen(token) >= 256)
> + return -EINVAL;
> +
> + strncpy(addr_str, token, strlen(token));
> +
> + if (6 != sscanf(addr_str, "%02X:%02X:%02X:%02X:%02X:%02X",
> + &values[0], &values[1],
> + &values[2], &values[3],
> + &values[4], &values[5])) {
> + return -EINVAL;
> + }
> +
> + for (i = 0; i < 6; ++i)
> + addr->addr_bytes[i] = (uint8_t)values[i];
> +
> + return 0;
> +}
> +
> +int
> parse_range(const char *token, uint16_t *low, uint16_t *high)
> {
> char ch;
> @@ -469,11 +493,55 @@ cmdline_parse_inst_t cfg_rt_add_rule = {
> },
> };
>
> +/* eth add parse */
> +struct cfg_eth_add_cfg_item {
> + cmdline_fixed_string_t eth_keyword;
> + cmdline_multi_string_t multi_string;
> +};
> +
> +static void
> +cfg_eth_add_cfg_item_parsed(void *parsed_result,
> + __rte_unused struct cmdline *cl, void *data)
> +{
> + struct cfg_eth_add_cfg_item *params = parsed_result;
> + char *tokens[32];
> + uint32_t n_tokens = RTE_DIM(tokens);
> + struct parse_status *status = (struct parse_status *)data;
> +
> + APP_CHECK(parse_tokenize_string(
> + params->multi_string, tokens, &n_tokens) == 0,
> + status, "too many arguments\n");
> + if (status->status < 0)
> + return;
> +
> + parse_eth_tokens(tokens, n_tokens, status);
> +}
> +
> +static cmdline_parse_token_string_t cfg_eth_add_eth_str =
> + TOKEN_STRING_INITIALIZER(struct cfg_eth_add_cfg_item,
> + eth_keyword, "eth");
> +
> +static cmdline_parse_token_string_t cfg_eth_add_multi_str =
> + TOKEN_STRING_INITIALIZER(struct cfg_eth_add_cfg_item, multi_string,
> + TOKEN_STRING_MULTI);
> +
> +cmdline_parse_inst_t cfg_eth_add_rule = {
> + .f = cfg_eth_add_cfg_item_parsed,
> + .data = NULL,
> + .help_str = "",
> + .tokens = {
> + (void *) &cfg_eth_add_eth_str,
> + (void *) &cfg_eth_add_multi_str,
> + NULL,
> + },
> +};
> +
> /** set of cfg items */
> cmdline_parse_ctx_t ipsec_ctx[] = {
> (cmdline_parse_inst_t *)&cfg_sp_add_rule,
> (cmdline_parse_inst_t *)&cfg_sa_add_rule,
> (cmdline_parse_inst_t *)&cfg_rt_add_rule,
> + (cmdline_parse_inst_t *)&cfg_eth_add_rule,
> NULL,
> };
>
> @@ -499,6 +567,7 @@ parse_cfg_file(const char *cfg_filename)
> cfg_sp_add_rule.data = &status;
> cfg_sa_add_rule.data = &status;
> cfg_rt_add_rule.data = &status;
> + cfg_eth_add_rule.data = &status;
>
> do {
> char oneline[1024];
> diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h
> index d31ae01..daa7997 100644
> --- a/examples/ipsec-secgw/parser.h
> +++ b/examples/ipsec-secgw/parser.h
> @@ -85,6 +85,34 @@ do { \
> index++; \
> } while (0)
>
> +#if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN
> +#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
> + (((uint64_t)((a) & 0xff) << 56) | \
> + ((uint64_t)((b) & 0xff) << 48) | \
> + ((uint64_t)((c) & 0xff) << 40) | \
> + ((uint64_t)((d) & 0xff) << 32) | \
> + ((uint64_t)((e) & 0xff) << 24) | \
> + ((uint64_t)((f) & 0xff) << 16) | \
> + ((uint64_t)((g) & 0xff) << 8) | \
> + ((uint64_t)(h) & 0xff))
> +#else
> +#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
> + (((uint64_t)((h) & 0xff) << 56) | \
> + ((uint64_t)((g) & 0xff) << 48) | \
> + ((uint64_t)((f) & 0xff) << 40) | \
> + ((uint64_t)((e) & 0xff) << 32) | \
> + ((uint64_t)((d) & 0xff) << 24) | \
> + ((uint64_t)((c) & 0xff) << 16) | \
> + ((uint64_t)((b) & 0xff) << 8) | \
> + ((uint64_t)(a) & 0xff))
> +#endif
> +
> +#define ETHADDR_TO_UINT64(addr) __BYTES_TO_UINT64( \
> + addr.addr_bytes[0], addr.addr_bytes[1], \
> + addr.addr_bytes[2], addr.addr_bytes[3], \
> + addr.addr_bytes[4], addr.addr_bytes[5], \
> + 0, 0)
> +
> int
> parse_ipv4_addr(const char *token, struct in_addr *ipv4, uint32_t *mask);
>
> @@ -92,6 +120,9 @@ int
> parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask);
>
> int
> +parse_eth_addr(const char *token, struct ether_addr *addr);
> +
> +int
> parse_range(const char *token, uint16_t *low, uint16_t *high);
>
> void
> @@ -110,6 +141,10 @@ void
> parse_rt_tokens(char **tokens, uint32_t n_tokens,
> struct parse_status *status);
>
> +void
> +parse_eth_tokens(char **tokens, uint32_t n_tokens,
> + struct parse_status *status);
> +
> int
> parse_cfg_file(const char *cfg_filename);
>
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-15 12:53 ` [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file Aviad Yehezkel
@ 2017-10-16 7:33 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-16 7:33 UTC (permalink / raw)
To: Aviad Yehezkel, dev, Gonzalez Monroy, Sergio, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
Hi Aviad,
> -----Original Message-----
> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
> Sent: Sunday, October 15, 2017 1:54 PM
> To: dev@dpdk.org; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; liranl@mellanox.com;
> nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: Re: [dpdk-dev][PATCH 01/11] examples/ipsec-secgw: updated
> MAINTAINERS file
>
>
>
> On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> > From: Aviad Yehezkel <aviadye@mellanox.com>
> >
> > As agreed with Sergio and Pablo
> >
> > Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> > ---
> > MAINTAINERS | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/MAINTAINERS b/MAINTAINERS index c00d6d8..d814ac1
> 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -919,6 +919,7 @@ F: examples/helloworld/
> > F: doc/guides/sample_app_ug/hello_world.rst
> >
> > M: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> > +M: Aviad Shaul Yehezkel <aviadye@mellanox.com>
> > F: examples/ipsec-secgw/
> > F: doc/guides/sample_app_ug/ipsec_secgw.rst
> >
>
> Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
"Tested" tag does not make sense here. Also, for patches where
you are the author, you are not expected to reply to those patches.
It is expected that, being the author, you have verified that the patch works.
So, the tags "Reviewed-by", "Acked-by" and "Tested-by" have to be used
by the rest of the community.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (10 preceding siblings ...)
2017-10-15 12:53 ` [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file Aviad Yehezkel
@ 2017-10-16 9:27 ` Sergio Gonzalez Monroy
2017-10-16 10:43 ` Aviad Yehezkel
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 1/4] " aviadye
13 siblings, 1 reply; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 9:27 UTC (permalink / raw)
To: aviadye, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
Hi Aviad,
On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> As agreed with Sergio and Pablo
I don't think the commit message is relevant.
Either me or Pablo acking the patch would have the same meaning.
Thanks,
Sergio
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> MAINTAINERS | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index c00d6d8..d814ac1 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -919,6 +919,7 @@ F: examples/helloworld/
> F: doc/guides/sample_app_ug/hello_world.rst
>
> M: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> +M: Aviad Shaul Yehezkel <aviadye@mellanox.com>
> F: examples/ipsec-secgw/
> F: doc/guides/sample_app_ug/ipsec_secgw.rst
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport
2017-10-14 13:27 ` [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport aviadye
2017-10-15 12:55 ` Aviad Yehezkel
@ 2017-10-16 9:30 ` Sergio Gonzalez Monroy
2017-10-16 10:42 ` Aviad Yehezkel
1 sibling, 1 reply; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 9:30 UTC (permalink / raw)
To: aviadye, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Seems like transport was broken for a long time
Commit message needs to be improved. Just mentioned what is wrong or how
do you fix it.
Given that it is a fix, you should start the commit title with "fix ..."
then also add the 'fixes' line with commit that added the bug.
That way you can easily see since when it was introduced.
Thanks,
Sergio
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 70bb81f..56ad7a0 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -306,8 +306,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> sizeof(struct esp_hdr) + sa->iv_len);
> memmove(new_ip, ip4, ip_hdr_len);
> esp = (struct esp_hdr *)(new_ip + ip_hdr_len);
> + ip4 = (struct ip *)new_ip;
> if (likely(ip4->ip_v == IPVERSION)) {
> - ip4 = (struct ip *)new_ip;
> ip4->ip_p = IPPROTO_ESP;
> ip4->ip_len = htons(rte_pktmbuf_data_len(m));
> } else {
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode
2017-10-14 13:27 ` [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode aviadye
2017-10-15 12:55 ` Aviad Yehezkel
@ 2017-10-16 9:36 ` Sergio Gonzalez Monroy
1 sibling, 0 replies; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 9:36 UTC (permalink / raw)
To: aviadye, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
Could you provide the cases where the padding is wrong in tunnel mode?
Thanks,
Sergio
On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 51 ++++++++++++++++++++++++++--------------------
> 1 file changed, 29 insertions(+), 22 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 56ad7a0..689e917 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -229,25 +229,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> uint8_t *padding, *new_ip, nlp;
> struct rte_crypto_sym_op *sym_cop;
> int32_t i;
> - uint16_t pad_payload_len, pad_len, ip_hdr_len;
> + uint16_t pad_payload_len, pad_len = 0;
> + uint16_t inner_ip_hdr_len = 0, ip_hdr_len = 0;
>
> RTE_ASSERT(m != NULL);
> RTE_ASSERT(sa != NULL);
> + RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> + sa->flags == TRANSPORT);
> RTE_ASSERT(cop != NULL);
>
> - ip_hdr_len = 0;
> -
> ip4 = rte_pktmbuf_mtod(m, struct ip *);
> if (likely(ip4->ip_v == IPVERSION)) {
> - if (unlikely(sa->flags == TRANSPORT)) {
> - ip_hdr_len = ip4->ip_hl * 4;
> + ip_hdr_len = ip4->ip_hl * 4;
> + if (unlikely(sa->flags == TRANSPORT))
> nlp = ip4->ip_p;
> - } else
> + else
> nlp = IPPROTO_IPIP;
> } else if (ip4->ip_v == IP6_VERSION) {
> + /* XXX No option headers supported */
> + ip_hdr_len = sizeof(struct ip6_hdr);
> if (unlikely(sa->flags == TRANSPORT)) {
> - /* XXX No option headers supported */
> - ip_hdr_len = sizeof(struct ip6_hdr);
> ip6 = (struct ip6_hdr *)ip4;
> nlp = ip6->ip6_nxt;
> } else
> @@ -259,22 +260,28 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> }
>
> /* Padded payload length */
> - pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) -
> - ip_hdr_len + 2, sa->block_size);
> - pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> -
> - RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> - sa->flags == TRANSPORT);
> -
> - if (likely(sa->flags == IP4_TUNNEL))
> + if (unlikely(sa->flags == TRANSPORT)) {
> + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> + sizeof(nlp) + 1 - ip_hdr_len,
> + sa->block_size);
> + pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> + } else {
> + inner_ip_hdr_len = ip_hdr_len;
> ip_hdr_len = sizeof(struct ip);
> - else if (sa->flags == IP6_TUNNEL)
> - ip_hdr_len = sizeof(struct ip6_hdr);
> - else if (sa->flags != TRANSPORT) {
> - RTE_LOG(ERR, IPSEC_ESP, "Unsupported SA flags: 0x%x\n",
> - sa->flags);
> - return -EINVAL;
> + if (sa->flags == IP6_TUNNEL)
> + ip_hdr_len = sizeof(struct ip6_hdr);
> +
> + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> + sizeof(nlp) + 1,
> + sa->block_size);
> + pad_len = pad_payload_len - rte_pktmbuf_pkt_len(m);
> }
> + RTE_LOG(DEBUG, IPSEC_ESP, "rte_pktmbuf_pkt_len=%u "
> + "inner_ip_hdr_len=%u ip_hdr_len=%u "
> + "pad_payload_len=%u pad_len=%u\n",
> + rte_pktmbuf_pkt_len(m),
> + inner_ip_hdr_len, ip_hdr_len,
> + pad_payload_len, pad_len);
>
> /* Check maximum packet size */
> if (unlikely(ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len +
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad
2017-10-14 13:27 ` [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad aviadye
2017-10-15 12:55 ` Aviad Yehezkel
@ 2017-10-16 9:39 ` Sergio Gonzalez Monroy
1 sibling, 0 replies; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 9:39 UTC (permalink / raw)
To: aviadye, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 689e917..aa2233d 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -355,8 +355,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> aad = get_aad(m);
> memcpy(aad, esp, 8);
> sym_cop->aead.aad.data = aad;
> - sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
> - aad - rte_pktmbuf_mtod(m, uint8_t *));
> + sym_cop->aead.aad.phys_addr = rte_mem_virt2phy(aad);
>
That function is very expensive and should not be used in data path.
You should use the phys_addr in the crypto_op to calculate proper value.
Thanks,
Sergio
> sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
> rte_pktmbuf_pkt_len(m) - sa->digest_len);
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64
2017-10-14 13:28 ` [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64 aviadye
2017-10-15 12:55 ` Aviad Yehezkel
@ 2017-10-16 9:42 ` Sergio Gonzalez Monroy
2017-10-16 10:35 ` Aviad Yehezkel
1 sibling, 1 reply; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 9:42 UTC (permalink / raw)
To: aviadye, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> To be compatibile with Linux kernel
I am not sure what you are trying to achieve with this change.
The requirement is that the IV is unique, IMO changing the endianess is
irrelevant here.
Can you provide case/example where current code does not work?
Thanks,
Sergio
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index aa2233d..81ebf55 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> uint8_t *aad;
>
> - *iv = sa->seq;
> + *iv = rte_cpu_to_be_64(sa->seq);
> sym_cop->aead.data.offset = ip_hdr_len +
> sizeof(struct esp_hdr) + sa->iv_len;
> sym_cop->aead.data.length = pad_payload_len;
> @@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
>
> struct cnt_blk *icb = get_cnt_blk(m);
> icb->salt = sa->salt;
> - icb->iv = sa->seq;
> + icb->iv = rte_cpu_to_be_64(sa->seq);
> icb->cnt = rte_cpu_to_be_32(1);
>
> aad = get_aad(m);
> @@ -371,7 +371,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
> break;
> case RTE_CRYPTO_CIPHER_AES_CTR:
> - *iv = sa->seq;
> + *iv = rte_cpu_to_be_64(sa->seq);
> sym_cop->cipher.data.offset = ip_hdr_len +
> sizeof(struct esp_hdr) + sa->iv_len;
> sym_cop->cipher.data.length = pad_payload_len;
> @@ -390,7 +390,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
>
> struct cnt_blk *icb = get_cnt_blk(m);
> icb->salt = sa->salt;
> - icb->iv = sa->seq;
> + icb->iv = rte_cpu_to_be_64(sa->seq);
> icb->cnt = rte_cpu_to_be_32(1);
>
> switch (sa->auth_algo) {
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport
2017-10-14 13:28 ` [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport aviadye
2017-10-15 12:56 ` Aviad Yehezkel
@ 2017-10-16 9:43 ` Sergio Gonzalez Monroy
2017-10-16 11:44 ` Aviad Yehezkel
1 sibling, 1 reply; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 9:43 UTC (permalink / raw)
To: aviadye, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> IP length was incorrect causing corrupted ICMP packets for example
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 81ebf55..12c6f8c 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -205,13 +205,13 @@ esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
> if (likely(ip->ip_v == IPVERSION)) {
> memmove(ip4, ip, ip->ip_hl * 4);
> ip4->ip_p = *nexthdr;
> - ip4->ip_len = htons(rte_pktmbuf_data_len(m));
> + ip4->ip_len = htons(rte_pktmbuf_pkt_len(m));
> } else {
> ip6 = (struct ip6_hdr *)ip4;
> /* XXX No option headers supported */
> memmove(ip6, ip, sizeof(struct ip6_hdr));
> ip6->ip6_nxt = *nexthdr;
> - ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
> + ip6->ip6_plen = htons(rte_pktmbuf_pkt_len(m));
> }
> } else
> ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len);
AFAIK the app does not support multi-segments (chain mbufs), so data_len
should be the same as pkt_len.
Is that not the case?
Thanks,
Sergio
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling
2017-10-14 13:28 ` [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling aviadye
2017-10-15 12:56 ` Aviad Yehezkel
@ 2017-10-16 9:44 ` Sergio Gonzalez Monroy
2017-10-16 10:38 ` Aviad Yehezkel
1 sibling, 1 reply; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 9:44 UTC (permalink / raw)
To: aviadye, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> Signed-off-by: Nicolai Radu <radu.nicolai@intel.com>
> ---
> app/test-pmd/cmdline.c | 13 ++++++++++---
> app/test-pmd/config.c | 12 +++++++++++-
> 2 files changed, 21 insertions(+), 4 deletions(-)
This patch is modifying a different app, should be on its own.
Thanks,
Sergio
> diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
> index bb19d72..e4a636e 100644
> --- a/app/test-pmd/cmdline.c
> +++ b/app/test-pmd/cmdline.c
> @@ -7377,11 +7377,17 @@ struct cmd_set_vf_rxmode {
> };
>
> static void
> -cmd_set_vf_rxmode_parsed(void *parsed_result,
> - __attribute__((unused)) struct cmdline *cl,
> - __attribute__((unused)) void *data)
> +cmd_set_vf_rxmode_parsed(
> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
> + void *parsed_result,
> +#else
> + __attribute__((unused)) void *parsed_result,
> +#endif
> + __attribute__((unused)) struct cmdline *cl,
> + __attribute__((unused)) void *data)
> {
> int ret = -ENOTSUP;
> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
> uint16_t rx_mode = 0;
> struct cmd_set_vf_rxmode *res = parsed_result;
>
> @@ -7396,6 +7402,7 @@ cmd_set_vf_rxmode_parsed(void *parsed_result,
> else if (!strncmp(res->mode, "MPE",3))
> rx_mode |= ETH_VMDQ_ACCEPT_MULTICAST;
> }
> +#endif
>
> #ifdef RTE_LIBRTE_IXGBE_PMD
> if (ret == -ENOTSUP)
> diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c
> index bafe76c..d38ba82 100644
> --- a/app/test-pmd/config.c
> +++ b/app/test-pmd/config.c
> @@ -3181,7 +3181,17 @@ set_queue_rate_limit(portid_t port_id, uint16_t queue_idx, uint16_t rate)
> }
>
> int
> -set_vf_rate_limit(portid_t port_id, uint16_t vf, uint16_t rate, uint64_t q_msk)
> +set_vf_rate_limit(
> + portid_t port_id,
> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
> + uint16_t vf,
> + uint16_t rate,
> + uint64_t q_msk)
> +#else
> + __attribute__((unused)) uint16_t vf,
> + __attribute__((unused)) uint16_t rate,
> + __attribute__((unused)) uint64_t q_msk)
> +#endif
> {
> int diag = -ENOTSUP;
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64
2017-10-16 9:42 ` Sergio Gonzalez Monroy
@ 2017-10-16 10:35 ` Aviad Yehezkel
2017-10-16 11:59 ` Sergio Gonzalez Monroy
0 siblings, 1 reply; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-16 10:35 UTC (permalink / raw)
To: Sergio Gonzalez Monroy, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/16/2017 12:42 PM, Sergio Gonzalez Monroy wrote:
> On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>
>> To be compatibile with Linux kernel
>
> I am not sure what you are trying to achieve with this change.
> The requirement is that the IV is unique, IMO changing the endianess
> is irrelevant here.
> Can you provide case/example where current code does not work?
>
> Thanks,
> Sergio
You are right, according to rfc4106 the IV should be unique and can be
implemented as counter.
The changed was created because I put analyzer on wire and compare
packets generated by this application and Linux kernel.
Linux kernel sets IV as BE, so I thought it is worth to do the same for
future debug / comparison.
Thanks,
Aviad.
>
>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>> ---
>> examples/ipsec-secgw/esp.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>> index aa2233d..81ebf55 100644
>> --- a/examples/ipsec-secgw/esp.c
>> +++ b/examples/ipsec-secgw/esp.c
>> @@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>> *sa,
>> if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
>> uint8_t *aad;
>> - *iv = sa->seq;
>> + *iv = rte_cpu_to_be_64(sa->seq);
>> sym_cop->aead.data.offset = ip_hdr_len +
>> sizeof(struct esp_hdr) + sa->iv_len;
>> sym_cop->aead.data.length = pad_payload_len;
>> @@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>> *sa,
>> struct cnt_blk *icb = get_cnt_blk(m);
>> icb->salt = sa->salt;
>> - icb->iv = sa->seq;
>> + icb->iv = rte_cpu_to_be_64(sa->seq);
>> icb->cnt = rte_cpu_to_be_32(1);
>> aad = get_aad(m);
>> @@ -371,7 +371,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>> *sa,
>> sym_cop->cipher.data.length = pad_payload_len +
>> sa->iv_len;
>> break;
>> case RTE_CRYPTO_CIPHER_AES_CTR:
>> - *iv = sa->seq;
>> + *iv = rte_cpu_to_be_64(sa->seq);
>> sym_cop->cipher.data.offset = ip_hdr_len +
>> sizeof(struct esp_hdr) + sa->iv_len;
>> sym_cop->cipher.data.length = pad_payload_len;
>> @@ -390,7 +390,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>> *sa,
>> struct cnt_blk *icb = get_cnt_blk(m);
>> icb->salt = sa->salt;
>> - icb->iv = sa->seq;
>> + icb->iv = rte_cpu_to_be_64(sa->seq);
>> icb->cnt = rte_cpu_to_be_32(1);
>> switch (sa->auth_algo) {
>
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling
2017-10-16 9:44 ` Sergio Gonzalez Monroy
@ 2017-10-16 10:38 ` Aviad Yehezkel
0 siblings, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-16 10:38 UTC (permalink / raw)
To: Sergio Gonzalez Monroy, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/16/2017 12:44 PM, Sergio Gonzalez Monroy wrote:
> On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>
>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>> Signed-off-by: Nicolai Radu <radu.nicolai@intel.com>
>> ---
>> app/test-pmd/cmdline.c | 13 ++++++++++---
>> app/test-pmd/config.c | 12 +++++++++++-
>> 2 files changed, 21 insertions(+), 4 deletions(-)
>
> This patch is modifying a different app, should be on its own.
>
> Thanks,
> Sergio
Agreed. Will send as different patch in next version with fixes.
Thanks,
Aviad.
>> diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
>> index bb19d72..e4a636e 100644
>> --- a/app/test-pmd/cmdline.c
>> +++ b/app/test-pmd/cmdline.c
>> @@ -7377,11 +7377,17 @@ struct cmd_set_vf_rxmode {
>> };
>> static void
>> -cmd_set_vf_rxmode_parsed(void *parsed_result,
>> - __attribute__((unused)) struct cmdline *cl,
>> - __attribute__((unused)) void *data)
>> +cmd_set_vf_rxmode_parsed(
>> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
>> + void *parsed_result,
>> +#else
>> + __attribute__((unused)) void *parsed_result,
>> +#endif
>> + __attribute__((unused)) struct cmdline *cl,
>> + __attribute__((unused)) void *data)
>> {
>> int ret = -ENOTSUP;
>> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
>> uint16_t rx_mode = 0;
>> struct cmd_set_vf_rxmode *res = parsed_result;
>> @@ -7396,6 +7402,7 @@ cmd_set_vf_rxmode_parsed(void *parsed_result,
>> else if (!strncmp(res->mode, "MPE",3))
>> rx_mode |= ETH_VMDQ_ACCEPT_MULTICAST;
>> }
>> +#endif
>> #ifdef RTE_LIBRTE_IXGBE_PMD
>> if (ret == -ENOTSUP)
>> diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c
>> index bafe76c..d38ba82 100644
>> --- a/app/test-pmd/config.c
>> +++ b/app/test-pmd/config.c
>> @@ -3181,7 +3181,17 @@ set_queue_rate_limit(portid_t port_id,
>> uint16_t queue_idx, uint16_t rate)
>> }
>> int
>> -set_vf_rate_limit(portid_t port_id, uint16_t vf, uint16_t rate,
>> uint64_t q_msk)
>> +set_vf_rate_limit(
>> + portid_t port_id,
>> +#if defined(RTE_LIBRTE_IXGBE_PMD) || defined(RTE_LIBRTE_BNXT_PMD)
>> + uint16_t vf,
>> + uint16_t rate,
>> + uint64_t q_msk)
>> +#else
>> + __attribute__((unused)) uint16_t vf,
>> + __attribute__((unused)) uint16_t rate,
>> + __attribute__((unused)) uint64_t q_msk)
>> +#endif
>> {
>> int diag = -ENOTSUP;
>
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport
2017-10-16 9:30 ` Sergio Gonzalez Monroy
@ 2017-10-16 10:42 ` Aviad Yehezkel
2017-10-19 18:16 ` De Lara Guarch, Pablo
0 siblings, 1 reply; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-16 10:42 UTC (permalink / raw)
To: Sergio Gonzalez Monroy, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/16/2017 12:30 PM, Sergio Gonzalez Monroy wrote:
> On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>
>> Seems like transport was broken for a long time
>
> Commit message needs to be improved. Just mentioned what is wrong or
> how do you fix it.
> Given that it is a fix, you should start the commit title with "fix
> ..." then also add the 'fixes' line with commit that added the bug.
> That way you can easily see since when it was introduced.
>
> Thanks,
> Sergio
Will create such commit messages for future fixes as you instructed above.
I will remove this patch from next version of fixes since there is a
similar fix
already provided by Tomasz Duszynski which I will review.
Thanks,
Aviad.
>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>> ---
>> examples/ipsec-secgw/esp.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>> index 70bb81f..56ad7a0 100644
>> --- a/examples/ipsec-secgw/esp.c
>> +++ b/examples/ipsec-secgw/esp.c
>> @@ -306,8 +306,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>> *sa,
>> sizeof(struct esp_hdr) + sa->iv_len);
>> memmove(new_ip, ip4, ip_hdr_len);
>> esp = (struct esp_hdr *)(new_ip + ip_hdr_len);
>> + ip4 = (struct ip *)new_ip;
>> if (likely(ip4->ip_v == IPVERSION)) {
>> - ip4 = (struct ip *)new_ip;
>> ip4->ip_p = IPPROTO_ESP;
>> ip4->ip_len = htons(rte_pktmbuf_data_len(m));
>> } else {
>
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-16 9:27 ` Sergio Gonzalez Monroy
@ 2017-10-16 10:43 ` Aviad Yehezkel
2017-10-16 13:39 ` De Lara Guarch, Pablo
0 siblings, 1 reply; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-16 10:43 UTC (permalink / raw)
To: Sergio Gonzalez Monroy, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/16/2017 12:27 PM, Sergio Gonzalez Monroy wrote:
> Hi Aviad,
>
> On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>
>> As agreed with Sergio and Pablo
>
> I don't think the commit message is relevant.
> Either me or Pablo acking the patch would have the same meaning.
>
> Thanks,
> Sergio
Will fix.
Thanks,
Aviad.
>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>> ---
>> MAINTAINERS | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index c00d6d8..d814ac1 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -919,6 +919,7 @@ F: examples/helloworld/
>> F: doc/guides/sample_app_ug/hello_world.rst
>> M: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
>> +M: Aviad Shaul Yehezkel <aviadye@mellanox.com>
>> F: examples/ipsec-secgw/
>> F: doc/guides/sample_app_ug/ipsec_secgw.rst
>
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport
2017-10-16 9:43 ` Sergio Gonzalez Monroy
@ 2017-10-16 11:44 ` Aviad Yehezkel
2017-10-16 12:03 ` Sergio Gonzalez Monroy
0 siblings, 1 reply; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-16 11:44 UTC (permalink / raw)
To: Sergio Gonzalez Monroy, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 10/16/2017 12:43 PM, Sergio Gonzalez Monroy wrote:
> On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>
>> IP length was incorrect causing corrupted ICMP packets for example
>>
>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>> ---
>> examples/ipsec-secgw/esp.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>> index 81ebf55..12c6f8c 100644
>> --- a/examples/ipsec-secgw/esp.c
>> +++ b/examples/ipsec-secgw/esp.c
>> @@ -205,13 +205,13 @@ esp_inbound_post(struct rte_mbuf *m, struct
>> ipsec_sa *sa,
>> if (likely(ip->ip_v == IPVERSION)) {
>> memmove(ip4, ip, ip->ip_hl * 4);
>> ip4->ip_p = *nexthdr;
>> - ip4->ip_len = htons(rte_pktmbuf_data_len(m));
>> + ip4->ip_len = htons(rte_pktmbuf_pkt_len(m));
>> } else {
>> ip6 = (struct ip6_hdr *)ip4;
>> /* XXX No option headers supported */
>> memmove(ip6, ip, sizeof(struct ip6_hdr));
>> ip6->ip6_nxt = *nexthdr;
>> - ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
>> + ip6->ip6_plen = htons(rte_pktmbuf_pkt_len(m));
>> }
>> } else
>> ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len);
>
> AFAIK the app does not support multi-segments (chain mbufs), so
> data_len should be the same as pkt_len.
> Is that not the case?
>
This is the inbound function (RX side), so mbufs are allocated by PMD.
PMD is allocating mbuf with additional 14 bytes for ETH header but trim
it before passing the mbuf.
As a result seg len is 14 bytes smaller than data len.
Thanks,
Aviad
> Thanks,
> Sergio
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64
2017-10-16 10:35 ` Aviad Yehezkel
@ 2017-10-16 11:59 ` Sergio Gonzalez Monroy
0 siblings, 0 replies; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 11:59 UTC (permalink / raw)
To: Aviad Yehezkel, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 16/10/2017 11:35, Aviad Yehezkel wrote:
>
> On 10/16/2017 12:42 PM, Sergio Gonzalez Monroy wrote:
>> On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
>>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>>
>>> To be compatibile with Linux kernel
>>
>> I am not sure what you are trying to achieve with this change.
>> The requirement is that the IV is unique, IMO changing the endianess
>> is irrelevant here.
>> Can you provide case/example where current code does not work?
>>
>> Thanks,
>> Sergio
> You are right, according to rfc4106 the IV should be unique and can be
> implemented as counter.
> The changed was created because I put analyzer on wire and compare
> packets generated by this application and Linux kernel.
> Linux kernel sets IV as BE, so I thought it is worth to do the same for
> future debug / comparison.
>
I guess the performance impact is small (for LE platforms), so it would
be good to add this (or similar) information to the commit message.
Thanks,
Sergio
> Thanks,
> Aviad.
>
>>
>>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>>> ---
>>> examples/ipsec-secgw/esp.c | 8 ++++----
>>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>>> index aa2233d..81ebf55 100644
>>> --- a/examples/ipsec-secgw/esp.c
>>> +++ b/examples/ipsec-secgw/esp.c
>>> @@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>>> *sa,
>>> if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
>>> uint8_t *aad;
>>> - *iv = sa->seq;
>>> + *iv = rte_cpu_to_be_64(sa->seq);
>>> sym_cop->aead.data.offset = ip_hdr_len +
>>> sizeof(struct esp_hdr) + sa->iv_len;
>>> sym_cop->aead.data.length = pad_payload_len;
>>> @@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>>> *sa,
>>> struct cnt_blk *icb = get_cnt_blk(m);
>>> icb->salt = sa->salt;
>>> - icb->iv = sa->seq;
>>> + icb->iv = rte_cpu_to_be_64(sa->seq);
>>> icb->cnt = rte_cpu_to_be_32(1);
>>> aad = get_aad(m);
>>> @@ -371,7 +371,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>>> *sa,
>>> sym_cop->cipher.data.length = pad_payload_len +
>>> sa->iv_len;
>>> break;
>>> case RTE_CRYPTO_CIPHER_AES_CTR:
>>> - *iv = sa->seq;
>>> + *iv = rte_cpu_to_be_64(sa->seq);
>>> sym_cop->cipher.data.offset = ip_hdr_len +
>>> sizeof(struct esp_hdr) + sa->iv_len;
>>> sym_cop->cipher.data.length = pad_payload_len;
>>> @@ -390,7 +390,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>>> *sa,
>>> struct cnt_blk *icb = get_cnt_blk(m);
>>> icb->salt = sa->salt;
>>> - icb->iv = sa->seq;
>>> + icb->iv = rte_cpu_to_be_64(sa->seq);
>>> icb->cnt = rte_cpu_to_be_32(1);
>>> switch (sa->auth_algo) {
>>
>>
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport
2017-10-16 11:44 ` Aviad Yehezkel
@ 2017-10-16 12:03 ` Sergio Gonzalez Monroy
2017-10-19 18:44 ` Aviad Yehezkel
0 siblings, 1 reply; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-16 12:03 UTC (permalink / raw)
To: Aviad Yehezkel, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
On 16/10/2017 12:44, Aviad Yehezkel wrote:
> On 10/16/2017 12:43 PM, Sergio Gonzalez Monroy wrote:
>> On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
>>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>>
>>> IP length was incorrect causing corrupted ICMP packets for example
>>>
>>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>>> ---
>>> examples/ipsec-secgw/esp.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>>> index 81ebf55..12c6f8c 100644
>>> --- a/examples/ipsec-secgw/esp.c
>>> +++ b/examples/ipsec-secgw/esp.c
>>> @@ -205,13 +205,13 @@ esp_inbound_post(struct rte_mbuf *m, struct
>>> ipsec_sa *sa,
>>> if (likely(ip->ip_v == IPVERSION)) {
>>> memmove(ip4, ip, ip->ip_hl * 4);
>>> ip4->ip_p = *nexthdr;
>>> - ip4->ip_len = htons(rte_pktmbuf_data_len(m));
>>> + ip4->ip_len = htons(rte_pktmbuf_pkt_len(m));
>>> } else {
>>> ip6 = (struct ip6_hdr *)ip4;
>>> /* XXX No option headers supported */
>>> memmove(ip6, ip, sizeof(struct ip6_hdr));
>>> ip6->ip6_nxt = *nexthdr;
>>> - ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
>>> + ip6->ip6_plen = htons(rte_pktmbuf_pkt_len(m));
>>> }
>>> } else
>>> ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len);
>>
>> AFAIK the app does not support multi-segments (chain mbufs), so
>> data_len should be the same as pkt_len.
>> Is that not the case?
>>
> This is the inbound function (RX side), so mbufs are allocated by PMD.
> PMD is allocating mbuf with additional 14 bytes for ETH header but
> trim it before passing the mbuf.
> As a result seg len is 14 bytes smaller than data len.
>
Sorry, I am still missing something here.
rte_pktmbuf_trim updates both data_len and pkt_len, so how can they not
be the same when we have a single mbuf?
I think to remember using data_len instead of pkt_len so it is easy to
see that the application does not support multi-segments (aka. chained
mbufs)
Thanks,
Sergio
> Thanks,
> Aviad
>
>> Thanks,
>> Sergio
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-16 10:43 ` Aviad Yehezkel
@ 2017-10-16 13:39 ` De Lara Guarch, Pablo
2017-10-17 12:36 ` Hemant Agrawal
0 siblings, 1 reply; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-16 13:39 UTC (permalink / raw)
To: Aviad Yehezkel, Gonzalez Monroy, Sergio, dev, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
Hi Aviad,
> -----Original Message-----
> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
> Sent: Monday, October 16, 2017 11:44 AM
> To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>;
> dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; liranl@mellanox.com;
> nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: Re: [dpdk-dev][PATCH 01/11] examples/ipsec-secgw: updated
> MAINTAINERS file
>
>
>
> On 10/16/2017 12:27 PM, Sergio Gonzalez Monroy wrote:
> > Hi Aviad,
> >
> > On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> >> From: Aviad Yehezkel <aviadye@mellanox.com>
> >>
> >> As agreed with Sergio and Pablo
> >
> > I don't think the commit message is relevant.
> > Either me or Pablo acking the patch would have the same meaning.
> >
> > Thanks,
> > Sergio
>
> Will fix.
Actually, it is too early for you to take ownership on this app,
as you have recently started contributing to DPDK, so I have to NACK this patch.
Sorry for the confusion.
Said that, anyone from the rest of the developers of rte_security (with past contributions)
that would like to volunteer to maintain this app?
Thanks,
Pablo
>
> Thanks,
> Aviad.
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices
2017-10-15 12:54 ` Aviad Yehezkel
@ 2017-10-16 15:23 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-16 15:23 UTC (permalink / raw)
To: Aviad Yehezkel, dev, Gonzalez Monroy, Sergio, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
Hi Aviad,
> -----Original Message-----
> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
> Sent: Sunday, October 15, 2017 1:54 PM
> To: dev@dpdk.org; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; liranl@mellanox.com;
> nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: Re: [dpdk-dev][PATCH 02/11] examples/ipsec-secgw: Fixed init of
> aead crypto devices
>
Commit titles should start with infinitive and not with lowercase.
e.g. examples/ipsec-secgw: fix init of aead crypto devices
Also, since this is a fix, you should include a Fixes line with the commit id
where the issues was introduced, and CC stable, if the issue was not introduced
in the current release.
Take a look at the following document, that explains in detail the contribution guidelines:
http://dpdk.org/doc/guides/contributing/patches.html
Also, I have a comment below.
Thanks,
Pablo
>
>
> On 10/14/2017 4:27 PM, aviadye@dev.mellanox.co.il wrote:
> > From: Aviad Yehezkel <aviadye@mellanox.com>
> >
> > This was broken since new aead xfrom was introduced
> >
> > Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
...
> > if (ret != -ENOENT)
> > @@ -1192,19 +1195,25 @@ add_cdev_mapping(struct
> rte_cryptodev_info *dev_info, uint16_t cdev_id,
> > if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
> > continue;
> >
I think it is simpler to leave the code as it is, and add:
+ if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ ret |= add_mapping(map, str, cdev_id, qp, params,
+ ipsec_ctx, NULL, NULL, i);
+ continue;
+ }
And just add NULL in the existing add_mapping() function, without modifying the for loop.
The other changes were OK to me.
> > - if (i->sym.xform_type !=
> RTE_CRYPTO_SYM_XFORM_CIPHER)
> > + if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD)
> {
> > + ret |= add_mapping(map, str, cdev_id, qp, params,
> > + ipsec_ctx, NULL, NULL, i);
> > continue;
> > + }
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead
2017-10-14 13:27 ` [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead aviadye
2017-10-15 12:54 ` Aviad Yehezkel
@ 2017-10-16 15:33 ` De Lara Guarch, Pablo
1 sibling, 0 replies; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-16 15:33 UTC (permalink / raw)
To: aviadye, dev, Gonzalez Monroy, Sergio, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
> -----Original Message-----
> From: aviadye@dev.mellanox.co.il [mailto:aviadye@dev.mellanox.co.il]
> Sent: Saturday, October 14, 2017 2:28 PM
> To: dev@dpdk.org; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; aviadye@dev.mellanox.co.il;
> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: [dpdk-dev][PATCH 03/11] examples/ipsec-secgw: Fixed create
> session also for aead
>
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Search for session also with aead key
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com
...
%u, cipher_algo
> %u, "
> - "auth_algo %u\n", key.lcore_id,
> key.cipher_algo,
> - key.auth_algo);
> + "auth_algo %u aead_algo %u\n",
You are missing a comma between auth_algo and aead_algo.
Pablo
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-16 13:39 ` De Lara Guarch, Pablo
@ 2017-10-17 12:36 ` Hemant Agrawal
2017-10-17 13:17 ` De Lara Guarch, Pablo
0 siblings, 1 reply; 72+ messages in thread
From: Hemant Agrawal @ 2017-10-17 12:36 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Aviad Yehezkel, Gonzalez Monroy, Sergio,
dev, aviadye
Cc: borisp, akhil.goyal, Nicolau, Radu, Doherty, Declan, liranl,
nelio.laranjeiro, thomas
On 10/16/2017 7:09 PM, De Lara Guarch, Pablo wrote:
> Hi Aviad,
>
>> -----Original Message-----
>> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
>> Sent: Monday, October 16, 2017 11:44 AM
>> To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>;
>> dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>> aviadye@mellanox.com
>> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
>> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
>> Doherty, Declan <declan.doherty@intel.com>; liranl@mellanox.com;
>> nelio.laranjeiro@6wind.com; thomas@monjalon.net
>> Subject: Re: [dpdk-dev][PATCH 01/11] examples/ipsec-secgw: updated
>> MAINTAINERS file
>>
>>
>>
>> On 10/16/2017 12:27 PM, Sergio Gonzalez Monroy wrote:
>>> Hi Aviad,
>>>
>>> On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
>>>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>>>
>>>> As agreed with Sergio and Pablo
>>>
>>> I don't think the commit message is relevant.
>>> Either me or Pablo acking the patch would have the same meaning.
>>>
>>> Thanks,
>>> Sergio
>>
>> Will fix.
>
> Actually, it is too early for you to take ownership on this app,
> as you have recently started contributing to DPDK, so I have to NACK this patch.
> Sorry for the confusion.
>
> Said that, anyone from the rest of the developers of rte_security (with past contributions)
> that would like to volunteer to maintain this app?
>
I want to ask Akhil, if he agrees to commit time to do this work?
Regards,
Hemant
> Thanks,
> Pablo
>
>>
>> Thanks,
>> Aviad.
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-17 12:36 ` Hemant Agrawal
@ 2017-10-17 13:17 ` De Lara Guarch, Pablo
2017-10-21 17:12 ` Akhil Goyal
0 siblings, 1 reply; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-17 13:17 UTC (permalink / raw)
To: Hemant Agrawal, Aviad Yehezkel, Gonzalez Monroy, Sergio, dev, aviadye
Cc: borisp, akhil.goyal, Nicolau, Radu, Doherty, Declan, liranl,
nelio.laranjeiro, thomas
> -----Original Message-----
> From: Hemant Agrawal [mailto:hemant.agrawal@nxp.com]
> Sent: Tuesday, October 17, 2017 1:37 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Aviad
> Yehezkel <aviadye@dev.mellanox.co.il>; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; dev@dpdk.org;
> aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: Re: [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS
> file
>
> On 10/16/2017 7:09 PM, De Lara Guarch, Pablo wrote:
> > Hi Aviad,
> >
> >> -----Original Message-----
> >> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
> >> Sent: Monday, October 16, 2017 11:44 AM
> >> To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>;
> >> dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>;
> >> aviadye@mellanox.com
> >> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com;
> >> Nicolau, Radu <radu.nicolau@intel.com>; Doherty, Declan
> >> <declan.doherty@intel.com>; liranl@mellanox.com;
> >> nelio.laranjeiro@6wind.com; thomas@monjalon.net
> >> Subject: Re: [dpdk-dev][PATCH 01/11] examples/ipsec-secgw: updated
> >> MAINTAINERS file
> >>
> >>
> >>
> >> On 10/16/2017 12:27 PM, Sergio Gonzalez Monroy wrote:
> >>> Hi Aviad,
> >>>
> >>> On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> >>>> From: Aviad Yehezkel <aviadye@mellanox.com>
> >>>>
> >>>> As agreed with Sergio and Pablo
> >>>
> >>> I don't think the commit message is relevant.
> >>> Either me or Pablo acking the patch would have the same meaning.
> >>>
> >>> Thanks,
> >>> Sergio
> >>
> >> Will fix.
> >
> > Actually, it is too early for you to take ownership on this app, as
> > you have recently started contributing to DPDK, so I have to NACK this
> patch.
> > Sorry for the confusion.
> >
> > Said that, anyone from the rest of the developers of rte_security
> > (with past contributions) that would like to volunteer to maintain this
> app?
> >
>
> I want to ask Akhil, if he agrees to commit time to do this work?
I would support that decision :)
Thanks,
Pablo
>
> Regards,
> Hemant
>
> > Thanks,
> > Pablo
> >
> >>
> >> Thanks,
> >> Aviad.
> >
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport
2017-10-16 10:42 ` Aviad Yehezkel
@ 2017-10-19 18:16 ` De Lara Guarch, Pablo
2017-10-19 18:29 ` Aviad Yehezkel
0 siblings, 1 reply; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-19 18:16 UTC (permalink / raw)
To: Aviad Yehezkel, Gonzalez Monroy, Sergio, dev, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
> -----Original Message-----
> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
> Sent: Monday, October 16, 2017 11:42 AM
> To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>;
> dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; liranl@mellanox.com;
> nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: Re: [dpdk-dev][PATCH 05/11] examples/ipsec-secgw: Fixed
> transport
>
>
> On 10/16/2017 12:30 PM, Sergio Gonzalez Monroy wrote:
> > On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> >> From: Aviad Yehezkel <aviadye@mellanox.com>
> >>
> >> Seems like transport was broken for a long time
> >
> > Commit message needs to be improved. Just mentioned what is wrong or
> > how do you fix it.
> > Given that it is a fix, you should start the commit title with "fix
> > ..." then also add the 'fixes' line with commit that added the bug.
> > That way you can easily see since when it was introduced.
> >
> > Thanks,
> > Sergio
> Will create such commit messages for future fixes as you instructed above.
> I will remove this patch from next version of fixes since there is a similar fix
> already provided by Tomasz Duszynski which I will review.
>
> Thanks,
> Aviad.
Hi Aviad,
Will you send a v2 of this patchset soon?
Thanks,
Pablo
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport
2017-10-19 18:16 ` De Lara Guarch, Pablo
@ 2017-10-19 18:29 ` Aviad Yehezkel
0 siblings, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-19 18:29 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Gonzalez Monroy, Sergio, dev, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
Yes, just finished my testing.
Will send v2 in a moment and Akhil will send v5 rebased above them for
rte_security.
Thanks!
On 10/19/2017 9:16 PM, De Lara Guarch, Pablo wrote:
>
>> -----Original Message-----
>> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
>> Sent: Monday, October 16, 2017 11:42 AM
>> To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>;
>> dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>> aviadye@mellanox.com
>> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
>> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
>> Doherty, Declan <declan.doherty@intel.com>; liranl@mellanox.com;
>> nelio.laranjeiro@6wind.com; thomas@monjalon.net
>> Subject: Re: [dpdk-dev][PATCH 05/11] examples/ipsec-secgw: Fixed
>> transport
>>
>>
>> On 10/16/2017 12:30 PM, Sergio Gonzalez Monroy wrote:
>>> On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
>>>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>>>
>>>> Seems like transport was broken for a long time
>>> Commit message needs to be improved. Just mentioned what is wrong or
>>> how do you fix it.
>>> Given that it is a fix, you should start the commit title with "fix
>>> ..." then also add the 'fixes' line with commit that added the bug.
>>> That way you can easily see since when it was introduced.
>>>
>>> Thanks,
>>> Sergio
>> Will create such commit messages for future fixes as you instructed above.
>> I will remove this patch from next version of fixes since there is a similar fix
>> already provided by Tomasz Duszynski which I will review.
>>
>> Thanks,
>> Aviad.
> Hi Aviad,
>
> Will you send a v2 of this patchset soon?
>
> Thanks,
> Pablo
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport
2017-10-16 12:03 ` Sergio Gonzalez Monroy
@ 2017-10-19 18:44 ` Aviad Yehezkel
0 siblings, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-19 18:44 UTC (permalink / raw)
To: Sergio Gonzalez Monroy, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
Solved that issue, this was an issue with mlx5 PMD with the new inline
ipsec code.
The PMD wasn't updating mbuf->data_len correctly.
Thanks!
On 10/16/2017 3:03 PM, Sergio Gonzalez Monroy wrote:
> On 16/10/2017 12:44, Aviad Yehezkel wrote:
>> On 10/16/2017 12:43 PM, Sergio Gonzalez Monroy wrote:
>>> On 14/10/2017 14:28, aviadye@dev.mellanox.co.il wrote:
>>>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>>>
>>>> IP length was incorrect causing corrupted ICMP packets for example
>>>>
>>>> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
>>>> ---
>>>> examples/ipsec-secgw/esp.c | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>>>> index 81ebf55..12c6f8c 100644
>>>> --- a/examples/ipsec-secgw/esp.c
>>>> +++ b/examples/ipsec-secgw/esp.c
>>>> @@ -205,13 +205,13 @@ esp_inbound_post(struct rte_mbuf *m, struct
>>>> ipsec_sa *sa,
>>>> if (likely(ip->ip_v == IPVERSION)) {
>>>> memmove(ip4, ip, ip->ip_hl * 4);
>>>> ip4->ip_p = *nexthdr;
>>>> - ip4->ip_len = htons(rte_pktmbuf_data_len(m));
>>>> + ip4->ip_len = htons(rte_pktmbuf_pkt_len(m));
>>>> } else {
>>>> ip6 = (struct ip6_hdr *)ip4;
>>>> /* XXX No option headers supported */
>>>> memmove(ip6, ip, sizeof(struct ip6_hdr));
>>>> ip6->ip6_nxt = *nexthdr;
>>>> - ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
>>>> + ip6->ip6_plen = htons(rte_pktmbuf_pkt_len(m));
>>>> }
>>>> } else
>>>> ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len);
>>>
>>> AFAIK the app does not support multi-segments (chain mbufs), so
>>> data_len should be the same as pkt_len.
>>> Is that not the case?
>>>
>> This is the inbound function (RX side), so mbufs are allocated by PMD.
>> PMD is allocating mbuf with additional 14 bytes for ETH header but
>> trim it before passing the mbuf.
>> As a result seg len is 14 bytes smaller than data len.
>>
>
> Sorry, I am still missing something here.
> rte_pktmbuf_trim updates both data_len and pkt_len, so how can they
> not be the same when we have a single mbuf?
>
> I think to remember using data_len instead of pkt_len so it is easy to
> see that the application does not support multi-segments (aka. chained
> mbufs)
>
> Thanks,
> Sergio
>
>> Thanks,
>> Aviad
>>
>>> Thanks,
>>> Sergio
>>
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (11 preceding siblings ...)
2017-10-16 9:27 ` Sergio Gonzalez Monroy
@ 2017-10-19 18:52 ` aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 2/6] examples/ipsec-secgw: fix create session also for aead aviadye
` (5 more replies)
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 1/4] " aviadye
13 siblings, 6 replies; 72+ messages in thread
From: aviadye @ 2017-10-19 18:52 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
Cc: pablo.de.lara.guarch@intel.com
Issue: None
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v2:
* Fix commit message.
* Address feedbacks.
---
examples/ipsec-secgw/ipsec-secgw.c | 13 +++++++++++--
examples/ipsec-secgw/ipsec.h | 1 +
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index d451b3d..1a5e9c0 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1115,7 +1115,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
uint16_t qp, struct lcore_params *params,
struct ipsec_ctx *ipsec_ctx,
const struct rte_cryptodev_capabilities *cipher,
- const struct rte_cryptodev_capabilities *auth)
+ const struct rte_cryptodev_capabilities *auth,
+ const struct rte_cryptodev_capabilities *aead)
{
int32_t ret = 0;
unsigned long i;
@@ -1126,6 +1127,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
key.cipher_algo = cipher->sym.cipher.algo;
if (auth)
key.auth_algo = auth->sym.auth.algo;
+ if (aead)
+ key.aead_algo = aead->sym.aead.algo;
ret = rte_hash_lookup(map, &key);
if (ret != -ENOENT)
@@ -1194,6 +1197,12 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
continue;
+ if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ ret |= add_mapping(map, str, cdev_id, qp, params,
+ ipsec_ctx, NULL, NULL, i);
+ continue;
+ }
+
if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
continue;
@@ -1206,7 +1215,7 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
continue;
ret |= add_mapping(map, str, cdev_id, qp, params,
- ipsec_ctx, i, j);
+ ipsec_ctx, i, j, NULL);
}
}
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index da1fb1b..7d057ae 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -150,6 +150,7 @@ struct cdev_key {
uint16_t lcore_id;
uint8_t cipher_algo;
uint8_t auth_algo;
+ uint8_t aead_algo;
};
struct socket_ctx {
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v2 2/6] examples/ipsec-secgw: fix create session also for aead
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
@ 2017-10-19 18:53 ` aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for for aes-gcm aviadye
` (4 subsequent siblings)
5 siblings, 0 replies; 72+ messages in thread
From: aviadye @ 2017-10-19 18:53 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Search for session also with aead key
Issue: None
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v2:
* Fix commit message.
* Addressed feedback.
---
examples/ipsec-secgw/ipsec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 0afb9d6..36fb8c8 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -56,13 +56,17 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
key.cipher_algo = (uint8_t)sa->cipher_algo;
key.auth_algo = (uint8_t)sa->auth_algo;
+ key.aead_algo = (uint8_t)sa->aead_algo;
ret = rte_hash_lookup_data(ipsec_ctx->cdev_map, &key,
(void **)&cdev_id_qp);
if (ret < 0) {
RTE_LOG(ERR, IPSEC, "No cryptodev: core %u, cipher_algo %u, "
- "auth_algo %u\n", key.lcore_id, key.cipher_algo,
- key.auth_algo);
+ "auth_algo %u, aead_algo %u\n",
+ key.lcore_id,
+ key.cipher_algo,
+ key.auth_algo,
+ key.aead_algo);
return -1;
}
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for for aes-gcm
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 2/6] examples/ipsec-secgw: fix create session also for aead aviadye
@ 2017-10-19 18:53 ` aviadye
2017-10-20 9:52 ` De Lara Guarch, Pablo
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode aviadye
` (3 subsequent siblings)
5 siblings, 1 reply; 72+ messages in thread
From: aviadye @ 2017-10-19 18:53 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
This cause auth failure issue
Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
Cc: pablo.de.lara.guarch@intel.com
Issue: None
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v2:
* Fix commit message
---
examples/ipsec-secgw/sa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 7be0e62..ef94475 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -431,7 +431,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
rule->aead_algo = algo->algo;
rule->cipher_key_len = algo->key_len;
rule->digest_len = algo->digest_len;
- rule->aad_len = algo->key_len;
+ rule->aad_len = algo->aad_len;
rule->block_size = algo->block_size;
rule->iv_len = algo->iv_len;
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 2/6] examples/ipsec-secgw: fix create session also for aead aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for for aes-gcm aviadye
@ 2017-10-19 18:53 ` aviadye
2017-10-20 5:55 ` Sergio Gonzalez Monroy
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 5/6] examples/ipsec-secgw: iv should be be64 aviadye
` (2 subsequent siblings)
5 siblings, 1 reply; 72+ messages in thread
From: aviadye @ 2017-10-19 18:53 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Issue: None
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v2:
* Fix commit message
---
examples/ipsec-secgw/esp.c | 51 ++++++++++++++++++++++++++--------------------
1 file changed, 29 insertions(+), 22 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 70bb81f..6215ad4 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -229,25 +229,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
uint8_t *padding, *new_ip, nlp;
struct rte_crypto_sym_op *sym_cop;
int32_t i;
- uint16_t pad_payload_len, pad_len, ip_hdr_len;
+ uint16_t pad_payload_len, pad_len = 0;
+ uint16_t inner_ip_hdr_len = 0, ip_hdr_len = 0;
RTE_ASSERT(m != NULL);
RTE_ASSERT(sa != NULL);
+ RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
+ sa->flags == TRANSPORT);
RTE_ASSERT(cop != NULL);
- ip_hdr_len = 0;
-
ip4 = rte_pktmbuf_mtod(m, struct ip *);
if (likely(ip4->ip_v == IPVERSION)) {
- if (unlikely(sa->flags == TRANSPORT)) {
- ip_hdr_len = ip4->ip_hl * 4;
+ ip_hdr_len = ip4->ip_hl * 4;
+ if (unlikely(sa->flags == TRANSPORT))
nlp = ip4->ip_p;
- } else
+ else
nlp = IPPROTO_IPIP;
} else if (ip4->ip_v == IP6_VERSION) {
+ /* XXX No option headers supported */
+ ip_hdr_len = sizeof(struct ip6_hdr);
if (unlikely(sa->flags == TRANSPORT)) {
- /* XXX No option headers supported */
- ip_hdr_len = sizeof(struct ip6_hdr);
ip6 = (struct ip6_hdr *)ip4;
nlp = ip6->ip6_nxt;
} else
@@ -259,22 +260,28 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
}
/* Padded payload length */
- pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) -
- ip_hdr_len + 2, sa->block_size);
- pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
-
- RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
- sa->flags == TRANSPORT);
-
- if (likely(sa->flags == IP4_TUNNEL))
+ if (unlikely(sa->flags == TRANSPORT)) {
+ pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
+ sizeof(nlp) + 1 - ip_hdr_len,
+ sa->block_size);
+ pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
+ } else {
+ inner_ip_hdr_len = ip_hdr_len;
ip_hdr_len = sizeof(struct ip);
- else if (sa->flags == IP6_TUNNEL)
- ip_hdr_len = sizeof(struct ip6_hdr);
- else if (sa->flags != TRANSPORT) {
- RTE_LOG(ERR, IPSEC_ESP, "Unsupported SA flags: 0x%x\n",
- sa->flags);
- return -EINVAL;
+ if (sa->flags == IP6_TUNNEL)
+ ip_hdr_len = sizeof(struct ip6_hdr);
+
+ pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
+ sizeof(nlp) + 1,
+ sa->block_size);
+ pad_len = pad_payload_len - rte_pktmbuf_pkt_len(m);
}
+ RTE_LOG(DEBUG, IPSEC_ESP, "rte_pktmbuf_pkt_len=%u "
+ "inner_ip_hdr_len=%u ip_hdr_len=%u "
+ "pad_payload_len=%u pad_len=%u\n",
+ rte_pktmbuf_pkt_len(m),
+ inner_ip_hdr_len, ip_hdr_len,
+ pad_payload_len, pad_len);
/* Check maximum packet size */
if (unlikely(ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len +
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v2 5/6] examples/ipsec-secgw: iv should be be64
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
` (2 preceding siblings ...)
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode aviadye
@ 2017-10-19 18:53 ` aviadye
2017-10-20 15:28 ` Radu Nicolau
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically aviadye
2017-10-20 9:50 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices De Lara Guarch, Pablo
5 siblings, 1 reply; 72+ messages in thread
From: aviadye @ 2017-10-19 18:53 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
According to rfc4106 the IV should be unique
and can be implemented as counter.
The changed was created because putting an analyzer
on wire and comparing packets generated by this
application and Linux kernel.
Linux kernel sets IV as BE, so it is worth to do
the same for future debug / comparison.
Issue: None
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v2:
* Fix commit message
---
examples/ipsec-secgw/esp.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 6215ad4..de55c35 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
uint8_t *aad;
- *iv = sa->seq;
+ *iv = rte_cpu_to_be_64(sa->seq);
sym_cop->aead.data.offset = ip_hdr_len +
sizeof(struct esp_hdr) + sa->iv_len;
sym_cop->aead.data.length = pad_payload_len;
@@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct cnt_blk *icb = get_cnt_blk(m);
icb->salt = sa->salt;
- icb->iv = sa->seq;
+ icb->iv = rte_cpu_to_be_64(sa->seq);
icb->cnt = rte_cpu_to_be_32(1);
aad = get_aad(m);
@@ -372,7 +372,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
- *iv = sa->seq;
+ *iv = rte_cpu_to_be_64(sa->seq);
sym_cop->cipher.data.offset = ip_hdr_len +
sizeof(struct esp_hdr) + sa->iv_len;
sym_cop->cipher.data.length = pad_payload_len;
@@ -391,7 +391,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct cnt_blk *icb = get_cnt_blk(m);
icb->salt = sa->salt;
- icb->iv = sa->seq;
+ icb->iv = rte_cpu_to_be_64(sa->seq);
icb->cnt = rte_cpu_to_be_32(1);
switch (sa->auth_algo) {
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
` (3 preceding siblings ...)
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 5/6] examples/ipsec-secgw: iv should be be64 aviadye
@ 2017-10-19 18:53 ` aviadye
2017-10-20 16:34 ` Nicolau, Radu
2017-10-20 9:50 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices De Lara Guarch, Pablo
5 siblings, 1 reply; 72+ messages in thread
From: aviadye @ 2017-10-19 18:53 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Issue: None
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v2:
* Fix commit message
---
examples/ipsec-secgw/Makefile | 1 +
examples/ipsec-secgw/ep0.cfg | 6 +
examples/ipsec-secgw/ep1.cfg | 6 +
examples/ipsec-secgw/eth.c | 238 +++++++++++++++++++++++++++++++++++++
examples/ipsec-secgw/ipsec-secgw.c | 79 +++---------
examples/ipsec-secgw/ipsec.h | 8 ++
examples/ipsec-secgw/parser.c | 69 +++++++++++
examples/ipsec-secgw/parser.h | 35 ++++++
8 files changed, 378 insertions(+), 64 deletions(-)
create mode 100644 examples/ipsec-secgw/eth.c
diff --git a/examples/ipsec-secgw/Makefile b/examples/ipsec-secgw/Makefile
index 17e9155..0dacd3c 100644
--- a/examples/ipsec-secgw/Makefile
+++ b/examples/ipsec-secgw/Makefile
@@ -60,6 +60,7 @@ SRCS-y += sp4.c
SRCS-y += sp6.c
SRCS-y += sa.c
SRCS-y += rt.c
+SRCS-y += eth.c
SRCS-y += ipsec-secgw.c
include $(RTE_SDK)/mk/rte.extapp.mk
diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg
index 299aa9e..eda4499 100644
--- a/examples/ipsec-secgw/ep0.cfg
+++ b/examples/ipsec-secgw/ep0.cfg
@@ -158,3 +158,9 @@ rt ipv6 dst ffff:0000:0000:0000:5555:5555:0000:0000/116 port 2
rt ipv6 dst ffff:0000:0000:0000:6666:6666:0000:0000/116 port 3
rt ipv6 dst ffff:0000:1111:1111:0000:0000:0000:0000/116 port 2
rt ipv6 dst ffff:0000:1111:1111:1111:1111:0000:0000/116 port 3
+
+#ETH Addresses
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:7e:94:9a port 0
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:22:a1:d9 port 1
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:08:69:26 port 2
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:49:9e:dd port 3
diff --git a/examples/ipsec-secgw/ep1.cfg b/examples/ipsec-secgw/ep1.cfg
index 3f6ff81..e6d4e26 100644
--- a/examples/ipsec-secgw/ep1.cfg
+++ b/examples/ipsec-secgw/ep1.cfg
@@ -158,3 +158,9 @@ rt ipv6 dst 0000:0000:0000:0000:5555:5555:0000:0000/116 port 2
rt ipv6 dst 0000:0000:0000:0000:6666:6666:0000:0000/116 port 3
rt ipv6 dst 0000:0000:1111:1111:0000:0000:0000:0000/116 port 2
rt ipv6 dst 0000:0000:1111:1111:1111:1111:0000:0000/116 port 3
+
+#ETH Addresses
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:7e:94:9a port 0
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:22:a1:d9 port 1
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:08:69:26 port 2
+eth addr src 00:00:00:00:00:00 dst 00:16:3e:49:9e:dd port 3
diff --git a/examples/ipsec-secgw/eth.c b/examples/ipsec-secgw/eth.c
new file mode 100644
index 0000000..b4f7120
--- /dev/null
+++ b/examples/ipsec-secgw/eth.c
@@ -0,0 +1,238 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Ethernet Address
+ */
+#include <stdint.h>
+#include <sys/types.h>
+#include <rte_ether.h>
+#include <rte_errno.h>
+#include <rte_ethdev.h>
+
+#include "ipsec.h"
+#include "parser.h"
+
+#define ETH_DST_MAX_RULES 1024
+
+struct addr {
+ uint8_t port;
+ struct ether_addr src;
+ struct ether_addr dst;
+};
+
+struct addr eth_addr[ETH_DST_MAX_RULES];
+uint32_t nb_eth_addr;
+
+void
+parse_eth_tokens(char **tokens, uint32_t n_tokens,
+ struct parse_status *status)
+{
+ uint32_t ti;
+ uint32_t *n_addr = NULL;
+ struct addr *addr = NULL;
+
+ if (strcmp(tokens[0], "addr") == 0) {
+ n_addr = &nb_eth_addr;
+ addr = ð_addr[*n_addr];
+
+ APP_CHECK(*n_addr <= ETH_DST_MAX_RULES - 1, status,
+ "too many eth dst rules, abort insertion\n");
+ if (status->status < 0)
+ return;
+ } else {
+ APP_CHECK(0, status, "unrecognized input \"%s\"",
+ tokens[0]);
+ return;
+ }
+
+ for (ti = 1; ti < n_tokens; ti++) {
+ if (strcmp(tokens[ti], "src") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+
+ if (addr != NULL) {
+ APP_CHECK(parse_eth_addr(tokens[ti],
+ &addr->src) == 0, status,
+ "unrecognized input \"%s\", "
+ "expect valid src addr",
+ tokens[ti]);
+ if (status->status < 0)
+ return;
+ } else {
+ APP_CHECK(0, status, "addr is NULL");
+ }
+ }
+
+ if (strcmp(tokens[ti], "dst") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+
+ if (addr != NULL) {
+ APP_CHECK(parse_eth_addr(tokens[ti],
+ &addr->dst) == 0, status,
+ "unrecognized input \"%s\", "
+ "expect valid dst addr",
+ tokens[ti]);
+ if (status->status < 0)
+ return;
+ } else {
+ APP_CHECK(0, status, "addr is NULL");
+ }
+ }
+
+ if (strcmp(tokens[ti], "port") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+
+ APP_CHECK_TOKEN_IS_NUM(tokens, ti, status);
+ if (status->status < 0)
+ return;
+
+ if (addr != NULL)
+ addr->port = atoi(tokens[ti]);
+ else
+ APP_CHECK(0, status, "addr is NULL");
+ }
+ }
+
+ *n_addr = *n_addr + 1;
+}
+
+static struct eth_ctx *
+eth_create(const char *name, int32_t socket_id)
+{
+ char s[PATH_MAX];
+ struct eth_ctx *eth_ctx;
+ uint32_t mz_size;
+ const struct rte_memzone *mz;
+
+ snprintf(s, sizeof(s), "%s_%u", name, socket_id);
+
+ /* Create SA array table */
+ printf("Creating ETH context with %u maximum entries\n",
+ RTE_MAX_ETHPORTS);
+
+ mz_size = sizeof(struct eth_ctx) * RTE_MAX_ETHPORTS;
+ mz = rte_memzone_reserve(s, mz_size, socket_id,
+ RTE_MEMZONE_1GB | RTE_MEMZONE_SIZE_HINT_ONLY);
+ if (mz == NULL) {
+ printf("Failed to allocate SA DB memory\n");
+ rte_errno = -ENOMEM;
+ return NULL;
+ }
+ memset(mz->addr, 0, mz_size);
+
+ eth_ctx = (struct eth_ctx *)mz->addr;
+ return eth_ctx;
+}
+
+static void
+eth_ctx_dump(struct eth_ctx *eth_addr, uint32_t mask)
+{
+ char name[256];
+ uint32_t nb_ports;
+ uint8_t port;
+
+ nb_ports = rte_eth_dev_count();
+ for (port = 0; port < nb_ports; ++port) {
+ if ((mask & (1 << port)) == 0)
+ continue;
+
+ if (rte_eth_dev_get_name_by_port(port, name) < 0)
+ rte_exit(EXIT_FAILURE, "Unable to find name "
+ "to port=%d\n", port);
+
+ printf("%s-dst-0x%lx\n", name, eth_addr[port].dst);
+ printf("%s-src-0x%lx\n", name, eth_addr[port].src);
+ }
+}
+
+void
+eth_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t mask)
+{
+ const char *name;
+ uint32_t i, nb_ports;
+ uint8_t port;
+ struct ether_addr ethaddr;
+
+ if (ctx == NULL)
+ rte_exit(EXIT_FAILURE, "NULL context.\n");
+
+ if (ctx->eth_addr != NULL)
+ rte_exit(EXIT_FAILURE, "ETH Address Table for socket %u "
+ "already initialized\n", socket_id);
+
+ if (nb_eth_addr == 0)
+ RTE_LOG(WARNING, IPSEC, "No ETH address rule specified\n");
+
+ /* create the ETH table */
+ name = "eth_addr";
+ ctx->eth_addr = eth_create(name, socket_id);
+ if (ctx->eth_addr == NULL)
+ rte_exit(EXIT_FAILURE, "Error [%d] creating ETH "
+ "context %s in socket %d\n", rte_errno,
+ name, socket_id);
+
+ /* populate the ETH table */
+ for (i = 0; i < nb_eth_addr; ++i) {
+ port = eth_addr[i].port;
+
+ if (ctx->eth_addr[port].dst != 0)
+ rte_exit(EXIT_FAILURE, "ETH destination address "
+ "for port %u already in use\n",
+ port);
+ if (ctx->eth_addr[port].src != 0)
+ rte_exit(EXIT_FAILURE, "ETH source address "
+ "for port %u already in use\n",
+ port);
+
+ ctx->eth_addr[port].dst = ETHADDR_TO_UINT64(eth_addr[i].dst);
+ ctx->eth_addr[port].src = ETHADDR_TO_UINT64(eth_addr[i].src);
+ }
+
+ nb_ports = rte_eth_dev_count();
+ for (port = 0; port < nb_ports; ++port) {
+ if ((mask & (1 << port)) == 0)
+ continue;
+
+ if (ctx->eth_addr[port].src == 0) {
+ rte_eth_macaddr_get(port, ðaddr);
+ ctx->eth_addr[port].src = ETHADDR_TO_UINT64(ethaddr);
+ }
+ }
+ eth_ctx_dump(ctx->eth_addr, mask);
+}
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 1a5e9c0..227bc81 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -112,47 +112,6 @@
static uint16_t nb_rxd = IPSEC_SECGW_RX_DESC_DEFAULT;
static uint16_t nb_txd = IPSEC_SECGW_TX_DESC_DEFAULT;
-#if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN
-#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
- (((uint64_t)((a) & 0xff) << 56) | \
- ((uint64_t)((b) & 0xff) << 48) | \
- ((uint64_t)((c) & 0xff) << 40) | \
- ((uint64_t)((d) & 0xff) << 32) | \
- ((uint64_t)((e) & 0xff) << 24) | \
- ((uint64_t)((f) & 0xff) << 16) | \
- ((uint64_t)((g) & 0xff) << 8) | \
- ((uint64_t)(h) & 0xff))
-#else
-#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
- (((uint64_t)((h) & 0xff) << 56) | \
- ((uint64_t)((g) & 0xff) << 48) | \
- ((uint64_t)((f) & 0xff) << 40) | \
- ((uint64_t)((e) & 0xff) << 32) | \
- ((uint64_t)((d) & 0xff) << 24) | \
- ((uint64_t)((c) & 0xff) << 16) | \
- ((uint64_t)((b) & 0xff) << 8) | \
- ((uint64_t)(a) & 0xff))
-#endif
-#define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0))
-
-#define ETHADDR_TO_UINT64(addr) __BYTES_TO_UINT64( \
- addr.addr_bytes[0], addr.addr_bytes[1], \
- addr.addr_bytes[2], addr.addr_bytes[3], \
- addr.addr_bytes[4], addr.addr_bytes[5], \
- 0, 0)
-
-/* port/source ethernet addr and destination ethernet addr */
-struct ethaddr_info {
- uint64_t src, dst;
-};
-
-struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = {
- { 0, ETHADDR(0x00, 0x16, 0x3e, 0x7e, 0x94, 0x9a) },
- { 0, ETHADDR(0x00, 0x16, 0x3e, 0x22, 0xa1, 0xd9) },
- { 0, ETHADDR(0x00, 0x16, 0x3e, 0x08, 0x69, 0x26) },
- { 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) }
-};
-
/* mask of enabled ports */
static uint32_t enabled_port_mask;
static uint32_t unprotected_port_mask;
@@ -195,6 +154,7 @@ struct lcore_conf {
struct ipsec_ctx outbound;
struct rt_ctx *rt4_ctx;
struct rt_ctx *rt6_ctx;
+ struct eth_ctx *eth_addr;
} __rte_cache_aligned;
static struct lcore_conf lcore_conf[RTE_MAX_LCORE];
@@ -290,7 +250,7 @@ prepare_traffic(struct rte_mbuf **pkts, struct ipsec_traffic *t,
}
static inline void
-prepare_tx_pkt(struct rte_mbuf *pkt, uint16_t port)
+prepare_tx_pkt(struct rte_mbuf *pkt, uint64_t *src, uint64_t *dst)
{
struct ip *ip;
struct ether_hdr *ethhdr;
@@ -313,25 +273,24 @@ prepare_tx_pkt(struct rte_mbuf *pkt, uint16_t port)
ethhdr->ether_type = rte_cpu_to_be_16(ETHER_TYPE_IPv6);
}
- memcpy(ðhdr->s_addr, ðaddr_tbl[port].src,
- sizeof(struct ether_addr));
- memcpy(ðhdr->d_addr, ðaddr_tbl[port].dst,
- sizeof(struct ether_addr));
+ memcpy(ðhdr->s_addr, src, sizeof(struct ether_addr));
+ memcpy(ðhdr->d_addr, dst, sizeof(struct ether_addr));
}
static inline void
-prepare_tx_burst(struct rte_mbuf *pkts[], uint16_t nb_pkts, uint16_t port)
+prepare_tx_burst(struct rte_mbuf *pkts[], uint64_t *src, uint64_t *dst,
+ uint16_t nb_pkts)
{
int32_t i;
const int32_t prefetch_offset = 2;
for (i = 0; i < (nb_pkts - prefetch_offset); i++) {
rte_mbuf_prefetch_part2(pkts[i + prefetch_offset]);
- prepare_tx_pkt(pkts[i], port);
+ prepare_tx_pkt(pkts[i], src, dst);
}
/* Process left packets */
for (; i < nb_pkts; i++)
- prepare_tx_pkt(pkts[i], port);
+ prepare_tx_pkt(pkts[i], src, dst);
}
/* Send burst of packets on an output interface */
@@ -341,11 +300,14 @@ send_burst(struct lcore_conf *qconf, uint16_t n, uint16_t port)
struct rte_mbuf **m_table;
int32_t ret;
uint16_t queueid;
+ uint64_t *src, *dst;
queueid = qconf->tx_queue_id[port];
m_table = (struct rte_mbuf **)qconf->tx_mbufs[port].m_table;
+ src = &qconf->eth_addr[port].src;
+ dst = &qconf->eth_addr[port].dst;
- prepare_tx_burst(m_table, n, port);
+ prepare_tx_burst(m_table, src, dst, n);
ret = rte_eth_tx_burst(port, queueid, m_table, n);
if (unlikely(ret < n)) {
@@ -707,6 +669,7 @@ main_loop(__attribute__((unused)) void *dummy)
qconf->rt4_ctx = socket_ctx[socket_id].rt_ip4;
qconf->rt6_ctx = socket_ctx[socket_id].rt_ip6;
+ qconf->eth_addr = socket_ctx[socket_id].eth_addr;
qconf->inbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_in;
qconf->inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
@@ -1047,14 +1010,6 @@ parse_args(int32_t argc, char **argv)
return ret;
}
-static void
-print_ethaddr(const char *name, const struct ether_addr *eth_addr)
-{
- char buf[ETHER_ADDR_FMT_SIZE];
- ether_format_addr(buf, ETHER_ADDR_FMT_SIZE, eth_addr);
- printf("%s%s", name, buf);
-}
-
/* Check the link status of all ports in up to 9s, and print them finally */
static void
check_all_ports_link_status(uint16_t port_num, uint32_t port_mask)
@@ -1341,17 +1296,11 @@ port_init(uint16_t portid)
uint16_t tx_queueid, rx_queueid, queue, lcore_id;
int32_t ret, socket_id;
struct lcore_conf *qconf;
- struct ether_addr ethaddr;
rte_eth_dev_info_get(portid, &dev_info);
printf("Configuring device port %u:\n", portid);
- rte_eth_macaddr_get(portid, ðaddr);
- ethaddr_tbl[portid].src = ETHADDR_TO_UINT64(ethaddr);
- print_ethaddr("Address: ", ðaddr);
- printf("\n");
-
nb_rx_queue = get_port_nb_rx_queues(portid);
nb_tx_queue = nb_lcores;
@@ -1502,6 +1451,8 @@ main(int32_t argc, char **argv)
rt_init(&socket_ctx[socket_id], socket_id);
+ eth_init(&socket_ctx[socket_id], socket_id, enabled_port_mask);
+
pool_init(&socket_ctx[socket_id], socket_id, NB_MBUF);
}
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 7d057ae..9e22b1b 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -153,6 +153,10 @@ struct cdev_key {
uint8_t aead_algo;
};
+struct eth_ctx {
+ uint64_t src, dst;
+};
+
struct socket_ctx {
struct sa_ctx *sa_in;
struct sa_ctx *sa_out;
@@ -162,6 +166,7 @@ struct socket_ctx {
struct sp_ctx *sp_ip6_out;
struct rt_ctx *rt_ip4;
struct rt_ctx *rt_ip6;
+ struct eth_ctx *eth_addr;
struct rte_mempool *mbuf_pool;
struct rte_mempool *session_pool;
};
@@ -237,4 +242,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id);
void
rt_init(struct socket_ctx *ctx, int32_t socket_id);
+void
+eth_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t mask);
+
#endif /* __IPSEC_H__ */
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index 9d0ea46..24ca8c2 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -292,6 +292,30 @@ parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask)
}
int
+parse_eth_addr(const char *token, struct ether_addr *addr)
+{
+ char addr_str[256] = {0};
+ int i, values[6];
+
+ if (strlen(token) >= 256)
+ return -EINVAL;
+
+ strncpy(addr_str, token, strlen(token));
+
+ if (6 != sscanf(addr_str, "%02X:%02X:%02X:%02X:%02X:%02X",
+ &values[0], &values[1],
+ &values[2], &values[3],
+ &values[4], &values[5])) {
+ return -EINVAL;
+ }
+
+ for (i = 0; i < 6; ++i)
+ addr->addr_bytes[i] = (uint8_t)values[i];
+
+ return 0;
+}
+
+int
parse_range(const char *token, uint16_t *low, uint16_t *high)
{
char ch;
@@ -469,11 +493,55 @@ cmdline_parse_inst_t cfg_rt_add_rule = {
},
};
+/* eth add parse */
+struct cfg_eth_add_cfg_item {
+ cmdline_fixed_string_t eth_keyword;
+ cmdline_multi_string_t multi_string;
+};
+
+static void
+cfg_eth_add_cfg_item_parsed(void *parsed_result,
+ __rte_unused struct cmdline *cl, void *data)
+{
+ struct cfg_eth_add_cfg_item *params = parsed_result;
+ char *tokens[32];
+ uint32_t n_tokens = RTE_DIM(tokens);
+ struct parse_status *status = (struct parse_status *)data;
+
+ APP_CHECK(parse_tokenize_string(
+ params->multi_string, tokens, &n_tokens) == 0,
+ status, "too many arguments\n");
+ if (status->status < 0)
+ return;
+
+ parse_eth_tokens(tokens, n_tokens, status);
+}
+
+static cmdline_parse_token_string_t cfg_eth_add_eth_str =
+ TOKEN_STRING_INITIALIZER(struct cfg_eth_add_cfg_item,
+ eth_keyword, "eth");
+
+static cmdline_parse_token_string_t cfg_eth_add_multi_str =
+ TOKEN_STRING_INITIALIZER(struct cfg_eth_add_cfg_item, multi_string,
+ TOKEN_STRING_MULTI);
+
+cmdline_parse_inst_t cfg_eth_add_rule = {
+ .f = cfg_eth_add_cfg_item_parsed,
+ .data = NULL,
+ .help_str = "",
+ .tokens = {
+ (void *) &cfg_eth_add_eth_str,
+ (void *) &cfg_eth_add_multi_str,
+ NULL,
+ },
+};
+
/** set of cfg items */
cmdline_parse_ctx_t ipsec_ctx[] = {
(cmdline_parse_inst_t *)&cfg_sp_add_rule,
(cmdline_parse_inst_t *)&cfg_sa_add_rule,
(cmdline_parse_inst_t *)&cfg_rt_add_rule,
+ (cmdline_parse_inst_t *)&cfg_eth_add_rule,
NULL,
};
@@ -499,6 +567,7 @@ parse_cfg_file(const char *cfg_filename)
cfg_sp_add_rule.data = &status;
cfg_sa_add_rule.data = &status;
cfg_rt_add_rule.data = &status;
+ cfg_eth_add_rule.data = &status;
do {
char oneline[1024];
diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h
index d31ae01..daa7997 100644
--- a/examples/ipsec-secgw/parser.h
+++ b/examples/ipsec-secgw/parser.h
@@ -85,6 +85,34 @@ do { \
index++; \
} while (0)
+#if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN
+#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
+ (((uint64_t)((a) & 0xff) << 56) | \
+ ((uint64_t)((b) & 0xff) << 48) | \
+ ((uint64_t)((c) & 0xff) << 40) | \
+ ((uint64_t)((d) & 0xff) << 32) | \
+ ((uint64_t)((e) & 0xff) << 24) | \
+ ((uint64_t)((f) & 0xff) << 16) | \
+ ((uint64_t)((g) & 0xff) << 8) | \
+ ((uint64_t)(h) & 0xff))
+#else
+#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
+ (((uint64_t)((h) & 0xff) << 56) | \
+ ((uint64_t)((g) & 0xff) << 48) | \
+ ((uint64_t)((f) & 0xff) << 40) | \
+ ((uint64_t)((e) & 0xff) << 32) | \
+ ((uint64_t)((d) & 0xff) << 24) | \
+ ((uint64_t)((c) & 0xff) << 16) | \
+ ((uint64_t)((b) & 0xff) << 8) | \
+ ((uint64_t)(a) & 0xff))
+#endif
+
+#define ETHADDR_TO_UINT64(addr) __BYTES_TO_UINT64( \
+ addr.addr_bytes[0], addr.addr_bytes[1], \
+ addr.addr_bytes[2], addr.addr_bytes[3], \
+ addr.addr_bytes[4], addr.addr_bytes[5], \
+ 0, 0)
+
int
parse_ipv4_addr(const char *token, struct in_addr *ipv4, uint32_t *mask);
@@ -92,6 +120,9 @@ int
parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask);
int
+parse_eth_addr(const char *token, struct ether_addr *addr);
+
+int
parse_range(const char *token, uint16_t *low, uint16_t *high);
void
@@ -110,6 +141,10 @@ void
parse_rt_tokens(char **tokens, uint32_t n_tokens,
struct parse_status *status);
+void
+parse_eth_tokens(char **tokens, uint32_t n_tokens,
+ struct parse_status *status);
+
int
parse_cfg_file(const char *cfg_filename);
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode aviadye
@ 2017-10-20 5:55 ` Sergio Gonzalez Monroy
2017-10-23 10:54 ` De Lara Guarch, Pablo
0 siblings, 1 reply; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-20 5:55 UTC (permalink / raw)
To: aviadye, dev, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, liranl, nelio.laranjeiro, thomas
Hi Aviad,
I think you missed my question on v1 for this patch.
Could you provide an example where the pad calculation with the current
code is wrong?
Thanks,
Sergio
On 19/10/2017 19:53, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Issue: None
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> --
> v2:
> * Fix commit message
> ---
> examples/ipsec-secgw/esp.c | 51 ++++++++++++++++++++++++++--------------------
> 1 file changed, 29 insertions(+), 22 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 70bb81f..6215ad4 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -229,25 +229,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> uint8_t *padding, *new_ip, nlp;
> struct rte_crypto_sym_op *sym_cop;
> int32_t i;
> - uint16_t pad_payload_len, pad_len, ip_hdr_len;
> + uint16_t pad_payload_len, pad_len = 0;
> + uint16_t inner_ip_hdr_len = 0, ip_hdr_len = 0;
>
> RTE_ASSERT(m != NULL);
> RTE_ASSERT(sa != NULL);
> + RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> + sa->flags == TRANSPORT);
> RTE_ASSERT(cop != NULL);
>
> - ip_hdr_len = 0;
> -
> ip4 = rte_pktmbuf_mtod(m, struct ip *);
> if (likely(ip4->ip_v == IPVERSION)) {
> - if (unlikely(sa->flags == TRANSPORT)) {
> - ip_hdr_len = ip4->ip_hl * 4;
> + ip_hdr_len = ip4->ip_hl * 4;
> + if (unlikely(sa->flags == TRANSPORT))
> nlp = ip4->ip_p;
> - } else
> + else
> nlp = IPPROTO_IPIP;
> } else if (ip4->ip_v == IP6_VERSION) {
> + /* XXX No option headers supported */
> + ip_hdr_len = sizeof(struct ip6_hdr);
> if (unlikely(sa->flags == TRANSPORT)) {
> - /* XXX No option headers supported */
> - ip_hdr_len = sizeof(struct ip6_hdr);
> ip6 = (struct ip6_hdr *)ip4;
> nlp = ip6->ip6_nxt;
> } else
> @@ -259,22 +260,28 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> }
>
> /* Padded payload length */
> - pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) -
> - ip_hdr_len + 2, sa->block_size);
> - pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> -
> - RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> - sa->flags == TRANSPORT);
> -
> - if (likely(sa->flags == IP4_TUNNEL))
> + if (unlikely(sa->flags == TRANSPORT)) {
> + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> + sizeof(nlp) + 1 - ip_hdr_len,
> + sa->block_size);
> + pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> + } else {
> + inner_ip_hdr_len = ip_hdr_len;
> ip_hdr_len = sizeof(struct ip);
> - else if (sa->flags == IP6_TUNNEL)
> - ip_hdr_len = sizeof(struct ip6_hdr);
> - else if (sa->flags != TRANSPORT) {
> - RTE_LOG(ERR, IPSEC_ESP, "Unsupported SA flags: 0x%x\n",
> - sa->flags);
> - return -EINVAL;
> + if (sa->flags == IP6_TUNNEL)
> + ip_hdr_len = sizeof(struct ip6_hdr);
> +
> + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> + sizeof(nlp) + 1,
> + sa->block_size);
> + pad_len = pad_payload_len - rte_pktmbuf_pkt_len(m);
> }
> + RTE_LOG(DEBUG, IPSEC_ESP, "rte_pktmbuf_pkt_len=%u "
> + "inner_ip_hdr_len=%u ip_hdr_len=%u "
> + "pad_payload_len=%u pad_len=%u\n",
> + rte_pktmbuf_pkt_len(m),
> + inner_ip_hdr_len, ip_hdr_len,
> + pad_payload_len, pad_len);
>
> /* Check maximum packet size */
> if (unlikely(ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len +
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
` (4 preceding siblings ...)
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically aviadye
@ 2017-10-20 9:50 ` De Lara Guarch, Pablo
2017-10-22 7:21 ` Aviad Yehezkel
5 siblings, 1 reply; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-20 9:50 UTC (permalink / raw)
To: aviadye, dev, Gonzalez Monroy, Sergio, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
> -----Original Message-----
> From: aviadye@dev.mellanox.co.il [mailto:aviadye@dev.mellanox.co.il]
> Sent: Thursday, October 19, 2017 7:53 PM
> To: dev@dpdk.org; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; aviadye@dev.mellanox.co.il;
> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: [dpdk-dev][PATCH v2 1/6] examples/ipsec-secgw: fix initialization
> of aead crypto devices
>
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
> Cc: pablo.de.lara.guarch@intel.com
You should CC stable here.
>
> Issue: None
What does this mean? This is a fix to an existing issue,
so this doesn't make sense.
Apart from this:
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for for aes-gcm
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for for aes-gcm aviadye
@ 2017-10-20 9:52 ` De Lara Guarch, Pablo
2017-10-20 10:52 ` Thomas Monjalon
0 siblings, 1 reply; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-20 9:52 UTC (permalink / raw)
To: aviadye, dev, Gonzalez Monroy, Sergio, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
> -----Original Message-----
> From: aviadye@dev.mellanox.co.il [mailto:aviadye@dev.mellanox.co.il]
> Sent: Thursday, October 19, 2017 7:53 PM
> To: dev@dpdk.org; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; aviadye@dev.mellanox.co.il;
> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: [dpdk-dev][PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for
> for aes-gcm
>
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> This cause auth failure issue
>
> Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
> Cc: pablo.de.lara.guarch@intel.com
>
> Issue: None
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Same comments as in patch 1, and also fix the commit title
("for" duplicated) and avoid "_".
For the rest of the patch:
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for for aes-gcm
2017-10-20 9:52 ` De Lara Guarch, Pablo
@ 2017-10-20 10:52 ` Thomas Monjalon
0 siblings, 0 replies; 72+ messages in thread
From: Thomas Monjalon @ 2017-10-20 10:52 UTC (permalink / raw)
To: aviadye, aviadye
Cc: De Lara Guarch, Pablo, dev, Gonzalez Monroy, Sergio, borisp,
akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty, Declan,
liranl, nelio.laranjeiro
20/10/2017 11:52, De Lara Guarch, Pablo:
> Same comments as in patch 1, and also fix the commit title
> ("for" duplicated) and avoid "_".
The underscore is forbidden in titles to avoid naming variable or
function names instead of giving a clear scope understandable
without digging in the code.
Here "aad_len" can probably be replaced by "AAD length".
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 5/6] examples/ipsec-secgw: iv should be be64
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 5/6] examples/ipsec-secgw: iv should be be64 aviadye
@ 2017-10-20 15:28 ` Radu Nicolau
0 siblings, 0 replies; 72+ messages in thread
From: Radu Nicolau @ 2017-10-20 15:28 UTC (permalink / raw)
To: aviadye, dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, declan.doherty, liranl,
nelio.laranjeiro, thomas
On 10/19/2017 7:53 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> According to rfc4106 the IV should be unique
> and can be implemented as counter.
> The changed was created because putting an analyzer
> on wire and comparing packets generated by this
> application and Linux kernel.
> Linux kernel sets IV as BE, so it is worth to do
> the same for future debug / comparison.
>
> Issue: None
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> --
> v2:
> * Fix commit message
> ---
>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically aviadye
@ 2017-10-20 16:34 ` Nicolau, Radu
2019-03-28 19:11 ` Ferruh Yigit
0 siblings, 1 reply; 72+ messages in thread
From: Nicolau, Radu @ 2017-10-20 16:34 UTC (permalink / raw)
To: aviadye, dev, Gonzalez Monroy, Sergio, De Lara Guarch, Pablo, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Doherty, Declan, liranl,
nelio.laranjeiro, thomas
Hi,
I think this should be a separate patch, not bundled with a series of fixes.
The guide has to be updated as well.
And probably it's best to make the MAC configuration optional, keep a default hardcoded table.
Regards,
Radu
> -----Original Message-----
> From: aviadye@dev.mellanox.co.il [mailto:aviadye@dev.mellanox.co.il]
> Sent: Thursday, October 19, 2017 7:53 PM
> To: dev@dpdk.org; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; aviadye@dev.mellanox.co.il;
> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: [dpdk-dev][PATCH v2 6/6] examples/ipsec-secgw: config ethernet
> MACs dynamically
>
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Issue: None
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> --
> v2:
<snip>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-17 13:17 ` De Lara Guarch, Pablo
@ 2017-10-21 17:12 ` Akhil Goyal
2017-10-23 8:32 ` Sergio Gonzalez Monroy
0 siblings, 1 reply; 72+ messages in thread
From: Akhil Goyal @ 2017-10-21 17:12 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Hemant Agrawal, Aviad Yehezkel,
Gonzalez Monroy, Sergio, dev, aviadye
Cc: borisp, Nicolau, Radu, Doherty, Declan, liranl, nelio.laranjeiro, thomas
On 10/17/2017 6:47 PM, De Lara Guarch, Pablo wrote:
>
>
>> -----Original Message-----
>> From: Hemant Agrawal [mailto:hemant.agrawal@nxp.com]
>> Sent: Tuesday, October 17, 2017 1:37 PM
>> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Aviad
>> Yehezkel <aviadye@dev.mellanox.co.il>; Gonzalez Monroy, Sergio
>> <sergio.gonzalez.monroy@intel.com>; dev@dpdk.org;
>> aviadye@mellanox.com
>> Cc: borisp@mellanox.com; akhil.goyal@nxp.com; Nicolau, Radu
>> <radu.nicolau@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
>> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
>> Subject: Re: [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS
>> file
>>
>> On 10/16/2017 7:09 PM, De Lara Guarch, Pablo wrote:
>>> Hi Aviad,
>>>
>>>> -----Original Message-----
>>>> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
>>>> Sent: Monday, October 16, 2017 11:44 AM
>>>> To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>;
>>>> dev@dpdk.org; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>;
>>>> aviadye@mellanox.com
>>>> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
>> hemant.agrawal@nxp.com;
>>>> Nicolau, Radu <radu.nicolau@intel.com>; Doherty, Declan
>>>> <declan.doherty@intel.com>; liranl@mellanox.com;
>>>> nelio.laranjeiro@6wind.com; thomas@monjalon.net
>>>> Subject: Re: [dpdk-dev][PATCH 01/11] examples/ipsec-secgw: updated
>>>> MAINTAINERS file
>>>>
>>>>
>>>>
>>>> On 10/16/2017 12:27 PM, Sergio Gonzalez Monroy wrote:
>>>>> Hi Aviad,
>>>>>
>>>>> On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
>>>>>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>>>>>
>>>>>> As agreed with Sergio and Pablo
>>>>>
>>>>> I don't think the commit message is relevant.
>>>>> Either me or Pablo acking the patch would have the same meaning.
>>>>>
>>>>> Thanks,
>>>>> Sergio
>>>>
>>>> Will fix.
>>>
>>> Actually, it is too early for you to take ownership on this app, as
>>> you have recently started contributing to DPDK, so I have to NACK this
>> patch.
>>> Sorry for the confusion.
>>>
>>> Said that, anyone from the rest of the developers of rte_security
>>> (with past contributions) that would like to volunteer to maintain this
>> app?
>>>
>>
>> I want to ask Akhil, if he agrees to commit time to do this work?
I can, but I think Radu is already added as a co maintainer.
>
> I would support that decision :)
>
Thanks for your support Pablo.
-Akhil
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices
2017-10-20 9:50 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices De Lara Guarch, Pablo
@ 2017-10-22 7:21 ` Aviad Yehezkel
2017-10-22 11:00 ` Thomas Monjalon
0 siblings, 1 reply; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-22 7:21 UTC (permalink / raw)
To: De Lara Guarch, Pablo, dev, Gonzalez Monroy, Sergio, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
On 10/20/2017 12:50 PM, De Lara Guarch, Pablo wrote:
>
>> -----Original Message-----
>> From: aviadye@dev.mellanox.co.il [mailto:aviadye@dev.mellanox.co.il]
>> Sent: Thursday, October 19, 2017 7:53 PM
>> To: dev@dpdk.org; Gonzalez Monroy, Sergio
>> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
>> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
>> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
>> Doherty, Declan <declan.doherty@intel.com>; aviadye@dev.mellanox.co.il;
>> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
>> Subject: [dpdk-dev][PATCH v2 1/6] examples/ipsec-secgw: fix initialization
>> of aead crypto devices
>>
>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>
>> Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
>> Cc: pablo.de.lara.guarch@intel.com
> You should CC stable here.
You referred me to http://dpdk.org/doc/guides/contributing/patches.html
I followed the documentation:
"
When fixing a regression, it is required to reference the id of the
commit which introduced the bug, and put the original author of that
commit on CC. Yiu can generate the required lines using the following
git alias, which print the commit SHA and the author of the original code:
git config alias.fixline "log -1 --abbrev=12 --format='Fixes: %h
(\"%s\")%nCc: %ae'"
"
Please explain when to use above alias and when to put stable or
something else.
Thanks!
>> Issue: None
> What does this mean? This is a fix to an existing issue,
> so this doesn't make sense.
This is leftovers from my internal git continuous integration system. It
refers to internal bug in my local bugzilla.
Will remove that and automate next patches not to include it.
Thanks!
>
> Apart from this:
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices
2017-10-22 7:21 ` Aviad Yehezkel
@ 2017-10-22 11:00 ` Thomas Monjalon
0 siblings, 0 replies; 72+ messages in thread
From: Thomas Monjalon @ 2017-10-22 11:00 UTC (permalink / raw)
To: Aviad Yehezkel
Cc: De Lara Guarch, Pablo, dev, Gonzalez Monroy, Sergio, aviadye,
borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro
22/10/2017 09:21, Aviad Yehezkel:
> On 10/20/2017 12:50 PM, De Lara Guarch, Pablo wrote:
> > From: aviadye@dev.mellanox.co.il
> >> From: Aviad Yehezkel <aviadye@mellanox.com>
> >>
> >> Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
> >> Cc: pablo.de.lara.guarch@intel.com
> >
> > You should CC stable here.
>
> You referred me to http://dpdk.org/doc/guides/contributing/patches.html
> I followed the documentation:
> "
> When fixing a regression, it is required to reference the id of the
> commit which introduced the bug, and put the original author of that
> commit on CC. Yiu can generate the required lines using the following
> git alias, which print the commit SHA and the author of the original code:
> git config alias.fixline "log -1 --abbrev=12 --format='Fixes: %h
> (\"%s\")%nCc: %ae'"
> "
> Please explain when to use above alias and when to put stable or
> something else.
It seems it is not described in the chapter 5.
It is mentioned only in chapter 6:
http://dpdk.org/doc/guides/contributing/stable.html#the-stable-mailing-list
But when running devtools/check-git-log.sh as described in chapter 5:
http://dpdk.org/doc/guides/contributing/patches.html#checking-the-patches
You should see this:
Is it candidate for Cc: stable@dpdk.org backport?
It is using devtools/git-log-fixes.sh to get patches which are fixing
older releases.
Short answer:
You must add "Cc: stable@dpdk.org" just below "Fixes:" if the bug
was introduced in an older release.
It will trigger the patch to be backported in maintenance releases.
It is the responsibility of the tree maintainer to check this tag,
and add or remove it, if he thinks the backport requirement was not
properly considered.
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file
2017-10-21 17:12 ` Akhil Goyal
@ 2017-10-23 8:32 ` Sergio Gonzalez Monroy
0 siblings, 0 replies; 72+ messages in thread
From: Sergio Gonzalez Monroy @ 2017-10-23 8:32 UTC (permalink / raw)
To: Akhil Goyal, De Lara Guarch, Pablo, Hemant Agrawal,
Aviad Yehezkel, dev, aviadye
Cc: borisp, Nicolau, Radu, Doherty, Declan, liranl, nelio.laranjeiro, thomas
On 21/10/2017 18:12, Akhil Goyal wrote:
> On 10/17/2017 6:47 PM, De Lara Guarch, Pablo wrote:
>>
>>
>>> -----Original Message-----
>>> From: Hemant Agrawal [mailto:hemant.agrawal@nxp.com]
>>> Sent: Tuesday, October 17, 2017 1:37 PM
>>> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Aviad
>>> Yehezkel <aviadye@dev.mellanox.co.il>; Gonzalez Monroy, Sergio
>>> <sergio.gonzalez.monroy@intel.com>; dev@dpdk.org;
>>> aviadye@mellanox.com
>>> Cc: borisp@mellanox.com; akhil.goyal@nxp.com; Nicolau, Radu
>>> <radu.nicolau@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
>>> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
>>> Subject: Re: [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS
>>> file
>>>
>>> On 10/16/2017 7:09 PM, De Lara Guarch, Pablo wrote:
>>>> Hi Aviad,
>>>>
>>>>> -----Original Message-----
>>>>> From: Aviad Yehezkel [mailto:aviadye@dev.mellanox.co.il]
>>>>> Sent: Monday, October 16, 2017 11:44 AM
>>>>> To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>;
>>>>> dev@dpdk.org; De Lara Guarch, Pablo
>>> <pablo.de.lara.guarch@intel.com>;
>>>>> aviadye@mellanox.com
>>>>> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
>>> hemant.agrawal@nxp.com;
>>>>> Nicolau, Radu <radu.nicolau@intel.com>; Doherty, Declan
>>>>> <declan.doherty@intel.com>; liranl@mellanox.com;
>>>>> nelio.laranjeiro@6wind.com; thomas@monjalon.net
>>>>> Subject: Re: [dpdk-dev][PATCH 01/11] examples/ipsec-secgw: updated
>>>>> MAINTAINERS file
>>>>>
>>>>>
>>>>>
>>>>> On 10/16/2017 12:27 PM, Sergio Gonzalez Monroy wrote:
>>>>>> Hi Aviad,
>>>>>>
>>>>>> On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
>>>>>>> From: Aviad Yehezkel <aviadye@mellanox.com>
>>>>>>>
>>>>>>> As agreed with Sergio and Pablo
>>>>>>
>>>>>> I don't think the commit message is relevant.
>>>>>> Either me or Pablo acking the patch would have the same meaning.
>>>>>>
>>>>>> Thanks,
>>>>>> Sergio
>>>>>
>>>>> Will fix.
>>>>
>>>> Actually, it is too early for you to take ownership on this app, as
>>>> you have recently started contributing to DPDK, so I have to NACK this
>>> patch.
>>>> Sorry for the confusion.
>>>>
>>>> Said that, anyone from the rest of the developers of rte_security
>>>> (with past contributions) that would like to volunteer to maintain
>>>> this
>>> app?
>>>>
>>>
>>> I want to ask Akhil, if he agrees to commit time to do this work?
> I can, but I think Radu is already added as a co maintainer.
>
No issue with having another co-maintainer.
Thanks,
Sergio
>>
>> I would support that decision :)
>>
> Thanks for your support Pablo.
>
> -Akhil
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode
2017-10-20 5:55 ` Sergio Gonzalez Monroy
@ 2017-10-23 10:54 ` De Lara Guarch, Pablo
2017-10-23 11:40 ` Aviad Yehezkel
0 siblings, 1 reply; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-23 10:54 UTC (permalink / raw)
To: Gonzalez Monroy, Sergio, aviadye, dev, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
Hi Aviad,
> -----Original Message-----
> From: Gonzalez Monroy, Sergio
> Sent: Friday, October 20, 2017 6:56 AM
> To: aviadye@dev.mellanox.co.il; dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; liranl@mellanox.com;
> nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: Re: [dpdk-dev][PATCH v2 4/6] examples/ipsec-secgw: add correct
> padding to tunnel mode
>
> Hi Aviad,
>
> I think you missed my question on v1 for this patch.
>
> Could you provide an example where the pad calculation with the current
> code is wrong?
>
Could you reply to the comments from Sergio and Radu?
We should try to get this merged ASAP.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode
2017-10-23 10:54 ` De Lara Guarch, Pablo
@ 2017-10-23 11:40 ` Aviad Yehezkel
0 siblings, 0 replies; 72+ messages in thread
From: Aviad Yehezkel @ 2017-10-23 11:40 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Gonzalez Monroy, Sergio, dev, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, liranl, nelio.laranjeiro, thomas
I talked with Akhil. I will send v3 of patches by EOD and hold back this
patch.
The reason I don't have time to deep dive regression tests and get back
with an example in the upcoming days.
Thanks!
On 10/23/2017 1:54 PM, De Lara Guarch, Pablo wrote:
> Hi Aviad,
>
>> -----Original Message-----
>> From: Gonzalez Monroy, Sergio
>> Sent: Friday, October 20, 2017 6:56 AM
>> To: aviadye@dev.mellanox.co.il; dev@dpdk.org; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
>> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
>> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
>> Doherty, Declan <declan.doherty@intel.com>; liranl@mellanox.com;
>> nelio.laranjeiro@6wind.com; thomas@monjalon.net
>> Subject: Re: [dpdk-dev][PATCH v2 4/6] examples/ipsec-secgw: add correct
>> padding to tunnel mode
>>
>> Hi Aviad,
>>
>> I think you missed my question on v1 for this patch.
>>
>> Could you provide an example where the pad calculation with the current
>> code is wrong?
>>
> Could you reply to the comments from Sergio and Radu?
> We should try to get this merged ASAP.
>
> Thanks,
> Pablo
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix initialization of aead crypto devices
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
` (12 preceding siblings ...)
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
@ 2017-10-24 12:48 ` aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 2/4] examples/ipsec-secgw: fix create session also for aead aviadye
` (3 more replies)
13 siblings, 4 replies; 72+ messages in thread
From: aviadye @ 2017-10-24 12:48 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v3:
* Address feedbacks.
v2:
* Fix commit message.
* Address feedbacks.
---
examples/ipsec-secgw/ipsec-secgw.c | 13 +++++++++++--
examples/ipsec-secgw/ipsec.h | 1 +
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 39f81cb..6abf852 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1132,7 +1132,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
uint16_t qp, struct lcore_params *params,
struct ipsec_ctx *ipsec_ctx,
const struct rte_cryptodev_capabilities *cipher,
- const struct rte_cryptodev_capabilities *auth)
+ const struct rte_cryptodev_capabilities *auth,
+ const struct rte_cryptodev_capabilities *aead)
{
int32_t ret = 0;
unsigned long i;
@@ -1143,6 +1144,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
key.cipher_algo = cipher->sym.cipher.algo;
if (auth)
key.auth_algo = auth->sym.auth.algo;
+ if (aead)
+ key.aead_algo = aead->sym.aead.algo;
ret = rte_hash_lookup(map, &key);
if (ret != -ENOENT)
@@ -1211,6 +1214,12 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
continue;
+ if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ ret |= add_mapping(map, str, cdev_id, qp, params,
+ ipsec_ctx, NULL, NULL, i);
+ continue;
+ }
+
if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
continue;
@@ -1223,7 +1232,7 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
continue;
ret |= add_mapping(map, str, cdev_id, qp, params,
- ipsec_ctx, i, j);
+ ipsec_ctx, i, j, NULL);
}
}
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index da1fb1b..7d057ae 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -150,6 +150,7 @@ struct cdev_key {
uint16_t lcore_id;
uint8_t cipher_algo;
uint8_t auth_algo;
+ uint8_t aead_algo;
};
struct socket_ctx {
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v3 2/4] examples/ipsec-secgw: fix create session also for aead
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 1/4] " aviadye
@ 2017-10-24 12:48 ` aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 3/4] examples/ipsec-secgw: fix AAD length for aes-gcm aviadye
` (2 subsequent siblings)
3 siblings, 0 replies; 72+ messages in thread
From: aviadye @ 2017-10-24 12:48 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
Search for session also with aead key
Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v3:
* Added fixes string in commit message.
v2:
* Fix commit message.
* Addressed feedback.
---
examples/ipsec-secgw/ipsec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 0afb9d6..36fb8c8 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -56,13 +56,17 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
key.cipher_algo = (uint8_t)sa->cipher_algo;
key.auth_algo = (uint8_t)sa->auth_algo;
+ key.aead_algo = (uint8_t)sa->aead_algo;
ret = rte_hash_lookup_data(ipsec_ctx->cdev_map, &key,
(void **)&cdev_id_qp);
if (ret < 0) {
RTE_LOG(ERR, IPSEC, "No cryptodev: core %u, cipher_algo %u, "
- "auth_algo %u\n", key.lcore_id, key.cipher_algo,
- key.auth_algo);
+ "auth_algo %u, aead_algo %u\n",
+ key.lcore_id,
+ key.cipher_algo,
+ key.auth_algo,
+ key.aead_algo);
return -1;
}
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v3 3/4] examples/ipsec-secgw: fix AAD length for aes-gcm
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 1/4] " aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 2/4] examples/ipsec-secgw: fix create session also for aead aviadye
@ 2017-10-24 12:48 ` aviadye
2017-10-24 12:49 ` [dpdk-dev] [PATCH v3 4/4] examples/ipsec-secgw: iv should be be64 aviadye
2017-10-24 14:06 ` [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix initialization of aead crypto devices Radu Nicolau
3 siblings, 0 replies; 72+ messages in thread
From: aviadye @ 2017-10-24 12:48 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
This cause auth failure issue
Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v3:
* Address feedbacks.
v2:
* Fix commit message.
---
examples/ipsec-secgw/sa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 7be0e62..ef94475 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -431,7 +431,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
rule->aead_algo = algo->algo;
rule->cipher_key_len = algo->key_len;
rule->digest_len = algo->digest_len;
- rule->aad_len = algo->key_len;
+ rule->aad_len = algo->aad_len;
rule->block_size = algo->block_size;
rule->iv_len = algo->iv_len;
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* [dpdk-dev] [PATCH v3 4/4] examples/ipsec-secgw: iv should be be64
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 1/4] " aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 2/4] examples/ipsec-secgw: fix create session also for aead aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 3/4] examples/ipsec-secgw: fix AAD length for aes-gcm aviadye
@ 2017-10-24 12:49 ` aviadye
2017-10-24 14:06 ` [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix initialization of aead crypto devices Radu Nicolau
3 siblings, 0 replies; 72+ messages in thread
From: aviadye @ 2017-10-24 12:49 UTC (permalink / raw)
To: dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, radu.nicolau,
declan.doherty, aviadye, liranl, nelio.laranjeiro, thomas
From: Aviad Yehezkel <aviadye@mellanox.com>
According to rfc4106 the IV should be unique and can be implemented
as counter.
The changed was created because putting an analyzer on wire and
comparing packets generated by this application and Linux kernel.
Linux kernel sets IV as BE, so it is worth to do the same for
future debug / comparison.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v3:
* Fix commit message.
v2:
* Fix commit message.
---
examples/ipsec-secgw/esp.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 063e63f..a63fb95 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -331,7 +331,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
uint8_t *aad;
- *iv = sa->seq;
+ *iv = rte_cpu_to_be_64(sa->seq);
sym_cop->aead.data.offset = ip_hdr_len +
sizeof(struct esp_hdr) + sa->iv_len;
sym_cop->aead.data.length = pad_payload_len;
@@ -344,7 +344,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct cnt_blk *icb = get_cnt_blk(m);
icb->salt = sa->salt;
- icb->iv = sa->seq;
+ icb->iv = rte_cpu_to_be_64(sa->seq);
icb->cnt = rte_cpu_to_be_32(1);
aad = get_aad(m);
@@ -367,7 +367,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
- *iv = sa->seq;
+ *iv = rte_cpu_to_be_64(sa->seq);
sym_cop->cipher.data.offset = ip_hdr_len +
sizeof(struct esp_hdr) + sa->iv_len;
sym_cop->cipher.data.length = pad_payload_len;
@@ -386,7 +386,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct cnt_blk *icb = get_cnt_blk(m);
icb->salt = sa->salt;
- icb->iv = sa->seq;
+ icb->iv = rte_cpu_to_be_64(sa->seq);
icb->cnt = rte_cpu_to_be_32(1);
switch (sa->auth_algo) {
--
2.7.4
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix initialization of aead crypto devices
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 1/4] " aviadye
` (2 preceding siblings ...)
2017-10-24 12:49 ` [dpdk-dev] [PATCH v3 4/4] examples/ipsec-secgw: iv should be be64 aviadye
@ 2017-10-24 14:06 ` Radu Nicolau
2017-10-24 14:20 ` De Lara Guarch, Pablo
3 siblings, 1 reply; 72+ messages in thread
From: Radu Nicolau @ 2017-10-24 14:06 UTC (permalink / raw)
To: aviadye, dev, sergio.gonzalez.monroy, pablo.de.lara.guarch, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, declan.doherty, liranl,
nelio.laranjeiro, thomas
On 10/24/2017 1:48 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
> Cc: stable@dpdk.org
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> --
> v3:
> * Address feedbacks.
> v2:
> * Fix commit message.
> * Address feedbacks.
> ---
>
Series-acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix initialization of aead crypto devices
2017-10-24 14:06 ` [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix initialization of aead crypto devices Radu Nicolau
@ 2017-10-24 14:20 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-24 14:20 UTC (permalink / raw)
To: Nicolau, Radu, aviadye, dev, Gonzalez Monroy, Sergio, aviadye
Cc: borisp, akhil.goyal, hemant.agrawal, Doherty, Declan, liranl,
nelio.laranjeiro, thomas
> From: Nicolau, Radu
> Sent: Tuesday, October 24, 2017 3:06 PM
> To: aviadye@dev.mellanox.co.il; dev@dpdk.org; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Doherty, Declan <declan.doherty@intel.com>;
> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: Re: [dpdk-dev][PATCH v3 1/4] examples/ipsec-secgw: fix
> initialization of aead crypto devices
>
>
> On 10/24/2017 1:48 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
> Cc: stable@dpdk.org
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> --
> v3:
> * Address feedbacks.
> v2:
> * Fix commit message.
> * Address feedbacks.
> ---
>
> Series-acked-by: Radu Nicolau <radu.nicolau@intel.com
Series applied to dpdk-next-crypto.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically
2017-10-20 16:34 ` Nicolau, Radu
@ 2019-03-28 19:11 ` Ferruh Yigit
2019-03-28 19:11 ` Ferruh Yigit
0 siblings, 1 reply; 72+ messages in thread
From: Ferruh Yigit @ 2019-03-28 19:11 UTC (permalink / raw)
To: Aviad Yehezkel
Cc: Nicolau, Radu, Konstantin Ananyev, Akhil Goyal, Pablo de Lara,
Thomas Monjalon, dpdk-dev
On 10/20/2017 5:34 PM, radu.nicolau at intel.com (Nicolau, Radu) wrote:
> Hi,
>
> I think this should be a separate patch, not bundled with a series of fixes.
> The guide has to be updated as well.
> And probably it's best to make the MAC configuration optional, keep a default hardcoded table.
The comment is outstanding since 2017, meanwhile 'ipsec-secgw' changed in between.
I am marking the patch as rejected, if it is still relevant please send a
new version on top of latest repo.
Sorry for any inconvenience caused.
For reference patch:
https://patches.dpdk.org/patch/30613/
>
> Regards,
> Radu
>
>> -----Original Message-----
>> From: aviadye at dev.mellanox.co.il [mailto:aviadye at dev.mellanox.co.il]
>> Sent: Thursday, October 19, 2017 7:53 PM
>> To: dev at dpdk.org; Gonzalez Monroy, Sergio
>> <sergio.gonzalez.monroy at intel.com>; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch at intel.com>; aviadye at mellanox.com
>> Cc: borisp at mellanox.com; akhil.goyal at nxp.com;
>> hemant.agrawal at nxp.com; Nicolau, Radu <radu.nicolau at intel.com>;
>> Doherty, Declan <declan.doherty at intel.com>; aviadye at dev.mellanox.co.il;
>> liranl at mellanox.com; nelio.laranjeiro at 6wind.com; thomas at monjalon.net
>> Subject: [dpdk-dev][PATCH v2 6/6] examples/ipsec-secgw: config ethernet
>> MACs dynamically
>>
>> From: Aviad Yehezkel <aviadye at mellanox.com>
>>
>> Issue: None
>> Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
>> --
>> v2:
> <snip>
>
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically
2019-03-28 19:11 ` Ferruh Yigit
@ 2019-03-28 19:11 ` Ferruh Yigit
0 siblings, 0 replies; 72+ messages in thread
From: Ferruh Yigit @ 2019-03-28 19:11 UTC (permalink / raw)
To: Aviad Yehezkel
Cc: Nicolau, Radu, Konstantin Ananyev, Akhil Goyal, Pablo de Lara,
Thomas Monjalon, dpdk-dev
On 10/20/2017 5:34 PM, radu.nicolau at intel.com (Nicolau, Radu) wrote:
> Hi,
>
> I think this should be a separate patch, not bundled with a series of fixes.
> The guide has to be updated as well.
> And probably it's best to make the MAC configuration optional, keep a default hardcoded table.
The comment is outstanding since 2017, meanwhile 'ipsec-secgw' changed in between.
I am marking the patch as rejected, if it is still relevant please send a
new version on top of latest repo.
Sorry for any inconvenience caused.
For reference patch:
https://patches.dpdk.org/patch/30613/
>
> Regards,
> Radu
>
>> -----Original Message-----
>> From: aviadye at dev.mellanox.co.il [mailto:aviadye at dev.mellanox.co.il]
>> Sent: Thursday, October 19, 2017 7:53 PM
>> To: dev at dpdk.org; Gonzalez Monroy, Sergio
>> <sergio.gonzalez.monroy at intel.com>; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch at intel.com>; aviadye at mellanox.com
>> Cc: borisp at mellanox.com; akhil.goyal at nxp.com;
>> hemant.agrawal at nxp.com; Nicolau, Radu <radu.nicolau at intel.com>;
>> Doherty, Declan <declan.doherty at intel.com>; aviadye at dev.mellanox.co.il;
>> liranl at mellanox.com; nelio.laranjeiro at 6wind.com; thomas at monjalon.net
>> Subject: [dpdk-dev][PATCH v2 6/6] examples/ipsec-secgw: config ethernet
>> MACs dynamically
>>
>> From: Aviad Yehezkel <aviadye at mellanox.com>
>>
>> Issue: None
>> Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
>> --
>> v2:
> <snip>
>
>
^ permalink raw reply [flat|nested] 72+ messages in thread
* Re: [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support
[not found] ` <1507987627-12224-4-git-send-email-aviadye@mellanox.com>
@ 2017-10-16 15:35 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 72+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-16 15:35 UTC (permalink / raw)
To: aviadye, dev, Gonzalez Monroy, Sergio
Cc: borisp, akhil.goyal, hemant.agrawal, Nicolau, Radu, Doherty,
Declan, aviadye, liranl, nelio.laranjeiro, thomas
> -----Original Message-----
> From: aviadye@mellanox.com [mailto:aviadye@mellanox.com]
> Sent: Saturday, October 14, 2017 2:27 PM
> To: dev@dpdk.org; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; aviadye@mellanox.com
> Cc: borisp@mellanox.com; akhil.goyal@nxp.com;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> Doherty, Declan <declan.doherty@intel.com>; aviadye@dev.mellanox.co.il;
> liranl@mellanox.com; nelio.laranjeiro@6wind.com; thomas@monjalon.net
> Subject: [dpdk-dev][PATCH 04/11] examples/ipsec-secgw: Fix aad_len for
> for aes-gcm support
>
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> This cause auth failure issue
> Seems like this was broken for aes-gcm for a long time
This last sentence is irrelevant for the commit message.
Better to explain what is broken than how long that has been broken for.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 72+ messages in thread
end of thread, other threads:[~2019-03-28 19:11 UTC | newest]
Thread overview: 72+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
2017-10-14 13:27 ` [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-16 15:23 ` De Lara Guarch, Pablo
2017-10-14 13:27 ` [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-16 15:33 ` De Lara Guarch, Pablo
2017-10-14 13:27 ` [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-14 13:27 ` [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:30 ` Sergio Gonzalez Monroy
2017-10-16 10:42 ` Aviad Yehezkel
2017-10-19 18:16 ` De Lara Guarch, Pablo
2017-10-19 18:29 ` Aviad Yehezkel
2017-10-14 13:27 ` [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:36 ` Sergio Gonzalez Monroy
2017-10-14 13:27 ` [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:39 ` Sergio Gonzalez Monroy
2017-10-14 13:28 ` [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64 aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:42 ` Sergio Gonzalez Monroy
2017-10-16 10:35 ` Aviad Yehezkel
2017-10-16 11:59 ` Sergio Gonzalez Monroy
2017-10-14 13:28 ` [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-16 9:43 ` Sergio Gonzalez Monroy
2017-10-16 11:44 ` Aviad Yehezkel
2017-10-16 12:03 ` Sergio Gonzalez Monroy
2017-10-19 18:44 ` Aviad Yehezkel
2017-10-14 13:28 ` [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-16 9:44 ` Sergio Gonzalez Monroy
2017-10-16 10:38 ` Aviad Yehezkel
2017-10-14 13:28 ` [dpdk-dev] [PATCH 11/11] examples/ipsec-secgw: Ethernet MAC configuration is now dynamic throw conf file aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-15 12:53 ` [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file Aviad Yehezkel
2017-10-16 7:33 ` De Lara Guarch, Pablo
2017-10-16 9:27 ` Sergio Gonzalez Monroy
2017-10-16 10:43 ` Aviad Yehezkel
2017-10-16 13:39 ` De Lara Guarch, Pablo
2017-10-17 12:36 ` Hemant Agrawal
2017-10-17 13:17 ` De Lara Guarch, Pablo
2017-10-21 17:12 ` Akhil Goyal
2017-10-23 8:32 ` Sergio Gonzalez Monroy
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 2/6] examples/ipsec-secgw: fix create session also for aead aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for for aes-gcm aviadye
2017-10-20 9:52 ` De Lara Guarch, Pablo
2017-10-20 10:52 ` Thomas Monjalon
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode aviadye
2017-10-20 5:55 ` Sergio Gonzalez Monroy
2017-10-23 10:54 ` De Lara Guarch, Pablo
2017-10-23 11:40 ` Aviad Yehezkel
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 5/6] examples/ipsec-secgw: iv should be be64 aviadye
2017-10-20 15:28 ` Radu Nicolau
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically aviadye
2017-10-20 16:34 ` Nicolau, Radu
2019-03-28 19:11 ` Ferruh Yigit
2019-03-28 19:11 ` Ferruh Yigit
2017-10-20 9:50 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices De Lara Guarch, Pablo
2017-10-22 7:21 ` Aviad Yehezkel
2017-10-22 11:00 ` Thomas Monjalon
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 1/4] " aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 2/4] examples/ipsec-secgw: fix create session also for aead aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 3/4] examples/ipsec-secgw: fix AAD length for aes-gcm aviadye
2017-10-24 12:49 ` [dpdk-dev] [PATCH v3 4/4] examples/ipsec-secgw: iv should be be64 aviadye
2017-10-24 14:06 ` [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix initialization of aead crypto devices Radu Nicolau
2017-10-24 14:20 ` De Lara Guarch, Pablo
[not found] <1507987627-12224-1-git-send-email-aviadye@mellanox.com>
[not found] ` <1507987627-12224-4-git-send-email-aviadye@mellanox.com>
2017-10-16 15:35 ` [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support De Lara Guarch, Pablo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).