From patchwork Wed Sep 15 16:29:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nithin Dabilpuram X-Patchwork-Id: 98945 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D6E76A0C41; Wed, 15 Sep 2021 18:30:27 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BBE36411B2; Wed, 15 Sep 2021 18:30:27 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 964AA4014F for ; Wed, 15 Sep 2021 18:30:25 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18FAZI8t024632; Wed, 15 Sep 2021 09:30:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=pfpt0220; bh=UIr+q4SeZIgqwQfhoNlwVDyPy5D4fwZ7uTRu4XyiwVw=; b=FWzg5w9HWblQv7GwGfN6pgZeVqj0CLrrku+B9jWfh7jpbssO9pGxkBIxMMl1hZsWaNrc rm5tJbDCqPQZw+Y/sE6GdweU79ateT18oIzeu81wu89Loe4ubhvTkyy8QwpHulUq4bQ/ FyXPNi/w+JI4cdkz4vFkUhKtHKulJ3Lf+RTjwOdpEslzHzIrceVVrMUE3Dq5m4VBhOSU eGsZZHkLtm0SEoyT3Rm7CI/PrTMpWsMTGs3tTWfISSrmUbiwXsWATNI3fcHWqCvmqxtb gq62Bkf36prSMldT3wftaqe6ZZDX4RZXCbUiyJTfNl+ZV8BqOj/I2Ra9B78pQ5PwfYFC DQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3b3f6y19k8-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 15 Sep 2021 09:30:22 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 15 Sep 2021 09:30:19 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 15 Sep 2021 09:30:20 -0700 Received: from hyd1588t430.marvell.com (unknown [10.29.52.204]) by maili.marvell.com (Postfix) with ESMTP id C03245B6972; Wed, 15 Sep 2021 09:30:12 -0700 (PDT) From: Nithin Dabilpuram To: , , , , , CC: , , , , , , , Date: Wed, 15 Sep 2021 21:59:59 +0530 Message-ID: <20210915163001.26859-2-ndabilpuram@marvell.com> X-Mailer: git-send-email 2.8.4 In-Reply-To: <20210915163001.26859-1-ndabilpuram@marvell.com> References: <20210624102848.3878788-1-gakhil@marvell.com> <20210915163001.26859-1-ndabilpuram@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: s8mjt9wlRpF-Kmo_FRxavYeuoLTk6_jl X-Proofpoint-ORIG-GUID: s8mjt9wlRpF-Kmo_FRxavYeuoLTk6_jl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-15_04,2021-09-15_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v6 1/3] security: enforce semantics for Tx inline processing X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Not all net PMD's/HW can parse packet and identify L2 header and L3 header locations on Tx. This is inline with other Tx offloads requirements such as L3 checksum, L4 checksum offload, etc, where mbuf.l2_len, mbuf.l3_len etc, needs to be set for HW to be able to generate checksum. Since Inline IPSec is also such a Tx offload, some PMD's at least need mbuf.l2_len to be valid to find L3 header and perform Outbound IPSec processing. Hence, this patch updates documentation to enforce setting mbuf.l2_len while setting PKT_TX_SEC_OFFLOAD in mbuf.ol_flags for Inline IPSec Crypto / Protocol offload processing to work on Tx. Signed-off-by: Nithin Dabilpuram Acked-by: Konstantin Ananyev Acked-by: Akhil Goyal --- doc/guides/nics/features.rst | 2 ++ lib/mbuf/rte_mbuf_core.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst index a96e12d..4fce8cd 100644 --- a/doc/guides/nics/features.rst +++ b/doc/guides/nics/features.rst @@ -430,6 +430,7 @@ of protocol operations. See Security library and PMD documentation for more deta * **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFLOAD_SECURITY``, * **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_SECURITY``. +* **[uses] mbuf**: ``mbuf.l2_len``. * **[implements] rte_security_ops**: ``session_create``, ``session_update``, ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``capabilities_get``. * **[provides] rte_eth_dev_info**: ``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``, @@ -451,6 +452,7 @@ protocol operations. See security library and PMD documentation for more details * **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFLOAD_SECURITY``, * **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_SECURITY``. +* **[uses] mbuf**: ``mbuf.l2_len``. * **[implements] rte_security_ops**: ``session_create``, ``session_update``, ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``get_userdata``, ``capabilities_get``. diff --git a/lib/mbuf/rte_mbuf_core.h b/lib/mbuf/rte_mbuf_core.h index bb38d7f..9d8e3dd 100644 --- a/lib/mbuf/rte_mbuf_core.h +++ b/lib/mbuf/rte_mbuf_core.h @@ -228,6 +228,8 @@ extern "C" { /** * Request security offload processing on the TX packet. + * To use Tx security offload, the user needs to fill l2_len in mbuf + * indicating L2 header size and where L3 header starts. */ #define PKT_TX_SEC_OFFLOAD (1ULL << 43) From patchwork Wed Sep 15 16:30:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nithin Dabilpuram X-Patchwork-Id: 98946 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 978FAA0C41; Wed, 15 Sep 2021 18:30:32 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1EF3C411B9; Wed, 15 Sep 2021 18:30:29 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9852B411AE for ; Wed, 15 Sep 2021 18:30:25 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18FAgwPs002909; Wed, 15 Sep 2021 09:30:24 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=pfpt0220; bh=zXpmlh5H/BNoUWEKjRzbr7TRkuj+osb7278/V+HStIk=; b=Ej0j44djBEdRKl5aSUN7toOStl7bwHDkfckVXp67lt6n6jQqwFvUJmeJP9Cn7xkCJl+y fpH9+HHOtEt1wzi406bVTbAhnigTmte29+UHtRInA/lcT9Yo73VuZzTvVNG6VwezVFF4 InG5jCUFMD/kb6KhSVJIcgH2uluZOsdrA6WpP3VdEbDLpqmOl/w2Zpg6bc6wxdamqCAA RFYKgAIKxixRsARKKiy1n92szaGdGDH74KDuGkhCyVJLj06iLeoh7mLATbVeX/qnbvO5 4KKLdPIx/EaLXZoWrE0gENFqweOLzEyXBr//dnCWNM8J4261zc5k9taiUDhbH0hfLMaw wA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3b3f6y19kk-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 15 Sep 2021 09:30:24 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 15 Sep 2021 09:30:22 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 15 Sep 2021 09:30:22 -0700 Received: from hyd1588t430.marvell.com (unknown [10.29.52.204]) by maili.marvell.com (Postfix) with ESMTP id 133855B695E; Wed, 15 Sep 2021 09:30:16 -0700 (PDT) From: Nithin Dabilpuram To: , , , , , CC: , , , , , , , Date: Wed, 15 Sep 2021 22:00:00 +0530 Message-ID: <20210915163001.26859-3-ndabilpuram@marvell.com> X-Mailer: git-send-email 2.8.4 In-Reply-To: <20210915163001.26859-1-ndabilpuram@marvell.com> References: <20210624102848.3878788-1-gakhil@marvell.com> <20210915163001.26859-1-ndabilpuram@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: QKyHsJdx8_Nt9iTNW5yHhm2cq4djrDqY X-Proofpoint-ORIG-GUID: QKyHsJdx8_Nt9iTNW5yHhm2cq4djrDqY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-15_04,2021-09-15_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v6 2/3] security: add option for faster udata or mdata access X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Currently rte_security_set_pkt_metadata() and rte_security_get_userdata() methods to set pkt metadata on Inline outbound and get userdata after Inline inbound processing is always driver specific callbacks. For drivers that do not have much to do in the callbacks but just to update metadata in rte_security dynamic field and get userdata from rte_security dynamic field, having to just to PMD specific callback is costly per packet operation. This patch provides a mechanism to do the same in inline function and avoid function pointer jump if a driver supports the same. Signed-off-by: Nithin Dabilpuram Acked-by: Konstantin Ananyev Acked-by: Akhil Goyal --- doc/guides/rel_notes/deprecation.rst | 4 --- doc/guides/rel_notes/release_21_08.rst | 6 +++++ lib/security/rte_security.c | 8 +++--- lib/security/rte_security.h | 49 +++++++++++++++++++++++++++++++--- lib/security/version.map | 2 ++ 5 files changed, 57 insertions(+), 12 deletions(-) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 59445a6..70ef45e 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -276,10 +276,6 @@ Deprecation Notices content. On Linux and FreeBSD, supported prior to DPDK 20.11, original structure will be kept until DPDK 21.11. -* security: The functions ``rte_security_set_pkt_metadata`` and - ``rte_security_get_userdata`` will be made inline functions and additional - flags will be added in structure ``rte_security_ctx`` in DPDK 21.11. - * cryptodev: The structure ``rte_crypto_op`` would be updated to reduce reserved bytes to 2 (from 3), and use 1 byte to indicate warnings and other information from the crypto/security operation. This field will be used to diff --git a/doc/guides/rel_notes/release_21_08.rst b/doc/guides/rel_notes/release_21_08.rst index b4cbf2d..dd92461 100644 --- a/doc/guides/rel_notes/release_21_08.rst +++ b/doc/guides/rel_notes/release_21_08.rst @@ -223,6 +223,12 @@ ABI Changes * No ABI change that would break compatibility with 20.11. +* security: ``rte_security_set_pkt_metadata`` and ``rte_security_get_userdata`` + routines used by Inline outbound and Inline inbound security processing are + made inline and enhanced to do simple 64-bit set/get for PMD's that do not + have much processing in PMD specific callbacks but just 64-bit set/get. + This avoids a per pkt function pointer jump overhead for such PMD's. + Known Issues ------------ diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index e8116d5..fe81ed3 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -122,9 +122,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance, } int -rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, - struct rte_mbuf *m, void *params) +__rte_security_set_pkt_metadata(struct rte_security_ctx *instance, + struct rte_security_session *sess, + struct rte_mbuf *m, void *params) { #ifdef RTE_DEBUG RTE_PTR_OR_ERR_RET(sess, -EINVAL); @@ -137,7 +137,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance, } void * -rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) +__rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) { void *userdata = NULL; diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 2e136d7..2446ab0 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -71,8 +71,19 @@ struct rte_security_ctx { /**< Pointer to security ops for the device */ uint16_t sess_cnt; /**< Number of sessions attached to this context */ + uint32_t flags; + /**< Flags for security context */ }; +#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 +/**< Driver uses fast metadata update without using driver specific callback */ + +#define RTE_SEC_CTX_F_FAST_GET_UDATA 0x00000002 +/**< Driver provides udata using fast method without using driver specific + * callback. For fast mdata and udata, mbuf dynamic field would be registered + * by driver via rte_security_dynfield_register(). + */ + /** * IPSEC tunnel parameters * @@ -494,6 +505,12 @@ static inline bool rte_security_dynfield_is_registered(void) return rte_security_dynfield_offset >= 0; } +/** Function to call PMD specific function pointer set_pkt_metadata() */ +__rte_experimental +extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, + struct rte_security_session *sess, + struct rte_mbuf *m, void *params); + /** * Updates the buffer with device-specific defined metadata * @@ -507,10 +524,26 @@ static inline bool rte_security_dynfield_is_registered(void) * - On success, zero. * - On failure, a negative value. */ -int +static inline int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, - struct rte_mbuf *mb, void *params); + struct rte_mbuf *mb, void *params) +{ + /* Fast Path */ + if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { + *rte_security_dynfield(mb) = + (rte_security_dynfield_t)(sess->sess_private_data); + return 0; + } + + /* Jump to PMD specific function pointer */ + return __rte_security_set_pkt_metadata(instance, sess, mb, params); +} + +/** Function to call PMD specific function pointer get_userdata() */ +__rte_experimental +extern void *__rte_security_get_userdata(struct rte_security_ctx *instance, + uint64_t md); /** * Get userdata associated with the security session. Device specific metadata @@ -530,8 +563,16 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance, * - On failure, NULL */ __rte_experimental -void * -rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md); +static inline void * +rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) +{ + /* Fast Path */ + if (instance->flags & RTE_SEC_CTX_F_FAST_GET_UDATA) + return (void *)(uintptr_t)md; + + /* Jump to PMD specific function pointer */ + return __rte_security_get_userdata(instance, md); +} /** * Attach a session to a symmetric crypto operation diff --git a/lib/security/version.map b/lib/security/version.map index c44c7f5..45ace9c 100644 --- a/lib/security/version.map +++ b/lib/security/version.map @@ -20,4 +20,6 @@ EXPERIMENTAL { rte_security_get_userdata; rte_security_session_stats_get; rte_security_session_update; + __rte_security_set_pkt_metadata; + __rte_security_get_userdata; }; From patchwork Wed Sep 15 16:30:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nithin Dabilpuram X-Patchwork-Id: 98947 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 40035A0C41; Wed, 15 Sep 2021 18:30:43 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 682DE411C3; Wed, 15 Sep 2021 18:30:32 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 399E04014F for ; Wed, 15 Sep 2021 18:30:28 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18FAZI8u024632; Wed, 15 Sep 2021 09:30:27 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=pfpt0220; bh=8epGlKyUq4LEHH39ZfYX+tBx2e3brGauomOVHCtL7bY=; b=kL5+dg3NcYv88lvlNkWhEB9Npe4qZge0Ot/m/vBlKFRHoHBrBeL7H8PXFEQdP6YEAXl+ DCxf+hoZzI/OadioTJZlhOOaW5N98sSr9xtJr4EoxKQ3Q8U0UnUjlRttQSYI8sQHeX6F 40RSJNSPowR6CfOyLR15rIWdQyHkN9U9k4eR5fYtGZDyyWINQKcaJkSpCHup1J4eKmZ2 y6HU8DqC7wUbqKXsRFlTuNk2BrNQbJzTtctHZ1U1boIAw3swBIEeeO2tHLcJj2dAoRoL 3Q6o5mmDjg8nGkTVrID/xaR5XcdXG0IIHc/gpbKMpqXx2m0HGueGv9x1j0qlnmA0h1JA AQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3b3f6y19m3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 15 Sep 2021 09:30:27 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 15 Sep 2021 09:30:25 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 15 Sep 2021 09:30:25 -0700 Received: from hyd1588t430.marvell.com (unknown [10.29.52.204]) by maili.marvell.com (Postfix) with ESMTP id 5ADC25B6956; Wed, 15 Sep 2021 09:30:21 -0700 (PDT) From: Nithin Dabilpuram To: , , , , , CC: , , , , , , , Date: Wed, 15 Sep 2021 22:00:01 +0530 Message-ID: <20210915163001.26859-4-ndabilpuram@marvell.com> X-Mailer: git-send-email 2.8.4 In-Reply-To: <20210915163001.26859-1-ndabilpuram@marvell.com> References: <20210624102848.3878788-1-gakhil@marvell.com> <20210915163001.26859-1-ndabilpuram@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: gnAPZjkuq8AXXZ078NtbCSfOq-TTmukH X-Proofpoint-ORIG-GUID: gnAPZjkuq8AXXZ078NtbCSfOq-TTmukH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-15_04,2021-09-15_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v6 3/3] examples/ipsec-secgw: update event mode inline path X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update mbuf.l2_len with L2 header size for outbound inline processing. This patch also fixes a bug in arg parsing. Signed-off-by: Nithin Dabilpuram Acked-by: Konstantin Ananyev Acked-by: Akhil Goyal --- examples/ipsec-secgw/ipsec-secgw.c | 2 ++ examples/ipsec-secgw/ipsec_worker.c | 41 ++++++++++++++++++++++++------------- 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index f252d34..7ad94cb 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -1495,6 +1495,8 @@ parse_portmask(const char *portmask) char *end = NULL; unsigned long pm; + errno = 0; + /* parse hexadecimal string */ pm = strtoul(portmask, &end, 16); if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0')) diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c index 647e22d..c545497 100644 --- a/examples/ipsec-secgw/ipsec_worker.c +++ b/examples/ipsec-secgw/ipsec_worker.c @@ -12,6 +12,11 @@ #include "ipsec-secgw.h" #include "ipsec_worker.h" +struct port_drv_mode_data { + struct rte_security_session *sess; + struct rte_security_ctx *ctx; +}; + static inline enum pkt_type process_ipsec_get_pkt_type(struct rte_mbuf *pkt, uint8_t **nlp) { @@ -60,7 +65,8 @@ ipsec_event_pre_forward(struct rte_mbuf *m, unsigned int port_id) static inline void prepare_out_sessions_tbl(struct sa_ctx *sa_out, - struct rte_security_session **sess_tbl, uint16_t size) + struct port_drv_mode_data *data, + uint16_t size) { struct rte_ipsec_session *pri_sess; struct ipsec_sa *sa; @@ -95,9 +101,10 @@ prepare_out_sessions_tbl(struct sa_ctx *sa_out, } /* Use only first inline session found for a given port */ - if (sess_tbl[sa->portid]) + if (data[sa->portid].sess) continue; - sess_tbl[sa->portid] = pri_sess->security.ses; + data[sa->portid].sess = pri_sess->security.ses; + data[sa->portid].ctx = pri_sess->security.ctx; } } @@ -356,9 +363,8 @@ process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct route_table *rt, goto drop_pkt_and_exit; } - if (sess->security.ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) - *(struct rte_security_session **)rte_security_dynfield(pkt) = - sess->security.ses; + rte_security_set_pkt_metadata(sess->security.ctx, + sess->security.ses, pkt, NULL); /* Mark the packet for Tx security offload */ pkt->ol_flags |= PKT_TX_SEC_OFFLOAD; @@ -367,6 +373,9 @@ process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct route_table *rt, port_id = sa->portid; send_pkt: + /* Provide L2 len for Outbound processing */ + pkt->l2_len = RTE_ETHER_HDR_LEN; + /* Update mac addresses */ update_mac_addrs(pkt, port_id); @@ -398,7 +407,7 @@ static void ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links, uint8_t nb_links) { - struct rte_security_session *sess_tbl[RTE_MAX_ETHPORTS] = { NULL }; + struct port_drv_mode_data data[RTE_MAX_ETHPORTS]; unsigned int nb_rx = 0; struct rte_mbuf *pkt; struct rte_event ev; @@ -412,6 +421,8 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links, return; } + memset(&data, 0, sizeof(struct port_drv_mode_data)); + /* Get core ID */ lcore_id = rte_lcore_id(); @@ -422,8 +433,8 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links, * Prepare security sessions table. In outbound driver mode * we always use first session configured for a given port */ - prepare_out_sessions_tbl(socket_ctx[socket_id].sa_out, sess_tbl, - RTE_MAX_ETHPORTS); + prepare_out_sessions_tbl(socket_ctx[socket_id].sa_out, data, + RTE_MAX_ETHPORTS); RTE_LOG(INFO, IPSEC, "Launching event mode worker (non-burst - Tx internal port - " @@ -460,19 +471,21 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links, if (!is_unprotected_port(port_id)) { - if (unlikely(!sess_tbl[port_id])) { + if (unlikely(!data[port_id].sess)) { rte_pktmbuf_free(pkt); continue; } /* Save security session */ - if (rte_security_dynfield_is_registered()) - *(struct rte_security_session **) - rte_security_dynfield(pkt) = - sess_tbl[port_id]; + rte_security_set_pkt_metadata(data[port_id].ctx, + data[port_id].sess, pkt, + NULL); /* Mark the packet for Tx security offload */ pkt->ol_flags |= PKT_TX_SEC_OFFLOAD; + + /* Provide L2 len for Outbound processing */ + pkt->l2_len = RTE_ETHER_HDR_LEN; } /*