examples: replace packed attributes

MSVC struct packing is not compatible with GCC. Replace macro
__rte_packed with __rte_packed_begin to push existing pack value
and set packing to 1-byte and macro

examples: replace packed attributes

MSVC struct packing is not compatible with GCC. Replace macro
__rte_packed with __rte_packed_begin to push existing pack value
and set packing to 1-byte and macro __rte_packed_end to restore
the pack value prior to the push.

Macro __rte_packed_end is deliberately utilized to trigger a
MSVC compiler warning if no existing packing has been pushed allowing
easy identification of locations where the __rte_packed_begin is
missing.

Signed-off-by: Andre Muezerie <andremue@linux.microsoft.com>

show more ...

ipsec: use IPv6 address structure

Update rte_ipsec_sadv6_key to use rte_ipv6_addr structures instead of
uint8_t[16] arrays.

Signed-off-by: Robin Jarry <rjarry@redhat.com>

examples/ipsec-secgw: revert SA salt endianness

The previous commit swapped the bytes of SA salt which
led to incorrect work of the ipsec-secgw application.
This patch reverts the previous commit an

examples/ipsec-secgw: revert SA salt endianness

The previous commit swapped the bytes of SA salt which
led to incorrect work of the ipsec-secgw application.
This patch reverts the previous commit and changes
the type of the salt field in the ipsec_sa structure.

Fixes: e6bfd9676109 ("examples/ipsec-secgw: fix SA salt endianness")
Cc: stable@dpdk.org

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>

show more ...

examples: fix lcore ID restriction

Currently the config option allows lcore IDs up to 255,
irrespective of RTE_MAX_LCORES and needs to be fixed.

The patch fixes these constraints by allowing all
lc

examples: fix lcore ID restriction

Currently the config option allows lcore IDs up to 255,
irrespective of RTE_MAX_LCORES and needs to be fixed.

The patch fixes these constraints by allowing all
lcore IDs up to RTE_MAX_LCORES.

Fixes: af75078fece3 ("first public release")
Fixes: f88e7c175a68 ("examples/l3fwd-power: add high/regular perf cores options")
Fixes: 08bd1a174461 ("examples/l3fwd-graph: add graph-based l3fwd skeleton")
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Fixes: 0e8f47491f09 ("examples/vm_power: add command to query CPU frequency")
Fixes: de3cfa2c9823 ("sched: initial import")
Cc: stable@dpdk.org

Signed-off-by: Sivaprasad Tummala <sivaprasad.tummala@amd.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>

show more ...

examples: fix queue ID restriction

Currently application supports Rx queue IDs up to 255
and max queues of 256 irrespective of device support.
This limits the number of active lcores to 256.

The pa

examples: fix queue ID restriction

Currently application supports Rx queue IDs up to 255
and max queues of 256 irrespective of device support.
This limits the number of active lcores to 256.

The patch fixes these constraints by increasing
the Rx queue IDs to support up to 65535.

Fixes: af75078fece3 ("first public release")
Fixes: f88e7c175a68 ("examples/l3fwd-power: add high/regular perf cores options")
Fixes: 08bd1a174461 ("examples/l3fwd-graph: add graph-based l3fwd skeleton")
Cc: stable@dpdk.org

Signed-off-by: Sivaprasad Tummala <sivaprasad.tummala@amd.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>

show more ...

examples: move alignment attribute on types for MSVC

Move location of __rte_aligned(a) to new conventional location. The new
placement between {struct,union} and the tag allows the desired
alignment

examples: move alignment attribute on types for MSVC

Move location of __rte_aligned(a) to new conventional location. The new
placement between {struct,union} and the tag allows the desired
alignment to be imparted on the type regardless of the toolchain being
used for both C and C++. Additionally, it avoids confusion by Doxygen
when generating documentation.

Signed-off-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
Reviewed-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: fix partial overflow

Case of partial overflow detected with ASan.
Added extra padding to cdev_key structure.

This structure is used for the key in hash table.
Padding is added

examples/ipsec-secgw: fix partial overflow

Case of partial overflow detected with ASan.
Added extra padding to cdev_key structure.

This structure is used for the key in hash table.
Padding is added to force the struct to use 8 bytes,
to ensure memory is notread past this structs boundary
(the hash key calculation reads 8 bytes if this struct is size 5 bytes).
The padding should be zeroed.
If fields are modified in this struct, the padding must be updated to
ensure multiple of 8 bytes size overall.

Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org

Signed-off-by: Brian Dooley <brian.dooley@intel.com>

show more ...

security: hide security context

rte_security_ctx is used by all security APIs to identify
which device security_op it need to call and hence it should
be opaque to the application.
Hence, it is now

security: hide security context

rte_security_ctx is used by all security APIs to identify
which device security_op it need to call and hence it should
be opaque to the application.
Hence, it is now moved to internal header file and all
APIs will now take an opaque pointer for it.
The fast path inline APIs like set metadata need to get flags
from security_ctx. The flags are now retrieved using inline APIs
which use macros to get the offset of flags in security_ctx.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>

show more ...

examples/ipsec-secgw: fix Tx offloads initialization

Fix uninitialized variable access of outbound offloads flags.

Coverity issue: 381669
Fixes: 6938fc92c404 ("examples/ipsec-secgw: add lookaside e

examples/ipsec-secgw: fix Tx offloads initialization

Fix uninitialized variable access of outbound offloads flags.

Coverity issue: 381669
Fixes: 6938fc92c404 ("examples/ipsec-secgw: add lookaside event mode")

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>

show more ...

examples/ipsec-secgw: support per SA HW reassembly

This add the support of hardware reassembly per SA basis.
In SA rule, new parameter reassembly_en is added to enable
HW reassembly per SA.
For exam

examples/ipsec-secgw: support per SA HW reassembly

This add the support of hardware reassembly per SA basis.
In SA rule, new parameter reassembly_en is added to enable
HW reassembly per SA.
For example:
sa in <idx> aead_algo <algo> aead_key <key> mode ipv4-tunnel src <ip>
dst <ip> type inline-protocol-offload port_id <id> reassembly_en

Stats counter frag_dropped will represent the number of fragment
drop in case of reassembly failures.

Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: add lookaside event mode

Added base support for lookaside event mode.
Events that are coming from ethdev will be enqueued
to the event crypto adapter, processed and
enqueued ba

examples/ipsec-secgw: add lookaside event mode

Added base support for lookaside event mode.
Events that are coming from ethdev will be enqueued
to the event crypto adapter, processed and
enqueued back to ethdev for the transmission.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

security: remove private mempool usage

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 m

security: remove private mempool usage

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.

User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().

Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>

show more ...

examples/ipsec-secgw: fix build with GCC 12

Typecasting uint32_t array to uint16_t and accessing it as max array
size(at time of declaration of uint32_t array) causes gcc-12 to
throw an error.

GCC

examples/ipsec-secgw: fix build with GCC 12

Typecasting uint32_t array to uint16_t and accessing it as max array
size(at time of declaration of uint32_t array) causes gcc-12 to
throw an error.

GCC 12 raises the following warning:

In function 'send_multi_pkts',
inlined from 'route6_pkts_neon' at
../examples/ipsec-secgw/ipsec_lpm_neon.h:170:2,
inlined from 'ipsec_poll_mode_wrkr_inl_pr' at
../examples/ipsec-secgw/ipsec_worker.c:1257:4:
../examples/ipsec-secgw/ipsec_neon.h:261:21: error: 'dst_port' may be used
uninitialized [-Werror=maybe-uninitialized]
261 | dlp = dst_port[i - 1];
| ~~~~^~~~~~~~~~~~~~~~~
In file included from ../examples/ipsec-secgw/ipsec_worker.c:16:
../examples/ipsec-secgw/ipsec_worker.c: In function
'ipsec_poll_mode_wrkr_inl_pr':
../examples/ipsec-secgw/ipsec_lpm_neon.h:118:17:
note: 'dst_port' declared here
118 | int32_t dst_port[MAX_PKT_BURST];
| ^~~~~~~~

Fixes: 6eb3ba03995c ("examples/ipsec-secgw: support poll mode NEON LPM lookup")
Fixes: dcbf9ad5fdf4 ("examples/ipsec-secgw: move fast path helper functions")
Cc: stable@dpdk.org

Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: create lookaside sessions at init

In event lookaside mode same session could be handled with multiple
cores, and session creation in datapath will cause situation where
multipl

examples/ipsec-secgw: create lookaside sessions at init

In event lookaside mode same session could be handled with multiple
cores, and session creation in datapath will cause situation where
multiple cores will try to create same session simultaneously.
To avoid such case and enable event lookaside mode in future, lookaside
sessions are now created at initialization in sa_add_rules().

All sessions(inline and lookaside) now created during init process, so
session pool information was removed from ipsec context. Core id was
added to obtain correct crypto device queue pair for the current core.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: get security context from lcore conf

Store security context pointer in lcore Rx queue config and
get it from there in fast path for better performance.
Currently rte_eth_dev_ge

examples/ipsec-secgw: get security context from lcore conf

Store security context pointer in lcore Rx queue config and
get it from there in fast path for better performance.
Currently rte_eth_dev_get_sec_ctx() which is meant to be control
path API is called per packet basis. For every call to that
API, ethdev port status is checked.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: move fast path helper functions

Move fast path helper functions to header file for easy access.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goya

examples/ipsec-secgw: move fast path helper functions

Move fast path helper functions to header file for easy access.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: add pool size parameters

Add support to enable per port packet pool and also override
vector pool size from command line args. This is useful
on some HW to tune performance bas

examples/ipsec-secgw: add pool size parameters

Add support to enable per port packet pool and also override
vector pool size from command line args. This is useful
on some HW to tune performance based on usecase.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: support additional algorithms

Add support for AES-GMAC, AES_CTR, AES_XCBC_MAC,
AES_CCM, CHACHA20_POLY1305

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-b

examples/ipsec-secgw: support additional algorithms

Add support for AES-GMAC, AES_CTR, AES_XCBC_MAC,
AES_CCM, CHACHA20_POLY1305

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: define initial ESN value

New option added to the SA configuration arguments that
allows setting an arbitrary start value for ESN.

For example in the SA below ESN will be enabl

examples/ipsec-secgw: define initial ESN value

New option added to the SA configuration arguments that
allows setting an arbitrary start value for ESN.

For example in the SA below ESN will be enabled and first egress
IPsec packet will have the ESN value 10000:

sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel \
src 172.16.1.5 dst 172.16.2.5 \
esn 10000

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: support telemetry

Add telemetry support to the IPsec GW sample app and add
support for per SA telemetry when using IPsec library.

Signed-off-by: Declan Doherty <declan.doherty

examples/ipsec-secgw: support telemetry

Add telemetry support to the IPsec GW sample app and add
support for per SA telemetry when using IPsec library.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: support UDP encap for inline crypto

Enable UDP encapsulation for both transport and tunnel modes for the
inline crypto offload path.

Signed-off-by: Radu Nicolau <radu.nicolau@

examples/ipsec-secgw: support UDP encap for inline crypto

Enable UDP encapsulation for both transport and tunnel modes for the
inline crypto offload path.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: support TCP TSO

Add support to allow user to specific MSS for TCP TSO offload on a per SA
basis. MSS configuration in the context of IPsec is only supported for
outbound SA's i

examples/ipsec-secgw: support TCP TSO

Add support to allow user to specific MSS for TCP TSO offload on a per SA
basis. MSS configuration in the context of IPsec is only supported for
outbound SA's in the context of an inline IPsec Crypto offload.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: clear soft expiry configuration

Soft expiry is not a mandatory IPsec feature. It is verified separately
with IPsec unit tests. So configuration of the same is not required.
Als

examples/ipsec-secgw: clear soft expiry configuration

Soft expiry is not a mandatory IPsec feature. It is verified separately
with IPsec unit tests. So configuration of the same is not required.
Also, soft expiry tracking can cause perf degradation with some PMDs.
Since a separate UT is available and the same setting in ipsec-secgw is
not verifying the functionality, remove the same by clearing life
configuration.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

security: add SA lifetime configuration

Add SA lifetime configuration to register soft and hard expiry limits.
Expiry can be in units of number of packets or bytes. Crypto op
status is also updated

security: add SA lifetime configuration

Add SA lifetime configuration to register soft and hard expiry limits.
Expiry can be in units of number of packets or bytes. Crypto op
status is also updated to include new field, aux_flags, which can be
used to indicate cases such as soft expiry in case of lookaside
protocol operations.

In case of soft expiry, the packets are successfully IPsec processed but
the soft expiry would indicate that SA needs to be reconfigured. For
inline protocol capable ethdev, this would result in an eth event while
for lookaside protocol capable cryptodev, this can be communicated via
`rte_crypto_op.aux_flags` field.

In case of hard expiry, the packets will not be IPsec processed and
would result in error.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

examples/ipsec-secgw: support UDP encapsulation

Adding lookaside IPsec UDP encapsulation support
for NAT traversal.
Application has to add udp-encap option to sa config file
to enable UDP encapsulat

examples/ipsec-secgw: support UDP encapsulation

Adding lookaside IPsec UDP encapsulation support
for NAT traversal.
Application has to add udp-encap option to sa config file
to enable UDP encapsulation on the SA.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

show more ...