use C linkage where appropriate in headers

Assure that 'extern "C" { /../ }' do not cover files included from a
particular header file, and address minor issues resulting from this
change of order.

use C linkage where appropriate in headers

Assure that 'extern "C" { /../ }' do not cover files included from a
particular header file, and address minor issues resulting from this
change of order.

Dealing with C++ should delegate to the individual include file level,
rather than being imposed by the user of that file. For example,
forcing C linkage prevents __Generic macros being replaced with
overloaded static inline functions in C++ translation units.

Eliminate 'extern "C"' from files which do not declare any symbols
(e.g., only macros or struct types).

On the other hand, the headers check is too naive in assuming that all
headers must contain a 'extern "C"'. Such a check was added in commit
1ee492bdc4ff ("buildtools/chkincs: check missing C++ guards").
Since this current change results in many headers not containing such
a token, remove the check for 'extern "C"' until we have a better
implementation.

Signed-off-by: Mattias Rönnblom <mattias.ronnblom@ericsson.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>

show more ...

security: remove marker fields

RTE_MARKER typedefs are a GCC extension unsupported by MSVC. Remove
RTE_MARKER fields from rte_mbuf struct.

Maintain alignment of fields after removed cacheline1 mark

security: remove marker fields

RTE_MARKER typedefs are a GCC extension unsupported by MSVC. Remove
RTE_MARKER fields from rte_mbuf struct.

Maintain alignment of fields after removed cacheline1 marker by placing
C11 alignas(RTE_CACHE_LINE_MIN_SIZE).

Signed-off-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
Reviewed-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>

show more ...

lib: use C11 alignment attribute on variables

The current location used for __rte_aligned(a) for alignment of
variables is not compatible with MSVC.

For variables, standard C11 offers alignas(a) su

lib: use C11 alignment attribute on variables

The current location used for __rte_aligned(a) for alignment of
variables is not compatible with MSVC.

For variables, standard C11 offers alignas(a) supported by conformant
compilers i.e. both MSVC and GCC.

Replace use of __rte_aligned(a) on variables/fields with alignas(a).

Signed-off-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>

show more ...

security: replace zero length array with flex array

Zero length arrays are GNU extension. Replace with
standard flex array.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by

security: replace zero length array with flex array

Zero length arrays are GNU extension. Replace with
standard flex array.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

show more ...

security: add fallback security processing and Rx inject

Add alternate datapath API for security processing which would do Rx
injection (similar to loopback) after successful security processing.

W

security: add fallback security processing and Rx inject

Add alternate datapath API for security processing which would do Rx
injection (similar to loopback) after successful security processing.

With inline protocol offload, variable part of the session context
(AR windows, lifetime etc in case of IPsec), is not accessible to the
application. If packets are not getting processed in the inline path
due to non security reasons (such as outer fragmentation or rte_flow
packet steering limitations), then the packet cannot be security
processed as the session context is private to the PMD and security
library doesn't provide alternate APIs to make use of the same session.

Introduce new API and Rx injection as fallback mechanism to security
processing failures due to non-security reasons. For example, when there
is outer fragmentation and PMD doesn't support reassembly of outer
fragments, application would receive fragments which it can then
reassemble. Post successful reassembly, packet can be submitted for
security processing and Rx inject. The packets can be then received in
the application as normal inline protocol processed packets.

Same API can be leveraged in lookaside protocol offload mode to inject
packet to Rx. This would help in using rte_flow based packet parsing
after security processing. For example, with IPsec, this will help in
flow splitting after IPsec processing is done.

In both inline protocol capable ethdevs and lookaside protocol capable
cryptodevs, the packet would be received back in eth port & queue based
on rte_flow rules and packet parsing after security processing. The API
would behave like a loopback but with the additional security
processing.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

security: hide security context

rte_security_ctx is used by all security APIs to identify
which device security_op it need to call and hence it should
be opaque to the application.
Hence, it is now

security: hide security context

rte_security_ctx is used by all security APIs to identify
which device security_op it need to call and hence it should
be opaque to the application.
Hence, it is now moved to internal header file and all
APIs will now take an opaque pointer for it.
The fast path inline APIs like set metadata need to get flags
from security_ctx. The flags are now retrieved using inline APIs
which use macros to get the offset of flags in security_ctx.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>

show more ...

security: introduce out-of-place inline ingress

Similar to out-of-place (OOP) processing support that exists for
Lookaside crypto/security sessions, Inline ingress security
sessions may also need ou

security: introduce out-of-place inline ingress

Similar to out-of-place (OOP) processing support that exists for
Lookaside crypto/security sessions, Inline ingress security
sessions may also need out of place processing in usecases
where original encrypted packet needs to be retained for post
processing. So for NIC's which have such a kind of HW support,
a new SA option is provided to indicate whether OOP needs to
be enabled on that Inline ingress security session or not.

Since for inline ingress sessions, packet is not received by
CPU until the processing is done, we can only have per-SA
option and not per-packet option like Lookaside sessions.

Also remove reserved_opts field from the rte_security_ipsec_sa_options
struct as mentioned in deprecation notice.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

lib: remove blank line ending comment blocks

At the end of a comment, no need for an extra line.

This pattern was fixed with the following command:
git ls lib | xargs sed -i '/^ *\* *$/{N;/ *\*\/ *

lib: remove blank line ending comment blocks

At the end of a comment, no need for an extra line.

This pattern was fixed with the following command:
git ls lib | xargs sed -i '/^ *\* *$/{N;/ *\*\/ *$/D;}'

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>

show more ...

security: add direction in SA/SC configuration

MACsec SC/SA ids are created based on direction of the flow.
Hence, added the missing field for configuration and cleanup
of the SCs and SAs.

Signed-o

security: add direction in SA/SC configuration

MACsec SC/SA ids are created based on direction of the flow.
Hence, added the missing field for configuration and cleanup
of the SCs and SAs.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cleanup compat header inclusions

With symbols going though experimental/stable stages, we accumulated
a lot of discrepancies about inclusion of the rte_compat.h header.

Some headers are including i

cleanup compat header inclusions

With symbols going though experimental/stable stages, we accumulated
a lot of discrepancies about inclusion of the rte_compat.h header.

Some headers are including it where unneeded, while others rely on
implicit inclusion.

Fix unneeded inclusions:
$ git grep -l include..rte_compat.h |
xargs grep -LE '__rte_(internal|experimental)' |
xargs sed -i -e '/#include..rte_compat.h/d'

Fix missing inclusion, by inserting rte_compat.h before the first
inclusion of a DPDK header:
$ git grep -lE '__rte_(internal|experimental)' |
xargs grep -L include..rte_compat.h |
xargs sed -i -e \
'0,/#include..\(rte_\|.*pmd.h.$\)/{
s/\(#include..\(rte_\|.*pmd.h.$\)\)/#include <rte_compat.h>\n\1/
}'

Fix missing inclusion, by inserting rte_compat.h after the last
inclusion of a non DPDK header:
$ for file in $(git grep -lE '__rte_(internal|experimental)' |
xargs grep -L include..rte_compat.h); do
tac $file > $file.$$
sed -i -e \
'0,/#include../{
s/\(#include..*$\)/#include <rte_compat.h>\n\n\1/
}' $file.$$
tac $file.$$ > $file
rm $file.$$
done

Fix missing inclusion, by inserting rte_compat.h after the header guard:
$ git grep -lE '__rte_(internal|experimental)' |
xargs grep -L include..rte_compat.h |
xargs sed -i -e \
'0,/#define/{
s/\(#define .*$\)/\1\n\n#include <rte_compat.h>/
}'

And finally, exclude rte_compat.h itself.
$ git checkout lib/eal/include/rte_compat.h

At the end of all this, we have a clean tree:
$ git grep -lE '__rte_(internal|experimental)' |
xargs grep -L include..rte_compat.h
buildtools/check-symbols.sh
devtools/checkpatches.sh
doc/guides/contributing/abi_policy.rst
doc/guides/rel_notes/release_20_11.rst
lib/eal/include/rte_compat.h

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>

show more ...

security: hide session structure

Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This fi

security: hide session structure

Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>

show more ...

security: remove private mempool usage

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 m

security: remove private mempool usage

As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.

To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.

User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().

Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>

show more ...

security: remove user data get API

The API rte_security_get_userdata() was being unused by most of
the drivers and it was retrieving userdata from mbuf dynamic field.
Hence, the API was removed and

security: remove user data get API

The API rte_security_get_userdata() was being unused by most of
the drivers and it was retrieving userdata from mbuf dynamic field.
Hence, the API was removed and the application can directly get the
userdata from dynamic field. This helps in removing extra checks
in datapath.

Signed-off-by: Srujana Challa <schalla@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

security: support MACsec

Added support for MACsec in rte_security for offloading
MACsec Protocol operation to inline NIC device or a crypto device.

To support MACsec we cannot just make one securit

security: support MACsec

Added support for MACsec in rte_security for offloading
MACsec Protocol operation to inline NIC device or a crypto device.

To support MACsec we cannot just make one security session and
send with the packet to process it. MACsec specifications suggest,
it has 3 different entities - SECY Entity, SC (secure channel) and
SA (security association). And same SA can be used by multiple SCs and
similarly many SECY can have same SCs. Hence, in order to support this
many to one relationships between all entities, 2 new APIs are created -
rte_security_macsec_sc_create and rte_security_macsec_sa_create.
Flow of execution of the APIs would be as
- rte_security_macsec_sa_create
- rte_security_macsec_sc_create
- rte_security_session_create (for secy)
And in case of inline protocol processing rte_flow can be created with
rte_security action. A new flow item will be added for MACsec header.
New APIs are also created for getting SC and SA stats.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>

show more ...

security: hide internal API

rte_security_dynfield_register() is an internal
API to be used by the driver, hence moving it to internal.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Kons

security: hide internal API

rte_security_dynfield_register() is an internal
API to be used by the driver, hence moving it to internal.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>

show more ...

lib: remove librte_ prefix from directory names

There is no reason for the DPDK libraries to all have 'librte_' prefix on
the directory names. This prefix makes the directory names longer and also
m

lib: remove librte_ prefix from directory names

There is no reason for the DPDK libraries to all have 'librte_' prefix on
the directory names. This prefix makes the directory names longer and also
makes it awkward to add features referring to individual libraries in the
build - should the lib names be specified with or without the prefix.
Therefore, we can just remove the library prefix and use the library's
unique name as the directory name, i.e. 'eal' rather than 'librte_eal'

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>

show more ...