[dpdk-dev,v4,2/3] examples/ipsec-secgw: add target queues in flow actions
Checks
Commit Message
Mellanox INNOVA NIC needs to have final target queue actions to perform
inline crypto.
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
---
Changes in v4:
* remove Egress code.
Changes in v3:
* removed PASSTHRU test for ingress.
* removed check on configured queues for the queue action.
Changes in v2:
* Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated.
---
examples/ipsec-secgw/ipsec.c | 53 ++++++++++++++++++++++++++++++++++++++++++--
examples/ipsec-secgw/ipsec.h | 2 +-
2 files changed, 52 insertions(+), 3 deletions(-)
Comments
Hi Nelio,
On 12/14/2017 08:44 PM, Nelio Laranjeiro wrote:
> Mellanox INNOVA NIC needs to have final target queue actions to perform
> inline crypto.
>
> Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
>
> ---
>
> Changes in v4:
>
> * remove Egress code.
>
> Changes in v3:
>
> * removed PASSTHRU test for ingress.
> * removed check on configured queues for the queue action.
>
> Changes in v2:
>
> * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated.
> ---
> examples/ipsec-secgw/ipsec.c | 53 ++++++++++++++++++++++++++++++++++++++++++--
> examples/ipsec-secgw/ipsec.h | 2 +-
> 2 files changed, 52 insertions(+), 3 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 17bd7620d..8e8dc6df7 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> rte_eth_dev_get_sec_ctx(
> sa->portid);
> const struct rte_security_capability *sec_cap;
> + int ret = 0;
>
> sa->sec_session = rte_security_session_create(ctx,
> &sess_conf, ipsec_ctx->session_pool);
> @@ -201,15 +202,63 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
> sa->action[0].conf = sa->sec_session;
>
> - sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
This is reverted in the second patch, right? Are you planning to revise
the patch fixing this? I'm fine with the changes, otherwise.
> -
> sa->attr.egress = (sa->direction ==
> RTE_SECURITY_IPSEC_SA_DIR_EGRESS);
> sa->attr.ingress = (sa->direction ==
> RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
> + if (sa->attr.ingress) {
> + uint8_t rss_key[40];
> + struct rte_eth_rss_conf rss_conf = {
> + .rss_key = rss_key,
> + .rss_key_len = 40,
> + };
> + struct rte_eth_dev *eth_dev;
> + union {
> + struct rte_flow_action_rss rss;
> + struct {
> + const struct rte_eth_rss_conf *rss_conf;
> + uint16_t num;
> + uint16_t queue[RTE_MAX_QUEUES_PER_PORT];
> + } local;
> + } action_rss;
> + unsigned int i;
> + unsigned int j;
> +
> + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
> + /* Try RSS. */
> + sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
> + sa->action[1].conf = &action_rss;
> + eth_dev = ctx->device;
> + rte_eth_dev_rss_hash_conf_get(sa->portid,
> + &rss_conf);
> + for (i = 0, j = 0;
> + i < eth_dev->data->nb_rx_queues; ++i)
> + if (eth_dev->data->rx_queues[i])
> + action_rss.local.queue[j++] = i;
> + action_rss.local.num = j;
> + action_rss.local.rss_conf = &rss_conf;
> + ret = rte_flow_validate(sa->portid, &sa->attr,
> + sa->pattern, sa->action,
> + &err);
> + if (!ret)
> + goto flow_create;
> + /* Try Queue. */
> + sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;
> + sa->action[1].conf =
> + &(struct rte_flow_action_queue){
> + .index = 0,
> + };
> + ret = rte_flow_validate(sa->portid, &sa->attr,
> + sa->pattern, sa->action,
> + &err);
> + if (ret)
> + goto flow_create_failure;
> + }
> +flow_create:
> sa->flow = rte_flow_create(sa->portid,
> &sa->attr, sa->pattern, sa->action, &err);
> if (sa->flow == NULL) {
> +flow_create_failure:
> RTE_LOG(ERR, IPSEC,
> "Failed to create ipsec flow msg: %s\n",
> err.message);
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 775b316ff..3c367d392 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -133,7 +133,7 @@ struct ipsec_sa {
> uint32_t ol_flags;
>
> #define MAX_RTE_FLOW_PATTERN (4)
> -#define MAX_RTE_FLOW_ACTIONS (2)
> +#define MAX_RTE_FLOW_ACTIONS (3)
> struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN];
> struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS];
> struct rte_flow_attr attr;
Hi Anoob,
On Mon, Dec 18, 2017 at 01:53:50PM +0530, Anoob Joseph wrote:
> Hi Nelio,
>
>
> On 12/14/2017 08:44 PM, Nelio Laranjeiro wrote:
> > Mellanox INNOVA NIC needs to have final target queue actions to perform
> > inline crypto.
> >
> > Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
> >
> > ---
> >
> > Changes in v4:
> >
> > * remove Egress code.
> >
> > Changes in v3:
> >
> > * removed PASSTHRU test for ingress.
> > * removed check on configured queues for the queue action.
> >
> > Changes in v2:
> >
> > * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated.
> > ---
> > examples/ipsec-secgw/ipsec.c | 53 ++++++++++++++++++++++++++++++++++++++++++--
> > examples/ipsec-secgw/ipsec.h | 2 +-
> > 2 files changed, 52 insertions(+), 3 deletions(-)
> >
> > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> > index 17bd7620d..8e8dc6df7 100644
> > --- a/examples/ipsec-secgw/ipsec.c
> > +++ b/examples/ipsec-secgw/ipsec.c
> > @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> > rte_eth_dev_get_sec_ctx(
> > sa->portid);
> > const struct rte_security_capability *sec_cap;
> > + int ret = 0;
> > sa->sec_session = rte_security_session_create(ctx,
> > &sess_conf, ipsec_ctx->session_pool);
> > @@ -201,15 +202,63 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> > sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
> > sa->action[0].conf = sa->sec_session;
> > - sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
> This is reverted in the second patch, right? Are you planning to revise the
> patch fixing this? I'm fine with the changes, otherwise.
<snip>
Yes I will send a v5 fixing this point.
Thanks,
@@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
rte_eth_dev_get_sec_ctx(
sa->portid);
const struct rte_security_capability *sec_cap;
+ int ret = 0;
sa->sec_session = rte_security_session_create(ctx,
&sess_conf, ipsec_ctx->session_pool);
@@ -201,15 +202,63 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
sa->action[0].conf = sa->sec_session;
- sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
-
sa->attr.egress = (sa->direction ==
RTE_SECURITY_IPSEC_SA_DIR_EGRESS);
sa->attr.ingress = (sa->direction ==
RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
+ if (sa->attr.ingress) {
+ uint8_t rss_key[40];
+ struct rte_eth_rss_conf rss_conf = {
+ .rss_key = rss_key,
+ .rss_key_len = 40,
+ };
+ struct rte_eth_dev *eth_dev;
+ union {
+ struct rte_flow_action_rss rss;
+ struct {
+ const struct rte_eth_rss_conf *rss_conf;
+ uint16_t num;
+ uint16_t queue[RTE_MAX_QUEUES_PER_PORT];
+ } local;
+ } action_rss;
+ unsigned int i;
+ unsigned int j;
+
+ sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
+ /* Try RSS. */
+ sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
+ sa->action[1].conf = &action_rss;
+ eth_dev = ctx->device;
+ rte_eth_dev_rss_hash_conf_get(sa->portid,
+ &rss_conf);
+ for (i = 0, j = 0;
+ i < eth_dev->data->nb_rx_queues; ++i)
+ if (eth_dev->data->rx_queues[i])
+ action_rss.local.queue[j++] = i;
+ action_rss.local.num = j;
+ action_rss.local.rss_conf = &rss_conf;
+ ret = rte_flow_validate(sa->portid, &sa->attr,
+ sa->pattern, sa->action,
+ &err);
+ if (!ret)
+ goto flow_create;
+ /* Try Queue. */
+ sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;
+ sa->action[1].conf =
+ &(struct rte_flow_action_queue){
+ .index = 0,
+ };
+ ret = rte_flow_validate(sa->portid, &sa->attr,
+ sa->pattern, sa->action,
+ &err);
+ if (ret)
+ goto flow_create_failure;
+ }
+flow_create:
sa->flow = rte_flow_create(sa->portid,
&sa->attr, sa->pattern, sa->action, &err);
if (sa->flow == NULL) {
+flow_create_failure:
RTE_LOG(ERR, IPSEC,
"Failed to create ipsec flow msg: %s\n",
err.message);
@@ -133,7 +133,7 @@ struct ipsec_sa {
uint32_t ol_flags;
#define MAX_RTE_FLOW_PATTERN (4)
-#define MAX_RTE_FLOW_ACTIONS (2)
+#define MAX_RTE_FLOW_ACTIONS (3)
struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN];
struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS];
struct rte_flow_attr attr;