Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/44516/?format=api
{ "id": 44516, "url": "https://patches.dpdk.org/api/patches/44516/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20180910143322.3680-1-roy.fan.zhang@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20180910143322.3680-1-roy.fan.zhang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20180910143322.3680-1-roy.fan.zhang@intel.com", "date": "2018-09-10T14:33:22", "name": "crypto action", "commit_ref": null, "pull_url": null, "state": "rejected", "archived": true, "hash": "0886f77028b468c12201b7101d86d02dc337397f", "submitter": { "id": 304, "url": "https://patches.dpdk.org/api/people/304/?format=api", "name": "Fan Zhang", "email": "roy.fan.zhang@intel.com" }, "delegate": { "id": 10018, "url": "https://patches.dpdk.org/api/users/10018/?format=api", "username": "cristian_dumitrescu", "first_name": "Cristian", "last_name": "Dumitrescu", "email": "cristian.dumitrescu@intel.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20180910143322.3680-1-roy.fan.zhang@intel.com/mbox/", "series": [ { "id": 1253, "url": "https://patches.dpdk.org/api/series/1253/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=1253", "date": "2018-09-10T14:33:22", "name": "crypto action", "version": 1, "mbox": "https://patches.dpdk.org/series/1253/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/44516/comments/", "check": "warning", "checks": "https://patches.dpdk.org/api/patches/44516/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 50E694C92;\n\tMon, 10 Sep 2018 16:47:35 +0200 (CEST)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n\tby dpdk.org (Postfix) with ESMTP id 6A9F91B19\n\tfor <dev@dpdk.org>; Mon, 10 Sep 2018 16:47:33 +0200 (CEST)", "from fmsmga001.fm.intel.com ([10.253.24.23])\n\tby fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t10 Sep 2018 07:47:32 -0700", "from silpixa00398673.ir.intel.com (HELO\n\tsilpixa00398673.ger.corp.intel.com) ([10.237.223.54])\n\tby fmsmga001.fm.intel.com with ESMTP; 10 Sep 2018 07:47:21 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.53,356,1531810800\"; d=\"scan'208\";a=\"88734558\"", "From": "\"Zhang, Roy Fan\" <roy.fan.zhang@intel.com>", "To": "dev@dpdk.org", "Cc": "cristian.dumitrescu@intel.com", "Date": "Mon, 10 Sep 2018 15:33:22 +0100", "Message-Id": "<20180910143322.3680-1-roy.fan.zhang@intel.com>", "X-Mailer": "git-send-email 2.13.6", "Subject": "[dpdk-dev] [PATCH] crypto action", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Change-Id: If1aecaac3335685f3bef79f47768ba8ae7765fbb\nSigned-off-by: Zhang, Roy Fan <roy.fan.zhang@intel.com>\n---\n examples/ip_pipeline/Makefile | 1 +\n examples/ip_pipeline/action.c | 11 +\n examples/ip_pipeline/action.h | 1 +\n examples/ip_pipeline/cli.c | 744 +++++++++++++++++++++++++-\n examples/ip_pipeline/examples/flow_crypto.cli | 76 +++\n examples/ip_pipeline/main.c | 17 +\n examples/ip_pipeline/mempool.c | 2 +-\n examples/ip_pipeline/mempool.h | 1 +\n examples/ip_pipeline/pipeline.c | 61 +++\n examples/ip_pipeline/pipeline.h | 13 +\n examples/ip_pipeline/sym_crypto.c | 320 +++++++++++\n examples/ip_pipeline/sym_crypto.h | 104 ++++\n examples/ip_pipeline/thread.c | 10 +\n lib/librte_pipeline/rte_table_action.c | 183 ++++---\n lib/librte_pipeline/rte_table_action.h | 28 +-\n 15 files changed, 1472 insertions(+), 100 deletions(-)\n create mode 100644 examples/ip_pipeline/examples/flow_crypto.cli\n create mode 100644 examples/ip_pipeline/sym_crypto.c\n create mode 100644 examples/ip_pipeline/sym_crypto.h", "diff": "diff --git a/examples/ip_pipeline/Makefile b/examples/ip_pipeline/Makefile\nindex 3fb98ce3e..819625632 100644\n--- a/examples/ip_pipeline/Makefile\n+++ b/examples/ip_pipeline/Makefile\n@@ -18,6 +18,7 @@ SRCS-y += swq.c\n SRCS-y += tap.c\n SRCS-y += thread.c\n SRCS-y += tmgr.c\n+SRCS-y += sym_crypto.c\n \n # Build using pkg-config variables if possible\n $(shell pkg-config --exists libdpdk)\ndiff --git a/examples/ip_pipeline/action.c b/examples/ip_pipeline/action.c\nindex a29c2b368..d97423568 100644\n--- a/examples/ip_pipeline/action.c\n+++ b/examples/ip_pipeline/action.c\n@@ -333,6 +333,17 @@ table_action_profile_create(const char *name,\n \t\t}\n \t}\n \n+\tif (params->action_mask & (1LLU << RTE_TABLE_ACTION_SYM_CRYPTO)) {\n+\t\tstatus = rte_table_action_profile_action_register(ap,\n+\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO,\n+\t\t\t¶ms->sym_crypto);\n+\n+\t\tif (status) {\n+\t\t\trte_table_action_profile_free(ap);\n+\t\t\treturn NULL;\n+\t\t}\n+\t}\n+\n \tstatus = rte_table_action_profile_freeze(ap);\n \tif (status) {\n \t\trte_table_action_profile_free(ap);\ndiff --git a/examples/ip_pipeline/action.h b/examples/ip_pipeline/action.h\nindex 417200e86..cde17e69a 100644\n--- a/examples/ip_pipeline/action.h\n+++ b/examples/ip_pipeline/action.h\n@@ -53,6 +53,7 @@ struct table_action_profile_params {\n \tstruct rte_table_action_nat_config nat;\n \tstruct rte_table_action_ttl_config ttl;\n \tstruct rte_table_action_stats_config stats;\n+\tstruct rte_table_action_sym_crypto_config sym_crypto;\n };\n \n struct table_action_profile {\ndiff --git a/examples/ip_pipeline/cli.c b/examples/ip_pipeline/cli.c\nindex 102a1d6b7..c73403378 100644\n--- a/examples/ip_pipeline/cli.c\n+++ b/examples/ip_pipeline/cli.c\n@@ -17,6 +17,7 @@\n #include \"mempool.h\"\n #include \"parser.h\"\n #include \"pipeline.h\"\n+#include \"sym_crypto.h\"\n #include \"swq.h\"\n #include \"tap.h\"\n #include \"thread.h\"\n@@ -66,7 +67,7 @@ cmd_mempool(char **tokens,\n \tchar *name;\n \tstruct mempool *mempool;\n \n-\tif (n_tokens != 10) {\n+\tif (n_tokens != 10 && n_tokens != 12) {\n \t\tsnprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]);\n \t\treturn;\n \t}\n@@ -113,6 +114,18 @@ cmd_mempool(char **tokens,\n \t\treturn;\n \t}\n \n+\tif (n_tokens == 12) {\n+\t\tif (strcmp(tokens[10], \"priv\") != 0) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID, \"priv\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tif (parser_read_uint32(&p.priv_size, tokens[11]) != 0) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID, \"priv\");\n+\t\t\treturn;\n+\t\t}\n+\t}\n+\n \tmempool = mempool_create(name, &p);\n \tif (mempool == NULL) {\n \t\tsnprintf(out, out_size, MSG_CMD_FAIL, tokens[0]);\n@@ -785,6 +798,569 @@ cmd_kni(char **tokens,\n \t}\n }\n \n+static const char cmd_sym_crypto_help[] =\n+\"sym_crypto <sym_crypto_name>\\n\"\n+\" cryptodev <device_name> | cryptodev_id <device_id>\\n\"\n+\" q <n_queues> <queue_size>\\n\"\n+\" offset <crypto operation offset from start of mbuf>\\n\"\n+\" cpu <cpu_id>\\n\";\n+\n+static void\n+cmd_sym_crypto(char **tokens,\n+\tuint32_t n_tokens,\n+\tchar *out,\n+\tsize_t out_size)\n+{\n+\tstruct sym_crypto_params params;\n+\tchar *name;\n+\n+\tmemset(¶ms, 0, sizeof(params));\n+\tif (n_tokens != 11) {\n+\t\tsnprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]);\n+\t\treturn;\n+\t}\n+\n+\tname = tokens[1];\n+\n+\tif (strcmp(tokens[2], \"cryptodev\") == 0)\n+\t\tparams.dev_name = tokens[3];\n+\telse if (strcmp(tokens[2], \"cryptodev_id\") == 0) {\n+\t\tif (parser_read_uint32(¶ms.cryptodev_id, tokens[3]) < 0) {\n+\t\t\tsnprintf(out, out_size,\tMSG_ARG_INVALID,\n+\t\t\t\t\"cryptodev_id\");\n+\t\t\treturn;\n+\t\t}\n+\t} else {\n+\t\tsnprintf(out, out_size,\tMSG_ARG_INVALID,\n+\t\t\t\"cryptodev\");\n+\t\treturn;\n+\t}\n+\n+\tif (strcmp(tokens[4], \"q\")) {\n+\t\tsnprintf(out, out_size,\tMSG_ARG_NOT_FOUND,\n+\t\t\t\"4\");\n+\t\treturn;\n+\t}\n+\n+\tif (parser_read_uint32(¶ms.n_queues, tokens[5]) < 0) {\n+\t\tsnprintf(out, out_size,\tMSG_ARG_INVALID,\n+\t\t\t\"q\");\n+\t\treturn;\n+\t}\n+\n+\tif (parser_read_uint32(¶ms.queue_size, tokens[6]) < 0) {\n+\t\tsnprintf(out, out_size,\tMSG_ARG_INVALID,\n+\t\t\t\"queue_size\");\n+\t\treturn;\n+\t}\n+\n+\tif (strcmp(tokens[7], \"offset\")) {\n+\t\tsnprintf(out, out_size,\tMSG_ARG_NOT_FOUND,\n+\t\t\t\"offset\");\n+\t\treturn;\n+\t}\n+\n+\tif (parser_read_uint32(¶ms.op_offset, tokens[8]) < 0) {\n+\t\tsnprintf(out, out_size,\tMSG_ARG_INVALID,\n+\t\t\t\"offset\");\n+\t\treturn;\n+\t}\n+\n+\tif (strcmp(tokens[9], \"cpu\")) {\n+\t\tsnprintf(out, out_size,\tMSG_ARG_NOT_FOUND,\n+\t\t\t\"cpu\");\n+\t\treturn;\n+\t}\n+\n+\tif (parser_read_uint32(¶ms.cpu_id, tokens[10]) < 0) {\n+\t\tsnprintf(out, out_size,\tMSG_ARG_INVALID,\n+\t\t\t\"cpu\");\n+\t\treturn;\n+\t}\n+\n+\tif (sym_crypto_create(name, ¶ms) == NULL) {\n+\t\tsnprintf(out, out_size, MSG_CMD_FAIL, tokens[0]);\n+\t\treturn;\n+\t}\n+}\n+\n+static const char cmd_sym_crypto_session_help[] =\n+\"sym_crypto_session <sym_crypto_sesion_name>\\n\"\n+\" [create\"\n+\" | sym_crypto <sym_crypto_name>\\n\"\n+\" | mempool_create <mempool_name> mempool_init <mempool_name>\\n\"\n+\" | op <cipher_hash/hash_cipher/cipher_enc/cipher_dec/aead_enc/aead_dec\\n\"\n+\" | [cipher_algo <ALGO> cipher_key <KEY> cipher_iv <IV>]\\n\"\n+\" | [auth_algo <ALGO> auth_key <KEY>]\\n\"\n+\" | [aead_algo <ALGO> aead_key <KEY> aead_iv <IV> aead_aad <AAD>]\\n\"\n+\" | digest_size <SIZE>]\\n\"\n+\" [delete]\\n\";\n+\n+static void\n+cmd_sym_crypto_session(char **tokens,\n+\tuint32_t n_tokens,\n+\tchar *out,\n+\tsize_t out_size)\n+{\n+\tstruct rte_crypto_sym_xform xforms[2];\n+\tstruct rte_crypto_cipher_xform *xform_cipher = NULL;\n+\tstruct rte_crypto_auth_xform *xform_auth = NULL;\n+\tstruct rte_crypto_aead_xform *xform_aead = NULL;\n+\tstruct sym_crypto_session_params p;\n+\tstruct sym_crypto *sym_crypto;\n+\tstruct mempool *mp;\n+\tchar *name;\n+\tuint32_t i;\n+\tuint32_t iv_offset = RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET;\n+\tint status = 0;\n+\n+\tmemset(&p, 0, sizeof(p));\n+\tmemset(xforms, 0, (sizeof(*xforms) * 2));\n+\n+\tif (n_tokens == 3) {\n+\t\tif (strcmp(tokens[2], \"delete\")) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tif (sym_crypto_session_delete(tokens[2]) < 0)\n+\t\t\tsnprintf(out, out_size, MSG_CMD_FAIL, tokens[0]);\n+\n+\t\treturn;\n+\t}\n+\n+\tname = tokens[1];\n+\n+\tif (strcmp(tokens[2], \"create\") || strcmp(tokens[3], \"sym_crypto\") ||\n+\t\t\tstrcmp(tokens[5], \"mempool_create\") ||\n+\t\t\tstrcmp(tokens[7], \"mempool_init\") ||\n+\t\t\tstrcmp(tokens[9], \"op\")) {\n+\t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n+\t\treturn;\n+\t}\n+\n+\tsym_crypto = sym_crypto_find(tokens[4]);\n+\tif (sym_crypto == NULL) {\n+\t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n+\t\treturn;\n+\t}\n+\tp.cryptodev_id = sym_crypto->cryptodev_id;\n+\n+\tmp = mempool_find(tokens[6]);\n+\tif (mp == NULL) {\n+\t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n+\t\treturn;\n+\t}\n+\tp.mp_create = mp->m;\n+\n+\tmp = mempool_find(tokens[8]);\n+\tif (mp == NULL) {\n+\t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n+\t\treturn;\n+\t}\n+\tp.mp_init = mp->m;\n+\n+\tif (strcmp(tokens[10], \"cipher_auth\") == 0) {\n+\t\txforms[0].next = &xforms[1];\n+\n+\t\txforms[0].type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\t\txform_cipher = &xforms[0].cipher;\n+\t\txform_cipher->op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;\n+\n+\t\txforms[1].type = RTE_CRYPTO_SYM_XFORM_AUTH;\n+\t\txform_auth = &xforms[1].auth;\n+\t\txform_auth->op = RTE_CRYPTO_AUTH_OP_GENERATE;\n+\n+\t} else if (strcmp(tokens[10], \"auth_cipher\") == 0) {\n+\t\txforms[0].next = &xforms[1];\n+\n+\t\txforms[0].type = RTE_CRYPTO_SYM_XFORM_AUTH;\n+\t\txform_auth = &xforms[0].auth;\n+\t\txform_auth->op = RTE_CRYPTO_AUTH_OP_VERIFY;\n+\n+\t\txforms[1].type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\t\txform_cipher = &xforms[1].cipher;\n+\t\txform_cipher->op = RTE_CRYPTO_CIPHER_OP_DECRYPT;\n+\n+\t} else if (strcmp(tokens[10], \"cipher_enc\") == 0) {\n+\t\txform_cipher = &xforms[0].cipher;\n+\t\txforms[0].type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\t\txform_cipher->op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;\n+\n+\t} else if (strcmp(tokens[10], \"cipher_dec\") == 0) {\n+\t\txform_cipher = &xforms[0].cipher;\n+\t\txforms[0].type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\t\txform_cipher->op = RTE_CRYPTO_CIPHER_OP_DECRYPT;\n+\n+\t} else if (strcmp(tokens[10], \"aead_enc\") == 0) {\n+\t\txforms[0].type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\t\txform_aead = &xforms[0].aead;\n+\t\txform_aead->op = RTE_CRYPTO_AEAD_OP_ENCRYPT;\n+\n+\t} else if (strcmp(tokens[10], \"aead_dec\") == 0) {\n+\t\txforms[0].type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\t\txform_aead = &xforms[0].aead;\n+\t\txform_aead->op = RTE_CRYPTO_AEAD_OP_DECRYPT;\n+\n+\t} else {\n+\t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n+\t\treturn;\n+\t}\n+\n+\tfor (i = 11; i < n_tokens; i++) {\n+\t\tif (strcmp(tokens[i], \"cipher_algo\") == 0) {\n+\t\t\tif (xform_cipher == NULL || xform_aead ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = rte_cryptodev_get_cipher_algo_enum(\n+\t\t\t\t&xform_cipher->algo, tokens[i + 1]);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"cipher_key\") == 0) {\n+\t\t\tsize_t len;\n+\n+\t\t\tif (xform_cipher == NULL || xform_aead ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tlen = strlen(tokens[i + 1]);\n+\t\t\txform_cipher->key.data = calloc(1, len / 2 + 1);\n+\t\t\tif (xform_cipher->key.data == NULL) {\n+\t\t\t\tsnprintf(out, out_size, MSG_OUT_OF_MEMORY);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = parse_hex_string(tokens[i + 1],\n+\t\t\t\t\txform_cipher->key.data,\n+\t\t\t\t\t(uint32_t *)&len);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\txform_cipher->key.length = (uint16_t)len;\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"cipher_iv\") == 0) {\n+\t\t\tsize_t len;\n+\n+\t\t\tif (xform_cipher == NULL || xform_aead ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tlen = strlen(tokens[i + 1]);\n+\n+\t\t\tp.cipher_iv = calloc(1, len / 2 + 1);\n+\t\t\tif (p.cipher_iv == NULL) {\n+\t\t\t\tsnprintf(out, out_size, MSG_OUT_OF_MEMORY);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = parse_hex_string(tokens[i + 1], p.cipher_iv,\n+\t\t\t\t\t(uint32_t *)&len);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\txform_cipher->iv.length = (uint16_t)len;\n+\t\t\tp.cipher_iv_len = (uint32_t)len;\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"auth_algo\") == 0) {\n+\t\t\tif (xform_auth == NULL || xform_aead ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = rte_cryptodev_get_auth_algo_enum(&\n+\t\t\t\txform_auth->algo, tokens[i + 1]);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"auth_key\") == 0) {\n+\t\t\tsize_t len;\n+\n+\t\t\tif (xform_auth == NULL || xform_aead ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tlen = strlen(tokens[i + 1]);\n+\t\t\txform_auth->key.data = calloc(1, len / 2 + 1);\n+\t\t\tif (xform_auth->key.data == NULL) {\n+\t\t\t\tsnprintf(out, out_size, MSG_OUT_OF_MEMORY);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = parse_hex_string(tokens[i + 1],\n+\t\t\t\t\txform_auth->key.data, (uint32_t *)&len);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\txform_auth->key.length = (uint16_t)len;\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"auth_iv\") == 0) {\n+\t\t\tsize_t len;\n+\n+\t\t\tif (xform_auth == NULL || xform_aead ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tlen = strlen(tokens[i + 1]);\n+\n+\t\t\tp.auth_iv = calloc(1, len / 2 + 1);\n+\t\t\tif (p.auth_iv == NULL) {\n+\t\t\t\tsnprintf(out, out_size, MSG_OUT_OF_MEMORY);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = parse_hex_string(tokens[i + 1], p.auth_iv,\n+\t\t\t\t\t(uint32_t *)&len);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\txform_auth->iv.length = (uint16_t)len;\n+\t\t\tp.auth_iv_len = (uint32_t)len;\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"aead_algo\") == 0) {\n+\t\t\tif (xform_aead == NULL || xform_cipher || xform_auth ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = rte_cryptodev_get_aead_algo_enum(&\n+\t\t\t\txform_aead->algo, tokens[i + 1]);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"aead_key\") == 0) {\n+\t\t\tsize_t len;\n+\n+\t\t\tif (xform_aead == NULL || xform_cipher || xform_auth ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tlen = strlen(tokens[i + 1]);\n+\n+\t\t\txform_aead->key.data = calloc(1, len / 2 + 1);\n+\t\t\tif (xform_aead->key.data == NULL) {\n+\t\t\t\tsnprintf(out, out_size, MSG_OUT_OF_MEMORY);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = parse_hex_string(tokens[i + 1],\n+\t\t\t\t\txform_aead->key.data, (uint32_t *)&len);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\txform_aead->key.length = (uint16_t)len;\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"aead_iv\") == 0) {\n+\t\t\tsize_t len;\n+\n+\t\t\tif (xform_aead == NULL || xform_cipher || xform_auth ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tlen = strlen(tokens[i + 1]);\n+\n+\t\t\tp.aead_iv = calloc(1, len / 2 + 1);\n+\t\t\tif (p.aead_iv == NULL) {\n+\t\t\t\tsnprintf(out, out_size, MSG_OUT_OF_MEMORY);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = parse_hex_string(tokens[i + 1], p.aead_iv,\n+\t\t\t\t\t(uint32_t *)&len);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\txform_aead->iv.length = (uint16_t)len;\n+\t\t\tp.aead_iv_len = (uint32_t)len;\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"aead_aad\") == 0) {\n+\t\t\tsize_t len;\n+\n+\t\t\tif (xform_aead == NULL || xform_cipher || xform_auth ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tlen = strlen(tokens[i + 1]);\n+\n+\t\t\tp.aead_aad = calloc(1, len / 2 + 1);\n+\t\t\tif (p.aead_aad == NULL) {\n+\t\t\t\tsnprintf(out, out_size, MSG_OUT_OF_MEMORY);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tstatus = parse_hex_string(tokens[i + 1], p.aead_aad,\n+\t\t\t\t\t(uint32_t *)&len);\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\txform_aead->aad_length = (uint16_t)len;\n+\t\t\tp.aead_aad_len = (uint32_t)len;\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[i], \"digest_size\") == 0) {\n+\t\t\tif ((xform_aead == NULL && xform_auth == NULL) ||\n+\t\t\t\t\tn_tokens < i + 2) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\tif (xform_auth)\n+\t\t\t\tstatus = parser_read_uint16(\n+\t\t\t\t\t&xform_auth->digest_length,\n+\t\t\t\t\ttokens[i + 1]);\n+\t\t\telse\n+\t\t\t\tstatus = parser_read_uint16(\n+\t\t\t\t\t&xform_aead->digest_length,\n+\t\t\t\t\ttokens[i + 1]);\n+\n+\t\t\tif (status < 0) {\n+\t\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\t\ttokens[0]);\n+\t\t\t\tgoto error_exit;\n+\t\t\t}\n+\n+\t\t\ti++;\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n+\t\tgoto error_exit;\n+\t}\n+\n+\tif (xform_cipher)\n+\t\txform_cipher->iv.offset = iv_offset;\n+\n+\tif (xform_aead)\n+\t\txform_aead->iv.offset = iv_offset;\n+\n+\tif (xform_auth && (xform_auth->iv.length > 0)) {\n+\t\tif (xform_cipher)\n+\t\t\txform_auth->iv.offset = iv_offset +\n+\t\t\t\t\txform_cipher->iv.length;\n+\t\telse\n+\t\t\txform_auth->iv.offset = iv_offset;\n+\t}\n+\n+\tp.xforms = xforms;\n+\n+\tif (sym_crypto_session_create(name, &p) == NULL)\n+\t\tsnprintf(out, out_size, MSG_CMD_FAIL, tokens[0]);\n+\n+error_exit:\n+\tif (xform_cipher && xform_cipher->key.data)\n+\t\tfree(xform_cipher->key.data);\n+\tif (xform_auth && xform_auth->key.data)\n+\t\tfree(xform_auth->key.data);\n+\tif (xform_aead && xform_aead->key.data)\n+\t\tfree(xform_aead->key.data);\n+\tif (p.cipher_iv)\n+\t\tfree(p.cipher_iv);\n+\tif (p.auth_iv)\n+\t\tfree(p.auth_iv);\n+\tif (p.aead_iv)\n+\t\tfree(p.aead_iv);\n+\tif (p.aead_aad)\n+\t\tfree(p.aead_aad);\n+}\n \n static const char cmd_port_in_action_profile_help[] =\n \"port in action profile <profile_name>\\n\"\n@@ -967,7 +1543,8 @@ static const char cmd_table_action_profile_help[] =\n \" [ttl drop | fwd\\n\"\n \" stats none | pkts]\\n\"\n \" [stats pkts | bytes | both]\\n\"\n-\" [time]\\n\";\n+\" [time]\\n\"\n+\" [sym_crypto <SYM_CRYPTO_NAME>]\\n\";\n \n static void\n cmd_table_action_profile(char **tokens,\n@@ -1285,6 +1862,30 @@ cmd_table_action_profile(char **tokens,\n \t\tt0 += 1;\n \t} /* time */\n \n+\tif ((t0 < n_tokens) && (strcmp(tokens[t0], \"sym_crypto\") == 0)) {\n+\t\tstruct sym_crypto *sym_crypto;\n+\n+\t\tif (n_tokens < t0 + 2) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_MISMATCH,\n+\t\t\t\t\"table action profile sym_crypto\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tsym_crypto = sym_crypto_find(tokens[t0 + 1]);\n+\t\tif (sym_crypto == NULL) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\"table action profile sym_crypto\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tp.sym_crypto.cryptodev_id = sym_crypto->cryptodev_id;\n+\t\tp.sym_crypto.op_offset = sym_crypto->op_offset;\n+\n+\t\tp.action_mask |= 1LLU << RTE_TABLE_ACTION_SYM_CRYPTO;\n+\n+\t\tt0 += 5;\n+\t} /* sym_crypto */\n+\n \tif (t0 < n_tokens) {\n \t\tsnprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]);\n \t\treturn;\n@@ -1366,6 +1967,7 @@ static const char cmd_pipeline_port_in_help[] =\n \" | tap <tap_name> mempool <mempool_name> mtu <mtu>\\n\"\n \" | kni <kni_name>\\n\"\n \" | source mempool <mempool_name> file <file_name> bpp <n_bytes_per_pkt>\\n\"\n+\" | sym_crypto <sym_crypto_name> rxq <queue_id>\\n\"\n \" [action <port_in_action_profile_name>]\\n\"\n \" [disabled]\\n\";\n \n@@ -1538,6 +2140,27 @@ cmd_pipeline_port_in(char **tokens,\n \t\t}\n \n \t\tt0 += 7;\n+\t} else if (strcmp(tokens[t0], \"sym_crypto\") == 0) {\n+\t\tif (n_tokens < t0 + 3) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_MISMATCH,\n+\t\t\t\t\"pipeline port in sym_crypto\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tp.dev_name = tokens[t0 + 1];\n+\t\tif (parser_read_uint16(&p.rxq.queue_id, tokens[t0 + 3]) != 0) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\"rxq\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\t/** TODO: different callback functions */\n+\t\tp.sym_crypto.arg_callback = NULL;\n+\t\tp.sym_crypto.f_callback = NULL;\n+\n+\t\tp.type = PORT_IN_SYM_CRYPTO;\n+\n+\t\tt0 += 4;\n \t} else {\n \t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n \t\treturn;\n@@ -1584,7 +2207,8 @@ static const char cmd_pipeline_port_out_help[] =\n \" | tmgr <tmgr_name>\\n\"\n \" | tap <tap_name>\\n\"\n \" | kni <kni_name>\\n\"\n-\" | sink [file <file_name> pkts <max_n_pkts>]\\n\";\n+\" | sink [file <file_name> pkts <max_n_pkts>]\\n\"\n+\" | sym_crypto <sym_crypto_name> txq <txq_id> offset <crypto_op_offset>\\n\";\n \n static void\n cmd_pipeline_port_out(char **tokens,\n@@ -1718,6 +2342,39 @@ cmd_pipeline_port_out(char **tokens,\n \t\t\t\treturn;\n \t\t\t}\n \t\t}\n+\n+\t} else if (strcmp(tokens[6], \"sym_crypto\") == 0) {\n+\t\tif (n_tokens != 12) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_MISMATCH,\n+\t\t\t\t\"pipeline port out sym_crypto\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tp.type = PORT_OUT_SYM_CRYPTO;\n+\n+\t\tp.dev_name = tokens[7];\n+\n+\t\tif (strcmp(tokens[8], \"txq\") != 0) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_NOT_FOUND, \"txq\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tif (parser_read_uint16(&p.sym_crypto.queue_id, tokens[9])\n+\t\t\t\t!= 0) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID, \"queue_id\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tif (strcmp(tokens[10], \"offset\") != 0) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_NOT_FOUND, \"offset\");\n+\t\t\treturn;\n+\t\t}\n+\n+\t\tif (parser_read_uint32(&p.sym_crypto.crypto_op_offset,\n+\t\t\t\ttokens[11]) != 0) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID, \"offset\");\n+\t\t\treturn;\n+\t\t}\n \t} else {\n \t\tsnprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);\n \t\treturn;\n@@ -2866,6 +3523,7 @@ parse_match(char **tokens,\n * [ttl dec | keep]\n * [stats]\n * [time]\n+ * [sym_crypto data_offset <data_offset> session <session_name>]\n *\n * where:\n * <pa> ::= g | y | r | drop\n@@ -3349,6 +4007,52 @@ parse_table_action_time(char **tokens,\n }\n \n static uint32_t\n+parse_table_action_sym_crypto(char **tokens,\n+\tuint32_t n_tokens,\n+\tstruct table_rule_action *a)\n+{\n+\tstruct rte_table_action_sym_crypto_params *p = &a->sym_crypto;\n+\tstruct sym_crypto_session *sym_crypto_session;\n+\tint status;\n+\n+\tif ((n_tokens < 5) ||\n+\t\tstrcmp(tokens[0], \"sym_crypto\") ||\n+\t\tstrcmp(tokens[1], \"data_offset\") ||\n+\t\tstrcmp(tokens[3], \"session\"))\n+\t\treturn 0;\n+\n+\tsym_crypto_session = sym_crypto_session_find(tokens[4]);\n+\tif (sym_crypto_session == NULL)\n+\t\treturn 0;\n+\n+\tmemset(p, 0, sizeof(*p));\n+\n+\tstatus = parser_read_uint32(&p->data_offset, tokens[2]);\n+\tif (status < 0)\n+\t\treturn 0;\n+\n+\tp->xform = sym_crypto_session->xforms;\n+\tp->session = sym_crypto_session->session;\n+\n+\tif (p->xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tp->cipher_auth.cipher_iv.val = sym_crypto_session->cipher_iv;\n+\t\tp->cipher_auth.cipher_iv.length =\n+\t\t\t\tsym_crypto_session->cipher_iv_len;\n+\t\tp->cipher_auth.auth_iv.val = sym_crypto_session->auth_iv;\n+\t\tp->cipher_auth.auth_iv.length = sym_crypto_session->auth_iv_len;\n+\t} else {\n+\t\tp->aead.iv.val = sym_crypto_session->aead_iv;\n+\t\tp->aead.iv.length = sym_crypto_session->aead_iv_len;\n+\t\tp->aead.aad.val = sym_crypto_session->aead_aad;\n+\t\tp->aead.aad.length = sym_crypto_session->aead_aad_len;\n+\t}\n+\n+\ta->action_mask |= 1 << RTE_TABLE_ACTION_SYM_CRYPTO;\n+\n+\treturn 5;\n+}\n+\n+static uint32_t\n parse_table_action(char **tokens,\n \tuint32_t n_tokens,\n \tchar *out,\n@@ -3492,6 +4196,20 @@ parse_table_action(char **tokens,\n \t\tn_tokens -= n;\n \t}\n \n+\tif (n_tokens && (strcmp(tokens[0], \"sym_crypto\") == 0)) {\n+\t\tuint32_t n;\n+\n+\t\tn = parse_table_action_sym_crypto(tokens, n_tokens, a);\n+\t\tif (n == 0) {\n+\t\t\tsnprintf(out, out_size, MSG_ARG_INVALID,\n+\t\t\t\t\"action sym_crypto\");\n+\t\t\treturn 0;\n+\t\t}\n+\n+\t\ttokens += n;\n+\t\tn_tokens -= n;\n+\t}\n+\n \tif (n_tokens0 - n_tokens == 1) {\n \t\tsnprintf(out, out_size, MSG_ARG_INVALID, \"action\");\n \t\treturn 0;\n@@ -4570,6 +5288,16 @@ cmd_help(char **tokens, uint32_t n_tokens, char *out, size_t out_size)\n \t\treturn;\n \t}\n \n+\tif (strcmp(tokens[0], \"sym_crypto\") == 0) {\n+\t\tsnprintf(out, out_size, \"\\n%s\\n\", cmd_sym_crypto_help);\n+\t\treturn;\n+\t}\n+\n+\tif (strcmp(tokens[0], \"sym_crypto_session\") == 0) {\n+\t\tsnprintf(out, out_size, \"\\n%s\\n\", cmd_sym_crypto_session_help);\n+\t\treturn;\n+\t}\n+\n \tif ((n_tokens == 4) &&\n \t\t(strcmp(tokens[0], \"port\") == 0) &&\n \t\t(strcmp(tokens[1], \"in\") == 0) &&\n@@ -4860,6 +5588,16 @@ cli_process(char *in, char *out, size_t out_size)\n \t\treturn;\n \t}\n \n+\tif (strcmp(tokens[0], \"sym_crypto\") == 0) {\n+\t\tcmd_sym_crypto(tokens, n_tokens, out, out_size);\n+\t\treturn;\n+\t}\n+\n+\tif (strcmp(tokens[0], \"sym_crypto_session\") == 0) {\n+\t\tcmd_sym_crypto_session(tokens, n_tokens, out, out_size);\n+\t\treturn;\n+\t}\n+\n \tif (strcmp(tokens[0], \"port\") == 0) {\n \t\tcmd_port_in_action_profile(tokens, n_tokens, out, out_size);\n \t\treturn;\ndiff --git a/examples/ip_pipeline/examples/flow_crypto.cli b/examples/ip_pipeline/examples/flow_crypto.cli\nnew file mode 100644\nindex 000000000..68b79060e\n--- /dev/null\n+++ b/examples/ip_pipeline/examples/flow_crypto.cli\n@@ -0,0 +1,76 @@\n+; SPDX-License-Identifier: BSD-3-Clause\n+; Copyright(c) 2010-2018 Intel Corporation\n+\n+; ________________\n+; LINK0 RXQ0 --->| |---> LINK0 TXQ0\n+; | |\n+; LINK1 RXQ0 --->| |---> LINK1 TXQ0\n+; | Flow |\n+; LINK2 RXQ0 --->| Classification |---> LINK2 TXQ0\n+; | |\n+; LINK3 RXQ0 --->| |---> LINK3 TXQ0\n+; |________________|\n+; |\n+; +-----------> SINK0 (flow lookup miss)\n+;\n+; Input packet: Ethernet/IPv4\n+;\n+; Packet buffer layout:\n+; # Field Name Offset (Bytes) Size (Bytes)\n+; 0 Mbuf 0 128\n+; 1 Headroom 128 128\n+; 2 Priv 256 32\n+; 3 Ethernet header 288 14\n+; 4 IPv4 header 302 20\n+; 5 TCP header 322 48\n+;\n+\n+mempool MEMPOOL0 buffer 2304 pool 32K cache 256 cpu 0 priv 32\n+#mempool MEMPOOL_SESSION0 buffer 1024 pool 1024 cache 128 cpu 0\n+mempool MEMPOOL_SESSION0 buffer 1024 pool 1024 cache 128 cpu 1\n+\n+link LINK0 dev 0000:07:00.0 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on\n+#sym_crypto CRYPTO0 cryptodev crypto_aesni_gcm0 q 1 1024 offset 128 cpu 0\n+sym_crypto CRYPTO0 cryptodev 0000:88:01.0_qat_sym q 1 1024 offset 128 cpu 1\n+\n+#AES-CBC-128 encrypt\n+#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 op cipher_enc cipher_algo aes-cbc cipher_key 000102030405060708090a0b0c0d0e0f cipher_iv 000102030405060708090a0b0c0d0e0f \n+#AES-CBC-128 decrypt\n+#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 op cipher_dec cipher_algo aes-cbc cipher_key 000102030405060708090a0b0c0d0e0f cipher_iv 000102030405060708090a0b0c0d0e0f \n+#AES-CBC-128-SHA1 encrypt AESNI-MB\n+#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 op cipher_auth cipher_algo aes-cbc cipher_key 000102030405060708090a0b0c0d0e0f cipher_iv 000102030405060708090a0b0c0d0e0f auth_algo sha1-hmac auth_key 000102030405060708090a0b0c0d0e0f10111213 digest_size 12\n+#AES-CBC-128-SHA1 encrypt QAT\n+#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 op cipher_auth cipher_algo aes-cbc cipher_key 000102030405060708090a0b0c0d0e0f cipher_iv 000102030405060708090a0b0c0d0e0f auth_algo sha1-hmac auth_key 000102030405060708090a0b0c0d0e0f10111213 digest_size 20\n+#AES-CBC-128-SHA1 decrypt AESNI-MB\n+#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 op auth_cipher cipher_algo aes-cbc cipher_key 000102030405060708090a0b0c0d0e0f cipher_iv 000102030405060708090a0b0c0d0e0f auth_algo sha1-hmac auth_key 000102030405060708090a0b0c0d0e0f10111213 digest_size 12\n+#AES-CBC-128-SHA1 decrypt QAT\n+#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 op auth_cipher cipher_algo aes-cbc cipher_key 000102030405060708090a0b0c0d0e0f cipher_iv 000102030405060708090a0b0c0d0e0f auth_algo sha1-hmac auth_key 000102030405060708090a0b0c0d0e0f10111213 digest_size 20\n+#AES-GCM encrypt \n+sym_crypto_session SESSION0 create sym_crypto CRYPTO0 mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 op aead_enc aead_algo aes-gcm aead_key 000102030405060708090a0b0c0d0e0f aead_iv 000102030405060708090a0b aead_aad 000102030405060708090a0b0c0d0e0f digest_size 8\n+#AES-GCM decrypt\n+#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 op aead_dec aead_algo aes-gcm aead_key 000102030405060708090a0b0c0d0e0f aead_iv 000102030405060708090a0b aead_aad 000102030405060708090a0b0c0d0e0f digest_size 8\n+\n+table action profile AP0 ipv4 offset 302 fwd sym_crypto CRYPTO0\n+table action profile AP1 ipv4 offset 302 fwd\n+\n+pipeline PIPELINE0 period 10 offset_port_id 0 cpu 0\n+\n+pipeline PIPELINE0 port in bsz 32 link LINK0 rxq 0\n+pipeline PIPELINE0 port in bsz 32 sym_crypto CRYPTO0 rxq 0\n+\n+pipeline PIPELINE0 port out bsz 32 sym_crypto CRYPTO0 txq 0 offset 128\n+pipeline PIPELINE0 port out bsz 32 link LINK0 txq 0\n+pipeline PIPELINE0 port out bsz 32 sink\n+\n+pipeline PIPELINE0 table match hash ext key 8 mask FFFFFFFF00000000 offset 314 buckets 16K size 65K action AP0\n+pipeline PIPELINE0 table match stub action AP1\n+\n+pipeline PIPELINE0 port in 0 table 0\n+pipeline PIPELINE0 port in 1 table 1\n+\n+thread 1 pipeline PIPELINE0 enable\n+\n+pipeline PIPELINE0 table 0 rule add match default action fwd port 2\n+pipeline PIPELINE0 table 0 rule add match hash ipv4_addr 100.0.0.10 action fwd port 0 sym_crypto data_offset 20 session SESSION0\n+pipeline PIPELINE0 table 1 rule add match default action fwd port 1\n+\ndiff --git a/examples/ip_pipeline/main.c b/examples/ip_pipeline/main.c\nindex a69faceef..2de7f399b 100644\n--- a/examples/ip_pipeline/main.c\n+++ b/examples/ip_pipeline/main.c\n@@ -19,6 +19,7 @@\n #include \"pipeline.h\"\n #include \"swq.h\"\n #include \"tap.h\"\n+#include \"sym_crypto.h\"\n #include \"thread.h\"\n #include \"tmgr.h\"\n \n@@ -210,6 +211,22 @@ main(int argc, char **argv)\n \t\treturn status;\n \t}\n \n+\t/* Sym Crypto */\n+\tstatus = sym_crypto_init();\n+\tif (status) {\n+\t\tprintf(\"Error: Sym Crypto initialization failed (%d)\\n\",\n+\t\t\t\tstatus);\n+\t\treturn status;\n+\t}\n+\n+\t/* Sym Crypto Session */\n+\tstatus = sym_crypto_session_init();\n+\tif (status) {\n+\t\tprintf(\"Error: Sym Crypto initialization failed (%d)\\n\",\n+\t\t\t\tstatus);\n+\t\treturn status;\n+\t}\n+\n \t/* Action */\n \tstatus = port_in_action_profile_init();\n \tif (status) {\ndiff --git a/examples/ip_pipeline/mempool.c b/examples/ip_pipeline/mempool.c\nindex f5d2a7d10..9e95a3764 100644\n--- a/examples/ip_pipeline/mempool.c\n+++ b/examples/ip_pipeline/mempool.c\n@@ -56,7 +56,7 @@ mempool_create(const char *name, struct mempool_params *params)\n \t\tname,\n \t\tparams->pool_size,\n \t\tparams->cache_size,\n-\t\t0,\n+\t\tparams->priv_size,\n \t\tparams->buffer_size - sizeof(struct rte_mbuf),\n \t\tparams->cpu_id);\n \ndiff --git a/examples/ip_pipeline/mempool.h b/examples/ip_pipeline/mempool.h\nindex bd46a11ca..fb405de32 100644\n--- a/examples/ip_pipeline/mempool.h\n+++ b/examples/ip_pipeline/mempool.h\n@@ -32,6 +32,7 @@ struct mempool_params {\n \tuint32_t pool_size;\n \tuint32_t cache_size;\n \tuint32_t cpu_id;\n+\tuint32_t priv_size;\n };\n \n struct mempool *\ndiff --git a/examples/ip_pipeline/pipeline.c b/examples/ip_pipeline/pipeline.c\nindex 43fe8677a..a947dc144 100644\n--- a/examples/ip_pipeline/pipeline.c\n+++ b/examples/ip_pipeline/pipeline.c\n@@ -18,6 +18,7 @@\n #include <rte_port_source_sink.h>\n #include <rte_port_fd.h>\n #include <rte_port_sched.h>\n+#include <rte_port_sym_crypto.h>\n \n #include <rte_table_acl.h>\n #include <rte_table_array.h>\n@@ -35,6 +36,7 @@\n #include \"tap.h\"\n #include \"tmgr.h\"\n #include \"swq.h\"\n+#include \"sym_crypto.h\"\n \n #include \"hash_func.h\"\n \n@@ -163,6 +165,7 @@ pipeline_port_in_create(const char *pipeline_name,\n \t\tstruct rte_port_kni_reader_params kni;\n #endif\n \t\tstruct rte_port_source_params source;\n+\t\tstruct rte_port_sym_crypto_reader_params sym_crypto;\n \t} pp;\n \n \tstruct pipeline *pipeline;\n@@ -296,6 +299,27 @@ pipeline_port_in_create(const char *pipeline_name,\n \t\tbreak;\n \t}\n \n+\tcase PORT_IN_SYM_CRYPTO:\n+\t{\n+\t\tstruct sym_crypto *sym_crypto;\n+\n+\t\tsym_crypto = sym_crypto_find(params->dev_name);\n+\t\tif (sym_crypto == NULL)\n+\t\t\treturn -1;\n+\n+\t\tif (params->rxq.queue_id > (sym_crypto->n_queues - 1))\n+\t\t\treturn -1;\n+\n+\t\tpp.sym_crypto.cryptodev_id = sym_crypto->cryptodev_id;\n+\t\tpp.sym_crypto.queue_id = params->rxq.queue_id;\n+\t\tpp.sym_crypto.f_callback = params->sym_crypto.f_callback;\n+\t\tpp.sym_crypto.arg_callback = params->sym_crypto.arg_callback;\n+\t\tp.ops = &rte_port_sym_crypto_reader_ops;\n+\t\tp.arg_create = &pp.sym_crypto;\n+\n+\t\tbreak;\n+\t}\n+\n \tdefault:\n \t\treturn -1;\n \t}\n@@ -385,6 +409,7 @@ pipeline_port_out_create(const char *pipeline_name,\n \t\tstruct rte_port_kni_writer_params kni;\n #endif\n \t\tstruct rte_port_sink_params sink;\n+\t\tstruct rte_port_sym_crypto_writer_params sym_crypto;\n \t} pp;\n \n \tunion {\n@@ -394,6 +419,7 @@ pipeline_port_out_create(const char *pipeline_name,\n #ifdef RTE_LIBRTE_KNI\n \t\tstruct rte_port_kni_writer_nodrop_params kni;\n #endif\n+\t\tstruct rte_port_sym_crypto_writer_nodrop_params sym_crypto;\n \t} pp_nodrop;\n \n \tstruct pipeline *pipeline;\n@@ -549,6 +575,41 @@ pipeline_port_out_create(const char *pipeline_name,\n \t\tbreak;\n \t}\n \n+\tcase PORT_OUT_SYM_CRYPTO:\n+\t{\n+\t\tstruct sym_crypto *sym_crypto;\n+\n+\t\tsym_crypto = sym_crypto_find(params->dev_name);\n+\t\tif (sym_crypto == NULL)\n+\t\t\treturn -1;\n+\n+\t\tif (params->sym_crypto.queue_id > (sym_crypto->n_queues - 1))\n+\t\t\treturn -1;\n+\n+\t\tpp.sym_crypto.cryptodev_id = sym_crypto->cryptodev_id;\n+\t\tpp.sym_crypto.queue_id = params->txq.queue_id;\n+\t\tpp.sym_crypto.tx_burst_sz = params->burst_size;\n+\t\tpp.sym_crypto.crypto_op_offset =\n+\t\t\t\tparams->sym_crypto.crypto_op_offset;\n+\n+\t\tpp_nodrop.sym_crypto.cryptodev_id = sym_crypto->cryptodev_id;\n+\t\tpp_nodrop.sym_crypto.queue_id = params->txq.queue_id;\n+\t\tpp_nodrop.sym_crypto.tx_burst_sz = params->burst_size;\n+\t\tpp_nodrop.sym_crypto.n_retries = params->retry;\n+\t\tpp_nodrop.sym_crypto.crypto_op_offset =\n+\t\t\t\tparams->sym_crypto.crypto_op_offset;\n+\n+\t\tif (params->retry == 0) {\n+\t\t\tp.ops = &rte_port_sym_crypto_writer_ops;\n+\t\t\tp.arg_create = &pp.sym_crypto;\n+\t\t} else {\n+\t\t\tp.ops = &rte_port_sym_crypto_writer_nodrop_ops;\n+\t\t\tp.arg_create = &pp_nodrop.sym_crypto;\n+\t\t}\n+\n+\t\tbreak;\n+\t}\n+\n \tdefault:\n \t\treturn -1;\n \t}\ndiff --git a/examples/ip_pipeline/pipeline.h b/examples/ip_pipeline/pipeline.h\nindex a953a29fa..b8a420f51 100644\n--- a/examples/ip_pipeline/pipeline.h\n+++ b/examples/ip_pipeline/pipeline.h\n@@ -27,6 +27,7 @@ enum port_in_type {\n \tPORT_IN_TAP,\n \tPORT_IN_KNI,\n \tPORT_IN_SOURCE,\n+\tPORT_IN_SYM_CRYPTO,\n };\n \n struct port_in_params {\n@@ -48,6 +49,11 @@ struct port_in_params {\n \t\t\tconst char *file_name;\n \t\t\tuint32_t n_bytes_per_pkt;\n \t\t} source;\n+\n+\t\tstruct {\n+\t\t\tvoid *f_callback;\n+\t\t\tvoid *arg_callback;\n+\t\t} sym_crypto;\n \t};\n \tuint32_t burst_size;\n \n@@ -62,6 +68,7 @@ enum port_out_type {\n \tPORT_OUT_TAP,\n \tPORT_OUT_KNI,\n \tPORT_OUT_SINK,\n+\tPORT_OUT_SYM_CRYPTO,\n };\n \n struct port_out_params {\n@@ -76,6 +83,11 @@ struct port_out_params {\n \t\t\tconst char *file_name;\n \t\t\tuint32_t max_n_pkts;\n \t\t} sink;\n+\n+\t\tstruct {\n+\t\t\tuint16_t queue_id;\n+\t\t\tuint32_t crypto_op_offset;\n+\t\t} sym_crypto;\n \t};\n \tuint32_t burst_size;\n \tint retry;\n@@ -268,6 +280,7 @@ struct table_rule_action {\n \tstruct rte_table_action_ttl_params ttl;\n \tstruct rte_table_action_stats_params stats;\n \tstruct rte_table_action_time_params time;\n+\tstruct rte_table_action_sym_crypto_params sym_crypto;\n };\n \n int\ndiff --git a/examples/ip_pipeline/sym_crypto.c b/examples/ip_pipeline/sym_crypto.c\nnew file mode 100644\nindex 000000000..88045e163\n--- /dev/null\n+++ b/examples/ip_pipeline/sym_crypto.c\n@@ -0,0 +1,320 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2018 Intel Corporation\n+ */\n+\n+#include <stdlib.h>\n+#include <stdio.h>\n+\n+#include <rte_cryptodev.h>\n+#include <rte_cryptodev_pmd.h>\n+#include <rte_string_fns.h>\n+\n+#include \"sym_crypto.h\"\n+\n+static struct sym_crypto_list sym_crypto_list;\n+\n+int\n+sym_crypto_init(void)\n+{\n+\tTAILQ_INIT(&sym_crypto_list);\n+\n+\treturn 0;\n+}\n+\n+struct sym_crypto *\n+sym_crypto_find(const char *name)\n+{\n+\tstruct sym_crypto *sym_crypto;\n+\n+\tif (name == NULL)\n+\t\treturn NULL;\n+\n+\tTAILQ_FOREACH(sym_crypto, &sym_crypto_list, node)\n+\t\tif (strcmp(sym_crypto->name, name) == 0)\n+\t\t\treturn sym_crypto;\n+\n+\treturn NULL;\n+}\n+\n+struct sym_crypto *\n+sym_crypto_next(struct sym_crypto *sym_crypto)\n+{\n+\treturn (sym_crypto == NULL) ?\n+\t\t\tTAILQ_FIRST(&sym_crypto_list) :\n+\t\t\tTAILQ_NEXT(sym_crypto, node);\n+}\n+\n+struct sym_crypto *\n+sym_crypto_create(const char *name, struct sym_crypto_params *params)\n+{\n+\tstruct rte_cryptodev_info dev_info;\n+\tstruct rte_cryptodev_config dev_conf;\n+\tstruct rte_cryptodev_qp_conf queue_conf;\n+\tstruct sym_crypto *sym_crypto;\n+\tuint32_t cryptodev_id, i;\n+\tint status;\n+\n+\t/* Check input params */\n+\tif ((name == NULL) ||\n+\t\tsym_crypto_find(name) ||\n+\t\t(params->n_queues == 0) ||\n+\t\t(params->queue_size == 0))\n+\t\treturn NULL;\n+\n+\tif (params->dev_name) {\n+\t\tstatus = rte_cryptodev_get_dev_id(params->dev_name);\n+\t\tif (status == -1)\n+\t\t\treturn NULL;\n+\n+\t\tcryptodev_id = (uint32_t)status;\n+\t} else {\n+\t\tif (rte_cryptodev_pmd_is_valid_dev(params->cryptodev_id) == 0)\n+\t\t\treturn NULL;\n+\n+\t\tcryptodev_id = params->cryptodev_id;\n+\t}\n+\n+\trte_cryptodev_info_get(cryptodev_id, &dev_info);\n+\tif (dev_info.max_nb_queue_pairs < params->n_queues)\n+\t\treturn NULL;\n+\tif ((dev_info.feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED) &&\n+\t\t(params->cpu_id !=\n+\t\t\t(uint32_t)rte_cryptodev_socket_id(cryptodev_id)))\n+\t\treturn NULL;\n+\n+\tdev_conf.socket_id = params->cpu_id;\n+\tdev_conf.nb_queue_pairs = params->n_queues;\n+\n+\tstatus = rte_cryptodev_configure(cryptodev_id, &dev_conf);\n+\tif (status < 0)\n+\t\treturn NULL;\n+\n+\tqueue_conf.nb_descriptors = params->queue_size;\n+\tfor (i = 0; i < params->n_queues; i++) {\n+\t\tstatus = rte_cryptodev_queue_pair_setup(cryptodev_id, i,\n+\t\t\t\t&queue_conf, params->cpu_id, NULL);\n+\t\tif (status < 0)\n+\t\t\treturn NULL;\n+\t}\n+\n+\tif (rte_cryptodev_start(cryptodev_id) < 0)\n+\t\treturn NULL;\n+\n+\tsym_crypto = calloc(1, sizeof(struct sym_crypto));\n+\tif (sym_crypto == NULL) {\n+\t\trte_cryptodev_stop(cryptodev_id);\n+\t\treturn NULL;\n+\t}\n+\n+\tstrlcpy(sym_crypto->name, name, sizeof(sym_crypto->name));\n+\tsym_crypto->cryptodev_id = cryptodev_id;\n+\tsym_crypto->n_queues = params->n_queues;\n+\tsym_crypto->op_offset = params->op_offset;\n+\n+\tTAILQ_INSERT_TAIL(&sym_crypto_list, sym_crypto, node);\n+\n+\treturn sym_crypto;\n+}\n+\n+int\n+sym_crypto_is_up(const char *name)\n+{\n+\tstruct sym_crypto *sym_crypto;\n+\tstruct rte_cryptodev *dev;\n+\n+\t/* Check input params */\n+\tif (name == NULL)\n+\t\treturn 0;\n+\n+\tsym_crypto = sym_crypto_find(name);\n+\tif (sym_crypto == NULL)\n+\t\treturn 0;\n+\n+\t/* Resource */\n+\tdev = &rte_cryptodevs[sym_crypto->cryptodev_id];\n+\n+\treturn (int)dev->data->dev_started;\n+}\n+\n+static struct sym_crypto_session_list sym_crypto_session_list;\n+\n+int\n+sym_crypto_session_init(void)\n+{\n+\tTAILQ_INIT(&sym_crypto_session_list);\n+\n+\treturn 0;\n+}\n+\n+struct sym_crypto_session *\n+sym_crypto_session_find(const char *name)\n+{\n+\tstruct sym_crypto_session *sym_crypto_session;\n+\n+\tif (name == NULL)\n+\t\treturn NULL;\n+\n+\tTAILQ_FOREACH(sym_crypto_session, &sym_crypto_session_list, node)\n+\t\tif (strcmp(sym_crypto_session->name, name) == 0)\n+\t\t\treturn sym_crypto_session;\n+\n+\treturn NULL;\n+}\n+\n+struct sym_crypto_session *\n+sym_crypto_session_next(struct sym_crypto_session *sym_crypto_session)\n+{\n+\treturn (sym_crypto_session == NULL) ?\n+\t\t\tTAILQ_FIRST(&sym_crypto_session_list) :\n+\t\t\tTAILQ_NEXT(sym_crypto_session, node);\n+}\n+\n+struct sym_crypto_session *\n+sym_crypto_session_create(const char *name,\n+\t\tstruct sym_crypto_session_params *params)\n+{\n+\tstruct sym_crypto_session *sym_crypto_session;\n+\tstruct rte_cryptodev_sym_session *session;\n+\tuint32_t cryptodev_id;\n+\tint status;\n+\n+\t/* Check input params */\n+\tif ((name == NULL) ||\n+\t\tsym_crypto_find(name) ||\n+\t\t(params->mp_create == NULL) ||\n+\t\t(params->mp_init == NULL) ||\n+\t\t(params->xforms == NULL))\n+\t\treturn NULL;\n+\n+\tif (params->dev_name) {\n+\t\tstatus = rte_cryptodev_get_dev_id(params->dev_name);\n+\t\tif (status == -1)\n+\t\t\treturn NULL;\n+\n+\t\tcryptodev_id = (uint32_t)status;\n+\t} else {\n+\t\tif (rte_cryptodev_pmd_is_valid_dev(params->cryptodev_id) == 0)\n+\t\t\treturn NULL;\n+\n+\t\tcryptodev_id = params->cryptodev_id;\n+\t}\n+\n+\tsession = rte_cryptodev_sym_session_create(params->mp_create);\n+\tif (session == NULL)\n+\t\treturn NULL;\n+\n+\tstatus = rte_cryptodev_sym_session_init(cryptodev_id, session,\n+\t\t\tparams->xforms, params->mp_init);\n+\tif (status < 0) {\n+\t\trte_cryptodev_sym_session_free(session);\n+\t\treturn NULL;\n+\t}\n+\n+\tsym_crypto_session = calloc(1, sizeof(struct sym_crypto_session));\n+\tif (sym_crypto_session == NULL) {\n+\t\trte_cryptodev_sym_session_clear(cryptodev_id, session);\n+\t\trte_cryptodev_sym_session_free(session);\n+\t\treturn NULL;\n+\t}\n+\n+\tstrlcpy(sym_crypto_session->name, name,\n+\t\t\tsizeof(sym_crypto_session->name));\n+\tsym_crypto_session->cryptodev_id = cryptodev_id;\n+\tsym_crypto_session->session = session;\n+\n+\tif (params->cipher_iv_len) {\n+\t\tsym_crypto_session->cipher_iv = calloc(1,\n+\t\t\t\tparams->cipher_iv_len);\n+\t\tif (sym_crypto_session->cipher_iv == NULL) {\n+\t\t\trte_cryptodev_sym_session_clear(cryptodev_id, session);\n+\t\t\trte_cryptodev_sym_session_free(session);\n+\t\t\tfree(sym_crypto_session);\n+\t\t\treturn NULL;\n+\t\t}\n+\t\tmemcpy(sym_crypto_session->cipher_iv, params->cipher_iv,\n+\t\t\t\tparams->cipher_iv_len);\n+\t\tsym_crypto_session->cipher_iv_len = params->cipher_iv_len;\n+\t}\n+\n+\tif (params->auth_iv_len) {\n+\t\tsym_crypto_session->auth_iv = calloc(1, params->auth_iv_len);\n+\t\tif (sym_crypto_session->auth_iv == NULL) {\n+\t\t\trte_cryptodev_sym_session_clear(cryptodev_id, session);\n+\t\t\trte_cryptodev_sym_session_free(session);\n+\t\t\tfree(sym_crypto_session);\n+\t\t\treturn NULL;\n+\t\t}\n+\t\tmemcpy(sym_crypto_session->auth_iv, params->auth_iv,\n+\t\t\t\tparams->auth_iv_len);\n+\t\tsym_crypto_session->auth_iv_len = params->auth_iv_len;\n+\t}\n+\n+\tif (params->aead_iv_len) {\n+\t\tsym_crypto_session->aead_iv = calloc(1, params->aead_iv_len);\n+\t\tif (sym_crypto_session->aead_iv == NULL) {\n+\t\t\trte_cryptodev_sym_session_clear(cryptodev_id, session);\n+\t\t\trte_cryptodev_sym_session_free(session);\n+\t\t\tfree(sym_crypto_session);\n+\t\t\treturn NULL;\n+\t\t}\n+\t\tmemcpy(sym_crypto_session->aead_iv, params->aead_iv,\n+\t\t\t\tparams->aead_iv_len);\n+\t\tsym_crypto_session->aead_iv_len = params->aead_iv_len;\n+\t}\n+\n+\tif (params->aead_aad_len) {\n+\t\tsym_crypto_session->aead_aad = calloc(1, params->aead_aad_len);\n+\t\tif (sym_crypto_session->aead_aad == NULL) {\n+\t\t\trte_cryptodev_sym_session_clear(cryptodev_id, session);\n+\t\t\trte_cryptodev_sym_session_free(session);\n+\t\t\tfree(sym_crypto_session);\n+\t\t\treturn NULL;\n+\t\t}\n+\t\tmemcpy(sym_crypto_session->aead_aad, params->aead_aad,\n+\t\t\t\tparams->aead_aad_len);\n+\t\tsym_crypto_session->aead_aad_len = params->aead_aad_len;\n+\t}\n+\n+\tmemcpy(&sym_crypto_session->xforms[0], params->xforms,\n+\t\t\tsizeof(struct rte_crypto_sym_xform));\n+\tif (params->xforms->next) {\n+\t\tmemcpy(&sym_crypto_session->xforms[1], params->xforms->next,\n+\t\t\tsizeof(struct rte_crypto_sym_xform));\n+\t\tsym_crypto_session->xforms[0].next =\n+\t\t\t\t&sym_crypto_session->xforms[1];\n+\t}\n+\n+\tTAILQ_INSERT_TAIL(&sym_crypto_session_list, sym_crypto_session, node);\n+\n+\treturn sym_crypto_session;\n+}\n+\n+int\n+sym_crypto_session_delete(const char *name)\n+{\n+\tstruct sym_crypto_session *sym_crypto_session =\n+\t\t\tsym_crypto_session_find(name);\n+\n+\tif (sym_crypto_session == NULL)\n+\t\treturn -1;\n+\n+\trte_cryptodev_sym_session_clear(sym_crypto_session->cryptodev_id,\n+\t\t\tsym_crypto_session->session);\n+\trte_cryptodev_sym_session_free(sym_crypto_session->session);\n+\n+\tif (sym_crypto_session->cipher_iv)\n+\t\tfree(sym_crypto_session->cipher_iv);\n+\n+\tif (sym_crypto_session->auth_iv)\n+\t\tfree(sym_crypto_session->auth_iv);\n+\n+\tif (sym_crypto_session->aead_iv)\n+\t\tfree(sym_crypto_session->aead_iv);\n+\n+\tif (sym_crypto_session->aead_aad)\n+\t\tfree(sym_crypto_session->aead_aad);\n+\n+\tmemset(sym_crypto_session, 0, sizeof(*sym_crypto_session));\n+\n+\treturn 0;\n+}\ndiff --git a/examples/ip_pipeline/sym_crypto.h b/examples/ip_pipeline/sym_crypto.h\nnew file mode 100644\nindex 000000000..b9c5e442e\n--- /dev/null\n+++ b/examples/ip_pipeline/sym_crypto.h\n@@ -0,0 +1,104 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2018 Intel Corporation\n+ */\n+\n+#ifndef _INCLUDE_SYM_C_H_\n+#define _INCLUDE_SYM_C_H_\n+\n+#include <stdint.h>\n+#include <sys/queue.h>\n+\n+#include <rte_cryptodev.h>\n+\n+#include \"common.h\"\n+\n+struct sym_crypto {\n+\tTAILQ_ENTRY(sym_crypto) node;\n+\tchar name[NAME_SIZE];\n+\tuint16_t cryptodev_id;\n+\tuint32_t op_offset;\n+\tuint32_t n_queues;\n+};\n+\n+TAILQ_HEAD(sym_crypto_list, sym_crypto);\n+\n+int\n+sym_crypto_init(void);\n+\n+struct sym_crypto *\n+sym_crypto_find(const char *name);\n+\n+struct sym_crypto *\n+sym_crypto_next(struct sym_crypto *sym_crypto);\n+\n+struct sym_crypto_params {\n+\tconst char *dev_name;\n+\tuint32_t cryptodev_id; /**< Valid only when *dev_name* is NULL. */\n+\tuint32_t n_queues;\n+\tuint32_t queue_size;\n+\tuint32_t cpu_id;\n+\tuint32_t op_offset;\n+};\n+\n+struct sym_crypto *\n+sym_crypto_create(const char *name, struct sym_crypto_params *params);\n+\n+int\n+sym_crypto_is_up(const char *name);\n+\n+struct sym_crypto_session {\n+\tTAILQ_ENTRY(sym_crypto_session) node;\n+\tchar name[NAME_SIZE];\n+\tuint32_t cryptodev_id;\n+\tstruct rte_crypto_sym_xform xforms[2];\n+\t/** Cipher IV */\n+\tuint8_t *cipher_iv;\n+\tuint32_t cipher_iv_len;\n+\tuint8_t *auth_iv;\n+\tuint32_t auth_iv_len;\n+\tuint8_t *aead_iv;\n+\tuint32_t aead_iv_len;\n+\tuint8_t *aead_aad;\n+\tuint32_t aead_aad_len;\n+\tuint32_t data_offset;\n+\tstruct rte_cryptodev_sym_session *session;\n+};\n+\n+TAILQ_HEAD(sym_crypto_session_list, sym_crypto_session);\n+\n+int\n+sym_crypto_session_init(void);\n+\n+struct sym_crypto_session *\n+sym_crypto_session_find(const char *name);\n+\n+struct sym_crypto_session *\n+sym_crypto_session_next(struct sym_crypto_session *sym_crypto_session);\n+\n+struct sym_crypto_session_params {\n+\tconst char *dev_name;\n+\tuint32_t cryptodev_id; /**< Valid only when *dev_name* is NULL. */\n+\n+\tstruct rte_crypto_sym_xform *xforms;\n+\tstruct rte_mempool *mp_create;\n+\tstruct rte_mempool *mp_init;\n+\t/** Cipher IV */\n+\tuint8_t *cipher_iv;\n+\tuint32_t cipher_iv_len;\n+\tuint8_t *auth_iv;\n+\tuint32_t auth_iv_len;\n+\tuint8_t *aead_iv;\n+\tuint32_t aead_iv_len;\n+\tuint8_t *aead_aad;\n+\tuint32_t aead_aad_len;\n+\tuint32_t data_offset;\n+};\n+\n+struct sym_crypto_session *\n+sym_crypto_session_create(const char *name,\n+\t\tstruct sym_crypto_session_params *params);\n+\n+int\n+sym_crypto_session_delete(const char *name);\n+\n+#endif\ndiff --git a/examples/ip_pipeline/thread.c b/examples/ip_pipeline/thread.c\nindex 7fc03332e..ca741952a 100644\n--- a/examples/ip_pipeline/thread.c\n+++ b/examples/ip_pipeline/thread.c\n@@ -2476,6 +2476,16 @@ action_convert(struct rte_table_action *a,\n \t\t\treturn status;\n \t}\n \n+\tif (action->action_mask & (1LLU << RTE_TABLE_ACTION_SYM_CRYPTO)) {\n+\t\tstatus = rte_table_action_apply(a,\n+\t\t\tdata,\n+\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO,\n+\t\t\t&action->sym_crypto);\n+\n+\t\tif (status)\n+\t\t\treturn status;\n+\t}\n+\n \treturn 0;\n }\n \ndiff --git a/lib/librte_pipeline/rte_table_action.c b/lib/librte_pipeline/rte_table_action.c\nindex a958aa82a..866a714a8 100644\n--- a/lib/librte_pipeline/rte_table_action.c\n+++ b/lib/librte_pipeline/rte_table_action.c\n@@ -1,7 +1,6 @@\n /* SPDX-License-Identifier: BSD-3-Clause\n * Copyright(c) 2010-2018 Intel Corporation\n */\n-\n #include <stdlib.h>\n #include <string.h>\n \n@@ -1228,8 +1227,6 @@ pkt_work_time(struct time_data *data,\n #define CRYPTO_OP_MASK_CIPHER\t0x1\n #define CRYPTO_OP_MASK_AUTH\t0x2\n #define CRYPTO_OP_MASK_AEAD\t0x4\n-#define CRYPTO_IV_OFFSET\t\t\t\t\t\t\\\n-\tsizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op)\n \n struct crypto_op_sym_iv_aad {\n \tstruct rte_crypto_op op;\n@@ -1312,21 +1309,17 @@ struct sym_crypto_data {\n \t/** Session pointer. */\n \tstruct rte_cryptodev_sym_session *session;\n \n-\t/** Private data size to store cipher iv / aad. */\n-\tuint8_t iv_aad_data[0];\n-\n \t/** Direction of crypto, encrypt or decrypt */\n \tuint16_t direction;\n \n+\t/** Private data size to store cipher iv / aad. */\n+\tuint8_t iv_aad_data[32];\n+\n } __attribute__((__packed__));\n \n static int\n sym_crypto_cfg_check(struct rte_table_action_sym_crypto_config *cfg)\n {\n-\tif (cfg->mempool_session_create == NULL ||\n-\t\t\tcfg->mempool_session_init == NULL)\n-\t\treturn -EINVAL;\n-\n \tif (cfg->cryptodev_id >= rte_cryptodev_count())\n \t\treturn -EINVAL;\n \n@@ -1336,18 +1329,20 @@ sym_crypto_cfg_check(struct rte_table_action_sym_crypto_config *cfg)\n static int\n get_block_size(const struct rte_crypto_sym_xform *xform, uint8_t cdev_id)\n {\n-\tunsigned int i = 0;\n \tstruct rte_cryptodev_info dev_info;\n \tconst struct rte_cryptodev_capabilities *cap;\n+\tuint32_t i;\n \n \trte_cryptodev_info_get(cdev_id, &dev_info);\n-\tcap = &dev_info.capabilities[0];\n \n-\twhile (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {\n+\tfor (i = 0;; i++) {\n+\t\tcap = &dev_info.capabilities[i];\n+\t\tif (!cap)\n+\t\t\tbreak;\n+\n \t\tif (cap->sym.xform_type != xform->type)\n \t\t\tcontinue;\n \n-\n \t\tif ((xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&\n \t\t\t\t(cap->sym.cipher.algo == xform->cipher.algo))\n \t\t\treturn cap->sym.cipher.block_size;\n@@ -1356,7 +1351,8 @@ get_block_size(const struct rte_crypto_sym_xform *xform, uint8_t cdev_id)\n \t\t\t\t(cap->sym.aead.algo == xform->aead.algo))\n \t\t\treturn cap->sym.aead.block_size;\n \n-\t\tcap = &dev_info.capabilities[++i];\n+\t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED)\n+\t\t\tbreak;\n \t}\n \n \treturn -1;\n@@ -1367,11 +1363,10 @@ sym_crypto_apply(struct sym_crypto_data *data,\n \tstruct rte_table_action_sym_crypto_config *cfg,\n \tstruct rte_table_action_sym_crypto_params *p)\n {\n-\tstruct rte_cryptodev_sym_session *sess;\n-\tstruct rte_crypto_sym_xform *xform = p->xform;\n-\tstruct rte_crypto_cipher_xform *cipher_xform = NULL;\n-\tstruct rte_crypto_auth_xform *auth_xform = NULL;\n-\tstruct rte_crypto_aead_xform *aead_xform = NULL;\n+\tconst struct rte_crypto_sym_xform *xform = p->xform;\n+\tconst struct rte_crypto_cipher_xform *cipher_xform = NULL;\n+\tconst struct rte_crypto_auth_xform *auth_xform = NULL;\n+\tconst struct rte_crypto_aead_xform *aead_xform = NULL;\n \tint ret;\n \n \tmemset(data, 0, sizeof(*data));\n@@ -1383,6 +1378,9 @@ sym_crypto_apply(struct sym_crypto_data *data,\n \t\t\tif (cipher_xform->iv.length >\n \t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX)\n \t\t\treturn -ENOMEM;\n+\t\t\tif (cipher_xform->iv.offset !=\n+\t\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET)\n+\t\t\t\treturn -EINVAL;\n \n \t\t\tret = get_block_size(xform, cfg->cryptodev_id);\n \t\t\tif (ret < 0)\n@@ -1390,12 +1388,12 @@ sym_crypto_apply(struct sym_crypto_data *data,\n \t\t\tdata->block_size = (uint16_t)ret;\n \t\t\tdata->op_mask |= CRYPTO_OP_MASK_CIPHER;\n \n-\t\t\tdata->cipher_auth.cipher_iv_data_offset = (uint16_t)\n-\t\t\t\t\tp->cipher_auth.cipher_iv.offset;\n \t\t\tdata->cipher_auth.cipher_iv_len =\n \t\t\t\t\tcipher_xform->iv.length;\n+\t\t\tdata->cipher_auth.cipher_iv_data_offset = (uint16_t)\n+\t\t\t\t\tp->cipher_auth.cipher_iv_update.offset;\n \t\t\tdata->cipher_auth.cipher_iv_update_len = (uint16_t)\n-\t\t\t\t\tp->cipher_auth.cipher_iv.length;\n+\t\t\t\t\tp->cipher_auth.cipher_iv_update.length;\n \n \t\t\trte_memcpy(data->iv_aad_data,\n \t\t\t\t\tp->cipher_auth.cipher_iv.val,\n@@ -1403,8 +1401,6 @@ sym_crypto_apply(struct sym_crypto_data *data,\n \n \t\t\tdata->direction = cipher_xform->op;\n \n-\t\t\tcipher_xform->iv.offset = CRYPTO_IV_OFFSET;\n-\n \t\t} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {\n \t\t\tauth_xform = &xform->auth;\n \t\t\tif (auth_xform->iv.length >\n@@ -1412,17 +1408,13 @@ sym_crypto_apply(struct sym_crypto_data *data,\n \t\t\t\treturn -ENOMEM;\n \t\t\tdata->op_mask |= CRYPTO_OP_MASK_AUTH;\n \n-\t\t\tdata->cipher_auth.auth_iv_data_offset =\n-\t\t\t\t\t(uint16_t)p->cipher_auth.auth_iv.offset;\n \t\t\tdata->cipher_auth.auth_iv_len = auth_xform->iv.length;\n+\t\t\tdata->cipher_auth.auth_iv_data_offset = (uint16_t)\n+\t\t\t\t\tp->cipher_auth.auth_iv_update.offset;\n \t\t\tdata->cipher_auth.auth_iv_update_len = (uint16_t)\n-\t\t\t\t\tp->cipher_auth.auth_iv.length;\n+\t\t\t\t\tp->cipher_auth.auth_iv_update.length;\n \t\t\tdata->digest_len = auth_xform->digest_length;\n \n-\t\t\tif (auth_xform->iv.length)\n-\t\t\t\tauth_xform->iv.offset = CRYPTO_IV_OFFSET +\n-\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX;\n-\n \t\t\tdata->direction = (auth_xform->op ==\n \t\t\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE) ?\n \t\t\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT :\n@@ -1436,26 +1428,28 @@ sym_crypto_apply(struct sym_crypto_data *data,\n \t\t\t\taead_xform->aad_length >\n \t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_AAD_SIZE_MAX))\n \t\t\t\treturn -EINVAL;\n+\t\t\tif (aead_xform->iv.offset !=\n+\t\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET)\n+\t\t\t\treturn -EINVAL;\n \n \t\t\tret = get_block_size(xform, cfg->cryptodev_id);\n \t\t\tif (ret < 0)\n \t\t\t\treturn -1;\n \t\t\tdata->block_size = (uint16_t)ret;\n \t\t\tdata->op_mask |= CRYPTO_OP_MASK_AEAD;\n-\t\t\tdata->digest_len = aead_xform->digest_length;\n \n-\t\t\tdata->aead.iv_data_offset = (uint16_t)p->aead.iv.offset;\n+\t\t\tdata->digest_len = aead_xform->digest_length;\n \t\t\tdata->aead.iv_len = aead_xform->iv.length;\n-\t\t\tdata->aead.iv_update_len = (uint16_t)p->aead.iv.length;\n-\n-\t\t\tdata->aead.aad_data_offset = (uint16_t)\n-\t\t\t\t\tp->aead.aad.offset;\n \t\t\tdata->aead.aad_len = aead_xform->aad_length;\n-\t\t\tdata->aead.aad_update_len =\n-\t\t\t\t\t(uint16_t)p->aead.aad.length;\n \n-\t\t\tif (aead_xform->iv.length)\n-\t\t\t\taead_xform->iv.offset = CRYPTO_IV_OFFSET;\n+\t\t\tdata->aead.iv_data_offset = (uint16_t)\n+\t\t\t\t\tp->aead.iv_update.offset;\n+\t\t\tdata->aead.iv_update_len = (uint16_t)\n+\t\t\t\t\tp->aead.iv_update.length;\n+\t\t\tdata->aead.aad_data_offset = (uint16_t)\n+\t\t\t\t\tp->aead.aad_update.offset;\n+\t\t\tdata->aead.aad_update_len = (uint16_t)\n+\t\t\t\t\tp->aead.aad_update.length;\n \n \t\t\trte_memcpy(data->iv_aad_data,\n \t\t\t\t\tp->aead.iv.val,\n@@ -1475,22 +1469,25 @@ sym_crypto_apply(struct sym_crypto_data *data,\n \t\txform = xform->next;\n \t}\n \n-\tdata->data_offset = (uint16_t)p->data_offset;\n-\n-\tsess = rte_cryptodev_sym_session_create(cfg->mempool_session_create);\n-\tif (!sess) {\n-\t\tmemset(data, 0, sizeof(*data));\n-\t\treturn -ENOMEM;\n-\t}\n+\tif (auth_xform && auth_xform->iv.length) {\n+\t\tif (cipher_xform) {\n+\t\t\tif (auth_xform->iv.offset !=\n+\t\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET +\n+\t\t\t\t\tcipher_xform->iv.length)\n+\t\t\t\treturn -EINVAL;\n \n-\tret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, sess, xform,\n-\t\t\tcfg->mempool_session_init);\n-\tif (ret < 0) {\n-\t\tmemset(data, 0, sizeof(*data));\n-\t\treturn ret;\n+\t\t\trte_memcpy(data->iv_aad_data + cipher_xform->iv.length,\n+\t\t\t\t\tp->cipher_auth.auth_iv.val,\n+\t\t\t\t\tp->cipher_auth.auth_iv.length);\n+\t\t} else {\n+\t\t\trte_memcpy(data->iv_aad_data,\n+\t\t\t\t\tp->cipher_auth.auth_iv.val,\n+\t\t\t\t\tp->cipher_auth.auth_iv.length);\n+\t\t}\n \t}\n \n-\tdata->session = sess;\n+\tdata->data_offset = (uint16_t)p->data_offset;\n+\tdata->session = p->session;\n \n \treturn 0;\n }\n@@ -1503,36 +1500,39 @@ pkt_work_sym_crypto(struct rte_mbuf *mbuf, struct sym_crypto_data *data,\n \tstruct crypto_op_sym_iv_aad *crypto_op = (struct crypto_op_sym_iv_aad *)\n \t\t\tRTE_MBUF_METADATA_UINT8_PTR(mbuf, cfg->op_offset);\n \tstruct rte_crypto_op *op = &crypto_op->op;\n-\tuint16_t rel_ip_offset = ip_offset - mbuf->data_off;\n-\tuint16_t payload_len = 0;\n+\tstruct rte_crypto_sym_op *sym = op->sym;\n+\tuint16_t rel_ip_offset = ip_offset - mbuf->data_off - mbuf->priv_size -\n+\t\t\tRTE_PKTMBUF_HEADROOM;\n+\tuint32_t payload_len = mbuf->pkt_len - rel_ip_offset -\n+\t\t\tdata->data_offset;\n \n-\top->sym->m_src = mbuf;\n-\top->sym->m_dst = NULL;\n \top->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;\n \top->sess_type = RTE_CRYPTO_OP_WITH_SESSION;\n-\top->phys_addr = rte_pktmbuf_iova_offset(mbuf, cfg->op_offset);\n+\top->phys_addr = mbuf->buf_iova + cfg->op_offset - sizeof(*mbuf);\n \top->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;\n-\top->sym->session = data->session;\n+\tsym->m_src = mbuf;\n+\tsym->m_dst = NULL;\n+\tsym->session = data->session;\n \n \t/** pad the packet */\n \tif (data->direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n-\t\tpayload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(mbuf) -\n-\t\t\t\t(data->data_offset + rel_ip_offset),\n-\t\t\t\tdata->block_size) - rte_pktmbuf_pkt_len(mbuf);\n+\t\tuint32_t append_len = RTE_ALIGN_CEIL(payload_len,\n+\t\t\t\tdata->block_size) - payload_len;\n \n-\t\tif (unlikely(rte_pktmbuf_append(mbuf, payload_len +\n+\t\tif (unlikely(rte_pktmbuf_append(mbuf, append_len +\n \t\t\t\tdata->digest_len) == NULL))\n \t\t\treturn 1;\n-\t}\n \n-\tpayload_len = rte_pktmbuf_pkt_len(mbuf);\n+\t\tpayload_len += append_len;\n+\t} else\n+\t\tpayload_len -= data->digest_len;\n \n \tif (data->op_mask & CRYPTO_OP_MASK_CIPHER) {\n \t\t/** prepare cipher op */\n \t\tuint8_t *iv = crypto_op->iv_aad.cipher_auth.cipher_iv;\n \n-\t\top->sym->cipher.data.length = payload_len;\n-\t\top->sym->cipher.data.offset = data->data_offset + rel_ip_offset;\n+\t\tsym->cipher.data.length = payload_len;\n+\t\tsym->cipher.data.offset = rel_ip_offset + data->data_offset;\n \n \t\tif (data->cipher_auth.cipher_iv_update_len) {\n \t\t\tuint8_t *pkt_iv = RTE_MBUF_METADATA_UINT8_PTR(mbuf,\n@@ -1556,12 +1556,12 @@ pkt_work_sym_crypto(struct rte_mbuf *mbuf, struct sym_crypto_data *data,\n \t}\n \n \tif (data->op_mask & CRYPTO_OP_MASK_AUTH) {\n-\t\top->sym->auth.data.offset = rel_ip_offset;\n-\t\top->sym->auth.data.length = payload_len;\n-\t\top->sym->auth.digest.data = rte_pktmbuf_mtod_offset(mbuf,\n+\t\tsym->auth.data.offset = rel_ip_offset;\n+\t\tsym->auth.data.length = payload_len + data->data_offset;\n+\t\tsym->auth.digest.data = rte_pktmbuf_mtod_offset(mbuf,\n \t\t\t\tuint8_t *, rte_pktmbuf_pkt_len(mbuf) -\n \t\t\t\tdata->digest_len);\n-\t\top->sym->auth.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf,\n+\t\tsym->auth.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf,\n \t\t\t\trte_pktmbuf_pkt_len(mbuf) - data->digest_len);\n \n \t\tif (data->cipher_auth.auth_iv_update_len) {\n@@ -1593,17 +1593,19 @@ pkt_work_sym_crypto(struct rte_mbuf *mbuf, struct sym_crypto_data *data,\n \t\tuint8_t *iv = crypto_op->iv_aad.aead_iv_aad.iv;\n \t\tuint8_t *aad = crypto_op->iv_aad.aead_iv_aad.aad;\n \n-\t\top->sym->aead.aad.data = aad;\n-\t\top->sym->aead.aad.phys_addr = op->phys_addr +\n-\t\t\t\tCRYPTO_IV_OFFSET +\n-\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX;\n-\t\top->sym->aead.digest.data = rte_pktmbuf_mtod_offset(mbuf,\n+\t\tsym->aead.aad.data = aad;\n+\t\tsym->aead.aad.phys_addr = rte_pktmbuf_iova_offset(mbuf,\n+\t\t\t\taad - rte_pktmbuf_mtod(mbuf, uint8_t *));\n+\t\t/*sym->aead.aad.phys_addr = op->phys_addr +\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET +\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX;*/\n+\t\tsym->aead.digest.data = rte_pktmbuf_mtod_offset(mbuf,\n \t\t\t\tuint8_t *, rte_pktmbuf_pkt_len(mbuf) -\n \t\t\t\tdata->digest_len);\n-\t\top->sym->aead.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf,\n+\t\tsym->aead.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf,\n \t\t\t\trte_pktmbuf_pkt_len(mbuf) - data->digest_len);\n-\t\top->sym->aead.data.offset = data->data_offset + rel_ip_offset;\n-\t\top->sym->aead.data.length = payload_len;\n+\t\tsym->aead.data.offset = data->data_offset + rel_ip_offset;\n+\t\tsym->aead.data.length = payload_len;\n \n \t\tif (data->aead.iv_update_len) {\n \t\t\tuint8_t *pkt_iv = RTE_MBUF_METADATA_UINT8_PTR(mbuf,\n@@ -1678,7 +1680,7 @@ struct ap_config {\n \tstruct rte_table_action_nat_config nat;\n \tstruct rte_table_action_ttl_config ttl;\n \tstruct rte_table_action_stats_config stats;\n-\tstruct rte_table_action_sym_crypto_config crypto;\n+\tstruct rte_table_action_sym_crypto_config sym_crypto;\n };\n \n static size_t\n@@ -1733,7 +1735,7 @@ action_cfg_get(struct ap_config *ap_config,\n \t\treturn &ap_config->stats;\n \n \tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n-\t\treturn &ap_config->crypto;\n+\t\treturn &ap_config->sym_crypto;\n \tdefault:\n \t\treturn NULL;\n \t}\n@@ -1790,6 +1792,9 @@ action_data_size(enum rte_table_action_type action,\n \tcase RTE_TABLE_ACTION_TIME:\n \t\treturn sizeof(struct time_data);\n \n+\tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n+\t\treturn (sizeof(struct sym_crypto_data));\n+\n \tdefault:\n \t\treturn 0;\n \t}\n@@ -2044,7 +2049,7 @@ rte_table_action_apply(struct rte_table_action *action,\n \n \tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n \t\treturn sym_crypto_apply(action_data,\n-\t\t\t\t&action->cfg.crypto,\n+\t\t\t\t&action->cfg.sym_crypto,\n \t\t\t\taction_params);\n \n \tdefault:\n@@ -2408,7 +2413,7 @@ pkt_work(struct rte_mbuf *mbuf,\n \t\tvoid *data = action_data_get(table_entry, action,\n \t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO);\n \n-\t\tdrop_mask |= pkt_work_sym_crypto(mbuf, data, &cfg->crypto,\n+\t\tdrop_mask |= pkt_work_sym_crypto(mbuf, data, &cfg->sym_crypto,\n \t\t\t\tip_offset);\n \t}\n \n@@ -2710,13 +2715,13 @@ pkt4_work(struct rte_mbuf **mbufs,\n \t\tvoid *data3 = action_data_get(table_entry3, action,\n \t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO);\n \n-\t\tdrop_mask0 |= pkt_work_sym_crypto(mbuf0, data0, &cfg->crypto,\n+\t\tdrop_mask0 |= pkt_work_sym_crypto(mbuf0, data0, &cfg->sym_crypto,\n \t\t\t\tip_offset);\n-\t\tdrop_mask1 |= pkt_work_sym_crypto(mbuf1, data1, &cfg->crypto,\n+\t\tdrop_mask1 |= pkt_work_sym_crypto(mbuf1, data1, &cfg->sym_crypto,\n \t\t\t\tip_offset);\n-\t\tdrop_mask2 |= pkt_work_sym_crypto(mbuf2, data2, &cfg->crypto,\n+\t\tdrop_mask2 |= pkt_work_sym_crypto(mbuf2, data2, &cfg->sym_crypto,\n \t\t\t\tip_offset);\n-\t\tdrop_mask3 |= pkt_work_sym_crypto(mbuf3, data3, &cfg->crypto,\n+\t\tdrop_mask3 |= pkt_work_sym_crypto(mbuf3, data3, &cfg->sym_crypto,\n \t\t\t\tip_offset);\n \t}\n \ndiff --git a/lib/librte_pipeline/rte_table_action.h b/lib/librte_pipeline/rte_table_action.h\nindex 897f42308..cf47ebfc9 100644\n--- a/lib/librte_pipeline/rte_table_action.h\n+++ b/lib/librte_pipeline/rte_table_action.h\n@@ -910,12 +910,6 @@ struct rte_table_action_sym_crypto_config {\n \t/** Target Cryptodev ID. */\n \tuint8_t cryptodev_id;\n \n-\t/** Crypto Session mempool. */\n-\tstruct rte_mempool *mempool_session_create;\n-\n-\t/** Crypto session init mempool, used for init cryptodev session. */\n-\tstruct rte_mempool *mempool_session_init;\n-\n \t/** The offset to fetch rte_crypto_op. */\n \tuint32_t op_offset;\n };\n@@ -928,6 +922,11 @@ struct rte_table_action_sym_crypto_config {\n #define RTE_TABLE_ACTION_SYM_CRYPTO_AAD_SIZE_MAX\t(16)\n #endif\n \n+#ifndef RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET\n+#define RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET\t\t\t\t\\\n+\tsizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op)\n+#endif\n+\n /** Common action structure to store the data's value, length, and offset */\n struct rte_table_action_vlo {\n \tuint8_t *val;\n@@ -939,7 +938,10 @@ struct rte_table_action_vlo {\n struct rte_table_action_sym_crypto_params {\n \n \t/** Xform pointer contains all relevant information */\n-\tstruct rte_crypto_sym_xform *xform;\n+\tconst struct rte_crypto_sym_xform *xform;\n+\n+\t/** Application created cryptodev symmetric session */\n+\tstruct rte_cryptodev_sym_session *session;\n \n \t/**\n \t * Offset from start of IP packet to the first packet byte to be\n@@ -952,9 +954,15 @@ struct rte_table_action_sym_crypto_params {\n \t\t\t/** Cipher iv data, offset from start of ip header */\n \t\t\tstruct rte_table_action_vlo cipher_iv;\n \n+\t\t\t/** Cipher iv data, offset from start of ip header */\n+\t\t\tstruct rte_table_action_vlo cipher_iv_update;\n+\n \t\t\t/** Auth iv data, offset from start of ip header */\n \t\t\tstruct rte_table_action_vlo auth_iv;\n \n+\t\t\t/** Auth iv data, offset from start of ip header */\n+\t\t\tstruct rte_table_action_vlo auth_iv_update;\n+\n \t\t} cipher_auth;\n \n \t\tstruct {\n@@ -964,6 +972,12 @@ struct rte_table_action_sym_crypto_params {\n \t\t\t/** AEAD iv data, offset from start of ip header */\n \t\t\tstruct rte_table_action_vlo iv;\n \n+\t\t\t/** AEAD AAD data, offset from start of ip header */\n+\t\t\tstruct rte_table_action_vlo aad_update;\n+\n+\t\t\t/** AEAD iv data, offset from start of ip header */\n+\t\t\tstruct rte_table_action_vlo iv_update;\n+\n \t\t} aead;\n \t};\n };\n", "prefixes": [] }