Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/95377/?format=api
{ "id": 95377, "url": "https://patches.dpdk.org/api/patches/95377/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20210706112904.3094598-9-radu.nicolau@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210706112904.3094598-9-radu.nicolau@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210706112904.3094598-9-radu.nicolau@intel.com", "date": "2021-07-06T11:29:03", "name": "[RFC,08/10] ipsec: add support for SA telemetry", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "8c2646c6a19e5b666ecbc907a07bf86db00324cd", "submitter": { "id": 743, "url": "https://patches.dpdk.org/api/people/743/?format=api", "name": "Radu Nicolau", "email": "radu.nicolau@intel.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20210706112904.3094598-9-radu.nicolau@intel.com/mbox/", "series": [ { "id": 17663, "url": "https://patches.dpdk.org/api/series/17663/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=17663", "date": "2021-07-06T11:28:55", "name": "new features for ipsec and security libraries", "version": 1, "mbox": "https://patches.dpdk.org/series/17663/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/95377/comments/", "check": "warning", "checks": "https://patches.dpdk.org/api/patches/95377/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id CD6E4A0C47;\n\tTue, 6 Jul 2021 13:40:05 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id A053E412B2;\n\tTue, 6 Jul 2021 13:39:30 +0200 (CEST)", "from mga14.intel.com (mga14.intel.com [192.55.52.115])\n by mails.dpdk.org (Postfix) with ESMTP id 420E3412A1\n for <dev@dpdk.org>; Tue, 6 Jul 2021 13:39:28 +0200 (CEST)", "from fmsmga002.fm.intel.com ([10.253.24.26])\n by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 06 Jul 2021 04:39:27 -0700", "from silpixa00400884.ir.intel.com ([10.243.22.82])\n by fmsmga002.fm.intel.com with ESMTP; 06 Jul 2021 04:39:24 -0700" ], "X-IronPort-AV": [ "E=McAfee;i=\"6200,9189,10036\"; a=\"208917724\"", "E=Sophos;i=\"5.83,328,1616482800\"; d=\"scan'208\";a=\"208917724\"", "E=Sophos;i=\"5.83,328,1616482800\"; d=\"scan'208\";a=\"496572009\"" ], "X-ExtLoop1": "1", "From": "Radu Nicolau <radu.nicolau@intel.com>", "To": "Konstantin Ananyev <konstantin.ananyev@intel.com>,\n Bernard Iremonger <bernard.iremonger@intel.com>,\n Vladimir Medvedkin <vladimir.medvedkin@intel.com>,\n Ray Kinsella <mdr@ashroe.eu>, Neil Horman <nhorman@tuxdriver.com>", "Cc": "dev@dpdk.org, Radu Nicolau <radu.nicolau@intel.com>,\n Declan Doherty <declan.doherty@intel.com>,\n Abhijit Sinha <abhijits.sinha@intel.com>,\n Daniel Martin Buckley <daniel.m.buckley@intel.com>", "Date": "Tue, 6 Jul 2021 12:29:03 +0100", "Message-Id": "<20210706112904.3094598-9-radu.nicolau@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20210706112904.3094598-1-radu.nicolau@intel.com>", "References": "<20210706112904.3094598-1-radu.nicolau@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [RFC 08/10] ipsec: add support for SA telemetry", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add telemetry support for ipsec SAs\n\nSigned-off-by: Declan Doherty <declan.doherty@intel.com>\nSigned-off-by: Radu Nicolau <radu.nicolau@intel.com>\nSigned-off-by: Abhijit Sinha <abhijits.sinha@intel.com>\nSigned-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>\n---\n lib/ipsec/esp_inb.c | 1 +\n lib/ipsec/esp_outb.c | 12 +-\n lib/ipsec/meson.build | 2 +-\n lib/ipsec/rte_ipsec.h | 11 ++\n lib/ipsec/sa.c | 255 +++++++++++++++++++++++++++++++++++++++++-\n lib/ipsec/sa.h | 21 ++++\n lib/ipsec/version.map | 8 ++\n 7 files changed, 304 insertions(+), 6 deletions(-)", "diff": "diff --git a/lib/ipsec/esp_inb.c b/lib/ipsec/esp_inb.c\nindex a6ab8fbdd5..8cb4c16302 100644\n--- a/lib/ipsec/esp_inb.c\n+++ b/lib/ipsec/esp_inb.c\n@@ -722,6 +722,7 @@ esp_inb_pkt_process(struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],\n \n \t/* process packets, extract seq numbers */\n \tk = process(sa, mb, sqn, dr, num, sqh_len);\n+\tsa->statistics.count += k;\n \n \t/* handle unprocessed mbufs */\n \tif (k != num && k != 0)\ndiff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c\nindex e550d320da..dc92dd7aab 100644\n--- a/lib/ipsec/esp_outb.c\n+++ b/lib/ipsec/esp_outb.c\n@@ -617,7 +617,7 @@ uint16_t\n esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],\n \tuint16_t num)\n {\n-\tuint32_t i, k, icv_len, *icv;\n+\tuint32_t i, k, icv_len, *icv, bytes;\n \tstruct rte_mbuf *ml;\n \tstruct rte_ipsec_sa *sa;\n \tuint32_t dr[num];\n@@ -626,10 +626,12 @@ esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],\n \n \tk = 0;\n \ticv_len = sa->icv_len;\n+\tbytes = 0;\n \n \tfor (i = 0; i != num; i++) {\n \t\tif ((mb[i]->ol_flags & PKT_RX_SEC_OFFLOAD_FAILED) == 0) {\n \t\t\tml = rte_pktmbuf_lastseg(mb[i]);\n+\t\t\tbytes += mb[i]->data_len;\n \t\t\t/* remove high-order 32 bits of esn from packet len */\n \t\t\tmb[i]->pkt_len -= sa->sqh_len;\n \t\t\tml->data_len -= sa->sqh_len;\n@@ -640,6 +642,8 @@ esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],\n \t\t} else\n \t\t\tdr[i - k] = i;\n \t}\n+\tsa->statistics.count += k;\n+\tsa->statistics.bytes += bytes - (sa->hdr_len * k);\n \n \t/* handle unprocessed mbufs */\n \tif (k != num) {\n@@ -659,16 +663,19 @@ static inline void\n inline_outb_mbuf_prepare(const struct rte_ipsec_session *ss,\n \tstruct rte_mbuf *mb[], uint16_t num)\n {\n-\tuint32_t i, ol_flags;\n+\tuint32_t i, ol_flags, bytes = 0;\n \n \tol_flags = ss->security.ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA;\n \tfor (i = 0; i != num; i++) {\n \n \t\tmb[i]->ol_flags |= PKT_TX_SEC_OFFLOAD;\n+\t\tbytes += mb[i]->data_len;\n \t\tif (ol_flags != 0)\n \t\t\trte_security_set_pkt_metadata(ss->security.ctx,\n \t\t\t\tss->security.ses, mb[i], NULL);\n \t}\n+\tss->sa->statistics.count += num;\n+\tss->sa->statistics.bytes += bytes - (ss->sa->hdr_len * num);\n }\n \n /* check if packet will exceed MSS and segmentation is required */\n@@ -752,6 +759,7 @@ inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss,\n \t\t\tsqn += nb_segs[i] - 1;\n \t}\n \n+\n \t/* copy not processed mbufs beyond good ones */\n \tif (k != num && k != 0)\n \t\tmove_bad_mbufs(mb, dr, num, num - k);\ndiff --git a/lib/ipsec/meson.build b/lib/ipsec/meson.build\nindex 1497f573bb..f5e44cfe47 100644\n--- a/lib/ipsec/meson.build\n+++ b/lib/ipsec/meson.build\n@@ -6,4 +6,4 @@ sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad.c')\n headers = files('rte_ipsec.h', 'rte_ipsec_sa.h', 'rte_ipsec_sad.h')\n indirect_headers += files('rte_ipsec_group.h')\n \n-deps += ['mbuf', 'net', 'cryptodev', 'security', 'hash']\n+deps += ['mbuf', 'net', 'cryptodev', 'security', 'hash', 'telemetry']\ndiff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h\nindex dd60d95915..d34798bc7f 100644\n--- a/lib/ipsec/rte_ipsec.h\n+++ b/lib/ipsec/rte_ipsec.h\n@@ -158,6 +158,17 @@ rte_ipsec_pkt_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],\n \treturn ss->pkt_func.process(ss, mb, num);\n }\n \n+\n+struct rte_ipsec_telemetry;\n+\n+__rte_experimental\n+int\n+rte_ipsec_telemetry_init(void);\n+\n+__rte_experimental\n+int\n+rte_ipsec_telemetry_sa_add(struct rte_ipsec_sa *sa);\n+\n #include <rte_ipsec_group.h>\n \n #ifdef __cplusplus\ndiff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c\nindex 8e369e4618..bbbf673d8b 100644\n--- a/lib/ipsec/sa.c\n+++ b/lib/ipsec/sa.c\n@@ -7,7 +7,7 @@\n #include <rte_ip.h>\n #include <rte_errno.h>\n #include <rte_cryptodev.h>\n-\n+#include <rte_telemetry.h>\n #include \"sa.h\"\n #include \"ipsec_sqn.h\"\n #include \"crypto.h\"\n@@ -25,6 +25,7 @@ struct crypto_xform {\n \tstruct rte_crypto_aead_xform *aead;\n };\n \n+\n /*\n * helper routine, fills internal crypto_xform structure.\n */\n@@ -532,6 +533,249 @@ rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm)\n \twsz = prm->ipsec_xform.replay_win_sz;\n \treturn ipsec_sa_size(type, &wsz, &nb);\n }\n+struct rte_ipsec_telemetry {\n+\tbool initialized;\n+\tLIST_HEAD(, rte_ipsec_sa) sa_list_head;\n+};\n+\n+#include <rte_malloc.h>\n+\n+static struct rte_ipsec_telemetry rte_ipsec_telemetry_instance = {\n+\t.initialized = false };\n+\n+static int\n+handle_telemetry_cmd_ipsec_sa_list(const char *cmd __rte_unused,\n+\t\tconst char *params __rte_unused,\n+\t\tstruct rte_tel_data *data)\n+{\n+\tstruct rte_ipsec_telemetry *telemetry = &rte_ipsec_telemetry_instance;\n+\tstruct rte_ipsec_sa *sa;\n+\n+\trte_tel_data_start_array(data, RTE_TEL_U64_VAL);\n+\n+\tLIST_FOREACH(sa, &telemetry->sa_list_head, telemetry_next) {\n+\t\trte_tel_data_add_array_u64(data, htonl(sa->spi));\n+\t}\n+\n+\treturn 0;\n+}\n+\n+/**\n+ * Handle IPsec SA statistics telemetry request\n+ *\n+ * Return dict of SA's with dict of key/value counters\n+ *\n+ * {\n+ * \"SA_SPI_XX\": {\"count\": 0, \"bytes\": 0, \"errors\": 0},\n+ * \"SA_SPI_YY\": {\"count\": 0, \"bytes\": 0, \"errors\": 0}\n+ * }\n+ *\n+ */\n+static int\n+handle_telemetry_cmd_ipsec_sa_stats(const char *cmd __rte_unused,\n+\t\tconst char *params,\n+\t\tstruct rte_tel_data *data)\n+{\n+\tstruct rte_ipsec_telemetry *telemetry = &rte_ipsec_telemetry_instance;\n+\tstruct rte_ipsec_sa *sa;\n+\tbool user_specified_spi = false;\n+\tuint32_t sa_spi;\n+\n+\tif (params) {\n+\t\tuser_specified_spi = true;\n+\t\tsa_spi = htonl((uint32_t)atoi(params));\n+\t}\n+\n+\trte_tel_data_start_dict(data);\n+\n+\tLIST_FOREACH(sa, &telemetry->sa_list_head, telemetry_next) {\n+\t\tchar sa_name[64];\n+\n+\t\tstatic const char *name_pkt_cnt = \"count\";\n+\t\tstatic const char *name_byte_cnt = \"bytes\";\n+\t\tstatic const char *name_error_cnt = \"errors\";\n+\t\tstruct rte_tel_data *sa_data;\n+\n+\t\t/* If user provided SPI only get telemetry for that SA */\n+\t\tif (user_specified_spi && (sa_spi != sa->spi))\n+\t\t\tcontinue;\n+\n+\t\t/* allocate telemetry data struct for SA telemetry */\n+\t\tsa_data = rte_tel_data_alloc();\n+\t\tif (!sa_data)\n+\t\t\treturn -ENOMEM;\n+\n+\t\trte_tel_data_start_dict(sa_data);\n+\n+\t\t/* add telemetry key/values pairs */\n+\t\trte_tel_data_add_dict_u64(sa_data, name_pkt_cnt,\n+\t\t\t\t\tsa->statistics.count);\n+\n+\t\trte_tel_data_add_dict_u64(sa_data, name_byte_cnt,\n+\t\t\t\t\tsa->statistics.bytes);\n+\n+\t\trte_tel_data_add_dict_u64(sa_data, name_error_cnt,\n+\t\t\t\t\tsa->statistics.errors.count);\n+\n+\t\t/* generate telemetry label */\n+\t\tsnprintf(sa_name, sizeof(sa_name), \"SA_SPI_%i\", htonl(sa->spi));\n+\n+\t\t/* add SA telemetry to dictionary container */\n+\t\trte_tel_data_add_dict_container(data, sa_name, sa_data, 0);\n+\t}\n+\n+\treturn 0;\n+}\n+\n+static int\n+handle_telemetry_cmd_ipsec_sa_configuration(const char *cmd __rte_unused,\n+\t\tconst char *params,\n+\t\tstruct rte_tel_data *data)\n+{\n+\tstruct rte_ipsec_telemetry *telemetry = &rte_ipsec_telemetry_instance;\n+\tstruct rte_ipsec_sa *sa;\n+\tuint32_t sa_spi;\n+\n+\tif (params)\n+\t\tsa_spi = htonl((uint32_t)atoi(params));\n+\telse\n+\t\treturn -EINVAL;\n+\n+\trte_tel_data_start_dict(data);\n+\n+\tLIST_FOREACH(sa, &telemetry->sa_list_head, telemetry_next) {\n+\t\tuint64_t mode;\n+\n+\t\tif (sa_spi != sa->spi)\n+\t\t\tcontinue;\n+\n+\t\t/* add SA configuration key/values pairs */\n+\t\trte_tel_data_add_dict_string(data, \"Type\",\n+\t\t\t(sa->type & RTE_IPSEC_SATP_PROTO_MASK) ==\n+\t\t\tRTE_IPSEC_SATP_PROTO_AH ? \"AH\" : \"ESP\");\n+\n+\t\trte_tel_data_add_dict_string(data, \"Direction\",\n+\t\t\t(sa->type & RTE_IPSEC_SATP_DIR_MASK) ==\n+\t\t\tRTE_IPSEC_SATP_DIR_IB ?\t\"Inbound\" : \"Outbound\");\n+\n+\t\tmode = sa->type & RTE_IPSEC_SATP_MODE_MASK;\n+\n+\t\tif (mode == RTE_IPSEC_SATP_MODE_TRANS) {\n+\t\t\trte_tel_data_add_dict_string(data, \"Mode\", \"Transport\");\n+\t\t} else {\n+\t\t\trte_tel_data_add_dict_string(data, \"Mode\", \"Tunnel\");\n+\n+\t\t\tif ((sa->type & RTE_IPSEC_SATP_NATT_MASK) ==\n+\t\t\t\tRTE_IPSEC_SATP_NATT_ENABLE) {\n+\t\t\t\tif (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) {\n+\t\t\t\t\trte_tel_data_add_dict_string(data,\n+\t\t\t\t\t\t\"Tunnel-Type\",\n+\t\t\t\t\t\t\"IPv4-UDP\");\n+\t\t\t\t} else if (sa->type &\n+\t\t\t\t\t\tRTE_IPSEC_SATP_MODE_TUNLV6) {\n+\t\t\t\t\trte_tel_data_add_dict_string(data,\n+\t\t\t\t\t\t\"Tunnel-Type\",\n+\t\t\t\t\t\t\"IPv4-UDP\");\n+\t\t\t\t}\n+\t\t\t} else {\n+\t\t\t\tif (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) {\n+\t\t\t\t\trte_tel_data_add_dict_string(data,\n+\t\t\t\t\t\t\"Tunnel-Type\",\n+\t\t\t\t\t\t\"IPv4-UDP\");\n+\t\t\t\t} else if (sa->type &\n+\t\t\t\t\t\tRTE_IPSEC_SATP_MODE_TUNLV6) {\n+\t\t\t\t\trte_tel_data_add_dict_string(data,\n+\t\t\t\t\t\t\"Tunnel-Type\",\n+\t\t\t\t\t\t\"IPv4-UDP\");\n+\t\t\t\t}\n+\t\t\t}\n+\t\t}\n+\n+\t\trte_tel_data_add_dict_string(data,\n+\t\t\t\t\"extended-sequence-number\",\n+\t\t\t\t(sa->type & RTE_IPSEC_SATP_ESN_MASK) ==\n+\t\t\t\t RTE_IPSEC_SATP_ESN_ENABLE ?\n+\t\t\t\t\"enabled\" : \"disabled\");\n+\n+\t\tif ((sa->type & RTE_IPSEC_SATP_DIR_MASK) ==\n+\t\t\tRTE_IPSEC_SATP_DIR_IB)\n+\n+\t\t\tif (sa->sqn.inb.rsn[sa->sqn.inb.rdidx])\n+\t\t\t\trte_tel_data_add_dict_u64(data,\n+\t\t\t\t\"sequence-number\",\n+\t\t\t\tsa->sqn.inb.rsn[sa->sqn.inb.rdidx]->sqn);\n+\t\t\telse\n+\t\t\t\trte_tel_data_add_dict_u64(data,\n+\t\t\t\t\t\"sequence-number\", 0);\n+\t\telse\n+\t\t\trte_tel_data_add_dict_u64(data, \"sequence-number\",\n+\t\t\t\t\tsa->sqn.outb);\n+\n+\t\trte_tel_data_add_dict_string(data,\n+\t\t\t\t\"explicit-congestion-notification\",\n+\t\t\t\t(sa->type & RTE_IPSEC_SATP_ECN_MASK) ==\n+\t\t\t\tRTE_IPSEC_SATP_ECN_ENABLE ?\n+\t\t\t\t\"enabled\" : \"disabled\");\n+\n+\t\trte_tel_data_add_dict_string(data,\n+\t\t\t\t\"copy-DSCP\",\n+\t\t\t\t(sa->type & RTE_IPSEC_SATP_DSCP_MASK) ==\n+\t\t\t\tRTE_IPSEC_SATP_DSCP_ENABLE ?\n+\t\t\t\t\"enabled\" : \"disabled\");\n+\n+\t\trte_tel_data_add_dict_string(data, \"TSO\",\n+\t\t\t\tsa->tso.enabled ? \"enabled\" : \"disabled\");\n+\n+\t\tif (sa->tso.enabled)\n+\t\t\trte_tel_data_add_dict_u64(data, \"TSO-MSS\", sa->tso.mss);\n+\n+\t}\n+\n+\treturn 0;\n+}\n+int\n+rte_ipsec_telemetry_init(void)\n+{\n+\tstruct rte_ipsec_telemetry *telemetry = &rte_ipsec_telemetry_instance;\n+\tint rc = 0;\n+\n+\tif (telemetry->initialized)\n+\t\treturn rc;\n+\n+\tLIST_INIT(&telemetry->sa_list_head);\n+\n+\trc = rte_telemetry_register_cmd(\"/ipsec/sa/list\",\n+\t\thandle_telemetry_cmd_ipsec_sa_list,\n+\t\t\"Return list of IPsec Security Associations with telemetry enabled.\");\n+\tif (rc)\n+\t\treturn rc;\n+\n+\trc = rte_telemetry_register_cmd(\"/ipsec/sa/stats\",\n+\t\thandle_telemetry_cmd_ipsec_sa_stats,\n+\t\t\"Returns IPsec Security Assoication stastistics. Parameters: int sa_spi\");\n+\tif (rc)\n+\t\treturn rc;\n+\n+\trc = rte_telemetry_register_cmd(\"/ipsec/sa/details\",\n+\t\thandle_telemetry_cmd_ipsec_sa_configuration,\n+\t\t\"Returns IPsec Security Assoication configuration. Parameters: int sa_spi\");\n+\tif (rc)\n+\t\treturn rc;\n+\n+\ttelemetry->initialized = true;\n+\n+\treturn rc;\n+}\n+\n+int\n+rte_ipsec_telemetry_sa_add(struct rte_ipsec_sa *sa)\n+{\n+\tstruct rte_ipsec_telemetry *telemetry = &rte_ipsec_telemetry_instance;\n+\n+\tLIST_INSERT_HEAD(&telemetry->sa_list_head, sa, telemetry_next);\n+\n+\treturn 0;\n+}\n \n int\n rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n@@ -644,19 +888,24 @@ uint16_t\n pkt_flag_process(const struct rte_ipsec_session *ss,\n \t\tstruct rte_mbuf *mb[], uint16_t num)\n {\n-\tuint32_t i, k;\n+\tuint32_t i, k, bytes = 0;\n \tuint32_t dr[num];\n \n \tRTE_SET_USED(ss);\n \n \tk = 0;\n \tfor (i = 0; i != num; i++) {\n-\t\tif ((mb[i]->ol_flags & PKT_RX_SEC_OFFLOAD_FAILED) == 0)\n+\t\tif ((mb[i]->ol_flags & PKT_RX_SEC_OFFLOAD_FAILED) == 0) {\n \t\t\tk++;\n+\t\t\tbytes += mb[i]->data_len;\n+\t\t}\n \t\telse\n \t\t\tdr[i - k] = i;\n \t}\n \n+\tss->sa->statistics.count += k;\n+\tss->sa->statistics.bytes += bytes - (ss->sa->hdr_len * k);\n+\n \t/* handle unprocessed mbufs */\n \tif (k != num) {\n \t\trte_errno = EBADMSG;\ndiff --git a/lib/ipsec/sa.h b/lib/ipsec/sa.h\nindex 3f38921eb3..b9b7ebec5b 100644\n--- a/lib/ipsec/sa.h\n+++ b/lib/ipsec/sa.h\n@@ -122,9 +122,30 @@ struct rte_ipsec_sa {\n \t\tuint16_t mss;\n \t} tso;\n \n+\tLIST_ENTRY(rte_ipsec_sa) telemetry_next;\n+\t/**< list entry for telemetry enabled SA */\n+\n+\n+\tRTE_MARKER cachealign_statistics __rte_cache_min_aligned;\n+\n+\t/* Statistics */\n+\tstruct {\n+\t\tuint64_t count;\n+\t\tuint64_t bytes;\n+\n+\t\tstruct {\n+\t\t\tuint64_t count;\n+\t\t\tuint64_t authentication_failed;\n+\t\t} errors;\n+\t} statistics;\n+\n+\tRTE_MARKER cachealign_tunnel_header __rte_cache_min_aligned;\n+\n \t/* template for tunnel header */\n \tuint8_t hdr[IPSEC_MAX_HDR_SIZE];\n \n+\n+\tRTE_MARKER cachealign_tunnel_seq_num_replay_win __rte_cache_min_aligned;\n \t/*\n \t * sqn and replay window\n \t * In case of SA handled by multiple threads *sqn* cacheline\ndiff --git a/lib/ipsec/version.map b/lib/ipsec/version.map\nindex ad3e38b7c8..c181c1fb04 100644\n--- a/lib/ipsec/version.map\n+++ b/lib/ipsec/version.map\n@@ -19,3 +19,11 @@ DPDK_21 {\n \n \tlocal: *;\n };\n+\n+EXPERIMENTAL {\n+\tglobal:\n+\n+\trte_ipsec_telemetry_init;\n+\trte_ipsec_telemetry_sa_add;\n+\n+};\n", "prefixes": [ "RFC", "08/10" ] }