diff mbox

[dpdk-dev,v5,2/3] examples/ipsec-secgw: add target queues in flow actions

Message ID 16eb9d91cde0655713228efb9519d15d1ea7f1f8.1513592582.git.nelio.laranjeiro@6wind.com (mailing list archive)
State Accepted, archived
Delegated to: Pablo de Lara Guarch
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Nélio Laranjeiro Dec. 18, 2017, 10:24 a.m. UTC 
  Mellanox INNOVA NIC needs to have final target queue actions to perform
inline crypto.

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>

---

Changes in v5:

 * Add back default second action.

Changes in v4:

 * remove Egress code.

Changes in v3:

 * removed PASSTHRU test for ingress.
 * removed check on configured queues for the queue action.

Changes in v2:

 * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated.
---
 examples/ipsec-secgw/ipsec.c | 51 ++++++++++++++++++++++++++++++++++++++++++++
 examples/ipsec-secgw/ipsec.h |  2 +-
 2 files changed, 52 insertions(+), 1 deletion(-)

Comments

Anoob Joseph Dec. 19, 2017, 6:22 a.m. UTC | #1 
On 12/18/2017 03:54 PM, Nelio Laranjeiro wrote:
> Mellanox INNOVA NIC needs to have final target queue actions to perform
> inline crypto.
>
> Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
>
> ---
>
> Changes in v5:
>
>   * Add back default second action.
>
> Changes in v4:
>
>   * remove Egress code.
>
> Changes in v3:
>
>   * removed PASSTHRU test for ingress.
>   * removed check on configured queues for the queue action.
>
> Changes in v2:
>
>   * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated.
> ---
>   examples/ipsec-secgw/ipsec.c | 51 ++++++++++++++++++++++++++++++++++++++++++++
>   examples/ipsec-secgw/ipsec.h |  2 +-
>   2 files changed, 52 insertions(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 17bd7620d..37a6416ed 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
>   							rte_eth_dev_get_sec_ctx(
>   							sa->portid);
>   			const struct rte_security_capability *sec_cap;
> +			int ret = 0;
>   
>   			sa->sec_session = rte_security_session_create(ctx,
>   					&sess_conf, ipsec_ctx->session_pool);
> @@ -207,9 +208,59 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
>   					RTE_SECURITY_IPSEC_SA_DIR_EGRESS);
>   			sa->attr.ingress = (sa->direction ==
>   					RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
> +			if (sa->attr.ingress) {
> +				uint8_t rss_key[40];
> +				struct rte_eth_rss_conf rss_conf = {
> +					.rss_key = rss_key,
> +					.rss_key_len = 40,
> +				};
> +				struct rte_eth_dev *eth_dev;
> +				union {
> +					struct rte_flow_action_rss rss;
> +					struct {
> +					const struct rte_eth_rss_conf *rss_conf;
> +					uint16_t num;
> +					uint16_t queue[RTE_MAX_QUEUES_PER_PORT];
> +					} local;
> +				} action_rss;
> +				unsigned int i;
> +				unsigned int j;
> +
> +				sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
> +				/* Try RSS. */
> +				sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
> +				sa->action[1].conf = &action_rss;
> +				eth_dev = ctx->device;
> +				rte_eth_dev_rss_hash_conf_get(sa->portid,
> +							      &rss_conf);
> +				for (i = 0, j = 0;
> +				     i < eth_dev->data->nb_rx_queues; ++i)
> +					if (eth_dev->data->rx_queues[i])
> +						action_rss.local.queue[j++] = i;
> +				action_rss.local.num = j;
> +				action_rss.local.rss_conf = &rss_conf;
> +				ret = rte_flow_validate(sa->portid, &sa->attr,
> +							sa->pattern, sa->action,
> +							&err);
> +				if (!ret)
> +					goto flow_create;
> +				/* Try Queue. */
> +				sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;
> +				sa->action[1].conf =
> +					&(struct rte_flow_action_queue){
> +					.index = 0,
> +				};
> +				ret = rte_flow_validate(sa->portid, &sa->attr,
> +							sa->pattern, sa->action,
> +							&err);
> +				if (ret)
> +					goto flow_create_failure;
> +			}
> +flow_create:
>   			sa->flow = rte_flow_create(sa->portid,
>   				&sa->attr, sa->pattern, sa->action, &err);
>   			if (sa->flow == NULL) {
> +flow_create_failure:
>   				RTE_LOG(ERR, IPSEC,
>   					"Failed to create ipsec flow msg: %s\n",
>   					err.message);
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 775b316ff..3c367d392 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -133,7 +133,7 @@ struct ipsec_sa {
>   	uint32_t ol_flags;
>   
>   #define MAX_RTE_FLOW_PATTERN (4)
> -#define MAX_RTE_FLOW_ACTIONS (2)
> +#define MAX_RTE_FLOW_ACTIONS (3)
>   	struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN];
>   	struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS];
>   	struct rte_flow_attr attr;
diff mbox

Patch

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 17bd7620d..37a6416ed 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -142,6 +142,7 @@  create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
 							rte_eth_dev_get_sec_ctx(
 							sa->portid);
 			const struct rte_security_capability *sec_cap;
+			int ret = 0;
 
 			sa->sec_session = rte_security_session_create(ctx,
 					&sess_conf, ipsec_ctx->session_pool);
@@ -207,9 +208,59 @@  create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
 					RTE_SECURITY_IPSEC_SA_DIR_EGRESS);
 			sa->attr.ingress = (sa->direction ==
 					RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
+			if (sa->attr.ingress) {
+				uint8_t rss_key[40];
+				struct rte_eth_rss_conf rss_conf = {
+					.rss_key = rss_key,
+					.rss_key_len = 40,
+				};
+				struct rte_eth_dev *eth_dev;
+				union {
+					struct rte_flow_action_rss rss;
+					struct {
+					const struct rte_eth_rss_conf *rss_conf;
+					uint16_t num;
+					uint16_t queue[RTE_MAX_QUEUES_PER_PORT];
+					} local;
+				} action_rss;
+				unsigned int i;
+				unsigned int j;
+
+				sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
+				/* Try RSS. */
+				sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
+				sa->action[1].conf = &action_rss;
+				eth_dev = ctx->device;
+				rte_eth_dev_rss_hash_conf_get(sa->portid,
+							      &rss_conf);
+				for (i = 0, j = 0;
+				     i < eth_dev->data->nb_rx_queues; ++i)
+					if (eth_dev->data->rx_queues[i])
+						action_rss.local.queue[j++] = i;
+				action_rss.local.num = j;
+				action_rss.local.rss_conf = &rss_conf;
+				ret = rte_flow_validate(sa->portid, &sa->attr,
+							sa->pattern, sa->action,
+							&err);
+				if (!ret)
+					goto flow_create;
+				/* Try Queue. */
+				sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;
+				sa->action[1].conf =
+					&(struct rte_flow_action_queue){
+					.index = 0,
+				};
+				ret = rte_flow_validate(sa->portid, &sa->attr,
+							sa->pattern, sa->action,
+							&err);
+				if (ret)
+					goto flow_create_failure;
+			}
+flow_create:
 			sa->flow = rte_flow_create(sa->portid,
 				&sa->attr, sa->pattern, sa->action, &err);
 			if (sa->flow == NULL) {
+flow_create_failure:
 				RTE_LOG(ERR, IPSEC,
 					"Failed to create ipsec flow msg: %s\n",
 					err.message);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 775b316ff..3c367d392 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -133,7 +133,7 @@  struct ipsec_sa {
 	uint32_t ol_flags;
 
 #define MAX_RTE_FLOW_PATTERN (4)
-#define MAX_RTE_FLOW_ACTIONS (2)
+#define MAX_RTE_FLOW_ACTIONS (3)
 	struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN];
 	struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS];
 	struct rte_flow_attr attr;