From mboxrd@z Thu Jan  1 00:00:00 1970
From: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Subject: [PATCH v5 2/3] examples/ipsec-secgw: add target queues
	in flow actions
Date: Mon, 18 Dec 2017 11:24:36 +0100
Message-ID: <16eb9d91cde0655713228efb9519d15d1ea7f1f8.1513592582.git.nelio.laranjeiro@6wind.com>
References: <1838395b74a2f9e63e0c3d32fee0356f915cf88d.1513592582.git.nelio.laranjeiro@6wind.com>
Cc: dev@dpdk.org
To: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>,
 Radu Nicolau <radu.nicolau@intel.com>,
 Anoob Joseph <anoob.joseph@caviumnetworks.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65])
 by dpdk.org (Postfix) with ESMTP id 58817374E
 for <dev@dpdk.org>; Mon, 18 Dec 2017 11:24:56 +0100 (CET)
Received: by mail-wm0-f65.google.com with SMTP id n138so28107897wmg.2
 for <dev@dpdk.org>; Mon, 18 Dec 2017 02:24:56 -0800 (PST)
In-Reply-To: <1838395b74a2f9e63e0c3d32fee0356f915cf88d.1513592582.git.nelio.laranjeiro@6wind.com>
In-Reply-To: <89add3272024fefe644a9e636a476c85d39e398b.1513264386.git.nelio.laranjeiro@6wind.com>
References: <89add3272024fefe644a9e636a476c85d39e398b.1513264386.git.nelio.laranjeiro@6wind.com>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Mellanox INNOVA NIC needs to have final target queue actions to perform
inline crypto.

Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>

---

Changes in v5:

 * Add back default second action.

Changes in v4:

 * remove Egress code.

Changes in v3:

 * removed PASSTHRU test for ingress.
 * removed check on configured queues for the queue action.

Changes in v2:

 * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated.
---
 examples/ipsec-secgw/ipsec.c | 51 ++++++++++++++++++++++++++++++++++++++++++++
 examples/ipsec-secgw/ipsec.h |  2 +-
 2 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 17bd7620d..37a6416ed 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
 							rte_eth_dev_get_sec_ctx(
 							sa->portid);
 			const struct rte_security_capability *sec_cap;
+			int ret = 0;
 
 			sa->sec_session = rte_security_session_create(ctx,
 					&sess_conf, ipsec_ctx->session_pool);
@@ -207,9 +208,59 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
 					RTE_SECURITY_IPSEC_SA_DIR_EGRESS);
 			sa->attr.ingress = (sa->direction ==
 					RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
+			if (sa->attr.ingress) {
+				uint8_t rss_key[40];
+				struct rte_eth_rss_conf rss_conf = {
+					.rss_key = rss_key,
+					.rss_key_len = 40,
+				};
+				struct rte_eth_dev *eth_dev;
+				union {
+					struct rte_flow_action_rss rss;
+					struct {
+					const struct rte_eth_rss_conf *rss_conf;
+					uint16_t num;
+					uint16_t queue[RTE_MAX_QUEUES_PER_PORT];
+					} local;
+				} action_rss;
+				unsigned int i;
+				unsigned int j;
+
+				sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
+				/* Try RSS. */
+				sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
+				sa->action[1].conf = &action_rss;
+				eth_dev = ctx->device;
+				rte_eth_dev_rss_hash_conf_get(sa->portid,
+							      &rss_conf);
+				for (i = 0, j = 0;
+				     i < eth_dev->data->nb_rx_queues; ++i)
+					if (eth_dev->data->rx_queues[i])
+						action_rss.local.queue[j++] = i;
+				action_rss.local.num = j;
+				action_rss.local.rss_conf = &rss_conf;
+				ret = rte_flow_validate(sa->portid, &sa->attr,
+							sa->pattern, sa->action,
+							&err);
+				if (!ret)
+					goto flow_create;
+				/* Try Queue. */
+				sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;
+				sa->action[1].conf =
+					&(struct rte_flow_action_queue){
+					.index = 0,
+				};
+				ret = rte_flow_validate(sa->portid, &sa->attr,
+							sa->pattern, sa->action,
+							&err);
+				if (ret)
+					goto flow_create_failure;
+			}
+flow_create:
 			sa->flow = rte_flow_create(sa->portid,
 				&sa->attr, sa->pattern, sa->action, &err);
 			if (sa->flow == NULL) {
+flow_create_failure:
 				RTE_LOG(ERR, IPSEC,
 					"Failed to create ipsec flow msg: %s\n",
 					err.message);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 775b316ff..3c367d392 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -133,7 +133,7 @@ struct ipsec_sa {
 	uint32_t ol_flags;
 
 #define MAX_RTE_FLOW_PATTERN (4)
-#define MAX_RTE_FLOW_ACTIONS (2)
+#define MAX_RTE_FLOW_ACTIONS (3)
 	struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN];
 	struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS];
 	struct rte_flow_attr attr;
-- 
2.11.0