From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Peng, Yuan" Subject: Re: [PATCH v5 0/8] Add MACsec offload support for ixgbe Date: Wed, 4 Jan 2017 08:29:39 +0000 Message-ID: <67D543A150B29E4CAAE53918F64EDAEA369A9B26@shsmsx102.ccr.corp.intel.com> References: <1482939691-34855-1-git-send-email-tiwei.bie@intel.com> <1483514502-32841-1-git-send-email-tiwei.bie@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Cc: "adrien.mazarguil@6wind.com" , "Lu, Wenzhuo" , "Mcnamara, John" , "olivier.matz@6wind.com" , "thomas.monjalon@6wind.com" , "Ananyev, Konstantin" , "Zhang, Helin" , "Dai, Wei" , "Wang, Xiao W" To: "Bie, Tiwei" , "dev@dpdk.org" Return-path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 987A1F92D for ; Wed, 4 Jan 2017 09:29:58 +0100 (CET) In-Reply-To: <1483514502-32841-1-git-send-email-tiwei.bie@intel.com> Content-Language: en-US List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Tested-by: Peng Yuan - Tested Branch: master - Tested Commit: eac901ce29be559b1bb5c5da33fe2bf5c0b4bfd6 - OS: Fedora24 4.5.5-300.fc24.x86_64 - GCC: gcc version 5.3.1 20151207 - CPU: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz - NIC: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection [80= 86:10fb]=20 - Default x86_64-native-linuxapp-gcc configuration - Total 5 cases, 5 passed, 0 failed - Prerequisites: 1x Niantic NIC (2x 10G) 2x IXIA ports (10G) - Added commands: testpmd>set macsec offload (port_id) on encrypt (on|off) replay-protect (= on|off) " Enable MACsec offload. " testpmd>set macsec offload (port_id) off " Disable MACsec offload. " testpmd>set macsec sc (tx|rx) (port_id) (mac) (pi) " Configure MACsec secure connection (SC). " testpmd>set macsec sa (tx|rx) (port_id) (idx) (an) (pn) (key) " Configure MACsec secure association (SA). " - Test Case 1: MACsec packets send and receive =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1. bind two ports to dpdk driver:: ./tools/dpdk-devbind.py -b igb_uio 07:00.0 07:00.1 2. config the rx port 1). start the testpmd of rx port:: ./testpmd -c 0xc --socket-mem 1024,1024 --file-prefix=3Drx -w 0000:07:00.1= \ -- --port-topology=3Dchained -i --crc-strip 2). set MACsec offload on:: testpmd>set macsec offload 0 on encrypt on replay-protect on 3). set MACsec parameters as rx_port:: testpmd>set macsec sc rx 0 00:00:00:00:00:01 0 testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000 4). set MACsec parameters as tx_port:: testpmd>set macsec sc tx 0 00:00:00:00:00:02 0 testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000 5). set rxonly:: testpmd>set fwd rxonly 6). start:: testpmd>set promisc all on testpmd>start 3. config the tx port 1). start the testpmd of tx port:: ./testpmd -c 0x30 --socket-mem 1024,1024 --file-prefix=3Dtx -w 0000:07:00.= 0 \ -- --port-topology=3Dchained -i --crc-strip --txqflags=3D0x0 2). set MACsec offload on:: testpmd>set macsec offload 0 on encrypt on replay-protect on 3). set MACsec parameters as tx_port:: testpmd>set macsec sc tx 0 00:00:00:00:00:01 0 testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000 4). set MACsec parameters as rx_port:: testpmd>set macsec sc rx 0 00:00:00:00:00:02 0 testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000 5). set txonly:: testpmd>set fwd txonly 6). start:: testpmd>start 4. check the result:: testpmd>stop testpmd>show port xstats 0 stop the packet transmiting on tx_port first, then stop the packet receivin= g on rx_port. check the rx data and tx data: tx_good_packets =3D=3D rx_good_packets out_pkts_encrypted =3D=3D in_pkts_ok =3D=3D tx_good_packets =3D=3D rx_good_= packets out_octets_encrypted =3D=3D in_octets_decrypted out_octets_protected =3D=3D in_octets_validated if you want to check the content of the packet, use the command:: testpmd>set verbose 1 the received packets are Decrypted. check the ol_flags:PKT_RX_IP_CKSUM_GOOD check the content of the packet: type=3D0x0800, the ptype of L2,L3,L4: L2_ETHER L3_IPV4 L4_UDP Test Case 2: MACsec packets send and normal receive =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D 1. disable MACsec offload on rx port:: testpmd>set macsec offload 0 off 2. start the the packets transfer 3. check the result:: testpmd>stop testpmd>show port xstats 0 stop the testpmd on tx_port first, then stop the testpmd on rx_port. the received packets are encrypted. check the content of the packet: type=3D0x88e5 sw ptype: L2_ETHER - l2_len=3D14 - Receive queue=3D0x0 you can't find L3 and L4 infomation in the packet in_octets_decrypted and in_octets_validated doesn't increase on last data transfer. Test Case 3: normal packet send and MACsec receive =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1. enable MACsec offload on rx port:: testpmd>set macsec offload 0 on encrypt on replay-protect on 2. disable MACsec offload on tx port:: testpmd>set macsec offload 0 off 3. start the the packets transfer 4. check the result:: testpmd>stop testpmd>show port xstats 0 stop the testpmd on tx_port first, then stop the testpmd on rx_port. the received packets are not encrypted. check the content of the packet: type=3D0x0800, the ptype of L2,L3,L4: L2_ETHER L3_IPV4 L4_UDP in_octets_decrypted and out_pkts_encrypted doesn't increase on last data transfer. Test Case 4: MACsec send and receive with wrong parameters =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D 1. don't add "--txqflags=3D0x0" in the tx_port command line. the MACsec offload can't work. the tx packets are normal packets. 2. set different pn on rx and tx port, then start the data transfer. 1) set the parameters as test case 1, start and stop the data transfer. check the result, rx port can receive and decrypt the packets normally. 2) reset the pn of tx port to 0:: testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000 rx port can receive the packets until the pn equals the pn of tx port:: out_pkts_encrypted =3D in_pkts_late + in_pkts_ok 2. set different keys on rx and tx port, then start the data transfer:: the RX-packets=3D0, in_octets_decrypted =3D=3D out_octets_encrypted, in_pkts_notvalid =3D=3D out_pkts_encrypted, in_pkts_ok=3D0, rx_good_packets=3D0 3. set different pi on rx and tx port(reset on rx_port), then start the dat= a transfer:: in_octets_decrypted =3D=3D out_octets_encrypted, in_pkts_ok =3D 0, in_pkts_nosci =3D=3D out_pkts_encrypted 4. set different an on rx and tx port, then start the data transfer:: rx_good_packets=3D0, in_octets_decrypted =3D=3D out_octets_encrypted, in_pkts_notusingsa =3D=3D out_pkts_encrypted, in_pkts_ok=3D0, rx_good_packets=3D0 5. set different index on rx and tx port, then start the data transfer:: in_octets_decrypted =3D=3D out_octets_encrypted, in_pkts_ok =3D=3D out_pkts_encrypted Test Case 5: performance test of MACsec offload packets =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D 1. tx linerate port0 connected to IXIA port5, port1 connected to IXIA port6, set port0 MACsec offload on, set fwd mac. on IXIA side, start IXIA port6 transmit, start the IXIA capture. view the IXIA port5 captrued packet, the protocol is MACsec, the EtherTy= pe is 0x88E5, and the packet length is 96bytes, more than the normal packet 32 bytes. The valid frames received rate is 10.78Mpps, and the %linerate is 100%. 2. rx linerate there are three ports 05:00.0 07:00.0 07:00.1. connect 07:00.0 to 07:00.= 1 with cable, connect 05:00.0 to IXIA. bind the three ports to dpdk driver= . start two testpmd:: ./testpmd -c 0x3 --socket-mem 1024,1024 --file-prefix=3Drx -w 0000:07:0= 0.1 \ -- --port-topology=3Dchained -i --crc-strip --txqflags=3D0x0 testpmd>set macsec offload 0 on encrypt on replay-protect on testpmd>set macsec sc rx 0 00:00:00:00:00:01 0 testpmd>set macsec sa rx 0 0 0 0 00112200000000000000000000000000 testpmd>set macsec sc tx 0 00:00:00:00:00:02 0 testpmd>set macsec sa tx 0 0 0 0 00112200000000000000000000000000 testpmd>set fwd rxonly ./testpmd -c 0xc --socket-mem 1024,1024 --file-prefix=3Dtx -b 0000:07:0= 0.1 \ -- --port-topology=3Dchained -i --crc-strip --txqflags=3D0x0 testpmd>set macsec offload 1 on encrypt on replay-protect on testpmd>set macsec sc rx 1 00:00:00:00:00:02 0 testpmd>set macsec sa rx 1 0 0 0 00112200000000000000000000000000 testpmd>set macsec sc tx 1 00:00:00:00:00:01 0 testpmd>set macsec sa tx 1 0 0 0 00112200000000000000000000000000 testpmd>set fwd mac start on both two testpmd. start data transmit from IXIA port, the frame size is 64bytes, the Ethertype is 0x0800. the rate is 14.88Mpps. check the linerate on rxonly port:: testpmd>show port stats 0 It shows "Rx-pps: 10775697", so the rx %linerate is 100%. check the MACsec packets number on tx side:: testpmd>show port xstats 1 on rx side:: testpmd>show port xstats 0 in_pkts_ok =3D=3D out_pkts_encrypted -----Original Message----- From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Tiwei Bie Sent: Wednesday, January 4, 2017 3:22 PM To: dev@dpdk.org Cc: adrien.mazarguil@6wind.com; Lu, Wenzhuo ; Mcnamar= a, John ; olivier.matz@6wind.com; thomas.monjalon@= 6wind.com; Ananyev, Konstantin ; Zhang, Helin= ; Dai, Wei ; Wang, Xiao W Subject: [dpdk-dev] [PATCH v5 0/8] Add MACsec offload support for ixgbe This patch set adds the MACsec offload support for ixgbe. The testpmd is also updated to support MACsec cmds. v2: - Update the documents for testpmd; - Update the release notes; - Reuse the functions provided by base code; v3: - Add the missing parts of MACsec mbuf flag and reorganize the patch set; - Add an ethdev event type for MACsec; - Advertise the MACsec offload capabilities based on the mac type; - Minor fixes and improvements; v4: - Reserve bits in mbuf and ethdev for PMD specific API; - Use the reserved bits in PMD specific API; v5: - Add MACsec offload in the NIC feature list; - Minor improvements on comments; Tiwei Bie (8): mbuf: reserve a Tx offload flag for PMD-specific API ethdev: reserve an event type for PMD-specific API ethdev: reserve capability flags for PMD-specific API net/ixgbe: add MACsec offload support app/testpmd: add MACsec offload commands doc: add ixgbe specific APIs doc: update the release notes for the reserved flags doc: add MACsec offload into NIC feature list app/test-pmd/cmdline.c | 389 ++++++++++++++++++++++ app/test-pmd/macfwd.c | 7 + app/test-pmd/macswap.c | 7 + app/test-pmd/testpmd.h | 2 + app/test-pmd/txonly.c | 7 + doc/guides/nics/features/default.ini | 1 + doc/guides/nics/features/ixgbe.ini | 1 + doc/guides/rel_notes/release_17_02.rst | 18 ++ doc/guides/testpmd_app_ug/testpmd_funcs.rst | 32 ++ drivers/net/ixgbe/ixgbe_ethdev.c | 481 ++++++++++++++++++++++++= +++- drivers/net/ixgbe/ixgbe_ethdev.h | 45 +++ drivers/net/ixgbe/ixgbe_rxtx.c | 5 + drivers/net/ixgbe/rte_pmd_ixgbe.h | 122 +++++++ drivers/net/ixgbe/rte_pmd_ixgbe_version.map | 11 + lib/librte_ether/rte_ethdev.h | 4 + lib/librte_mbuf/rte_mbuf.c | 2 + lib/librte_mbuf/rte_mbuf.h | 5 + 17 files changed, 1134 insertions(+), 5 deletions(-) --=20 2.7.4