From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Subject: Re: [PATCH v5 2/3] examples/ipsec-secgw: add target
 queues in flow actions
Date: Tue, 19 Dec 2017 11:52:42 +0530
Message-ID: <ddc35801-fa86-adad-5f99-956d5668fb92@caviumnetworks.com>
References: <89add3272024fefe644a9e636a476c85d39e398b.1513264386.git.nelio.laranjeiro@6wind.com>
 <16eb9d91cde0655713228efb9519d15d1ea7f1f8.1513592582.git.nelio.laranjeiro@6wind.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: anoob.joseph@caviumnetworks.com, dev@dpdk.org
To: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>,
 Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>,
 Radu Nicolau <radu.nicolau@intel.com>
Return-path: <dev-bounces@dpdk.org>
Received: from NAM01-BY2-obe.outbound.protection.outlook.com
 (mail-by2nam01on0085.outbound.protection.outlook.com [104.47.34.85])
 by dpdk.org (Postfix) with ESMTP id 610DCE5D
 for <dev@dpdk.org>; Tue, 19 Dec 2017 07:22:52 +0100 (CET)
In-Reply-To: <16eb9d91cde0655713228efb9519d15d1ea7f1f8.1513592582.git.nelio.laranjeiro@6wind.com>
Content-Language: en-US
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>



On 12/18/2017 03:54 PM, Nelio Laranjeiro wrote:
> Mellanox INNOVA NIC needs to have final target queue actions to perform
> inline crypto.
>
> Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
>
> ---
>
> Changes in v5:
>
>   * Add back default second action.
>
> Changes in v4:
>
>   * remove Egress code.
>
> Changes in v3:
>
>   * removed PASSTHRU test for ingress.
>   * removed check on configured queues for the queue action.
>
> Changes in v2:
>
>   * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated.
> ---
>   examples/ipsec-secgw/ipsec.c | 51 ++++++++++++++++++++++++++++++++++++++++++++
>   examples/ipsec-secgw/ipsec.h |  2 +-
>   2 files changed, 52 insertions(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 17bd7620d..37a6416ed 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
>   							rte_eth_dev_get_sec_ctx(
>   							sa->portid);
>   			const struct rte_security_capability *sec_cap;
> +			int ret = 0;
>   
>   			sa->sec_session = rte_security_session_create(ctx,
>   					&sess_conf, ipsec_ctx->session_pool);
> @@ -207,9 +208,59 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
>   					RTE_SECURITY_IPSEC_SA_DIR_EGRESS);
>   			sa->attr.ingress = (sa->direction ==
>   					RTE_SECURITY_IPSEC_SA_DIR_INGRESS);
> +			if (sa->attr.ingress) {
> +				uint8_t rss_key[40];
> +				struct rte_eth_rss_conf rss_conf = {
> +					.rss_key = rss_key,
> +					.rss_key_len = 40,
> +				};
> +				struct rte_eth_dev *eth_dev;
> +				union {
> +					struct rte_flow_action_rss rss;
> +					struct {
> +					const struct rte_eth_rss_conf *rss_conf;
> +					uint16_t num;
> +					uint16_t queue[RTE_MAX_QUEUES_PER_PORT];
> +					} local;
> +				} action_rss;
> +				unsigned int i;
> +				unsigned int j;
> +
> +				sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
> +				/* Try RSS. */
> +				sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
> +				sa->action[1].conf = &action_rss;
> +				eth_dev = ctx->device;
> +				rte_eth_dev_rss_hash_conf_get(sa->portid,
> +							      &rss_conf);
> +				for (i = 0, j = 0;
> +				     i < eth_dev->data->nb_rx_queues; ++i)
> +					if (eth_dev->data->rx_queues[i])
> +						action_rss.local.queue[j++] = i;
> +				action_rss.local.num = j;
> +				action_rss.local.rss_conf = &rss_conf;
> +				ret = rte_flow_validate(sa->portid, &sa->attr,
> +							sa->pattern, sa->action,
> +							&err);
> +				if (!ret)
> +					goto flow_create;
> +				/* Try Queue. */
> +				sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;
> +				sa->action[1].conf =
> +					&(struct rte_flow_action_queue){
> +					.index = 0,
> +				};
> +				ret = rte_flow_validate(sa->portid, &sa->attr,
> +							sa->pattern, sa->action,
> +							&err);
> +				if (ret)
> +					goto flow_create_failure;
> +			}
> +flow_create:
>   			sa->flow = rte_flow_create(sa->portid,
>   				&sa->attr, sa->pattern, sa->action, &err);
>   			if (sa->flow == NULL) {
> +flow_create_failure:
>   				RTE_LOG(ERR, IPSEC,
>   					"Failed to create ipsec flow msg: %s\n",
>   					err.message);
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 775b316ff..3c367d392 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -133,7 +133,7 @@ struct ipsec_sa {
>   	uint32_t ol_flags;
>   
>   #define MAX_RTE_FLOW_PATTERN (4)
> -#define MAX_RTE_FLOW_ACTIONS (2)
> +#define MAX_RTE_FLOW_ACTIONS (3)
>   	struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN];
>   	struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS];
>   	struct rte_flow_attr attr;