[dpdk-dev] [PATCH v3] examples/ipsec-secgw: fix pointer to local outside scope
Coverity issue: 137871
Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")
Signed-off-by: Fan Zhang
---
examples/ipsec-secgw/parser.c | 116 +++---
1 file changed, 52 insertions(+), 64 deletions(-)
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index 598f435..c5f2508 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -487,8 +487,7 @@ parse_cfg_file(const char *cfg_filename)
struct parse_status status = {0};
if (f == NULL) {
- rte_panic("Error: invalid file descriptor %s\n",
- cfg_filename);
+ rte_panic("Error: invalid file descriptor %s\n", cfg_filename);
goto error_exit;
}
@@ -503,86 +502,75 @@ parse_cfg_file(const char *cfg_filename)
do {
char oneline[1024];
-
+ char *pos;
get_s = fgets(oneline, 1024, f);
- if (get_s) {
- char *pos;
- line_num++;
+ if (!get_s)
+ break;
- if (strlen(oneline) > 1022) {
- rte_panic("%s:%u: error: the line "
- "contains more characters the "
- "parser can handle\n",
- cfg_filename, line_num);
- goto error_exit;
- }
+ line_num++;
- /* process comment char '#' */
- if (oneline[0] == '#')
- continue;
+ if (strlen(oneline) > 1022) {
+ rte_panic("%s:%u: error: the line contains more
characters the parser can handle\n",
+ cfg_filename, line_num);
+ goto error_exit;
+ }
- pos = strchr(oneline, '#');
- if (pos != NULL)
- *pos = '\0';
-
- /* process line concatenator '\' */
- pos = strchr(oneline, 92);
- if (pos != NULL) {
- if (pos != oneline+strlen(oneline) - 2) {
- rte_panic("%s:%u: error: no "
- "character should exist "
- "after '\\' symbol\n",
- cfg_filename, line_num);
- goto error_exit;
- }
-
- *pos = '\0';
-
- if (strlen(oneline) + strlen(str) > 1022) {
- rte_panic("%s:%u: error: the "
- "concatenated line "
- "contains more characters "
- "the parser can handle\n",
- cfg_filename, line_num);
- goto error_exit;
- }
-
- strncpy(str + strlen(str), oneline,
- strlen(oneline));
+ /* process comment char '#' */
+ if (oneline[0] == '#')
+ continue;
- continue;
+ pos = strchr(oneline, '#');
+ if (pos != NULL)
+ *pos = '\0';
+
+ /* process line concatenator '\' */
+ pos = strchr(oneline, 92);
+ if (pos != NULL) {
+ if (pos != oneline+strlen(oneline) - 2) {
+ rte_panic("%s:%u: error: no character should
exist after '\\'\n",
+ cfg_filename, line_num);
+ goto error_exit;
}
- /* copy the line to str and process */
+ *pos = '\0';
+
if (strlen(oneline) + strlen(str) > 1022) {
- rte_panic("%s:%u: error: the line "
- "contains more characters the "
- "parser can handle\n",
+ rte_panic("%s:%u: error: the concatenated line
contains more characters the parser can handle\n",
cfg_filename, line_num);
[dpdk-dev] [PATCH v2] examples/ipsec-secgw: fix pointer to local outside scope
Coverity issue: 137871
Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")
Signed-off-by: Fan Zhang
---
examples/ipsec-secgw/parser.c | 120 --
1 file changed, 58 insertions(+), 62 deletions(-)
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index ede08d8..f1afdb7 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -503,86 +503,82 @@ parse_cfg_file(const char *cfg_filename)
do {
char oneline[1024];
-
+ char *pos;
get_s = fgets(oneline, 1024, f);
- if (get_s) {
- char *pos;
- line_num++;
+ if (!get_s)
+ break;
- if (strlen(oneline) > 1022) {
- rte_panic("%s:%u: error: the line "
- "contains more characters the "
- "parser can handle\n",
- cfg_filename, line_num);
- goto error_exit;
- }
+ line_num++;
- /* process comment char '#' */
- if (oneline[0] == '#')
- continue;
+ if (strlen(oneline) > 1022) {
+ rte_panic("%s:%u: error: the line "
+ "contains more characters the "
+ "parser can handle\n",
+ cfg_filename, line_num);
+ goto error_exit;
+ }
- pos = strchr(oneline, '#');
- if (pos != NULL)
- *pos = '\0';
-
- /* process line concatenator '\' */
- pos = strchr(oneline, 92);
- if (pos != NULL) {
- if (pos != oneline+strlen(oneline) - 2) {
- rte_panic("%s:%u: error: no "
- "character should exist "
- "after '\\' symbol\n",
- cfg_filename, line_num);
- goto error_exit;
- }
-
- *pos = '\0';
-
- if (strlen(oneline) + strlen(str) > 1022) {
- rte_panic("%s:%u: error: the "
- "concatenated line "
- "contains more characters "
- "the parser can handle\n",
- cfg_filename, line_num);
- goto error_exit;
- }
-
- strncpy(str + strlen(str), oneline,
- strlen(oneline));
+ /* process comment char '#' */
+ if (oneline[0] == '#')
+ continue;
- continue;
+ pos = strchr(oneline, '#');
+ if (pos != NULL)
+ *pos = '\0';
+
+ /* process line concatenator '\' */
+ pos = strchr(oneline, 92);
+ if (pos != NULL) {
+ if (pos != oneline+strlen(oneline) - 2) {
+ rte_panic("%s:%u: error: no character "
+ "should exist after '\\'\n",
+ cfg_filename, line_num);
+ goto error_exit;
}
- /* copy the line to str and process */
+ *pos = '\0';
+
if (strlen(oneline) + strlen(str) > 1022) {
- rte_panic("%s:%u: error: the line "
- "contains more characters the "
- "parser can handle\n",
+ rte_panic("%s:%u: error: the "
+ "concatenated line contains more "
+ "characters the parser can "
+ "handle\n",
cfg_filename, line_num);
goto error_exit;
}
+
strncpy(str + strlen(
[dpdk-dev] [PATCH v2] examples/ipsec-secgw: fix copy into fixed size buffer issue
Fixes: 0d547ed0 ("examples/ipsec-secgw: support configuration
file")
Coverity issue: 137875
Signed-off-by: Fan Zhang
---
examples/ipsec-secgw/sa.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 9e2c8a9..8c4406c 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -170,15 +170,18 @@ static uint32_t
parse_key_string(const char *key_str, uint8_t *key)
{
const char *pt_start = key_str, *pt_end = key_str;
- char sub_str[3];
uint32_t nb_bytes = 0;
while (pt_end != NULL) {
+ char sub_str[3] = {0};
+
pt_end = strchr(pt_start, ':');
- if (pt_end == NULL)
- strncpy(sub_str, pt_start, strlen(pt_start));
- else {
+ if (pt_end == NULL) {
+ if (strlen(pt_start) > 2)
+ return 0;
+ strncpy(sub_str, pt_start, 2);
+ } else {
if (pt_end - pt_start > 2)
return 0;
--
2.5.5
[dpdk-dev] [PATCH] examples/ipsec-secgw: fix pointer to local outside scope
Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")
Coverity issue: 137871
Signed-off-by: Fan Zhang
---
examples/ipsec-secgw/parser.c | 124 +-
1 file changed, 62 insertions(+), 62 deletions(-)
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index 99bdfc5..45473c7 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -503,86 +503,86 @@ parse_cfg_file(const char *cfg_filename)
do {
char oneline[1024];
-
+ char *pos;
get_s = fgets(oneline, 1024, f);
- if (get_s) {
- char *pos;
- line_num++;
+ if (!get_s)
+ break;
- if (strlen(oneline) > 1022) {
- rte_panic("%s:%u: error: the line "
- "contains more characters the "
- "parser can handle\n",
- cfg_filename, line_num);
- goto error_exit;
- }
+ line_num++;
- /* process comment char '#' */
- if (oneline[0] == '#')
- continue;
+ if (strlen(oneline) > 1022) {
+ rte_panic("%s:%u: error: the line "
+ "contains more characters the "
+ "parser can handle\n",
+ cfg_filename, line_num);
+ goto error_exit;
+ }
- pos = strchr(oneline, '#');
- if (pos != NULL)
- *pos = '\0';
-
- /* process line concatenator '\' */
- pos = strchr(oneline, 92);
- if (pos != NULL) {
- if (pos != oneline+strlen(oneline) - 2) {
- rte_panic("%s:%u: error: no "
- "character should exist "
- "after '\\' symbol\n",
- cfg_filename, line_num);
- goto error_exit;
- }
-
- *pos = '\0';
-
- if (strlen(oneline) + strlen(str) > 1022) {
- rte_panic("%s:%u: error: the "
- "concatenated line "
- "contains more characters "
- "the parser can handle\n",
- cfg_filename, line_num);
- goto error_exit;
- }
-
- strncpy(str + strlen(str), oneline,
- strlen(oneline));
+ /* process comment char '#' */
+ if (oneline[0] == '#')
+ continue;
- continue;
+ pos = strchr(oneline, '#');
+ if (pos != NULL)
+ *pos = '\0';
+
+ /* process line concatenator '\' */
+ pos = strchr(oneline, 92);
+ if (pos != NULL) {
+ if (pos != oneline+strlen(oneline) - 2) {
+ rte_panic("%s:%u: error: no "
+ "character should exist "
+ "after '\\' symbol\n",
+ cfg_filename, line_num);
+ goto error_exit;
}
- /* copy the line to str and process */
+ *pos = '\0';
+
if (strlen(oneline) + strlen(str) > 1022) {
- rte_panic("%s:%u: error: the line "
- "contains more characters the "
- "parser can handle\n",
+ rte_panic("%s:%u: error: the "
+ "concatenated line "
+ "contains more characters "
+ "the parser can handle\n",
cfg_filename, line_num);
goto error_exit;
}
+
[dpdk-dev] [PATCH] examples/ipsec-secgw: fix copy into fixed size buffer issue
Coverity issue: 137875
Fixes: 0d547ed0 ("examples/ipsec-secgw: support configuration
file")
Signed-off-by: Fan Zhang
---
examples/ipsec-secgw/sa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 9e2c8a9..c891be2 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -177,7 +177,7 @@ parse_key_string(const char *key_str, uint8_t *key)
pt_end = strchr(pt_start, ':');
if (pt_end == NULL)
- strncpy(sub_str, pt_start, strlen(pt_start));
+ strncpy(sub_str, pt_start, strlen(sub_str) - 1);
else {
if (pt_end - pt_start > 2)
return 0;
--
2.5.5
[dpdk-dev] [PATCH] examples/ipsec-secgw: fix buffer not terminated issue
Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")
Coverity issue: 137855
Signed-off-by: Fan Zhang
---
examples/ipsec-secgw/parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index 99bdfc5..ede08d8 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -277,7 +277,7 @@ parse_ipv6_addr(const char *token, struct in6_addr *ipv6,
uint32_t *mask)
if (mask)
*mask = atoi(pch);
} else {
- strncpy(ip_str, token, sizeof(ip_str));
+ strncpy(ip_str, token, sizeof(ip_str) - 1);
if (mask)
*mask = 0;
}
--
2.5.5
[dpdk-dev] [PATCH] examples/ipsec-secgw: fix buffer not null terminated
Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")
Coverity issue: 137854
Signed-off-by: Fan Zhang
---
examples/ipsec-secgw/parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index 99bdfc5..e09a7c0 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -248,7 +248,7 @@ parse_ipv4_addr(const char *token, struct in_addr *ipv4,
uint32_t *mask)
if (mask)
*mask = atoi(pch);
} else {
- strncpy(ip_str, token, sizeof(ip_str));
+ strncpy(ip_str, token, sizeof(ip_str) - 1);
if (mask)
*mask = 0;
}
--
2.5.5
[dpdk-dev] [PATCH v6 2/2] examples/ipsec-secgw: add sample configuration files
This patch adds two sample configuration files to ipsec-secgw sample application. The sample configuration files shows how to set-up systems back-to-back that would forward traffic through an IPsec tunnel. Signed-off-by: Fan Zhang --- examples/ipsec-secgw/ep0.cfg | 160 +++ examples/ipsec-secgw/ep1.cfg | 160 +++ 2 files changed, 320 insertions(+) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg new file mode 100644 index 000..299aa9e --- /dev/null +++ b/examples/ipsec-secgw/ep0.cfg @@ -0,0 +1,160 @@ +### +# IPSEC-SECGW Endpoint sample configuration +# +# The main purpose of this file is to show how to configure two systems +# back-to-back that would forward traffic through an IPsec tunnel. This +# file is the Endpoint 0 configuration. To use this configuration file, +# add the following command-line option: +# +# -f ./ep0.cfg +# +### + +#SP IPv4 rules +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 + +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535 + +#SP IPv6 rules +sp ipv6 out esp protect 5 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 6 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 10 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 11 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 25 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 26 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +sp ipv6 in esp protect 15 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 16 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 110 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 111 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 125 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 126 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +#SA rules +sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 + +sa out 6 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\ +a0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\ +a0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 + +sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1 auth_algo sha1-hmac
[dpdk-dev] [PATCH v6 1/2] examples/ipsec-secgw: add configuration file support
This patch adds the configuration file support to ipsec_secgw sample application. Instead of hard-coded rules, the users can specify their own SP, SA, and routing rules in the configuration file. An command line option "-f" is added to pass the configuration file location to the application. Configuration item formats: SP rule format: sp esp \ SA rule format: sa \ Routing rule format: rt Signed-off-by: Fan Zhang --- doc/guides/sample_app_ug/ipsec_secgw.rst | 845 +-- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ipsec-secgw.c | 58 ++- examples/ipsec-secgw/ipsec.h | 14 +- examples/ipsec-secgw/parser.c| 599 ++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 -- examples/ipsec-secgw/sa.c| 747 +-- examples/ipsec-secgw/sp4.c | 538 examples/ipsec-secgw/sp6.c | 539 +--- 10 files changed, 2393 insertions(+), 1319 deletions(-) create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index fcb33c2..5cce2fe 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -122,7 +122,7 @@ The application has a number of command line options:: -p PORTMASK -P -u PORTMASK --config (port,queue,lcore)[,(port,queue,lcore] --single-sa SAIDX - --ep0|--ep1 +-f CONFIG_FILE_PATH Where: @@ -142,14 +142,11 @@ Where: on both Inbound and Outbound. This option is meant for debugging/performance purposes. -* ``--ep0``: configure the app as Endpoint 0. +* ``-f CONFIG_FILE_PATH``: the full path of text-based file containing all +configuration items for running the application (See Configuration file +syntax section below). ``-f CONFIG_FILE_PATH`` **must** be specified. +**ONLY** the UNIX format configuration file is accepted. -* ``--ep1``: configure the app as Endpoint 1. - -Either one of ``--ep0`` or ``--ep1`` **must** be specified. -The main purpose of these options is to easily configure two systems -back-to-back that would forward traffic through an IPsec tunnel (see -:ref:`figure_ipsec_endpoints`). The mapping of lcores to port/queues is similar to other l3fwd applications. @@ -157,7 +154,8 @@ For example, given the following command line:: ./build/ipsec-secgw -l 20,21 -n 4 --socket-mem 0,2048 \ --vdev "cryptodev_null_pmd" -- -p 0xf -P -u 0x3 \ - --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" --ep0 \ + --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ + -f /path/to/config_file \ where each options means: @@ -194,8 +192,12 @@ where each options means: | | | | | +--+---+---+---+ -* The ``--ep0`` options configures the app with a given set of SP, SA and Routing -entries as explained below in more detail. +* The ``-f /path/to/config_file`` option enables the application read and +parse the configuration file specified, and configures the application +with a given set of SP, SA and Routing entries accordingly. The syntax of +the configuration file will be explained below in more detail. Please +**note** the parser only accepts UNIX format text file. Other formats +such as DOS/MAC format will cause a parse error. Refer to the *DPDK Getting Started Guide* for general information on running applications and the Environment Abstraction Layer (EAL) options. @@ -219,496 +221,357 @@ For example, something like the following command line: --vdev "cryptodev_aesni_mb_pmd" --vdev "cryptodev_null_pmd" \ -- \ -p 0xf -P -u 0x3 --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ ---ep0 +-f sample.cfg Configurations -- -The following sections provide some details on the default values used to -initialize the SP, SA and Routing tables. -Currently all configuration information is hard coded into the application. +The following sections provide the syntax of configurations to initialize +your SP, SA and Routing tables. +Configurations shall be specified in the configuration file to be passed to +the application. The file is then parsed by the application. The successful +parsing will result in the appropriate rules being applied to the tables +accordingly. -The following image illustrate a few of the concept
[dpdk-dev] [PATCH v6 0/2] [PATCH 0/2] examples/ipsec_secgw: add configuration file support
This patchset adds the configuration file supported to ipsec_secgw sample application. Two sample configuration files, ep0.cfg and ep1.cfg are also added to show how to configure two systems back-to-back that would forward traffic through an IPsec tunnel v6 change: - fix SA digest key always 0 error v5 change: - fix missed SA key length checking parsing error - fix SA ip address printing v4 change: - rebase the patchset on top of "examples/ipsec-secgw: fix GCC 4.5.x build error" (http://dpdk.org/dev/patchwork/patch/14895/) - add cipher_key and auth_key configuration options to SA rules - updated documentation for the new options v3 change: - fix 32-bit compilation error v2 changes: - fix configuration file parsing error. - update doc to remove whitespace tailing errors. Fan Zhang (2): examples/ipsec-secgw: add configuration file support examples/ipsec-secgw: add sample configuration files doc/guides/sample_app_ug/ipsec_secgw.rst | 845 +-- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ep0.cfg | 160 ++ examples/ipsec-secgw/ep1.cfg | 160 ++ examples/ipsec-secgw/ipsec-secgw.c | 58 ++- examples/ipsec-secgw/ipsec.h | 14 +- examples/ipsec-secgw/parser.c| 599 ++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 -- examples/ipsec-secgw/sa.c| 747 +-- examples/ipsec-secgw/sp4.c | 538 examples/ipsec-secgw/sp6.c | 539 +--- 12 files changed, 2713 insertions(+), 1319 deletions(-) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h -- 2.5.5
[dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add sample configuration files
This patch adds two sample configuration files to ipsec-secgw sample application. The sample configuration files shows how to set-up systems back-to-back that would forward traffic through an IPsec tunnel. Signed-off-by: Fan Zhang --- examples/ipsec-secgw/ep0.cfg | 160 +++ examples/ipsec-secgw/ep1.cfg | 160 +++ 2 files changed, 320 insertions(+) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg new file mode 100644 index 000..299aa9e --- /dev/null +++ b/examples/ipsec-secgw/ep0.cfg @@ -0,0 +1,160 @@ +### +# IPSEC-SECGW Endpoint sample configuration +# +# The main purpose of this file is to show how to configure two systems +# back-to-back that would forward traffic through an IPsec tunnel. This +# file is the Endpoint 0 configuration. To use this configuration file, +# add the following command-line option: +# +# -f ./ep0.cfg +# +### + +#SP IPv4 rules +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 + +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535 + +#SP IPv6 rules +sp ipv6 out esp protect 5 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 6 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 10 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 11 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 25 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 26 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +sp ipv6 in esp protect 15 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 16 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 110 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 111 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 125 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 126 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +#SA rules +sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 + +sa out 6 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\ +a0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\ +a0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 + +sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1 auth_algo sha1-hmac
[dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: add configuration file support
This patch adds the configuration file support to ipsec_secgw sample application. Instead of hard-coded rules, the users can specify their own SP, SA, and routing rules in the configuration file. An command line option "-f" is added to pass the configuration file location to the application. Configuration item formats: SP rule format: sp esp \ SA rule format: sa \ Routing rule format: rt Signed-off-by: Fan Zhang --- doc/guides/sample_app_ug/ipsec_secgw.rst | 845 +-- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ipsec-secgw.c | 58 ++- examples/ipsec-secgw/ipsec.h | 14 +- examples/ipsec-secgw/parser.c| 599 ++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 -- examples/ipsec-secgw/sa.c| 743 +-- examples/ipsec-secgw/sp4.c | 538 examples/ipsec-secgw/sp6.c | 539 +--- 10 files changed, 2389 insertions(+), 1319 deletions(-) create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index fcb33c2..5cce2fe 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -122,7 +122,7 @@ The application has a number of command line options:: -p PORTMASK -P -u PORTMASK --config (port,queue,lcore)[,(port,queue,lcore] --single-sa SAIDX - --ep0|--ep1 +-f CONFIG_FILE_PATH Where: @@ -142,14 +142,11 @@ Where: on both Inbound and Outbound. This option is meant for debugging/performance purposes. -* ``--ep0``: configure the app as Endpoint 0. +* ``-f CONFIG_FILE_PATH``: the full path of text-based file containing all +configuration items for running the application (See Configuration file +syntax section below). ``-f CONFIG_FILE_PATH`` **must** be specified. +**ONLY** the UNIX format configuration file is accepted. -* ``--ep1``: configure the app as Endpoint 1. - -Either one of ``--ep0`` or ``--ep1`` **must** be specified. -The main purpose of these options is to easily configure two systems -back-to-back that would forward traffic through an IPsec tunnel (see -:ref:`figure_ipsec_endpoints`). The mapping of lcores to port/queues is similar to other l3fwd applications. @@ -157,7 +154,8 @@ For example, given the following command line:: ./build/ipsec-secgw -l 20,21 -n 4 --socket-mem 0,2048 \ --vdev "cryptodev_null_pmd" -- -p 0xf -P -u 0x3 \ - --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" --ep0 \ + --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ + -f /path/to/config_file \ where each options means: @@ -194,8 +192,12 @@ where each options means: | | | | | +--+---+---+---+ -* The ``--ep0`` options configures the app with a given set of SP, SA and Routing -entries as explained below in more detail. +* The ``-f /path/to/config_file`` option enables the application read and +parse the configuration file specified, and configures the application +with a given set of SP, SA and Routing entries accordingly. The syntax of +the configuration file will be explained below in more detail. Please +**note** the parser only accepts UNIX format text file. Other formats +such as DOS/MAC format will cause a parse error. Refer to the *DPDK Getting Started Guide* for general information on running applications and the Environment Abstraction Layer (EAL) options. @@ -219,496 +221,357 @@ For example, something like the following command line: --vdev "cryptodev_aesni_mb_pmd" --vdev "cryptodev_null_pmd" \ -- \ -p 0xf -P -u 0x3 --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ ---ep0 +-f sample.cfg Configurations -- -The following sections provide some details on the default values used to -initialize the SP, SA and Routing tables. -Currently all configuration information is hard coded into the application. +The following sections provide the syntax of configurations to initialize +your SP, SA and Routing tables. +Configurations shall be specified in the configuration file to be passed to +the application. The file is then parsed by the application. The successful +parsing will result in the appropriate rules being applied to the tables +accordingly. -The following image illustrate a few of the concept
[dpdk-dev] [PATCH 0/2] examples/ipsec_secgw: add configuration file support
This patchset adds the configuration file supported to ipsec_secgw sample application. Two sample configuration files, ep0.cfg and ep1.cfg are also added to show how to configure two systems back-to-back that would forward traffic through an IPsec tunnel v5 change: - fix missed SA cipher key length checking parsing error - fix SA ip address printing v4 change: - rebase the patchset on top of "examples/ipsec-secgw: fix GCC 4.5.x build error" (http://dpdk.org/dev/patchwork/patch/14895/) - add cipher_key and auth_key configuration options to SA rules - updated documentation for the new options v3 change: - fix 32-bit compilation error v2 changes: - fix configuration file parsing error. - update doc to remove whitespace tailing errors. Fan Zhang (2): examples/ipsec-secgw: add configuration file support examples/ipsec-secgw: add sample configuration files doc/guides/sample_app_ug/ipsec_secgw.rst | 845 +-- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ep0.cfg | 160 ++ examples/ipsec-secgw/ep1.cfg | 160 ++ examples/ipsec-secgw/ipsec-secgw.c | 58 ++- examples/ipsec-secgw/ipsec.h | 14 +- examples/ipsec-secgw/parser.c| 599 ++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 -- examples/ipsec-secgw/sa.c| 743 +-- examples/ipsec-secgw/sp4.c | 538 examples/ipsec-secgw/sp6.c | 539 +--- 12 files changed, 2709 insertions(+), 1319 deletions(-) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h -- 2.5.5
[dpdk-dev] [PATCH v4 2/2] examples/ipsec-secgw: add sample configuration files
This patch adds two sample configuration files to ipsec-secgw sample application. The sample configuration files shows how to set-up systems back-to-back that would forward traffic through an IPsec tunnel. Signed-off-by: Fan Zhang --- examples/ipsec-secgw/ep0.cfg | 160 +++ examples/ipsec-secgw/ep1.cfg | 160 +++ 2 files changed, 320 insertions(+) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg new file mode 100644 index 000..299aa9e --- /dev/null +++ b/examples/ipsec-secgw/ep0.cfg @@ -0,0 +1,160 @@ +### +# IPSEC-SECGW Endpoint sample configuration +# +# The main purpose of this file is to show how to configure two systems +# back-to-back that would forward traffic through an IPsec tunnel. This +# file is the Endpoint 0 configuration. To use this configuration file, +# add the following command-line option: +# +# -f ./ep0.cfg +# +### + +#SP IPv4 rules +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 + +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535 + +#SP IPv6 rules +sp ipv6 out esp protect 5 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 6 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 10 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 11 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 25 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 26 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +sp ipv6 in esp protect 15 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 16 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 110 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 111 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 125 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 126 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +#SA rules +sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 + +sa out 6 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\ +a0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\ +a0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 + +sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ +a1:a1:a1:a1:a1 auth_algo sha1-hmac
[dpdk-dev] [PATCH v4 1/2] examples/ipsec-secgw: add configuration file support
This patch adds the configuration file support to ipsec_secgw sample application. Instead of hard-coded rules, the users can specify their own SP, SA, and routing rules in the configuration file. An command line option "-f" is added to pass the configuration file location to the application. Configuration item formats: SP rule format: sp esp \ SA rule format: sa \ Routing rule format: rt Signed-off-by: Fan Zhang --- doc/guides/sample_app_ug/ipsec_secgw.rst | 845 +-- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ipsec-secgw.c | 58 ++- examples/ipsec-secgw/ipsec.h | 14 +- examples/ipsec-secgw/parser.c| 599 ++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 -- examples/ipsec-secgw/sa.c| 737 +-- examples/ipsec-secgw/sp4.c | 538 examples/ipsec-secgw/sp6.c | 539 +--- 10 files changed, 2383 insertions(+), 1319 deletions(-) create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index fcb33c2..5cce2fe 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -122,7 +122,7 @@ The application has a number of command line options:: -p PORTMASK -P -u PORTMASK --config (port,queue,lcore)[,(port,queue,lcore] --single-sa SAIDX - --ep0|--ep1 +-f CONFIG_FILE_PATH Where: @@ -142,14 +142,11 @@ Where: on both Inbound and Outbound. This option is meant for debugging/performance purposes. -* ``--ep0``: configure the app as Endpoint 0. +* ``-f CONFIG_FILE_PATH``: the full path of text-based file containing all +configuration items for running the application (See Configuration file +syntax section below). ``-f CONFIG_FILE_PATH`` **must** be specified. +**ONLY** the UNIX format configuration file is accepted. -* ``--ep1``: configure the app as Endpoint 1. - -Either one of ``--ep0`` or ``--ep1`` **must** be specified. -The main purpose of these options is to easily configure two systems -back-to-back that would forward traffic through an IPsec tunnel (see -:ref:`figure_ipsec_endpoints`). The mapping of lcores to port/queues is similar to other l3fwd applications. @@ -157,7 +154,8 @@ For example, given the following command line:: ./build/ipsec-secgw -l 20,21 -n 4 --socket-mem 0,2048 \ --vdev "cryptodev_null_pmd" -- -p 0xf -P -u 0x3 \ - --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" --ep0 \ + --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ + -f /path/to/config_file \ where each options means: @@ -194,8 +192,12 @@ where each options means: | | | | | +--+---+---+---+ -* The ``--ep0`` options configures the app with a given set of SP, SA and Routing -entries as explained below in more detail. +* The ``-f /path/to/config_file`` option enables the application read and +parse the configuration file specified, and configures the application +with a given set of SP, SA and Routing entries accordingly. The syntax of +the configuration file will be explained below in more detail. Please +**note** the parser only accepts UNIX format text file. Other formats +such as DOS/MAC format will cause a parse error. Refer to the *DPDK Getting Started Guide* for general information on running applications and the Environment Abstraction Layer (EAL) options. @@ -219,496 +221,357 @@ For example, something like the following command line: --vdev "cryptodev_aesni_mb_pmd" --vdev "cryptodev_null_pmd" \ -- \ -p 0xf -P -u 0x3 --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ ---ep0 +-f sample.cfg Configurations -- -The following sections provide some details on the default values used to -initialize the SP, SA and Routing tables. -Currently all configuration information is hard coded into the application. +The following sections provide the syntax of configurations to initialize +your SP, SA and Routing tables. +Configurations shall be specified in the configuration file to be passed to +the application. The file is then parsed by the application. The successful +parsing will result in the appropriate rules being applied to the tables +accordingly. -The following image illustrate a few of the concept
[dpdk-dev] [PATCH v4 0/2] examples/ipsec_secgw: add configuration file support
This patchset adds the configuration file supported to ipsec_secgw sample application. Two sample configuration files, ep0.cfg and ep1.cfg are also added to show how to configure two systems back-to-back that would forward traffic through an IPsec tunnel v4 change: - rebase the patchset on top of "examples/ipsec-secgw: fix GCC 4.5.x build error" (http://dpdk.org/dev/patchwork/patch/14895/) - add cipher_key and auth_key configuration options to SA rules - updated documentation for the new options v3 change: - fix 32-bit compilation error v2 changes: - fix configuration file parsing error. - update doc to remove whitespace tailing errors. Fan Zhang (2): examples/ipsec-secgw: add configuration file support examples/ipsec-secgw: add sample configuration files doc/guides/sample_app_ug/ipsec_secgw.rst | 845 +-- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ep0.cfg | 160 ++ examples/ipsec-secgw/ep1.cfg | 160 ++ examples/ipsec-secgw/ipsec-secgw.c | 58 ++- examples/ipsec-secgw/ipsec.h | 14 +- examples/ipsec-secgw/parser.c| 599 ++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 -- examples/ipsec-secgw/sa.c| 737 +-- examples/ipsec-secgw/sp4.c | 538 examples/ipsec-secgw/sp6.c | 539 +--- 12 files changed, 2703 insertions(+), 1319 deletions(-) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h -- 2.5.5
[dpdk-dev] [PATCH v3 2/2] examples/ipsec-secgw: add sample configuration files
This patch adds two sample configuration files to ipsec-secgw sample application. The sample configuration files shows how to set-up systems back-to-back that would forward traffic through an IPsec tunnel. Signed-off-by: Fan Zhang --- examples/ipsec-secgw/ep0.cfg | 119 +++ examples/ipsec-secgw/ep1.cfg | 119 +++ 2 files changed, 238 insertions(+) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg new file mode 100644 index 000..c10e22b --- /dev/null +++ b/examples/ipsec-secgw/ep0.cfg @@ -0,0 +1,119 @@ +### +# IPSEC-SECGW Endpoint sample configuration +# +# The main purpose of this file is to show how to configure two systems +# back-to-back that would forward traffic through an IPsec tunnel. This +# file is the Endpoint 0 configuration. To use this configuration file, +# add the following command-line option: +# +# -f ./ep0.cfg +# +### + +#SP IPv4 rules +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 + +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535 + +#SP IPv6 rules +sp ipv6 out esp protect 5 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 6 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 10 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 11 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 25 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 26 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +sp ipv6 in esp protect 15 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 16 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 110 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 111 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 125 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 126 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +#SA rules +sa out 5 aes-128-cbc sha1-hmac ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 +sa out 6 aes-128-cbc sha1-hmac ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 +sa out 10 aes-128-cbc sha1-hmac transport +sa out 11 aes-128-cbc sha1-hmac transport +sa out 15 null null ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 +sa out 16 null null ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 +sa out 25 aes-128-cbc sha1-hmac ipv6-tunnel \ +src ::::::: \ +dst ::::::: +sa out 26 aes-128-cbc sha1-hmac ipv6-tunnel \ +src
[dpdk-dev] [PATCH v3 1/2] examples/ipsec-secgw: add configuration file support
This patch adds the configuration file support to ipsec_secgw sample application. Instead of hard-coded rules, the users can specify their own SP, SA, and routing rules in the configuration file. An command line option "-f" is added to pass the configuration file location to the application. Configuration item formats: SP rule format: sp esp \ SA rule format: sa Routing rule format: rt Signed-off-by: Fan Zhang --- doc/guides/sample_app_ug/ipsec_secgw.rst | 809 --- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ipsec-secgw.c | 58 +-- examples/ipsec-secgw/ipsec.h | 8 +- examples/ipsec-secgw/parser.c| 599 +++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 +- examples/ipsec-secgw/sa.c| 462 ++ examples/ipsec-secgw/sp4.c | 539 +++- examples/ipsec-secgw/sp6.c | 540 ++--- 10 files changed, 2116 insertions(+), 1271 deletions(-) create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index fcb33c2..2757df5 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -122,7 +122,7 @@ The application has a number of command line options:: -p PORTMASK -P -u PORTMASK --config (port,queue,lcore)[,(port,queue,lcore] --single-sa SAIDX - --ep0|--ep1 +-f CONFIG_FILE_PATH Where: @@ -142,14 +142,11 @@ Where: on both Inbound and Outbound. This option is meant for debugging/performance purposes. -* ``--ep0``: configure the app as Endpoint 0. +* ``-f CONFIG_FILE_PATH``: the full path of text-based file containing all +configuration items for running the application (See Configuration file +syntax section below). ``-f CONFIG_FILE_PATH`` **must** be specified. +**ONLY** the UNIX format configuration file is accepted. -* ``--ep1``: configure the app as Endpoint 1. - -Either one of ``--ep0`` or ``--ep1`` **must** be specified. -The main purpose of these options is to easily configure two systems -back-to-back that would forward traffic through an IPsec tunnel (see -:ref:`figure_ipsec_endpoints`). The mapping of lcores to port/queues is similar to other l3fwd applications. @@ -157,7 +154,8 @@ For example, given the following command line:: ./build/ipsec-secgw -l 20,21 -n 4 --socket-mem 0,2048 \ --vdev "cryptodev_null_pmd" -- -p 0xf -P -u 0x3 \ - --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" --ep0 \ + --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ + -f /path/to/config_file \ where each options means: @@ -194,8 +192,12 @@ where each options means: | | | | | +--+---+---+---+ -* The ``--ep0`` options configures the app with a given set of SP, SA and Routing -entries as explained below in more detail. +* The ``-f /path/to/config_file`` option enables the application read and +parse the configuration file specified, and configures the application +with a given set of SP, SA and Routing entries accordingly. The syntax of +the configuration file will be explained below in more detail. Please +**note** the parser only accepts UNIX format text file. Other formats +such as DOS/MAC format will cause a parse error. Refer to the *DPDK Getting Started Guide* for general information on running applications and the Environment Abstraction Layer (EAL) options. @@ -219,496 +221,321 @@ For example, something like the following command line: --vdev "cryptodev_aesni_mb_pmd" --vdev "cryptodev_null_pmd" \ -- \ -p 0xf -P -u 0x3 --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ ---ep0 +-f sample.cfg Configurations -- -The following sections provide some details on the default values used to -initialize the SP, SA and Routing tables. -Currently all configuration information is hard coded into the application. +The following sections provide the syntax of configurations to initialize +your SP, SA and Routing tables. +Configurations shall be specified in the configuration file to be passed to +the application. The file is then parsed by the application. The successful +parsing will result in the appropriate rules being applied to the tables +accordingly. -The following image illustrate a few of the concepts regarding IP
[dpdk-dev] [PATCH v3 0/2] examples/ipsec_secgw: add configuration file support
This patchset adds the configuration file supported to ipsec_secgw sample application. Two sample configuration files, ep0.cfg and ep1.cfg are also added to show how to configure two systems back-to-back that would forward traffic through an IPsec tunnel v3 change: - fix 32-bit compilation error v2 changes: - fix configuration file parsing error. - update doc to remove whitespace tailing errors. Fan Zhang (2): examples/ipsec-secgw: add configuration file support examples/ipsec-secgw: add sample configuration files doc/guides/sample_app_ug/ipsec_secgw.rst | 809 --- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ep0.cfg | 119 + examples/ipsec-secgw/ep1.cfg | 119 + examples/ipsec-secgw/ipsec-secgw.c | 58 +-- examples/ipsec-secgw/ipsec.h | 8 +- examples/ipsec-secgw/parser.c| 599 +++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 +- examples/ipsec-secgw/sa.c| 462 ++ examples/ipsec-secgw/sp4.c | 539 +++- examples/ipsec-secgw/sp6.c | 540 ++--- 12 files changed, 2354 insertions(+), 1271 deletions(-) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h -- 2.5.5
[dpdk-dev] [PATCH v2 2/2] examples/ipsec-secgw: add sample configuration files
This patch adds two sample configuration files to ipsec-secgw sample application. The sample configuration files shows how to set-up systems back-to-back that would forward traffic through an IPsec tunnel. Signed-off-by: Fan Zhang --- examples/ipsec-secgw/ep0.cfg | 119 +++ examples/ipsec-secgw/ep1.cfg | 119 +++ 2 files changed, 238 insertions(+) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg new file mode 100644 index 000..c10e22b --- /dev/null +++ b/examples/ipsec-secgw/ep0.cfg @@ -0,0 +1,119 @@ +### +# IPSEC-SECGW Endpoint sample configuration +# +# The main purpose of this file is to show how to configure two systems +# back-to-back that would forward traffic through an IPsec tunnel. This +# file is the Endpoint 0 configuration. To use this configuration file, +# add the following command-line option: +# +# -f ./ep0.cfg +# +### + +#SP IPv4 rules +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 + +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535 + +#SP IPv6 rules +sp ipv6 out esp protect 5 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 6 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 10 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 11 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 25 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 26 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +sp ipv6 in esp protect 15 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 16 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 110 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 111 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 125 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 126 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +#SA rules +sa out 5 aes-128-cbc sha1-hmac ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 +sa out 6 aes-128-cbc sha1-hmac ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 +sa out 10 aes-128-cbc sha1-hmac transport +sa out 11 aes-128-cbc sha1-hmac transport +sa out 15 null null ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 +sa out 16 null null ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 +sa out 25 aes-128-cbc sha1-hmac ipv6-tunnel \ +src ::::::: \ +dst ::::::: +sa out 26 aes-128-cbc sha1-hmac ipv6-tunnel \ +src
[dpdk-dev] [PATCH v2 1/2] examples/ipsec-secgw: add configuration file support
This patch adds the configuration file support to ipsec_secgw sample application. Instead of hard-coded rules, the users can specify their own SP, SA, and routing rules in the configuration file. An command line option "-f" is added to pass the configuration file location to the application. Configuration item formats: SP rule format: sp esp \ SA rule format: sa Routing rule format: rt Signed-off-by: Fan Zhang --- doc/guides/sample_app_ug/ipsec_secgw.rst | 809 --- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ipsec-secgw.c | 58 +-- examples/ipsec-secgw/ipsec.h | 8 +- examples/ipsec-secgw/parser.c| 602 +++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 +- examples/ipsec-secgw/sa.c| 462 ++ examples/ipsec-secgw/sp4.c | 539 +++- examples/ipsec-secgw/sp6.c | 540 ++--- 10 files changed, 2119 insertions(+), 1271 deletions(-) create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index fcb33c2..2757df5 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -122,7 +122,7 @@ The application has a number of command line options:: -p PORTMASK -P -u PORTMASK --config (port,queue,lcore)[,(port,queue,lcore] --single-sa SAIDX - --ep0|--ep1 +-f CONFIG_FILE_PATH Where: @@ -142,14 +142,11 @@ Where: on both Inbound and Outbound. This option is meant for debugging/performance purposes. -* ``--ep0``: configure the app as Endpoint 0. +* ``-f CONFIG_FILE_PATH``: the full path of text-based file containing all +configuration items for running the application (See Configuration file +syntax section below). ``-f CONFIG_FILE_PATH`` **must** be specified. +**ONLY** the UNIX format configuration file is accepted. -* ``--ep1``: configure the app as Endpoint 1. - -Either one of ``--ep0`` or ``--ep1`` **must** be specified. -The main purpose of these options is to easily configure two systems -back-to-back that would forward traffic through an IPsec tunnel (see -:ref:`figure_ipsec_endpoints`). The mapping of lcores to port/queues is similar to other l3fwd applications. @@ -157,7 +154,8 @@ For example, given the following command line:: ./build/ipsec-secgw -l 20,21 -n 4 --socket-mem 0,2048 \ --vdev "cryptodev_null_pmd" -- -p 0xf -P -u 0x3 \ - --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" --ep0 \ + --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ + -f /path/to/config_file \ where each options means: @@ -194,8 +192,12 @@ where each options means: | | | | | +--+---+---+---+ -* The ``--ep0`` options configures the app with a given set of SP, SA and Routing -entries as explained below in more detail. +* The ``-f /path/to/config_file`` option enables the application read and +parse the configuration file specified, and configures the application +with a given set of SP, SA and Routing entries accordingly. The syntax of +the configuration file will be explained below in more detail. Please +**note** the parser only accepts UNIX format text file. Other formats +such as DOS/MAC format will cause a parse error. Refer to the *DPDK Getting Started Guide* for general information on running applications and the Environment Abstraction Layer (EAL) options. @@ -219,496 +221,321 @@ For example, something like the following command line: --vdev "cryptodev_aesni_mb_pmd" --vdev "cryptodev_null_pmd" \ -- \ -p 0xf -P -u 0x3 --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ ---ep0 +-f sample.cfg Configurations -- -The following sections provide some details on the default values used to -initialize the SP, SA and Routing tables. -Currently all configuration information is hard coded into the application. +The following sections provide the syntax of configurations to initialize +your SP, SA and Routing tables. +Configurations shall be specified in the configuration file to be passed to +the application. The file is then parsed by the application. The successful +parsing will result in the appropriate rules being applied to the tables +accordingly. -The following image illustrate a few of the concepts regarding IP
[dpdk-dev] [PATCH v2 0/2] examples/ipsec_secgw: add configuration file support
This patchset adds the configuration file supported to ipsec_secgw sample application. Two sample configuration files, ep0.cfg and ep1.cfg are also added to show how to configure two systems back-to-back that would forward traffic through an IPsec tunnel v2 changes: - fix configuration file parsing error. - update doc to remove whitespace tailing errors. Fan Zhang (2): examples/ipsec-secgw: add configuration file support examples/ipsec-secgw: add sample configuration files doc/guides/sample_app_ug/ipsec_secgw.rst | 809 --- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ep0.cfg | 119 + examples/ipsec-secgw/ep1.cfg | 119 + examples/ipsec-secgw/ipsec-secgw.c | 58 +-- examples/ipsec-secgw/ipsec.h | 8 +- examples/ipsec-secgw/parser.c| 602 +++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 +- examples/ipsec-secgw/sa.c| 462 ++ examples/ipsec-secgw/sp4.c | 539 +++- examples/ipsec-secgw/sp6.c | 540 ++--- 12 files changed, 2357 insertions(+), 1271 deletions(-) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h -- 2.5.5
[dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add sample configuration files
This patch adds two sample configuration files to ipsec-secgw sample application. The sample configuration files shows how to set-up systems back-to-back that would forward traffic through an IPsec tunnel. Signed-off-by: Fan Zhang --- examples/ipsec-secgw/ep0.cfg | 119 +++ examples/ipsec-secgw/ep1.cfg | 119 +++ 2 files changed, 238 insertions(+) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg new file mode 100644 index 000..be4732a --- /dev/null +++ b/examples/ipsec-secgw/ep0.cfg @@ -0,0 +1,119 @@ +### +# IPSEC-SECGW Endpoint sample configuration +# +# The main purpose of this file is to show how to configure two systems +# back-to-back that would forward traffic through an IPsec tunnel. This +# file is the Endpoint 0 configuration. To use this configuration file, +# add the following command-line option: +# +# -f ./ep0.cfg +# +### + +#SP IPv4 rules +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 +sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535 + +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535 + +#SP IPv6 rules +sp ipv6 out esp protect 5 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 6 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 10 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 11 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 25 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 26 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +sp ipv6 in esp protect 15 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 16 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 110 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 111 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 125 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 126 pri 1 dst :::::::/96 \ +sport 0:65535 dport 0:65535 + +#SA rules +sa out 5 aes-128-cbc sha1-hmac ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 +sa out 6 aes-128-cbc sha1-hmac ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 +sa out 10 aes-128-cbc sha1-hmac transport +sa out 11 aes-128-cbc sha1-hmac transport +sa out 15 null null ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 +sa out 16 null null ipv4-tunnel src 172.16.1.6 dst 172.16.2.6 +sa out 25 aes-128-cbc sha1-hmac ipv6-tunnel \ +src ::::::: \ +dst ::::::: +sa out 26 aes-128-cbc sha1-hmac ipv6-tunnel \ +src
[dpdk-dev] [PATCH 1/2] examples/ipsec_secgw: add configuration file support
This patch adds the configuration file support to ipsec_secgw sample application. Instead of hard-coded rules, the users can specify their own SP, SA, and routing rules in the configuration file. An command line option "-f" is added to pass the configuration file location to the application. Configuration item formats: SP rule format: sp esp \ SA rule format: sa Routing rule format: rt Signed-off-by: Fan Zhang --- doc/guides/sample_app_ug/ipsec_secgw.rst | 806 --- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ipsec-secgw.c | 48 +- examples/ipsec-secgw/ipsec.h | 8 +- examples/ipsec-secgw/parser.c| 602 +++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 +- examples/ipsec-secgw/sa.c| 428 examples/ipsec-secgw/sp4.c | 523 +++- examples/ipsec-secgw/sp6.c | 524 +--- 10 files changed, 2073 insertions(+), 1238 deletions(-) create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index fcb33c2..125bfa7 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -122,7 +122,7 @@ The application has a number of command line options:: -p PORTMASK -P -u PORTMASK --config (port,queue,lcore)[,(port,queue,lcore] --single-sa SAIDX - --ep0|--ep1 + -f config_file_path Where: @@ -142,14 +142,10 @@ Where: on both Inbound and Outbound. This option is meant for debugging/performance purposes. -* ``--ep0``: configure the app as Endpoint 0. +* ``-f config_file_path``: the full path of text-based file containing all +configuration items for running the application (See Configuration file +syntax section below). ``-f config_file_path`` **must** be specified. -* ``--ep1``: configure the app as Endpoint 1. - -Either one of ``--ep0`` or ``--ep1`` **must** be specified. -The main purpose of these options is to easily configure two systems -back-to-back that would forward traffic through an IPsec tunnel (see -:ref:`figure_ipsec_endpoints`). The mapping of lcores to port/queues is similar to other l3fwd applications. @@ -157,7 +153,8 @@ For example, given the following command line:: ./build/ipsec-secgw -l 20,21 -n 4 --socket-mem 0,2048 \ --vdev "cryptodev_null_pmd" -- -p 0xf -P -u 0x3 \ - --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" --ep0 \ + --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ + -f /path/to/config_file \ where each options means: @@ -194,8 +191,10 @@ where each options means: | | | | | +--+---+---+---+ -* The ``--ep0`` options configures the app with a given set of SP, SA and Routing -entries as explained below in more detail. +* The ``-f /path/to/config_file`` option enables the application read and +parse the configuration file specified, and configures the application +with a given set of SP, SA and Routing entries accordingly. The syntax of +the configuration file will be explained below in more detail. Refer to the *DPDK Getting Started Guide* for general information on running applications and the Environment Abstraction Layer (EAL) options. @@ -219,496 +218,321 @@ For example, something like the following command line: --vdev "cryptodev_aesni_mb_pmd" --vdev "cryptodev_null_pmd" \ -- \ -p 0xf -P -u 0x3 --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ ---ep0 +-f path/to/config_file Configurations -- -The following sections provide some details on the default values used to -initialize the SP, SA and Routing tables. -Currently all configuration information is hard coded into the application. +The following sections provide the syntax of configurations to initialize +your SP, SA and Routing tables. +Configurations shall be specified in the configuration file to be passed to +the application. The file is then parsed by the application. The successful +parsing will result in the appropriate rules being applied to the tables +accordingly. -The following image illustrate a few of the concepts regarding IPSec, such -as protected/unprotected and inbound/outbound traffic, from the point of -view of two back-to-back endpoints: -.. _figure_ipsec_endpoints: +Configuration File Syntax +
[dpdk-dev] [PATCH 0/2] examples/ipsec_secgw: add configuration file support
This patchset adds the configuration file supported to ipsec_secgw sample application. Two sample configuration files, ep0.cfg and ep1.cfg are also added to show how to configure two systems back-to-back that would forward traffic through an IPsec tunnel Fan Zhang (2): examples/ipsec_secgw: add configuration file support examples/ipsec-secgw: add sample configuration files doc/guides/sample_app_ug/ipsec_secgw.rst | 806 --- examples/ipsec-secgw/Makefile| 1 + examples/ipsec-secgw/ep0.cfg | 119 + examples/ipsec-secgw/ep1.cfg | 119 + examples/ipsec-secgw/ipsec-secgw.c | 48 +- examples/ipsec-secgw/ipsec.h | 8 +- examples/ipsec-secgw/parser.c| 602 +++ examples/ipsec-secgw/parser.h| 116 + examples/ipsec-secgw/rt.c| 255 +- examples/ipsec-secgw/sa.c| 428 examples/ipsec-secgw/sp4.c | 523 +++- examples/ipsec-secgw/sp6.c | 524 +--- 12 files changed, 2311 insertions(+), 1238 deletions(-) create mode 100644 examples/ipsec-secgw/ep0.cfg create mode 100644 examples/ipsec-secgw/ep1.cfg create mode 100644 examples/ipsec-secgw/parser.c create mode 100644 examples/ipsec-secgw/parser.h -- 2.5.5
[dpdk-dev] [PATCH v6 2/2] app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests
This patch adds the HMAC-SHA224 and HMAC-SHA384 digest generation and
verification tests to crypto
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.c | 26
app/test/test_cryptodev_aes.h | 296 ++
2 files changed, 322 insertions(+)
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
index f6b79da..a55c968 100644
--- a/app/test/test_cryptodev_aes.c
+++ b/app/test/test_cryptodev_aes.c
@@ -207,6 +207,32 @@ static const struct aes_test_case aes_test_cases[] = {
.feature_mask = AES_TEST_FEATURE_OOP,
.pmd_mask = AES_TEST_TARGET_PMD_QAT
},
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Encryption Digest",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Encryption Digest",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
};
static int
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
index c3b439b..ef518e0 100644
--- a/app/test/test_cryptodev_aes.h
+++ b/app/test/test_cryptodev_aes.h
@@ -825,4 +825,300 @@ static const struct aes_test_data aes_test_data_7 = {
}
};
+/** AES-128-CBC SHA224 test vector */
+static const struct aes_test_data aes_test_data_8 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .cipher_key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ "What a lousy earth! He wondered how many people "
+ "were destitute that same night even in his own "
+ "prosperous country, how many homes were "
+ "shanties, how many husbands were drunk and "
+ "wives socked, and how many children were "
+ "bullied, abused, or abandoned. How many "
+ "families hungered for food they could not "
+ "afford to buy? How many hearts were broken? How "
+ "many suicides would take place that same night, "
+ "how many people would go insane? How many "
+ "cockroaches and landlords would triumph? How "
+ "many winners were losers, successes failures, "
+ "and rich men poor men? How many wise guys were "
+ "stupid? How many happy endings were unhappy "
+ "endings? How many honest men were liars, brave "
+ "men cowards, loyal men traitors, how many "
+ "sainted men were corrupt, how many people in "
+ "positions of trust had sold their souls to "
+ "bodyguards, how many had never had souls? How "
+ "many straight-and-narrow paths were crooked "
+ "paths? How many best families were worst "
+ "families and how many good people were bad "
+ "people? When you added them all up and then "
+ "subtracted, you might be left with only the "
+ "children, and perhaps with Albert Einstein and "
+ "an old violinist or sculptor somewhere."
+ },
+ .len = 512
+ },
+ .ciphertext = {
+ .data = {
+ 0x8B, 0x4D, 0x
[dpdk-dev] [PATCH v6 1/2] app/test: rework the crypto AES unit test
This patch reworks the crypto AES unit test by introducing a new unified
test function
Signed-off-by: Fan Zhang
---
app/test/Makefile |1 +
app/test/test_cryptodev.c | 1613 ++--
app/test/test_cryptodev_aes.c | 659 ++
app/test/test_cryptodev_aes.h | 828
app/test/test_cryptodev_aes_ctr_test_vectors.h | 257
5 files changed, 1610 insertions(+), 1748 deletions(-)
create mode 100644 app/test/test_cryptodev_aes.c
create mode 100644 app/test/test_cryptodev_aes.h
delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h
diff --git a/app/test/Makefile b/app/test/Makefile
index 053f3a2..01cbf80 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -186,6 +186,7 @@ endif
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
+SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_aes.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_perf.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 6621573..c5b5fb3 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -43,7 +43,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_aes_ctr_test_vectors.h"
+#include "test_cryptodev_aes.h"
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_gcm_test_vectors.h"
@@ -111,19 +111,6 @@ setup_test_string(struct rte_mempool *mpool,
return m;
}
-static int
-setup_oop_test_mbufs(struct rte_mbuf **ibuf, struct rte_mbuf **obuf,
- struct rte_mempool *mpool, const char *string, size_t len,
- uint8_t blocksize) {
- *ibuf = setup_test_string(mpool, string, len, blocksize);
- if (*ibuf == NULL)
- return -(EFAULT);
- *obuf = setup_test_string(mpool, NULL, len, blocksize);
- if (*obuf == NULL)
- return -(EFAULT);
-
- return 0;
-}
#if HEX_DUMP
static void
@@ -890,1316 +877,80 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
- rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
- CIPHER_IV_LENGTH_AES_CBC);
-
- sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
- sym_op->cipher.data.length = QUOTE_512_BYTES;
-
- /* Process crypto operation */
- TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
- ut_params->op), "failed to process sym crypto op");
-
- TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
- "crypto op processing failed");
-
- /* Validate obuf */
- uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
- uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
- catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
- QUOTE_512_BYTES,
- "ciphertext data not as expected");
-
- uint8_t *digest = ciphertext + QUOTE_512_BYTES;
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
- catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
- gbl_cryptodev_type == RTE_CRYPTODEV_AESNI_MB_PMD ?
- TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
- DIGEST_BYTE_LENGTH_SHA1,
- "Generated digest data not as expected");
-
- return TEST_SUCCESS;
-}
-
-
-static int
-test_AES_CBC_HMAC_SHA1_encrypt_digest_oop(void)
-{
- struct crypto_testsuite_params *ts_params = _params;
- struct crypto_unittest_params *ut_params = _params;
-
- /* Generate test mbuf data and space for digest */
-
- TEST_ASSERT_EQUAL(setup_oop_test_mbufs(_params->ibuf,
- _params->obuf, ts_params->mbuf_pool, catch_22_quote,
- QUOTE_512_BYTES, 0), 0,
- "Allocation of rte_mbuf failed");
-
- ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->obuf,
- DIGEST_BYTE_LENGTH_SHA1);
-
- TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append digest");
-
- ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- ut_params->cipher_xform.next = _params->auth_xform;
-
- ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
- ut_params->cipher_xform.c
[dpdk-dev] [PATCH v6 0/2] rework crypto AES unit test
This patchset reworks the crypto AES unit test by introducing a new unified test function. v2 *fix session not freed after the test finished problem *remove l2fwd-crypto sample application patch v3 *fix clang compile error v4 *fix the misplaced commit in the v3 patchset v5 *squash several patches into one patch v6 *remove unused macro Fan Zhang (2): app/test: rework the crypto AES unit test app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests app/test/Makefile |1 + app/test/test_cryptodev.c | 1613 ++-- app/test/test_cryptodev_aes.c | 685 ++ app/test/test_cryptodev_aes.h | 1124 + app/test/test_cryptodev_aes_ctr_test_vectors.h | 257 5 files changed, 1932 insertions(+), 1748 deletions(-) create mode 100644 app/test/test_cryptodev_aes.c create mode 100644 app/test/test_cryptodev_aes.h delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h -- 2.5.5
[dpdk-dev] [PATCH v5 2/2] app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests
This patch adds the HMAC-SHA224 and HMAC-SHA384 digest generation and
verification tests to crypto
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.c | 26
app/test/test_cryptodev_aes.h | 296 ++
2 files changed, 322 insertions(+)
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
index 8c43441..3a9d826 100644
--- a/app/test/test_cryptodev_aes.c
+++ b/app/test/test_cryptodev_aes.c
@@ -211,6 +211,32 @@ static const struct aes_test_case aes_test_cases[] = {
.feature_mask = AES_TEST_FEATURE_OOP,
.pmd_mask = AES_TEST_TARGET_PMD_QAT
},
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Encryption Digest",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Encryption Digest",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
};
static int
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
index c3b439b..ef518e0 100644
--- a/app/test/test_cryptodev_aes.h
+++ b/app/test/test_cryptodev_aes.h
@@ -825,4 +825,300 @@ static const struct aes_test_data aes_test_data_7 = {
}
};
+/** AES-128-CBC SHA224 test vector */
+static const struct aes_test_data aes_test_data_8 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .cipher_key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ "What a lousy earth! He wondered how many people "
+ "were destitute that same night even in his own "
+ "prosperous country, how many homes were "
+ "shanties, how many husbands were drunk and "
+ "wives socked, and how many children were "
+ "bullied, abused, or abandoned. How many "
+ "families hungered for food they could not "
+ "afford to buy? How many hearts were broken? How "
+ "many suicides would take place that same night, "
+ "how many people would go insane? How many "
+ "cockroaches and landlords would triumph? How "
+ "many winners were losers, successes failures, "
+ "and rich men poor men? How many wise guys were "
+ "stupid? How many happy endings were unhappy "
+ "endings? How many honest men were liars, brave "
+ "men cowards, loyal men traitors, how many "
+ "sainted men were corrupt, how many people in "
+ "positions of trust had sold their souls to "
+ "bodyguards, how many had never had souls? How "
+ "many straight-and-narrow paths were crooked "
+ "paths? How many best families were worst "
+ "families and how many good people were bad "
+ "people? When you added them all up and then "
+ "subtracted, you might be left with only the "
+ "children, and perhaps with Albert Einstein and "
+ "an old violinist or sculptor somewhere."
+ },
+ .len = 512
+ },
+ .ciphertext = {
+ .data = {
+ 0x8B, 0x4D, 0x
[dpdk-dev] [PATCH v5 1/2] app/test: reworks the crypto AES unit test
This patch reworks the crypto AES unit test by introducing a new unified
test function
Signed-off-by: Fan Zhang
---
app/test/Makefile |1 +
app/test/test_cryptodev.c | 1613 ++--
app/test/test_cryptodev_aes.c | 663 ++
app/test/test_cryptodev_aes.h | 828
app/test/test_cryptodev_aes_ctr_test_vectors.h | 257
5 files changed, 1614 insertions(+), 1748 deletions(-)
create mode 100644 app/test/test_cryptodev_aes.c
create mode 100644 app/test/test_cryptodev_aes.h
delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h
diff --git a/app/test/Makefile b/app/test/Makefile
index f269fe0..fd193df 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -153,6 +153,7 @@ endif
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
+SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_aes.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_perf.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 45e6daa..1730022 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -43,7 +43,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_aes_ctr_test_vectors.h"
+#include "test_cryptodev_aes.h"
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_gcm_test_vectors.h"
@@ -111,19 +111,6 @@ setup_test_string(struct rte_mempool *mpool,
return m;
}
-static int
-setup_oop_test_mbufs(struct rte_mbuf **ibuf, struct rte_mbuf **obuf,
- struct rte_mempool *mpool, const char *string, size_t len,
- uint8_t blocksize) {
- *ibuf = setup_test_string(mpool, string, len, blocksize);
- if (*ibuf == NULL)
- return -(EFAULT);
- *obuf = setup_test_string(mpool, NULL, len, blocksize);
- if (*obuf == NULL)
- return -(EFAULT);
-
- return 0;
-}
#if HEX_DUMP
static void
@@ -890,1316 +877,80 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
- rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
- CIPHER_IV_LENGTH_AES_CBC);
-
- sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
- sym_op->cipher.data.length = QUOTE_512_BYTES;
-
- /* Process crypto operation */
- TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
- ut_params->op), "failed to process sym crypto op");
-
- TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
- "crypto op processing failed");
-
- /* Validate obuf */
- uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
- uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
- catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
- QUOTE_512_BYTES,
- "ciphertext data not as expected");
-
- uint8_t *digest = ciphertext + QUOTE_512_BYTES;
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
- catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
- gbl_cryptodev_type == RTE_CRYPTODEV_AESNI_MB_PMD ?
- TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
- DIGEST_BYTE_LENGTH_SHA1,
- "Generated digest data not as expected");
-
- return TEST_SUCCESS;
-}
-
-
-static int
-test_AES_CBC_HMAC_SHA1_encrypt_digest_oop(void)
-{
- struct crypto_testsuite_params *ts_params = _params;
- struct crypto_unittest_params *ut_params = _params;
-
- /* Generate test mbuf data and space for digest */
-
- TEST_ASSERT_EQUAL(setup_oop_test_mbufs(_params->ibuf,
- _params->obuf, ts_params->mbuf_pool, catch_22_quote,
- QUOTE_512_BYTES, 0), 0,
- "Allocation of rte_mbuf failed");
-
- ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->obuf,
- DIGEST_BYTE_LENGTH_SHA1);
-
- TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append digest");
-
- ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- ut_params->cipher_xform.next = _params->auth_xform;
-
- ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
- ut_params->cipher_xform.c
[dpdk-dev] [PATCH v5 0/2] app/test: rework crypto AES unit test
This patchset reworks the crypto AES unit test by introducing a new unified test function. This patchset depends on the following patches/patchsets: "qat: fix phys address of content descriptor" (http://dpdk.org/dev/patchwork/patch/13137/) and "Add AES Counter mode support for AES-NI MB PMD" (http://dpdk.org/ml/archives/dev/2016-June/040222.html) v2 *fix session not freed after the test finished problem *remove l2fwd-crypto sample application patch v3 *fix clang compile error v4 *fix the misplaced commit in the v3 patchset v5 *squash several patches into one patch Fan Zhang (2): app/test: reworks the crypto AES unit test app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests app/test/Makefile |1 + app/test/test_cryptodev.c | 1613 ++-- app/test/test_cryptodev_aes.c | 689 ++ app/test/test_cryptodev_aes.h | 1124 + app/test/test_cryptodev_aes_ctr_test_vectors.h | 257 5 files changed, 1936 insertions(+), 1748 deletions(-) create mode 100644 app/test/test_cryptodev_aes.c create mode 100644 app/test/test_cryptodev_aes.h delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h -- 2.5.5
[dpdk-dev] [PATCH v4 4/4] app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests
This patch adds the HMAC-SHA224 and HMAC-SHA384 digest generation and
verification tests to crypto
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.c | 26
app/test/test_cryptodev_aes.h | 296 ++
2 files changed, 322 insertions(+)
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
index 3b5f005..c4e35e9 100755
--- a/app/test/test_cryptodev_aes.c
+++ b/app/test/test_cryptodev_aes.c
@@ -211,6 +211,32 @@ static const struct aes_test_case aes_test_cases[] = {
.feature_mask = AES_TEST_FEATURE_OOP,
.pmd_mask = AES_TEST_TARGET_PMD_QAT
},
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Encryption Digest",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Encryption Digest",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
};
static int
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
index c3b439b..ef518e0 100755
--- a/app/test/test_cryptodev_aes.h
+++ b/app/test/test_cryptodev_aes.h
@@ -825,4 +825,300 @@ static const struct aes_test_data aes_test_data_7 = {
}
};
+/** AES-128-CBC SHA224 test vector */
+static const struct aes_test_data aes_test_data_8 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .cipher_key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ "What a lousy earth! He wondered how many people "
+ "were destitute that same night even in his own "
+ "prosperous country, how many homes were "
+ "shanties, how many husbands were drunk and "
+ "wives socked, and how many children were "
+ "bullied, abused, or abandoned. How many "
+ "families hungered for food they could not "
+ "afford to buy? How many hearts were broken? How "
+ "many suicides would take place that same night, "
+ "how many people would go insane? How many "
+ "cockroaches and landlords would triumph? How "
+ "many winners were losers, successes failures, "
+ "and rich men poor men? How many wise guys were "
+ "stupid? How many happy endings were unhappy "
+ "endings? How many honest men were liars, brave "
+ "men cowards, loyal men traitors, how many "
+ "sainted men were corrupt, how many people in "
+ "positions of trust had sold their souls to "
+ "bodyguards, how many had never had souls? How "
+ "many straight-and-narrow paths were crooked "
+ "paths? How many best families were worst "
+ "families and how many good people were bad "
+ "people? When you added them all up and then "
+ "subtracted, you might be left with only the "
+ "children, and perhaps with Albert Einstein and "
+ "an old violinist or sculptor somewhere."
+ },
+ .len = 512
+ },
+ .ciphertext = {
+ .data = {
+ 0x8B, 0x4D, 0x
[dpdk-dev] [PATCH v4 3/4] app/test: utilize new unified crypto AES test function
This patch replaces the AES test code with new unified crypto AES test
function.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev.c | 1613 ++--
app/test/test_cryptodev_aes_ctr_test_vectors.h | 257
2 files changed, 122 insertions(+), 1748 deletions(-)
delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 45e6daa..1730022 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -43,7 +43,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_aes_ctr_test_vectors.h"
+#include "test_cryptodev_aes.h"
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_gcm_test_vectors.h"
@@ -111,19 +111,6 @@ setup_test_string(struct rte_mempool *mpool,
return m;
}
-static int
-setup_oop_test_mbufs(struct rte_mbuf **ibuf, struct rte_mbuf **obuf,
- struct rte_mempool *mpool, const char *string, size_t len,
- uint8_t blocksize) {
- *ibuf = setup_test_string(mpool, string, len, blocksize);
- if (*ibuf == NULL)
- return -(EFAULT);
- *obuf = setup_test_string(mpool, NULL, len, blocksize);
- if (*obuf == NULL)
- return -(EFAULT);
-
- return 0;
-}
#if HEX_DUMP
static void
@@ -890,1316 +877,80 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
- rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
- CIPHER_IV_LENGTH_AES_CBC);
-
- sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
- sym_op->cipher.data.length = QUOTE_512_BYTES;
-
- /* Process crypto operation */
- TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
- ut_params->op), "failed to process sym crypto op");
-
- TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
- "crypto op processing failed");
-
- /* Validate obuf */
- uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
- uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
- catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
- QUOTE_512_BYTES,
- "ciphertext data not as expected");
-
- uint8_t *digest = ciphertext + QUOTE_512_BYTES;
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
- catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
- gbl_cryptodev_type == RTE_CRYPTODEV_AESNI_MB_PMD ?
- TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
- DIGEST_BYTE_LENGTH_SHA1,
- "Generated digest data not as expected");
-
- return TEST_SUCCESS;
-}
-
-
-static int
-test_AES_CBC_HMAC_SHA1_encrypt_digest_oop(void)
-{
- struct crypto_testsuite_params *ts_params = _params;
- struct crypto_unittest_params *ut_params = _params;
-
- /* Generate test mbuf data and space for digest */
-
- TEST_ASSERT_EQUAL(setup_oop_test_mbufs(_params->ibuf,
- _params->obuf, ts_params->mbuf_pool, catch_22_quote,
- QUOTE_512_BYTES, 0), 0,
- "Allocation of rte_mbuf failed");
-
- ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->obuf,
- DIGEST_BYTE_LENGTH_SHA1);
-
- TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append digest");
-
- ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- ut_params->cipher_xform.next = _params->auth_xform;
-
- ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
- ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
- ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
-
- ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- ut_params->auth_xform.next = NULL;
-
- ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
- ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
- ut_params->auth_xform.auth.key.length = HMAC_KEY_LENGTH_SHA1;
- ut_params->auth_xform.auth.key.data = hmac_sha1_key;
- ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
-
- ut_params->sess = rte_cryptodev_sym_session_create(
-
[dpdk-dev] [PATCH v4 2/4] app/test: add unified crypto aes test
This patch adds a new crypto AES unified test function.
Signed-off-by: Fan Zhang
---
app/test/Makefile | 1 +
app/test/test_cryptodev_aes.c | 663 ++
app/test/test_cryptodev_aes.h | 6 +
3 files changed, 670 insertions(+)
create mode 100755 app/test/test_cryptodev_aes.c
diff --git a/app/test/Makefile b/app/test/Makefile
index f269fe0..fd193df 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -153,6 +153,7 @@ endif
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
+SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_aes.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_perf.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
new file mode 100755
index 000..3b5f005
--- /dev/null
+++ b/app/test/test_cryptodev_aes.c
@@ -0,0 +1,663 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2015-2016 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ *contributors may be used to endorse or promote products derived
+ *from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include
+#include
+#include
+
+#include "test.h"
+#include "test_cryptodev_aes.h"
+
+#ifndef MAX_N_AES_TESTS
+#define MAX_N_AES_TESTS256
+#endif
+
+#ifndef AES_TEST_MSG_LEN
+#define AES_TEST_MSG_LEN 256
+#endif
+
+#define AES_TEST_OP_ENCRYPT0x01
+#define AES_TEST_OP_DECRYPT0x02
+#define AES_TEST_OP_AUTH_GEN 0x04
+#define AES_TEST_OP_AUTH_VERIFY0x08
+
+#define AES_TEST_FEATURE_OOP 0x01
+#define AES_TEST_FEATURE_SESSIONLESS 0x02
+#define AES_TEST_FEATURE_STOPPER 0x04 /* stop upon failing */
+
+#define AES_TEST_TARGET_PMD_MB 0x0001 /* Multi-buffer flag */
+#define AES_TEST_TARGET_PMD_QAT0x0002 /* QAT flag */
+
+#define AES_TEST_OP_CIPHER (AES_TEST_OP_ENCRYPT | \
+ AES_TEST_OP_DECRYPT)
+
+#define AES_TEST_OP_AUTH (AES_TEST_OP_AUTH_GEN | \
+ AES_TEST_OP_AUTH_VERIFY)
+
+#define AES_TEST_OP_ENC_AUTH_GEN (AES_TEST_OP_ENCRYPT | \
+ AES_TEST_OP_AUTH_GEN)
+
+#define AES_TEST_OP_AUTH_VERIFY_DEC(AES_TEST_OP_DECRYPT | \
+ AES_TEST_OP_AUTH_VERIFY)
+
+struct aes_test_case {
+ const char *test_descr; /* test description */
+ const struct aes_test_data *test_data;
+ uint8_t op_mask; /* operation mask */
+ uint8_t feature_mask;
+ uint32_t pmd_mask;
+};
+
+static const struct aes_test_case aes_test_cases[] = {
+ {
+ .test_descr = "AES-128-CTR HMAC-SHA1 Encryption Digest",
+ .test_data = _test_data_1,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB |
+ AES_TEST_TARGET_PMD_QAT
+ },
+ {
+ .test_descr = "AES-128-CTR HMAC-SHA1 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_1,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB |
+ AES_TEST_TARGET_PMD
[dpdk-dev] [PATCH v4 1/4] app/test: categorize crypto AES test vectors into new file
This patch accumulates crypto AES test vectors into a new header file.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.h | 822 ++
1 file changed, 822 insertions(+)
create mode 100755 app/test/test_cryptodev_aes.h
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
new file mode 100755
index 000..8fc6dd0
--- /dev/null
+++ b/app/test/test_cryptodev_aes.h
@@ -0,0 +1,822 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ *contributors may be used to endorse or promote products derived
+ *from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef TEST_CRYPTODEV_AES_H_
+#define TEST_CRYPTODEV_AES_H_
+
+struct aes_test_data {
+ enum rte_crypto_cipher_algorithm crypto_algo;
+
+ struct {
+ uint8_t data[64];
+ unsigned len;
+ } cipher_key;
+
+ struct {
+ uint8_t data[64] __rte_aligned(16);
+ unsigned len;
+ } iv;
+
+ struct {
+ uint8_t data[2048];
+ unsigned len;
+ } plaintext;
+
+ struct {
+ uint8_t data[2048];
+ unsigned len;
+ } ciphertext;
+
+ enum rte_crypto_auth_algorithm auth_algo;
+
+ struct {
+ uint8_t data[128];
+ unsigned len;
+ } auth_key;
+
+ struct {
+ uint8_t data[128];
+ unsigned len; /* for qat */
+ unsigned truncated_len; /* for mb */
+ } digest;
+};
+
+/* test vectors */
+/* AES128-CTR-SHA1 test vector */
+static const struct aes_test_data aes_test_data_1 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .cipher_key = {
+ .data = {
+ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+ 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
+ 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+ 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+ 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
+ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
+ 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
+ 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
+ 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
+ },
+ .len = 64
+ },
+ .ciphertext = {
+ .data = {
+ 0x87, 0x4D, 0x61, 0x91, 0xB6, 0x20, 0xE3, 0x26,
+ 0x1B, 0xEF, 0x68, 0x64, 0x99, 0x0D, 0xB6, 0xCE,
+ 0x98, 0x06, 0xF6, 0x6B, 0x79, 0x70, 0xFD, 0xFF,
+ 0x86, 0x17, 0x18, 0x7B, 0xB9, 0xFF, 0xFD, 0xFF,
+ 0x5A, 0xE4, 0xDF, 0x3E, 0xDB, 0xD5, 0xD3, 0x5E,
+ 0x5B, 0x4F, 0x09, 0x02, 0x0D, 0xB0, 0x3E, 0xAB,
+ 0x1E, 0x03, 0x1D, 0xDA, 0x2F, 0xBE, 0x03, 0xD1,
+
[dpdk-dev] [PATCH v4 0/4] app/test: rework crypto AES unit test
This patchset reworks the crypto AES unit test by introducing a new unified test function. This patchset depends on the following patches/patchsets: "qat: fix phys address of content descriptor" (http://dpdk.org/dev/patchwork/patch/13137/) and "Add AES Counter mode support for AES-NI MB PMD" (http://dpdk.org/ml/archives/dev/2016-June/040222.html) v2 *fix session not freed after the test finished problem *remove l2fwd-crypto sample application patch v3 *fix clang compile error v4 *fix the misplaced commit in the v3 patchset Fan Zhang (4): app/test: categorize crypto AES test vectors into new file app/test: add unified crypto aes test app/test: utilize new unified crypto AES test function app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests app/test/Makefile |1 + app/test/test_cryptodev.c | 1613 ++-- app/test/test_cryptodev_aes.c | 689 ++ app/test/test_cryptodev_aes.h | 1124 + app/test/test_cryptodev_aes_ctr_test_vectors.h | 257 5 files changed, 1936 insertions(+), 1748 deletions(-) create mode 100755 app/test/test_cryptodev_aes.c create mode 100755 app/test/test_cryptodev_aes.h delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h -- 2.5.5
[dpdk-dev] [PATCH v3 4/4] app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests
This patch adds the HMAC-SHA224 and HMAC-SHA384 digest generation and
verification tests to crypto
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.c | 26
app/test/test_cryptodev_aes.h | 296 ++
2 files changed, 322 insertions(+)
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
index 8c43441..3a9d826 100755
--- a/app/test/test_cryptodev_aes.c
+++ b/app/test/test_cryptodev_aes.c
@@ -211,6 +211,32 @@ static const struct aes_test_case aes_test_cases[] = {
.feature_mask = AES_TEST_FEATURE_OOP,
.pmd_mask = AES_TEST_TARGET_PMD_QAT
},
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Encryption Digest",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Encryption Digest",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
};
static int
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
index c3b439b..ef518e0 100755
--- a/app/test/test_cryptodev_aes.h
+++ b/app/test/test_cryptodev_aes.h
@@ -825,4 +825,300 @@ static const struct aes_test_data aes_test_data_7 = {
}
};
+/** AES-128-CBC SHA224 test vector */
+static const struct aes_test_data aes_test_data_8 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .cipher_key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ "What a lousy earth! He wondered how many people "
+ "were destitute that same night even in his own "
+ "prosperous country, how many homes were "
+ "shanties, how many husbands were drunk and "
+ "wives socked, and how many children were "
+ "bullied, abused, or abandoned. How many "
+ "families hungered for food they could not "
+ "afford to buy? How many hearts were broken? How "
+ "many suicides would take place that same night, "
+ "how many people would go insane? How many "
+ "cockroaches and landlords would triumph? How "
+ "many winners were losers, successes failures, "
+ "and rich men poor men? How many wise guys were "
+ "stupid? How many happy endings were unhappy "
+ "endings? How many honest men were liars, brave "
+ "men cowards, loyal men traitors, how many "
+ "sainted men were corrupt, how many people in "
+ "positions of trust had sold their souls to "
+ "bodyguards, how many had never had souls? How "
+ "many straight-and-narrow paths were crooked "
+ "paths? How many best families were worst "
+ "families and how many good people were bad "
+ "people? When you added them all up and then "
+ "subtracted, you might be left with only the "
+ "children, and perhaps with Albert Einstein and "
+ "an old violinist or sculptor somewhere."
+ },
+ .len = 512
+ },
+ .ciphertext = {
+ .data = {
+ 0x8B, 0x4D, 0x
[dpdk-dev] [PATCH v3 3/4] app/test: utilize new unified crypto AES test function
This patch replaces the AES test code with new unified crypto AES test
function.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev.c | 1613 ++--
app/test/test_cryptodev_aes.c |6 +-
app/test/test_cryptodev_aes_ctr_test_vectors.h | 257
3 files changed, 125 insertions(+), 1751 deletions(-)
delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 45e6daa..1730022 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -43,7 +43,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_aes_ctr_test_vectors.h"
+#include "test_cryptodev_aes.h"
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_gcm_test_vectors.h"
@@ -111,19 +111,6 @@ setup_test_string(struct rte_mempool *mpool,
return m;
}
-static int
-setup_oop_test_mbufs(struct rte_mbuf **ibuf, struct rte_mbuf **obuf,
- struct rte_mempool *mpool, const char *string, size_t len,
- uint8_t blocksize) {
- *ibuf = setup_test_string(mpool, string, len, blocksize);
- if (*ibuf == NULL)
- return -(EFAULT);
- *obuf = setup_test_string(mpool, NULL, len, blocksize);
- if (*obuf == NULL)
- return -(EFAULT);
-
- return 0;
-}
#if HEX_DUMP
static void
@@ -890,1316 +877,80 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
- rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
- CIPHER_IV_LENGTH_AES_CBC);
-
- sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
- sym_op->cipher.data.length = QUOTE_512_BYTES;
-
- /* Process crypto operation */
- TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
- ut_params->op), "failed to process sym crypto op");
-
- TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
- "crypto op processing failed");
-
- /* Validate obuf */
- uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
- uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
- catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
- QUOTE_512_BYTES,
- "ciphertext data not as expected");
-
- uint8_t *digest = ciphertext + QUOTE_512_BYTES;
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
- catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
- gbl_cryptodev_type == RTE_CRYPTODEV_AESNI_MB_PMD ?
- TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
- DIGEST_BYTE_LENGTH_SHA1,
- "Generated digest data not as expected");
-
- return TEST_SUCCESS;
-}
-
-
-static int
-test_AES_CBC_HMAC_SHA1_encrypt_digest_oop(void)
-{
- struct crypto_testsuite_params *ts_params = _params;
- struct crypto_unittest_params *ut_params = _params;
-
- /* Generate test mbuf data and space for digest */
-
- TEST_ASSERT_EQUAL(setup_oop_test_mbufs(_params->ibuf,
- _params->obuf, ts_params->mbuf_pool, catch_22_quote,
- QUOTE_512_BYTES, 0), 0,
- "Allocation of rte_mbuf failed");
-
- ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->obuf,
- DIGEST_BYTE_LENGTH_SHA1);
-
- TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append digest");
-
- ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- ut_params->cipher_xform.next = _params->auth_xform;
-
- ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
- ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
- ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
-
- ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- ut_params->auth_xform.next = NULL;
-
- ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
- ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
- ut_params->auth_xform.auth.key.length = HMAC_KEY_LENGTH_SHA1;
- ut_params->auth_xform.auth.key.data = hmac_sha1_key;
- ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
-
- ut_params->sess =
[dpdk-dev] [PATCH v3 2/4] app/test: add unified crypto aes test
This patch adds a new crypto AES unified test function.
Signed-off-by: Fan Zhang
---
app/test/Makefile | 1 +
app/test/test_cryptodev_aes.c | 663 ++
app/test/test_cryptodev_aes.h | 6 +
3 files changed, 670 insertions(+)
create mode 100755 app/test/test_cryptodev_aes.c
diff --git a/app/test/Makefile b/app/test/Makefile
index f269fe0..fd193df 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -153,6 +153,7 @@ endif
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
+SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_aes.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_perf.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
new file mode 100755
index 000..3b5f005
--- /dev/null
+++ b/app/test/test_cryptodev_aes.c
@@ -0,0 +1,663 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2015-2016 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ *contributors may be used to endorse or promote products derived
+ *from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include
+#include
+#include
+
+#include "test.h"
+#include "test_cryptodev_aes.h"
+
+#ifndef MAX_N_AES_TESTS
+#define MAX_N_AES_TESTS256
+#endif
+
+#ifndef AES_TEST_MSG_LEN
+#define AES_TEST_MSG_LEN 256
+#endif
+
+#define AES_TEST_OP_ENCRYPT0x01
+#define AES_TEST_OP_DECRYPT0x02
+#define AES_TEST_OP_AUTH_GEN 0x04
+#define AES_TEST_OP_AUTH_VERIFY0x08
+
+#define AES_TEST_FEATURE_OOP 0x01
+#define AES_TEST_FEATURE_SESSIONLESS 0x02
+#define AES_TEST_FEATURE_STOPPER 0x04 /* stop upon failing */
+
+#define AES_TEST_TARGET_PMD_MB 0x0001 /* Multi-buffer flag */
+#define AES_TEST_TARGET_PMD_QAT0x0002 /* QAT flag */
+
+#define AES_TEST_OP_CIPHER (AES_TEST_OP_ENCRYPT | \
+ AES_TEST_OP_DECRYPT)
+
+#define AES_TEST_OP_AUTH (AES_TEST_OP_AUTH_GEN | \
+ AES_TEST_OP_AUTH_VERIFY)
+
+#define AES_TEST_OP_ENC_AUTH_GEN (AES_TEST_OP_ENCRYPT | \
+ AES_TEST_OP_AUTH_GEN)
+
+#define AES_TEST_OP_AUTH_VERIFY_DEC(AES_TEST_OP_DECRYPT | \
+ AES_TEST_OP_AUTH_VERIFY)
+
+struct aes_test_case {
+ const char *test_descr; /* test description */
+ const struct aes_test_data *test_data;
+ uint8_t op_mask; /* operation mask */
+ uint8_t feature_mask;
+ uint32_t pmd_mask;
+};
+
+static const struct aes_test_case aes_test_cases[] = {
+ {
+ .test_descr = "AES-128-CTR HMAC-SHA1 Encryption Digest",
+ .test_data = _test_data_1,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB |
+ AES_TEST_TARGET_PMD_QAT
+ },
+ {
+ .test_descr = "AES-128-CTR HMAC-SHA1 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_1,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB |
+ AES_TEST_TARGET_PMD
[dpdk-dev] [PATCH v3 1/4] app/test: categorize crypto AES test vectors into new file
This patch accumulates crypto AES test vectors into a new header file.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.h | 822 ++
1 file changed, 822 insertions(+)
create mode 100755 app/test/test_cryptodev_aes.h
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
new file mode 100755
index 000..8fc6dd0
--- /dev/null
+++ b/app/test/test_cryptodev_aes.h
@@ -0,0 +1,822 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ *contributors may be used to endorse or promote products derived
+ *from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef TEST_CRYPTODEV_AES_H_
+#define TEST_CRYPTODEV_AES_H_
+
+struct aes_test_data {
+ enum rte_crypto_cipher_algorithm crypto_algo;
+
+ struct {
+ uint8_t data[64];
+ unsigned len;
+ } cipher_key;
+
+ struct {
+ uint8_t data[64] __rte_aligned(16);
+ unsigned len;
+ } iv;
+
+ struct {
+ uint8_t data[2048];
+ unsigned len;
+ } plaintext;
+
+ struct {
+ uint8_t data[2048];
+ unsigned len;
+ } ciphertext;
+
+ enum rte_crypto_auth_algorithm auth_algo;
+
+ struct {
+ uint8_t data[128];
+ unsigned len;
+ } auth_key;
+
+ struct {
+ uint8_t data[128];
+ unsigned len; /* for qat */
+ unsigned truncated_len; /* for mb */
+ } digest;
+};
+
+/* test vectors */
+/* AES128-CTR-SHA1 test vector */
+static const struct aes_test_data aes_test_data_1 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .cipher_key = {
+ .data = {
+ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+ 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
+ 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+ 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+ 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
+ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
+ 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
+ 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
+ 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
+ },
+ .len = 64
+ },
+ .ciphertext = {
+ .data = {
+ 0x87, 0x4D, 0x61, 0x91, 0xB6, 0x20, 0xE3, 0x26,
+ 0x1B, 0xEF, 0x68, 0x64, 0x99, 0x0D, 0xB6, 0xCE,
+ 0x98, 0x06, 0xF6, 0x6B, 0x79, 0x70, 0xFD, 0xFF,
+ 0x86, 0x17, 0x18, 0x7B, 0xB9, 0xFF, 0xFD, 0xFF,
+ 0x5A, 0xE4, 0xDF, 0x3E, 0xDB, 0xD5, 0xD3, 0x5E,
+ 0x5B, 0x4F, 0x09, 0x02, 0x0D, 0xB0, 0x3E, 0xAB,
+ 0x1E, 0x03, 0x1D, 0xDA, 0x2F, 0xBE, 0x03, 0xD1,
+
[dpdk-dev] [PATCH v3 0/4] app/test: rework crypto AES unit test
This patchset reworks the crypto AES unit test by introducing a new unified test function. This patchset depends on the following patches/patchsets: "qat: fix phys address of content descriptor" (http://dpdk.org/dev/patchwork/patch/13137/) and "Add AES Counter mode support for AES-NI MB PMD" (http://dpdk.org/ml/archives/dev/2016-June/040222.html) v2 *fix session not freed after the test finished problem *remove l2fwd-crypto sample application patch v3 *fix clang compile error Fan Zhang (4): app/test: categorize crypto AES test vectors into new file app/test: add unified crypto aes test app/test: utilize new unified crypto AES test function app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests app/test/Makefile |1 + app/test/test_cryptodev.c | 1613 ++-- app/test/test_cryptodev_aes.c | 689 ++ app/test/test_cryptodev_aes.h | 1124 + app/test/test_cryptodev_aes_ctr_test_vectors.h | 257 5 files changed, 1936 insertions(+), 1748 deletions(-) create mode 100755 app/test/test_cryptodev_aes.c create mode 100755 app/test/test_cryptodev_aes.h delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h -- 2.5.5
[dpdk-dev] [PATCH v2 4/4] app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests
This patch adds the HMAC-SHA224 and HMAC-SHA384 digest generation and
verification tests to crypto
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.c | 26
app/test/test_cryptodev_aes.h | 296 ++
2 files changed, 322 insertions(+)
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
index dad9f54..dbee8b8 100755
--- a/app/test/test_cryptodev_aes.c
+++ b/app/test/test_cryptodev_aes.c
@@ -211,6 +211,32 @@ static const struct aes_test_case aes_test_cases[] = {
.feature_mask = AES_TEST_FEATURE_OOP,
.pmd_mask = AES_TEST_TARGET_PMD_QAT
},
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Encryption Digest",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Encryption Digest",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
};
static int
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
index c3b439b..ef518e0 100755
--- a/app/test/test_cryptodev_aes.h
+++ b/app/test/test_cryptodev_aes.h
@@ -825,4 +825,300 @@ static const struct aes_test_data aes_test_data_7 = {
}
};
+/** AES-128-CBC SHA224 test vector */
+static const struct aes_test_data aes_test_data_8 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .cipher_key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ "What a lousy earth! He wondered how many people "
+ "were destitute that same night even in his own "
+ "prosperous country, how many homes were "
+ "shanties, how many husbands were drunk and "
+ "wives socked, and how many children were "
+ "bullied, abused, or abandoned. How many "
+ "families hungered for food they could not "
+ "afford to buy? How many hearts were broken? How "
+ "many suicides would take place that same night, "
+ "how many people would go insane? How many "
+ "cockroaches and landlords would triumph? How "
+ "many winners were losers, successes failures, "
+ "and rich men poor men? How many wise guys were "
+ "stupid? How many happy endings were unhappy "
+ "endings? How many honest men were liars, brave "
+ "men cowards, loyal men traitors, how many "
+ "sainted men were corrupt, how many people in "
+ "positions of trust had sold their souls to "
+ "bodyguards, how many had never had souls? How "
+ "many straight-and-narrow paths were crooked "
+ "paths? How many best families were worst "
+ "families and how many good people were bad "
+ "people? When you added them all up and then "
+ "subtracted, you might be left with only the "
+ "children, and perhaps with Albert Einstein and "
+ "an old violinist or sculptor somewhere."
+ },
+ .len = 512
+ },
+ .ciphertext = {
+ .data = {
+ 0x8B, 0x4D, 0x
[dpdk-dev] [PATCH v2 3/4] app/test: utilize new unified crypto AES test function
This patch replaces the AES test code with new unified crypto AES test
function.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev.c | 1613 ++--
app/test/test_cryptodev_aes_ctr_test_vectors.h | 257
2 files changed, 122 insertions(+), 1748 deletions(-)
delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 45e6daa..1730022 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -43,7 +43,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_aes_ctr_test_vectors.h"
+#include "test_cryptodev_aes.h"
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_gcm_test_vectors.h"
@@ -111,19 +111,6 @@ setup_test_string(struct rte_mempool *mpool,
return m;
}
-static int
-setup_oop_test_mbufs(struct rte_mbuf **ibuf, struct rte_mbuf **obuf,
- struct rte_mempool *mpool, const char *string, size_t len,
- uint8_t blocksize) {
- *ibuf = setup_test_string(mpool, string, len, blocksize);
- if (*ibuf == NULL)
- return -(EFAULT);
- *obuf = setup_test_string(mpool, NULL, len, blocksize);
- if (*obuf == NULL)
- return -(EFAULT);
-
- return 0;
-}
#if HEX_DUMP
static void
@@ -890,1316 +877,80 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
- rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
- CIPHER_IV_LENGTH_AES_CBC);
-
- sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
- sym_op->cipher.data.length = QUOTE_512_BYTES;
-
- /* Process crypto operation */
- TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
- ut_params->op), "failed to process sym crypto op");
-
- TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
- "crypto op processing failed");
-
- /* Validate obuf */
- uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
- uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
- catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
- QUOTE_512_BYTES,
- "ciphertext data not as expected");
-
- uint8_t *digest = ciphertext + QUOTE_512_BYTES;
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
- catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
- gbl_cryptodev_type == RTE_CRYPTODEV_AESNI_MB_PMD ?
- TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
- DIGEST_BYTE_LENGTH_SHA1,
- "Generated digest data not as expected");
-
- return TEST_SUCCESS;
-}
-
-
-static int
-test_AES_CBC_HMAC_SHA1_encrypt_digest_oop(void)
-{
- struct crypto_testsuite_params *ts_params = _params;
- struct crypto_unittest_params *ut_params = _params;
-
- /* Generate test mbuf data and space for digest */
-
- TEST_ASSERT_EQUAL(setup_oop_test_mbufs(_params->ibuf,
- _params->obuf, ts_params->mbuf_pool, catch_22_quote,
- QUOTE_512_BYTES, 0), 0,
- "Allocation of rte_mbuf failed");
-
- ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->obuf,
- DIGEST_BYTE_LENGTH_SHA1);
-
- TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append digest");
-
- ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- ut_params->cipher_xform.next = _params->auth_xform;
-
- ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
- ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
- ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
-
- ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- ut_params->auth_xform.next = NULL;
-
- ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
- ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
- ut_params->auth_xform.auth.key.length = HMAC_KEY_LENGTH_SHA1;
- ut_params->auth_xform.auth.key.data = hmac_sha1_key;
- ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
-
- ut_params->sess = rte_cryptodev_sym_session_create(
-
[dpdk-dev] [PATCH v2 2/4] app/test: add unified crypto aes test
This patch adds a new crypto AES unified test function.
Signed-off-by: Fan Zhang
---
app/test/Makefile | 1 +
app/test/test_cryptodev_aes.c | 663 ++
app/test/test_cryptodev_aes.h | 6 +
3 files changed, 670 insertions(+)
create mode 100755 app/test/test_cryptodev_aes.c
diff --git a/app/test/Makefile b/app/test/Makefile
index f269fe0..fd193df 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -153,6 +153,7 @@ endif
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
+SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_aes.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_perf.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
new file mode 100755
index 000..dad9f54
--- /dev/null
+++ b/app/test/test_cryptodev_aes.c
@@ -0,0 +1,663 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2015-2016 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ *contributors may be used to endorse or promote products derived
+ *from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include
+#include
+#include
+
+#include "test.h"
+#include "test_cryptodev_aes.h"
+
+#ifndef MAX_N_AES_TESTS
+#define MAX_N_AES_TESTS256
+#endif
+
+#ifndef AES_TEST_MSG_LEN
+#define AES_TEST_MSG_LEN 256
+#endif
+
+#define AES_TEST_OP_ENCRYPT0x01
+#define AES_TEST_OP_DECRYPT0x02
+#define AES_TEST_OP_AUTH_GEN 0x04
+#define AES_TEST_OP_AUTH_VERIFY0x08
+
+#define AES_TEST_FEATURE_OOP 0x01
+#define AES_TEST_FEATURE_SESSIONLESS 0x02
+#define AES_TEST_FEATURE_STOPPER 0x04 /* stop upon failing */
+
+#define AES_TEST_TARGET_PMD_MB 0x0001 /* Multi-buffer flag */
+#define AES_TEST_TARGET_PMD_QAT0x0002 /* QAT flag */
+
+#define AES_TEST_OP_CIPHER (AES_TEST_OP_ENCRYPT | \
+ AES_TEST_OP_DECRYPT)
+
+#define AES_TEST_OP_AUTH (AES_TEST_OP_AUTH_GEN | \
+ AES_TEST_OP_AUTH_VERIFY)
+
+#define AES_TEST_OP_ENC_AUTH_GEN (AES_TEST_OP_ENCRYPT | \
+ AES_TEST_OP_AUTH_GEN)
+
+#define AES_TEST_OP_AUTH_VERIFY_DEC(AES_TEST_OP_DECRYPT | \
+ AES_TEST_OP_AUTH_VERIFY)
+
+struct aes_test_case {
+ const char *test_descr; /* test description */
+ const struct aes_test_data *test_data;
+ uint8_t op_mask; /* operation mask */
+ uint8_t feature_mask;
+ uint32_t pmd_mask;
+};
+
+static const struct aes_test_case aes_test_cases[] = {
+ {
+ .test_descr = "AES-128-CTR HMAC-SHA1 Encryption Digest",
+ .test_data = _test_data_1,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB |
+ AES_TEST_TARGET_PMD_QAT
+ },
+ {
+ .test_descr = "AES-128-CTR HMAC-SHA1 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_1,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB |
+ AES_TEST_TARGET_PMD
[dpdk-dev] [PATCH v2 1/4] app/test: categorize crypto AES test vectors into new file
This patch accumulates crypto AES test vectors into a new header file.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.h | 822 ++
1 file changed, 822 insertions(+)
create mode 100755 app/test/test_cryptodev_aes.h
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
new file mode 100755
index 000..8fc6dd0
--- /dev/null
+++ b/app/test/test_cryptodev_aes.h
@@ -0,0 +1,822 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ *contributors may be used to endorse or promote products derived
+ *from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef TEST_CRYPTODEV_AES_H_
+#define TEST_CRYPTODEV_AES_H_
+
+struct aes_test_data {
+ enum rte_crypto_cipher_algorithm crypto_algo;
+
+ struct {
+ uint8_t data[64];
+ unsigned len;
+ } cipher_key;
+
+ struct {
+ uint8_t data[64] __rte_aligned(16);
+ unsigned len;
+ } iv;
+
+ struct {
+ uint8_t data[2048];
+ unsigned len;
+ } plaintext;
+
+ struct {
+ uint8_t data[2048];
+ unsigned len;
+ } ciphertext;
+
+ enum rte_crypto_auth_algorithm auth_algo;
+
+ struct {
+ uint8_t data[128];
+ unsigned len;
+ } auth_key;
+
+ struct {
+ uint8_t data[128];
+ unsigned len; /* for qat */
+ unsigned truncated_len; /* for mb */
+ } digest;
+};
+
+/* test vectors */
+/* AES128-CTR-SHA1 test vector */
+static const struct aes_test_data aes_test_data_1 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .cipher_key = {
+ .data = {
+ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+ 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
+ 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+ 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+ 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
+ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
+ 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
+ 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
+ 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
+ },
+ .len = 64
+ },
+ .ciphertext = {
+ .data = {
+ 0x87, 0x4D, 0x61, 0x91, 0xB6, 0x20, 0xE3, 0x26,
+ 0x1B, 0xEF, 0x68, 0x64, 0x99, 0x0D, 0xB6, 0xCE,
+ 0x98, 0x06, 0xF6, 0x6B, 0x79, 0x70, 0xFD, 0xFF,
+ 0x86, 0x17, 0x18, 0x7B, 0xB9, 0xFF, 0xFD, 0xFF,
+ 0x5A, 0xE4, 0xDF, 0x3E, 0xDB, 0xD5, 0xD3, 0x5E,
+ 0x5B, 0x4F, 0x09, 0x02, 0x0D, 0xB0, 0x3E, 0xAB,
+ 0x1E, 0x03, 0x1D, 0xDA, 0x2F, 0xBE, 0x03, 0xD1,
+
[dpdk-dev] [PATCH v2 0/4] app/test: rework crypto AES unit test
This patchset reworks the crypto AES unit test by introducing a new unified test function. This patchset depends on the following patches/patchsets: "qat: fix phys address of content descriptor" (http://dpdk.org/dev/patchwork/patch/13137/) and "Add AES Counter mode support for AES-NI MB PMD" (http://dpdk.org/ml/archives/dev/2016-June/040222.html) v2 *fix session not freed after the test finished problem *remove l2fwd-crypto sample application patch Fan Zhang (4): app/test: categorize crypto AES test vectors into new file app/test: add unified crypto aes test app/test: utilize new unified crypto AES test function app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests app/test/Makefile |1 + app/test/test_cryptodev.c | 1613 ++-- app/test/test_cryptodev_aes.c | 689 ++ app/test/test_cryptodev_aes.h | 1124 + app/test/test_cryptodev_aes_ctr_test_vectors.h | 257 5 files changed, 1936 insertions(+), 1748 deletions(-) create mode 100755 app/test/test_cryptodev_aes.c create mode 100755 app/test/test_cryptodev_aes.h delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h -- 2.5.5
[dpdk-dev] [PATCH v2 3/3] examples/l2fwd-crypto: enable AES counter mode cipher algorithm
This patch enables AES counter mode algorithm support to l2fwd-crypto sample application. Signed-off-by: Fan Zhang --- examples/l2fwd-crypto/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index d18c813..66fc874 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -352,6 +352,7 @@ fill_supported_algorithm_tables(void) strcpy(supported_cipher_algo[i], "NOT_SUPPORTED"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CBC], "AES_CBC"); + strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CTR], "AES_CTR"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_GCM], "AES_GCM"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_NULL], "NULL"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_SNOW3G_UEA2], "SNOW3G_UEA2"); -- 2.5.5
[dpdk-dev] [PATCH v2 2/3] app/test: add aes-ni multi-buffer pmd test cases for AES CTR
Added tests cases for AES-NI MB PMD working in counter mode.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 03d6f02..45e6daa 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4649,6 +4649,19 @@ static struct unit_test_suite
cryptodev_aesni_mb_testsuite = {
test_AES_CBC_HMAC_SHA1_encrypt_digest_sessionless),
TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_encrypt_digest_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_encrypt_digest_case_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_encrypt_digest_case_3),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_digest_verify_decrypt_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_digest_verify_decrypt_case_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_digest_verify_decrypt_case_3),
+
+ TEST_CASE_ST(ut_setup, ut_teardown,
test_not_in_place_crypto),
TEST_CASES_END() /**< NULL terminate unit test array */
--
2.5.5
[dpdk-dev] [PATCH v2 1/3] aesni_mb: add counter mode support
This patch provides counter mode support to AES-NI multi-buffer library.
The following cipher algorithm is enabled:
- RTE_CRYPTO_CIPHER_AES_CTR
Signed-off-by: Fan Zhang
---
doc/guides/cryptodevs/aesni_mb.rst | 3 +++
doc/guides/cryptodevs/overview.rst | 6 +++---
doc/guides/rel_notes/release_16_07.rst | 5 +
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 3 +++
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 20
5 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst
b/doc/guides/cryptodevs/aesni_mb.rst
index fd5414d..60a8914 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -48,6 +48,9 @@ Cipher algorithms:
* RTE_CRYPTO_SYM_CIPHER_AES128_CBC
* RTE_CRYPTO_SYM_CIPHER_AES192_CBC
* RTE_CRYPTO_SYM_CIPHER_AES256_CBC
+* RTE_CRYPTO_SYM_CIPHER_AES128_CTR
+* RTE_CRYPTO_SYM_CIPHER_AES192_CTR
+* RTE_CRYPTO_SYM_CIPHER_AES256_CTR
Hash algorithms:
diff --git a/doc/guides/cryptodevs/overview.rst
b/doc/guides/cryptodevs/overview.rst
index e1f33e1..4a84146 100644
--- a/doc/guides/cryptodevs/overview.rst
+++ b/doc/guides/cryptodevs/overview.rst
@@ -55,9 +55,9 @@ Supported Cipher Algorithms
"AES_CBC_128",x,,x,,
"AES_CBC_192",x,,x,,
"AES_CBC_256",x,,x,,
- "AES_CTR_128",x
- "AES_CTR_192",x
- "AES_CTR_256",x
+ "AES_CTR_128",x,,x,,
+ "AES_CTR_192",x,,x,,
+ "AES_CTR_256",x,,x,,
"SNOW3G_UEA2",xx
Supported Authentication Algorithms
diff --git a/doc/guides/rel_notes/release_16_07.rst
b/doc/guides/rel_notes/release_16_07.rst
index 565055e..307e7c4 100644
--- a/doc/guides/rel_notes/release_16_07.rst
+++ b/doc/guides/rel_notes/release_16_07.rst
@@ -47,6 +47,11 @@ New Features
* Dropped specific Xen Dom0 code.
* Dropped specific anonymous mempool code in testpmd.
+* **Added AES-CTR support to AESNI MB PMD.**
+
+ Now AESNI MB PMD supports 128/192/256-bit counter mode AES encryption and
+ decryption.
+
* **Added support of AES counter mode for Intel QuickAssist devices.**
Enabled support for the AES CTR algorithm for Intel QuickAssist devices.
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 3415ac1..ce763bf 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -222,6 +222,9 @@ aesni_mb_set_session_cipher_parameters(const struct
aesni_mb_ops *mb_ops,
case RTE_CRYPTO_CIPHER_AES_CBC:
sess->cipher.mode = CBC;
break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ sess->cipher.mode = CNTR;
+ break;
default:
MB_LOG_ERR("Unsupported cipher mode parameter");
return -1;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 3806a66..d3c46ac 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -207,6 +207,26 @@ static const struct rte_cryptodev_capabilities
aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
+ { /* AES CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
--
2.5.5
[dpdk-dev] [PATCH v2 0/3] Add AES Counter mode support for AES-NI MB PMD
This patchset adds counter mode support to AES-NI multi-buffer library and appropriate test cases. This patchset depends on the following patch/patchsets "doc: fix supported AES-CBC key lengths" (http://dpdk.org/dev/patchwork/patch/12398/) and "Added AES counter mode capability" (http://dpdk.org/ml/archives/dev/2016-May/038364.html) v2: *added AES counter mode support to l2fwd-crypto sample application Fan Zhang (3): aesni_mb: add counter mode support app/test: add aes-ni multi-buffer pmd test cases for AES CTR examples/l2fwd-crypto: enable AES counter mode cipher algorithm app/test/test_cryptodev.c | 13 + doc/guides/cryptodevs/aesni_mb.rst | 3 +++ doc/guides/cryptodevs/overview.rst | 6 +++--- doc/guides/rel_notes/release_16_07.rst | 5 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 3 +++ drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 20 examples/l2fwd-crypto/main.c | 1 + 7 files changed, 48 insertions(+), 3 deletions(-) -- 2.5.5
[dpdk-dev] [PATCH 5/5] examples/l2fwd-crypto: enable AES counter mode cipher algorithm
This patch enables AES counter mode algorithm support to l2fwd-crypto sample application. Signed-off-by: Fan Zhang --- examples/l2fwd-crypto/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index d18c813..66fc874 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -352,6 +352,7 @@ fill_supported_algorithm_tables(void) strcpy(supported_cipher_algo[i], "NOT_SUPPORTED"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CBC], "AES_CBC"); + strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CTR], "AES_CTR"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_GCM], "AES_GCM"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_NULL], "NULL"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_SNOW3G_UEA2], "SNOW3G_UEA2"); -- 2.5.5
[dpdk-dev] [PATCH 4/5] app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests
This patch adds the HMAC-SHA224 and HMAC-SHA384 digest generation and
verification tests to crypto
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.c | 26
app/test/test_cryptodev_aes.h | 296 ++
2 files changed, 322 insertions(+)
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
index a152004..5858ecd 100755
--- a/app/test/test_cryptodev_aes.c
+++ b/app/test/test_cryptodev_aes.c
@@ -211,6 +211,32 @@ static const struct aes_test_case aes_test_cases[] = {
.feature_mask = AES_TEST_FEATURE_OOP,
.pmd_mask = AES_TEST_TARGET_PMD_QAT
},
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Encryption Digest",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA224 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_8,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Encryption Digest",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "AES-128-CBC HMAC-SHA384 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_9,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB
+ },
};
static int
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
index c3b439b..ef518e0 100755
--- a/app/test/test_cryptodev_aes.h
+++ b/app/test/test_cryptodev_aes.h
@@ -825,4 +825,300 @@ static const struct aes_test_data aes_test_data_7 = {
}
};
+/** AES-128-CBC SHA224 test vector */
+static const struct aes_test_data aes_test_data_8 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .cipher_key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ "What a lousy earth! He wondered how many people "
+ "were destitute that same night even in his own "
+ "prosperous country, how many homes were "
+ "shanties, how many husbands were drunk and "
+ "wives socked, and how many children were "
+ "bullied, abused, or abandoned. How many "
+ "families hungered for food they could not "
+ "afford to buy? How many hearts were broken? How "
+ "many suicides would take place that same night, "
+ "how many people would go insane? How many "
+ "cockroaches and landlords would triumph? How "
+ "many winners were losers, successes failures, "
+ "and rich men poor men? How many wise guys were "
+ "stupid? How many happy endings were unhappy "
+ "endings? How many honest men were liars, brave "
+ "men cowards, loyal men traitors, how many "
+ "sainted men were corrupt, how many people in "
+ "positions of trust had sold their souls to "
+ "bodyguards, how many had never had souls? How "
+ "many straight-and-narrow paths were crooked "
+ "paths? How many best families were worst "
+ "families and how many good people were bad "
+ "people? When you added them all up and then "
+ "subtracted, you might be left with only the "
+ "children, and perhaps with Albert Einstein and "
+ "an old violinist or sculptor somewhere."
+ },
+ .len = 512
+ },
+ .ciphertext = {
+ .data = {
+ 0x8B, 0x4D, 0x
[dpdk-dev] [PATCH 3/5] app/test: utilize new unified crypto AES test function
This patch replaces the AES test code with new unified crypto AES test
function.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev.c | 1613 ++--
app/test/test_cryptodev_aes_ctr_test_vectors.h | 257
2 files changed, 122 insertions(+), 1748 deletions(-)
delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 45e6daa..1730022 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -43,7 +43,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_aes_ctr_test_vectors.h"
+#include "test_cryptodev_aes.h"
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_gcm_test_vectors.h"
@@ -111,19 +111,6 @@ setup_test_string(struct rte_mempool *mpool,
return m;
}
-static int
-setup_oop_test_mbufs(struct rte_mbuf **ibuf, struct rte_mbuf **obuf,
- struct rte_mempool *mpool, const char *string, size_t len,
- uint8_t blocksize) {
- *ibuf = setup_test_string(mpool, string, len, blocksize);
- if (*ibuf == NULL)
- return -(EFAULT);
- *obuf = setup_test_string(mpool, NULL, len, blocksize);
- if (*obuf == NULL)
- return -(EFAULT);
-
- return 0;
-}
#if HEX_DUMP
static void
@@ -890,1316 +877,80 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
sym_op->cipher.iv.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
sym_op->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
- rte_memcpy(sym_op->cipher.iv.data, aes_cbc_iv,
- CIPHER_IV_LENGTH_AES_CBC);
-
- sym_op->cipher.data.offset = CIPHER_IV_LENGTH_AES_CBC;
- sym_op->cipher.data.length = QUOTE_512_BYTES;
-
- /* Process crypto operation */
- TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
- ut_params->op), "failed to process sym crypto op");
-
- TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
- "crypto op processing failed");
-
- /* Validate obuf */
- uint8_t *ciphertext = rte_pktmbuf_mtod_offset(ut_params->op->sym->m_src,
- uint8_t *, CIPHER_IV_LENGTH_AES_CBC);
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
- catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
- QUOTE_512_BYTES,
- "ciphertext data not as expected");
-
- uint8_t *digest = ciphertext + QUOTE_512_BYTES;
-
- TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
- catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
- gbl_cryptodev_type == RTE_CRYPTODEV_AESNI_MB_PMD ?
- TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
- DIGEST_BYTE_LENGTH_SHA1,
- "Generated digest data not as expected");
-
- return TEST_SUCCESS;
-}
-
-
-static int
-test_AES_CBC_HMAC_SHA1_encrypt_digest_oop(void)
-{
- struct crypto_testsuite_params *ts_params = _params;
- struct crypto_unittest_params *ut_params = _params;
-
- /* Generate test mbuf data and space for digest */
-
- TEST_ASSERT_EQUAL(setup_oop_test_mbufs(_params->ibuf,
- _params->obuf, ts_params->mbuf_pool, catch_22_quote,
- QUOTE_512_BYTES, 0), 0,
- "Allocation of rte_mbuf failed");
-
- ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->obuf,
- DIGEST_BYTE_LENGTH_SHA1);
-
- TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append digest");
-
- ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- ut_params->cipher_xform.next = _params->auth_xform;
-
- ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
- ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
- ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
-
- ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- ut_params->auth_xform.next = NULL;
-
- ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
- ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
- ut_params->auth_xform.auth.key.length = HMAC_KEY_LENGTH_SHA1;
- ut_params->auth_xform.auth.key.data = hmac_sha1_key;
- ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
-
- ut_params->sess = rte_cryptodev_sym_session_create(
-
[dpdk-dev] [PATCH 2/5] app/test: add unified crypto aes test
This patch adds a new crypto AES unified test function.
Signed-off-by: Fan Zhang
---
app/test/Makefile | 1 +
app/test/test_cryptodev_aes.c | 662 ++
app/test/test_cryptodev_aes.h | 6 +
3 files changed, 669 insertions(+)
create mode 100755 app/test/test_cryptodev_aes.c
diff --git a/app/test/Makefile b/app/test/Makefile
index f269fe0..fd193df 100644
--- a/app/test/Makefile
+++ b/app/test/Makefile
@@ -153,6 +153,7 @@ endif
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
+SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_aes.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_perf.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
diff --git a/app/test/test_cryptodev_aes.c b/app/test/test_cryptodev_aes.c
new file mode 100755
index 000..a152004
--- /dev/null
+++ b/app/test/test_cryptodev_aes.c
@@ -0,0 +1,662 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2015-2016 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ *contributors may be used to endorse or promote products derived
+ *from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include
+#include
+#include
+
+#include "test.h"
+#include "test_cryptodev_aes.h"
+
+#ifndef MAX_N_AES_TESTS
+#define MAX_N_AES_TESTS256
+#endif
+
+#ifndef AES_TEST_MSG_LEN
+#define AES_TEST_MSG_LEN 256
+#endif
+
+#define AES_TEST_OP_ENCRYPT0x01
+#define AES_TEST_OP_DECRYPT0x02
+#define AES_TEST_OP_AUTH_GEN 0x04
+#define AES_TEST_OP_AUTH_VERIFY0x08
+
+#define AES_TEST_FEATURE_OOP 0x01
+#define AES_TEST_FEATURE_SESSIONLESS 0x02
+#define AES_TEST_FEATURE_STOPPER 0x04 /* stop upon failing */
+
+#define AES_TEST_TARGET_PMD_MB 0x0001 /* Multi-buffer flag */
+#define AES_TEST_TARGET_PMD_QAT0x0002 /* QAT flag */
+
+#define AES_TEST_OP_CIPHER (AES_TEST_OP_ENCRYPT | \
+ AES_TEST_OP_DECRYPT)
+
+#define AES_TEST_OP_AUTH (AES_TEST_OP_AUTH_GEN | \
+ AES_TEST_OP_AUTH_VERIFY)
+
+#define AES_TEST_OP_ENC_AUTH_GEN (AES_TEST_OP_ENCRYPT | \
+ AES_TEST_OP_AUTH_GEN)
+
+#define AES_TEST_OP_AUTH_VERIFY_DEC(AES_TEST_OP_DECRYPT | \
+ AES_TEST_OP_AUTH_VERIFY)
+
+struct aes_test_case {
+ const char *test_descr; /* test description */
+ const struct aes_test_data *test_data;
+ uint8_t op_mask; /* operation mask */
+ uint8_t feature_mask;
+ uint32_t pmd_mask;
+};
+
+static const struct aes_test_case aes_test_cases[] = {
+ {
+ .test_descr = "AES-128-CTR HMAC-SHA1 Encryption Digest",
+ .test_data = _test_data_1,
+ .op_mask = AES_TEST_OP_ENC_AUTH_GEN,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB |
+ AES_TEST_TARGET_PMD_QAT
+ },
+ {
+ .test_descr = "AES-128-CTR HMAC-SHA1 Decryption Digest "
+ "Verify",
+ .test_data = _test_data_1,
+ .op_mask = AES_TEST_OP_AUTH_VERIFY_DEC,
+ .pmd_mask = AES_TEST_TARGET_PMD_MB |
+ AES_TEST_TARGET_PMD
[dpdk-dev] [PATCH 1/5] app/test: categorize crypto AES test vectors into new file
This patch accumulates crypto AES test vectors into a new header file.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev_aes.h | 822 ++
1 file changed, 822 insertions(+)
create mode 100755 app/test/test_cryptodev_aes.h
diff --git a/app/test/test_cryptodev_aes.h b/app/test/test_cryptodev_aes.h
new file mode 100755
index 000..8fc6dd0
--- /dev/null
+++ b/app/test/test_cryptodev_aes.h
@@ -0,0 +1,822 @@
+/*-
+ * BSD LICENSE
+ *
+ * Copyright(c) 2016 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in
+ *the documentation and/or other materials provided with the
+ *distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ *contributors may be used to endorse or promote products derived
+ *from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef TEST_CRYPTODEV_AES_H_
+#define TEST_CRYPTODEV_AES_H_
+
+struct aes_test_data {
+ enum rte_crypto_cipher_algorithm crypto_algo;
+
+ struct {
+ uint8_t data[64];
+ unsigned len;
+ } cipher_key;
+
+ struct {
+ uint8_t data[64] __rte_aligned(16);
+ unsigned len;
+ } iv;
+
+ struct {
+ uint8_t data[2048];
+ unsigned len;
+ } plaintext;
+
+ struct {
+ uint8_t data[2048];
+ unsigned len;
+ } ciphertext;
+
+ enum rte_crypto_auth_algorithm auth_algo;
+
+ struct {
+ uint8_t data[128];
+ unsigned len;
+ } auth_key;
+
+ struct {
+ uint8_t data[128];
+ unsigned len; /* for qat */
+ unsigned truncated_len; /* for mb */
+ } digest;
+};
+
+/* test vectors */
+/* AES128-CTR-SHA1 test vector */
+static const struct aes_test_data aes_test_data_1 = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .cipher_key = {
+ .data = {
+ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+ 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
+ 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
+ },
+ .len = 16
+ },
+ .plaintext = {
+ .data = {
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+ 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+ 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
+ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
+ 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
+ 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
+ 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
+ },
+ .len = 64
+ },
+ .ciphertext = {
+ .data = {
+ 0x87, 0x4D, 0x61, 0x91, 0xB6, 0x20, 0xE3, 0x26,
+ 0x1B, 0xEF, 0x68, 0x64, 0x99, 0x0D, 0xB6, 0xCE,
+ 0x98, 0x06, 0xF6, 0x6B, 0x79, 0x70, 0xFD, 0xFF,
+ 0x86, 0x17, 0x18, 0x7B, 0xB9, 0xFF, 0xFD, 0xFF,
+ 0x5A, 0xE4, 0xDF, 0x3E, 0xDB, 0xD5, 0xD3, 0x5E,
+ 0x5B, 0x4F, 0x09, 0x02, 0x0D, 0xB0, 0x3E, 0xAB,
+ 0x1E, 0x03, 0x1D, 0xDA, 0x2F, 0xBE, 0x03, 0xD1,
+
[dpdk-dev] [PATCH 0/5] app/test: rework crypto AES unit test
This patchset reworks the crypto AES unit test by introducing a new unified test function. This patchset depends on the following patches: "qat: add AES counter mode capability" (http://dpdk.org/dev/patchwork/patch/12464/) "app/test: add test cases for AES CTR" (http://dpdk.org/dev/patchwork/patch/12465/) "Add AES Counter mode support for AES-NI MB PMD" (http://dpdk.org/dev/patchwork/patch/12398/) "aesni_mb: add counter mode support: (http://dpdk.org/dev/patchwork/patch/12399/) "app/test: add aes-ni multi-buffer pmd test cases for AES CTR" (http://dpdk.org/dev/patchwork/patch/12400/) Fan Zhang (5): app/test: categorize crypto AES test vectors into new file app/test: add unified crypto aes test app/test: utilize new unified crypto AES test function app/test: add crypto AES-CBC-128 HMAC-SHA224 and HMAC-SHA384 unit tests examples/l2fwd-crypto: enable AES counter mode cipher algorithm app/test/Makefile |1 + app/test/test_cryptodev.c | 1613 ++-- app/test/test_cryptodev_aes.c | 688 ++ app/test/test_cryptodev_aes.h | 1124 + app/test/test_cryptodev_aes_ctr_test_vectors.h | 257 examples/l2fwd-crypto/main.c |1 + 6 files changed, 1936 insertions(+), 1748 deletions(-) create mode 100755 app/test/test_cryptodev_aes.c create mode 100755 app/test/test_cryptodev_aes.h delete mode 100644 app/test/test_cryptodev_aes_ctr_test_vectors.h -- 2.5.5
[dpdk-dev] [PATCH] examples/l2fwd-crypto: enable AES-XCBC-MAC authentication algorithm
This patch enables AES-XCBC-MAC authentication algorithm support to l2fwd-crypto sample application. Signed-off-by: Fan Zhang --- examples/l2fwd-crypto/main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index d4e2d8d..dccba79 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -341,6 +341,8 @@ fill_supported_algorithm_tables(void) strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_AES_GCM], "AES_GCM"); strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_MD5_HMAC], "MD5_HMAC"); strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_NULL], "NULL"); + strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_AES_XCBC_MAC], + "AES_XCBC_MAC"); strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA1_HMAC], "SHA1_HMAC"); strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA224_HMAC], "SHA224_HMAC"); strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA256_HMAC], "SHA256_HMAC"); -- 2.5.5
[dpdk-dev] [PATCH] doc: fix l2fwd-crypto sample command
Fixes ba7b86b1 ("doc: add l2fwd-crypto sample app guide")
Corrected a typo in application name.
Corrected authentication algorithm to fit the sample 16-byte
authentication key.
Signed-off-by: Fan Zhang
---
doc/guides/sample_app_ug/l2_forward_crypto.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst
b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index 7cce51b..723376c 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -167,11 +167,11 @@ To run the application in linuxapp environment with 2
lcores, 2 ports and 2 cryp
.. code-block:: console
-$ ./build/l2fwd -c 0x3 -n 4 --vdev "cryptodev_aesni_mb_pmd" \
+$ ./build/l2fwd-crypto -c 0x3 -n 4 --vdev "cryptodev_aesni_mb_pmd" \
--vdev "cryptodev_aesni_mb_pmd" -- -p 0x3 --chain CIPHER_HASH \
--cipher_op ENCRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
---auth_op GENERATE --auth_algo SHA1_HMAC \
+--auth_op GENERATE --auth_algo AES_XCBC_MAC \
--auth_key 10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f
Refer to the *DPDK Getting Started Guide* for general information on running
applications
--
2.5.5
[dpdk-dev] [PATCH] examples/l2fwd-crypto: enable AES counter mode cipher algorithm
This patch enables AES counter mode algorithm support to l2fwd-crypto sample application. This patch depends on the following patches: "qat: add AES counter mode capability" (http://dpdk.org/dev/patchwork/patch/12464/) "app/test: add test cases for AES CTR" (http://dpdk.org/dev/patchwork/patch/12465/) "aesni_mb: add counter mode support: (http://dpdk.org/dev/patchwork/patch/12399/) "app/test: add aes-ni multi-buffer pmd test cases for AES CTR" (http://dpdk.org/dev/patchwork/patch/12400/) Signed-off-by: Fan Zhang --- examples/l2fwd-crypto/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index d18c813..66fc874 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -352,6 +352,7 @@ fill_supported_algorithm_tables(void) strcpy(supported_cipher_algo[i], "NOT_SUPPORTED"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CBC], "AES_CBC"); + strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CTR], "AES_CTR"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_GCM], "AES_GCM"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_NULL], "NULL"); strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_SNOW3G_UEA2], "SNOW3G_UEA2"); -- 2.5.5
[dpdk-dev] [PATCH v2] doc: announce ABI change of struct rte_port_source_params and rte_port_sink_params
The ABI changes are planned for rte_port_source_params and rte_port_sink_params, which will be supported from release 16.11. Here announces that ABI changes in detail. Signed-off-by: Fan Zhang Acked-by: Cristian Dumitrescu --- doc/guides/rel_notes/deprecation.rst | 8 1 file changed, 8 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index fffe9c7..4f3fefe 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -74,3 +74,11 @@ Deprecation Notices a handle, like the way kernel exposes an fd to user for locating a specific file, and to keep all major structures internally, so that we are likely to be free from ABI violations in future. + +* ABI will change for rte_port_source_params struct. The member file_name + data type will be changed from char * to const char *. This change targets + release 16.11 + +* ABI will change for rte_port_sink_params struct. The member file_name + data type will be changed from char * to const char *. This change targets + release 16.11 -- 2.5.5
[dpdk-dev] [PATCH v2] examples/ip_pipeline: fix NULL packet processing in source port
This patch fixes the NULL packet processing problem. Originally,
pipeline's write attempt to NULL packets generated by source
port may crash the application.
This patch fixes the problem by enforcing each source port
defined in cfg file containing a user specified or default pcap
file path.
Fixes: 0e1e7d53 ("add pcap file source")
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/config_parse.c | 235 ++--
examples/ip_pipeline/init.c | 48 +++-
2 files changed, 24 insertions(+), 259 deletions(-)
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index e5efd03..6710ee6 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -964,154 +964,6 @@ parse_eal(struct app_params *app,
}
static int
-parse_pipeline_pcap_source(struct app_params *app,
- struct app_pipeline_params *p,
- const char *file_name, const char *cp_size)
-{
- const char *next = NULL;
- char *end;
- uint32_t i;
- int parse_file = 0;
-
- if (file_name && !cp_size) {
- next = file_name;
- parse_file = 1; /* parse file path */
- } else if (cp_size && !file_name) {
- next = cp_size;
- parse_file = 0; /* parse copy size */
- } else
- return -EINVAL;
-
- char name[APP_PARAM_NAME_SIZE];
- size_t name_len;
-
- if (p->n_pktq_in == 0)
- return -EINVAL;
-
- i = 0;
- while (*next != '\0') {
- uint32_t id;
-
- if (i >= p->n_pktq_in)
- return -EINVAL;
-
- id = p->pktq_in[i].id;
-
- end = strchr(next, ' ');
- if (!end)
- name_len = strlen(next);
- else
- name_len = end - next;
-
- if (name_len == 0 || name_len == sizeof(name))
- return -EINVAL;
-
- strncpy(name, next, name_len);
- name[name_len] = '\0';
- next += name_len;
- if (*next != '\0')
- next++;
-
- if (parse_file) {
- app->source_params[id].file_name = strdup(name);
- if (app->source_params[id].file_name == NULL)
- return -ENOMEM;
- } else {
- if (parser_read_uint32(
- >source_params[id].n_bytes_per_pkt,
- name) != 0) {
- if (app->source_params[id].
- file_name != NULL)
- free(app->source_params[id].
- file_name);
- return -EINVAL;
- }
- }
-
- i++;
-
- if (i == p->n_pktq_in)
- return 0;
- }
-
- return -EINVAL;
-}
-
-static int
-parse_pipeline_pcap_sink(struct app_params *app,
- struct app_pipeline_params *p,
- const char *file_name, const char *n_pkts_to_dump)
-{
- const char *next = NULL;
- char *end;
- uint32_t i;
- int parse_file = 0;
-
- if (file_name && !n_pkts_to_dump) {
- next = file_name;
- parse_file = 1; /* parse file path */
- } else if (n_pkts_to_dump && !file_name) {
- next = n_pkts_to_dump;
- parse_file = 0; /* parse copy size */
- } else
- return -EINVAL;
-
- char name[APP_PARAM_NAME_SIZE];
- size_t name_len;
-
- if (p->n_pktq_out == 0)
- return -EINVAL;
-
- i = 0;
- while (*next != '\0') {
- uint32_t id;
-
- if (i >= p->n_pktq_out)
- return -EINVAL;
-
- id = p->pktq_out[i].id;
-
- end = strchr(next, ' ');
- if (!end)
- name_len = strlen(next);
- else
- name_len = end - next;
-
- if (name_len == 0 || name_len == sizeof(name))
- return -EINVAL;
-
- strncpy(name, next, name_len);
- name[name_len] = '\0';
- next += name_len;
- if (*next != '\0')
- next++;
-
- if (parse_file) {
- app->sink_params[id].file_name = strdup(name);
- if (app->sink_params[id].file_name == NULL)
- return -ENOMEM;
- } else {
- if (parser_read_uint32(
- >sink_params[id].n_pkts_to_dump,
-
[dpdk-dev] [PATCH] examples/ip_pipeline: fix NULL packet processing in source port
This patch fixes the NULL packet processing problem. Originally,
the write to NULL packets generated by source port will crash
the ip pipeline application. This patch enforces, unless
specified, a default pcap file path to be read.
Fixes: 0e1e7d53 ("add pcap file source")
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/config_parse.c | 235 ++--
examples/ip_pipeline/init.c | 48 +++-
2 files changed, 24 insertions(+), 259 deletions(-)
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index e5efd03..6710ee6 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -964,154 +964,6 @@ parse_eal(struct app_params *app,
}
static int
-parse_pipeline_pcap_source(struct app_params *app,
- struct app_pipeline_params *p,
- const char *file_name, const char *cp_size)
-{
- const char *next = NULL;
- char *end;
- uint32_t i;
- int parse_file = 0;
-
- if (file_name && !cp_size) {
- next = file_name;
- parse_file = 1; /* parse file path */
- } else if (cp_size && !file_name) {
- next = cp_size;
- parse_file = 0; /* parse copy size */
- } else
- return -EINVAL;
-
- char name[APP_PARAM_NAME_SIZE];
- size_t name_len;
-
- if (p->n_pktq_in == 0)
- return -EINVAL;
-
- i = 0;
- while (*next != '\0') {
- uint32_t id;
-
- if (i >= p->n_pktq_in)
- return -EINVAL;
-
- id = p->pktq_in[i].id;
-
- end = strchr(next, ' ');
- if (!end)
- name_len = strlen(next);
- else
- name_len = end - next;
-
- if (name_len == 0 || name_len == sizeof(name))
- return -EINVAL;
-
- strncpy(name, next, name_len);
- name[name_len] = '\0';
- next += name_len;
- if (*next != '\0')
- next++;
-
- if (parse_file) {
- app->source_params[id].file_name = strdup(name);
- if (app->source_params[id].file_name == NULL)
- return -ENOMEM;
- } else {
- if (parser_read_uint32(
- >source_params[id].n_bytes_per_pkt,
- name) != 0) {
- if (app->source_params[id].
- file_name != NULL)
- free(app->source_params[id].
- file_name);
- return -EINVAL;
- }
- }
-
- i++;
-
- if (i == p->n_pktq_in)
- return 0;
- }
-
- return -EINVAL;
-}
-
-static int
-parse_pipeline_pcap_sink(struct app_params *app,
- struct app_pipeline_params *p,
- const char *file_name, const char *n_pkts_to_dump)
-{
- const char *next = NULL;
- char *end;
- uint32_t i;
- int parse_file = 0;
-
- if (file_name && !n_pkts_to_dump) {
- next = file_name;
- parse_file = 1; /* parse file path */
- } else if (n_pkts_to_dump && !file_name) {
- next = n_pkts_to_dump;
- parse_file = 0; /* parse copy size */
- } else
- return -EINVAL;
-
- char name[APP_PARAM_NAME_SIZE];
- size_t name_len;
-
- if (p->n_pktq_out == 0)
- return -EINVAL;
-
- i = 0;
- while (*next != '\0') {
- uint32_t id;
-
- if (i >= p->n_pktq_out)
- return -EINVAL;
-
- id = p->pktq_out[i].id;
-
- end = strchr(next, ' ');
- if (!end)
- name_len = strlen(next);
- else
- name_len = end - next;
-
- if (name_len == 0 || name_len == sizeof(name))
- return -EINVAL;
-
- strncpy(name, next, name_len);
- name[name_len] = '\0';
- next += name_len;
- if (*next != '\0')
- next++;
-
- if (parse_file) {
- app->sink_params[id].file_name = strdup(name);
- if (app->sink_params[id].file_name == NULL)
- return -ENOMEM;
- } else {
- if (parser_read_uint32(
- >sink_params[id].n_pkts_to_dump,
- name) != 0) {
-
[dpdk-dev] [PATCH 2/2] doc: announce ABI change of struct rte_port_sink_params
The ABI changes are planned for rte_port_sink_params, which will be supported from release 16.11. Here announces that ABI changes in detail. Signed-off-by: Fan Zhang Acked-by: Cristian Dumitrescu --- doc/guides/rel_notes/deprecation.rst | 4 1 file changed, 4 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index d228bae..d2f7306 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -78,3 +78,7 @@ Deprecation Notices * ABI will change for rte_port_source_params struct. The member file_name data type will be changed from char * to const char *. This change targets release 16.11. + +* ABI will change for rte_port_sink_params struct. The member file_name + data type will be changed from char * to const char *. This change targets + release 16.11. -- 2.5.5
[dpdk-dev] [PATCH 1/2] doc: announce ABI change of struct rte_port_source_params
The ABI changes are planned for rte_port_source_params, which will be supported from release 16.11. Here announces that ABI changes in detail. Signed-off-by: Fan Zhang Acked-by: Cristian Dumitrescu --- doc/guides/rel_notes/deprecation.rst | 4 1 file changed, 4 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index fffe9c7..d228bae 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -74,3 +74,7 @@ Deprecation Notices a handle, like the way kernel exposes an fd to user for locating a specific file, and to keep all major structures internally, so that we are likely to be free from ABI violations in future. + +* ABI will change for rte_port_source_params struct. The member file_name + data type will be changed from char * to const char *. This change targets + release 16.11. -- 2.5.5
[dpdk-dev] [PATCH 0/2] doc: announce ABI change of struct rte_port_source_params
The ABI changes are planned for rte_port_source_params and rte_port_sink_params, which will be supported from release 16.11. Here announces that ABI changes in detail. Fan Zhang (2): doc: announce ABI change of struct rte_port_source_params doc: announce ABI change of struct rte_port_sink_params doc/guides/rel_notes/deprecation.rst | 8 1 file changed, 8 insertions(+) -- 2.5.5
[dpdk-dev] [PATCH 2/2] app/test: add aes-ni multi-buffer pmd test cases for AES CTR
Added tests cases for AES-NI MB PMD working in counter mode.
Signed-off-by: Fan Zhang
---
app/test/test_cryptodev.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 03d6f02..45e6daa 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4649,6 +4649,19 @@ static struct unit_test_suite
cryptodev_aesni_mb_testsuite = {
test_AES_CBC_HMAC_SHA1_encrypt_digest_sessionless),
TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_encrypt_digest_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_encrypt_digest_case_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_encrypt_digest_case_3),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_digest_verify_decrypt_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_digest_verify_decrypt_case_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CTR_digest_verify_decrypt_case_3),
+
+ TEST_CASE_ST(ut_setup, ut_teardown,
test_not_in_place_crypto),
TEST_CASES_END() /**< NULL terminate unit test array */
--
2.5.5
[dpdk-dev] [PATCH 1/2] aesni_mb: add counter mode support
This patch provides counter mode support to AES-NI multi-buffer library.
The following cipher algorithm is enabled:
- RTE_CRYPTO_CIPHER_AES_CTR
Signed-off-by: Fan Zhang
---
doc/guides/cryptodevs/aesni_mb.rst | 3 +++
doc/guides/cryptodevs/overview.rst | 6 +++---
doc/guides/rel_notes/release_16_07.rst | 5 +
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 3 +++
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 20
5 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst
b/doc/guides/cryptodevs/aesni_mb.rst
index fd5414d..60a8914 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -48,6 +48,9 @@ Cipher algorithms:
* RTE_CRYPTO_SYM_CIPHER_AES128_CBC
* RTE_CRYPTO_SYM_CIPHER_AES192_CBC
* RTE_CRYPTO_SYM_CIPHER_AES256_CBC
+* RTE_CRYPTO_SYM_CIPHER_AES128_CTR
+* RTE_CRYPTO_SYM_CIPHER_AES192_CTR
+* RTE_CRYPTO_SYM_CIPHER_AES256_CTR
Hash algorithms:
diff --git a/doc/guides/cryptodevs/overview.rst
b/doc/guides/cryptodevs/overview.rst
index e1f33e1..4a84146 100644
--- a/doc/guides/cryptodevs/overview.rst
+++ b/doc/guides/cryptodevs/overview.rst
@@ -55,9 +55,9 @@ Supported Cipher Algorithms
"AES_CBC_128",x,,x,,
"AES_CBC_192",x,,x,,
"AES_CBC_256",x,,x,,
- "AES_CTR_128",x
- "AES_CTR_192",x
- "AES_CTR_256",x
+ "AES_CTR_128",x,,x,,
+ "AES_CTR_192",x,,x,,
+ "AES_CTR_256",x,,x,,
"SNOW3G_UEA2",xx
Supported Authentication Algorithms
diff --git a/doc/guides/rel_notes/release_16_07.rst
b/doc/guides/rel_notes/release_16_07.rst
index 84e61c0..4600e81 100644
--- a/doc/guides/rel_notes/release_16_07.rst
+++ b/doc/guides/rel_notes/release_16_07.rst
@@ -34,6 +34,11 @@ This section should contain new features added in this
release. Sample format:
Refer to the previous release notes for examples.
+* **Added AES-CTR support to AESNI MB PMD.**
+
+ Now AESNI MB PMD supports 128/192/256-bit counter mode AES encryption and
+ decryption.
+
* **Added support of AES counter mode for Intel QuickAssist devices.**
Enabled support for the AES CTR algorithm for IntelQuick Assist devices.
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 3415ac1..ce763bf 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -222,6 +222,9 @@ aesni_mb_set_session_cipher_parameters(const struct
aesni_mb_ops *mb_ops,
case RTE_CRYPTO_CIPHER_AES_CBC:
sess->cipher.mode = CBC;
break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ sess->cipher.mode = CNTR;
+ break;
default:
MB_LOG_ERR("Unsupported cipher mode parameter");
return -1;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 3806a66..d3c46ac 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -207,6 +207,26 @@ static const struct rte_cryptodev_capabilities
aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
+ { /* AES CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
--
2.5.5
[dpdk-dev] [PATCH 0/2] Add AES Counter mode support for AES-NI MB PMD
This patchset adds counter mode support to AES-NI multi-buffer library and appropriate test cases. This patchset depends on "doc: fix supported AES-CBC key lengths" (http://dpdk.org/ml/archives/dev/2016-May/038358.html) and "Added AES counter mode capability" (http://dpdk.org/ml/archives/dev/2016-May/038364.html) Fan Zhang (2): aesni_mb: add counter mode support app/test: add aes-ni multi-buffer pmd test cases for AES CTR app/test/test_cryptodev.c | 13 + doc/guides/cryptodevs/aesni_mb.rst | 3 +++ doc/guides/cryptodevs/overview.rst | 6 +++--- doc/guides/rel_notes/release_16_07.rst | 5 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 3 +++ drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 20 6 files changed, 47 insertions(+), 3 deletions(-) -- 2.5.5
[dpdk-dev] [PATCH] app/test/test_table_acl: fill missing field
This patch fills the missing field of ipv4_5tuple structure in acl table
test.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
app/test/test_table_acl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/app/test/test_table_acl.c b/app/test/test_table_acl.c
index b3bfda4..6ab0348 100644
--- a/app/test/test_table_acl.c
+++ b/app/test/test_table_acl.c
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
+ * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -45,7 +45,9 @@
**/
struct ipv4_5tuple {
+ uint8_t ttl;
uint8_t proto;
+ uint16_t checksum;
uint32_t ip_src;
uint32_t ip_dst;
uint16_t port_src;
--
2.5.0
[dpdk-dev] [PATCH 3/3] port: code clean-up
This patch clean-up the code in librte_port. The clean-up includes the
following:
* Clearer error message display.
* Remove unnecessary RTE_NEXT_ABI macro warping.
* Remove __rte_unused attribute
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
lib/librte_port/Makefile | 5 --
lib/librte_port/rte_port_source_sink.c | 102 +++--
mk/rte.app.mk | 2 -
3 files changed, 33 insertions(+), 76 deletions(-)
diff --git a/lib/librte_port/Makefile b/lib/librte_port/Makefile
index 0b31c04..2c0ccbe 100644
--- a/lib/librte_port/Makefile
+++ b/lib/librte_port/Makefile
@@ -35,15 +35,10 @@ include $(RTE_SDK)/mk/rte.vars.mk
# library name
#
LIB = librte_port.a
-
-ifeq ($(CONFIG_RTE_NEXT_ABI),y)
-
ifeq ($(CONFIG_RTE_PORT_PCAP),y)
LDLIBS += -lpcap
endif
-endif
-
CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index ca40a59..056c975 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -36,7 +36,6 @@
#include
#include
#include
-
#include
#ifdef RTE_NEXT_ABI
@@ -286,15 +285,12 @@ rte_port_source_free(void *port)
if (p == NULL)
return 0;
-#ifdef RTE_NEXT_ABI
-
if (p->pkt_len)
rte_free(p->pkt_len);
if (p->pkts)
rte_free(p->pkts);
if (p->pkt_buff)
rte_free(p->pkt_buff);
-#endif
rte_free(p);
@@ -315,8 +311,6 @@ rte_port_source_rx(void *port, struct rte_mbuf **pkts,
uint32_t n_pkts)
rte_pktmbuf_reset(pkts[i]);
}
-#ifdef RTE_NEXT_ABI
-
if (p->pkt_buff != NULL) {
for (i = 0; i < n_pkts; i++) {
uint8_t *pkt_data = rte_pktmbuf_mtod(pkts[i],
@@ -333,8 +327,6 @@ rte_port_source_rx(void *port, struct rte_mbuf **pkts,
uint32_t n_pkts)
}
}
-#endif
-
RTE_PORT_SOURCE_STATS_PKTS_IN_ADD(p, n_pkts);
return n_pkts;
@@ -419,21 +411,12 @@ pcap_sink_open(struct rte_port_sink *port,
return 0;
}
-uint8_t jumbo_pkt_buf[ETHER_MAX_JUMBO_FRAME_LEN];
-
-/**
- * Dump a packet to PCAP dumper
- *
- * @param p
- * Handle to sink port
- * @param mbuf
- * Handle to mbuf structure holding the packet
- */
static void
-pcap_sink_dump_pkt(struct rte_port_sink *port, struct rte_mbuf *mbuf)
+pcap_sink_write_pkt(struct rte_port_sink *port, struct rte_mbuf *mbuf)
{
uint8_t *pcap_dumper = (uint8_t *)(port->dumper);
struct pcap_pkthdr pcap_hdr;
+ uint8_t jumbo_pkt_buf[ETHER_MAX_JUMBO_FRAME_LEN];
uint8_t *pkt;
/* Maximum num packets already reached */
@@ -481,37 +464,23 @@ pcap_sink_dump_pkt(struct rte_port_sink *port, struct
rte_mbuf *mbuf)
}
-/**
- * Flush pcap dumper
- *
- * @param dumper
- * Handle to pcap dumper
- */
+#define PCAP_SINK_OPEN(port, file_name, max_n_pkts)\
+ pcap_sink_open(port, file_name, max_n_pkts)
-static void
-pcap_sink_flush_pkt(void *dumper)
-{
- pcap_dumper_t *pcap_dumper = (pcap_dumper_t *)dumper;
+#define PCAP_SINK_WRITE_PKT(port, mbuf)\
+ pcap_sink_write_pkt(port, mbuf)
- pcap_dump_flush(pcap_dumper);
-}
+#define PCAP_SINK_FLUSH_PKT(dumper)\
+do { \
+ if (dumper) \
+ pcap_dump_flush((pcap_dumper_t *)dumper); \
+} while (0)
-/**
- * Close a PCAP dumper handle
- *
- * @param dumper
- * Handle to pcap dumper
- */
-static void
-pcap_sink_close(void *dumper)
-{
- pcap_dumper_t *pcap_dumper = (pcap_dumper_t *)dumper;
-
- pcap_dump_close(pcap_dumper);
-}
-
-#define PCAP_SINK_OPEN(port, file_name, max_n_pkts)\
- pcap_sink_open(port, file_name, max_n_pkts)
+#define PCAP_SINK_CLOSE(dumper)\
+do { \
+ if (dumper) \
+ pcap_dump_close((pcap_dumper_t *)dumper); \
+} while (0)
#else
@@ -528,15 +497,11 @@ pcap_sink_close(void *dumper)
_ret; \
})
-static void
-pcap_sink_dump_pkt(__rte_unused struct rte_port_sink *port,
- __rte_unused struct rte_mbuf *mbuf) {}
+#define PCAP_SINK_WRITE_PKT(port, mbuf) {}
-static void
-pcap_sink_flush_pkt(__rte_unused void *dumper) {}
+#define PCAP_SINK_FLUSH_PKT(dumper)
-static void
-pcap_sink_close(__rte_unused void *dumper) {}
+#define PCAP_SINK_CLOSE(dumper)
#endif
@@ -573,11 +538,11 @@ rte_port_sink_create(void *params, int socket_id)
static int
rte_port_sink_tx(void *port, struct rte_mbuf *pkt)
{
- __rte_unused struct rte_port_sink *p = (struct rte_port_sink *) port;
+
[dpdk-dev] [PATCH 2/3] port: fix sink port parameter check
Fixes: eb5f411 ("port: add pcap file dump")
This patch fixes sink port parameter checking logic. Originally, if user
set field "file_name" with meaning value but leave PCAP support feature
disabled, the program simply ignores this field without notifying the
user.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
lib/librte_port/rte_port_source_sink.c | 100 ++---
1 file changed, 43 insertions(+), 57 deletions(-)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index 5c24cea..ca40a59 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -385,47 +385,37 @@ struct rte_port_sink {
#ifdef RTE_PORT_PCAP
-/**
- * Open PCAP file for dumping packets to the file later
- *
- * @param port
- * Handle to sink port
- * @param p
- * Sink port parameter
- * @return
- * 0 on SUCCESS
- * error code otherwise
- */
static int
pcap_sink_open(struct rte_port_sink *port,
- __rte_unused struct rte_port_sink_params *p)
+ const char *file_name,
+ uint32_t max_n_pkts)
{
pcap_t *tx_pcap;
pcap_dumper_t *pcap_dumper;
- if (p->file_name == NULL) {
- port->dumper = NULL;
- port->max_pkts = 0;
- port->pkt_index = 0;
- port->dump_finish = 0;
- return 0;
- }
-
/** Open a dead pcap handler for opening dumper file */
tx_pcap = pcap_open_dead(DLT_EN10MB, 65535);
- if (tx_pcap == NULL)
- return -ENOENT;
+ if (tx_pcap == NULL) {
+ RTE_LOG(ERR, PORT, "Cannot open pcap dead handler\n");
+ return -1;
+ }
/* The dumper is created using the previous pcap_t reference */
- pcap_dumper = pcap_dump_open(tx_pcap, p->file_name);
- if (pcap_dumper == NULL)
- return -ENOENT;
+ pcap_dumper = pcap_dump_open(tx_pcap, file_name);
+ if (pcap_dumper == NULL) {
+ RTE_LOG(ERR, PORT, "Failed to open pcap file "
+ "\"%s\" for writing\n", file_name);
+ return -1;
+ }
port->dumper = pcap_dumper;
- port->max_pkts = p->max_n_pkts;
+ port->max_pkts = max_n_pkts;
port->pkt_index = 0;
port->dump_finish = 0;
+ RTE_LOG(INFO, PORT, "Ready to dump packets to file \"%s\"\n",
+ file_name);
+
return 0;
}
@@ -520,19 +510,23 @@ pcap_sink_close(void *dumper)
pcap_dump_close(pcap_dumper);
}
-#else
+#define PCAP_SINK_OPEN(port, file_name, max_n_pkts)\
+ pcap_sink_open(port, file_name, max_n_pkts)
-static int
-pcap_sink_open(struct rte_port_sink *port,
- __rte_unused struct rte_port_sink_params *p)
-{
- port->dumper = NULL;
- port->max_pkts = 0;
- port->pkt_index = 0;
- port->dump_finish = 0;
+#else
- return -ENOTSUP;
-}
+#define PCAP_SINK_OPEN(port, file_name, max_n_pkts)\
+({ \
+ int _ret = 0; \
+ \
+ if (file_name) {\
+ RTE_LOG(ERR, PORT, "Sink port field " \
+ "\"file_name\" is not NULL.\n");\
+ _ret = -1; \
+ } \
+ \
+ _ret; \
+})
static void
pcap_sink_dump_pkt(__rte_unused struct rte_port_sink *port,
@@ -547,11 +541,10 @@ pcap_sink_close(__rte_unused void *dumper) {}
#endif
static void *
-rte_port_sink_create(__rte_unused void *params, int socket_id)
+rte_port_sink_create(void *params, int socket_id)
{
struct rte_port_sink *port;
struct rte_port_sink_params *p = params;
- int status;
/* Memory allocation */
port = rte_zmalloc_socket("PORT", sizeof(*port),
@@ -561,24 +554,17 @@ rte_port_sink_create(__rte_unused void *params, int
socket_id)
return NULL;
}
- /* Try to open PCAP file for dumping, if possible */
- status = pcap_sink_open(port, p);
- if (status == 0) {
- if (port->dumper != NULL)
- RTE_LOG(INFO, PORT, "Ready to dump packets "
- "to file %s\n", p->file_name);
-
- } else if (status != -ENOTSUP) {
- if (status == -ENOENT)
- RTE_LOG(ERR, PORT, "%s: Failed to open pcap file &q
[dpdk-dev] [PATCH 0/3] bug fix and code clean-up
This patchset fixes d4b4213 and eb5f411, plus code clean-up of port library. Acked-by: Cristian Dumitrescu Fan Zhang (3): port: fix source port parameter check port: fix sink port parameter check port: code clean-up lib/librte_port/Makefile | 5 - lib/librte_port/rte_port_source_sink.c | 322 + mk/rte.app.mk | 2 - 3 files changed, 122 insertions(+), 207 deletions(-) -- 2.5.0
[dpdk-dev] [PATCH] examples/ip_pipeline: fix pcap file parsing
Fixes: fe5d046 ("examples/ip_pipeline: add pcap file dump")
This patch fixes the pcap file parsing in ip_pipeline. Originally, the
parser recognizes the pcap related entries regardless of the RTE_PORT_PCAP
macro definition status.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/config_parse.c | 90 ++---
1 file changed, 74 insertions(+), 16 deletions(-)
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 152889d..e83f1d6 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -989,11 +989,6 @@ parse_pipeline_pcap_source(struct app_params *app,
if (p->n_pktq_in == 0)
return -EINVAL;
- for (i = 0; i < p->n_pktq_in; i++) {
- if (p->pktq_in[i].type != APP_PKTQ_IN_SOURCE)
- return -EINVAL;
- }
-
i = 0;
while (*next != '\0') {
uint32_t id;
@@ -1068,11 +1063,6 @@ parse_pipeline_pcap_sink(struct app_params *app,
if (p->n_pktq_out == 0)
return -EINVAL;
- for (i = 0; i < p->n_pktq_out; i++) {
- if (p->pktq_out[i].type != APP_PKTQ_OUT_SINK)
- return -EINVAL;
- }
-
i = 0;
while (*next != '\0') {
uint32_t id;
@@ -1478,7 +1468,13 @@ parse_pipeline(struct app_params *app,
}
if (strcmp(ent->name, "pcap_file_rd") == 0) {
- int status = parse_pipeline_pcap_source(app,
+ int status;
+
+#ifndef RTE_PORT_PCAP
+ PARSE_ERROR_INVALID(0, section_name, ent->name);
+#endif
+
+ status = parse_pipeline_pcap_source(app,
param, ent->value, NULL);
PARSE_ERROR((status == 0), section_name,
@@ -1487,7 +1483,13 @@ parse_pipeline(struct app_params *app,
}
if (strcmp(ent->name, "pcap_bytes_rd_per_pkt") == 0) {
- int status = parse_pipeline_pcap_source(app,
+ int status;
+
+#ifndef RTE_PORT_PCAP
+ PARSE_ERROR_INVALID(0, section_name, ent->name);
+#endif
+
+ status = parse_pipeline_pcap_source(app,
param, NULL, ent->value);
PARSE_ERROR((status == 0), section_name,
@@ -1496,7 +1498,13 @@ parse_pipeline(struct app_params *app,
}
if (strcmp(ent->name, "pcap_file_wr") == 0) {
- int status = parse_pipeline_pcap_sink(app, param,
+ int status;
+
+#ifndef RTE_PORT_PCAP
+ PARSE_ERROR_INVALID(0, section_name, ent->name);
+#endif
+
+ status = parse_pipeline_pcap_sink(app, param,
ent->value, NULL);
PARSE_ERROR((status == 0), section_name,
@@ -1505,7 +1513,13 @@ parse_pipeline(struct app_params *app,
}
if (strcmp(ent->name, "pcap_n_pkt_wr") == 0) {
- int status = parse_pipeline_pcap_sink(app, param,
+ int status;
+
+#ifndef RTE_PORT_PCAP
+ PARSE_ERROR_INVALID(0, section_name, ent->name);
+#endif
+
+ status = parse_pipeline_pcap_sink(app, param,
NULL, ent->value);
PARSE_ERROR((status == 0), section_name,
@@ -2163,6 +2177,8 @@ parse_source(struct app_params *app,
struct rte_cfgfile_entry *entries;
int n_entries, i;
ssize_t param_idx;
+ uint32_t pcap_file_present = 0;
+ uint32_t pcap_size_present = 0;
n_entries = rte_cfgfile_section_num_entries(cfg, section_name);
PARSE_ERROR_SECTION_NO_ENTRIES((n_entries > 0), section_name);
@@ -2205,18 +2221,31 @@ parse_source(struct app_params *app,
}
if (strcmp(ent->name, "pcap_file_rd")) {
+ PARSE_ERROR_DUPLICATE((pcap_file_present == 0),
+ section_name, ent->name);
+
param->file_name = strdup(ent->value);
PARSE_ERROR_MALLOC(param->file_name != NULL);
+ pcap_file_present = 1;
+
continue;
}
if (strcmp(ent->name, "pcap_bytes_rd_per_pkt") == 0) {
- int status = parser_read_uint32(
+ int status;
+
+ PARSE_ERROR_DUPLICATE((pcap_size_present == 0),
+ section_name, ent->name);
+
+ status = parser_read_uint32(
[dpdk-dev] [PATCH] port: fix source and sink port
Fixes: eb5f411 ("port: add pcap file dump")
This patch fixes pcap supporting logic. The fix includes:
* Adding logic to detect illegal parameter.
* Clearer error message display.
* Remove unnecessary RTE_NEXT_ABI macro warping.
* Code clean-up
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
lib/librte_port/Makefile | 4 -
lib/librte_port/rte_port_source_sink.c | 322 +
mk/rte.app.mk | 2 -
3 files changed, 122 insertions(+), 206 deletions(-)
diff --git a/lib/librte_port/Makefile b/lib/librte_port/Makefile
index 0b31c04..061226a 100644
--- a/lib/librte_port/Makefile
+++ b/lib/librte_port/Makefile
@@ -36,14 +36,10 @@ include $(RTE_SDK)/mk/rte.vars.mk
#
LIB = librte_port.a
-ifeq ($(CONFIG_RTE_NEXT_ABI),y)
-
ifeq ($(CONFIG_RTE_PORT_PCAP),y)
LDLIBS += -lpcap
endif
-endif
-
CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index 05620d6..056c975 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -36,11 +36,10 @@
#include
#include
#include
+#include
#ifdef RTE_NEXT_ABI
-#include
-
#ifdef RTE_PORT_PCAP
#include
#include
@@ -74,39 +73,24 @@ struct rte_port_source {
struct rte_mempool *mempool;
-#ifdef RTE_NEXT_ABI
- /* PCAP buffers and indexes */
+ /* PCAP buffers and indices */
uint8_t **pkts;
uint8_t *pkt_buff;
uint32_t *pkt_len;
uint32_t n_pkts;
uint32_t pkt_index;
-#endif
};
#ifdef RTE_NEXT_ABI
#ifdef RTE_PORT_PCAP
-/**
- * Load PCAP file, allocate and copy packets in the file to memory
- *
- * @param p
- * Parameters for source port
- * @param port
- * Handle to source port
- * @param socket_id
- * Socket id where the memory is created
- * @return
- * 0 on SUCCESS
- * error code otherwise
- */
static int
-pcap_source_load(struct rte_port_source_params *p,
- struct rte_port_source *port,
+pcap_source_load(struct rte_port_source *port,
+ const char *file_name,
+ uint32_t n_bytes_per_pkt,
int socket_id)
{
- uint32_t status = 0;
uint32_t n_pkts = 0;
uint32_t i;
uint32_t *pkt_len_aligns = NULL;
@@ -121,18 +105,16 @@ pcap_source_load(struct rte_port_source_params *p,
(rte_pktmbuf_data_room_size(port->mempool) -
RTE_PKTMBUF_HEADROOM);
- if (p->file_name == NULL)
- return 0;
-
- if (p->n_bytes_per_pkt == 0)
+ if (n_bytes_per_pkt == 0)
max_len = pktmbuf_maxlen;
else
- max_len = RTE_MIN(p->n_bytes_per_pkt, pktmbuf_maxlen);
+ max_len = RTE_MIN(n_bytes_per_pkt, pktmbuf_maxlen);
/* first time open, get packet number */
- pcap_handle = pcap_open_offline(p->file_name, pcap_errbuf);
+ pcap_handle = pcap_open_offline(file_name, pcap_errbuf);
if (pcap_handle == NULL) {
- status = -ENOENT;
+ RTE_LOG(ERR, PORT, "Failed to open pcap file "
+ "'%s' for reading\n", file_name);
goto error_exit;
}
@@ -144,28 +126,29 @@ pcap_source_load(struct rte_port_source_params *p,
port->pkt_len = rte_zmalloc_socket("PCAP",
(sizeof(*port->pkt_len) * n_pkts), 0, socket_id);
if (port->pkt_len == NULL) {
- status = -ENOMEM;
+ RTE_LOG(ERR, PORT, "No enough memory\n");
goto error_exit;
}
pkt_len_aligns = rte_malloc("PCAP",
(sizeof(*pkt_len_aligns) * n_pkts), 0);
if (pkt_len_aligns == NULL) {
- status = -ENOMEM;
+ RTE_LOG(ERR, PORT, "No enough memory\n");
goto error_exit;
}
port->pkts = rte_zmalloc_socket("PCAP",
(sizeof(*port->pkts) * n_pkts), 0, socket_id);
if (port->pkts == NULL) {
- status = -ENOMEM;
+ RTE_LOG(ERR, PORT, "No enough memory\n");
goto error_exit;
}
/* open 2nd time, get pkt_len */
- pcap_handle = pcap_open_offline(p->file_name, pcap_errbuf);
+ pcap_handle = pcap_open_offline(file_name, pcap_errbuf);
if (pcap_handle == NULL) {
- status = -ENOENT;
+ RTE_LOG(ERR, PORT, "Failed to open pcap file "
+ "'%s' for reading\n", file_name);
goto error_exit;
}
@@ -183,16 +166,17 @@ pcap_source_load(struct rte_port_source_params *p,
buff = rte_zmalloc_socket("PCAP",
total_buff_len, 0, socket_id);
if (buff == NULL) {
- status = -ENOMEM;
+
[dpdk-dev] [PATCH] doc: announce ABI change for rte_port_source_params structure
Several new fields will be added to structure rte_port_source_params for source port enhancement with pcap file reading support. Signed-off-by: Fan Zhang Acked-by: Cristian Dumitrescu --- doc/guides/rel_notes/deprecation.rst | 5 + 1 file changed, 5 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 179e30f..9b4fc9d 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -25,3 +25,8 @@ Deprecation Notices * ABI changes are planned for adding four new flow types. This impacts RTE_ETH_FLOW_MAX. The release 2.2 does not contain these ABI changes, but release 2.3 will. [postponed] + +* ABI changes are planned for struct rte_port_source_params in order to + support PCAP file reading feature. The release 16.04 contains this ABI + change wrapped by RTE_NEXT_ABI macro. Release 16.07 will contain this + change, and no backwards compatibility is planned. -- 2.5.0
[dpdk-dev] [PATCH] doc: announce ABI change for rte_port_source_params structure
Several new fields will be added to structure rte_port_source_params for source port enhancement with pcap file reading support. Signed-off-by: Fan Zhang Acked-by: Cristian Dumitrescu --- doc/guides/rel_notes/deprecation.rst | 5 + 1 file changed, 5 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 179e30f..9b4fc9d 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -25,3 +25,8 @@ Deprecation Notices * ABI changes are planned for adding four new flow types. This impacts RTE_ETH_FLOW_MAX. The release 2.2 does not contain these ABI changes, but release 2.3 will. [postponed] + +* ABI changes are planned for struct rte_port_source_params in order to + support PCAP file reading feature. The release 16.04 contains this ABI + change wrapped by RTE_NEXT_ABI macro. Release 16.07 will contain this + change, and no backwards compatibility is planned. -- 2.5.0
[dpdk-dev] [PATCH] examples/ip_pipeline: fix flow classification pipeline
Fixes: examples/ip_pipeline: config parser clean-up
This patch fixes the initialization error in flow classification
pipeline. Originally, when there is no key_mask specified in the
CFG file, all '0' mask is utilized.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
.../pipeline/pipeline_flow_classification_be.c | 21 ++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/examples/ip_pipeline/pipeline/pipeline_flow_classification_be.c
b/examples/ip_pipeline/pipeline/pipeline_flow_classification_be.c
index 60e9c39..3da46b0 100644
--- a/examples/ip_pipeline/pipeline/pipeline_flow_classification_be.c
+++ b/examples/ip_pipeline/pipeline/pipeline_flow_classification_be.c
@@ -55,6 +55,7 @@ struct pipeline_flow_classification {
uint32_t key_offset;
uint32_t hash_offset;
uint8_t key_mask[PIPELINE_FC_FLOW_KEY_MAX_SIZE];
+ uint32_t key_mask_present;
uint32_t flow_id_offset;
} __rte_cache_aligned;
@@ -308,7 +309,7 @@ pipeline_fc_parse_args(struct pipeline_flow_classification
*p,
"\"%s\" is too long", params->name,
arg_name);
- snprintf(key_mask_str, mask_str_len, "%s",
+ snprintf(key_mask_str, sizeof(key_mask_str), "%s",
arg_value);
continue;
@@ -370,11 +371,21 @@ pipeline_fc_parse_args(struct
pipeline_flow_classification *p,
uint32_t key_size = p->key_size;
int status;
+ PIPELINE_ARG_CHECK(((key_size == 8) || (key_size == 16)),
+ "Parse error in section \"%s\": entry key_mask "
+ "only allowed for key_size of 8 or 16 bytes",
+ params->name);
+
PIPELINE_ARG_CHECK((strlen(key_mask_str) ==
(key_size * 2)), "Parse error in section "
"\"%s\": key_mask should have exactly %u hex "
"digits", params->name, (key_size * 2));
+ PIPELINE_ARG_CHECK((hash_offset_present == 0), "Parse "
+ "error in section \"%s\": entry hash_offset only "
+ "allowed when key_mask is not present",
+ params->name);
+
status = parse_hex_string(key_mask_str, p->key_mask,
>key_size);
@@ -383,6 +394,8 @@ pipeline_fc_parse_args(struct pipeline_flow_classification
*p,
"key_mask", key_mask_str);
}
+ p->key_mask_present = key_mask_present;
+
return 0;
}
@@ -486,7 +499,8 @@ static void *pipeline_fc_init(struct pipeline_params
*params,
.signature_offset = p_fc->hash_offset,
.key_offset = p_fc->key_offset,
.f_hash = hash_func[(p_fc->key_size / 8) - 1],
- .key_mask = p_fc->key_mask,
+ .key_mask = (p_fc->key_mask_present) ?
+ p_fc->key_mask : NULL,
.seed = 0,
};
@@ -497,7 +511,8 @@ static void *pipeline_fc_init(struct pipeline_params
*params,
.signature_offset = p_fc->hash_offset,
.key_offset = p_fc->key_offset,
.f_hash = hash_func[(p_fc->key_size / 8) - 1],
- .key_mask = p_fc->key_mask,
+ .key_mask = (p_fc->key_mask_present) ?
+ p_fc->key_mask : NULL,
.seed = 0,
};
--
2.5.0
[dpdk-dev] [PATCH] examples/ip_pipeline: fix configuration parser
Fixes: 377cd98e ("example/ip_pipeline: add link identification")
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/config_parse.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index e39c23e..152889d 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -678,6 +678,8 @@ parse_eal(struct app_params *app,
p->pci_blacklist[i] =
strdup(entry->value);
PARSE_ERROR_MALLOC(p->pci_blacklist[i]);
+
+ break;
}
PARSE_ERROR_MESSAGE((i < APP_MAX_LINKS),
@@ -702,6 +704,8 @@ parse_eal(struct app_params *app,
p->pci_whitelist[i] = strdup(entry->value);
PARSE_ERROR_MALLOC(p->pci_whitelist[i]);
+
+ break;
}
PARSE_ERROR_MESSAGE((i < APP_MAX_LINKS),
@@ -720,6 +724,8 @@ parse_eal(struct app_params *app,
p->vdev[i] = strdup(entry->value);
PARSE_ERROR_MALLOC(p->vdev[i]);
+
+ break;
}
PARSE_ERROR_MESSAGE((i < APP_MAX_LINKS),
--
2.5.0
[dpdk-dev] [PATCH] app/test/test_table_acl: fix incorrect IP header
This patch fixes the incorrect IP header in ACL table test.
Signed-off-by: Fan Zhang
---
app/test/test_table_acl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/app/test/test_table_acl.c b/app/test/test_table_acl.c
index 38e3a8e..2fc5f24 100644
--- a/app/test/test_table_acl.c
+++ b/app/test/test_table_acl.c
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
+ * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -45,7 +45,9 @@
**/
struct ipv4_5tuple {
+ uint8_t ttl;
uint8_t proto;
+ uint16_t checksum;
uint32_t ip_src;
uint32_t ip_dst;
uint16_t port_src;
--
2.5.0
[dpdk-dev] [PATCH v4 4/4] examples/ip_pipeline: add packets dumping to PCAP file support
This patch add packet dumping feature to ip_pipeline. Output port type
SINK now supports dumping packets to PCAP file before releasing mbuf back
to mempool. This feature can be applied by specifying parameters in
configuration file as shown below:
[PIPELINE1]
type = PASS-THROUGH
core = 1
pktq_in = SOURCE0 SOURCE1
pktq_out = SINK0 SINK1
pcap_file_wr = /path/to/eth1.pcap /path/to/eth2.pcap
pcap_n_pkt_wr = 80 0
The configuration section "pcap_file_wr" contains full path and name of
the PCAP file which the packets will be dumped to. If multiple SINKs
exists, each shall have its own PCAP file path listed in this section,
separated by spaces. Multiple SINK ports shall NOT share same PCAP file to
be dumped.
The configuration section "pcap_n_pkt_wr" contains integer value(s)
and indicates the maximum number of packets to be dumped to the PCAP file.
If this value is "0", the "infinite" dumping mode will be used. If this
value is N (N > 0), the dumping will be finished when the number of
packets dumped to the file reaches N.
To enable PCAP dumping support to IP pipeline, the compiler option
CONFIG_RTE_PORT_PCAP must be set to 'y'. It is possible to disable this
feature by removing "pcap_file_wr" and "pcap_n_pkt_wr" lines from the
configuration file.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/app.h | 2 +
examples/ip_pipeline/config_parse.c | 172
examples/ip_pipeline/init.c | 15
examples/ip_pipeline/pipeline_be.h | 4 +-
4 files changed, 192 insertions(+), 1 deletion(-)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index 0c22f7f..55a9841 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -156,6 +156,8 @@ struct app_pktq_source_params {
struct app_pktq_sink_params {
char *name;
uint8_t parsed;
+ char *file_name; /* Full path of PCAP file to be copied to mbufs */
+ uint32_t n_pkts_to_dump;
};
struct app_msgq_params {
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 291dbfb..e39c23e 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -187,6 +187,8 @@ struct app_pktq_source_params default_source_params = {
struct app_pktq_sink_params default_sink_params = {
.parsed = 0,
+ .file_name = NULL,
+ .n_pkts_to_dump = 0,
};
struct app_msgq_params default_msgq_params = {
@@ -1036,6 +1038,85 @@ parse_pipeline_pcap_source(struct app_params *app,
}
static int
+parse_pipeline_pcap_sink(struct app_params *app,
+ struct app_pipeline_params *p,
+ const char *file_name, const char *n_pkts_to_dump)
+{
+ const char *next = NULL;
+ char *end;
+ uint32_t i;
+ int parse_file = 0;
+
+ if (file_name && !n_pkts_to_dump) {
+ next = file_name;
+ parse_file = 1; /* parse file path */
+ } else if (n_pkts_to_dump && !file_name) {
+ next = n_pkts_to_dump;
+ parse_file = 0; /* parse copy size */
+ } else
+ return -EINVAL;
+
+ char name[APP_PARAM_NAME_SIZE];
+ size_t name_len;
+
+ if (p->n_pktq_out == 0)
+ return -EINVAL;
+
+ for (i = 0; i < p->n_pktq_out; i++) {
+ if (p->pktq_out[i].type != APP_PKTQ_OUT_SINK)
+ return -EINVAL;
+ }
+
+ i = 0;
+ while (*next != '\0') {
+ uint32_t id;
+
+ if (i >= p->n_pktq_out)
+ return -EINVAL;
+
+ id = p->pktq_out[i].id;
+
+ end = strchr(next, ' ');
+ if (!end)
+ name_len = strlen(next);
+ else
+ name_len = end - next;
+
+ if (name_len == 0 || name_len == sizeof(name))
+ return -EINVAL;
+
+ strncpy(name, next, name_len);
+ name[name_len] = '\0';
+ next += name_len;
+ if (*next != '\0')
+ next++;
+
+ if (parse_file) {
+ app->sink_params[id].file_name = strdup(name);
+ if (app->sink_params[id].file_name == NULL)
+ return -ENOMEM;
+ } else {
+ if (parser_read_uint32(
+ >sink_params[id].n_pkts_to_dump,
+ name) != 0) {
+ if (app->sink_params[id].file_name !=
+ NULL)
+ free(app->sink_params[id].
+ file_name);
+ return -EINVAL;
+ }
[dpdk-dev] [PATCH v4 3/4] lib/librte_port: add packet dumping to PCAP file support in sink port
Originally, sink ports in librte_port releases received mbufs back to
mempool. This patch adds optional packet dumping to PCAP feature in sink
port: the packets will be dumped to user defined PCAP file for storage or
debugging. The user may also choose the sink port's activity: either it
continuously dump the packets to the file, or stops at certain dumping
This feature shares same CONFIG_RTE_PORT_PCAP compiler option as source
port PCAP file support feature. Users can enable or disable this feature
by setting CONFIG_RTE_PORT_PCAP compiler option "y" or "n".
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
lib/librte_port/rte_port_source_sink.c | 250 -
lib/librte_port/rte_port_source_sink.h | 11 +-
2 files changed, 258 insertions(+), 3 deletions(-)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index 3d4e8d9..05620d6 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -42,9 +42,12 @@
#include
#ifdef RTE_PORT_PCAP
+#include
#include
#endif
+#else
+#undef RTE_PORT_PCAP
#endif
#include "rte_port_source_sink.h"
@@ -400,12 +403,183 @@ rte_port_source_stats_read(void *port,
struct rte_port_sink {
struct rte_port_out_stats stats;
+
+ /* PCAP dumper handle and pkts number */
+ void *dumper;
+ uint32_t max_pkts;
+ uint32_t pkt_index;
+ uint32_t dump_finish;
};
+#ifdef RTE_PORT_PCAP
+
+/**
+ * Open PCAP file for dumping packets to the file later
+ *
+ * @param port
+ * Handle to sink port
+ * @param p
+ * Sink port parameter
+ * @return
+ * 0 on SUCCESS
+ * error code otherwise
+ */
+static int
+pcap_sink_open(struct rte_port_sink *port,
+ __rte_unused struct rte_port_sink_params *p)
+{
+ pcap_t *tx_pcap;
+ pcap_dumper_t *pcap_dumper;
+
+ if (p->file_name == NULL) {
+ port->dumper = NULL;
+ port->max_pkts = 0;
+ port->pkt_index = 0;
+ port->dump_finish = 0;
+ return 0;
+ }
+
+ /** Open a dead pcap handler for opening dumper file */
+ tx_pcap = pcap_open_dead(DLT_EN10MB, 65535);
+ if (tx_pcap == NULL)
+ return -ENOENT;
+
+ /* The dumper is created using the previous pcap_t reference */
+ pcap_dumper = pcap_dump_open(tx_pcap, p->file_name);
+ if (pcap_dumper == NULL)
+ return -ENOENT;
+
+ port->dumper = pcap_dumper;
+ port->max_pkts = p->max_n_pkts;
+ port->pkt_index = 0;
+ port->dump_finish = 0;
+
+ return 0;
+}
+
+uint8_t jumbo_pkt_buf[ETHER_MAX_JUMBO_FRAME_LEN];
+
+/**
+ * Dump a packet to PCAP dumper
+ *
+ * @param p
+ * Handle to sink port
+ * @param mbuf
+ * Handle to mbuf structure holding the packet
+ */
+static void
+pcap_sink_dump_pkt(struct rte_port_sink *port, struct rte_mbuf *mbuf)
+{
+ uint8_t *pcap_dumper = (uint8_t *)(port->dumper);
+ struct pcap_pkthdr pcap_hdr;
+ uint8_t *pkt;
+
+ /* Maximum num packets already reached */
+ if (port->dump_finish)
+ return;
+
+ pkt = rte_pktmbuf_mtod(mbuf, uint8_t *);
+
+ pcap_hdr.len = mbuf->pkt_len;
+ pcap_hdr.caplen = pcap_hdr.len;
+ gettimeofday(&(pcap_hdr.ts), NULL);
+
+ if (mbuf->nb_segs > 1) {
+ struct rte_mbuf *jumbo_mbuf;
+ uint32_t pkt_index = 0;
+
+ /* if packet size longer than ETHER_MAX_JUMBO_FRAME_LEN,
+* ignore it.
+*/
+ if (mbuf->pkt_len > ETHER_MAX_JUMBO_FRAME_LEN)
+ return;
+
+ for (jumbo_mbuf = mbuf; jumbo_mbuf != NULL;
+ jumbo_mbuf = jumbo_mbuf->next) {
+ rte_memcpy(_pkt_buf[pkt_index],
+ rte_pktmbuf_mtod(jumbo_mbuf, uint8_t *),
+ jumbo_mbuf->data_len);
+ pkt_index += jumbo_mbuf->data_len;
+ }
+
+ jumbo_pkt_buf[pkt_index] = '\0';
+
+ pkt = jumbo_pkt_buf;
+ }
+
+ pcap_dump(pcap_dumper, _hdr, pkt);
+
+ port->pkt_index++;
+
+ if ((port->max_pkts != 0) && (port->pkt_index >= port->max_pkts)) {
+ port->dump_finish = 1;
+ RTE_LOG(INFO, PORT, "Dumped %u packets to file\n",
+ port->pkt_index);
+ }
+
+}
+
+/**
+ * Flush pcap dumper
+ *
+ * @param dumper
+ * Handle to pcap dumper
+ */
+
+static void
+pcap_sink_flush_pkt(void *dumper)
+{
+ pcap_dumper_t *pcap_dumper = (pcap_dumper_t *)dumper;
+
+ pcap_dump_flush(pcap_dumper);
+}
+
+/**
+ * Close a PCAP dumper handle
+ *
+ * @param dumper
+ * Handle to pcap dumper
+ */
+static void
+pcap_sink_
[dpdk-dev] [PATCH v4 2/4] example/ip_pipeline: add PCAP file support
This patch add PCAP file support to ip_pipeline. Input port type SOURCE
now supports loading specific PCAP file and sends the packets in it to
pipeline instance. The packets are then released by SINK output port. This
feature can be applied by specifying parameters in configuration file as
shown below;
[PIPELINE1]
type = PASS-THROUGH
core = 1
pktq_in = SOURCE0 SOURCE1
pktq_out = SINK0 SINK1
pcap_file_rd = /path/to/eth1.PCAP /path/to/eth2.PCAP
pcap_bytes_rd_per_pkt = 0 64
The configuration section "pcap_file_rd" contains full path and name of
the PCAP file to be loaded. If multiple SOURCEs exists, each shall have
its own PCAP file path listed in this section, separated by spaces.
Multiple SOURCE ports may share same PCAP file to be copied.
The configuration section "pcap_bytes_rd_per_pkt" contains integer value
and indicates the maximum number of bytes to be copied from each packet
in the PCAP file. If this value is "0", all packets in the file will be
copied fully; if the packet size is smaller than the assigned value, the
entire packet is copied. Same as "pcap_file_rd", every SOURCE shall have
its own maximum copy byte number.
To enable PCAP support to IP pipeline, the compiler option
CONFIG_RTE_PORT_PCAP must be set to 'y'. It is possible to disable PCAP
support by removing "pcap_file_rd" and "pcap_bytes_rd_per_pkt" lines
from the configuration file.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/app.h | 4 +-
examples/ip_pipeline/config_parse.c | 119 +++-
examples/ip_pipeline/init.c | 20 +-
3 files changed, 140 insertions(+), 3 deletions(-)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index f55aef8..0c22f7f 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2010-2015 Intel Corporation. All rights reserved.
+ * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -149,6 +149,8 @@ struct app_pktq_source_params {
uint32_t parsed;
uint32_t mempool_id; /* Position in the app->mempool_params array */
uint32_t burst;
+ char *file_name; /* Full path of PCAP file to be copied to mbufs */
+ uint32_t n_bytes_per_pkt;
};
struct app_pktq_sink_params {
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 4695ac1..291dbfb 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2010-2015 Intel Corporation. All rights reserved.
+ * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -181,6 +181,8 @@ struct app_pktq_source_params default_source_params = {
.parsed = 0,
.mempool_id = 0,
.burst = 32,
+ .file_name = NULL,
+ .n_bytes_per_pkt = 0,
};
struct app_pktq_sink_params default_sink_params = {
@@ -955,6 +957,85 @@ parse_eal(struct app_params *app,
}
static int
+parse_pipeline_pcap_source(struct app_params *app,
+ struct app_pipeline_params *p,
+ const char *file_name, const char *cp_size)
+{
+ const char *next = NULL;
+ char *end;
+ uint32_t i;
+ int parse_file = 0;
+
+ if (file_name && !cp_size) {
+ next = file_name;
+ parse_file = 1; /* parse file path */
+ } else if (cp_size && !file_name) {
+ next = cp_size;
+ parse_file = 0; /* parse copy size */
+ } else
+ return -EINVAL;
+
+ char name[APP_PARAM_NAME_SIZE];
+ size_t name_len;
+
+ if (p->n_pktq_in == 0)
+ return -EINVAL;
+
+ for (i = 0; i < p->n_pktq_in; i++) {
+ if (p->pktq_in[i].type != APP_PKTQ_IN_SOURCE)
+ return -EINVAL;
+ }
+
+ i = 0;
+ while (*next != '\0') {
+ uint32_t id;
+
+ if (i >= p->n_pktq_in)
+ return -EINVAL;
+
+ id = p->pktq_in[i].id;
+
+ end = strchr(next, ' ');
+ if (!end)
+ name_len = strlen(next);
+ else
+ name_len = end - next;
+
+ if (name_len == 0 || name_len == sizeof(name))
+ return -EINVAL;
+
+ strncpy(name, next, name_len);
+ name[name_len] = '\0';
+ next += name_len;
+ if (*next != '\0')
+ next++;
+
+ if (parse_file) {
+ app->source_params[id].file_name = strdup(name);
+
[dpdk-dev] [PATCH v4 1/4] lib/librte_port: add PCAP file support to source port
Originally, source ports in librte_port is an input port used as packet
generator. Similar to Linux kernel /dev/zero character device, it
generates null packets. This patch adds optional PCAP file support to
source port: instead of sending NULL packets, the source port generates
packets copied from a PCAP file. To increase the performance, the packets
in the file are loaded to memory initially, and copied to mbufs in circular
manner. Users can enable or disable this feature by setting
CONFIG_RTE_PORT_PCAP compiler option "y" or "n".
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
config/common_base | 1 +
lib/librte_port/Makefile | 10 +-
lib/librte_port/rte_port_source_sink.c | 251 -
lib/librte_port/rte_port_source_sink.h | 13 +-
mk/rte.app.mk | 5 +
5 files changed, 275 insertions(+), 5 deletions(-)
diff --git a/config/common_base b/config/common_base
index 192e198..52bd34f 100644
--- a/config/common_base
+++ b/config/common_base
@@ -466,6 +466,7 @@ CONFIG_RTE_LIBRTE_REORDER=y
#
CONFIG_RTE_LIBRTE_PORT=y
CONFIG_RTE_PORT_STATS_COLLECT=n
+CONFIG_RTE_PORT_PCAP=n
#
# Compile librte_table
diff --git a/lib/librte_port/Makefile b/lib/librte_port/Makefile
index 410053e..0b31c04 100644
--- a/lib/librte_port/Makefile
+++ b/lib/librte_port/Makefile
@@ -1,6 +1,6 @@
# BSD LICENSE
#
-# Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
+# Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -36,6 +36,14 @@ include $(RTE_SDK)/mk/rte.vars.mk
#
LIB = librte_port.a
+ifeq ($(CONFIG_RTE_NEXT_ABI),y)
+
+ifeq ($(CONFIG_RTE_PORT_PCAP),y)
+LDLIBS += -lpcap
+endif
+
+endif
+
CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index a06477e..3d4e8d9 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
+ * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,6 +37,16 @@
#include
#include
+#ifdef RTE_NEXT_ABI
+
+#include
+
+#ifdef RTE_PORT_PCAP
+#include
+#endif
+
+#endif
+
#include "rte_port_source_sink.h"
/*
@@ -60,8 +70,174 @@ struct rte_port_source {
struct rte_port_in_stats stats;
struct rte_mempool *mempool;
+
+#ifdef RTE_NEXT_ABI
+ /* PCAP buffers and indexes */
+ uint8_t **pkts;
+ uint8_t *pkt_buff;
+ uint32_t *pkt_len;
+ uint32_t n_pkts;
+ uint32_t pkt_index;
+#endif
};
+#ifdef RTE_NEXT_ABI
+
+#ifdef RTE_PORT_PCAP
+
+/**
+ * Load PCAP file, allocate and copy packets in the file to memory
+ *
+ * @param p
+ * Parameters for source port
+ * @param port
+ * Handle to source port
+ * @param socket_id
+ * Socket id where the memory is created
+ * @return
+ * 0 on SUCCESS
+ * error code otherwise
+ */
+static int
+pcap_source_load(struct rte_port_source_params *p,
+ struct rte_port_source *port,
+ int socket_id)
+{
+ uint32_t status = 0;
+ uint32_t n_pkts = 0;
+ uint32_t i;
+ uint32_t *pkt_len_aligns = NULL;
+ size_t total_buff_len = 0;
+ pcap_t *pcap_handle;
+ char pcap_errbuf[PCAP_ERRBUF_SIZE];
+ uint32_t max_len;
+ struct pcap_pkthdr pcap_hdr;
+ const uint8_t *pkt;
+ uint8_t *buff = NULL;
+ uint32_t pktmbuf_maxlen = (uint32_t)
+ (rte_pktmbuf_data_room_size(port->mempool) -
+ RTE_PKTMBUF_HEADROOM);
+
+ if (p->file_name == NULL)
+ return 0;
+
+ if (p->n_bytes_per_pkt == 0)
+ max_len = pktmbuf_maxlen;
+ else
+ max_len = RTE_MIN(p->n_bytes_per_pkt, pktmbuf_maxlen);
+
+ /* first time open, get packet number */
+ pcap_handle = pcap_open_offline(p->file_name, pcap_errbuf);
+ if (pcap_handle == NULL) {
+ status = -ENOENT;
+ goto error_exit;
+ }
+
+ while ((pkt = pcap_next(pcap_handle, _hdr)) != NULL)
+ n_pkts++;
+
+ pcap_close(pcap_handle);
+
+ port->pkt_len = rte_zmalloc_socket("PCAP",
+ (sizeof(*port->pkt_len) * n_pkts), 0, socket_id);
+ if (port->pkt_len == NULL) {
+ status = -ENOMEM;
+ goto error_exit;
+ }
+
+ pkt_len_aligns = rte_malloc("PCAP",
+ (sizeof(*pkt_len_aligns) * n_pkts), 0);
+ if (pkt_len_aligns == NULL) {
+ status = -ENOMEM;
+ goto error_exit;
+ }
+
+ p
[dpdk-dev] [PATCH v4 0/4] Add PCAP support to source and sink port
This patchset adds feature to source and sink type port in librte_port library, and to examples/ip_pipline. Originally, source/sink ports act as input and output of NULL packets generator. This patchset enables them read from and write to specific PCAP file, to generate and dump packets. v4: *fixed compile issue when RTE_NEXT_ABI is disabled v3: *added RTE_NEXT_ABI macro to source port *updated to fit ip_pipeline configuration new code style v2: *fixed source/sink open function returns *removed duplicated code *added clearer error message display on different error messages Acked-by: Cristian Dumitrescu Fan Zhang (4): lib/librte_port: add PCAP file support to source port example/ip_pipeline: add PCAP file support lib/librte_port: add packet dumping to PCAP file support in sink port examples/ip_pipeline: add packets dumping to PCAP file support config/common_base | 1 + examples/ip_pipeline/app.h | 6 +- examples/ip_pipeline/config_parse.c| 291 ++- examples/ip_pipeline/init.c| 35 ++- examples/ip_pipeline/pipeline_be.h | 4 +- lib/librte_port/Makefile | 10 +- lib/librte_port/rte_port_source_sink.c | 501 - lib/librte_port/rte_port_source_sink.h | 24 +- mk/rte.app.mk | 5 + 9 files changed, 865 insertions(+), 12 deletions(-) -- 2.5.0
[dpdk-dev] [PATCH v3 4/4] examples/ip_pipeline: add packets dumping to PCAP file support
This patch add packet dumping feature to ip_pipeline. Output port type
SINK now supports dumping packets to PCAP file before releasing mbuf back
to mempool. This feature can be applied by specifying parameters in
configuration file as shown below:
[PIPELINE1]
type = PASS-THROUGH
core = 1
pktq_in = SOURCE0 SOURCE1
pktq_out = SINK0 SINK1
pcap_file_wr = /path/to/eth1.pcap /path/to/eth2.pcap
pcap_n_pkt_wr = 80 0
The configuration section "pcap_file_wr" contains full path and name of
the PCAP file which the packets will be dumped to. If multiple SINKs
exists, each shall have its own PCAP file path listed in this section,
separated by spaces. Multiple SINK ports shall NOT share same PCAP file to
be dumped.
The configuration section "pcap_n_pkt_wr" contains integer value(s)
and indicates the maximum number of packets to be dumped to the PCAP file.
If this value is "0", the "infinite" dumping mode will be used. If this
value is N (N > 0), the dumping will be finished when the number of
packets dumped to the file reaches N.
To enable PCAP dumping support to IP pipeline, the compiler option
CONFIG_RTE_PORT_PCAP must be set to 'y'. It is possible to disable this
feature by removing "pcap_file_wr" and "pcap_n_pkt_wr" lines from the
configuration file.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/app.h | 2 +
examples/ip_pipeline/config_parse.c | 172
examples/ip_pipeline/init.c | 12 +++
examples/ip_pipeline/pipeline_be.h | 4 +-
4 files changed, 189 insertions(+), 1 deletion(-)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index 0c22f7f..55a9841 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -156,6 +156,8 @@ struct app_pktq_source_params {
struct app_pktq_sink_params {
char *name;
uint8_t parsed;
+ char *file_name; /* Full path of PCAP file to be copied to mbufs */
+ uint32_t n_pkts_to_dump;
};
struct app_msgq_params {
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 291dbfb..e39c23e 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -187,6 +187,8 @@ struct app_pktq_source_params default_source_params = {
struct app_pktq_sink_params default_sink_params = {
.parsed = 0,
+ .file_name = NULL,
+ .n_pkts_to_dump = 0,
};
struct app_msgq_params default_msgq_params = {
@@ -1036,6 +1038,85 @@ parse_pipeline_pcap_source(struct app_params *app,
}
static int
+parse_pipeline_pcap_sink(struct app_params *app,
+ struct app_pipeline_params *p,
+ const char *file_name, const char *n_pkts_to_dump)
+{
+ const char *next = NULL;
+ char *end;
+ uint32_t i;
+ int parse_file = 0;
+
+ if (file_name && !n_pkts_to_dump) {
+ next = file_name;
+ parse_file = 1; /* parse file path */
+ } else if (n_pkts_to_dump && !file_name) {
+ next = n_pkts_to_dump;
+ parse_file = 0; /* parse copy size */
+ } else
+ return -EINVAL;
+
+ char name[APP_PARAM_NAME_SIZE];
+ size_t name_len;
+
+ if (p->n_pktq_out == 0)
+ return -EINVAL;
+
+ for (i = 0; i < p->n_pktq_out; i++) {
+ if (p->pktq_out[i].type != APP_PKTQ_OUT_SINK)
+ return -EINVAL;
+ }
+
+ i = 0;
+ while (*next != '\0') {
+ uint32_t id;
+
+ if (i >= p->n_pktq_out)
+ return -EINVAL;
+
+ id = p->pktq_out[i].id;
+
+ end = strchr(next, ' ');
+ if (!end)
+ name_len = strlen(next);
+ else
+ name_len = end - next;
+
+ if (name_len == 0 || name_len == sizeof(name))
+ return -EINVAL;
+
+ strncpy(name, next, name_len);
+ name[name_len] = '\0';
+ next += name_len;
+ if (*next != '\0')
+ next++;
+
+ if (parse_file) {
+ app->sink_params[id].file_name = strdup(name);
+ if (app->sink_params[id].file_name == NULL)
+ return -ENOMEM;
+ } else {
+ if (parser_read_uint32(
+ >sink_params[id].n_pkts_to_dump,
+ name) != 0) {
+ if (app->sink_params[id].file_name !=
+ NULL)
+ free(app->sink_params[id].
+ file_name);
+ return -EINVAL;
+ }
+ }
+
+
[dpdk-dev] [PATCH v3 3/4] lib/librte_port: add packet dumping to PCAP file support in sink port
Originally, sink ports in librte_port releases received mbufs back to
mempool. This patch adds optional packet dumping to PCAP feature in sink
port: the packets will be dumped to user defined PCAP file for storage or
debugging. The user may also choose the sink port's activity: either it
continuously dump the packets to the file, or stops at certain dumping
This feature shares same CONFIG_RTE_PORT_PCAP compiler option as source
port PCAP file support feature. Users can enable or disable this feature
by setting CONFIG_RTE_PORT_PCAP compiler option "y" or "n".
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
lib/librte_port/rte_port_source_sink.c | 248 -
lib/librte_port/rte_port_source_sink.h | 11 +-
2 files changed, 256 insertions(+), 3 deletions(-)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index 3d4e8d9..6a7ba64 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -40,6 +40,7 @@
#ifdef RTE_NEXT_ABI
#include
+#include
#ifdef RTE_PORT_PCAP
#include
@@ -400,12 +401,183 @@ rte_port_source_stats_read(void *port,
struct rte_port_sink {
struct rte_port_out_stats stats;
+
+ /* PCAP dumper handle and pkts number */
+ void *dumper;
+ uint32_t max_pkts;
+ uint32_t pkt_index;
+ uint32_t dump_finish;
};
+#ifdef RTE_PORT_PCAP
+
+/**
+ * Open PCAP file for dumping packets to the file later
+ *
+ * @param port
+ * Handle to sink port
+ * @param p
+ * Sink port parameter
+ * @return
+ * 0 on SUCCESS
+ * error code otherwise
+ */
+static int
+pcap_sink_open(struct rte_port_sink *port,
+ __rte_unused struct rte_port_sink_params *p)
+{
+ pcap_t *tx_pcap;
+ pcap_dumper_t *pcap_dumper;
+
+ if (p->file_name == NULL) {
+ port->dumper = NULL;
+ port->max_pkts = 0;
+ port->pkt_index = 0;
+ port->dump_finish = 0;
+ return 0;
+ }
+
+ /** Open a dead pcap handler for opening dumper file */
+ tx_pcap = pcap_open_dead(DLT_EN10MB, 65535);
+ if (tx_pcap == NULL)
+ return -ENOENT;
+
+ /* The dumper is created using the previous pcap_t reference */
+ pcap_dumper = pcap_dump_open(tx_pcap, p->file_name);
+ if (pcap_dumper == NULL)
+ return -ENOENT;
+
+ port->dumper = pcap_dumper;
+ port->max_pkts = p->max_n_pkts;
+ port->pkt_index = 0;
+ port->dump_finish = 0;
+
+ return 0;
+}
+
+uint8_t jumbo_pkt_buf[ETHER_MAX_JUMBO_FRAME_LEN];
+
+/**
+ * Dump a packet to PCAP dumper
+ *
+ * @param p
+ * Handle to sink port
+ * @param mbuf
+ * Handle to mbuf structure holding the packet
+ */
+static void
+pcap_sink_dump_pkt(struct rte_port_sink *port, struct rte_mbuf *mbuf)
+{
+ uint8_t *pcap_dumper = (uint8_t *)(port->dumper);
+ struct pcap_pkthdr pcap_hdr;
+ uint8_t *pkt;
+
+ /* Maximum num packets already reached */
+ if (port->dump_finish)
+ return;
+
+ pkt = rte_pktmbuf_mtod(mbuf, uint8_t *);
+
+ pcap_hdr.len = mbuf->pkt_len;
+ pcap_hdr.caplen = pcap_hdr.len;
+ gettimeofday(&(pcap_hdr.ts), NULL);
+
+ if (mbuf->nb_segs > 1) {
+ struct rte_mbuf *jumbo_mbuf;
+ uint32_t pkt_index = 0;
+
+ /* if packet size longer than ETHER_MAX_JUMBO_FRAME_LEN,
+* ignore it.
+*/
+ if (mbuf->pkt_len > ETHER_MAX_JUMBO_FRAME_LEN)
+ return;
+
+ for (jumbo_mbuf = mbuf; jumbo_mbuf != NULL;
+ jumbo_mbuf = jumbo_mbuf->next) {
+ rte_memcpy(_pkt_buf[pkt_index],
+ rte_pktmbuf_mtod(jumbo_mbuf, uint8_t *),
+ jumbo_mbuf->data_len);
+ pkt_index += jumbo_mbuf->data_len;
+ }
+
+ jumbo_pkt_buf[pkt_index] = '\0';
+
+ pkt = jumbo_pkt_buf;
+ }
+
+ pcap_dump(pcap_dumper, _hdr, pkt);
+
+ port->pkt_index++;
+
+ if ((port->max_pkts != 0) && (port->pkt_index >= port->max_pkts)) {
+ port->dump_finish = 1;
+ RTE_LOG(INFO, PORT, "Dumped %u packets to file\n",
+ port->pkt_index);
+ }
+
+}
+
+/**
+ * Flush pcap dumper
+ *
+ * @param dumper
+ * Handle to pcap dumper
+ */
+
+static void
+pcap_sink_flush_pkt(void *dumper)
+{
+ pcap_dumper_t *pcap_dumper = (pcap_dumper_t *)dumper;
+
+ pcap_dump_flush(pcap_dumper);
+}
+
+/**
+ * Close a PCAP dumper handle
+ *
+ * @param dumper
+ * Handle to pcap dumper
+ */
+static void
+pcap_sink_close(void *dumper)
+{
+ pcap_dumper_t *pcap_dumper = (pcap_d
[dpdk-dev] [PATCH v3 2/4] example/ip_pipeline: add PCAP file support
This patch add PCAP file support to ip_pipeline. Input port type SOURCE
now supports loading specific PCAP file and sends the packets in it to
pipeline instance. The packets are then released by SINK output port. This
feature can be applied by specifying parameters in configuration file as
shown below;
[PIPELINE1]
type = PASS-THROUGH
core = 1
pktq_in = SOURCE0 SOURCE1
pktq_out = SINK0 SINK1
pcap_file_rd = /path/to/eth1.PCAP /path/to/eth2.PCAP
pcap_bytes_rd_per_pkt = 0 64
The configuration section "pcap_file_rd" contains full path and name of
the PCAP file to be loaded. If multiple SOURCEs exists, each shall have
its own PCAP file path listed in this section, separated by spaces.
Multiple SOURCE ports may share same PCAP file to be copied.
The configuration section "pcap_bytes_rd_per_pkt" contains integer value
and indicates the maximum number of bytes to be copied from each packet
in the PCAP file. If this value is "0", all packets in the file will be
copied fully; if the packet size is smaller than the assigned value, the
entire packet is copied. Same as "pcap_file_rd", every SOURCE shall have
its own maximum copy byte number.
To enable PCAP support to IP pipeline, the compiler option
CONFIG_RTE_PORT_PCAP must be set to 'y'. It is possible to disable PCAP
support by removing "pcap_file_rd" and "pcap_bytes_rd_per_pkt" lines
from the configuration file.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/app.h | 4 +-
examples/ip_pipeline/config_parse.c | 119 +++-
examples/ip_pipeline/init.c | 17 +-
3 files changed, 137 insertions(+), 3 deletions(-)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index f55aef8..0c22f7f 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2010-2015 Intel Corporation. All rights reserved.
+ * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -149,6 +149,8 @@ struct app_pktq_source_params {
uint32_t parsed;
uint32_t mempool_id; /* Position in the app->mempool_params array */
uint32_t burst;
+ char *file_name; /* Full path of PCAP file to be copied to mbufs */
+ uint32_t n_bytes_per_pkt;
};
struct app_pktq_sink_params {
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 4695ac1..291dbfb 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2010-2015 Intel Corporation. All rights reserved.
+ * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -181,6 +181,8 @@ struct app_pktq_source_params default_source_params = {
.parsed = 0,
.mempool_id = 0,
.burst = 32,
+ .file_name = NULL,
+ .n_bytes_per_pkt = 0,
};
struct app_pktq_sink_params default_sink_params = {
@@ -955,6 +957,85 @@ parse_eal(struct app_params *app,
}
static int
+parse_pipeline_pcap_source(struct app_params *app,
+ struct app_pipeline_params *p,
+ const char *file_name, const char *cp_size)
+{
+ const char *next = NULL;
+ char *end;
+ uint32_t i;
+ int parse_file = 0;
+
+ if (file_name && !cp_size) {
+ next = file_name;
+ parse_file = 1; /* parse file path */
+ } else if (cp_size && !file_name) {
+ next = cp_size;
+ parse_file = 0; /* parse copy size */
+ } else
+ return -EINVAL;
+
+ char name[APP_PARAM_NAME_SIZE];
+ size_t name_len;
+
+ if (p->n_pktq_in == 0)
+ return -EINVAL;
+
+ for (i = 0; i < p->n_pktq_in; i++) {
+ if (p->pktq_in[i].type != APP_PKTQ_IN_SOURCE)
+ return -EINVAL;
+ }
+
+ i = 0;
+ while (*next != '\0') {
+ uint32_t id;
+
+ if (i >= p->n_pktq_in)
+ return -EINVAL;
+
+ id = p->pktq_in[i].id;
+
+ end = strchr(next, ' ');
+ if (!end)
+ name_len = strlen(next);
+ else
+ name_len = end - next;
+
+ if (name_len == 0 || name_len == sizeof(name))
+ return -EINVAL;
+
+ strncpy(name, next, name_len);
+ name[name_len] = '\0';
+ next += name_len;
+ if (*next != '\0')
+ next++;
+
+ if (parse_file) {
+ app->source_params[id].file_name = strdup(name);
+
[dpdk-dev] [PATCH v3 1/4] lib/librte_port: add PCAP file support to source port
Originally, source ports in librte_port is an input port used as packet
generator. Similar to Linux kernel /dev/zero character device, it
generates null packets. This patch adds optional PCAP file support to
source port: instead of sending NULL packets, the source port generates
packets copied from a PCAP file. To increase the performance, the packets
in the file are loaded to memory initially, and copied to mbufs in circular
manner. Users can enable or disable this feature by setting
CONFIG_RTE_PORT_PCAP compiler option "y" or "n".
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
config/common_base | 1 +
lib/librte_port/Makefile | 10 +-
lib/librte_port/rte_port_source_sink.c | 251 -
lib/librte_port/rte_port_source_sink.h | 13 +-
mk/rte.app.mk | 5 +
5 files changed, 275 insertions(+), 5 deletions(-)
diff --git a/config/common_base b/config/common_base
index c73f71a..3be2f18 100644
--- a/config/common_base
+++ b/config/common_base
@@ -458,6 +458,7 @@ CONFIG_RTE_LIBRTE_REORDER=y
#
CONFIG_RTE_LIBRTE_PORT=y
CONFIG_RTE_PORT_STATS_COLLECT=n
+CONFIG_RTE_PORT_PCAP=n
#
# Compile librte_table
diff --git a/lib/librte_port/Makefile b/lib/librte_port/Makefile
index 410053e..0b31c04 100644
--- a/lib/librte_port/Makefile
+++ b/lib/librte_port/Makefile
@@ -1,6 +1,6 @@
# BSD LICENSE
#
-# Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
+# Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -36,6 +36,14 @@ include $(RTE_SDK)/mk/rte.vars.mk
#
LIB = librte_port.a
+ifeq ($(CONFIG_RTE_NEXT_ABI),y)
+
+ifeq ($(CONFIG_RTE_PORT_PCAP),y)
+LDLIBS += -lpcap
+endif
+
+endif
+
CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index a06477e..3d4e8d9 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2010-2014 Intel Corporation. All rights reserved.
+ * Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,6 +37,16 @@
#include
#include
+#ifdef RTE_NEXT_ABI
+
+#include
+
+#ifdef RTE_PORT_PCAP
+#include
+#endif
+
+#endif
+
#include "rte_port_source_sink.h"
/*
@@ -60,8 +70,174 @@ struct rte_port_source {
struct rte_port_in_stats stats;
struct rte_mempool *mempool;
+
+#ifdef RTE_NEXT_ABI
+ /* PCAP buffers and indexes */
+ uint8_t **pkts;
+ uint8_t *pkt_buff;
+ uint32_t *pkt_len;
+ uint32_t n_pkts;
+ uint32_t pkt_index;
+#endif
};
+#ifdef RTE_NEXT_ABI
+
+#ifdef RTE_PORT_PCAP
+
+/**
+ * Load PCAP file, allocate and copy packets in the file to memory
+ *
+ * @param p
+ * Parameters for source port
+ * @param port
+ * Handle to source port
+ * @param socket_id
+ * Socket id where the memory is created
+ * @return
+ * 0 on SUCCESS
+ * error code otherwise
+ */
+static int
+pcap_source_load(struct rte_port_source_params *p,
+ struct rte_port_source *port,
+ int socket_id)
+{
+ uint32_t status = 0;
+ uint32_t n_pkts = 0;
+ uint32_t i;
+ uint32_t *pkt_len_aligns = NULL;
+ size_t total_buff_len = 0;
+ pcap_t *pcap_handle;
+ char pcap_errbuf[PCAP_ERRBUF_SIZE];
+ uint32_t max_len;
+ struct pcap_pkthdr pcap_hdr;
+ const uint8_t *pkt;
+ uint8_t *buff = NULL;
+ uint32_t pktmbuf_maxlen = (uint32_t)
+ (rte_pktmbuf_data_room_size(port->mempool) -
+ RTE_PKTMBUF_HEADROOM);
+
+ if (p->file_name == NULL)
+ return 0;
+
+ if (p->n_bytes_per_pkt == 0)
+ max_len = pktmbuf_maxlen;
+ else
+ max_len = RTE_MIN(p->n_bytes_per_pkt, pktmbuf_maxlen);
+
+ /* first time open, get packet number */
+ pcap_handle = pcap_open_offline(p->file_name, pcap_errbuf);
+ if (pcap_handle == NULL) {
+ status = -ENOENT;
+ goto error_exit;
+ }
+
+ while ((pkt = pcap_next(pcap_handle, _hdr)) != NULL)
+ n_pkts++;
+
+ pcap_close(pcap_handle);
+
+ port->pkt_len = rte_zmalloc_socket("PCAP",
+ (sizeof(*port->pkt_len) * n_pkts), 0, socket_id);
+ if (port->pkt_len == NULL) {
+ status = -ENOMEM;
+ goto error_exit;
+ }
+
+ pkt_len_aligns = rte_malloc("PCAP",
+ (sizeof(*pkt_len_aligns) * n_pkts), 0);
+ if (pkt_len_aligns == NULL) {
+ status = -ENOMEM;
+ goto error_exit;
+ }
+
+ p
[dpdk-dev] [PATCH v3 0/4] Add PCAP support to source and sink port
This patchset adds feature to source and sink type port in librte_port library, and to examples/ip_pipline. Originally, source/sink ports act as input and output of NULL packets generator. This patchset enables them read from and write to specific PCAP file, to generate and dump packets. v3: *added RTE_NEXT_ABI macro to source port *updated to fit ip_pipeline configuration new code style v2: *fixed source/sink open function returns *removed duplicated code *added clearer error message display on different error messages Acked-by: Cristian Dumitrescu Fan Zhang (4): lib/librte_port: add PCAP file support to source port example/ip_pipeline: add PCAP file support lib/librte_port: add packet dumping to PCAP file support in sink port examples/ip_pipeline: add packets dumping to PCAP file support config/common_base | 1 + examples/ip_pipeline/app.h | 6 +- examples/ip_pipeline/config_parse.c| 291 ++- examples/ip_pipeline/init.c| 29 +- examples/ip_pipeline/pipeline_be.h | 4 +- lib/librte_port/Makefile | 10 +- lib/librte_port/rte_port_source_sink.c | 499 - lib/librte_port/rte_port_source_sink.h | 24 +- mk/rte.app.mk | 5 + 9 files changed, 857 insertions(+), 12 deletions(-) -- 2.5.0
[dpdk-dev] [PATCH v2] examples/ip_pipeline: add link identification feature
This patch adds link identification feature to packet framework. To
identify a link, user can use both existing port-mask option, or specify
PCI device in every LINK section in the configuration file.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
*v2
To be applied on top of:
[dpdk-dev,v2] examples/ip_pipeline: config parser clean-up
(http://dpdk.org/dev/patchwork/patch/10569/)
examples/ip_pipeline/app.h | 19 +--
examples/ip_pipeline/config_check.c| 16 ++-
examples/ip_pipeline/config_parse.c| 155 +
examples/ip_pipeline/init.c| 95 ++---
examples/ip_pipeline/pipeline/pipeline_common_fe.c | 12 +-
5 files changed, 231 insertions(+), 66 deletions(-)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index 6510d6d..f749a5f 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -49,7 +49,7 @@
#include "pipeline.h"
#define APP_PARAM_NAME_SIZE PIPELINE_NAME_SIZE
-
+#define APP_LINK_PCI_BDF_SIZE16
struct app_mempool_params {
char *name;
uint32_t parsed;
@@ -64,7 +64,7 @@ struct app_link_params {
uint32_t parsed;
uint32_t pmd_id; /* Generated based on port mask */
uint32_t arp_q; /* 0 = Disabled (packets go to default queue 0) */
- uint32_t tcp_syn_local_q; /* 0 = Disabled (pkts go to default queue) */
+ uint32_t tcp_syn_q; /* 0 = Disabled (pkts go to default queue) */
uint32_t ip_local_q; /* 0 = Disabled (pkts go to default queue 0) */
uint32_t tcp_local_q; /* 0 = Disabled (pkts go to default queue 0) */
uint32_t udp_local_q; /* 0 = Disabled (pkts go to default queue 0) */
@@ -73,6 +73,7 @@ struct app_link_params {
uint32_t ip; /* 0 = Invalid */
uint32_t depth; /* Valid only when IP is valid */
uint64_t mac_addr; /* Read from HW */
+ char pci_bdf[APP_LINK_PCI_BDF_SIZE];
struct rte_eth_conf conf;
uint8_t promisc;
@@ -265,6 +266,10 @@ struct app_thread_data {
struct rte_ring *msgq_out;
};
+#ifndef APP_MAX_LINKS
+#define APP_MAX_LINKS16
+#endif
+
struct app_eal_params {
/* Map lcore set to physical cpu set */
char *coremap;
@@ -286,13 +291,13 @@ struct app_eal_params {
uint32_t ranks;
/* Add a PCI device in black list. */
- char *pci_blacklist;
+ char *pci_blacklist[APP_MAX_LINKS];
/* Add a PCI device in white list. */
- char *pci_whitelist;
+ char *pci_whitelist[APP_MAX_LINKS];
/* Add a virtual device. */
- char *vdev;
+ char *vdev[APP_MAX_LINKS];
/* Use VMware TSC map instead of native RDTSC */
uint32_t vmware_tsc_map_present;
@@ -367,10 +372,6 @@ struct app_eal_params {
#define APP_MAX_MEMPOOLS 8
#endif
-#ifndef APP_MAX_LINKS
-#define APP_MAX_LINKS16
-#endif
-
#ifndef APP_LINK_MAX_HWQ_IN
#define APP_LINK_MAX_HWQ_IN 64
#endif
diff --git a/examples/ip_pipeline/config_check.c
b/examples/ip_pipeline/config_check.c
index 1ff5763..fd9ff49 100644
--- a/examples/ip_pipeline/config_check.c
+++ b/examples/ip_pipeline/config_check.c
@@ -59,12 +59,16 @@ check_mempools(struct app_params *app)
static void
check_links(struct app_params *app)
{
- uint32_t n_links_port_mask = __builtin_popcountll(app->port_mask);
uint32_t i;
/* Check that number of links matches the port mask */
- APP_CHECK((app->n_links == n_links_port_mask),
- "Not enough links provided in the PORT_MASK\n");
+ if (app->port_mask) {
+ uint32_t n_links_port_mask =
+ __builtin_popcountll(app->port_mask);
+
+ APP_CHECK((app->n_links == n_links_port_mask),
+ "Not enough links provided in the PORT_MASK\n");
+ }
for (i = 0; i < app->n_links; i++) {
struct app_link_params *link = >link_params[i];
@@ -76,8 +80,8 @@ check_links(struct app_params *app)
rxq_max = 0;
if (link->arp_q > rxq_max)
rxq_max = link->arp_q;
- if (link->tcp_syn_local_q > rxq_max)
- rxq_max = link->tcp_syn_local_q;
+ if (link->tcp_syn_q > rxq_max)
+ rxq_max = link->tcp_syn_q;
if (link->ip_local_q > rxq_max)
rxq_max = link->ip_local_q;
if (link->tcp_local_q > rxq_max)
@@ -89,7 +93,7 @@ check_links(struct app_params *app)
for (i = 1; i <= rxq_max; i++)
APP_CHECK(((link->arp_q == i) ||
- (link->tcp_syn_local_q == i) ||
+
[dpdk-dev] [PATCH v2] examples/ip_pipeline: CPU utilization measurement and display
This patch adds CPU utilization measurement and idle cycle rate
computation to packet framework. The measurement is done by measuring
the cycles spent while a thread pulls zero packet from RX queue. These
cycles are treated as idle cycles (or headroom). A CLI command is added
to display idle cycle rate of specific thread. The CLI command format is
shown as following:
t headroom
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/app.h | 8 +++
examples/ip_pipeline/init.c | 8 ++-
examples/ip_pipeline/thread.c| 66 ++-
examples/ip_pipeline/thread.h| 14 +
examples/ip_pipeline/thread_fe.c | 113 +++
examples/ip_pipeline/thread_fe.h | 6 +++
6 files changed, 211 insertions(+), 4 deletions(-)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index 6510d6d..2c91256 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -263,6 +263,10 @@ struct app_thread_data {
struct rte_ring *msgq_in;
struct rte_ring *msgq_out;
+
+ uint64_t headroom_time;
+ uint64_t headroom_cycles;
+ double headroom_ratio;
};
struct app_eal_params {
@@ -421,6 +425,10 @@ struct app_eal_params {
#define APP_MAX_CMDS 64
#endif
+#ifndef APP_THREAD_HEADROOM_STATS_COLLECT
+#define APP_THREAD_HEADROOM_STATS_COLLECT1
+#endif
+
struct app_params {
/* Config */
char app_name[APP_APPNAME_SIZE];
diff --git a/examples/ip_pipeline/init.c b/examples/ip_pipeline/init.c
index 186ca03..af33e8f 100644
--- a/examples/ip_pipeline/init.c
+++ b/examples/ip_pipeline/init.c
@@ -1343,8 +1343,8 @@ app_init_pipelines(struct app_params *app)
data->ptype = ptype;
- data->timer_period = (rte_get_tsc_hz() * params->timer_period)
- / 1000;
+ data->timer_period = (rte_get_tsc_hz() *
+ params->timer_period) / 100;
}
}
@@ -1379,6 +1379,10 @@ app_init_threads(struct app_params *app)
t->timer_period = (rte_get_tsc_hz() * APP_THREAD_TIMER_PERIOD)
/ 1000;
t->thread_req_deadline = time + t->timer_period;
+ t->headroom_cycles = 0;
+ t->headroom_time = rte_get_tsc_cycles();
+ t->headroom_ratio = 0.0;
+
t->msgq_in = app_thread_msgq_in_get(app,
params->socket_id,
params->core_id,
diff --git a/examples/ip_pipeline/thread.c b/examples/ip_pipeline/thread.c
index 78f1bd8..a0f1f12 100644
--- a/examples/ip_pipeline/thread.c
+++ b/examples/ip_pipeline/thread.c
@@ -39,6 +39,43 @@
#include "app.h"
#include "thread.h"
+#if APP_THREAD_HEADROOM_STATS_COLLECT
+
+#define PIPELINE_RUN_REGULAR(thread, pipeline) \
+do { \
+ uint64_t t0 = rte_rdtsc_precise(); \
+ int n_pkts = rte_pipeline_run(pipeline->p); \
+ \
+ if (n_pkts == 0) { \
+ uint64_t t1 = rte_rdtsc_precise(); \
+ \
+ thread->headroom_cycles += t1 - t0; \
+ } \
+} while (0)
+
+
+#define PIPELINE_RUN_CUSTOM(thread, data) \
+do { \
+ uint64_t t0 = rte_rdtsc_precise(); \
+ int n_pkts = data->f_run(data->be); \
+ \
+ if (n_pkts == 0) { \
+ uint64_t t1 = rte_rdtsc_precise(); \
+ \
+ thread->headroom_cycles += t1 - t0; \
+ } \
+} while (0)
+
+#else
+
+#define PIPELINE_RUN_REGULAR(thread, pipeline) \
+ rte_pipeline_run(pipeline->p)
+
+#define PIPELINE_RUN_CUSTOM(thread, data) \
+ data->f_run(data->be)
+
+#endif
+
static inline void *
thread_msg_recv(struct rte_ring *r)
{
@@ -165,6 +202,17 @@ thread_msg_req_handle(struct app_thread_data *t)
thread_msg_send(t->msgq_out, rsp);
break;
}
+
+ case THREAD_MSG_REQ_HEADROOM_READ: {
+ struct thread_headroom_read_msg_rsp *rsp =
+ (struct thread_headroom_read_msg_rsp *)
+ req;
+
+ rsp->headroom_ratio = t->headroom_ratio;
+ rsp->status = 0;
+ thread_msg_send(t->msgq_out, rsp);
+ break;
[dpdk-dev] [PATCH v2] examples/ip_pipeline: config parser clean-up
This patch updates the pipelne configuration file parser, cleans up nesting
if/else conditions, and add clearer error message display.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/config_parse.c| 1008
examples/ip_pipeline/parser.h | 50 +
.../ip_pipeline/pipeline/pipeline_firewall_be.c| 25 +-
.../pipeline/pipeline_flow_actions_be.c| 91 +-
.../pipeline/pipeline_flow_classification_be.c | 142 ++-
.../ip_pipeline/pipeline/pipeline_passthrough_be.c | 140 ++-
.../ip_pipeline/pipeline/pipeline_routing_be.c | 204 ++--
examples/ip_pipeline/pipeline_be.h | 31 +-
8 files changed, 1112 insertions(+), 579 deletions(-)
create mode 100644 examples/ip_pipeline/parser.h
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 1bedbe4..5f72af9 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -47,6 +47,7 @@
#include
#include "app.h"
+#include "parser.h"
/**
* Default config values
@@ -229,31 +230,19 @@ app_print_usage(char *prgname)
_p; \
})
-#define PARSER_IMPLICIT_PARAM_ADD_CHECK(result, section_name) \
-do { \
- APP_CHECK((result != -EINVAL), \
- "CFG: [%s] name too long", section_name); \
- APP_CHECK(result != -ENOMEM,\
- "CFG: [%s] too much sections", section_name); \
- APP_CHECK(result >= 0, \
- "CFG: [%s] Unknown error while adding '%s'",\
- section_name, section_name);\
-} while (0)
-
#define PARSER_PARAM_ADD_CHECK(result, params_array, section_name) \
do { \
APP_CHECK((result != -EINVAL), \
- "CFG: [%s] name too long", section_name); \
+ "Parse error: no free memory"); \
APP_CHECK((result != -ENOMEM), \
- "CFG: [%s] too much sections", section_name); \
+ "Parse error: too many \"%s\" sections", section_name); \
APP_CHECK(((result >= 0) && (params_array)[result].parsed == 0),\
- "CFG: [%s] duplicate section", section_name); \
+ "Parse error: duplicate \"%s\" section", section_name); \
APP_CHECK((result >= 0),\
- "CFG: [%s] Unknown error while adding '%s'",\
- section_name, section_name);\
+ "Parse error in section \"%s\"", section_name); \
} while (0)
-static int
+int
parser_read_arg_bool(const char *p)
{
p = skip_white_spaces(p);
@@ -318,7 +307,7 @@ APP_CHECK(exp, "Parse error in section \"%s\": unrecognized
entry \"%s\"\n",\
APP_CHECK(exp, "Parse error in section \"%s\": duplicate entry \"%s\"\n",\
section, entry)
-static int
+int
parser_read_uint64(uint64_t *value, const char *p)
{
char *next;
@@ -336,13 +325,13 @@ parser_read_uint64(uint64_t *value, const char *p)
switch (*p) {
case 'T':
val *= 1024ULL;
- /* fall trought */
+ /* fall through */
case 'G':
val *= 1024ULL;
- /* fall trought */
+ /* fall through */
case 'M':
val *= 1024ULL;
- /* fall trought */
+ /* fall through */
case 'k':
case 'K':
val *= 1024ULL;
@@ -358,7 +347,7 @@ parser_read_uint64(uint64_t *value, const char *p)
return 0;
}
-static int
+int
parser_read_uint32(uint32_t *value, const char *p)
{
uint64_t val = 0;
@@ -366,7 +355,8 @@ parser_read_uint32(uint32_t *value, const char *p)
if (ret < 0)
return ret;
- else if (val > UINT32_MAX)
+
+ if (val > UINT32_MAX)
return -ERANGE;
*value = val;
@@ -936,8 +926,25 @@ parse_pipeline_pktq_in(struct app_params *app,
while (*next != '\0') {
enum app_pktq_in_type type;
int id;
+ char *end_space;
+ char *end_tab;
+
+ next = skip_white_spaces(next);
+ if (!next)
+ break;
+
+ end_space =
[dpdk-dev] [PATCH v2 4/4] examples/ip_pipeline: add packets dumping to PCAP file support
This patch add packet dumping feature to ip_pipeline. Output port type
SINK now supports dumping packets to PCAP file before releasing mbuf back
to mempool. This feature can be applied by specifying parameters in
configuration file as shown below:
[PIPELINE1]
type = PASS-THROUGH
core = 1
pktq_in = SOURCE0 SOURCE1
pktq_out = SINK0 SINK1
pcap_file_wr = /path/to/eth1.pcap /path/to/eth2.pcap
pcap_n_pkt_wr = 80 0
The configuration section "pcap_file_wr" contains full path and name of
the PCAP file which the packets will be dumped to. If multiple SINKs
exists, each shall have its own PCAP file path listed in this section,
separated by spaces. Multiple SINK ports shall NOT share same PCAP file to
be dumped.
The configuration section "pcap_n_pkt_wr" contains integer value(s)
and indicates the maximum number of packets to be dumped to the PCAP file.
If this value is "0", the "infinite" dumping mode will be used. If this
value is N (N > 0), the dumping will be finished when the number of
packets dumped to the file reaches N.
To enable PCAP dumping support to IP pipeline, the compiler option
CONFIG_RTE_PORT_PCAP must be set to 'y'. It is possible to disable this
feature by removing "pcap_file_wr" and "pcap_n_pkt_wr" lines from the
configuration file.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/app.h | 2 +
examples/ip_pipeline/config_parse.c | 159
examples/ip_pipeline/init.c | 11 +++
examples/ip_pipeline/pipeline_be.h | 2 +
4 files changed, 174 insertions(+)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index 9dbe668..144fab8 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -155,6 +155,8 @@ struct app_pktq_source_params {
struct app_pktq_sink_params {
char *name;
uint8_t parsed;
+ char *file_name; /* Full path of PCAP file to be copied to mbufs */
+ uint32_t n_pkts_to_dump;
};
struct app_msgq_params {
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index f0bed81..9f5b974 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -184,6 +184,8 @@ struct app_pktq_source_params default_source_params = {
struct app_pktq_sink_params default_sink_params = {
.parsed = 0,
+ .file_name = NULL,
+ .n_pkts_to_dump = 0,
};
struct app_msgq_params default_msgq_params = {
@@ -1003,6 +1005,83 @@ parse_pipeline_pcap_source(struct app_params *app,
}
static int
+parse_pipeline_pcap_sink(struct app_params *app,
+ struct app_pipeline_params *p,
+ const char *file_name, const char *n_pkts_to_dump)
+{
+ const char *next = NULL;
+ char *end;
+ uint32_t i;
+ int parse_file = 0;
+
+ if (file_name && !n_pkts_to_dump) {
+ next = file_name;
+ parse_file = 1; /* parse file path */
+ } else if (n_pkts_to_dump && !file_name) {
+ next = n_pkts_to_dump;
+ parse_file = 0; /* parse copy size */
+ } else
+ return -EINVAL;
+
+ char name[APP_PARAM_NAME_SIZE];
+ size_t name_len;
+
+ if (p->n_pktq_out == 0)
+ return -EINVAL;
+
+ for (i = 0; i < p->n_pktq_out; i++) {
+ if (p->pktq_out[i].type != APP_PKTQ_OUT_SINK)
+ return -EINVAL;
+ }
+
+ i = 0;
+ while (*next != '\0') {
+ uint32_t id;
+
+ if (i >= p->n_pktq_out)
+ return -EINVAL;
+
+ id = p->pktq_out[i].id;
+
+ end = strchr(next, ' ');
+ if (!end)
+ name_len = strlen(next);
+ else
+ name_len = end - next;
+
+ if (name_len == 0 || name_len == sizeof(name))
+ return -EINVAL;
+
+ strncpy(name, next, name_len);
+ name[name_len] = '\0';
+ next += name_len;
+ if (*next != '\0')
+ next++;
+
+ if (parse_file) {
+ app->sink_params[id].file_name = strdup(name);
+ if (app->sink_params[id].file_name == NULL)
+ return -ENOMEM;
+ } else {
+ if (parser_read_uint32(
+ >sink_params[id].n_pkts_to_dump,
+ name) != 0) {
+ if (app->sink_params[id].file_name != NULL)
+ free(app->sink_params[id].file_name);
+ return -EINVAL;
+ }
+ }
+
+ i++;
+
+ if (i == p->n_pktq_out)
+ return
[dpdk-dev] [PATCH v2 3/4] lib/librte_port: add packet dumping to PCAP file support in sink port
Originally, sink ports in librte_port releases received mbufs back to
mempool. This patch adds optional packet dumping to PCAP feature in sink
port: the packets will be dumped to user defined PCAP file for storage or
debugging. The user may also choose the sink port's activity: either it
continuously dump the packets to the file, or stops at certain dumping
This feature shares same CONFIG_RTE_PORT_PCAP compiler option as source
port PCAP file support feature. Users can enable or disable this feature
by setting CONFIG_RTE_PORT_PCAP compiler option "y" or "n".
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
lib/librte_port/rte_port_source_sink.c | 248 -
lib/librte_port/rte_port_source_sink.h | 11 +-
2 files changed, 256 insertions(+), 3 deletions(-)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index 086c51a..b54dce0 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -37,6 +37,7 @@
#include
#include
#include
+#include
#ifdef RTE_PORT_PCAP
#include
@@ -379,12 +380,183 @@ rte_port_source_stats_read(void *port,
struct rte_port_sink {
struct rte_port_out_stats stats;
+
+ /* PCAP dumper handle and pkts number */
+ void *dumper;
+ uint32_t max_pkts;
+ uint32_t pkt_index;
+ uint32_t dump_finish;
};
+#ifdef RTE_PORT_PCAP
+
+/**
+ * Open PCAP file for dumping packets to the file later
+ *
+ * @param port
+ * Handle to sink port
+ * @param p
+ * Sink port parameter
+ * @return
+ * 0 on SUCCESS
+ * error code otherwise
+ */
+static int
+pcap_sink_open(struct rte_port_sink *port,
+ __rte_unused struct rte_port_sink_params *p)
+{
+ pcap_t *tx_pcap;
+ pcap_dumper_t *pcap_dumper;
+
+ if (p->file_name == NULL) {
+ port->dumper = NULL;
+ port->max_pkts = 0;
+ port->pkt_index = 0;
+ port->dump_finish = 0;
+ return 0;
+ }
+
+ /** Open a dead pcap handler for opening dumper file */
+ tx_pcap = pcap_open_dead(DLT_EN10MB, 65535);
+ if (tx_pcap == NULL)
+ return -ENOENT;
+
+ /* The dumper is created using the previous pcap_t reference */
+ pcap_dumper = pcap_dump_open(tx_pcap, p->file_name);
+ if (pcap_dumper == NULL)
+ return -ENOENT;
+
+ port->dumper = pcap_dumper;
+ port->max_pkts = p->max_n_pkts;
+ port->pkt_index = 0;
+ port->dump_finish = 0;
+
+ return 0;
+}
+
+uint8_t jumbo_pkt_buf[ETHER_MAX_JUMBO_FRAME_LEN];
+
+/**
+ * Dump a packet to PCAP dumper
+ *
+ * @param p
+ * Handle to sink port
+ * @param mbuf
+ * Handle to mbuf structure holding the packet
+ */
+static void
+pcap_sink_dump_pkt(struct rte_port_sink *port, struct rte_mbuf *mbuf)
+{
+ uint8_t *pcap_dumper = (uint8_t *)(port->dumper);
+ struct pcap_pkthdr pcap_hdr;
+ uint8_t *pkt;
+
+ /* Maximum num packets already reached */
+ if (port->dump_finish)
+ return;
+
+ pkt = rte_pktmbuf_mtod(mbuf, uint8_t *);
+
+ pcap_hdr.len = mbuf->pkt_len;
+ pcap_hdr.caplen = pcap_hdr.len;
+ gettimeofday(&(pcap_hdr.ts), NULL);
+
+ if (mbuf->nb_segs > 1) {
+ struct rte_mbuf *jumbo_mbuf;
+ uint32_t pkt_index = 0;
+
+ /* if packet size longer than ETHER_MAX_JUMBO_FRAME_LEN,
+* ignore it.
+*/
+ if (mbuf->pkt_len > ETHER_MAX_JUMBO_FRAME_LEN)
+ return;
+
+ for (jumbo_mbuf = mbuf; jumbo_mbuf != NULL;
+ jumbo_mbuf = jumbo_mbuf->next) {
+ rte_memcpy(_pkt_buf[pkt_index],
+ rte_pktmbuf_mtod(jumbo_mbuf, uint8_t *),
+ jumbo_mbuf->data_len);
+ pkt_index += jumbo_mbuf->data_len;
+ }
+
+ jumbo_pkt_buf[pkt_index] = '\0';
+
+ pkt = jumbo_pkt_buf;
+ }
+
+ pcap_dump(pcap_dumper, _hdr, pkt);
+
+ port->pkt_index++;
+
+ if ((port->max_pkts != 0) && (port->pkt_index >= port->max_pkts)) {
+ port->dump_finish = 1;
+ RTE_LOG(INFO, PORT, "Dumped %u packets to file\n",
+ port->pkt_index);
+ }
+
+}
+
+/**
+ * Flush pcap dumper
+ *
+ * @param dumper
+ * Handle to pcap dumper
+ */
+
+static void
+pcap_sink_flush_pkt(void *dumper)
+{
+ pcap_dumper_t *pcap_dumper = (pcap_dumper_t *)dumper;
+
+ pcap_dump_flush(pcap_dumper);
+}
+
+/**
+ * Close a PCAP dumper handle
+ *
+ * @param dumper
+ * Handle to pcap dumper
+ */
+static void
+pcap_sink_close(void *dumper)
+{
+ pcap_dumper_t *pcap_dumper = (pcap_d
[dpdk-dev] [PATCH v2 2/4] example/ip_pipeline: add PCAP file support
This patch add PCAP file support to ip_pipeline. Input port type SOURCE
now supports loading specific PCAP file and sends the packets in it to
pipeline instance. The packets are then released by SINK output port. This
feature can be applied by specifying parameters in configuration file as
shown below;
[PIPELINE1]
type = PASS-THROUGH
core = 1
pktq_in = SOURCE0 SOURCE1
pktq_out = SINK0 SINK1
pcap_file_rd = /path/to/eth1.PCAP /path/to/eth2.PCAP
pcap_bytes_rd_per_pkt = 0 64
The configuration section "pcap_file_rd" contains full path and name of
the PCAP file to be loaded. If multiple SOURCEs exists, each shall have
its own PCAP file path listed in this section, separated by spaces.
Multiple SOURCE ports may share same PCAP file to be copied.
The configuration section "pcap_bytes_rd_per_pkt" contains integer value
and indicates the maximum number of bytes to be copied from each packet
in the PCAP file. If this value is "0", all packets in the file will be
copied fully; if the packet size is smaller than the assigned value, the
entire packet is copied. Same as "pcap_file_rd", every SOURCE shall have
its own maximum copy byte number.
To enable PCAP support to IP pipeline, the compiler option
CONFIG_RTE_PORT_PCAP must be set to 'y'. It is possible to disable PCAP
support by removing "pcap_file_rd" and "pcap_bytes_rd_per_pkt" lines
from the configuration file.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/app.h | 2 +
examples/ip_pipeline/config_parse.c | 102 +++-
examples/ip_pipeline/init.c | 11
3 files changed, 113 insertions(+), 2 deletions(-)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index 6510d6d..9dbe668 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -148,6 +148,8 @@ struct app_pktq_source_params {
uint32_t parsed;
uint32_t mempool_id; /* Position in the app->mempool_params array */
uint32_t burst;
+ char *file_name; /* Full path of PCAP file to be copied to mbufs */
+ uint32_t n_bytes_per_pkt;
};
struct app_pktq_sink_params {
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 1bedbe4..f0bed81 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -178,6 +178,8 @@ struct app_pktq_source_params default_source_params = {
.parsed = 0,
.mempool_id = 0,
.burst = 32,
+ .file_name = NULL,
+ .n_bytes_per_pkt = 0,
};
struct app_pktq_sink_params default_sink_params = {
@@ -924,6 +926,83 @@ parse_eal(struct app_params *app,
}
static int
+parse_pipeline_pcap_source(struct app_params *app,
+ struct app_pipeline_params *p,
+ const char *file_name, const char *cp_size)
+{
+ const char *next = NULL;
+ char *end;
+ uint32_t i;
+ int parse_file = 0;
+
+ if (file_name && !cp_size) {
+ next = file_name;
+ parse_file = 1; /* parse file path */
+ } else if (cp_size && !file_name) {
+ next = cp_size;
+ parse_file = 0; /* parse copy size */
+ } else
+ return -EINVAL;
+
+ char name[APP_PARAM_NAME_SIZE];
+ size_t name_len;
+
+ if (p->n_pktq_in == 0)
+ return -EINVAL;
+
+ for (i = 0; i < p->n_pktq_in; i++) {
+ if (p->pktq_in[i].type != APP_PKTQ_IN_SOURCE)
+ return -EINVAL;
+ }
+
+ i = 0;
+ while (*next != '\0') {
+ uint32_t id;
+
+ if (i >= p->n_pktq_in)
+ return -EINVAL;
+
+ id = p->pktq_in[i].id;
+
+ end = strchr(next, ' ');
+ if (!end)
+ name_len = strlen(next);
+ else
+ name_len = end - next;
+
+ if (name_len == 0 || name_len == sizeof(name))
+ return -EINVAL;
+
+ strncpy(name, next, name_len);
+ name[name_len] = '\0';
+ next += name_len;
+ if (*next != '\0')
+ next++;
+
+ if (parse_file) {
+ app->source_params[id].file_name = strdup(name);
+ if (app->source_params[id].file_name == NULL)
+ return -ENOMEM;
+ } else {
+ if (parser_read_uint32(
+ >source_params[id].n_bytes_per_pkt,
+ name) != 0) {
+ if (app->source_params[id].file_name != NULL)
+ free(app->source_params[id].file_name);
+ return -EINVAL;
+ }
[dpdk-dev] [PATCH v2 1/4] lib/librte_port: add PCAP file support to source port
Originally, source ports in librte_port is an input port used as packet
generator. Similar to Linux kernel /dev/zero character device, it
generates null packets. This patch adds optional PCAP file support to
source port: instead of sending NULL packets, the source port generates
packets copied from a PCAP file. To increase the performance, the packets
in the file are loaded to memory initially, and copied to mbufs in circular
manner. Users can enable or disable this feature by setting
CONFIG_RTE_PORT_PCAP compiler option "y" or "n".
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
config/common_bsdapp | 1 +
config/common_linuxapp | 1 +
lib/librte_port/Makefile | 4 +
lib/librte_port/rte_port_source_sink.c | 226 -
lib/librte_port/rte_port_source_sink.h | 7 +
mk/rte.app.mk | 1 +
6 files changed, 239 insertions(+), 1 deletion(-)
diff --git a/config/common_bsdapp b/config/common_bsdapp
index ed7c31c..1eb36ae 100644
--- a/config/common_bsdapp
+++ b/config/common_bsdapp
@@ -459,6 +459,7 @@ CONFIG_RTE_LIBRTE_REORDER=y
#
CONFIG_RTE_LIBRTE_PORT=y
CONFIG_RTE_PORT_STATS_COLLECT=n
+CONFIG_RTE_PORT_PCAP=n
#
# Compile librte_table
diff --git a/config/common_linuxapp b/config/common_linuxapp
index 74bc515..776fcd3 100644
--- a/config/common_linuxapp
+++ b/config/common_linuxapp
@@ -476,6 +476,7 @@ CONFIG_RTE_LIBRTE_REORDER=y
#
CONFIG_RTE_LIBRTE_PORT=y
CONFIG_RTE_PORT_STATS_COLLECT=n
+CONFIG_RTE_PORT_PCAP=n
#
# Compile librte_table
diff --git a/lib/librte_port/Makefile b/lib/librte_port/Makefile
index 410053e..e3e4318 100644
--- a/lib/librte_port/Makefile
+++ b/lib/librte_port/Makefile
@@ -36,6 +36,10 @@ include $(RTE_SDK)/mk/rte.vars.mk
#
LIB = librte_port.a
+ifeq ($(CONFIG_RTE_PORT_PCAP),y)
+LDLIBS += -lpcap
+endif
+
CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS)
diff --git a/lib/librte_port/rte_port_source_sink.c
b/lib/librte_port/rte_port_source_sink.c
index a06477e..086c51a 100644
--- a/lib/librte_port/rte_port_source_sink.c
+++ b/lib/librte_port/rte_port_source_sink.c
@@ -36,6 +36,11 @@
#include
#include
#include
+#include
+
+#ifdef RTE_PORT_PCAP
+#include
+#endif
#include "rte_port_source_sink.h"
@@ -60,14 +65,175 @@ struct rte_port_source {
struct rte_port_in_stats stats;
struct rte_mempool *mempool;
+
+ /* PCAP buffers and indexes */
+ uint8_t **pkts;
+ uint8_t *pkt_buff;
+ uint32_t *pkt_len;
+ uint32_t n_pkts;
+ uint32_t pkt_index;
};
+#ifdef RTE_PORT_PCAP
+
+/**
+ * Load PCAP file, allocate and copy packets in the file to memory
+ *
+ * @param p
+ * Parameters for source port
+ * @param port
+ * Handle to source port
+ * @param socket_id
+ * Socket id where the memory is created
+ * @return
+ * 0 on SUCCESS
+ * error code otherwise
+ */
+static int
+pcap_source_load(struct rte_port_source_params *p,
+ struct rte_port_source *port,
+ int socket_id)
+{
+ uint32_t status = 0;
+ uint32_t n_pkts = 0;
+ uint32_t i;
+ uint32_t *pkt_len_aligns = NULL;
+ size_t total_buff_len = 0;
+ pcap_t *pcap_handle;
+ char pcap_errbuf[PCAP_ERRBUF_SIZE];
+ uint32_t max_len;
+ struct pcap_pkthdr pcap_hdr;
+ const uint8_t *pkt;
+ uint8_t *buff = NULL;
+ uint32_t pktmbuf_maxlen = (uint32_t)
+ (rte_pktmbuf_data_room_size(port->mempool) -
+ RTE_PKTMBUF_HEADROOM);
+
+ if (p->file_name == NULL)
+ return 0;
+
+ if (p->n_bytes_per_pkt == 0)
+ max_len = pktmbuf_maxlen;
+ else
+ max_len = RTE_MIN(p->n_bytes_per_pkt, pktmbuf_maxlen);
+
+ /* first time open, get packet number */
+ pcap_handle = pcap_open_offline(p->file_name, pcap_errbuf);
+ if (pcap_handle == NULL) {
+ status = -ENOENT;
+ goto error_exit;
+ }
+
+ while ((pkt = pcap_next(pcap_handle, _hdr)) != NULL)
+ n_pkts++;
+
+ pcap_close(pcap_handle);
+
+ port->pkt_len = rte_zmalloc_socket("PCAP",
+ (sizeof(*port->pkt_len) * n_pkts), 0, socket_id);
+ if (port->pkt_len == NULL) {
+ status = -ENOMEM;
+ goto error_exit;
+ }
+
+ pkt_len_aligns = rte_malloc("PCAP",
+ (sizeof(*pkt_len_aligns) * n_pkts), 0);
+ if (pkt_len_aligns == NULL) {
+ status = -ENOMEM;
+ goto error_exit;
+ }
+
+ port->pkts = rte_zmalloc_socket("PCAP",
+ (sizeof(*port->pkts) * n_pkts), 0, socket_id);
+ if (port->pkts == NULL) {
+ status = -ENOMEM;
+ goto error_exit;
+ }
+
+ /* open 2nd time, get pkt_len */
+ pcap_handle = pcap_open_offline(p-
[dpdk-dev] [PATCH v2 0/4] Add PCAP support to source and sink port
This patchset adds feature to source and sink type port in librte_port library, and to examples/ip_pipline. Originally, source/sink ports act as input and output of NULL packets generator. This patchset enables them read from and write to specific PCAP file, to generate and dump packets. v2: *fixed source/sink open function returns *removed duplicated code *added clearer error message display on different error messages Acked-by: Cristian Dumitrescu Fan Zhang (4): lib/librte_port: add PCAP file support to source port example/ip_pipeline: add PCAP file support lib/librte_port: add packet dumping to PCAP file support in sink port examples/ip_pipeline: add packets dumping to PCAP file support config/common_bsdapp | 1 + config/common_linuxapp | 1 + examples/ip_pipeline/app.h | 4 + examples/ip_pipeline/config_parse.c| 261 +++- examples/ip_pipeline/init.c| 22 ++ examples/ip_pipeline/pipeline_be.h | 2 + lib/librte_port/Makefile | 4 + lib/librte_port/rte_port_source_sink.c | 430 - lib/librte_port/rte_port_source_sink.h | 18 +- mk/rte.app.mk | 1 + 10 files changed, 739 insertions(+), 5 deletions(-) -- 2.5.0
[dpdk-dev] [PATCH] examples/ip_pipeline: config parser clean-up
This patch updates the pipelne configuration file parser, cleans up nesting
if/else conditions, and add clearer error message display.
Signed-off-by: Fan Zhang
---
examples/ip_pipeline/config_parse.c | 798
examples/ip_pipeline/pipeline_be.h | 48 +++
2 files changed, 494 insertions(+), 352 deletions(-)
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 1bedbe4..6575e31 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -291,34 +291,7 @@ parser_read_arg_bool(const char *p)
return result;
}
-#define PARSE_ERROR(exp, section, entry) \
-APP_CHECK(exp, "Parse error in section \"%s\": entry \"%s\"\n", section, entry)
-
-#define PARSE_ERROR_MALLOC(exp)
\
-APP_CHECK(exp, "Parse error: no free memory\n")
-
-#define PARSE_ERROR_SECTION(exp, section) \
-APP_CHECK(exp, "Parse error in section \"%s\"", section)
-
-#define PARSE_ERROR_SECTION_NO_ENTRIES(exp, section) \
-APP_CHECK(exp, "Parse error in section \"%s\": no entries\n", section)
-
-#define PARSE_WARNING_IGNORED(exp, section, entry) \
-do \
-if (!(exp))\
- fprintf(stderr, "Parse warning in section \"%s\": " \
- "entry \"%s\" is ignored\n", section, entry); \
-while (0)
-
-#define PARSE_ERROR_INVALID(exp, section, entry) \
-APP_CHECK(exp, "Parse error in section \"%s\": unrecognized entry \"%s\"\n",\
- section, entry)
-
-#define PARSE_ERROR_DUPLICATE(exp, section, entry) \
-APP_CHECK(exp, "Parse error in section \"%s\": duplicate entry \"%s\"\n",\
- section, entry)
-
-static int
+int
parser_read_uint64(uint64_t *value, const char *p)
{
char *next;
@@ -358,7 +331,7 @@ parser_read_uint64(uint64_t *value, const char *p)
return 0;
}
-static int
+int
parser_read_uint32(uint32_t *value, const char *p)
{
uint64_t val = 0;
@@ -935,6 +908,7 @@ parse_pipeline_pktq_in(struct app_params *app,
while (*next != '\0') {
enum app_pktq_in_type type;
+ int name_validated = 0;
int id;
end = strchr(next, ' ');
@@ -955,24 +929,41 @@ parse_pipeline_pktq_in(struct app_params *app,
if (validate_name(name, "RXQ", 2) == 0) {
type = APP_PKTQ_IN_HWQ;
id = APP_PARAM_ADD(app->hwq_in_params, name);
- } else if (validate_name(name, "SWQ", 1) == 0) {
+ if (id < 0)
+ return id;
+ name_validated = 1;
+ }
+
+ if (validate_name(name, "SWQ", 1) == 0) {
type = APP_PKTQ_IN_SWQ;
id = APP_PARAM_ADD(app->swq_params, name);
- } else if (validate_name(name, "TM", 1) == 0) {
+ if (id < 0)
+ return id;
+ name_validated = 1;
+ }
+
+ if (validate_name(name, "TM", 1) == 0) {
type = APP_PKTQ_IN_TM;
id = APP_PARAM_ADD(app->tm_params, name);
- } else if (validate_name(name, "SOURCE", 1) == 0) {
+ if (id < 0)
+ return id;
+ name_validated = 1;
+ }
+
+ if (validate_name(name, "SOURCE", 1) == 0) {
type = APP_PKTQ_IN_SOURCE;
id = APP_PARAM_ADD(app->source_params, name);
+ if (id < 0)
+ return id;
+ name_validated = 1;
+ }
+
+ if (name_validated == 1) {
+ p->pktq_in[p->n_pktq_in].type = type;
+ p->pktq_in[p->n_pktq_in].id = (uint32_t) id;
+ p->n_pktq_in++;
} else
return -EINVAL;
-
- if (id < 0)
- return id;
-
- p->pktq_in[p->n_pktq_in].type = type;
- p->pktq_in[p->n_pktq_in].id = (uint32_t) id;
- p->n_pktq_in++;
}
return 0;
@@ -990,6 +981,7 @@ parse_pipeline_pktq_out(struct app_params *app,
while (*next != '\0') {
enum app_pktq_out_type type;
+
[dpdk-dev] [PATCH] examples/ip_pipeline: add link identification feature
This patch adds link identification feature to packet framework. To
identify a link, user can use both existing port-mask option, or specify
PCI device in each LINK section in the configuration file.
Signed-off-by: Fan Zhang
---
examples/ip_pipeline/app.h | 1 +
examples/ip_pipeline/config_parse.c | 138 +---
2 files changed, 131 insertions(+), 8 deletions(-)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index 6510d6d..43bee8a 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -73,6 +73,7 @@ struct app_link_params {
uint32_t ip; /* 0 = Invalid */
uint32_t depth; /* Valid only when IP is valid */
uint64_t mac_addr; /* Read from HW */
+ struct rte_pci_addr *pci_bdf; /* Hardware PCI address */
struct rte_eth_conf conf;
uint8_t promisc;
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index 1bedbe4..961e753 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -41,10 +41,14 @@
#include
#include
#include
+#include
#include
#include
#include
+#include
+#include
+#include
#include "app.h"
@@ -2532,12 +2536,113 @@ filenamedup(const char *filename, const char *suffix)
return s;
}
+#define IGB_UIO_DEVICES"/sys/bus/pci/drivers/igb_uio/"
+/*
+ * split up a pci address into its constituent parts.
+ */
+static int
+parse_pci_addr_format(const char *buf, int bufsize, uint16_t *domain,
+ uint8_t *bus, uint8_t *devid, uint8_t *function)
+{
+ /* first split on ':' */
+ union splitaddr {
+ struct {
+ char *domain;
+ char *bus;
+ char *devid;
+ char *function;
+ };
+ char *str[PCI_FMT_NVAL];
+ } splitaddr;
+ char *buf_copy = strndup(buf, bufsize);
+
+ if (buf_copy == NULL)
+ return -1;
+
+ if (rte_strsplit(buf_copy, bufsize, splitaddr.str, PCI_FMT_NVAL, ':')
+ != PCI_FMT_NVAL - 1)
+ goto error;
+ /* final split is on '.' between devid and function */
+ splitaddr.function = strchr(splitaddr.devid, '.');
+ if (splitaddr.function == NULL)
+ goto error;
+ *splitaddr.function++ = '\0';
+
+ /* now convert to int values */
+ errno = 0;
+ *domain = (uint16_t)strtoul(splitaddr.domain, NULL, 16);
+ *bus = (uint8_t)strtoul(splitaddr.bus, NULL, 16);
+ *devid = (uint8_t)strtoul(splitaddr.devid, NULL, 16);
+ *function = (uint8_t)strtoul(splitaddr.function, NULL, 10);
+ if (errno != 0)
+ goto error;
+
+ free(buf_copy); /* free the copy made with strdup */
+ return 0;
+error:
+ free(buf_copy);
+ return -1;
+}
+
+static int
+parse_pci_dev_str(struct app_params *app, const char *devArgStr)
+{
+ struct dirent *e;
+ DIR *dir;
+ char dev_name[PATH_MAX];
+ uint16_t domain;
+ uint8_t bus, devid, function;
+ uint8_t port_id = 0;
+ struct rte_pci_addr *pci_addr;
+ uint8_t found_match = 0;
+
+ dir = opendir(IGB_UIO_DEVICES);
+ if (dir == NULL)
+ return -1;
+
+ while ((e = readdir(dir)) != NULL) {
+ if (e->d_name[0] == '.')
+ continue;
+
+ if (parse_pci_addr_format(e->d_name, sizeof(e->d_name), ,
+ , , ) != 0)
+ continue;
+
+ snprintf(dev_name, sizeof(dev_name), PCI_PRI_FMT,
+ domain, bus, devid, function);
+
+ if (strncmp(devArgStr, dev_name, sizeof(dev_name)) == 0) {
+ found_match = 1;
+ pci_addr = malloc(sizeof(struct rte_pci_addr));
+ PARSE_ERROR_MALLOC(pci_addr != NULL);
+ pci_addr->domain = domain;
+ pci_addr->bus = bus;
+ pci_addr->devid = devid;
+ pci_addr->function = function;
+
+ app->link_params[port_id].pci_bdf = pci_addr;
+ app->port_mask |= 1 << port_id;
+
+ break;
+ }
+ /* Assuming all devices will be taken account in EAL */
+ port_id++;
+ }
+
+ closedir(dir);
+
+ if (found_match == 0)
+ return -1;
+
+ return 0;
+}
+
int
app_config_args(struct app_params *app, int argc, char **argv)
{
const char *optname;
int opt, option_index;
- int f_present, s_present, p_present, l_present;
+ int f_present, s_present, p_present, l_present, w_present;
int preproc_present, preproc_params_present;
int scaned = 0;
@@ -2554,10 +2
[dpdk-dev] [PATCH 4/4] examples/ip_pipeline: add packets dumping to PCAP file support
This patch add packet dumping feature to ip_pipeline. Output port type
SINK now supports dumping packets to PCAP file before releasing mbuf back
to mempool. This feature can be applied by specifying parameters in
configuration file as shown below:
[PIPELINE1]
type = PASS-THROUGH
core = 1
pktq_in = SOURCE0 SOURCE1
pktq_out = SINK0 SINK1
pcap_file_wr = /path/to/eth1.pcap /path/to/eth2.pcap
pcap_n_pkt_wr = 80 0
The configuration section "pcap_file_wr" contains full path and name of
the PCAP file which the packets will be dumped to. If multiple SINKs
exists, each shall have its own PCAP file path listed in this section,
separated by spaces. Multiple SINK ports shall NOT share same PCAP file to
be dumped.
The configuration section "pcap_n_pkt_wr" contains integer value(s)
and indicates the maximum number of packets to be dumped to the PCAP file.
If this value is "0", the "infinite" dumping mode will be used. If this
value is N (N > 0), the dumping will be finished when the number of
packets dumped to the file reaches N.
To enable PCAP dumping support to IP pipeline, the compiler option
CONFIG_RTE_PORT_PCAP must be set to 'y'. It is possible to disable this
feature by removing "pcap_file_wr" and "pcap_n_pkt_wr" lines from the
configuration file.
Signed-off-by: Fan Zhang
Acked-by: Cristian Dumitrescu
---
examples/ip_pipeline/app.h | 2 +
examples/ip_pipeline/config_parse.c | 159
examples/ip_pipeline/init.c | 11 +++
examples/ip_pipeline/pipeline_be.h | 2 +
4 files changed, 174 insertions(+)
diff --git a/examples/ip_pipeline/app.h b/examples/ip_pipeline/app.h
index 9dbe668..144fab8 100644
--- a/examples/ip_pipeline/app.h
+++ b/examples/ip_pipeline/app.h
@@ -155,6 +155,8 @@ struct app_pktq_source_params {
struct app_pktq_sink_params {
char *name;
uint8_t parsed;
+ char *file_name; /* Full path of PCAP file to be copied to mbufs */
+ uint32_t n_pkts_to_dump;
};
struct app_msgq_params {
diff --git a/examples/ip_pipeline/config_parse.c
b/examples/ip_pipeline/config_parse.c
index f0bed81..9f5b974 100644
--- a/examples/ip_pipeline/config_parse.c
+++ b/examples/ip_pipeline/config_parse.c
@@ -184,6 +184,8 @@ struct app_pktq_source_params default_source_params = {
struct app_pktq_sink_params default_sink_params = {
.parsed = 0,
+ .file_name = NULL,
+ .n_pkts_to_dump = 0,
};
struct app_msgq_params default_msgq_params = {
@@ -1003,6 +1005,83 @@ parse_pipeline_pcap_source(struct app_params *app,
}
static int
+parse_pipeline_pcap_sink(struct app_params *app,
+ struct app_pipeline_params *p,
+ const char *file_name, const char *n_pkts_to_dump)
+{
+ const char *next = NULL;
+ char *end;
+ uint32_t i;
+ int parse_file = 0;
+
+ if (file_name && !n_pkts_to_dump) {
+ next = file_name;
+ parse_file = 1; /* parse file path */
+ } else if (n_pkts_to_dump && !file_name) {
+ next = n_pkts_to_dump;
+ parse_file = 0; /* parse copy size */
+ } else
+ return -EINVAL;
+
+ char name[APP_PARAM_NAME_SIZE];
+ size_t name_len;
+
+ if (p->n_pktq_out == 0)
+ return -EINVAL;
+
+ for (i = 0; i < p->n_pktq_out; i++) {
+ if (p->pktq_out[i].type != APP_PKTQ_OUT_SINK)
+ return -EINVAL;
+ }
+
+ i = 0;
+ while (*next != '\0') {
+ uint32_t id;
+
+ if (i >= p->n_pktq_out)
+ return -EINVAL;
+
+ id = p->pktq_out[i].id;
+
+ end = strchr(next, ' ');
+ if (!end)
+ name_len = strlen(next);
+ else
+ name_len = end - next;
+
+ if (name_len == 0 || name_len == sizeof(name))
+ return -EINVAL;
+
+ strncpy(name, next, name_len);
+ name[name_len] = '\0';
+ next += name_len;
+ if (*next != '\0')
+ next++;
+
+ if (parse_file) {
+ app->sink_params[id].file_name = strdup(name);
+ if (app->sink_params[id].file_name == NULL)
+ return -ENOMEM;
+ } else {
+ if (parser_read_uint32(
+ >sink_params[id].n_pkts_to_dump,
+ name) != 0) {
+ if (app->sink_params[id].file_name != NULL)
+ free(app->sink_params[id].file_name);
+ return -EINVAL;
+ }
+ }
+
+ i++;
+
+ if (i == p->n_pktq_out)
+ return
