summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/guides/cryptodevs/qat.rst23
-rw-r--r--doc/guides/howto/telemetry.rst2
-rw-r--r--doc/guides/nics/features.rst2
-rw-r--r--doc/guides/nics/i40e.rst7
-rw-r--r--doc/guides/nics/mlx5.rst35
-rw-r--r--doc/guides/nics/mvpp2.rst2
-rw-r--r--doc/guides/rel_notes/release_18_11.rst26
-rw-r--r--doc/guides/sample_app_ug/fips_validation.rst132
-rw-r--r--doc/guides/sample_app_ug/index.rst1
-rw-r--r--doc/guides/sample_app_ug/qos_metering.rst4
-rw-r--r--doc/guides/testpmd_app_ug/testpmd_funcs.rst11
11 files changed, 233 insertions, 12 deletions
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index b2dfeb00..1db98685 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -156,6 +156,7 @@ These are the build configuration options affecting QAT, and their default value
CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n
CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES=48
CONFIG_RTE_PMD_QAT_COMP_SGL_MAX_SEGMENTS=16
+ CONFIG_RTE_PMD_QAT_COMP_IM_BUFFER_SIZE=65536
CONFIG_RTE_LIBRTE_PMD_QAT must be enabled for any QAT PMD to be built.
@@ -168,14 +169,30 @@ options and is built by default.
The number of VFs per PF varies - see table below. If multiple QAT packages are
installed on a platform then CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES should be
adjusted to the number of VFs which the QAT common code will need to handle.
-Note, there is a separate config item for max cryptodevs CONFIG_RTE_CRYPTO_MAX_DEVS,
-if necessary this should be adjusted to handle the total of QAT and other devices
-which the process will use.
+Note, there are separate config items for max cryptodevs CONFIG_RTE_CRYPTO_MAX_DEVS
+and max compressdevs CONFIG_RTE_COMPRESS_MAX_DEVS, if necessary these should be
+adjusted to handle the total of QAT and other devices which the process will use.
QAT allocates internal structures to handle SGLs. For the compression service
CONFIG_RTE_PMD_QAT_COMP_SGL_MAX_SEGMENTS can be changed if more segments are needed.
An extra (max_inflight_ops x 16) bytes per queue_pair will be used for every increment.
+QAT compression PMD needs intermediate buffers to support Deflate compression
+with Dynamic Huffman encoding. CONFIG_RTE_PMD_QAT_COMP_IM_BUFFER_SIZE
+specifies the size of a single buffer, the PMD will allocate a multiple of these,
+plus some extra space for associated meta-data. For GEN2 devices, 20 buffers plus
+1472 bytes are allocated.
+
+.. Note::
+
+ If the compressed output of a Deflate operation using Dynamic Huffman
+ Encoding is too big to fit in an intermediate buffer, then the
+ operation will return RTE_COMP_OP_STATUS_ERROR and an error will be
+ displayed. Options for the application in this case
+ are to split the input data into smaller chunks and resubmit
+ in multiple operations or to configure QAT with
+ larger intermediate buffers.
+
Device and driver naming
~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/doc/guides/howto/telemetry.rst b/doc/guides/howto/telemetry.rst
index 3fcb0619..00f8f7a8 100644
--- a/doc/guides/howto/telemetry.rst
+++ b/doc/guides/howto/telemetry.rst
@@ -29,7 +29,7 @@ formatted in JSON and sent back to the requesting client.
Pre-requisites
~~~~~~~~~~~~~~
-* Python ≥ 2.5
+* Python >= 2.5
* Jansson library for JSON serialization
diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst
index 3fa5cb74..d3f90483 100644
--- a/doc/guides/nics/features.rst
+++ b/doc/guides/nics/features.rst
@@ -208,7 +208,7 @@ Supports TCP Segmentation Offloading.
* **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_TCP_TSO``.
* **[uses] rte_eth_desc_lim**: ``nb_seg_max``, ``nb_mtu_seg_max``.
-* **[uses] mbuf**: ``mbuf.ol_flags:PKT_TX_TCP_SEG``.
+* **[uses] mbuf**: ``mbuf.ol_flags:`` ``PKT_TX_TCP_SEG``, ``PKT_TX_IPV4``, ``PKT_TX_IPV6``, ``PKT_TX_IP_CKSUM``.
* **[uses] mbuf**: ``mbuf.tso_segsz``, ``mbuf.l2_len``, ``mbuf.l3_len``, ``mbuf.l4_len``.
* **[implements] datapath**: ``TSO functionality``.
* **[provides] rte_eth_dev_info**: ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_TCP_TSO,DEV_TX_OFFLOAD_UDP_TSO``.
diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
index ab3928a6..bfacbd11 100644
--- a/doc/guides/nics/i40e.rst
+++ b/doc/guides/nics/i40e.rst
@@ -172,6 +172,13 @@ Runtime Config Options
-w 84:00.0,use-latest-supported-vec=1
+Vector RX Pre-conditions
+~~~~~~~~~~~~~~~~~~~~~~~~
+For Vector RX it is assumed that the number of descriptor rings will be a power
+of 2. With this pre-condition, the ring pointer can easily scroll back to the
+head after hitting the tail without a conditional check. In addition Vector RX
+can use this assumption to do a bit mask using ``ring_size - 1``.
+
Driver compilation and testing
------------------------------
diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index 67696283..7af5ead8 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -54,6 +54,7 @@ Features
- Support for scattered TX and RX frames.
- IPv4, IPv6, TCPv4, TCPv6, UDPv4 and UDPv6 RSS on any number of queues.
- Several RSS hash keys, one for each flow type.
+- Default RSS operation with no hash key specification.
- Configurable RETA table.
- Support for multiple MAC addresses.
- VLAN filtering.
@@ -246,6 +247,24 @@ Run-time configuration
- x86_64 with ConnectX-4, ConnectX-4 LX, ConnectX-5 and Bluefield.
- POWER8 and ARMv8 with ConnectX-4 LX, ConnectX-5 and Bluefield.
+- ``rxq_cqe_pad_en`` parameter [int]
+
+ A nonzero value enables 128B padding of CQE on RX side. The size of CQE
+ is aligned with the size of a cacheline of the core. If cacheline size is
+ 128B, the CQE size is configured to be 128B even though the device writes
+ only 64B data on the cacheline. This is to avoid unnecessary cache
+ invalidation by device's two consecutive writes on to one cacheline.
+ However in some architecture, it is more beneficial to update entire
+ cacheline with padding the rest 64B rather than striding because
+ read-modify-write could drop performance a lot. On the other hand,
+ writing extra data will consume more PCIe bandwidth and could also drop
+ the maximum throughput. It is recommended to empirically set this
+ parameter. Disabled by default.
+
+ Supported on:
+
+ - CPU having 128B cacheline with ConnectX-5 and Bluefield.
+
- ``mprq_en`` parameter [int]
A nonzero value enables configuring Multi-Packet Rx queues. Rx queue is
@@ -320,6 +339,20 @@ Run-time configuration
- Set to 8 by default.
+- ``txqs_max_vec`` parameter [int]
+
+ Enable vectorized Tx only when the number of TX queues is less than or
+ equal to this value. Effective only when ``tx_vec_en`` is enabled.
+
+ On ConnectX-5:
+
+ - Set to 8 by default on ARMv8.
+ - Set to 4 by default otherwise.
+
+ On Bluefield
+
+ - Set to 16 by default.
+
- ``txq_mpw_en`` parameter [int]
A nonzero value enables multi-packet send (MPS) for ConnectX-4 Lx and
@@ -365,7 +398,7 @@ Run-time configuration
- ``tx_vec_en`` parameter [int]
A nonzero value enables Tx vector on ConnectX-5 and Bluefield NICs if the number of
- global Tx queues on the port is lesser than MLX5_VPMD_MIN_TXQS.
+ global Tx queues on the port is less than ``txqs_max_vec``.
This option cannot be used with certain offloads such as ``DEV_TX_OFFLOAD_TCP_TSO,
DEV_TX_OFFLOAD_VXLAN_TNL_TSO, DEV_TX_OFFLOAD_GRE_TNL_TSO, DEV_TX_OFFLOAD_VLAN_INSERT``.
diff --git a/doc/guides/nics/mvpp2.rst b/doc/guides/nics/mvpp2.rst
index 82b9383e..b2ddeab5 100644
--- a/doc/guides/nics/mvpp2.rst
+++ b/doc/guides/nics/mvpp2.rst
@@ -644,7 +644,7 @@ Node which has a parent is called a leaf whereas node without
parent is called a non-leaf (root).
MVPP2 PMD supports two level hierarchy where level 0 represents ports and level 1 represents tx queues of a given port.
-.. figure:: img/mvpp2_tm.svg
+.. figure:: img/mvpp2_tm.*
Nodes hold following types of settings:
diff --git a/doc/guides/rel_notes/release_18_11.rst b/doc/guides/rel_notes/release_18_11.rst
index 376128f6..51d00758 100644
--- a/doc/guides/rel_notes/release_18_11.rst
+++ b/doc/guides/rel_notes/release_18_11.rst
@@ -63,12 +63,22 @@ New Features
* **Added check for ensuring allocated memory addressable by devices.**
Some devices can have addressing limitations so a new function,
- ``rte_eal_check_dma_mask``, has been added for checking allocated memory is
+ ``rte_mem_check_dma_mask``, has been added for checking allocated memory is
not out of the device range. Because now memory can be dynamically allocated
after initialization, a dma mask is kept and any new allocated memory will be
checked out against that dma mask and rejected if out of range. If more than
one device has addressing limitations, the dma mask is the more restricted one.
+* **Updated the C11 memory model version of ring library.**
+
+ The latency is decreased for architectures using the C11 memory model
+ version of the ring library.
+
+ On Cavium ThunderX2 platform, the changes decreased latency by 27~29%
+ and 3~15% for MPMC and SPSC cases respectively (with 2 lcores). The
+ real improvements may vary with the number of contending lcores and
+ the size of ring.
+
* **Added hot-unplug handle mechanism.**
``rte_dev_hotplug_handle_enable`` and ``rte_dev_hotplug_handle_disable`` are
@@ -285,6 +295,20 @@ New Features
this application doesn't need to launch dedicated worker threads for vhost
enqueue/dequeue operations.
+* **Added cryptodev FIPS validation example application.**
+
+ Added an example application to parse and perform symmetric cryptography
+ computation to the NIST Cryptographic Algorithm Validation Program (CAVP)
+ test vectors.
+
+* **Allow unit test binary to take parameters from the environment**
+
+ The unit test "test", or "dpdk-test", binary is often called from scripts,
+ which can make passing additional parameters, such as a coremask, to it more
+ awkward. Support has been added to the application to allow it to take
+ additional command-line parameter values from the "DPDK_TEST_PARAMS"
+ environment variable to make this application easier to use.
+
API Changes
-----------
diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
new file mode 100644
index 00000000..aeacfacb
--- /dev/null
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -0,0 +1,132 @@
+.. SPDX-License-Identifier: BSD-3-Clause
+ Copyright(c) 2018 Intel Corporation.
+
+Federal Information Processing Standards (FIPS) CryptoDev Validation
+====================================================================
+
+Overview
+--------
+
+Federal Information Processing Standards (FIPS) are publicly announced standards
+developed by the United States federal government for use in computer systems by
+non-military government agencies and government contractors.
+
+This application is used to parse and perform symmetric cryptography
+computation to the NIST Cryptographic Algorithm Validation Program (CAVP) test
+vectors.
+
+For an algorithm implementation to be listed on a cryptographic module
+validation certificate as an Approved security function, the algorithm
+implementation must meet all the requirements of FIPS 140-2 and must
+successfully complete the cryptographic algorithm validation process.
+
+Limitations
+-----------
+
+* Only NIST CAVP request files are parsed by this application.
+* The version of request file supported is ``CAVS 21.0``
+* If the header comment in a ``.req`` file does not contain a Algo tag
+ i.e ``AES,TDES,GCM`` you need to manually add it into the header comment for
+ example::
+
+ # VARIABLE KEY - KAT for CBC / # TDES VARIABLE KEY - KAT for CBC
+
+* The application does not supply the test vectors. The user is expected to
+ obtain the test vector files from `NIST
+ <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-
+ program/block-ciphers>`_ website. To obtain the ``.req`` files you need to
+ email a person from the NIST website and pay for the ``.req`` files.
+ The ``.rsp`` files from the site can be used to validate and compare with
+ the ``.rsp`` files created by the FIPS application.
+
+* Supported test vectors
+ * AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT
+ * AES-GCM (128,192,256) - EncryptExtIV, Decrypt
+ * AES-CCM (128) - VADT, VNT, VPT, VTT, DVPT
+ * AES-CMAC (128) - Generate, Verify
+ * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
+ * TDES-CBC (1 Key, 2 Keys, 3 Keys) - MMT, Monte, Permop, Subkey, Varkey,
+ VarText
+
+Application Information
+-----------------------
+
+If a ``.req`` is used as the input file after the application is finished
+running it will generate a response file or ``.rsp``. Differences between the
+two files are, the ``.req`` file has missing information for instance if doing
+encryption you will not have the cipher text and that will be generated in the
+response file. Also if doing decryption it will not have the plain text until it
+finished the work and in the response file it will be added onto the end of each
+operation.
+
+The application can be run with a ``.rsp`` file and what the outcome of that
+will be is it will add a extra line in the generated ``.rsp`` which should be
+the same as the ``.rsp`` used to run the application, this is useful for
+validating if the application has done the operation correctly.
+
+
+Compiling the Application
+-------------------------
+
+* Compile Application
+
+ .. code-block:: console
+
+ make -C examples/fips_validation
+
+* Run ``dos2unix`` on the request files
+
+ .. code-block:: console
+
+ dos2unix AES/req/*
+ dos2unix AES_GCM/req/*
+ dos2unix CCM/req/*
+ dos2unix CMAC/req/*
+ dos2unix HMAC/req/*
+ dos2unix TDES/req/*
+
+Running the Application
+-----------------------
+
+The application requires a number of command line options:
+
+ .. code-block:: console
+
+ ./fips_validation [EAL options]
+ -- --req-file FILE_PATH/FOLDER_PATH
+ --rsp-file FILE_PATH/FOLDER_PATH
+ [--cryptodev DEVICE_NAME] [--cryptodev-id ID] [--path-is-folder]
+
+where,
+ * req-file: The path of the request file or folder, separated by
+ ``path-is-folder`` option.
+
+ * rsp-file: The path that the response file or folder is stored. separated by
+ ``path-is-folder`` option.
+
+ * cryptodev: The name of the target DPDK Crypto device to be validated.
+
+ * cryptodev-id: The id of the target DPDK Crypto device to be validated.
+
+ * path-is-folder: If presented the application expects req-file and rsp-file
+ are folder paths.
+
+
+To run the application in linuxapp environment to test one AES FIPS test data
+file for crypto_aesni_mb PMD, issue the command:
+
+.. code-block:: console
+
+ $ ./fips_validation --vdev crypto_aesni_mb --
+ --req-file /PATH/TO/REQUEST/FILE.req --rsp-file ./PATH/TO/RESPONSE/FILE.rsp
+ --cryptodev crypto_aesni_mb
+
+To run the application in linuxapp environment to test all AES-GCM FIPS test
+data files in one folder for crypto_aesni_gcm PMD, issue the command:
+
+.. code-block:: console
+
+ $ ./fips_validation --vdev crypto_aesni_gcm0 --
+ --req-file /PATH/TO/REQUEST/FILE/FOLDER/
+ --rsp-file ./PATH/TO/RESPONSE/FILE/FOLDER/
+ --cryptodev-id 0 --path-is-folder
diff --git a/doc/guides/sample_app_ug/index.rst b/doc/guides/sample_app_ug/index.rst
index 74b12af8..b2455e09 100644
--- a/doc/guides/sample_app_ug/index.rst
+++ b/doc/guides/sample_app_ug/index.rst
@@ -55,6 +55,7 @@ Sample Applications User Guides
tep_termination
ptpclient
performance_thread
+ fips_validation
ipsec_secgw
bbdev_app
diff --git a/doc/guides/sample_app_ug/qos_metering.rst b/doc/guides/sample_app_ug/qos_metering.rst
index 6391841c..2e8e0175 100644
--- a/doc/guides/sample_app_ug/qos_metering.rst
+++ b/doc/guides/sample_app_ug/qos_metering.rst
@@ -149,3 +149,7 @@ In this particular case:
* Every packet which color has improved is dropped (this particular case can't happen, so these values will not be used).
* For the rest of the cases, the color is changed to red.
+
+.. note::
+ * In color blind mode, first row GREEN colour is only valid.
+ * To drop the packet, policer_table action has to be set to DROP.
diff --git a/doc/guides/testpmd_app_ug/testpmd_funcs.rst b/doc/guides/testpmd_app_ug/testpmd_funcs.rst
index e23079b6..056f8bb3 100644
--- a/doc/guides/testpmd_app_ug/testpmd_funcs.rst
+++ b/doc/guides/testpmd_app_ug/testpmd_funcs.rst
@@ -2585,13 +2585,16 @@ Add port traffic management private shaper profile
Add the port traffic management private shaper profile::
testpmd> add port tm node shaper profile (port_id) (shaper_profile_id) \
- (tb_rate) (tb_size) (packet_length_adjust)
+ (cmit_tb_rate) (cmit_tb_size) (peak_tb_rate) (peak_tb_size) \
+ (packet_length_adjust)
where:
* ``shaper_profile id``: Shaper profile ID for the new profile.
-* ``tb_rate``: Token bucket rate (bytes per second).
-* ``tb_size``: Token bucket size (bytes).
+* ``cmit_tb_rate``: Committed token bucket rate (bytes per second).
+* ``cmit_tb_size``: Committed token bucket size (bytes).
+* ``peak_tb_rate``: Peak token bucket rate (bytes per second).
+* ``peak_tb_size``: Peak token bucket size (bytes).
* ``packet_length_adjust``: The value (bytes) to be added to the length of
each packet for the purpose of shaping. This parameter value can be used to
correct the packet length with the framing overhead bytes that are consumed
@@ -3499,7 +3502,7 @@ accordingly. Possible assignment tokens are:
- ``spec``: match value according to configured bit-mask.
- ``last``: specify upper bound to establish a range.
- ``mask``: specify bit-mask with relevant bits set to one.
-- ``prefix``: generate bit-mask from a prefix length.
+- ``prefix``: generate bit-mask with <prefix-length> most-significant bits set to one.
These yield identical results::