| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch provides minor improvements to the logic governing dequeuing
from the ring. Previously whenever a frame was dequeued
we've been trying to dequeue from the ring another one till
inflight == 0. Now threshold is set for 8 frames pending in the cache
to be consumed by the vnet. This threshold has been chosen based on
cache ring stats observation in the system under load.
Some unnecessary logic for setting deq_tail has been removed.
Also logging has been corrected, and cache ring logic simplied.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I19f3daf5913006e9cb23e142a163f596e85f5bda
|
|
The logic for calcuating processed elements in the cache ring was broken.
In case tail and deq_tail equals and frame element pointed by the tile
is not NULL it means there is exactly one processed element in the ring.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I69c978334fc952049393214ccc9cc5245351f7f7
|
|
Sw ring is renamed to the cache ring. This name better reflects the
puropse of this ring. We've introduced push/pop functions, as well as
other utility functions which remove code repetition. Error handlig
is improved: previously in case of an error all frame elements were
marked as bad, now only these for which errors occured have the error
status set.
Unnecessary stats counters have been removed.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2fd42a529ac84ce5ad260611d6b35a861d441c79
|
|
This rework tries to address issues found on SPR QAT, for traffic
reaching max possible throughoutput for single QAT PF packet drops were
observed.
Fix changes enq/deq scheme by utilizing software ring in enq call from
VNET but enq and deq to QAT happens only in deq callback function what
should enable better utlization of hardware resources.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2e8c473d20a269fd5e93f0c8d1f8c8aa193712bd
|
|
This patch introduces sw_ring. This ring is used in next set of patchas
and plays role of a buffer for QAT, allowing collecting frame elements
in case QAT queue is fully utilized, and assembling frame
from QAT dequeued elements.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I20718e200986ab4dba5cbc31c05a904072a6981a
|
|
This patch prepares code for bumping DPDK version to 22.11, but the DPDK version of this patch keeps at 22.07 for compatibility.
the "no-dsa" parameter in DPDK configuration is removed, the "blacklist" parameter can be used to block the related DSA devices.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I08787c6584bba66383fc0a784963f33171196910
|
|
Originally the name for each session pool is incorrectly prepared.
It doesn't have right length. It is not null terminated.
The fix corrects the name formatting for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb
|
|
Originally the name for each session pool can be incorrect prepared.
The fix changes formatting for name for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110
|
|
Originally initialization cryptodev device(s) calls double request
to enabled async mode and increased ref count twice for async mode.
Due to this cannot be change any assigned async handlers to other
async crypto engine.
The fixes reduce double request to enable async mode in initialization
cryptodev device(s) and VPP can be change assigned async handlers
to other crypto engine after disabled all async feature, for example:
ipsec, wireguard.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If22e682c3c10de781d05c2e09b5420f75be151c3
|
|
Type: fix
Change-Id: Ifb2e4d93dcf8648b1bd66f4c0ee937295683bd87
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Originally cryptodev doesn't support chacha20-poly1305 with aad length
0.
This patch add support in cryptodev for chacha20-poly1305 with aad
length 0. This length is using in Wireguard.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I0608920bb557d7d071e7f9f37c80cf50bad81dcc
|
|
Type: feature
This patch bumps dpdk version from 21.08 to 21.11
Change-Id: Id37fdba75f1ea4f4eac3c92226f3b1c539e1daca
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Originally cryptodev allocates mempools for seesion and session private
data during its initialization. Moreover the size of these mempools are
fixed resulting in limited session count (up to value specified in
CRYPTODEV_NB_SESSION macro).
This patch allows for session count to scale up by allocating new
mempools as they are needed during session creation.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I6ae240b474d3089d3ff50ca5bc7ff48f149983db
|
|
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I76923ad5035498aae821db4fd42a127617476fbb
|
|
Type: fix
This patch fixes the possible segmentation fault in DPDK
cryptodev when deleting session.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ie81de09f7250eb5c1ed6ee471363137d8372fe27
|
|
Type: improvement
This patch combined cryptodev op and cryptodev raw API data
paths into one and makes the engine run-timely select which
data path is used: if all cryptodev devices support
RTE_CRYPTODEV_FF_SYM_RAW_DP feature flag, the raw data path
API is used, otherwise the traditional data path is used.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ibbd7c4405288bd9a48a34878954fd3040df7b4ad
|
|
The crypto op data offset passed into DPDK is relative to the mbuf
buffer address plus the mbuf data offset, therefore the mbuf data
offset needs to be set rather than left at whatever previous value it
was at, which is likely to be incorrect and result in the wrong
portion of the packet being encrypted/decrypted for GCM.
The fe->crypto_start_offset field is relative to the start of the vlib
buffer (as opposed to the current data pointer), so set the mbuf
data_off field to VLIB_BUFFER_PRE_DATA_SIZE when performing a GCM
crypto op enqueue to match the crypto_start_offset semantics. This
then matches the behaviour in the non-GCM case.
Type: fix
Change-Id: I0ac2a44139387158765a3e04cfcaa5ee6f11d395
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
Type: refactor
DPDK crypto devices are now accessible via the async infra, so
there is no need for the DPDK ipsec plugin.
In addition this patch fixes the problem that cryptodev backend
not working when master core and worker cores lies in different
numa nodes.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
|
|
Type: fix
To avoid race condition happening in async crypto engines,
async frame state and thread index set should happen before enqueue.
In addition as the enqueue handler already returns the enqueue status,
when an enqueue is failed, the async crypto engine shall not worry
about setting the async frame state but let the submit_open_frame function
to do just that.
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ic1b0c94478b3cfd5fab98657218bbd70c46a220a
|
|
If VPP is started in interactive mode, instead of sending logs to syslog
server we print them directly to stderr.
Output is colorized, but that can be turned off with unix { nocolor }
Type: improvement
Change-Id: I9a0f0803e4cba2849a6efa0b6a86b9614ed33ced
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Since DPDK is now compiled by meson but some compiles in VPP is
missing. This patch fixes that.
- Fixes QAT PMD not compiled. QAT meson compile, even for sym
crypto PMD, is happened in drive/compress/qat. Originally all
PMDs in compressdev is disabled by default. This patch fixes
that.
- Fixes DPDK plugin version detection. DPDK meson build
generates rte_build_config.h, which containing all version
information in build-dpdk instead of rte_config.h in make.
This patch uses the file to detect version data.
- Removed SW crypto PMD auto-creation in cryptodev engine. In
case the AESNI-MB PMD required shared library is missing.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I7cd91abb5de303ff5e4c55cd05e011b57f883524
|
|
Type: feature
This patch adds new sw_scheduler async crypto engine.
The engine transforms async frames info sync crypto ops and
delegates them to active sync engines. With the patch it
is possible to increase the single worker crypto throughput
by offloading the crypto workload to multiple workers.
By default all workers in the system will attend the crypto
workload processing. However a worker's available cycles
are limited. To avail more cycles to one worker to process
other workload (e.g. the worker core that handles the RX/TX
and IPSec stack processing), a useful cli command is added
to remove itself (or add it back later) from the heavy
crypto workload but only let other workers to process the
crypto. The command is:
- set sw_scheduler worker <idx> crypto <on|off>
It also adds new interrupt mode to async crypto dispatch node.
This mode signals the node when new frames are enqueued
as opposed to polling mode that continuously calls dispatch node.
New cli commands:
- set crypto async dispatch [polling|interrupt]
- show crypto async status (displays mode and nodes' states)
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
|
|
By default, VPP automatically assignes for each tunnel
next available QAT device by order dev_id-que-pair.
In most cases we have more than one device and it can
greatly increase ipsec perfomance without any actions
with configuration from user if we use all the
devices first and first que-pairs
Type: feature
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Iac9fe74768775459e22f69bb3706b542090a9375
|
|
- Fixes coverity issue #210160.
- Fixes the possible issue in cryptodev when input node does
not update mbuf, such as avf-input.
- Fixes GCM ESN packet incorrect tag.
- Code clean up to reduce binary size.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com>
Change-Id: Ic05ae29855ac1f7a62e4af5831a4ed9faa8f561a
|
|
Type: fix
Change-Id: Ib6f423e24f1a8d8439cd7e8893e4605e10984d48
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I5f89fc3d994bd85d2c5138069ea2c58661814228
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Fix coverity issues in crypto framework and cryptodev
engine.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ib261da0163c8182c803600db22c5a6dad5a19999
|
|
Type: feature
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com>
Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b
|
Piotr Bronowski
Xinyao Cai
Gabriel Oginski
Damjan Marion
Dastin Wilski
Fan Zhang
Robert Shearman
PiotrX Kleski
Vladimir Ratnikov
Benoît Ganne