[lng-odp] [Linaro/odp] 88e124: configure.ac: update API and .so versions

[GitHub]

  Branch: refs/heads/next
  Home:   https://github.com/Linaro/odp
  Commit: 88e124e13900109e0d0aec1981417382f357c98a
  
https://github.com/Linaro/odp/commit/88e124e13900109e0d0aec1981417382f357c98a
  Author: Maxim Uvarov 
  Date:   2017-11-09 (Thu, 09 Nov 2017)

  Changed paths:
M configure.ac

  Log Message:
  ---
  configure.ac: update API and .so versions

Signed-off-by: Maxim Uvarov 
Reviewed-by: Dmitry Eremin-Solenikov 

Re: [lng-odp] [PATCH API-NEXT v3] api: random early detection and back pressure

[Github ODP bot]

Balasubramanian Manoharan(bala-manoharan) replied on github web page:

platform/linux-generic/include/odp/api/std_types.h
line 6
@@ -29,6 +29,8 @@ extern "C" {
 
 typedef int odp_bool_t;
 
+typedef uint16_t odp_percent_t;
+
 /**


Comment:
Currently, I have followed the syntax existing in api-next. If ABI changes are 
merged first I will change my patch to match the specifications. If my patch 
gets merged first, change this as part of your ABI spec.

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> We shouldn't leave fields undefined in the returned `odp_cls_capability_t` 
> struct. Either set `threshold_red` and `threshold_bp` explicitly or just 
> clear the struct to zeros at the start of this routine.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> No, `odp_bool_t` exact implementation is not part of the spec, as it is part 
>> of platform ABI. Percent type is just data, so from my point of view it 
>> should not be a part of ABI, but rather be a part of API spec.


>>> Balasubramanian Manoharan(bala-manoharan) wrote:
>>> They typedef for odp_bool_t is still under platform/linux-generic directory 
>>> hence I had this here. I am fine pushing this to spec/std_types.h but is 
>>> odp_bool_t going to be moved later?


 Dmitry Eremin-Solenikov(lumag) wrote:
 @bala-manoharan  @Bill-Fischofer-Linaro In my opinion, let's just push it 
 into `odp/api/spec/std_types.h`.


> Balasubramanian Manoharan(bala-manoharan) wrote:
> Oops. Will take care of that in next version.


>> Balasubramanian Manoharan(bala-manoharan) wrote:
>> I felt using a bitfield is more useful in exposing the platform 
>> capability whereas using an enum makes more sense during configuration. 
>> I am open for suggestions along these lines.


>>> Balasubramanian Manoharan(bala-manoharan) wrote:
>>> Back pressure is to indicate the remote peer that there is a network 
>>> congestion on this particular flow. Whether the remote peer takes 
>>> respective action is beyond the scope of this RFC.


 Balasubramanian Manoharan(bala-manoharan) wrote:
 NXP is implementing RED at queue level. Hence I had added this based 
 on the feedback from Nikhil.


> Balasubramanian Manoharan(bala-manoharan) wrote:
> The previous PR was handling this RED and BP at cos level. There were 
> some concerns from NXP since CoS is a logical entity and application 
> configuration should make sure that multiple CoS with different RED 
> configuration should not direct to the same pool or queue.
> 
> HW implements the RED and BP effectively either at the pool or the 
> queue.
> Since a pool represents the real bottleneck for resource exhausion 
> and packet drop.
>  We can discuss further in todays Public call.


>> Balasubramanian Manoharan(bala-manoharan) wrote:
>> The implementation provides preference whether the RED and BP are 
>> configured either in pool or queue and provide support for which 
>> threshold method is supported using capability.
>> I believe this is sufficient from the implementation point of view.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> Adding new files requires updates to the various Makefile.am and 
>>> related autotools. That's why Travis is reporting failures since 
>>> these new files aren't able to be found / used.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 Need to clarify under what conditions RED (and BP) apply to pools. 
 If an application calls `odp_packet_alloc()` that should either 
 succeed or fail. "Drop probability" doesn't make any obvious sense 
 here. Tying these concepts to `odp_pktio_t` configurations seems 
 more in keeping with what's needed, but I understand the 
 difficulties that that caused in the previous PR.
 
 Perhaps tying this to a `odp_cos_t` might work? An `odp_cos_t` has 
 an associated queue and pool and these can then be viewed as 
 admission controls to packets being added to a CoS. That would 
 mean that these features would only be applicable if the 
 classifier is being used, but is that a significant drawback since 
 we want to encourage its use anyway?


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Back pressure in this context presumably means that 
> `odp_queue_enq()` calls stall until the back pressure is 
> relieved. Not sure if that's what's really desired for queues in 
> general.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> RED for a queue in doesn't seem to make sense for queues in 
>> general. RED is used for admission control, which is why it's 
>> tied to PktIOs. If

Re: [lng-odp] [PATCH API-NEXT v3] api: random early detection and back pressure

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

platform/linux-generic/odp_classification.c
line 5
@@ -190,6 +190,8 @@ int odp_cls_capability(odp_cls_capability_t *capability)
capability->supported_terms.bit.tcp_sport = 1;
capability->supported_terms.bit.sip_addr = 1;
capability->supported_terms.bit.dip_addr = 1;
+   capability->random_early_detection = ODP_SUPPORT_NO;
+   capability->back_pressure = ODP_SUPPORT_NO;


Comment:
We shouldn't leave fields undefined in the returned `odp_cls_capability_t` 
struct. Either set `threshold_red` and `threshold_bp` explicitly or just clear 
the struct to zeros at the start of this routine.

> Dmitry Eremin-Solenikov(lumag) wrote:
> No, `odp_bool_t` exact implementation is not part of the spec, as it is part 
> of platform ABI. Percent type is just data, so from my point of view it 
> should not be a part of ABI, but rather be a part of API spec.


>> Balasubramanian Manoharan(bala-manoharan) wrote:
>> They typedef for odp_bool_t is still under platform/linux-generic directory 
>> hence I had this here. I am fine pushing this to spec/std_types.h but is 
>> odp_bool_t going to be moved later?


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @bala-manoharan  @Bill-Fischofer-Linaro In my opinion, let's just push it 
>>> into `odp/api/spec/std_types.h`.


 Balasubramanian Manoharan(bala-manoharan) wrote:
 Oops. Will take care of that in next version.


> Balasubramanian Manoharan(bala-manoharan) wrote:
> I felt using a bitfield is more useful in exposing the platform 
> capability whereas using an enum makes more sense during configuration. I 
> am open for suggestions along these lines.


>> Balasubramanian Manoharan(bala-manoharan) wrote:
>> Back pressure is to indicate the remote peer that there is a network 
>> congestion on this particular flow. Whether the remote peer takes 
>> respective action is beyond the scope of this RFC.


>>> Balasubramanian Manoharan(bala-manoharan) wrote:
>>> NXP is implementing RED at queue level. Hence I had added this based on 
>>> the feedback from Nikhil.


 Balasubramanian Manoharan(bala-manoharan) wrote:
 The previous PR was handling this RED and BP at cos level. There were 
 some concerns from NXP since CoS is a logical entity and application 
 configuration should make sure that multiple CoS with different RED 
 configuration should not direct to the same pool or queue.
 
 HW implements the RED and BP effectively either at the pool or the 
 queue.
 Since a pool represents the real bottleneck for resource exhausion and 
 packet drop.
  We can discuss further in todays Public call.


> Balasubramanian Manoharan(bala-manoharan) wrote:
> The implementation provides preference whether the RED and BP are 
> configured either in pool or queue and provide support for which 
> threshold method is supported using capability.
> I believe this is sufficient from the implementation point of view.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Adding new files requires updates to the various Makefile.am and 
>> related autotools. That's why Travis is reporting failures since 
>> these new files aren't able to be found / used.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> Need to clarify under what conditions RED (and BP) apply to pools. 
>>> If an application calls `odp_packet_alloc()` that should either 
>>> succeed or fail. "Drop probability" doesn't make any obvious sense 
>>> here. Tying these concepts to `odp_pktio_t` configurations seems 
>>> more in keeping with what's needed, but I understand the 
>>> difficulties that that caused in the previous PR.
>>> 
>>> Perhaps tying this to a `odp_cos_t` might work? An `odp_cos_t` has 
>>> an associated queue and pool and these can then be viewed as 
>>> admission controls to packets being added to a CoS. That would mean 
>>> that these features would only be applicable if the classifier is 
>>> being used, but is that a significant drawback since we want to 
>>> encourage its use anyway?


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 Back pressure in this context presumably means that 
 `odp_queue_enq()` calls stall until the back pressure is relieved. 
 Not sure if that's what's really desired for queues in general.


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> RED for a queue in doesn't seem to make sense for queues in 
> general. RED is used for admission control, which is why it's 
> tied to PktIOs. If an application calls `odp_queue_enq()` that 
> should either succeed or fail. A "drop probabilit

Re: [lng-odp] [PATCH API-NEXT v1] api: session level AAD length

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

include/odp/api/spec/crypto.h
line 35
@@ -381,8 +394,15 @@ typedef struct odp_crypto_op_param_t {
/** Pointer to ADD */
uint8_t *ptr;
 
-   /** AAD length in bytes. Use odp_crypto_auth_capability() for
-*  supported AAD lengths. */
+   /** AAD length in bytes.
+*
+*  Used only when AAD length is variable within the session.
+*  When AAD length is constant, this must be set to zero and
+*  session level AAD length parameter is used instead.
+*
+*  Use odp_crypto_auth_capability() for supported AAD lengths.
+*  The default value is zero.
+*/
uint32_t length;


Comment:
The spec says that if you are using a constant AAD length you must set that in 
the session AAD length, so the only reason why this still exists in the op 
parameters is to cover the (unlikely?) case of needing varying AAD lengths, 
which is a case that DPDK does not support.

> GBalakrishna wrote
> @psavol in dpdk 17.08 there is no support of variable aad length but only 
> session specific aad length. ex: If application tries to set variable length 
> instead of constant length, dpdk crypto operation will fail. Because once the 
> crypto session is created with auth_aad_len=0, dpdk driver will use zero 
> length in encryption_gcm & decryption_gcm.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Why this restriction? Wouldn't it be cleaner to say this is simply a 
>> session-level default and if individual ops have a non-zero AAD they serve 
>> as overrides?


https://github.com/Linaro/odp/pull/279#discussion_r149798909
updated_at 2017-11-08 21:16:39

Re: [lng-odp] [PATCH API-NEXT v1] api: session level AAD length

[Github ODP bot]

GBalakrishna replied on github web page:

include/odp/api/spec/crypto.h
line 35
@@ -381,8 +394,15 @@ typedef struct odp_crypto_op_param_t {
/** Pointer to ADD */
uint8_t *ptr;
 
-   /** AAD length in bytes. Use odp_crypto_auth_capability() for
-*  supported AAD lengths. */
+   /** AAD length in bytes.
+*
+*  Used only when AAD length is variable within the session.
+*  When AAD length is constant, this must be set to zero and
+*  session level AAD length parameter is used instead.
+*
+*  Use odp_crypto_auth_capability() for supported AAD lengths.
+*  The default value is zero.
+*/
uint32_t length;


Comment:
@psavol in dpdk 17.08 there is no support of variable aad length but only 
session specific aad length. ex: If application tries to set variable length 
instead of constant length, dpdk crypto operation will fail. Because once the 
crypto session is created with auth_aad_len=0, dpdk driver will use zero length 
in encryption_gcm & decryption_gcm.

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Why this restriction? Wouldn't it be cleaner to say this is simply a 
> session-level default and if individual ops have a non-zero AAD they serve as 
> overrides?


https://github.com/Linaro/odp/pull/279#discussion_r149787708
updated_at 2017-11-08 20:28:52

Re: [lng-odp] [PATCH API-NEXT v1] Use chksum API

[Github ODP bot]

muvarov replied on github web page:

helper/include/odp/helper/chksum.h
line 21
@@ -44,21 +44,7 @@ typedef enum {
  */
 static inline odp_u16sum_t odph_chksum(void *buffer, int len)
 {
-   uint16_t *buf = (uint16_t *)buffer;
-   uint32_t sum = 0;
-   uint16_t result;
-
-   for (sum = 0; len > 1; len -= 2)
-   sum += *buf++;
-
-   if (len == 1)
-   sum += *(unsigned char *)buf;
-
-   sum = (sum >> 16) + (sum & 0x);
-   sum += (sum >> 16);
-   result = ~sum;
-
-   return  (__odp_force odp_u16sum_t) result;
+   return ~odp_chksum_ones_comp16(buffer, len);
 }
 


Comment:
for this patch I think more clean fix is to drop odph_chksum() completely. 
There is no need to implement helper function if it's simple follows odp 
function.

https://github.com/Linaro/odp/pull/280#discussion_r149771245
updated_at 2017-11-08 19:24:14

Re: [lng-odp] [PATCH API-NEXT v1] Use chksum API

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

helper/include/odp/helper/chksum.h
line 21
@@ -44,21 +44,7 @@ typedef enum {
  */
 static inline odp_u16sum_t odph_chksum(void *buffer, int len)
 {
-   uint16_t *buf = (uint16_t *)buffer;
-   uint32_t sum = 0;
-   uint16_t result;
-
-   for (sum = 0; len > 1; len -= 2)
-   sum += *buf++;
-
-   if (len == 1)
-   sum += *(unsigned char *)buf;
-
-   sum = (sum >> 16) + (sum & 0x);
-   sum += (sum >> 16);
-   result = ~sum;
-
-   return  (__odp_force odp_u16sum_t) result;
+   return ~odp_chksum_ones_comp16(buffer, len);
 }
 


Comment:
Well... It is a part of ODP helper API, so we can not drop it easily.

> muvarov wrote
> for this patch I think more clean fix is to drop odph_chksum() completely. 
> There is no need to implement helper function if it's simple follows odp 
> function.


https://github.com/Linaro/odp/pull/280#discussion_r149772866
updated_at 2017-11-08 19:30:17

Re: [lng-odp] [PATCH v1] Misc fast path optimizations

[Github ODP bot]

muvarov replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 5
@@ -1079,7 +1079,7 @@ static int dpdk_input_queues_config(pktio_entry_t 
*pktio_entry,
const odp_pktin_queue_param_t *p)
 {
odp_pktin_mode_t mode = pktio_entry->s.param.in_mode;
-   odp_bool_t lockless;
+   uint8_t lockless;


Comment:
why is that needed?

> Dmitry Eremin-Solenikov(lumag) wrote:
> This is not planned untill TigerMoth.


>> nagarahalli wrote
>> It is about 2.0 merge to master, it will happen sometime in the future.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @nagarahalli Any reason why we shouldn't have it in master?


 nagarahalli wrote
 This change is done already in 2.0.


> Dmitry Eremin-Solenikov(lumag) wrote:
> @matiaselo ok.


>> Matias Elo(matiaselo) wrote:
>> Since there are currently no functions in sight to put into 
>> pool_inlines.h I would suggest not to add a new header file. If/when 
>> some pool inline function are added later on the header can be created 
>> them. Is this OK for you?


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> Just wanted to have pool functions in pool header, etc.


 Matias Elo(matiaselo) wrote:
 I followed the same pattern as the packet inlines. 
 _odp_packet_inline_offset_t is defined in packet_types.h.


> Matias Elo(matiaselo) wrote:
> pool_inlines.h would only include these two lines and looking at pool 
> API there aren't any additional functions which should be inlined. Do 
> you have a particular use case in mind for this header?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> And this to pool_inline_types.h.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> This should go to pool_inlines.h


https://github.com/Linaro/odp/pull/281#discussion_r149769296
updated_at 2017-11-08 19:16:49

[lng-odp] [PATCH API-NEXT v2 8/8] validation: ipsec: support AES-GMAC-ESP validation

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add AES-GMAC-ESP testcase based on draft-mcgrew-gcm-test-01.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 test/validation/api/ipsec/ipsec.c  | 10 +
 test/validation/api/ipsec/ipsec.h  |  1 +
 test/validation/api/ipsec/ipsec_test_in.c  | 33 
 test/validation/api/ipsec/ipsec_test_out.c | 44 ++
 test/validation/api/ipsec/test_vectors.h   | 60 ++
 5 files changed, 148 insertions(+)

diff --git a/test/validation/api/ipsec/ipsec.c 
b/test/validation/api/ipsec/ipsec.c
index fb5f7863e..8d63c36a1 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -201,6 +201,10 @@ int ipsec_check(odp_bool_t ah,
if (!capa.auths.bit.aes_gcm)
return ODP_TEST_INACTIVE;
break;
+   case ODP_AUTH_ALG_AES_GMAC:
+   if (!capa.auths.bit.aes_gmac)
+   return ODP_TEST_INACTIVE;
+   break;
default:
fprintf(stderr, "Unsupported authentication algorithm\n");
return ODP_TEST_INACTIVE;
@@ -284,6 +288,12 @@ int ipsec_check_esp_aes_gcm_256(void)
ODP_AUTH_ALG_AES_GCM, 0);
 }
 
+int ipsec_check_esp_null_aes_gmac_128(void)
+{
+   return  ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0,
+   ODP_AUTH_ALG_AES_GMAC, 128);
+}
+
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
 odp_bool_t in,
 odp_bool_t ah,
diff --git a/test/validation/api/ipsec/ipsec.h 
b/test/validation/api/ipsec/ipsec.h
index 9dd0feabf..4532fe7ce 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -86,5 +86,6 @@ int ipsec_check_esp_aes_cbc_128_null(void);
 int ipsec_check_esp_aes_cbc_128_sha256(void);
 int ipsec_check_esp_aes_gcm_128(void);
 int ipsec_check_esp_aes_gcm_256(void);
+int ipsec_check_esp_null_aes_gmac_128(void);
 
 #endif
diff --git a/test/validation/api/ipsec/ipsec_test_in.c 
b/test/validation/api/ipsec/ipsec_test_in.c
index 25fc00e11..8e692f678 100644
--- a/test/validation/api/ipsec/ipsec_test_in.c
+++ b/test/validation/api/ipsec/ipsec_test_in.c
@@ -752,6 +752,37 @@ static void test_in_mcgrew_gcm_12_esp(void)
ipsec_sa_destroy(sa);
 }
 
+static void test_in_mcgrew_gcm_15_esp(void)
+{
+   odp_ipsec_tunnel_param_t tunnel = {};
+   odp_ipsec_sa_param_t param;
+   odp_ipsec_sa_t sa;
+
+   ipsec_sa_param_fill(¶m,
+   true, false, 0x4321, &tunnel,
+   ODP_CIPHER_ALG_NULL, NULL,
+   ODP_AUTH_ALG_AES_GMAC, &key_mcgrew_gcm_15,
+   &key_mcgrew_gcm_salt_15);
+
+   sa = odp_ipsec_sa_create(¶m);
+
+   CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+   ipsec_test_part test = {
+   .pkt_in = &pkt_mcgrew_gcm_test_15_esp,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.all = 0,
+ .pkt_out = &pkt_mcgrew_gcm_test_15},
+   },
+   };
+
+   ipsec_check_in_one(&test, sa);
+
+   ipsec_sa_destroy(sa);
+}
+
 static void ipsec_test_capability(void)
 {
odp_ipsec_capability_t capa;
@@ -779,6 +810,8 @@ odp_testinfo_t ipsec_in_suite[] = {
  ipsec_check_esp_aes_gcm_128),
ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_12_esp,
  ipsec_check_esp_aes_gcm_128),
+   ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_15_esp,
+ ipsec_check_esp_null_aes_gmac_128),
ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256,
  ipsec_check_ah_sha256),
ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun,
diff --git a/test/validation/api/ipsec/ipsec_test_out.c 
b/test/validation/api/ipsec/ipsec_test_out.c
index 39a3c30ff..7be07d095 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -319,6 +319,48 @@ static void test_out_esp_aes_gcm128(void)
ipsec_sa_destroy(sa);
 }
 
+static void test_out_esp_aes_null_gmac128(void)
+{
+   odp_ipsec_sa_param_t param;
+   odp_ipsec_sa_t sa;
+   odp_ipsec_sa_t sa2;
+
+   ipsec_sa_param_fill(¶m,
+   false, false, 123, NULL,
+   ODP_CIPHER_ALG_NULL, NULL,
+   ODP_AUTH_ALG_AES_GMAC, &key_a5_128,
+   &key_mcgrew_gcm_salt_2);
+
+   sa = odp_ipsec_sa_create(¶m);
+
+   CU_ASSERT_

[lng-odp] [PATCH API-NEXT v2 7/8] validation: ipsec: check authentication key length is supported

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add check through auth capabilities, verifying that key length is
supported.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 test/validation/api/ipsec/ipsec.c | 32 
 test/validation/api/ipsec/ipsec.h | 11 ++-
 2 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/test/validation/api/ipsec/ipsec.c 
b/test/validation/api/ipsec/ipsec.c
index a8fdf2b14..fb5f7863e 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -119,13 +119,14 @@ static void pktio_stop(odp_pktio_t pktio)
 int ipsec_check(odp_bool_t ah,
odp_cipher_alg_t cipher,
uint32_t cipher_bits,
-   odp_auth_alg_t auth)
+   odp_auth_alg_t auth,
+   uint32_t auth_bits)
 {
odp_ipsec_capability_t capa;
odp_crypto_cipher_capability_t cipher_capa[MAX_ALG_CAPA];
odp_crypto_auth_capability_t   auth_capa[MAX_ALG_CAPA];
int i, num;
-   odp_bool_t found = false;
+   odp_bool_t found;
 
if (odp_ipsec_capability(&capa) < 0)
return ODP_TEST_INACTIVE;
@@ -212,6 +213,7 @@ int ipsec_check(odp_bool_t ah,
}
 
/* Search for the test case */
+   found = false;
for (i = 0; i < num; i++) {
if (cipher_capa[i].key_len == cipher_bits / 8) {
found = 1;
@@ -230,42 +232,56 @@ int ipsec_check(odp_bool_t ah,
return ODP_TEST_INACTIVE;
}
 
+   /* Search for the test case */
+   found = false;
+   for (i = 0; i < num; i++) {
+   if (auth_capa[i].key_len == auth_bits / 8) {
+   found = 1;
+   break;
+   }
+   }
+
+   if (!found) {
+   fprintf(stderr, "Unsupported auth key length\n");
+   return ODP_TEST_INACTIVE;
+   }
+
return ODP_TEST_ACTIVE;
 }
 
 int ipsec_check_ah_sha256(void)
 {
-   return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC);
+   return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_null_sha256(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0,
-   ODP_AUTH_ALG_SHA256_HMAC);
+   ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_aes_cbc_128_null(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128,
-   ODP_AUTH_ALG_NULL);
+   ODP_AUTH_ALG_NULL, 0);
 }
 
 int ipsec_check_esp_aes_cbc_128_sha256(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128,
-   ODP_AUTH_ALG_SHA256_HMAC);
+   ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_aes_gcm_128(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128,
-   ODP_AUTH_ALG_AES_GCM);
+   ODP_AUTH_ALG_AES_GCM, 0);
 }
 
 int ipsec_check_esp_aes_gcm_256(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 256,
-   ODP_AUTH_ALG_AES_GCM);
+   ODP_AUTH_ALG_AES_GCM, 0);
 }
 
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
diff --git a/test/validation/api/ipsec/ipsec.h 
b/test/validation/api/ipsec/ipsec.h
index d1c6854b7..9dd0feabf 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -74,11 +74,12 @@ void ipsec_check_out_in_one(const ipsec_test_part *part,
 int ipsec_check(odp_bool_t ah,
odp_cipher_alg_t cipher,
uint32_t cipher_bits,
-   odp_auth_alg_t auth);
-#define ipsec_check_ah(auth) \
-   ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth)
-#define ipsec_check_esp(cipher, cipher_bits, auth) \
-   ipsec_check(false, cipher, cipher_bits, auth)
+   odp_auth_alg_t auth,
+   uint32_t auth_bits);
+#define ipsec_check_ah(auth, auth_bits) \
+   ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth, auth_bits)
+#define ipsec_check_esp(cipher, cipher_bits, auth, auth_bits) \
+   ipsec_check(false, cipher, cipher_bits, auth, auth_bits)
 int ipsec_check_ah_sha256(void);
 int ipsec_check_esp_null_sha256(void);
 int ipsec_check_esp_aes_cbc_128_null(void);

[lng-odp] [PATCH API-NEXT v2 5/8] linux-gen: crypto: add AES-GMAC implementation

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Implement AES-GMAC on top of OpenSSL AES-GCM with all text going into
AAD part.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 .../linux-generic/include/odp_crypto_internal.h|   5 +-
 platform/linux-generic/odp_crypto.c| 149 -
 2 files changed, 152 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/include/odp_crypto_internal.h 
b/platform/linux-generic/include/odp_crypto_internal.h
index 12d1720b7..21174daa4 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -51,7 +51,10 @@ struct odp_crypto_generic_session {
uint8_t  key[EVP_MAX_KEY_LENGTH];
uint32_t key_length;
uint32_t bytes;
-   const EVP_MD *evp_md;
+   union {
+   const EVP_MD *evp_md;
+   const EVP_CIPHER *evp_cipher;
+   };
crypto_func_t func;
} auth;
 };
diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 3174feee0..ac0fa337b 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -38,7 +38,9 @@
  * Keep sorted: first by key length, then by IV length
  */
 static const odp_crypto_cipher_capability_t cipher_capa_null[] = {
-{.key_len = 0, .iv_len = 0} };
+{.key_len = 0, .iv_len = 0},
+/* Special case for GMAC */
+{.key_len = 0, .iv_len = 12} };
 
 static const odp_crypto_cipher_capability_t cipher_capa_des[] = {
 {.key_len = 24, .iv_len = 8} };
@@ -83,6 +85,9 @@ static const odp_crypto_auth_capability_t 
auth_capa_sha512_hmac[] = {
 static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } 
};
 
+static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = {
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+
 typedef struct odp_crypto_global_s odp_crypto_global_t;
 
 struct odp_crypto_global_s {
@@ -235,6 +240,33 @@ odp_crypto_alg_err_t auth_check(odp_packet_t pkt,
 }
 
 static
+int internal_aad(EVP_CIPHER_CTX *ctx,
+odp_packet_t pkt,
+const odp_crypto_packet_op_param_t *param)
+{
+   uint32_t offset = param->auth_range.offset;
+   uint32_t len   = param->auth_range.length;
+   int dummy_len;
+   int ret;
+
+   ODP_ASSERT(offset + len <= odp_packet_len(pkt));
+
+   while (len > 0) {
+   uint32_t seglen = 0; /* GCC */
+   void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL);
+   uint32_t maclen = len > seglen ? seglen : len;
+
+   EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
+   offset  += maclen;
+   len -= maclen;
+   }
+
+   ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);
+
+   return ret;
+}
+
+static
 int internal_encrypt(EVP_CIPHER_CTX *ctx,
 odp_packet_t pkt,
 const odp_crypto_packet_op_param_t *param)
@@ -555,6 +587,106 @@ static int 
process_aes_gcm_param(odp_crypto_generic_session_t *session,
return 0;
 }
 
+static
+odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt,
+ const odp_crypto_packet_op_param_t *param,
+ odp_crypto_generic_session_t *session)
+{
+   EVP_CIPHER_CTX *ctx;
+   void *iv_ptr;
+   uint8_t block[EVP_MAX_MD_SIZE];
+   int ret;
+
+   if (param->override_iv_ptr)
+   iv_ptr = param->override_iv_ptr;
+   else if (session->p.iv.data)
+   iv_ptr = session->cipher.iv_data;
+   else
+   return ODP_CRYPTO_ALG_ERR_IV_INVALID;
+
+   /* Encrypt it */
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL,
+  session->auth.key, NULL);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+   session->p.iv.length, NULL);
+   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+   ret = internal_aad(ctx, pkt, param);
+
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+   session->p.auth_digest_len, block);
+   odp_packet_copy_from_mem(pkt, param->hash_result_offset,
+session->p.auth_digest_len, block);
+
+   EVP_CIPHER_CTX_free(ctx);
+
+   return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE :
+ ODP_CRYPTO_ALG_ERR_NONE;
+}
+
+static
+odp_crypto_alg_err_t aes_gmac_check(odp_packet_t

[lng-odp] [PATCH API-NEXT v2 6/8] linux-gen: ipsec: add support for AES-GMAC-ESP

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Implement AES-GMAC-ESP support.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 platform/linux-generic/odp_ipsec_sad.c | 60 +++---
 1 file changed, 34 insertions(+), 26 deletions(-)

diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index 457b81d04..369d927ee 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -263,6 +263,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
crypto_param.auth_alg = param->crypto.auth_alg;
crypto_param.auth_key = param->crypto.auth_key;
 
+   switch (crypto_param.cipher_alg) {
+   case ODP_CIPHER_ALG_NULL:
+   ipsec_sa->esp_iv_len = 0;
+   ipsec_sa->esp_block_len = 1;
+   break;
+   case ODP_CIPHER_ALG_DES:
+   case ODP_CIPHER_ALG_3DES_CBC:
+   ipsec_sa->esp_iv_len = 8;
+   ipsec_sa->esp_block_len = 8;
+   break;
+#if ODP_DEPRECATED_API
+   case ODP_CIPHER_ALG_AES128_CBC:
+#endif
+   case ODP_CIPHER_ALG_AES_CBC:
+   ipsec_sa->esp_iv_len = 16;
+   ipsec_sa->esp_block_len = 16;
+   break;
+#if ODP_DEPRECATED_API
+   case ODP_CIPHER_ALG_AES128_GCM:
+#endif
+   case ODP_CIPHER_ALG_AES_GCM:
+   ipsec_sa->use_counter_iv = 1;
+   ipsec_sa->esp_iv_len = 8;
+   ipsec_sa->esp_block_len = 16;
+   ipsec_sa->icv_len = 16;
+   break;
+   default:
+   goto error;
+   }
+
switch (crypto_param.auth_alg) {
case ODP_AUTH_ALG_NULL:
ipsec_sa->icv_len = 0;
@@ -291,35 +321,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
case ODP_AUTH_ALG_AES_GCM:
ipsec_sa->icv_len = 16;
break;
-   default:
-   goto error;
-   }
-
-   switch (crypto_param.cipher_alg) {
-   case ODP_CIPHER_ALG_NULL:
-   ipsec_sa->esp_iv_len = 0;
-   ipsec_sa->esp_block_len = 1;
-   break;
-   case ODP_CIPHER_ALG_DES:
-   case ODP_CIPHER_ALG_3DES_CBC:
-   ipsec_sa->esp_iv_len = 8;
-   ipsec_sa->esp_block_len = 8;
-   break;
-#if ODP_DEPRECATED_API
-   case ODP_CIPHER_ALG_AES128_CBC:
-#endif
-   case ODP_CIPHER_ALG_AES_CBC:
-   ipsec_sa->esp_iv_len = 16;
-   ipsec_sa->esp_block_len = 16;
-   break;
-#if ODP_DEPRECATED_API
-   case ODP_CIPHER_ALG_AES128_GCM:
-#endif
-   case ODP_CIPHER_ALG_AES_GCM:
+   case ODP_AUTH_ALG_AES_GMAC:
+   if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg)
+   return ODP_IPSEC_SA_INVALID;
ipsec_sa->use_counter_iv = 1;
ipsec_sa->esp_iv_len = 8;
ipsec_sa->esp_block_len = 16;
-   crypto_param.iv.length = 12;
+   ipsec_sa->icv_len = 16;
break;
default:
goto error;

[lng-odp] [PATCH API-NEXT v2 4/8] validation: crypto: add AES-GMAC testcase

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add AES-GMAC test vector based on draft-mcgrew-gcm-test-01.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 test/validation/api/crypto/crypto.h  |  2 ++
 test/validation/api/crypto/odp_crypto_test_inp.c | 46 
 test/validation/api/crypto/test_vectors.h| 33 +
 3 files changed, 81 insertions(+)

diff --git a/test/validation/api/crypto/crypto.h 
b/test/validation/api/crypto/crypto.h
index 71f862ec3..550d2bbff 100644
--- a/test/validation/api/crypto/crypto.h
+++ b/test/validation/api/crypto/crypto.h
@@ -32,6 +32,8 @@ void crypto_test_gen_alg_hmac_sha256(void);
 void crypto_test_check_alg_hmac_sha256(void);
 void crypto_test_gen_alg_hmac_sha512(void);
 void crypto_test_check_alg_hmac_sha512(void);
+void crypto_test_gen_alg_aes_gmac(void);
+void crypto_test_check_alg_aes_gmac(void);
 
 /* test arrays: */
 extern odp_testinfo_t crypto_suite[];
diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c 
b/test/validation/api/crypto/odp_crypto_test_inp.c
index f05780377..596c8370b 100644
--- a/test/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/validation/api/crypto/odp_crypto_test_inp.c
@@ -50,6 +50,8 @@ static const char *auth_alg_name(odp_auth_alg_t auth)
return "ODP_AUTH_ALG_SHA512_HMAC";
case ODP_AUTH_ALG_AES_GCM:
return "ODP_AUTH_ALG_AES_GCM";
+   case ODP_AUTH_ALG_AES_GMAC:
+   return "ODP_AUTH_ALG_AES_GMAC";
default:
return "Unknown";
}
@@ -341,6 +343,9 @@ static void alg_test(odp_crypto_op_t op,
if (auth_alg == ODP_AUTH_ALG_AES_GCM &&
!(capa.auths.bit.aes_gcm))
rc = -1;
+   if (auth_alg == ODP_AUTH_ALG_AES_GMAC &&
+   !(capa.auths.bit.aes_gmac))
+   rc = -1;
if (auth_alg == ODP_AUTH_ALG_MD5_HMAC &&
!(capa.auths.bit.md5_hmac))
rc = -1;
@@ -581,6 +586,10 @@ static int check_alg_support(odp_cipher_alg_t cipher, 
odp_auth_alg_t auth)
if (!capability.auths.bit.aes_gcm)
return ODP_TEST_INACTIVE;
break;
+   case ODP_AUTH_ALG_AES_GMAC:
+   if (!capability.auths.bit.aes_gmac)
+   return ODP_TEST_INACTIVE;
+   break;
default:
fprintf(stderr, "Unsupported authentication algorithm\n");
return ODP_TEST_INACTIVE;
@@ -1025,6 +1034,39 @@ void crypto_test_check_alg_hmac_sha512(void)
 false);
 }
 
+static int check_alg_aes_gmac(void)
+{
+   return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_AES_GMAC);
+}
+
+void crypto_test_gen_alg_aes_gmac(void)
+{
+   unsigned int test_vec_num = (sizeof(aes_gmac_reference) /
+sizeof(aes_gmac_reference[0]));
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++)
+   alg_test(ODP_CRYPTO_OP_ENCODE,
+ODP_CIPHER_ALG_NULL,
+ODP_AUTH_ALG_AES_GMAC,
+&aes_gmac_reference[i],
+false);
+}
+
+void crypto_test_check_alg_aes_gmac(void)
+{
+   unsigned int test_vec_num = (sizeof(aes_gmac_reference) /
+sizeof(aes_gmac_reference[0]));
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++)
+   alg_test(ODP_CRYPTO_OP_DECODE,
+ODP_CIPHER_ALG_NULL,
+ODP_AUTH_ALG_AES_GMAC,
+&aes_gmac_reference[i],
+false);
+}
+
 int crypto_suite_sync_init(void)
 {
suite_context.pool = odp_pool_lookup("packet_pool");
@@ -1122,6 +1164,10 @@ odp_testinfo_t crypto_suite[] = {
  check_alg_hmac_sha512),
ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha512,
  check_alg_hmac_sha512),
+   ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_aes_gmac,
+ check_alg_aes_gmac),
+   ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_aes_gmac,
+ check_alg_aes_gmac),
ODP_TEST_INFO_NULL,
 };
 
diff --git a/test/validation/api/crypto/test_vectors.h 
b/test/validation/api/crypto/test_vectors.h
index 652968be7..5cc143660 100644
--- a/test/validation/api/crypto/test_vectors.h
+++ b/test/validation/api/crypto/test_vectors.h
@@ -361,6 +361,39 @@ static crypto_test_reference_t aes_gcm_reference[] = {
}
 };
 
+static crypto_test_reference_t aes_gmac_reference[] = {
+   {
+   .auth_key_length = AES128_GCM_KEY_LEN,
+   .aut

[lng-odp] [PATCH API-NEXT v2 3/8] api: crypto: add AES-GMAC declarations

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add AES-GMAC declarations to support RFC4543.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 include/odp/api/spec/crypto.h | 9 +
 1 file changed, 9 insertions(+)

diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h
index 7dcb71264..8da23c039 100644
--- a/include/odp/api/spec/crypto.h
+++ b/include/odp/api/spec/crypto.h
@@ -131,6 +131,12 @@ typedef enum {
 */
ODP_AUTH_ALG_AES_GCM,
 
+   /** AES in Galois/Counter MAC Mode
+*
+*  @note Must be paired with cipher ODP_CIPHER_ALG_NULL
+*/
+   ODP_AUTH_ALG_AES_GMAC,
+
/** @deprecated  Use ODP_AUTH_ALG_MD5_HMAC instead */
ODP_DEPRECATE(ODP_AUTH_ALG_MD5_96),
 
@@ -202,6 +208,9 @@ typedef union odp_crypto_auth_algos_t {
/** ODP_AUTH_ALG_AES_GCM */
uint32_t aes_gcm : 1;
 
+   /** ODP_AUTH_ALG_AES_GMAC*/
+   uint32_t aes_gmac: 1;
+
/** @deprecated  Use md5_hmac instead */
uint32_t ODP_DEPRECATE(md5_96) : 1;
 

[lng-odp] [PATCH API-NEXT v2 2/8] linux-gen: ipsec: don't leak SA on creation error

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix
them by always releasing SA in error case.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 platform/linux-generic/odp_ipsec_sad.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index 5d20bb66c..457b81d04 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -292,7 +292,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
ipsec_sa->icv_len = 16;
break;
default:
-   return ODP_IPSEC_SA_INVALID;
+   goto error;
}
 
switch (crypto_param.cipher_alg) {
@@ -322,7 +322,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
crypto_param.iv.length = 12;
break;
default:
-   return ODP_IPSEC_SA_INVALID;
+   goto error;
}
 
if (1 == ipsec_sa->use_counter_iv &&

[lng-odp] [PATCH API-NEXT v2 1/8] linux-gen: ipsec: use counter instead of random IV for GCM

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Reusing IV block with GCM results in disastrous consequences. Use
counter instead of random-generated IV to remove possibility for IV
reuse.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 platform/linux-generic/include/odp_ipsec_internal.h | 16 +---
 platform/linux-generic/odp_ipsec.c  | 19 ++-
 platform/linux-generic/odp_ipsec_sad.c  |  6 ++
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/platform/linux-generic/include/odp_ipsec_internal.h 
b/platform/linux-generic/include/odp_ipsec_internal.h
index 1340ca7bd..afc2f686e 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -118,9 +118,17 @@ struct ipsec_sa_s {
uint8_t salt[IPSEC_MAX_SALT_LEN];
uint32_tsalt_length;
 
-   unsigneddec_ttl : 1;
-   unsignedcopy_dscp : 1;
-   unsignedcopy_df : 1;
+   union {
+   unsigned flags;
+   struct {
+   unsigneddec_ttl : 1;
+   unsignedcopy_dscp : 1;
+   unsignedcopy_df : 1;
+
+   /* Only for outbound */
+   unsigneduse_counter_iv : 1;
+   };
+   };
 
union {
struct {
@@ -136,6 +144,8 @@ struct ipsec_sa_s {
odp_atomic_u32_t tun_hdr_id;
odp_atomic_u32_t seq;
 
+   odp_atomic_u64_t counter; /* for CTR/GCM */
+
uint8_t tun_ttl;
uint8_t tun_dscp;
uint8_t tun_df;
diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index e57736c2a..1aa437b8e 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -676,7 +676,24 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
   ip_data_len +
   ipsec_sa->icv_len;
 
-   if (ipsec_sa->esp_iv_len) {
+   if (ipsec_sa->use_counter_iv) {
+   uint64_t ctr;
+
+   /* Both GCM and CTR use 8-bit counters */
+   ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len);
+
+   ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter,
+  1);
+   /* Check for overrun */
+   if (ctr == 0)
+   goto out;
+
+   memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length);
+   memcpy(iv + ipsec_sa->salt_length, &ctr,
+  ipsec_sa->esp_iv_len);
+
+   param.override_iv_ptr = iv;
+   } else if (ipsec_sa->esp_iv_len) {
uint32_t len;
 
len = odp_random_data(iv + ipsec_sa->salt_length,
diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index f0b5b9e4a..5d20bb66c 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
ipsec_sa->context = param->context;
ipsec_sa->queue = param->dest_queue;
ipsec_sa->mode = param->mode;
+   ipsec_sa->flags = 0;
if (ODP_IPSEC_DIR_INBOUND == param->dir) {
ipsec_sa->in.lookup_mode = param->inbound.lookup_mode;
if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode)
@@ -315,6 +316,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
case ODP_CIPHER_ALG_AES128_GCM:
 #endif
case ODP_CIPHER_ALG_AES_GCM:
+   ipsec_sa->use_counter_iv = 1;
ipsec_sa->esp_iv_len = 8;
ipsec_sa->esp_block_len = 16;
crypto_param.iv.length = 12;
@@ -323,6 +325,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
return ODP_IPSEC_SA_INVALID;
}
 
+   if (1 == ipsec_sa->use_counter_iv &&
+   ODP_IPSEC_DIR_OUTBOUND == param->dir)
+   odp_atomic_init_u64(&ipsec_sa->out.counter, 1);
+
crypto_param.auth_digest_len = ipsec_sa->icv_len;
 
if (param->crypto.cipher_key_extra.length) {

[lng-odp] [PATCH API-NEXT v2 0/8] AES-GMAC implementation

[Github ODP bot]

This is an example of AES-GMAC(-ESP) implementation. Plaintext is passed as 
normal packet, IV/salt are passed according to the rest of API. This 
incorporates one commit from #243.

github
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
/github

checkpatch.pl
total: 0 errors, 0 warnings, 0 checks, 77 lines checked


to_send-p-000.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 16 lines checked


to_send-p-001.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 21 lines checked


to_send-p-002.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 123 lines checked


to_send-p-003.patch has no obvious style problems and is ready for submission.
WARNING: Missing a blank line after declarations
#33: FILE: platform/linux-generic/include/odp_crypto_internal.h:56:
+   const EVP_MD *evp_md;
+   const EVP_CIPHER *evp_cipher;

CHECK: Avoid CamelCase: 
#83: FILE: platform/linux-generic/odp_crypto.c:259:
+   EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);

CHECK: Avoid CamelCase: 
#88: FILE: platform/linux-generic/odp_crypto.c:264:
+   ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);

CHECK: Avoid CamelCase: 
#120: FILE: platform/linux-generic/odp_crypto.c:609:
+   EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL,

CHECK: Avoid CamelCase: 
#159: FILE: platform/linux-generic/odp_crypto.c:648:
+   EVP_DecryptInit_ex(ctx, session->auth.evp_cipher, NULL,

total: 0 errors, 1 warnings, 4 checks, 202 lines checked


to_send-p-004.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
total: 0 errors, 0 warnings, 0 checks, 75 lines checked


to_send-p-005.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 102 lines checked


to_send-p-006.patch has no obvious style problems and is ready for submission.
CHECK: Alignment should match open parenthesis
#184: FILE: test/validation/api/ipsec/test_vectors.h:49:
+KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda,
+  0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34);

total: 0 errors, 0 warnings, 1 checks, 198 lines checked


to_send-p-007.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
/checkpatch.pl

Re: [lng-odp] [PATCH API-NEXT v1] AES-GMAC implementation

[Dmitry Eremin-Solenikov]

updated

Re: [lng-odp] [PATCH API-NEXT v1] AES-GMAC implementation

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

platform/linux-generic/include/odp_crypto_internal.h
line 9
@@ -51,7 +51,10 @@ struct odp_crypto_generic_session {
uint8_t  key[EVP_MAX_KEY_LENGTH];
uint32_t key_length;
uint32_t bytes;
-   const EVP_MD *evp_md;
+   union {
+   const EVP_MD *evp_md;
+   const EVP_CIPHER *evp_cipher;
+   };
crypto_func_t func;


Comment:
You're right. This one is a false positive on checkpatch's part.

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Checkpatch flags this line as > 80 chars. Easy to reflow, e.g., move the 
> `0x6a` to the earlier line.


https://github.com/Linaro/odp/pull/288#discussion_r149839275
updated_at 2017-11-09 00:38:04

Re: [lng-odp] [PATCH API-NEXT v1] AES-GMAC implementation

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

test/validation/api/crypto/test_vectors.h
line 33
@@ -361,6 +361,39 @@ static crypto_test_reference_t aes_gcm_reference[] = {
}
 };
 
+static crypto_test_reference_t aes_gmac_reference[] = {
+   {
+   .auth_key_length = AES128_GCM_KEY_LEN,
+   .auth_key = { 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda,
+ 0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34},
+   .iv_length = AES_GCM_IV_LEN,
+   .iv = { 0x22, 0x43, 0x3c, 0x64, 0x00, 0x00, 0x00, 0x00,
+   0x00, 0x00, 0x00, 0x00 },
+   .length = 68,
+   .plaintext = { 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x07,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x45, 0x00, 0x00, 0x30, 0xda, 0x3a, 0x00, 0x00,
+  0x80, 0x01, 0xdf, 0x3b, 0xc0, 0xa8, 0x00, 0x05,
+  0xc0, 0xa8, 0x00, 0x01, 0x08, 0x00, 0xc6, 0xcd,
+  0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64,
+  0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+  0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74,
+  0x01, 0x02, 0x02, 0x01 },
+   .ciphertext = { 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x07,
+   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+   0x45, 0x00, 0x00, 0x30, 0xda, 0x3a, 0x00, 0x00,
+   0x80, 0x01, 0xdf, 0x3b, 0xc0, 0xa8, 0x00, 0x05,
+   0xc0, 0xa8, 0x00, 0x01, 0x08, 0x00, 0xc6, 0xcd,
+   0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64,
+   0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+   0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74,
+   0x01, 0x02, 0x02, 0x01 },
+   .digest_length = AES_GCM_DIGEST_LEN,
+   .digest = { 0xf2, 0xa9, 0xa8, 0x36, 0xe1, 0x55, 0x10,
+   0x6a, 0xa8, 0xdc, 0xd6, 0x18, 0xe4, 0x09, 0x9a, 
0xaa }


Comment:
Checkpatch flags this line as > 80 chars. Easy to reflow, e.g., move the `0x6a` 
to the earlier line.

https://github.com/Linaro/odp/pull/288#discussion_r149839109
updated_at 2017-11-09 00:37:04

Re: [lng-odp] issues with usage of mellanox 100G NICs with ODP & ODP-DPDK

[gyanesh patra]

- where to set CONFIG_RTE_LIBRTE_MLX5_PMD ? I believe in DPDK we set it
whilie compiling. How to set it for ODP??

- with mellanox NICs, it is not required to explicitly bind the interface
to dpdk. I can use portID "0,1"  with dpdk example. Is it the same way to
specify with ODP-DPDK l2fwd example too??


P Gyanesh Kumar Patra

On Wed, Nov 8, 2017 at 7:56 PM, Maxim Uvarov 
wrote:

> On 11/08/17 19:32, gyanesh patra wrote:
> > I am not sure what you mean. Can you please elaborate?
> >
> > As i mentioned before I am able to run dpdk examples. Hence the drivers
> > are available and working fine.
> > I configured ODP & ODP-DPDK with "LDFLAGS=-libverbs" and compiled to
> > work with mellanox. I followed the same while compiling dpdk too.
> >
> > Is there anything i am missing?
> >
> > P Gyanesh Kumar Patra
>
>
> in general if CONFIG_RTE_LIBRTE_MLX5_PMD=y was specified then it has to
> work. I think we did test only with ixgbe. But in general it's common code.
>
> "Unable to init any I/O type." means it it called all open for all pktio
> in list here:
> ./platform/linux-generic/pktio/io_ops.c
>
> and setup_pkt_dpdk() failed for some reason.
>
> I do not like allocations errors in your log.
>
> Try to compile ODP with --enable-debug-print --enable-debug it will make
> ODP_DBG() macro work and it will be visible why it does not opens pktio.
>
> Maxim
>
>
> >
> > On Wed, Nov 8, 2017 at 5:22 PM, Maxim Uvarov  > > wrote:
> >
> > is Mellanox pmd compiled in?
> >
> > Maxim.
> >
> > On 11/08/17 17:58, gyanesh patra wrote:
> > > Hi,
> > > I am trying to run ODP & ODP-DPDK examples on our server with
> > mellanox 100G
> > > NICs. I am using the odp_l2fwd example. While running the example,
> > I am
> > > facing some issues.
> > > -> When I run "ODP" example using the if names given by kernel as
> > > arguments, I am not getting enough throughput.(the value is very
> low)
> > > -> And when I try "ODP-DPDK" example using port ID as "0,1", it
> can't
> > > create pktio. Whereas I am able to run the examples from "DPDK"
> > > repo with portID "0,1" for the same mellanox NICs. I tried running
> > with
> > > "81:00.0,81:00.1" and also with if-names too without any success.
> > Adding
> > > the whitelist using ODP_PLATFORM_PARAMS doesn't help either.
> > >
> > > Am I missing any steps to use mellanox NICs? OR is there a
> > different method
> > > to specify the device details to create pktio?
> > > I am providing the output of "odp_l2fwd" examples for ODP and
> ODP-DPDK
> > > repository here.
> > >
> > > The NICs being used:
> > >
> > > :81:00.0 'MT27700 Family [ConnectX-4]' if=enp129s0f0
> drv=mlx5_core
> > > unused=
> > > :81:00.1 'MT27700 Family [ConnectX-4]' if=enp129s0f1
> drv=mlx5_core
> > > unused=
> > >
> > > ODP l2fwd example run details:
> > > --
> > > root@ubuntu:/home/ubuntu/odp/test/performance# ./odp_l2fwd -i
> > > enp129s0f0,enp129s0f1
> > > HW time counter freq: 239886 
> > <(239)%20999-9886> hz
> > >
> > > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate
> memory
> > > _ishm.c:880:_odp_ishm_reserve():No huge pages, fall back to normal
> > pages.
> > > check: /proc/sys/vm/nr_hugepages.
> > > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate
> memory
> > > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate
> memory
> > > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate
> memory
> > >  PKTIO: initialized loop interface.
> > >  PKTIO: initialized pcap interface.
> > >  PKTIO: initialized ipc interface.
> > >  PKTIO: initialized socket mmap, use export
> > ODP_PKTIO_DISABLE_SOCKET_MMAP=1
> > > to disable.
> > >  PKTIO: initialized socket mmsg,use export
> > ODP_PKTIO_DISABLE_SOCKET_MMSG=1
> > > to disable.
> > > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate
> memory
> > > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate
> memory
> > > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate
> memory
> > > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate
> memory
> > >
> > > ODP system info
> > > ---
> > > ODP API version: 1.15.0
> > > ODP impl name:   "odp-linux"
> > > CPU model:   Intel(R) Xeon(R) CPU E5-2680 v4
> > > CPU freq (hz):   33
> > > Cache line size: 64
> > > CPU count:   56
> > >
> > >
> > > CPU features supported:
> > > SSE3 PCLMULQDQ DTES64 MONITOR DS_CPL VMX SMX EIST TM2 SSSE3 FMA
> > CMPXCHG16B
> > > XTPR PDCM PCID DCA SSE4_1 SSE4_2 X2APIC MOVBE POPCNT TSC_DEADLINE
> > AES XSAVE
> > > OSXSAVE AVX F16C RDRAND FPU VME DE PSE TSC MSR PAE MCE CX8 APIC
> > SEP MTRR
> > > PGE MCA CMOV PAT PSE36 CLFSH DS ACPI

[lng-odp] [Bug 3411] wrong openssl_lock pointer type

[bugzilla-daemon]

https://bugs.linaro.org/show_bug.cgi?id=3411

--- Comment #1 from Maxim Uvarov  ---
https://github.com/Linaro/odp/commit/0e04be4851ecc94da8b4cac3c576260c0518c936
refs/heads/master
2017-11-08T22:32:30+03:00
Petri Savolainen petri.savolai...@linaro.org
linux-gen: crypto: fix openssl_lock pointer type

Wrong pointer type (pointer to pointer) to openssl_lock array
caused data overlapping when running on other than 64-bit
machines.

Fixed pointer type and simplified global data structure to
contain only one dynamically sized array (openssl locks).
Session array was already fixed size but was not defined as
such.

Fixes bug: https://bugs.linaro.org/show_bug.cgi?id=3411

Signed-off-by: Petri Savolainen 
Signed-off-by: Viktor Tikkanen 
Reviewed-by: Dmitry Eremin-Solenikov 
Reviewed-by: Bill Fischofer 
Signed-off-by: Maxim Uvarov 

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[lng-odp] [Linaro/odp] 0e04be: linux-gen: crypto: fix openssl_lock pointer type

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/Linaro/odp
  Commit: 0e04be4851ecc94da8b4cac3c576260c0518c936
  
https://github.com/Linaro/odp/commit/0e04be4851ecc94da8b4cac3c576260c0518c936
  Author: Petri Savolainen 
  Date:   2017-11-08 (Wed, 08 Nov 2017)

  Changed paths:
M platform/linux-generic/odp_crypto.c

  Log Message:
  ---
  linux-gen: crypto: fix openssl_lock pointer type

Wrong pointer type (pointer to pointer) to openssl_lock array
caused data overlapping when running on other than 64-bit
machines.

Fixed pointer type and simplified global data structure to
contain only one dynamically sized array (openssl locks).
Session array was already fixed size but was not defined as
such.

Fixes bug: https://bugs.linaro.org/show_bug.cgi?id=3411

Signed-off-by: Petri Savolainen 
Signed-off-by: Viktor Tikkanen 
Reviewed-by: Dmitry Eremin-Solenikov 
Reviewed-by: Bill Fischofer 
Signed-off-by: Maxim Uvarov 

[lng-odp] [Linaro/odp] d59c00: example: fix pointers to odp_l2fwd.c source

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/Linaro/odp
  Commit: d59c00c5f0255a5f1fc462332eef291bb2993f64
  
https://github.com/Linaro/odp/commit/d59c00c5f0255a5f1fc462332eef291bb2993f64
  Author: Dmitry Eremin-Solenikov 
  Date:   2017-11-08 (Wed, 08 Nov 2017)

  Changed paths:
M example/l2fwd/README
M example/l2fwd/odp_l2fwd.c

  Log Message:
  ---
  example: fix pointers to odp_l2fwd.c source

During mass-move of tests I forgot to update odp_l2fwd example to point
to new locattion. Fix that now.

Signed-off-by: Dmitry Eremin-Solenikov 
Signed-off-by: Maxim Uvarov 

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

platform/linux-generic/odp_packet.c
line 56
@@ -2252,6 +2252,63 @@ int packet_parse_l3_l4(odp_packet_hdr_t *pkt_hdr,
 layer, ethtype);
 }
 
+int odp_packet_parse(odp_packet_t pkt, uint32_t offset,
+const odp_packet_parse_param_t *param)
+{
+   odp_packet_hdr_t *pkt_hdr = packet_hdr(pkt);
+   void *data;
+   uint32_t seg_len;
+   uint32_t packet_len = pkt_hdr->frame_len;
+   odp_proto_t proto = param->proto;
+   odp_proto_layer_t layer = param->layer;
+   int ret;
+   uint16_t ethtype;
+
+   if (proto == ODP_PROTO_NONE || layer == ODP_PROTO_LAYER_NONE)
+   return -1;
+
+   data = packet_map(pkt_hdr, offset, &seg_len, NULL);
+
+   if (data == NULL)
+   return -1;
+
+   packet_parse_reset(pkt_hdr);
+
+   if (proto == ODP_PROTO_ETH) {
+   ret = packet_parse_common(&pkt_hdr->p, data, packet_len,
+ seg_len, layer);
+
+   if (ret)
+   return -1;
+   } else {
+   if (proto == ODP_PROTO_IPV4)
+   ethtype = _ODP_ETHTYPE_IPV4;
+   else
+   ethtype = _ODP_ETHTYPE_IPV6;
+
+   ret = packet_parse_common_l3_l4(&pkt_hdr->p, data, offset,
+   packet_len, seg_len,
+   layer, ethtype);
+
+   if (ret)
+   return -1;
+   }
+
+   return 0;
+}
+
+int odp_packet_parse_multi(const odp_packet_t pkt[], const uint32_t offset[],
+  int num, const odp_packet_parse_param_t *param)
+{
+   int i;
+
+   for (i = 0; i < num; i++)
+   if (odp_packet_parse(pkt[i], offset[i], param))
+   return -1;


Comment:
`return i;` if we adopt the RC == number of successful packets parsed 
convention.

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> For consistency with other `odp_xxx_multi()` APIs, the RC should indicate the 
> number of input packets that were successfully processed. 


>> muvarov wrote
>> it looks like 2 enums are not needed here. odp_proto_layet_t  layer_start; 
>> and  odp_proto_layet_t  layer_end;  and one enum for layers.


>>> muvarov wrote
>>> maybe return number of correctly parsed packets? And say that parsing 
>>> always starts from be beginning of array. 


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 +1 since other checksum APIs refer to L3 and L4 rather than specific 
 protocols. 


> Dmitry Eremin-Solenikov(lumag) wrote:
> What about just `l3_chksum`, and `l4_chksum`? 


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Now that we have a `param` struct we should have an 
>> `odp_packet_parse_param_init()` API as well for completeness.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @Bill-Fischofer-Linaro Because it is a parsing error, if lower layer 
>>> provides us IP version that does not correspond to the in-packet 
>>> version. We should detect that, rather than silently parsing this 
>>> header.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 I'm not sure why an API named `odp_packet_parse()` needs help here. 
 It's purpose, after all, is to parse packets and determining IPv4 vs 
 IPv6 is part of that activity. Moreover, the only way an application 
 can inspect the IP header is to access it via other ODP API calls, so 
 I don't see how asking the application to do this is any better than 
 having the `odp_packet_parse()` implementation do this itself. What's 
 the purpose of having a parse API in that case since clearly the 
 application could parse the entire packet "by hand" as well.


> Dmitry Eremin-Solenikov(lumag) wrote:
> Failure needs to be defined in a more precise way (and maybe for a 
> single packet case). I assume that it means internal ODP error, 
> rather than just packet with wrong headers. What happens in 
> multi-packet case if failure occurs in the middle of parsing?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @psavol Also for multi-packet parsing, we can change `proto` to be 
>> an array, allowing applications to easily intermix IPv4 and IPv6 
>> packets.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @psavol yes. I just wanted to focus on cases, when passing packet 
>>> with wrong protocol is an error. E.g. IPv6 packet inside IPsec 
>>> packet with NH = 4. So it is not a question of selecting proper L3 
>>> parser, but rather a question of nailing down error/malicious 
>>> packets.


 Petri Savolainen(psavol) wrote:
 It's there to enable application to call parsing in parts - 

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

include/odp/api/spec/packet.h
line 124
@@ -1140,6 +1179,82 @@ int odp_packet_move_data(odp_packet_t pkt, uint32_t 
dst_offset,
  */
 
 /**
+ * Packet parse parameters
+ */
+typedef struct odp_packet_parse_param_t {
+   /** Protocol header at parse starting point. Valid values for this
+*  field are: ODP_PROTO_ETH, ODP_PROTO_IPV4, ODP_PROTO_IPV6. */
+   odp_proto_t proto;
+
+   /** Continue parsing until this layer. Must be the same or higher
+*  layer than the layer of 'proto'. */
+   odp_proto_layer_t layer;
+
+   /** Flags to control payload data checks up to the selected parse
+*  layer. Checksum checking status can be queried for each packet with
+*  odp_packet_l3_chksum_status() and odp_packet_l4_chksum_status().
+*/
+   union {
+   struct {
+   /** Check IPv4 header checksum */
+   uint32_t ipv4_chksum   : 1;
+
+   /** Check UDP checksum */
+   uint32_t udp_chksum: 1;
+
+   /** Check TCP checksum */
+   uint32_t tcp_chksum: 1;
+
+   } check;
+
+   /** All check bits. This can be used to set/clear all flags. */
+   uint32_t all_check;
+   };
+
+} odp_packet_parse_param_t;
+
+/**
+ * Parse packet
+ *
+ * Parse protocol headers in packet data. Parsing starts at 'offset', which
+ * is the first header byte of protocol 'param.proto'. Parameter 'param.layer'
+ * defines the last layer application is interested about.
+ * Use ODP_PROTO_LAYER_ALL for all layers. The operation sets or resets packet
+ * metadata for all layers from the layer of 'param.proto' to the application
+ * defined last layer. Metadata of other layers have undefined values.
+ * When operation fails, metadata of all protocol layers have undefined values.
+ *
+ * @param pkt Packet handle
+ * @param offset  Byte offset into the packet
+ * @param param   Parse parameters. Proto and layer fields must be set. Clear
+ *all check bits that are not used.
+ *
+ * @retval 0 on success
+ * @retval <0 on failure
+ */
+int odp_packet_parse(odp_packet_t pkt, uint32_t offset,
+const odp_packet_parse_param_t *param);
+
+/**
+ * Parse multiple packets
+ *
+ * Otherwise like odp_packet_parse(), but parses multiple packets. Packets may
+ * have unique offsets, but must start with the same protocol. Also, packets 
are
+ * parsed up to the same protocol layer.
+ *
+ * @param pkt Packet handle array
+ * @param offset  Byte offsets into the packets
+ * @param num Number of packets and offsets
+ * @param param   Parse parameters. Proto and layer fields must be set. Clear
+ *all check bits that are not used.
+ *
+ * @retval 0 on success
+ * @retval <0 on failure
+ */
+int odp_packet_parse_multi(const odp_packet_t pkt[], const uint32_t offset[],
+  int num, const odp_packet_parse_param_t *param);
+


Comment:
For consistency with other `odp_xxx_multi()` APIs, the RC should indicate the 
number of input packets that were successfully processed. 

> muvarov wrote
> it looks like 2 enums are not needed here. odp_proto_layet_t  layer_start; 
> and  odp_proto_layet_t  layer_end;  and one enum for layers.


>> muvarov wrote
>> maybe return number of correctly parsed packets? And say that parsing always 
>> starts from be beginning of array. 


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> +1 since other checksum APIs refer to L3 and L4 rather than specific 
>>> protocols. 


 Dmitry Eremin-Solenikov(lumag) wrote:
 What about just `l3_chksum`, and `l4_chksum`? 


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Now that we have a `param` struct we should have an 
> `odp_packet_parse_param_init()` API as well for completeness.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @Bill-Fischofer-Linaro Because it is a parsing error, if lower layer 
>> provides us IP version that does not correspond to the in-packet 
>> version. We should detect that, rather than silently parsing this header.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> I'm not sure why an API named `odp_packet_parse()` needs help here. 
>>> It's purpose, after all, is to parse packets and determining IPv4 vs 
>>> IPv6 is part of that activity. Moreover, the only way an application 
>>> can inspect the IP header is to access it via other ODP API calls, so I 
>>> don't see how asking the application to do this is any better than 
>>> having the `odp_packet_parse()` implementation do this itself. What's 
>>> the purpose of having a parse API in that case since clearly the 
>>> application could parse the entire packet "by hand" as well.


 Dmitry Eremin-Solenikov(lumag) wrote:
 Failure needs to be defined in a more preci

Re: [lng-odp] [PATCH v1] Misc fast path optimizations

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

platform/linux-generic/include/odp_buffer_internal.h
line 4
@@ -104,17 +104,10 @@ struct odp_buffer_hdr_t {
/* User area pointer */
void*uarea_addr;
 
-   /* User area size */


Comment:
This is not planned untill TigerMoth.

> nagarahalli wrote
> It is about 2.0 merge to master, it will happen sometime in the future.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @nagarahalli Any reason why we shouldn't have it in master?


>>> nagarahalli wrote
>>> This change is done already in 2.0.


 Dmitry Eremin-Solenikov(lumag) wrote:
 @matiaselo ok.


> Matias Elo(matiaselo) wrote:
> Since there are currently no functions in sight to put into 
> pool_inlines.h I would suggest not to add a new header file. If/when some 
> pool inline function are added later on the header can be created them. 
> Is this OK for you?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> Just wanted to have pool functions in pool header, etc.


>>> Matias Elo(matiaselo) wrote:
>>> I followed the same pattern as the packet inlines. 
>>> _odp_packet_inline_offset_t is defined in packet_types.h.


 Matias Elo(matiaselo) wrote:
 pool_inlines.h would only include these two lines and looking at pool 
 API there aren't any additional functions which should be inlined. Do 
 you have a particular use case in mind for this header?


> Dmitry Eremin-Solenikov(lumag) wrote:
> And this to pool_inline_types.h.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> This should go to pool_inlines.h


https://github.com/Linaro/odp/pull/281#discussion_r149740277
updated_at 2017-11-08 17:30:16

Re: [lng-odp] [PATCH v1] Misc fast path optimizations

[Github ODP bot]

nagarahalli replied on github web page:

platform/linux-generic/include/odp_buffer_internal.h
line 4
@@ -104,17 +104,10 @@ struct odp_buffer_hdr_t {
/* User area pointer */
void*uarea_addr;
 
-   /* User area size */


Comment:
It is about 2.0 merge to master, it will happen sometime in the future.

> Dmitry Eremin-Solenikov(lumag) wrote:
> @nagarahalli Any reason why we shouldn't have it in master?


>> nagarahalli wrote
>> This change is done already in 2.0.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @matiaselo ok.


 Matias Elo(matiaselo) wrote:
 Since there are currently no functions in sight to put into pool_inlines.h 
 I would suggest not to add a new header file. If/when some pool inline 
 function are added later on the header can be created them. Is this OK for 
 you?


> Dmitry Eremin-Solenikov(lumag) wrote:
> Just wanted to have pool functions in pool header, etc.


>> Matias Elo(matiaselo) wrote:
>> I followed the same pattern as the packet inlines. 
>> _odp_packet_inline_offset_t is defined in packet_types.h.


>>> Matias Elo(matiaselo) wrote:
>>> pool_inlines.h would only include these two lines and looking at pool 
>>> API there aren't any additional functions which should be inlined. Do 
>>> you have a particular use case in mind for this header?


 Dmitry Eremin-Solenikov(lumag) wrote:
 And this to pool_inline_types.h.


> Dmitry Eremin-Solenikov(lumag) wrote:
> This should go to pool_inlines.h


https://github.com/Linaro/odp/pull/281#discussion_r149739084
updated_at 2017-11-08 17:26:05

Re: [lng-odp] [PATCH v1] Misc fast path optimizations

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

platform/linux-generic/include/odp_buffer_internal.h
line 4
@@ -104,17 +104,10 @@ struct odp_buffer_hdr_t {
/* User area pointer */
void*uarea_addr;
 
-   /* User area size */


Comment:
@nagarahalli Any reason why we shouldn't have it in master?

> nagarahalli wrote
> This change is done already in 2.0.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @matiaselo ok.


>>> Matias Elo(matiaselo) wrote:
>>> Since there are currently no functions in sight to put into pool_inlines.h 
>>> I would suggest not to add a new header file. If/when some pool inline 
>>> function are added later on the header can be created them. Is this OK for 
>>> you?


 Dmitry Eremin-Solenikov(lumag) wrote:
 Just wanted to have pool functions in pool header, etc.


> Matias Elo(matiaselo) wrote:
> I followed the same pattern as the packet inlines. 
> _odp_packet_inline_offset_t is defined in packet_types.h.


>> Matias Elo(matiaselo) wrote:
>> pool_inlines.h would only include these two lines and looking at pool 
>> API there aren't any additional functions which should be inlined. Do 
>> you have a particular use case in mind for this header?


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> And this to pool_inline_types.h.


 Dmitry Eremin-Solenikov(lumag) wrote:
 This should go to pool_inlines.h


https://github.com/Linaro/odp/pull/281#discussion_r149737386
updated_at 2017-11-08 17:19:57

Re: [lng-odp] [PATCH v1] DPDK pktio fixes

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 70
@@ -1372,10 +1382,10 @@ static int dpdk_recv(pktio_entry_t *pktio_entry, int 
index,
if (!pkt_dpdk->lockless_rx)
odp_ticketlock_lock(&pkt_dpdk->rx_lock[index]);
/**
-* ixgbe_pmd has a minimum supported RX burst size ('min_rx_burst'). If
-* 'num' < 'min_rx_burst', 'min_rx_burst' is used as rte_eth_rx_burst()
-* argument and the possibly received extra packets are cached for the
-* next dpdk_recv_queue() call to use.
+* ixgbe and i40e drivers have a minimum supported RX burst size


Comment:
Presumably these drivers have a way of flushing short bursts? If the 
`min_rx_burst` is 4 and the other side sends an odd number of packets, 
presumably the receiver application isn't left hanging forever waiting for the 
rest of a burst that will never arrive?

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Wouldn't it be simpler (and more extensible) to have `min_rx_burst` as a 
> field in the `dev_info` struct? 


>> nagarahalli wrote
>> 'min_rx_burst' should be added to the capability as it is a restriction from 
>> the device. The application should adjust the 'num' according to the 
>> capability it reads from the pkt I/O.


https://github.com/Linaro/odp/pull/287#discussion_r149740489
updated_at 2017-11-08 17:34:43

Re: [lng-odp] [PATCH v1] DPDK pktio fixes

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 39
@@ -1135,6 +1135,13 @@ static void dpdk_init_capability(pktio_entry_t 
*pktio_entry,
rte_eth_dev_info_get(pkt_dpdk->port_id, dev_info);
capa->max_input_queues = RTE_MIN(dev_info->max_rx_queues,
 PKTIO_MAX_QUEUES);
+
+   /* ixgbe devices support only 16 rx queues in RSS mode */
+   if (!strncmp(dev_info->driver_name, IXGBE_DRV_NAME,
+strlen(IXGBE_DRV_NAME)))
+   capa->max_input_queues = RTE_MIN((unsigned)16,
+capa->max_input_queues);
+


Comment:
Again, shouldn't this sort of configuration be a field in the `dev_info` struct 
rather than having to be special-cased for each driver? Also, must 16 be a 
"magic number" here?

> Dmitry Eremin-Solenikov(lumag) wrote:
> It looks like this should be fixed inside DPDK rather than here.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Presumably these drivers have a way of flushing short bursts? If the 
>> `min_rx_burst` is 4 and the other side sends an odd number of packets, 
>> presumably the receiver application isn't left hanging forever waiting for 
>> the rest of a burst that will never arrive?


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> Wouldn't it be simpler (and more extensible) to have `min_rx_burst` as a 
>>> field in the `dev_info` struct? 


 nagarahalli wrote
 'min_rx_burst' should be added to the capability as it is a restriction 
 from the device. The application should adjust the 'num' according to the 
 capability it reads from the pkt I/O.


https://github.com/Linaro/odp/pull/287#discussion_r149741025
updated_at 2017-11-08 17:34:43

Re: [lng-odp] [PATCH v1] DPDK pktio fixes

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 39
@@ -1135,6 +1135,13 @@ static void dpdk_init_capability(pktio_entry_t 
*pktio_entry,
rte_eth_dev_info_get(pkt_dpdk->port_id, dev_info);
capa->max_input_queues = RTE_MIN(dev_info->max_rx_queues,
 PKTIO_MAX_QUEUES);
+
+   /* ixgbe devices support only 16 rx queues in RSS mode */
+   if (!strncmp(dev_info->driver_name, IXGBE_DRV_NAME,
+strlen(IXGBE_DRV_NAME)))
+   capa->max_input_queues = RTE_MIN((unsigned)16,
+capa->max_input_queues);
+


Comment:
It looks like this should be fixed inside DPDK rather than here.

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Presumably these drivers have a way of flushing short bursts? If the 
> `min_rx_burst` is 4 and the other side sends an odd number of packets, 
> presumably the receiver application isn't left hanging forever waiting for 
> the rest of a burst that will never arrive?


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Wouldn't it be simpler (and more extensible) to have `min_rx_burst` as a 
>> field in the `dev_info` struct? 


>>> nagarahalli wrote
>>> 'min_rx_burst' should be added to the capability as it is a restriction 
>>> from the device. The application should adjust the 'num' according to the 
>>> capability it reads from the pkt I/O.


https://github.com/Linaro/odp/pull/287#discussion_r149740879
updated_at 2017-11-08 17:32:39

Re: [lng-odp] [PATCH v1] DPDK pktio fixes

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 58
@@ -1249,10 +1253,16 @@ static int dpdk_open(odp_pktio_t id ODP_UNUSED,
pkt_dpdk->vdev_sysc_promisc = 1;
rte_eth_promiscuous_disable(pkt_dpdk->port_id);
 
-   if (!strcmp(dev_info.driver_name, "rte_ixgbe_pmd"))
-   pkt_dpdk->min_rx_burst = DPDK_IXGBE_MIN_RX_BURST;
+   /* Drivers requiring minimum burst size. Supports also *_vf versions
+* of the drivers. */
+   if (!strncmp(dev_info.driver_name, IXGBE_DRV_NAME,
+strlen(IXGBE_DRV_NAME)) ||
+   !strncmp(dev_info.driver_name, I40E_DRV_NAME,
+strlen(I40E_DRV_NAME)))
+   pkt_dpdk->min_rx_burst = DPDK_MIN_RX_BURST;
else
pkt_dpdk->min_rx_burst = 0;
+


Comment:
Wouldn't it be simpler (and more extensible) to have `min_rx_burst` as a field 
in the `dev_info` struct? 

> nagarahalli wrote
> 'min_rx_burst' should be added to the capability as it is a restriction from 
> the device. The application should adjust the 'num' according to the 
> capability it reads from the pkt I/O.


https://github.com/Linaro/odp/pull/287#discussion_r149739662
updated_at 2017-11-08 17:34:43

Re: [lng-odp] issues with usage of mellanox 100G NICs with ODP & ODP-DPDK

[Maxim Uvarov]

On 11/08/17 19:32, gyanesh patra wrote:
> I am not sure what you mean. Can you please elaborate?
> 
> As i mentioned before I am able to run dpdk examples. Hence the drivers
> are available and working fine.
> I configured ODP & ODP-DPDK with "LDFLAGS=-libverbs" and compiled to
> work with mellanox. I followed the same while compiling dpdk too.
> 
> Is there anything i am missing?
> 
> P Gyanesh Kumar Patra


in general if CONFIG_RTE_LIBRTE_MLX5_PMD=y was specified then it has to
work. I think we did test only with ixgbe. But in general it's common code.

"Unable to init any I/O type." means it it called all open for all pktio
in list here:
./platform/linux-generic/pktio/io_ops.c

and setup_pkt_dpdk() failed for some reason.

I do not like allocations errors in your log.

Try to compile ODP with --enable-debug-print --enable-debug it will make
ODP_DBG() macro work and it will be visible why it does not opens pktio.

Maxim


> 
> On Wed, Nov 8, 2017 at 5:22 PM, Maxim Uvarov  > wrote:
> 
> is Mellanox pmd compiled in?
> 
> Maxim.
> 
> On 11/08/17 17:58, gyanesh patra wrote:
> > Hi,
> > I am trying to run ODP & ODP-DPDK examples on our server with
> mellanox 100G
> > NICs. I am using the odp_l2fwd example. While running the example,
> I am
> > facing some issues.
> > -> When I run "ODP" example using the if names given by kernel as
> > arguments, I am not getting enough throughput.(the value is very low)
> > -> And when I try "ODP-DPDK" example using port ID as "0,1", it can't
> > create pktio. Whereas I am able to run the examples from "DPDK"
> > repo with portID "0,1" for the same mellanox NICs. I tried running
> with
> > "81:00.0,81:00.1" and also with if-names too without any success.
> Adding
> > the whitelist using ODP_PLATFORM_PARAMS doesn't help either.
> >
> > Am I missing any steps to use mellanox NICs? OR is there a
> different method
> > to specify the device details to create pktio?
> > I am providing the output of "odp_l2fwd" examples for ODP and ODP-DPDK
> > repository here.
> >
> > The NICs being used:
> >
> > :81:00.0 'MT27700 Family [ConnectX-4]' if=enp129s0f0 drv=mlx5_core
> > unused=
> > :81:00.1 'MT27700 Family [ConnectX-4]' if=enp129s0f1 drv=mlx5_core
> > unused=
> >
> > ODP l2fwd example run details:
> > --
> > root@ubuntu:/home/ubuntu/odp/test/performance# ./odp_l2fwd -i
> > enp129s0f0,enp129s0f1
> > HW time counter freq: 239886 
> <(239)%20999-9886> hz
> >
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishm.c:880:_odp_ishm_reserve():No huge pages, fall back to normal
> pages.
> > check: /proc/sys/vm/nr_hugepages.
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> >  PKTIO: initialized loop interface.
> >  PKTIO: initialized pcap interface.
> >  PKTIO: initialized ipc interface.
> >  PKTIO: initialized socket mmap, use export
> ODP_PKTIO_DISABLE_SOCKET_MMAP=1
> > to disable.
> >  PKTIO: initialized socket mmsg,use export
> ODP_PKTIO_DISABLE_SOCKET_MMSG=1
> > to disable.
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> >
> > ODP system info
> > ---
> > ODP API version: 1.15.0
> > ODP impl name:   "odp-linux"
> > CPU model:       Intel(R) Xeon(R) CPU E5-2680 v4
> > CPU freq (hz):   33
> > Cache line size: 64
> > CPU count:       56
> >
> >
> > CPU features supported:
> > SSE3 PCLMULQDQ DTES64 MONITOR DS_CPL VMX SMX EIST TM2 SSSE3 FMA
> CMPXCHG16B
> > XTPR PDCM PCID DCA SSE4_1 SSE4_2 X2APIC MOVBE POPCNT TSC_DEADLINE
> AES XSAVE
> > OSXSAVE AVX F16C RDRAND FPU VME DE PSE TSC MSR PAE MCE CX8 APIC
> SEP MTRR
> > PGE MCA CMOV PAT PSE36 CLFSH DS ACPI MMX FXSR SSE SSE2 SS HTT TM PBE
> > DIGTEMP TRBOBST ARAT PLN ECMD PTM MPERF_APERF_MSR ENERGY_EFF
> FSGSBASE HLE
> > AVX2 BMI2 ERMS INVPCID RTM LAHF_SAHF SYSCALL XD 1GB_PG RDTSCP
> EM64T INVTSC
> >
> > CPU features NOT supported:
> > CNXT_ID PSN ACNT2 BMI1 SMEP AVX512F LZCNT
> >
> > Running ODP appl: "odp_l2fwd"
> > -
> > IF-count:        2
> > Using IFs:       enp129s0f0 enp129s0f1
> > Mode:            PKTIN_DIRECT, PKTOUT_DIRECT
> >
> > num worker threads: 32
> > first CPU:          24
> > cpu mask:           0x00
>   

[lng-odp] [PATCH API-NEXT v7 16/16] linux-gen: ipsec: don't leak SA on creation error

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix
them by always releasing SA in error case.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 platform/linux-generic/odp_ipsec_sad.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index 6a17a9172..ec2bd27e1 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -310,7 +310,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
ipsec_sa->icv_len = 16;
break;
default:
-   return ODP_IPSEC_SA_INVALID;
+   goto error;
}
 
switch (crypto_param.cipher_alg) {
@@ -340,7 +340,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
crypto_param.iv.length = 12;
break;
default:
-   return ODP_IPSEC_SA_INVALID;
+   goto error;
}
 
if (1 == ipsec_sa->use_counter_iv &&

[lng-odp] [PATCH API-NEXT v7 4/16] linux-gen: ipsec: fix soft/hard limits check

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Split count expiration check into two phases:
 - optional precheck, run before crypto, which fails only if hard limit
   is already breached
 - update, run after crypto in INBOUND case, so that limits will not be
   updated for packets failing ICV check.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 .../linux-generic/include/odp_ipsec_internal.h | 10 +-
 platform/linux-generic/odp_ipsec.c | 12 +--
 platform/linux-generic/odp_ipsec_sad.c | 23 +-
 3 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/platform/linux-generic/include/odp_ipsec_internal.h 
b/platform/linux-generic/include/odp_ipsec_internal.h
index afc2f686e..68ab195c7 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -185,11 +185,19 @@ void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa);
 ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup);
 
 /**
+ * Run pre-check on SA usage statistics.
+ *
+ * @retval <0 if hard limits were breached
+ */
+int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa,
+odp_ipsec_op_status_t *status);
+
+/**
  * Update SA usage statistics, filling respective status for the packet.
  *
  * @retval <0 if hard limits were breached
  */
-int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len,
+int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len,
   odp_ipsec_op_status_t *status);
 
 /**
diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index 1aa437b8e..55b60162d 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -412,9 +412,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
goto out;
}
 
-   if (_odp_ipsec_sa_update_stats(ipsec_sa,
-  stats_length,
-  status) < 0)
+   if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0)
goto out;
 
param.session = ipsec_sa->session;
@@ -449,6 +447,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
goto out;
}
 
+   if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0)
+   goto out;
+
ip_offset = odp_packet_l3_offset(pkt);
ip = odp_packet_l3_ptr(pkt, NULL);
ip_hdr_len = ipv4_hdr_len(ip);
@@ -835,9 +836,8 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
goto out;
}
 
-   if (_odp_ipsec_sa_update_stats(ipsec_sa,
-  stats_length,
-  status) < 0)
+   /* No need to run precheck here, we know that packet is authentic */
+   if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0)
goto out;
 
param.session = ipsec_sa->session;
diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index 5d20bb66c..fe8dfd0e4 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -476,7 +476,28 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t 
*lookup)
return best;
 }
 
-int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len,
+int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa,
+odp_ipsec_op_status_t *status)
+{
+   uint64_t bytes = odp_atomic_load_u64(&ipsec_sa->bytes);
+   uint64_t packets = odp_atomic_load_u64(&ipsec_sa->packets);
+   int rc = 0;
+
+   if (ipsec_sa->hard_limit_bytes > 0 &&
+   bytes > ipsec_sa->hard_limit_bytes) {
+   status->error.hard_exp_bytes = 1;
+   rc = -1;
+   }
+   if (ipsec_sa->hard_limit_packets > 0 &&
+   packets > ipsec_sa->hard_limit_packets) {
+   status->error.hard_exp_packets = 1;
+   rc = -1;
+   }
+
+   return rc;
+}
+
+int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len,
   odp_ipsec_op_status_t *status)
 {
uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len;

[lng-odp] [PATCH API-NEXT v7 13/16] validation: check that erroneous IPsec packets have error flag set

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Verify that odp_packet_has_error() returns true for IPsec packets with
error status in result.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 test/validation/api/ipsec/ipsec.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/test/validation/api/ipsec/ipsec.c 
b/test/validation/api/ipsec/ipsec.c
index 5883f23e2..045718594 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -739,6 +739,10 @@ void ipsec_check_in_one(const ipsec_test_part *part, 
odp_ipsec_sa_t sa)
CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i]));
CU_ASSERT_EQUAL(part->out[i].status.error.all,
result.status.error.all);
+   if (result.status.error.all)
+   CU_ASSERT(odp_packet_has_error(pkto[i]))
+   else
+   CU_ASSERT(!odp_packet_has_error(pkto[i]));
CU_ASSERT_EQUAL(suite_context.inbound_op_mode ==
ODP_IPSEC_OP_MODE_INLINE,
result.flag.inline_mode);
@@ -778,6 +782,10 @@ void ipsec_check_out_one(const ipsec_test_part *part, 
odp_ipsec_sa_t sa)
CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i]));
CU_ASSERT_EQUAL(part->out[i].status.error.all,
result.status.error.all);
+   if (result.status.error.all)
+   CU_ASSERT(odp_packet_has_error(pkto[i]))
+   else
+   CU_ASSERT(!odp_packet_has_error(pkto[i]));
CU_ASSERT_EQUAL(sa, result.sa);
CU_ASSERT_EQUAL(IPSEC_SA_CTX,
odp_ipsec_sa_context(sa));

[lng-odp] [PATCH API-NEXT v7 15/16] linux-gen: ipsec: correct frag_offset for tunneled packets

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Generated outer header should have frag_offset = 0, MF = 0. Change code
accordingly.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 platform/linux-generic/odp_ipsec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index e6fb276a6..107b54917 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -677,10 +677,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id,
 1);
if (ipsec_sa->copy_df)
-   out_ip.frag_offset = ip->frag_offset;
+   out_ip.frag_offset = ip->frag_offset & 0x4000;
else
-   out_ip.frag_offset = (ip->frag_offset & ~0x4000) |
-(ipsec_sa->out.tun_df << 14);
+   out_ip.frag_offset =
+   ((uint16_t)ipsec_sa->out.tun_df) << 14;
out_ip.ttl = ipsec_sa->out.tun_ttl;
out_ip.proto = _ODP_IPV4;
/* Will be filled later by packet checksum update */

[lng-odp] [PATCH API-NEXT v7 0/16] IPsec implementation updates

[Github ODP bot]

security fix for GCM mode: proper IV generation
implementation of 32-bit replay window support
implementation of PIPELINE_CLS support

github
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
/github

checkpatch.pl
total: 0 errors, 0 warnings, 0 checks, 77 lines checked


to_send-p-000.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 0 lines checked


to_send-p-001.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 62 lines checked


to_send-p-002.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 79 lines checked


to_send-p-003.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 113 lines checked


to_send-p-004.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 54 lines checked


to_send-p-005.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 315 lines checked


to_send-p-006.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 133 lines checked


to_send-p-007.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 66 lines checked


to_send-p-008.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 151 lines checked


to_send-p-009.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 244 lines checked


to_send-p-010.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 338 lines checked


to_send-p-011.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 20 lines checked


to_send-p-012.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 22 lines checked


to_send-p-013.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 13 lines checked


to_send-p-014.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 16 lines checked


to_send-p-015.patch has no obvious style problems and is ready for submission.
/checkpatch.pl

[lng-odp] [PATCH API-NEXT v7 9/16] linux-gen: classification: split cls_pkt_get_queue() function

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Separate function returning destination queue from cos_t instance.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 .../include/odp_classification_internal.h  |  7 +
 platform/linux-generic/odp_classification.c| 34 --
 2 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/platform/linux-generic/include/odp_classification_internal.h 
b/platform/linux-generic/include/odp_classification_internal.h
index 8882a7177..4cadb9bdb 100644
--- a/platform/linux-generic/include/odp_classification_internal.h
+++ b/platform/linux-generic/include/odp_classification_internal.h
@@ -42,6 +42,13 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t 
*base,
odp_packet_hdr_t *pkt_hdr);
 
 /**
+ * @internal
+ * Select packet destination queue basing on provided cos entry
+ */
+odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos,
+ const uint8_t *base);
+
+/**
 Packet IO classifier init
 
 This function does initialization of classifier object associated with pktio.
diff --git a/platform/linux-generic/odp_classification.c 
b/platform/linux-generic/odp_classification.c
index 6ece74fca..317caefbf 100644
--- a/platform/linux-generic/odp_classification.c
+++ b/platform/linux-generic/odp_classification.c
@@ -961,8 +961,7 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t 
*base,
odp_packet_hdr_t *pkt_hdr)
 {
cos_t *cos;
-   uint32_t tbl_index;
-   uint32_t hash;
+   odp_queue_t queue;
 
packet_parse_reset(pkt_hdr);
packet_set_len(pkt_hdr, pkt_len);
@@ -979,20 +978,37 @@ int cls_classify_packet(pktio_entry_t *entry, const 
uint8_t *base,
return -EFAULT;
 
*pool = cos->s.pool;
+
pkt_hdr->p.input_flags.dst_queue = 1;
 
-   if (!cos->s.queue_group) {
-   pkt_hdr->dst_queue = queue_fn->from_ext(cos->s.queue);
-   return 0;
-   }
+   queue = cls_pkt_get_queue(pkt_hdr, cos, base);
+   pkt_hdr->dst_queue = queue_fn->from_ext(queue);
+
+   return 0;
+}
+
+/**
+ * Set packet destination queue basing on the cos
+ *
+ * @param cos
+ * @param pkt_hdr  Packet header
+ * @param base Packet data
+ */
+odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos,
+ const uint8_t *base)
+{
+   uint32_t tbl_index;
+   uint32_t hash;
+
+   if (!cos->s.queue_group)
+   return cos->s.queue;
 
hash = packet_rss_hash(pkt_hdr, cos->s.hash_proto, base);
/* CLS_COS_QUEUE_MAX is a power of 2 */
hash = hash & (CLS_COS_QUEUE_MAX - 1);
tbl_index = (cos->s.index * CLS_COS_QUEUE_MAX) + hash;
-   pkt_hdr->dst_queue = queue_fn->from_ext(queue_grp_tbl->
-   s.queue[tbl_index]);
-   return 0;
+
+   return queue_grp_tbl->s.queue[tbl_index];
 }
 
 static uint32_t packet_rss_hash(odp_packet_hdr_t *pkt_hdr,

[lng-odp] [PATCH API-NEXT v7 14/16] linux-gen: ipsec: validate ip header total length

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Check that IP packet length from the header is not bogus.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 platform/linux-generic/odp_ipsec.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index 8101b00c6..e6fb276a6 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -300,6 +300,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
 
ipsec_offset = ip_offset + ip_hdr_len;
 
+   if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) {
+   status->error.alg = 1;
+   goto err;
+   }
+
if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) {
status->error.proto = 1;
goto err;
@@ -648,6 +653,11 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
goto err;
}
 
+   if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) {
+   status->error.alg = 1;
+   goto err;
+   }
+
if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) {
_odp_ipv4hdr_t out_ip;
uint16_t tot_len;

[lng-odp] [PATCH API-NEXT v7 12/16] linux-gen: ipsec: mark IPsec packets with errors with error flag

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add new ipsec_err error flag, which is set by IPsec code if there was an
error during IPsec packet processing. This allow application code to
quickly check packets using odp_packet_has_error() function and use fast
path if there was none.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 .../linux-generic/include/odp_packet_internal.h|   1 +
 platform/linux-generic/odp_ipsec.c | 104 -
 2 files changed, 60 insertions(+), 45 deletions(-)

diff --git a/platform/linux-generic/include/odp_packet_internal.h 
b/platform/linux-generic/include/odp_packet_internal.h
index fed562aa3..9c8b48b0c 100644
--- a/platform/linux-generic/include/odp_packet_internal.h
+++ b/platform/linux-generic/include/odp_packet_internal.h
@@ -53,6 +53,7 @@ typedef union {
uint32_t ip_err:1;/**< IP error,  checks TBD */
uint32_t tcp_err:1;   /**< TCP error, checks TBD */
uint32_t udp_err:1;   /**< UDP error, checks TBD */
+   uint32_t ipsec_err:1; /**< IPsec error */
};
 } error_flags_t;
 
diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index 74a1c5766..8101b00c6 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -286,6 +286,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
uint8_t  ip_ttl; /**< Saved IP TTL value */
uint16_t ip_frag_offset; /**< Saved IP flags value */
odp_crypto_packet_result_t crypto; /**< Crypto operation result */
+   odp_packet_hdr_t *pkt_hdr;
 
ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset);
ODP_ASSERT(NULL != ip);
@@ -301,7 +302,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
 
if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) {
status->error.proto = 1;
-   goto out;
+   goto err;
}
 
/* Check IP header for IPSec protocols and look it up */
@@ -311,7 +312,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
if (odp_packet_copy_to_mem(pkt, ipsec_offset,
   sizeof(esp), &esp) < 0) {
status->error.alg = 1;
-   goto out;
+   goto err;
}
 
if (ODP_IPSEC_SA_INVALID == sa) {
@@ -324,7 +325,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
ipsec_sa = _odp_ipsec_sa_lookup(&lookup);
if (NULL == ipsec_sa) {
status->error.sa_lookup = 1;
-   goto out;
+   goto err;
}
} else {
ipsec_sa = _odp_ipsec_sa_use(sa);
@@ -332,7 +333,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
if (ipsec_sa->proto != ODP_IPSEC_ESP ||
ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) {
status->error.proto = 1;
-   goto out;
+   goto err;
}
}
 
@@ -342,7 +343,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
   ipsec_sa->esp_iv_len,
   iv + ipsec_sa->salt_length) < 0) {
status->error.alg = 1;
-   goto out;
+   goto err;
}
 
hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len;
@@ -376,7 +377,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
if (odp_packet_copy_to_mem(pkt, ipsec_offset,
   sizeof(ah), &ah) < 0) {
status->error.alg = 1;
-   goto out;
+   goto err;
}
 
if (ODP_IPSEC_SA_INVALID == sa) {
@@ -389,7 +390,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
ipsec_sa = _odp_ipsec_sa_lookup(&lookup);
if (NULL == ipsec_sa) {
status->error.sa_lookup = 1;
-   goto out;
+   goto err;
}
} else {
ipsec_sa = _odp_ipsec_sa_use(sa);
@@ -397,7 +398,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
if (ipsec_sa->proto != ODP_IPSEC_AH ||
ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)

[lng-odp] [PATCH API-NEXT v7 10/16] linux-gen: ipsec: support pipelining to cos_t

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 .../include/odp_classification_datamodel.h |  2 --
 .../linux-generic/include/odp_ipsec_internal.h |  7 
 platform/linux-generic/odp_ipsec.c | 37 --
 platform/linux-generic/odp_ipsec_sad.c | 16 +-
 4 files changed, 57 insertions(+), 5 deletions(-)

diff --git a/platform/linux-generic/include/odp_classification_datamodel.h 
b/platform/linux-generic/include/odp_classification_datamodel.h
index a40541986..25c488497 100644
--- a/platform/linux-generic/include/odp_classification_datamodel.h
+++ b/platform/linux-generic/include/odp_classification_datamodel.h
@@ -22,8 +22,6 @@ extern "C" {
 #include 
 #include 
 #include 
-#include 
-#include 
 #include 
 #include 
 
diff --git a/platform/linux-generic/include/odp_ipsec_internal.h 
b/platform/linux-generic/include/odp_ipsec_internal.h
index 0a7f96256..81ecec08e 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -23,6 +23,7 @@ extern "C" {
 #include 
 #include 
 #include 
+#include 
 
 /** @ingroup odp_ipsec
  *  @{
@@ -141,6 +142,7 @@ struct ipsec_sa_s {
odp_ipsec_lookup_mode_t lookup_mode;
odp_u32be_t lookup_dst_ip;
odp_atomic_u64_t antireplay;
+   cos_t   *cos;
} in;
 
struct {
@@ -229,6 +231,11 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, 
uint32_t seq,
 int _odp_ipsec_try_inline(odp_packet_t pkt);
 
 /**
+ * Returns ODP IPsec configuration
+ */
+const odp_ipsec_config_t *_odp_ipsec_config_get(void);
+
+/**
  * @}
  */
 
diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index 5bb8330cb..74a1c5766 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -13,6 +13,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -30,6 +31,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa)
int rc;
odp_crypto_capability_t crypto_capa;
odp_queue_capability_t queue_capa;
+   odp_cls_capability_t cls_capa;
 
memset(capa, 0, sizeof(odp_ipsec_capability_t));
 
@@ -39,6 +41,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa)
capa->op_mode_inline_out = ODP_SUPPORT_PREFERRED;
 
capa->proto_ah = ODP_SUPPORT_YES;
+   capa->pipeline_cls = ODP_SUPPORT_YES;
 
capa->max_num_sa = ODP_CONFIG_IPSEC_SAS;
 
@@ -57,6 +60,12 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa)
 
capa->max_queues = queue_capa.max_queues;
 
+   rc = odp_cls_capability(&cls_capa);
+   if (rc < 0)
+   return rc;
+
+   capa->max_cls_cos = cls_capa.max_cos;
+
return 0;
 }
 
@@ -95,6 +104,11 @@ int odp_ipsec_config(const odp_ipsec_config_t *config)
return 0;
 }
 
+const odp_ipsec_config_t *_odp_ipsec_config_get(void)
+{
+   return &ipsec_config;
+}
+
 static odp_ipsec_packet_result_t *ipsec_pkt_result(odp_packet_t packet)
 {
ODP_ASSERT(ODP_EVENT_PACKET_IPSEC ==
@@ -1060,7 +1074,16 @@ int odp_ipsec_in_enq(const odp_packet_t pkt_in[], int 
num_in,
result->status = status;
if (NULL != ipsec_sa) {
result->sa = ipsec_sa->ipsec_sa_hdl;
-   queue = ipsec_sa->queue;
+   if (ipsec_sa->in.cos && !status.error.all) {
+   odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt);
+   const uint8_t *base = odp_packet_data(pkt);
+
+   queue = cls_pkt_get_queue(pkt_hdr,
+ ipsec_sa->in.cos,
+ base);
+   } else {
+   queue = ipsec_sa->queue;
+   }
} else {
result->sa = ODP_IPSEC_SA_INVALID;
queue = ipsec_config.inbound.default_queue;
@@ -1143,6 +1166,7 @@ int _odp_ipsec_try_inline(odp_packet_t pkt)
ipsec_sa_t *ipsec_sa;
odp_ipsec_packet_result_t *result;
odp_packet_hdr_t *pkt_hdr;
+   odp_queue_t queue;
 
memset(&status, 0, sizeof(status));
 
@@ -1160,10 +1184,19 @@ int _odp_ipsec_try_inline(odp_packet_t pkt)
memset(result, 0, sizeof(*result));
result->status = status;
result->sa = ipsec_sa->ipsec_sa_hdl;
+   result->flag.inline_mode = 1;
 
pkt_hdr = odp_packet_hdr(pkt);
 

[lng-odp] [PATCH API-NEXT v7 11/16] validation: ipsec: add support for PIPELINE_CLS testing

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 test/validation/api/ipsec/ipsec.c   | 165 ++--
 test/validation/api/ipsec/ipsec.h   |   3 +
 test/validation/api/ipsec/ipsec_async.c |   1 +
 test/validation/api/ipsec/ipsec_inline_in.c |   1 +
 4 files changed, 159 insertions(+), 11 deletions(-)

diff --git a/test/validation/api/ipsec/ipsec.c 
b/test/validation/api/ipsec/ipsec.c
index 853bd88a9..5883f23e2 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -117,6 +117,35 @@ static void pktio_stop(odp_pktio_t pktio)
}
 }
 
+static odp_cos_t ipsec_cos_create(void)
+{
+   odp_cls_cos_param_t param;
+   odp_cos_t cos;
+
+   odp_cls_cos_param_init(¶m);
+   param.pool = suite_context.pool;
+   param.num_queue = 1;
+   param.queue = odp_queue_create("ipsec-cos-queue", NULL);
+
+   if (ODP_QUEUE_INVALID == param.queue)
+   return ODP_COS_INVALID;
+
+   cos = odp_cls_cos_create("ipsec-cos", ¶m);
+   if (ODP_COS_INVALID != cos)
+   suite_context.cos_queue = odp_cos_queue(cos);
+
+   return cos;
+}
+
+static void ipsec_cos_destroy(void)
+{
+   odp_queue_t queue = odp_cos_queue(suite_context.cos);
+
+   suite_context.cos_queue = ODP_QUEUE_INVALID;
+   odp_cos_destroy(suite_context.cos);
+   odp_queue_destroy(queue);
+}
+
 #define MAX_ALG_CAPA 32
 
 int ipsec_check(odp_bool_t ah,
@@ -147,6 +176,11 @@ int ipsec_check(odp_bool_t ah,
 ODP_SUPPORT_NO == capa.op_mode_inline_out))
return ODP_TEST_INACTIVE;
 
+   if (ODP_COS_INVALID != suite_context.cos &&
+   (capa.pipeline_cls == ODP_SUPPORT_NO ||
+capa.max_cls_cos < 1))
+   return ODP_TEST_INACTIVE;
+
if (ah && (ODP_SUPPORT_NO == capa.proto_ah))
return ODP_TEST_INACTIVE;
 
@@ -288,6 +322,11 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
if (in)
param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI;
 
+   if (in && (ODP_COS_INVALID != suite_context.cos)) {
+   param->inbound.pipeline = ODP_IPSEC_PIPELINE_CLS;
+   param->inbound.dest_cos = suite_context.cos;
+   }
+
param->proto = ah ? ODP_IPSEC_AH :
ODP_IPSEC_ESP;
 
@@ -438,23 +477,53 @@ static int ipsec_send_in_one(const ipsec_test_part *part,
pkto, &num_out,
¶m));
CU_ASSERT_EQUAL(num_out, part->out_pkt);
-   } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode) {
+   } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode &&
+  ODP_QUEUE_INVALID == suite_context.cos_queue) {
CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m));
 
-   for (i = 0; i < num_out; i++) {
-   odp_event_t event;
+   for (i = 0; i < num_out;) {
+   odp_event_t ev;
odp_event_subtype_t subtype;
 
-   do {
-   event = odp_queue_deq(suite_context.queue);
-   } while (event == ODP_EVENT_INVALID);
+   ev = odp_queue_deq(suite_context.queue);
+   if (ODP_EVENT_INVALID != ev) {
+   CU_ASSERT_EQUAL(ODP_EVENT_PACKET,
+   odp_event_types(ev, &subtype));
+   CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC,
+   subtype);
+   pkto[i++] = odp_ipsec_packet_from_event(ev);
+   }
+   }
+   } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode &&
+  ODP_QUEUE_INVALID != suite_context.cos_queue) {
+   CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m));
 
-   CU_ASSERT_EQUAL(ODP_EVENT_PACKET,
-   odp_event_types(event, &subtype));
-   CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype);
-   pkto[i] = odp_ipsec_packet_from_event(event);
+   for (i = 0; i < num_out;) {
+   odp_event_t ev;
+   odp_event_subtype_t subtype;
+
+   ev = odp_queue_deq(suite_context.queue);
+   if (ODP_EVENT_INVALID != ev) {
+   CU_ASSERT_EQUAL(ODP_EVENT_PACKET,
+  

[lng-odp] [PATCH API-NEXT v7 8/16] linux-gen: classification: provide _odp_cos_get_entry() function

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Provide function mapping from odp_cos_t to internal cos_t type.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 .../include/odp_classification_datamodel.h |  4 +++
 platform/linux-generic/odp_classification.c| 33 +++---
 2 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/platform/linux-generic/include/odp_classification_datamodel.h 
b/platform/linux-generic/include/odp_classification_datamodel.h
index 29b39f9c3..a40541986 100644
--- a/platform/linux-generic/include/odp_classification_datamodel.h
+++ b/platform/linux-generic/include/odp_classification_datamodel.h
@@ -123,6 +123,10 @@ typedef union cos_u {
uint8_t pad[ROUNDUP_CACHE_LINE(sizeof(struct cos_s))];
 } cos_t;
 
+/**
+ * Get classification entry basing on the id
+ */
+cos_t *_odp_cos_get_entry(odp_cos_t cos_id);
 
 /**
 Packet Matching Rule
diff --git a/platform/linux-generic/odp_classification.c 
b/platform/linux-generic/odp_classification.c
index a5cba56a4..6ece74fca 100644
--- a/platform/linux-generic/odp_classification.c
+++ b/platform/linux-generic/odp_classification.c
@@ -302,8 +302,7 @@ odp_pmr_t alloc_pmr(pmr_t **pmr)
return ODP_PMR_INVAL;
 }
 
-static
-cos_t *get_cos_entry(odp_cos_t cos_id)
+cos_t *_odp_cos_get_entry(odp_cos_t cos_id)
 {
if (_odp_typeval(cos_id) >= CLS_COS_MAX_ENTRY ||
cos_id == ODP_COS_INVALID)
@@ -326,7 +325,7 @@ pmr_t *get_pmr_entry(odp_pmr_t pmr_id)
 
 int odp_cos_destroy(odp_cos_t cos_id)
 {
-   cos_t *cos = get_cos_entry(cos_id);
+   cos_t *cos = _odp_cos_get_entry(cos_id);
 
if (NULL == cos) {
ODP_ERR("Invalid odp_cos_t handle");
@@ -339,7 +338,7 @@ int odp_cos_destroy(odp_cos_t cos_id)
 
 int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id)
 {
-   cos_t *cos = get_cos_entry(cos_id);
+   cos_t *cos = _odp_cos_get_entry(cos_id);
 
if (cos == NULL) {
ODP_ERR("Invalid odp_cos_t handle");
@@ -353,7 +352,7 @@ int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t 
queue_id)
 
 odp_queue_t odp_cos_queue(odp_cos_t cos_id)
 {
-   cos_t *cos = get_cos_entry(cos_id);
+   cos_t *cos = _odp_cos_get_entry(cos_id);
 
if (!cos) {
ODP_ERR("Invalid odp_cos_t handle");
@@ -365,7 +364,7 @@ odp_queue_t odp_cos_queue(odp_cos_t cos_id)
 
 uint32_t odp_cls_cos_num_queue(odp_cos_t cos_id)
 {
-   cos_t *cos = get_cos_entry(cos_id);
+   cos_t *cos = _odp_cos_get_entry(cos_id);
 
if (!cos) {
ODP_ERR("Invalid odp_cos_t handle");
@@ -383,7 +382,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t 
queue[],
uint32_t tbl_index;
uint32_t i;
 
-   cos  = get_cos_entry(cos_id);
+   cos  = _odp_cos_get_entry(cos_id);
if (!cos) {
ODP_ERR("Invalid odp_cos_t handle");
return 0;
@@ -403,7 +402,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t 
queue[],
 
 int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy)
 {
-   cos_t *cos = get_cos_entry(cos_id);
+   cos_t *cos = _odp_cos_get_entry(cos_id);
 
if (!cos) {
ODP_ERR("Invalid odp_cos_t handle");
@@ -417,7 +416,7 @@ int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t 
drop_policy)
 
 odp_cls_drop_t odp_cos_drop(odp_cos_t cos_id)
 {
-   cos_t *cos = get_cos_entry(cos_id);
+   cos_t *cos = _odp_cos_get_entry(cos_id);
 
if (!cos) {
ODP_ERR("Invalid odp_cos_t handle");
@@ -437,7 +436,7 @@ int odp_pktio_default_cos_set(odp_pktio_t pktio_in, 
odp_cos_t default_cos)
ODP_ERR("Invalid odp_pktio_t handle");
return -1;
}
-   cos = get_cos_entry(default_cos);
+   cos = _odp_cos_get_entry(default_cos);
if (cos == NULL) {
ODP_ERR("Invalid odp_cos_t handle");
return -1;
@@ -458,7 +457,7 @@ int odp_pktio_error_cos_set(odp_pktio_t pktio_in, odp_cos_t 
error_cos)
return -1;
}
 
-   cos = get_cos_entry(error_cos);
+   cos = _odp_cos_get_entry(error_cos);
if (cos == NULL) {
ODP_ERR("Invalid odp_cos_t handle");
return -1;
@@ -512,7 +511,7 @@ int odp_cos_with_l2_priority(odp_pktio_t pktio_in,
LOCK(&l2_cos->lock);
/* Update the L2 QoS table*/
for (i = 0; i < num_qos; i++) {
-   cos = get_cos_entry(cos_table[i]);
+   cos = _odp_cos_get_entry(cos_table[i]);
if (cos != NULL) {
if (CLS_COS_MAX_L2_QOS > qos_table[i])
l2_cos->cos[qos_table[i]] = cos;
@@ -544,7 +543,7 @@ i

[lng-odp] [PATCH API-NEXT v7 7/16] validation: ipsec: add replay window checks

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 test/validation/api/ipsec/ipsec_test_in.c | 204 ++
 test/validation/api/ipsec/test_vectors.h  |  87 +
 2 files changed, 291 insertions(+)

diff --git a/test/validation/api/ipsec/ipsec_test_in.c 
b/test/validation/api/ipsec/ipsec_test_in.c
index 25fc00e11..598a83e3f 100644
--- a/test/validation/api/ipsec/ipsec_test_in.c
+++ b/test/validation/api/ipsec/ipsec_test_in.c
@@ -284,6 +284,202 @@ static void test_in_esp_null_sha256_tun(void)
ipsec_sa_destroy(sa);
 }
 
+static void test_in_ah_sha256_noreplay(void)
+{
+   odp_ipsec_sa_param_t param;
+   odp_ipsec_sa_t sa;
+
+   ipsec_sa_param_fill(¶m,
+   true, true, 123, NULL,
+   ODP_CIPHER_ALG_NULL, NULL,
+   ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256,
+   NULL);
+   param.inbound.antireplay_ws = 0;
+
+   sa = odp_ipsec_sa_create(¶m);
+
+   CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+   ipsec_test_part test = {
+   .pkt_in = &pkt_icmp_0_ah_sha256_1,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.all = 0,
+ .pkt_out = &pkt_icmp_0 },
+   },
+   };
+
+   ipsec_test_part test_1235 = {
+   .pkt_in = &pkt_icmp_0_ah_sha256_1235,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.all = 0,
+ .pkt_out = &pkt_icmp_0 },
+   },
+   };
+
+   ipsec_check_in_one(&test, sa);
+   ipsec_check_in_one(&test, sa);
+   ipsec_check_in_one(&test_1235, sa);
+   ipsec_check_in_one(&test, sa);
+
+   ipsec_sa_destroy(sa);
+}
+
+static void test_in_ah_sha256_replay(void)
+{
+   odp_ipsec_sa_param_t param;
+   odp_ipsec_sa_t sa;
+
+   ipsec_sa_param_fill(¶m,
+   true, true, 123, NULL,
+   ODP_CIPHER_ALG_NULL, NULL,
+   ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256,
+   NULL);
+   param.inbound.antireplay_ws = 32;
+
+   sa = odp_ipsec_sa_create(¶m);
+
+   CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+   ipsec_test_part test = {
+   .pkt_in = &pkt_icmp_0_ah_sha256_1,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.all = 0,
+ .pkt_out = &pkt_icmp_0 },
+   },
+   };
+
+   ipsec_test_part test_repl = {
+   .pkt_in = &pkt_icmp_0_ah_sha256_1,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.antireplay = 1,
+ .pkt_out = NULL },
+   },
+   };
+
+   ipsec_test_part test_1235 = {
+   .pkt_in = &pkt_icmp_0_ah_sha256_1235,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.all = 0,
+ .pkt_out = &pkt_icmp_0 },
+   },
+   };
+
+   ipsec_check_in_one(&test, sa);
+   ipsec_check_in_one(&test_repl, sa);
+   ipsec_check_in_one(&test_1235, sa);
+   ipsec_check_in_one(&test_repl, sa);
+
+   ipsec_sa_destroy(sa);
+}
+
+static void test_in_esp_null_sha256_noreplay(void)
+{
+   odp_ipsec_sa_param_t param;
+   odp_ipsec_sa_t sa;
+
+   ipsec_sa_param_fill(¶m,
+   true, false, 123, NULL,
+   ODP_CIPHER_ALG_NULL, NULL,
+   ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256,
+   NULL);
+   param.inbound.antireplay_ws = 0;
+
+   sa = odp_ipsec_sa_create(¶m);
+
+   CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+   ipsec_test_part test = {
+   .pkt_in = &pkt_icmp_0_esp_null_sha256_1,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.all = 0,
+ .pkt_out = &pkt_icmp_0 },
+   },
+   };
+
+   ipsec_test_part test_1235 = {
+   .pkt_in = &pkt_icmp_0_esp_null_sha256_1235,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.all = 0,
+  

[lng-odp] [PATCH API-NEXT v7 6/16] linux-gen: ipsec: support replay window checks

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 platform/linux-generic/odp_ipsec.c | 24 
 1 file changed, 24 insertions(+)

diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index 55b60162d..5bb8330cb 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -42,6 +42,8 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa)
 
capa->max_num_sa = ODP_CONFIG_IPSEC_SAS;
 
+   capa->max_antireplay_ws = IPSEC_ANTIREPLAY_WS;
+
rc = odp_crypto_capability(&crypto_capa);
if (rc < 0)
return rc;
@@ -402,6 +404,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
ip->frag_offset = 0;
ip->ttl = 0;
 
+   aad.spi = ah.spi;
+   aad.seq_no = ah.seq_no;
+
+   param.aad.ptr = (uint8_t *)&aad;
+   param.aad.length = sizeof(aad);
+
param.auth_range.offset = ip_offset;
param.auth_range.length = odp_be_to_cpu_16(ip->tot_len);
param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN;
@@ -412,6 +420,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
goto out;
}
 
+   if (_odp_ipsec_sa_replay_precheck(ipsec_sa,
+ odp_be_to_cpu_32(aad.seq_no),
+ status) < 0)
+   goto out;
+
if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0)
goto out;
 
@@ -450,6 +463,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0)
goto out;
 
+   if (_odp_ipsec_sa_replay_update(ipsec_sa,
+   odp_be_to_cpu_32(aad.seq_no),
+   status) < 0)
+   goto out;
+
ip_offset = odp_packet_l3_offset(pkt);
ip = odp_packet_l3_ptr(pkt, NULL);
ip_hdr_len = ipv4_hdr_len(ip);
@@ -814,6 +832,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
ah.next_header = ip->proto;
ip->proto = _ODP_IPPROTO_AH;
 
+   aad.spi = ah.spi;
+   aad.seq_no = ah.seq_no;
+
+   param.aad.ptr = (uint8_t *)&aad;
+   param.aad.length = sizeof(aad);
+
odp_packet_copy_from_mem(pkt,
 ipsec_offset, _ODP_AHHDR_LEN,
 &ah);

[lng-odp] [PATCH API-NEXT v7 5/16] linux-gen: ipsec: add replay window support to SAD

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 .../linux-generic/include/odp_ipsec_internal.h | 20 
 platform/linux-generic/odp_ipsec_sad.c | 60 ++
 2 files changed, 80 insertions(+)

diff --git a/platform/linux-generic/include/odp_ipsec_internal.h 
b/platform/linux-generic/include/odp_ipsec_internal.h
index 68ab195c7..0a7f96256 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -81,6 +81,9 @@ int _odp_ipsec_status_send(odp_queue_t queue,
 
 #define IPSEC_MAX_SALT_LEN 4/**< Maximum salt length in bytes */
 
+/* 32 is minimum required by the standard. We do not support more */
+#define IPSEC_ANTIREPLAY_WS32
+
 /**
  * Maximum number of available SAs
  */
@@ -127,6 +130,9 @@ struct ipsec_sa_s {
 
/* Only for outbound */
unsigneduse_counter_iv : 1;
+
+   /* Only for inbound */
+   unsignedantireplay : 1;
};
};
 
@@ -134,6 +140,7 @@ struct ipsec_sa_s {
struct {
odp_ipsec_lookup_mode_t lookup_mode;
odp_u32be_t lookup_dst_ip;
+   odp_atomic_u64_t antireplay;
} in;
 
struct {
@@ -200,6 +207,19 @@ int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa,
 int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len,
   odp_ipsec_op_status_t *status);
 
+/* Run pre-check on sequence number of the packet.
+ *
+ * @retval <0 if the packet falls out of window
+ */
+int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq,
+ odp_ipsec_op_status_t *status);
+
+/* Run check on sequence number of the packet and update window if necessary.
+ *
+ * @retval <0 if the packet falls out of window
+ */
+int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq,
+   odp_ipsec_op_status_t *status);
 /**
  * Try inline IPsec processing of provided packet.
  *
diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index fe8dfd0e4..e010cfaa3 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -215,6 +215,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
   param->inbound.lookup_param.dst_addr,
   sizeof(ipsec_sa->in.lookup_dst_ip));
 
+   if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS)
+   return ODP_IPSEC_SA_INVALID;
+   ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0);
+   odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0);
} else {
odp_atomic_store_u32(&ipsec_sa->out.seq, 1);
}
@@ -525,3 +529,59 @@ int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, 
uint32_t len,
 
return rc;
 }
+
+int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq,
+ odp_ipsec_op_status_t *status)
+{
+   /* Try to be as quick as possible, we will discard packets later */
+   if (ipsec_sa->antireplay &&
+   seq + IPSEC_ANTIREPLAY_WS <=
+   (odp_atomic_load_u64(&ipsec_sa->in.antireplay) & 0x)) {
+   status->error.antireplay = 1;
+   return -1;
+   }
+
+   return 0;
+}
+
+int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq,
+   odp_ipsec_op_status_t *status)
+{
+   int cas = 0;
+   uint64_t state, new_state;
+
+   if (!ipsec_sa->antireplay)
+   return 0;
+
+   state = odp_atomic_load_u64(&ipsec_sa->in.antireplay);
+
+   while (0 == cas) {
+   uint32_t max_seq = state & 0x;
+   uint32_t mask = state >> 32;
+
+   if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) {
+   status->error.antireplay = 1;
+   return -1;
+   }
+
+   if (seq > max_seq) {
+   mask <<= seq - max_seq;
+   mask |= 1;
+   max_seq = seq;
+   } else {
+   if (mask & (1U << (max_seq - seq))) {
+   status->error.antireplay = 1;
+   return -1;
+   }
+
+   mask |= (1U << (max_seq - seq));
+   }
+
+   new_state = (((uint64_t)mask) << 32) | ma

[lng-odp] [PATCH API-NEXT v7 3/16] validation: ipsec: verify odp_ipsec_sa_context

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 test/validation/api/ipsec/ipsec.c | 19 +--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/test/validation/api/ipsec/ipsec.c 
b/test/validation/api/ipsec/ipsec.c
index a8fdf2b14..853bd88a9 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -19,6 +19,9 @@ struct suite_context_s suite_context;
 #define PKT_POOL_NUM  64
 #define PKT_POOL_LEN  (1 * 1024)
 
+#define PACKET_USER_PTR((void *)0x1212fefe)
+#define IPSEC_SA_CTX   ((void *)0xfefefafa)
+
 static odp_pktio_t pktio_create(odp_pool_t pool)
 {
odp_pktio_t pktio;
@@ -300,6 +303,8 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
 
param->dest_queue = suite_context.queue;
 
+   param->context = IPSEC_SA_CTX;
+
param->crypto.cipher_alg = cipher_alg;
if (cipher_key)
param->crypto.cipher_key = *cipher_key;
@@ -317,6 +322,8 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa)
odp_event_t event;
odp_ipsec_status_t status;
 
+   CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa));
+
CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa));
 
if (ODP_QUEUE_INVALID != suite_context.queue) {
@@ -339,8 +346,6 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa)
CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa));
 }
 
-#define PACKET_USER_PTR((void *)0x1212fefe)
-
 odp_packet_t ipsec_packet(const ipsec_test_packet *itp)
 {
odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len);
@@ -608,7 +613,13 @@ void ipsec_check_in_one(const ipsec_test_part *part, 
odp_ipsec_sa_t sa)
CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i]));
CU_ASSERT_EQUAL(part->out[i].status.error.all,
result.status.error.all);
+   CU_ASSERT_EQUAL(suite_context.inbound_op_mode ==
+   ODP_IPSEC_OP_MODE_INLINE,
+   result.flag.inline_mode);
CU_ASSERT_EQUAL(sa, result.sa);
+   if (ODP_IPSEC_SA_INVALID != sa)
+   CU_ASSERT_EQUAL(IPSEC_SA_CTX,
+   odp_ipsec_sa_context(sa));
}
ipsec_check_packet(part->out[i].pkt_out,
   pkto[i]);
@@ -642,6 +653,8 @@ void ipsec_check_out_one(const ipsec_test_part *part, 
odp_ipsec_sa_t sa)
CU_ASSERT_EQUAL(part->out[i].status.error.all,
result.status.error.all);
CU_ASSERT_EQUAL(sa, result.sa);
+   CU_ASSERT_EQUAL(IPSEC_SA_CTX,
+   odp_ipsec_sa_context(sa));
}
ipsec_check_packet(part->out[i].pkt_out,
   pkto[i]);
@@ -679,6 +692,8 @@ void ipsec_check_out_in_one(const ipsec_test_part *part,
CU_ASSERT_EQUAL(part->out[i].status.error.all,
result.status.error.all);
CU_ASSERT_EQUAL(sa, result.sa);
+   CU_ASSERT_EQUAL(IPSEC_SA_CTX,
+   odp_ipsec_sa_context(sa));
}
CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <=
sizeof(pkt_in.data));

[lng-odp] [PATCH API-NEXT v7 2/16] validation: ipsec: drop unused file

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 test/validation/api/ipsec/ipsec_sync_in.c | 27 ---
 1 file changed, 27 deletions(-)
 delete mode 100644 test/validation/api/ipsec/ipsec_sync_in.c

diff --git a/test/validation/api/ipsec/ipsec_sync_in.c 
b/test/validation/api/ipsec/ipsec_sync_in.c
deleted file mode 100644
index 8a7fc4680..0
--- a/test/validation/api/ipsec/ipsec_sync_in.c
+++ /dev/null
@@ -1,27 +0,0 @@
-/* Copyright (c) 2017, Linaro Limited
- * All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include "config.h"
-
-#include "ipsec.h"
-
-int main(int argc, char *argv[])
-{
-   int ret;
-
-   /* parse common options: */
-   if (odp_cunit_parse_options(argc, argv))
-   return -1;
-
-   odp_cunit_register_global_init(ipsec_init);
-   odp_cunit_register_global_term(ipsec_term);
-
-   ret = odp_cunit_register(ipsec_suites);
-   if (ret == 0)
-   ret = odp_cunit_run();
-
-   return ret;
-}

[lng-odp] [PATCH API-NEXT v7 1/16] linux-gen: ipsec: use counter instead of random IV for GCM

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Reusing IV block with GCM results in disastrous consequences. Use
counter instead of random-generated IV to remove possibility for IV
reuse.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed
 **/
 platform/linux-generic/include/odp_ipsec_internal.h | 16 +---
 platform/linux-generic/odp_ipsec.c  | 19 ++-
 platform/linux-generic/odp_ipsec_sad.c  |  6 ++
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/platform/linux-generic/include/odp_ipsec_internal.h 
b/platform/linux-generic/include/odp_ipsec_internal.h
index 1340ca7bd..afc2f686e 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -118,9 +118,17 @@ struct ipsec_sa_s {
uint8_t salt[IPSEC_MAX_SALT_LEN];
uint32_tsalt_length;
 
-   unsigneddec_ttl : 1;
-   unsignedcopy_dscp : 1;
-   unsignedcopy_df : 1;
+   union {
+   unsigned flags;
+   struct {
+   unsigneddec_ttl : 1;
+   unsignedcopy_dscp : 1;
+   unsignedcopy_df : 1;
+
+   /* Only for outbound */
+   unsigneduse_counter_iv : 1;
+   };
+   };
 
union {
struct {
@@ -136,6 +144,8 @@ struct ipsec_sa_s {
odp_atomic_u32_t tun_hdr_id;
odp_atomic_u32_t seq;
 
+   odp_atomic_u64_t counter; /* for CTR/GCM */
+
uint8_t tun_ttl;
uint8_t tun_dscp;
uint8_t tun_df;
diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index e57736c2a..1aa437b8e 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -676,7 +676,24 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
   ip_data_len +
   ipsec_sa->icv_len;
 
-   if (ipsec_sa->esp_iv_len) {
+   if (ipsec_sa->use_counter_iv) {
+   uint64_t ctr;
+
+   /* Both GCM and CTR use 8-bit counters */
+   ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len);
+
+   ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter,
+  1);
+   /* Check for overrun */
+   if (ctr == 0)
+   goto out;
+
+   memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length);
+   memcpy(iv + ipsec_sa->salt_length, &ctr,
+  ipsec_sa->esp_iv_len);
+
+   param.override_iv_ptr = iv;
+   } else if (ipsec_sa->esp_iv_len) {
uint32_t len;
 
len = odp_random_data(iv + ipsec_sa->salt_length,
diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index f0b5b9e4a..5d20bb66c 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
ipsec_sa->context = param->context;
ipsec_sa->queue = param->dest_queue;
ipsec_sa->mode = param->mode;
+   ipsec_sa->flags = 0;
if (ODP_IPSEC_DIR_INBOUND == param->dir) {
ipsec_sa->in.lookup_mode = param->inbound.lookup_mode;
if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode)
@@ -315,6 +316,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
case ODP_CIPHER_ALG_AES128_GCM:
 #endif
case ODP_CIPHER_ALG_AES_GCM:
+   ipsec_sa->use_counter_iv = 1;
ipsec_sa->esp_iv_len = 8;
ipsec_sa->esp_block_len = 16;
crypto_param.iv.length = 12;
@@ -323,6 +325,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
return ODP_IPSEC_SA_INVALID;
}
 
+   if (1 == ipsec_sa->use_counter_iv &&
+   ODP_IPSEC_DIR_OUTBOUND == param->dir)
+   odp_atomic_init_u64(&ipsec_sa->out.counter, 1);
+
crypto_param.auth_digest_len = ipsec_sa->icv_len;
 
if (param->crypto.cipher_key_extra.length) {

[lng-odp] [PATCH API-NEXT v3 4/4] linux-generic: classification: implement random early detection and back pressure

[Github ODP bot]

From: Balasubramanian Manoharan 

linux-generic does not support random early detection and back pressure

Signed-off-by: Balasubramanian Manoharan 
---
/** Email created from pull request 277 (bala-manoharan:RED)
 ** https://github.com/Linaro/odp/pull/277
 ** Patch: https://github.com/Linaro/odp/pull/277.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 223acade235c29912901e366435e893d4a2e7091
 **/
 platform/linux-generic/odp_classification.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/platform/linux-generic/odp_classification.c 
b/platform/linux-generic/odp_classification.c
index a5cba56a4..7fa125ec2 100644
--- a/platform/linux-generic/odp_classification.c
+++ b/platform/linux-generic/odp_classification.c
@@ -190,6 +190,8 @@ int odp_cls_capability(odp_cls_capability_t *capability)
capability->supported_terms.bit.tcp_sport = 1;
capability->supported_terms.bit.sip_addr = 1;
capability->supported_terms.bit.dip_addr = 1;
+   capability->random_early_detection = ODP_SUPPORT_NO;
+   capability->back_pressure = ODP_SUPPORT_NO;
return 0;
 }
 

[lng-odp] [PATCH API-NEXT v3 1/4] api: std_types: add odp_percent_t data type

[Github ODP bot]

From: Balasubramanian Manoharan 

odp_percent_t is used to express values which are percentages

Signed-off-by: Balasubramanian Manoharan 
---
/** Email created from pull request 277 (bala-manoharan:RED)
 ** https://github.com/Linaro/odp/pull/277
 ** Patch: https://github.com/Linaro/odp/pull/277.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 223acade235c29912901e366435e893d4a2e7091
 **/
 include/odp/api/spec/std_types.h   | 7 +++
 platform/linux-generic/include/odp/api/std_types.h | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/include/odp/api/spec/std_types.h b/include/odp/api/spec/std_types.h
index ec6a6df6d..97f5ad994 100644
--- a/include/odp/api/spec/std_types.h
+++ b/include/odp/api/spec/std_types.h
@@ -32,6 +32,13 @@ extern "C" {
  */
 
 /**
+ * @typedef odp_percent_t
+ * Use odp_percent_t for specifying fields that are percentages. It is a fixed
+ * point integer whose units are expressed as one-hundredth of a percent.
+ * Hence 100% is represented as integer value 1.
+ */
+
+/**
  * @}
  */
 
diff --git a/platform/linux-generic/include/odp/api/std_types.h 
b/platform/linux-generic/include/odp/api/std_types.h
index b61f33f4c..2104db03d 100644
--- a/platform/linux-generic/include/odp/api/std_types.h
+++ b/platform/linux-generic/include/odp/api/std_types.h
@@ -29,6 +29,8 @@ extern "C" {
 
 typedef int odp_bool_t;
 
+typedef uint16_t odp_percent_t;
+
 /**
  * @}
  */

[lng-odp] [PATCH API-NEXT v3 3/4] api: classification: add random early detection and back pressure

[Github ODP bot]

From: Balasubramanian Manoharan 

Adds random early detection and Back pressure feature to CoS

Signed-off-by: Balasubramanian Manoharan 
---
/** Email created from pull request 277 (bala-manoharan:RED)
 ** https://github.com/Linaro/odp/pull/277
 ** Patch: https://github.com/Linaro/odp/pull/277.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 223acade235c29912901e366435e893d4a2e7091
 **/
 include/odp/api/spec/classification.h | 68 +++
 1 file changed, 68 insertions(+)

diff --git a/include/odp/api/spec/classification.h 
b/include/odp/api/spec/classification.h
index 0c4a95c5f..f66dfab30 100644
--- a/include/odp/api/spec/classification.h
+++ b/include/odp/api/spec/classification.h
@@ -20,6 +20,7 @@ extern "C" {
 
 #include 
 #include 
+#include 
 /** @defgroup odp_classification ODP CLASSIFICATION
  *  Classification operations.
  *  @{
@@ -107,6 +108,55 @@ typedef union odp_cls_pmr_terms_t {
uint64_t all_bits;
 } odp_cls_pmr_terms_t;
 
+/** Random Early Detection (RED)
+ * Random Early Detection is enabled to initiate a drop probability
+ * for the incoming packet when the packets in the queue/pool reaches
+ * a specified threshold.
+ * When RED is enabled for a particular flow then further incoming
+ * packets are assigned a drop probability based on the size of the
+ * pool/queue and the drop probability becomes 100% when the queue/pool
+ * is full.
+ * RED is logically configured in the CoS and could be implemented
+ * in either pool or queue linked to the CoS depending on
+ * platform capabilities. Application should make sure not to link
+ * multiple CoS with different RED or BP configuration to the same queue
+ * or pool.
+ * RED is enabled when the resource limit is equal to or greater than
+ * the maximum threshold value and is disabled when resource limit
+ * is less than or equal to minimum threshold value. */
+typedef struct odp_red_param_t {
+   /** A boolean to enable RED
+* When true, RED is enabled and configured with RED parameters.
+* Otherwise, RED parameters are ignored. */
+   odp_bool_t red_enable;
+
+   /** Threshold parameters for RED
+* RED is enabled when the resource limit is equal to or greater than
+* the maximum threshold value and is disabled when resource limit
+* is less than or equal to minimum threshold value. */
+   odp_threshold_t red_threshold;
+} odp_red_param_t;
+
+/** Back pressure (BP)
+ * When back pressure is enabled for a particular flow, the HW can send
+ * back pressure information to the remote peer indicating a network 
congestion.
+ */
+
+typedef struct odp_bp_param_t {
+   /** A boolean to enable Back pressure
+* When true, back pressure is enabled and configured with the BP
+* parameters. Otherwise BP parameters are ignored.
+*/
+   odp_bool_t bp_enable;
+
+   /** Threshold value for back pressure.
+* BP is enabled when queue or pool value is equal to or greater
+* than the max backpressure threshold.
+* Min threshold parameters are ignored for BP configuration.
+*/
+   odp_threshold_t bp_threshold;
+} odp_bp_param_t;
+
 /**
  * Classification capabilities
  * This capability structure defines system level classification capability
@@ -135,6 +185,18 @@ typedef struct odp_cls_capability_t {
 
/** A Boolean to denote support of PMR range */
odp_bool_t pmr_range_supported;
+
+   /** Support for Random Early Detection */
+   odp_support_t random_early_detection;
+
+   /** Supported threshold type for RED */
+   odp_threshold_type_t threshold_red;
+
+   /** Support for Back Pressure to the remote peer */
+   odp_support_t back_pressure;
+
+   /** Supported threshold type for BP */
+   odp_threshold_type_t threshold_bp;
 } odp_cls_capability_t;
 
 /**
@@ -206,6 +268,12 @@ typedef struct odp_cls_cos_param {
 
/** Drop policy associated with CoS */
odp_cls_drop_t drop_policy;
+
+   /** Random Early Detection configuration */
+   odp_red_param_t red;
+
+   /** Back Pressure configuration */
+   odp_bp_param_t bp;
 } odp_cls_cos_param_t;
 
 /**

[lng-odp] [PATCH API-NEXT v3 2/4] api: threshold: add odp_threshold_t parameter

[Github ODP bot]

From: Balasubramanian Manoharan 

odp_threshold_t is used to configure different threshold types

Signed-off-by: Balasubramanian Manoharan 
---
/** Email created from pull request 277 (bala-manoharan:RED)
 ** https://github.com/Linaro/odp/pull/277
 ** Patch: https://github.com/Linaro/odp/pull/277.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 223acade235c29912901e366435e893d4a2e7091
 **/
 include/Makefile.am|   1 +
 include/odp/api/spec/threshold.h   | 102 +
 platform/linux-generic/Makefile.am |   1 +
 platform/linux-generic/include/odp/api/threshold.h |  34 +++
 4 files changed, 138 insertions(+)
 create mode 100644 include/odp/api/spec/threshold.h
 create mode 100644 platform/linux-generic/include/odp/api/threshold.h

diff --git a/include/Makefile.am b/include/Makefile.am
index d53181ceb..8ab150ad9 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -44,6 +44,7 @@ odpapispecinclude_HEADERS = \
  odp/api/spec/sync.h \
  odp/api/spec/system_info.h \
  odp/api/spec/thread.h \
+ odp/api/spec/threshold.h \
  odp/api/spec/thrmask.h \
  odp/api/spec/ticketlock.h \
  odp/api/spec/time.h \
diff --git a/include/odp/api/spec/threshold.h b/include/odp/api/spec/threshold.h
new file mode 100644
index 0..aee286aef
--- /dev/null
+++ b/include/odp/api/spec/threshold.h
@@ -0,0 +1,102 @@
+/* Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/**
+ * @file
+ *
+ * ODP threshold descriptor
+ */
+
+#ifndef ODP_API_THRESHOLD_H_
+#define ODP_API_THRESHOLD_H_
+#include 
+#include 
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Supported threshold types
+ *
+ * Supported threshold types in a bit field structure.
+ */
+typedef union odp_threshold_type_t {
+   /** bitfields for different threshold types */
+   struct {
+   /** Percentage of the total size of pool or queue */
+   uint8_t percent:1;
+
+   /** Total number of all transient packets */
+   uint8_t pkt_cnt:1;
+
+   /** Total size of all transient packets in bytes */
+   uint8_t pkt_size:1;
+   };
+
+   /** All bits of the bit field structure */
+   uint8_t all_bits;
+} odp_threshold_type_t;
+
+/**
+ * ODP Threshold types
+ *
+ * Different types of threshold measurements
+ */
+typedefenum {
+   /** Percentage of the total size of pool or queue */
+   odp_percent_e,
+
+   /** Total number of all transient packets */
+   odp_pkt_count_e,
+
+   /** Total size of all transient packets in bytes */
+   odp_pkt_size_e
+} odp_threshold_type_e;
+
+/**
+ * ODP Threshold
+ *
+ * Threshold configuration
+ */
+typedef struct odp_threshold_t {
+   /** Type of threshold */
+   odp_threshold_type_e type;
+
+   /** Different threshold types */
+   union {
+   struct {
+   /** Max percentage value */
+   odp_percent_t max;
+
+   /** Min percentage value */
+   odp_percent_t min;
+   } percent; /** Percentage */
+
+   struct {
+   /** Max packet count */
+   uint64_t max;
+
+   /** Min packet count */
+   uint64_t min;
+   } pkt_count; /** Packet count */
+
+   struct {
+   /** Max size of all packets */
+   uint64_t max;
+
+   /** Min size of all packets */
+   uint64_t min;
+   } pkt_size; /** Packet size */
+   };
+} odp_threshold_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#include 
+#endif
diff --git a/platform/linux-generic/Makefile.am 
b/platform/linux-generic/Makefile.am
index c54067609..2b5056e4d 100644
--- a/platform/linux-generic/Makefile.am
+++ b/platform/linux-generic/Makefile.am
@@ -65,6 +65,7 @@ odpapiinclude_HEADERS = \
  include/odp/api/sync.h \
  include/odp/api/system_info.h \
  include/odp/api/thread.h \
+ include/odp/api/threshold.h \
  include/odp/api/thrmask.h \
  include/odp/api/ticketlock.h \
  include/odp/api/time.h \
diff --git a/platform/linux-generic/include/odp/api/threshold.h 
b/platform/linux-generic/include/odp/api/threshold.h
new file mode 100644
index 0..f4f362852
--- /dev/null
+++ b/platform/linux-generic/include/odp/api/threshold.h
@@ -0,0 +1,34 @@
+/* Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/**
+ * @file
+ *
+ * ODP threshold API - platform specific header
+ */
+
+#ifndef ODP_PLAT_THRESHOLD_H_

[lng-odp] [PATCH API-NEXT v3 0/4] api: random early detection and back pressure

[Github ODP bot]

adds RED and BP configuration to both pool and queue parameters

github
/** Email created from pull request 277 (bala-manoharan:RED)
 ** https://github.com/Linaro/odp/pull/277
 ** Patch: https://github.com/Linaro/odp/pull/277.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 223acade235c29912901e366435e893d4a2e7091
 **/
/github

checkpatch.pl
total: 0 errors, 0 warnings, 0 checks, 21 lines checked


to_send-p-000.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 150 lines checked


to_send-p-001.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 92 lines checked


to_send-p-002.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 8 lines checked


to_send-p-003.patch has no obvious style problems and is ready for submission.
/checkpatch.pl

[lng-odp] [PATCH API-NEXT v1 8/8] validation: ipsec: support AES-GMAC-ESP validation

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add AES-GMAC-ESP testcase based on draft-mcgrew-gcm-test-01.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
 test/validation/api/ipsec/ipsec.c  | 10 +
 test/validation/api/ipsec/ipsec.h  |  1 +
 test/validation/api/ipsec/ipsec_test_in.c  | 33 
 test/validation/api/ipsec/ipsec_test_out.c | 44 ++
 test/validation/api/ipsec/test_vectors.h   | 60 ++
 5 files changed, 148 insertions(+)

diff --git a/test/validation/api/ipsec/ipsec.c 
b/test/validation/api/ipsec/ipsec.c
index fb5f7863e..8d63c36a1 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -201,6 +201,10 @@ int ipsec_check(odp_bool_t ah,
if (!capa.auths.bit.aes_gcm)
return ODP_TEST_INACTIVE;
break;
+   case ODP_AUTH_ALG_AES_GMAC:
+   if (!capa.auths.bit.aes_gmac)
+   return ODP_TEST_INACTIVE;
+   break;
default:
fprintf(stderr, "Unsupported authentication algorithm\n");
return ODP_TEST_INACTIVE;
@@ -284,6 +288,12 @@ int ipsec_check_esp_aes_gcm_256(void)
ODP_AUTH_ALG_AES_GCM, 0);
 }
 
+int ipsec_check_esp_null_aes_gmac_128(void)
+{
+   return  ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0,
+   ODP_AUTH_ALG_AES_GMAC, 128);
+}
+
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
 odp_bool_t in,
 odp_bool_t ah,
diff --git a/test/validation/api/ipsec/ipsec.h 
b/test/validation/api/ipsec/ipsec.h
index 9dd0feabf..4532fe7ce 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -86,5 +86,6 @@ int ipsec_check_esp_aes_cbc_128_null(void);
 int ipsec_check_esp_aes_cbc_128_sha256(void);
 int ipsec_check_esp_aes_gcm_128(void);
 int ipsec_check_esp_aes_gcm_256(void);
+int ipsec_check_esp_null_aes_gmac_128(void);
 
 #endif
diff --git a/test/validation/api/ipsec/ipsec_test_in.c 
b/test/validation/api/ipsec/ipsec_test_in.c
index 25fc00e11..8e692f678 100644
--- a/test/validation/api/ipsec/ipsec_test_in.c
+++ b/test/validation/api/ipsec/ipsec_test_in.c
@@ -752,6 +752,37 @@ static void test_in_mcgrew_gcm_12_esp(void)
ipsec_sa_destroy(sa);
 }
 
+static void test_in_mcgrew_gcm_15_esp(void)
+{
+   odp_ipsec_tunnel_param_t tunnel = {};
+   odp_ipsec_sa_param_t param;
+   odp_ipsec_sa_t sa;
+
+   ipsec_sa_param_fill(¶m,
+   true, false, 0x4321, &tunnel,
+   ODP_CIPHER_ALG_NULL, NULL,
+   ODP_AUTH_ALG_AES_GMAC, &key_mcgrew_gcm_15,
+   &key_mcgrew_gcm_salt_15);
+
+   sa = odp_ipsec_sa_create(¶m);
+
+   CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+   ipsec_test_part test = {
+   .pkt_in = &pkt_mcgrew_gcm_test_15_esp,
+   .out_pkt = 1,
+   .out = {
+   { .status.warn.all = 0,
+ .status.error.all = 0,
+ .pkt_out = &pkt_mcgrew_gcm_test_15},
+   },
+   };
+
+   ipsec_check_in_one(&test, sa);
+
+   ipsec_sa_destroy(sa);
+}
+
 static void ipsec_test_capability(void)
 {
odp_ipsec_capability_t capa;
@@ -779,6 +810,8 @@ odp_testinfo_t ipsec_in_suite[] = {
  ipsec_check_esp_aes_gcm_128),
ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_12_esp,
  ipsec_check_esp_aes_gcm_128),
+   ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_15_esp,
+ ipsec_check_esp_null_aes_gmac_128),
ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256,
  ipsec_check_ah_sha256),
ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun,
diff --git a/test/validation/api/ipsec/ipsec_test_out.c 
b/test/validation/api/ipsec/ipsec_test_out.c
index 39a3c30ff..7be07d095 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -319,6 +319,48 @@ static void test_out_esp_aes_gcm128(void)
ipsec_sa_destroy(sa);
 }
 
+static void test_out_esp_aes_null_gmac128(void)
+{
+   odp_ipsec_sa_param_t param;
+   odp_ipsec_sa_t sa;
+   odp_ipsec_sa_t sa2;
+
+   ipsec_sa_param_fill(¶m,
+   false, false, 123, NULL,
+   ODP_CIPHER_ALG_NULL, NULL,
+   ODP_AUTH_ALG_AES_GMAC, &key_a5_128,
+   &key_mcgrew_gcm_salt_2);
+
+   sa = odp_ipsec_sa_create(¶m);
+
+   CU_ASSERT_

[lng-odp] [PATCH API-NEXT v1 5/8] linux-gen: crypto: add AES-GMAC implementation

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Implement AES-GMAC on top of OpenSSL AES-GCM with all text going into
AAD part.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
 .../linux-generic/include/odp_crypto_internal.h|   5 +-
 platform/linux-generic/odp_crypto.c| 149 -
 2 files changed, 152 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/include/odp_crypto_internal.h 
b/platform/linux-generic/include/odp_crypto_internal.h
index 12d1720b7..21174daa4 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -51,7 +51,10 @@ struct odp_crypto_generic_session {
uint8_t  key[EVP_MAX_KEY_LENGTH];
uint32_t key_length;
uint32_t bytes;
-   const EVP_MD *evp_md;
+   union {
+   const EVP_MD *evp_md;
+   const EVP_CIPHER *evp_cipher;
+   };
crypto_func_t func;
} auth;
 };
diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 3174feee0..ac0fa337b 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -38,7 +38,9 @@
  * Keep sorted: first by key length, then by IV length
  */
 static const odp_crypto_cipher_capability_t cipher_capa_null[] = {
-{.key_len = 0, .iv_len = 0} };
+{.key_len = 0, .iv_len = 0},
+/* Special case for GMAC */
+{.key_len = 0, .iv_len = 12} };
 
 static const odp_crypto_cipher_capability_t cipher_capa_des[] = {
 {.key_len = 24, .iv_len = 8} };
@@ -83,6 +85,9 @@ static const odp_crypto_auth_capability_t 
auth_capa_sha512_hmac[] = {
 static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } 
};
 
+static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = {
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+
 typedef struct odp_crypto_global_s odp_crypto_global_t;
 
 struct odp_crypto_global_s {
@@ -235,6 +240,33 @@ odp_crypto_alg_err_t auth_check(odp_packet_t pkt,
 }
 
 static
+int internal_aad(EVP_CIPHER_CTX *ctx,
+odp_packet_t pkt,
+const odp_crypto_packet_op_param_t *param)
+{
+   uint32_t offset = param->auth_range.offset;
+   uint32_t len   = param->auth_range.length;
+   int dummy_len;
+   int ret;
+
+   ODP_ASSERT(offset + len <= odp_packet_len(pkt));
+
+   while (len > 0) {
+   uint32_t seglen = 0; /* GCC */
+   void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL);
+   uint32_t maclen = len > seglen ? seglen : len;
+
+   EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
+   offset  += maclen;
+   len -= maclen;
+   }
+
+   ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);
+
+   return ret;
+}
+
+static
 int internal_encrypt(EVP_CIPHER_CTX *ctx,
 odp_packet_t pkt,
 const odp_crypto_packet_op_param_t *param)
@@ -555,6 +587,106 @@ static int 
process_aes_gcm_param(odp_crypto_generic_session_t *session,
return 0;
 }
 
+static
+odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt,
+ const odp_crypto_packet_op_param_t *param,
+ odp_crypto_generic_session_t *session)
+{
+   EVP_CIPHER_CTX *ctx;
+   void *iv_ptr;
+   uint8_t block[EVP_MAX_MD_SIZE];
+   int ret;
+
+   if (param->override_iv_ptr)
+   iv_ptr = param->override_iv_ptr;
+   else if (session->p.iv.data)
+   iv_ptr = session->cipher.iv_data;
+   else
+   return ODP_CRYPTO_ALG_ERR_IV_INVALID;
+
+   /* Encrypt it */
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL,
+  session->auth.key, NULL);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+   session->p.iv.length, NULL);
+   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+   ret = internal_aad(ctx, pkt, param);
+
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+   session->p.auth_digest_len, block);
+   odp_packet_copy_from_mem(pkt, param->hash_result_offset,
+session->p.auth_digest_len, block);
+
+   EVP_CIPHER_CTX_free(ctx);
+
+   return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE :
+ ODP_CRYPTO_ALG_ERR_NONE;
+}
+
+static
+odp_crypto_alg_err_t aes_gmac_check(odp_packet_t

[lng-odp] [PATCH API-NEXT v1 7/8] validation: ipsec: check authentication key length is supported

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add check through auth capabilities, verifying that key length is
supported.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
 test/validation/api/ipsec/ipsec.c | 32 
 test/validation/api/ipsec/ipsec.h | 11 ++-
 2 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/test/validation/api/ipsec/ipsec.c 
b/test/validation/api/ipsec/ipsec.c
index a8fdf2b14..fb5f7863e 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -119,13 +119,14 @@ static void pktio_stop(odp_pktio_t pktio)
 int ipsec_check(odp_bool_t ah,
odp_cipher_alg_t cipher,
uint32_t cipher_bits,
-   odp_auth_alg_t auth)
+   odp_auth_alg_t auth,
+   uint32_t auth_bits)
 {
odp_ipsec_capability_t capa;
odp_crypto_cipher_capability_t cipher_capa[MAX_ALG_CAPA];
odp_crypto_auth_capability_t   auth_capa[MAX_ALG_CAPA];
int i, num;
-   odp_bool_t found = false;
+   odp_bool_t found;
 
if (odp_ipsec_capability(&capa) < 0)
return ODP_TEST_INACTIVE;
@@ -212,6 +213,7 @@ int ipsec_check(odp_bool_t ah,
}
 
/* Search for the test case */
+   found = false;
for (i = 0; i < num; i++) {
if (cipher_capa[i].key_len == cipher_bits / 8) {
found = 1;
@@ -230,42 +232,56 @@ int ipsec_check(odp_bool_t ah,
return ODP_TEST_INACTIVE;
}
 
+   /* Search for the test case */
+   found = false;
+   for (i = 0; i < num; i++) {
+   if (auth_capa[i].key_len == auth_bits / 8) {
+   found = 1;
+   break;
+   }
+   }
+
+   if (!found) {
+   fprintf(stderr, "Unsupported auth key length\n");
+   return ODP_TEST_INACTIVE;
+   }
+
return ODP_TEST_ACTIVE;
 }
 
 int ipsec_check_ah_sha256(void)
 {
-   return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC);
+   return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_null_sha256(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0,
-   ODP_AUTH_ALG_SHA256_HMAC);
+   ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_aes_cbc_128_null(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128,
-   ODP_AUTH_ALG_NULL);
+   ODP_AUTH_ALG_NULL, 0);
 }
 
 int ipsec_check_esp_aes_cbc_128_sha256(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128,
-   ODP_AUTH_ALG_SHA256_HMAC);
+   ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_aes_gcm_128(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128,
-   ODP_AUTH_ALG_AES_GCM);
+   ODP_AUTH_ALG_AES_GCM, 0);
 }
 
 int ipsec_check_esp_aes_gcm_256(void)
 {
return  ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 256,
-   ODP_AUTH_ALG_AES_GCM);
+   ODP_AUTH_ALG_AES_GCM, 0);
 }
 
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
diff --git a/test/validation/api/ipsec/ipsec.h 
b/test/validation/api/ipsec/ipsec.h
index d1c6854b7..9dd0feabf 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -74,11 +74,12 @@ void ipsec_check_out_in_one(const ipsec_test_part *part,
 int ipsec_check(odp_bool_t ah,
odp_cipher_alg_t cipher,
uint32_t cipher_bits,
-   odp_auth_alg_t auth);
-#define ipsec_check_ah(auth) \
-   ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth)
-#define ipsec_check_esp(cipher, cipher_bits, auth) \
-   ipsec_check(false, cipher, cipher_bits, auth)
+   odp_auth_alg_t auth,
+   uint32_t auth_bits);
+#define ipsec_check_ah(auth, auth_bits) \
+   ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth, auth_bits)
+#define ipsec_check_esp(cipher, cipher_bits, auth, auth_bits) \
+   ipsec_check(false, cipher, cipher_bits, auth, auth_bits)
 int ipsec_check_ah_sha256(void);
 int ipsec_check_esp_null_sha256(void);
 int ipsec_check_esp_aes_cbc_128_null(void);

[lng-odp] [PATCH API-NEXT v1 2/8] linux-gen: ipsec: don't leak SA on creation error

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix
them by always releasing SA in error case.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
 platform/linux-generic/odp_ipsec_sad.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index 5d20bb66c..457b81d04 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -292,7 +292,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
ipsec_sa->icv_len = 16;
break;
default:
-   return ODP_IPSEC_SA_INVALID;
+   goto error;
}
 
switch (crypto_param.cipher_alg) {
@@ -322,7 +322,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
crypto_param.iv.length = 12;
break;
default:
-   return ODP_IPSEC_SA_INVALID;
+   goto error;
}
 
if (1 == ipsec_sa->use_counter_iv &&

[lng-odp] [PATCH API-NEXT v1 3/8] api: crypto: add AES-GMAC declarations

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add AES-GMAC declarations to support RFC4543.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
 include/odp/api/spec/crypto.h | 9 +
 1 file changed, 9 insertions(+)

diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h
index 7dcb71264..8da23c039 100644
--- a/include/odp/api/spec/crypto.h
+++ b/include/odp/api/spec/crypto.h
@@ -131,6 +131,12 @@ typedef enum {
 */
ODP_AUTH_ALG_AES_GCM,
 
+   /** AES in Galois/Counter MAC Mode
+*
+*  @note Must be paired with cipher ODP_CIPHER_ALG_NULL
+*/
+   ODP_AUTH_ALG_AES_GMAC,
+
/** @deprecated  Use ODP_AUTH_ALG_MD5_HMAC instead */
ODP_DEPRECATE(ODP_AUTH_ALG_MD5_96),
 
@@ -202,6 +208,9 @@ typedef union odp_crypto_auth_algos_t {
/** ODP_AUTH_ALG_AES_GCM */
uint32_t aes_gcm : 1;
 
+   /** ODP_AUTH_ALG_AES_GMAC*/
+   uint32_t aes_gmac: 1;
+
/** @deprecated  Use md5_hmac instead */
uint32_t ODP_DEPRECATE(md5_96) : 1;
 

[lng-odp] [PATCH API-NEXT v1 0/8] AES-GMAC implementation

[Github ODP bot]

This is an example of AES-GMAC(-ESP) implementation. Plaintext is passed as 
normal packet, IV/salt are passed according to the rest of API. This 
incorporates one commit from #243.

github
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
/github

checkpatch.pl
total: 0 errors, 0 warnings, 0 checks, 77 lines checked


to_send-p-000.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 16 lines checked


to_send-p-001.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 21 lines checked


to_send-p-002.patch has no obvious style problems and is ready for submission.
WARNING: line over 80 characters
#157: FILE: test/validation/api/crypto/test_vectors.h:393:
+   0x6a, 0xa8, 0xdc, 0xd6, 0x18, 0xe4, 0x09, 0x9a, 
0xaa }

total: 0 errors, 1 warnings, 0 checks, 123 lines checked


to_send-p-003.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
WARNING: Missing a blank line after declarations
#33: FILE: platform/linux-generic/include/odp_crypto_internal.h:56:
+   const EVP_MD *evp_md;
+   const EVP_CIPHER *evp_cipher;

CHECK: Avoid CamelCase: 
#83: FILE: platform/linux-generic/odp_crypto.c:259:
+   EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);

CHECK: Avoid CamelCase: 
#88: FILE: platform/linux-generic/odp_crypto.c:264:
+   ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);

CHECK: Avoid CamelCase: 
#120: FILE: platform/linux-generic/odp_crypto.c:609:
+   EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL,

CHECK: Avoid CamelCase: 
#159: FILE: platform/linux-generic/odp_crypto.c:648:
+   EVP_DecryptInit_ex(ctx, session->auth.evp_cipher, NULL,

total: 0 errors, 1 warnings, 4 checks, 202 lines checked


to_send-p-004.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
total: 0 errors, 0 warnings, 0 checks, 75 lines checked


to_send-p-005.patch has no obvious style problems and is ready for submission.
total: 0 errors, 0 warnings, 0 checks, 102 lines checked


to_send-p-006.patch has no obvious style problems and is ready for submission.
CHECK: Alignment should match open parenthesis
#184: FILE: test/validation/api/ipsec/test_vectors.h:49:
+KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda,
+  0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34);

total: 0 errors, 0 warnings, 1 checks, 198 lines checked


to_send-p-007.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
/checkpatch.pl

[lng-odp] [PATCH API-NEXT v1 6/8] linux-gen: ipsec: add support for AES-GMAC-ESP

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Implement AES-GMAC-ESP support.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
 platform/linux-generic/odp_ipsec_sad.c | 60 +++---
 1 file changed, 34 insertions(+), 26 deletions(-)

diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index 457b81d04..369d927ee 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -263,6 +263,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
crypto_param.auth_alg = param->crypto.auth_alg;
crypto_param.auth_key = param->crypto.auth_key;
 
+   switch (crypto_param.cipher_alg) {
+   case ODP_CIPHER_ALG_NULL:
+   ipsec_sa->esp_iv_len = 0;
+   ipsec_sa->esp_block_len = 1;
+   break;
+   case ODP_CIPHER_ALG_DES:
+   case ODP_CIPHER_ALG_3DES_CBC:
+   ipsec_sa->esp_iv_len = 8;
+   ipsec_sa->esp_block_len = 8;
+   break;
+#if ODP_DEPRECATED_API
+   case ODP_CIPHER_ALG_AES128_CBC:
+#endif
+   case ODP_CIPHER_ALG_AES_CBC:
+   ipsec_sa->esp_iv_len = 16;
+   ipsec_sa->esp_block_len = 16;
+   break;
+#if ODP_DEPRECATED_API
+   case ODP_CIPHER_ALG_AES128_GCM:
+#endif
+   case ODP_CIPHER_ALG_AES_GCM:
+   ipsec_sa->use_counter_iv = 1;
+   ipsec_sa->esp_iv_len = 8;
+   ipsec_sa->esp_block_len = 16;
+   ipsec_sa->icv_len = 16;
+   break;
+   default:
+   goto error;
+   }
+
switch (crypto_param.auth_alg) {
case ODP_AUTH_ALG_NULL:
ipsec_sa->icv_len = 0;
@@ -291,35 +321,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
case ODP_AUTH_ALG_AES_GCM:
ipsec_sa->icv_len = 16;
break;
-   default:
-   goto error;
-   }
-
-   switch (crypto_param.cipher_alg) {
-   case ODP_CIPHER_ALG_NULL:
-   ipsec_sa->esp_iv_len = 0;
-   ipsec_sa->esp_block_len = 1;
-   break;
-   case ODP_CIPHER_ALG_DES:
-   case ODP_CIPHER_ALG_3DES_CBC:
-   ipsec_sa->esp_iv_len = 8;
-   ipsec_sa->esp_block_len = 8;
-   break;
-#if ODP_DEPRECATED_API
-   case ODP_CIPHER_ALG_AES128_CBC:
-#endif
-   case ODP_CIPHER_ALG_AES_CBC:
-   ipsec_sa->esp_iv_len = 16;
-   ipsec_sa->esp_block_len = 16;
-   break;
-#if ODP_DEPRECATED_API
-   case ODP_CIPHER_ALG_AES128_GCM:
-#endif
-   case ODP_CIPHER_ALG_AES_GCM:
+   case ODP_AUTH_ALG_AES_GMAC:
+   if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg)
+   return ODP_IPSEC_SA_INVALID;
ipsec_sa->use_counter_iv = 1;
ipsec_sa->esp_iv_len = 8;
ipsec_sa->esp_block_len = 16;
-   crypto_param.iv.length = 12;
+   ipsec_sa->icv_len = 16;
break;
default:
goto error;

[lng-odp] [PATCH API-NEXT v1 4/8] validation: crypto: add AES-GMAC testcase

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Add AES-GMAC test vector based on draft-mcgrew-gcm-test-01.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
 test/validation/api/crypto/crypto.h  |  2 ++
 test/validation/api/crypto/odp_crypto_test_inp.c | 46 
 test/validation/api/crypto/test_vectors.h| 33 +
 3 files changed, 81 insertions(+)

diff --git a/test/validation/api/crypto/crypto.h 
b/test/validation/api/crypto/crypto.h
index 71f862ec3..550d2bbff 100644
--- a/test/validation/api/crypto/crypto.h
+++ b/test/validation/api/crypto/crypto.h
@@ -32,6 +32,8 @@ void crypto_test_gen_alg_hmac_sha256(void);
 void crypto_test_check_alg_hmac_sha256(void);
 void crypto_test_gen_alg_hmac_sha512(void);
 void crypto_test_check_alg_hmac_sha512(void);
+void crypto_test_gen_alg_aes_gmac(void);
+void crypto_test_check_alg_aes_gmac(void);
 
 /* test arrays: */
 extern odp_testinfo_t crypto_suite[];
diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c 
b/test/validation/api/crypto/odp_crypto_test_inp.c
index f05780377..596c8370b 100644
--- a/test/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/validation/api/crypto/odp_crypto_test_inp.c
@@ -50,6 +50,8 @@ static const char *auth_alg_name(odp_auth_alg_t auth)
return "ODP_AUTH_ALG_SHA512_HMAC";
case ODP_AUTH_ALG_AES_GCM:
return "ODP_AUTH_ALG_AES_GCM";
+   case ODP_AUTH_ALG_AES_GMAC:
+   return "ODP_AUTH_ALG_AES_GMAC";
default:
return "Unknown";
}
@@ -341,6 +343,9 @@ static void alg_test(odp_crypto_op_t op,
if (auth_alg == ODP_AUTH_ALG_AES_GCM &&
!(capa.auths.bit.aes_gcm))
rc = -1;
+   if (auth_alg == ODP_AUTH_ALG_AES_GMAC &&
+   !(capa.auths.bit.aes_gmac))
+   rc = -1;
if (auth_alg == ODP_AUTH_ALG_MD5_HMAC &&
!(capa.auths.bit.md5_hmac))
rc = -1;
@@ -581,6 +586,10 @@ static int check_alg_support(odp_cipher_alg_t cipher, 
odp_auth_alg_t auth)
if (!capability.auths.bit.aes_gcm)
return ODP_TEST_INACTIVE;
break;
+   case ODP_AUTH_ALG_AES_GMAC:
+   if (!capability.auths.bit.aes_gmac)
+   return ODP_TEST_INACTIVE;
+   break;
default:
fprintf(stderr, "Unsupported authentication algorithm\n");
return ODP_TEST_INACTIVE;
@@ -1025,6 +1034,39 @@ void crypto_test_check_alg_hmac_sha512(void)
 false);
 }
 
+static int check_alg_aes_gmac(void)
+{
+   return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_AES_GMAC);
+}
+
+void crypto_test_gen_alg_aes_gmac(void)
+{
+   unsigned int test_vec_num = (sizeof(aes_gmac_reference) /
+sizeof(aes_gmac_reference[0]));
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++)
+   alg_test(ODP_CRYPTO_OP_ENCODE,
+ODP_CIPHER_ALG_NULL,
+ODP_AUTH_ALG_AES_GMAC,
+&aes_gmac_reference[i],
+false);
+}
+
+void crypto_test_check_alg_aes_gmac(void)
+{
+   unsigned int test_vec_num = (sizeof(aes_gmac_reference) /
+sizeof(aes_gmac_reference[0]));
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++)
+   alg_test(ODP_CRYPTO_OP_DECODE,
+ODP_CIPHER_ALG_NULL,
+ODP_AUTH_ALG_AES_GMAC,
+&aes_gmac_reference[i],
+false);
+}
+
 int crypto_suite_sync_init(void)
 {
suite_context.pool = odp_pool_lookup("packet_pool");
@@ -1122,6 +1164,10 @@ odp_testinfo_t crypto_suite[] = {
  check_alg_hmac_sha512),
ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha512,
  check_alg_hmac_sha512),
+   ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_aes_gmac,
+ check_alg_aes_gmac),
+   ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_aes_gmac,
+ check_alg_aes_gmac),
ODP_TEST_INFO_NULL,
 };
 
diff --git a/test/validation/api/crypto/test_vectors.h 
b/test/validation/api/crypto/test_vectors.h
index 652968be7..125a6d465 100644
--- a/test/validation/api/crypto/test_vectors.h
+++ b/test/validation/api/crypto/test_vectors.h
@@ -361,6 +361,39 @@ static crypto_test_reference_t aes_gcm_reference[] = {
}
 };
 
+static crypto_test_reference_t aes_gmac_reference[] = {
+   {
+   .auth_key_length = AES128_GCM_KEY_LEN,
+   .aut

[lng-odp] [PATCH v1 0/1] linux-gen: crypto: drop DES-CBC support

[Github ODP bot]

DES-CBC (not 3DES-CBC) support is invalid (DES should use 8 bytes key,
not 24 bytes), it is not covered by testsuite and DES is
cracable/deprecated/etc since long ago. Stop providing single-key DES
support. In case one really needs it, it can be emulated through
supplying same key triple times to 3DES-CBC.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsoleni...@linaro.org

github
/** Email created from pull request 289 (lumag:nodes)
 ** https://github.com/Linaro/odp/pull/289
 ** Patch: https://github.com/Linaro/odp/pull/289.patch
 ** Base sha: 29c7a054f7151d33795a0d8d7df5594bf4fddb55
 ** Merge commit sha: 98de673e13800b64d64bbfd36986b25895fc82a4
 **/
/github

checkpatch.pl
total: 0 errors, 0 warnings, 0 checks, 40 lines checked


to_send-p-000.patch has no obvious style problems and is ready for submission.
/checkpatch.pl

[lng-odp] [PATCH v1 1/1] linux-gen: crypto: drop DES-CBC support

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

DES-CBC (not 3DES-CBC) support is invalid (DES should use 8 bytes key,
not 24 bytes), it is not covered by testsuite and DES is
cracable/deprecated/etc since long ago. Stop providing single-key DES
support. In case one really needs it, it can be emulated through
supplying same key triple times to 3DES-CBC.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 289 (lumag:nodes)
 ** https://github.com/Linaro/odp/pull/289
 ** Patch: https://github.com/Linaro/odp/pull/289.patch
 ** Base sha: 29c7a054f7151d33795a0d8d7df5594bf4fddb55
 ** Merge commit sha: 98de673e13800b64d64bbfd36986b25895fc82a4
 **/
 platform/linux-generic/odp_crypto.c | 10 --
 1 file changed, 10 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 40b6d74b4..d79836671 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -25,7 +25,6 @@
 #include 
 #include 
 
-#include 
 #include 
 #include 
 #include 
@@ -40,9 +39,6 @@
 static const odp_crypto_cipher_capability_t cipher_capa_null[] = {
 {.key_len = 0, .iv_len = 0} };
 
-static const odp_crypto_cipher_capability_t cipher_capa_des[] = {
-{.key_len = 24, .iv_len = 8} };
-
 static const odp_crypto_cipher_capability_t cipher_capa_trides_cbc[] = {
 {.key_len = 24, .iv_len = 8} };
 
@@ -582,7 +578,6 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
memset(capa, 0, sizeof(odp_crypto_capability_t));
 
capa->ciphers.bit.null   = 1;
-   capa->ciphers.bit.des= 1;
capa->ciphers.bit.trides_cbc = 1;
capa->ciphers.bit.aes_cbc= 1;
capa->ciphers.bit.aes_gcm= 1;
@@ -620,10 +615,6 @@ int odp_crypto_cipher_capability(odp_cipher_alg_t cipher,
src = cipher_capa_null;
num = sizeof(cipher_capa_null) / size;
break;
-   case ODP_CIPHER_ALG_DES:
-   src = cipher_capa_des;
-   num = sizeof(cipher_capa_des) / size;
-   break;
case ODP_CIPHER_ALG_3DES_CBC:
src = cipher_capa_trides_cbc;
num = sizeof(cipher_capa_trides_cbc) / size;
@@ -737,7 +728,6 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
session->cipher.func = null_crypto_routine;
rc = 0;
break;
-   case ODP_CIPHER_ALG_DES:
case ODP_CIPHER_ALG_3DES_CBC:
rc = process_cipher_param(session, EVP_des_ede3_cbc());
break;

[lng-odp] [PATCH API-NEXT v1 1/8] linux-gen: ipsec: use counter instead of random IV for GCM

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

Reusing IV block with GCM results in disastrous consequences. Use
counter instead of random-generated IV to remove possibility for IV
reuse.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: 569b57eebedebdf2d3148ca06f481cb94bea52e4
 **/
 platform/linux-generic/include/odp_ipsec_internal.h | 16 +---
 platform/linux-generic/odp_ipsec.c  | 19 ++-
 platform/linux-generic/odp_ipsec_sad.c  |  6 ++
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/platform/linux-generic/include/odp_ipsec_internal.h 
b/platform/linux-generic/include/odp_ipsec_internal.h
index 1340ca7bd..afc2f686e 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -118,9 +118,17 @@ struct ipsec_sa_s {
uint8_t salt[IPSEC_MAX_SALT_LEN];
uint32_tsalt_length;
 
-   unsigneddec_ttl : 1;
-   unsignedcopy_dscp : 1;
-   unsignedcopy_df : 1;
+   union {
+   unsigned flags;
+   struct {
+   unsigneddec_ttl : 1;
+   unsignedcopy_dscp : 1;
+   unsignedcopy_df : 1;
+
+   /* Only for outbound */
+   unsigneduse_counter_iv : 1;
+   };
+   };
 
union {
struct {
@@ -136,6 +144,8 @@ struct ipsec_sa_s {
odp_atomic_u32_t tun_hdr_id;
odp_atomic_u32_t seq;
 
+   odp_atomic_u64_t counter; /* for CTR/GCM */
+
uint8_t tun_ttl;
uint8_t tun_dscp;
uint8_t tun_df;
diff --git a/platform/linux-generic/odp_ipsec.c 
b/platform/linux-generic/odp_ipsec.c
index e57736c2a..1aa437b8e 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -676,7 +676,24 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
   ip_data_len +
   ipsec_sa->icv_len;
 
-   if (ipsec_sa->esp_iv_len) {
+   if (ipsec_sa->use_counter_iv) {
+   uint64_t ctr;
+
+   /* Both GCM and CTR use 8-bit counters */
+   ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len);
+
+   ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter,
+  1);
+   /* Check for overrun */
+   if (ctr == 0)
+   goto out;
+
+   memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length);
+   memcpy(iv + ipsec_sa->salt_length, &ctr,
+  ipsec_sa->esp_iv_len);
+
+   param.override_iv_ptr = iv;
+   } else if (ipsec_sa->esp_iv_len) {
uint32_t len;
 
len = odp_random_data(iv + ipsec_sa->salt_length,
diff --git a/platform/linux-generic/odp_ipsec_sad.c 
b/platform/linux-generic/odp_ipsec_sad.c
index f0b5b9e4a..5d20bb66c 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
ipsec_sa->context = param->context;
ipsec_sa->queue = param->dest_queue;
ipsec_sa->mode = param->mode;
+   ipsec_sa->flags = 0;
if (ODP_IPSEC_DIR_INBOUND == param->dir) {
ipsec_sa->in.lookup_mode = param->inbound.lookup_mode;
if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode)
@@ -315,6 +316,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
case ODP_CIPHER_ALG_AES128_GCM:
 #endif
case ODP_CIPHER_ALG_AES_GCM:
+   ipsec_sa->use_counter_iv = 1;
ipsec_sa->esp_iv_len = 8;
ipsec_sa->esp_block_len = 16;
crypto_param.iv.length = 12;
@@ -323,6 +325,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const 
odp_ipsec_sa_param_t *param)
return ODP_IPSEC_SA_INVALID;
}
 
+   if (1 == ipsec_sa->use_counter_iv &&
+   ODP_IPSEC_DIR_OUTBOUND == param->dir)
+   odp_atomic_init_u64(&ipsec_sa->out.counter, 1);
+
crypto_param.auth_digest_len = ipsec_sa->icv_len;
 
if (param->crypto.cipher_key_extra.length) {

Re: [lng-odp] [PATCH v1] Misc fast path optimizations

[Github ODP bot]

nagarahalli replied on github web page:

platform/linux-generic/include/odp_buffer_internal.h
line 4
@@ -104,17 +104,10 @@ struct odp_buffer_hdr_t {
/* User area pointer */
void*uarea_addr;
 
-   /* User area size */


Comment:
This change is done already in 2.0.

> Dmitry Eremin-Solenikov(lumag) wrote:
> @matiaselo ok.


>> Matias Elo(matiaselo) wrote:
>> Since there are currently no functions in sight to put into pool_inlines.h I 
>> would suggest not to add a new header file. If/when some pool inline 
>> function are added later on the header can be created them. Is this OK for 
>> you?


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> Just wanted to have pool functions in pool header, etc.


 Matias Elo(matiaselo) wrote:
 I followed the same pattern as the packet inlines. 
 _odp_packet_inline_offset_t is defined in packet_types.h.


> Matias Elo(matiaselo) wrote:
> pool_inlines.h would only include these two lines and looking at pool API 
> there aren't any additional functions which should be inlined. Do you 
> have a particular use case in mind for this header?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> And this to pool_inline_types.h.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> This should go to pool_inlines.h


https://github.com/Linaro/odp/pull/281#discussion_r149712737
updated_at 2017-11-08 16:05:27

Re: [lng-odp] [PATCH v1] DPDK pktio fixes

[Github ODP bot]

nagarahalli replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 70
@@ -1372,10 +1382,10 @@ static int dpdk_recv(pktio_entry_t *pktio_entry, int 
index,
if (!pkt_dpdk->lockless_rx)
odp_ticketlock_lock(&pkt_dpdk->rx_lock[index]);
/**
-* ixgbe_pmd has a minimum supported RX burst size ('min_rx_burst'). If
-* 'num' < 'min_rx_burst', 'min_rx_burst' is used as rte_eth_rx_burst()
-* argument and the possibly received extra packets are cached for the
-* next dpdk_recv_queue() call to use.
+* ixgbe and i40e drivers have a minimum supported RX burst size


Comment:
'min_rx_burst' should be added to the capability as it is a restriction from 
the device. The application should adjust the 'num' according to the capability 
it reads from the pkt I/O.

https://github.com/Linaro/odp/pull/287#discussion_r149715704
updated_at 2017-11-08 16:11:49

[lng-odp] [PATCH v2 0/1] next update version

[Github ODP bot]

Signed-off-by: Maxim Uvarov maxim.uva...@linaro.org

github
/** Email created from pull request 285 (muvarov:devel/next_upversion)
 ** https://github.com/Linaro/odp/pull/285
 ** Patch: https://github.com/Linaro/odp/pull/285.patch
 ** Base sha: b61de566190e19cc79531fdca737787cc359584b
 ** Merge commit sha: 311ea577bc860e254d08946699224f6bddf42d4d
 **/
/github

checkpatch.pl
total: 0 errors, 0 warnings, 0 checks, 20 lines checked


to_send-p-000.patch has no obvious style problems and is ready for submission.
/checkpatch.pl

[lng-odp] [PATCH v2 1/1] configure.ac: update API and .so versions

[Github ODP bot]

From: Maxim Uvarov 

Signed-off-by: Maxim Uvarov 
---
/** Email created from pull request 285 (muvarov:devel/next_upversion)
 ** https://github.com/Linaro/odp/pull/285
 ** Patch: https://github.com/Linaro/odp/pull/285.patch
 ** Base sha: b61de566190e19cc79531fdca737787cc359584b
 ** Merge commit sha: 311ea577bc860e254d08946699224f6bddf42d4d
 **/
 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4bce0534b..1a96ef828 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ AC_PREREQ([2.5])
 # Set correct API version
 ##
 m4_define([odpapi_generation_version], [1])
-m4_define([odpapi_major_version], [15])
+m4_define([odpapi_major_version], [16])
 m4_define([odpapi_minor_version], [0])
 m4_define([odpapi_point_version], [0])
 m4_define([odpapi_version],
@@ -36,10 +36,10 @@ AM_SILENT_RULES([yes])
 # 3. if interfaces were removed, then use C+1:0:0
 ##
 
-ODP_LIBSO_VERSION=115:0:2
+ODP_LIBSO_VERSION=116:0:0
 AC_SUBST(ODP_LIBSO_VERSION)
 
-ODPHELPER_LIBSO_VERSION=112:1:0
+ODPHELPER_LIBSO_VERSION=113:1:1
 AC_SUBST(ODPHELPER_LIBSO_VERSION)
 
 # Checks for programs.

Re: [lng-odp] issues with usage of mellanox 100G NICs with ODP & ODP-DPDK

[gyanesh patra]

I am not sure what you mean. Can you please elaborate?

As i mentioned before I am able to run dpdk examples. Hence the drivers are
available and working fine.
I configured ODP & ODP-DPDK with "LDFLAGS=-libverbs" and compiled to work
with mellanox. I followed the same while compiling dpdk too.

Is there anything i am missing?

P Gyanesh Kumar Patra

On Wed, Nov 8, 2017 at 5:22 PM, Maxim Uvarov 
wrote:

> is Mellanox pmd compiled in?
>
> Maxim.
>
> On 11/08/17 17:58, gyanesh patra wrote:
> > Hi,
> > I am trying to run ODP & ODP-DPDK examples on our server with mellanox
> 100G
> > NICs. I am using the odp_l2fwd example. While running the example, I am
> > facing some issues.
> > -> When I run "ODP" example using the if names given by kernel as
> > arguments, I am not getting enough throughput.(the value is very low)
> > -> And when I try "ODP-DPDK" example using port ID as "0,1", it can't
> > create pktio. Whereas I am able to run the examples from "DPDK"
> > repo with portID "0,1" for the same mellanox NICs. I tried running with
> > "81:00.0,81:00.1" and also with if-names too without any success. Adding
> > the whitelist using ODP_PLATFORM_PARAMS doesn't help either.
> >
> > Am I missing any steps to use mellanox NICs? OR is there a different
> method
> > to specify the device details to create pktio?
> > I am providing the output of "odp_l2fwd" examples for ODP and ODP-DPDK
> > repository here.
> >
> > The NICs being used:
> >
> > :81:00.0 'MT27700 Family [ConnectX-4]' if=enp129s0f0 drv=mlx5_core
> > unused=
> > :81:00.1 'MT27700 Family [ConnectX-4]' if=enp129s0f1 drv=mlx5_core
> > unused=
> >
> > ODP l2fwd example run details:
> > --
> > root@ubuntu:/home/ubuntu/odp/test/performance# ./odp_l2fwd -i
> > enp129s0f0,enp129s0f1
> > HW time counter freq: 239886 <(239)%20999-9886> hz
> >
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishm.c:880:_odp_ishm_reserve():No huge pages, fall back to normal
> pages.
> > check: /proc/sys/vm/nr_hugepages.
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> >  PKTIO: initialized loop interface.
> >  PKTIO: initialized pcap interface.
> >  PKTIO: initialized ipc interface.
> >  PKTIO: initialized socket mmap, use export
> ODP_PKTIO_DISABLE_SOCKET_MMAP=1
> > to disable.
> >  PKTIO: initialized socket mmsg,use export ODP_PKTIO_DISABLE_SOCKET_MMSG=
> 1
> > to disable.
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> >
> > ODP system info
> > ---
> > ODP API version: 1.15.0
> > ODP impl name:   "odp-linux"
> > CPU model:   Intel(R) Xeon(R) CPU E5-2680 v4
> > CPU freq (hz):   33
> > Cache line size: 64
> > CPU count:   56
> >
> >
> > CPU features supported:
> > SSE3 PCLMULQDQ DTES64 MONITOR DS_CPL VMX SMX EIST TM2 SSSE3 FMA
> CMPXCHG16B
> > XTPR PDCM PCID DCA SSE4_1 SSE4_2 X2APIC MOVBE POPCNT TSC_DEADLINE AES
> XSAVE
> > OSXSAVE AVX F16C RDRAND FPU VME DE PSE TSC MSR PAE MCE CX8 APIC SEP MTRR
> > PGE MCA CMOV PAT PSE36 CLFSH DS ACPI MMX FXSR SSE SSE2 SS HTT TM PBE
> > DIGTEMP TRBOBST ARAT PLN ECMD PTM MPERF_APERF_MSR ENERGY_EFF FSGSBASE HLE
> > AVX2 BMI2 ERMS INVPCID RTM LAHF_SAHF SYSCALL XD 1GB_PG RDTSCP EM64T
> INVTSC
> >
> > CPU features NOT supported:
> > CNXT_ID PSN ACNT2 BMI1 SMEP AVX512F LZCNT
> >
> > Running ODP appl: "odp_l2fwd"
> > -
> > IF-count:2
> > Using IFs:   enp129s0f0 enp129s0f1
> > Mode:PKTIN_DIRECT, PKTOUT_DIRECT
> >
> > num worker threads: 32
> > first CPU:  24
> > cpu mask:   0x00
> >
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> > _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> >
> > Pool info
> > -
> >   pool0
> >   namepacket pool
> >   pool type   packet
> >   pool shm11
> >   user area shm   0
> >   num 8192
> >   align   64
> >   headroom128
> >   seg len 8064
> >   max data len65536
> >   tailroom0
> >   block size  8768
> >   uarea size  0
> >   shm size72143104
> >   base addr   0x7f5fc1234000
> >   uarea shm size  0
> >   uarea base addr (nil)
> >
> > pktio/socket_mmap.c:401:mmap_setup_ring():setsockopt(pkt mmap): Invalid
> > argument
> > pktio/socket_mmap.c:496:sock_mmap_close():mmap_unmap_sock() Invalid
> argument
> > created pktio 1, dev: enp129s0f0, drv: socket
> > Sharing 1 input queues between 16 workers
> > Sharing 1 output queues between 16 workers
> > created 1 input and 1 output queues on (enp129s0f0)
> > 

Re: [lng-odp] issues with usage of mellanox 100G NICs with ODP & ODP-DPDK

[Maxim Uvarov]

is Mellanox pmd compiled in?

Maxim.

On 11/08/17 17:58, gyanesh patra wrote:
> Hi,
> I am trying to run ODP & ODP-DPDK examples on our server with mellanox 100G
> NICs. I am using the odp_l2fwd example. While running the example, I am
> facing some issues.
> -> When I run "ODP" example using the if names given by kernel as
> arguments, I am not getting enough throughput.(the value is very low)
> -> And when I try "ODP-DPDK" example using port ID as "0,1", it can't
> create pktio. Whereas I am able to run the examples from "DPDK"
> repo with portID "0,1" for the same mellanox NICs. I tried running with
> "81:00.0,81:00.1" and also with if-names too without any success. Adding
> the whitelist using ODP_PLATFORM_PARAMS doesn't help either.
> 
> Am I missing any steps to use mellanox NICs? OR is there a different method
> to specify the device details to create pktio?
> I am providing the output of "odp_l2fwd" examples for ODP and ODP-DPDK
> repository here.
> 
> The NICs being used:
> 
> :81:00.0 'MT27700 Family [ConnectX-4]' if=enp129s0f0 drv=mlx5_core
> unused=
> :81:00.1 'MT27700 Family [ConnectX-4]' if=enp129s0f1 drv=mlx5_core
> unused=
> 
> ODP l2fwd example run details:
> --
> root@ubuntu:/home/ubuntu/odp/test/performance# ./odp_l2fwd -i
> enp129s0f0,enp129s0f1
> HW time counter freq: 239886 <(239)%20999-9886> hz
> 
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> _ishm.c:880:_odp_ishm_reserve():No huge pages, fall back to normal pages.
> check: /proc/sys/vm/nr_hugepages.
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
>  PKTIO: initialized loop interface.
>  PKTIO: initialized pcap interface.
>  PKTIO: initialized ipc interface.
>  PKTIO: initialized socket mmap, use export ODP_PKTIO_DISABLE_SOCKET_MMAP=1
> to disable.
>  PKTIO: initialized socket mmsg,use export ODP_PKTIO_DISABLE_SOCKET_MMSG=1
> to disable.
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> 
> ODP system info
> ---
> ODP API version: 1.15.0
> ODP impl name:   "odp-linux"
> CPU model:   Intel(R) Xeon(R) CPU E5-2680 v4
> CPU freq (hz):   33
> Cache line size: 64
> CPU count:   56
> 
> 
> CPU features supported:
> SSE3 PCLMULQDQ DTES64 MONITOR DS_CPL VMX SMX EIST TM2 SSSE3 FMA CMPXCHG16B
> XTPR PDCM PCID DCA SSE4_1 SSE4_2 X2APIC MOVBE POPCNT TSC_DEADLINE AES XSAVE
> OSXSAVE AVX F16C RDRAND FPU VME DE PSE TSC MSR PAE MCE CX8 APIC SEP MTRR
> PGE MCA CMOV PAT PSE36 CLFSH DS ACPI MMX FXSR SSE SSE2 SS HTT TM PBE
> DIGTEMP TRBOBST ARAT PLN ECMD PTM MPERF_APERF_MSR ENERGY_EFF FSGSBASE HLE
> AVX2 BMI2 ERMS INVPCID RTM LAHF_SAHF SYSCALL XD 1GB_PG RDTSCP EM64T INVTSC
> 
> CPU features NOT supported:
> CNXT_ID PSN ACNT2 BMI1 SMEP AVX512F LZCNT
> 
> Running ODP appl: "odp_l2fwd"
> -
> IF-count:2
> Using IFs:   enp129s0f0 enp129s0f1
> Mode:PKTIN_DIRECT, PKTOUT_DIRECT
> 
> num worker threads: 32
> first CPU:  24
> cpu mask:   0x00
> 
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> _ishmphy.c:152:_odp_ishmphy_map():mmap failed:Cannot allocate memory
> 
> Pool info
> -
>   pool0
>   namepacket pool
>   pool type   packet
>   pool shm11
>   user area shm   0
>   num 8192
>   align   64
>   headroom128
>   seg len 8064
>   max data len65536
>   tailroom0
>   block size  8768
>   uarea size  0
>   shm size72143104
>   base addr   0x7f5fc1234000
>   uarea shm size  0
>   uarea base addr (nil)
> 
> pktio/socket_mmap.c:401:mmap_setup_ring():setsockopt(pkt mmap): Invalid
> argument
> pktio/socket_mmap.c:496:sock_mmap_close():mmap_unmap_sock() Invalid argument
> created pktio 1, dev: enp129s0f0, drv: socket
> Sharing 1 input queues between 16 workers
> Sharing 1 output queues between 16 workers
> created 1 input and 1 output queues on (enp129s0f0)
> pktio/socket_mmap.c:401:mmap_setup_ring():setsockopt(pkt mmap): Invalid
> argument
> pktio/socket_mmap.c:496:sock_mmap_close():mmap_unmap_sock() Invalid argument
> created pktio 2, dev: enp129s0f1, drv: socket
> Sharing 1 input queues between 16 workers
> Sharing 1 output queues between 16 workers
> created 1 input and 1 output queues on (enp129s0f1)
> 
> Queue binding (indexes)
> ---
> worker 0
>   rx: pktio 0, queue 0
>   tx: pktio 1, queue 0
> worker 1
>   rx: pktio 1, queue 0
>   tx: pktio 0, queue 0
> worker 2
>   rx: pktio 0, queue 0
>   tx: pktio 1, queue 0
> worker 3
>   rx: pktio 1, queue 0
>   tx: pkti

Re: [lng-odp] [PATCH API-NEXT v1] Implement checksum validation status API

[Github ODP bot]

muvarov replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 44
@@ -337,39 +337,62 @@ static struct rte_mempool_ops ops_stack = {
 
 MEMPOOL_REGISTER_OPS(ops_stack);
 
-#define HAS_IP4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_IP_CKSUM_MASK) == f)
+#define IP4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_IP_CKSUM_MASK)
+#define L4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_L4_CKSUM_MASK)
 #define HAS_L4_PROTO(m, proto) ((m->packet_type & RTE_PTYPE_L4_MASK) == proto)
-#define HAS_L4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_L4_CKSUM_MASK) == f)
 
 #define PKTIN_CSUM_BITS 0x1C
 
 static inline int pkt_set_ol_rx(odp_pktin_config_opt_t *pktin_cfg,
odp_packet_hdr_t *pkt_hdr,
struct rte_mbuf *mbuf)
 {
+   uint32_t packet_csum_result;
+
if (pktin_cfg->bit.ipv4_chksum &&
-   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type) &&
-   HAS_IP4_CSUM_FLAG(mbuf, PKT_RX_IP_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_ipv4_err)
-   return -1;
+   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type)) {
+   packet_csum_result = IP4_CSUM_RESULT(mbuf);
+
+   if (packet_csum_result == PKT_RX_IP_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_IP_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_ipv4_err)
+   return -1;
 
-   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.error_flags.l3_chksum = 1;
+   }
}
 
if (pktin_cfg->bit.udp_chksum &&
-   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP) &&
-   HAS_L4_CSUM_FLAG(mbuf, PKT_RX_L4_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_udp_err)
-   return -1;
+   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP)) {


Comment:
@bogdanPricope will that be the same and more clear 
https://github.com/muvarov/odp/commit/c56c3663725c73e7cf1a39fb6e37341dd2f3649f 
? Also flags are uint16_t in my version of dpdk, not uint32_t.

> muvarov wrote
> @bogdanPricope hm, please skip that comment, logic looks like correct.


>> bogdanPricope wrote
>> error_flags.tcp_err and error_flags.udp_err are part of existing API.


>>> bogdanPricope wrote
>>> Cannot avoid the 'ifs'. Final code (not diffs) looks better and easier to 
>>> understand.


 bogdanPricope wrote
 Prints were already there. We only changed the conditions for printing to 
 highlight the new API.


> muvarov wrote
> common errors set for tcp and udp here.


>> muvarov wrote
>> too many ifs overcompicate function and makes it hard to read. Tcp 
>> packet and pktin_cfg->bit.udp_chksum=0 in settings will not to tcp 'if' 
>> bellow. 


>>> muvarov wrote
>>> prints for fast path functions is bad thing. Bellow is print_pkts() 
>>> which  does all printing. Or we need to move it here at least. Or 
>>> better to move out all printing from fast path.


https://github.com/Linaro/odp/pull/269#discussion_r149691849
updated_at 2017-11-08 14:56:43

Re: [lng-odp] [PATCH API-NEXT v1] Implement checksum validation status API

[Github ODP bot]

bogdanPricope replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 75
@@ -337,39 +337,62 @@ static struct rte_mempool_ops ops_stack = {
 
 MEMPOOL_REGISTER_OPS(ops_stack);
 
-#define HAS_IP4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_IP_CKSUM_MASK) == f)
+#define IP4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_IP_CKSUM_MASK)
+#define L4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_L4_CKSUM_MASK)
 #define HAS_L4_PROTO(m, proto) ((m->packet_type & RTE_PTYPE_L4_MASK) == proto)
-#define HAS_L4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_L4_CKSUM_MASK) == f)
 
 #define PKTIN_CSUM_BITS 0x1C
 
 static inline int pkt_set_ol_rx(odp_pktin_config_opt_t *pktin_cfg,
odp_packet_hdr_t *pkt_hdr,
struct rte_mbuf *mbuf)
 {
+   uint32_t packet_csum_result;
+
if (pktin_cfg->bit.ipv4_chksum &&
-   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type) &&
-   HAS_IP4_CSUM_FLAG(mbuf, PKT_RX_IP_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_ipv4_err)
-   return -1;
+   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type)) {
+   packet_csum_result = IP4_CSUM_RESULT(mbuf);
+
+   if (packet_csum_result == PKT_RX_IP_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_IP_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_ipv4_err)
+   return -1;
 
-   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.error_flags.l3_chksum = 1;
+   }
}
 
if (pktin_cfg->bit.udp_chksum &&
-   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP) &&
-   HAS_L4_CSUM_FLAG(mbuf, PKT_RX_L4_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_udp_err)
-   return -1;
+   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP)) {
+   packet_csum_result = L4_CSUM_RESULT(mbuf);
 
-   pkt_hdr->p.error_flags.udp_err = 1;
+   if (packet_csum_result == PKT_RX_L4_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l4_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_L4_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_udp_err)
+   return -1;
+
+   pkt_hdr->p.input_flags.l4_chksum_done = 1;
+   pkt_hdr->p.error_flags.udp_err = 1;
+   pkt_hdr->p.error_flags.l4_chksum = 1;
+   }
} else if (pktin_cfg->bit.tcp_chksum &&
-  HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_TCP)  &&
-  HAS_L4_CSUM_FLAG(mbuf, PKT_RX_L4_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_tcp_err)
-   return -1;
+  HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_TCP)) {
+   packet_csum_result = L4_CSUM_RESULT(mbuf);
 
-   pkt_hdr->p.error_flags.tcp_err = 1;
+   if (packet_csum_result == PKT_RX_L4_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l4_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_L4_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_tcp_err)
+   return -1;
+
+   pkt_hdr->p.input_flags.l4_chksum_done = 1;
+   pkt_hdr->p.error_flags.tcp_err = 1;
+   pkt_hdr->p.error_flags.l4_chksum = 1;


Comment:
error_flags.tcp_err and error_flags.udp_err are part of existing API.

> bogdanPricope wrote
> Cannot avoid the 'ifs'. Final code (not diffs) looks better and easier to 
> understand.


>> bogdanPricope wrote
>> Prints were already there. We only changed the conditions for printing to 
>> highlight the new API.


>>> muvarov wrote
>>> common errors set for tcp and udp here.


 muvarov wrote
 too many ifs overcompicate function and makes it hard to read. Tcp packet 
 and pktin_cfg->bit.udp_chksum=0 in settings will not to tcp 'if' bellow. 


> muvarov wrote
> prints for fast path functions is bad thing. Bellow is print_pkts() which 
>  does all printing. Or we need to move it here at least. Or better to 
> move out all printing from fast path.


https://github.com/Linaro/odp/pull/269#discussion_r149674276
updated_at 2017-11-08 13:57:13

Re: [lng-odp] [PATCH API-NEXT v1] Implement checksum validation status API

[Github ODP bot]

muvarov replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 44
@@ -337,39 +337,62 @@ static struct rte_mempool_ops ops_stack = {
 
 MEMPOOL_REGISTER_OPS(ops_stack);
 
-#define HAS_IP4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_IP_CKSUM_MASK) == f)
+#define IP4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_IP_CKSUM_MASK)
+#define L4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_L4_CKSUM_MASK)
 #define HAS_L4_PROTO(m, proto) ((m->packet_type & RTE_PTYPE_L4_MASK) == proto)
-#define HAS_L4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_L4_CKSUM_MASK) == f)
 
 #define PKTIN_CSUM_BITS 0x1C
 
 static inline int pkt_set_ol_rx(odp_pktin_config_opt_t *pktin_cfg,
odp_packet_hdr_t *pkt_hdr,
struct rte_mbuf *mbuf)
 {
+   uint32_t packet_csum_result;
+
if (pktin_cfg->bit.ipv4_chksum &&
-   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type) &&
-   HAS_IP4_CSUM_FLAG(mbuf, PKT_RX_IP_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_ipv4_err)
-   return -1;
+   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type)) {
+   packet_csum_result = IP4_CSUM_RESULT(mbuf);
+
+   if (packet_csum_result == PKT_RX_IP_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_IP_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_ipv4_err)
+   return -1;
 
-   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.error_flags.l3_chksum = 1;
+   }
}
 
if (pktin_cfg->bit.udp_chksum &&
-   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP) &&
-   HAS_L4_CSUM_FLAG(mbuf, PKT_RX_L4_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_udp_err)
-   return -1;
+   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP)) {


Comment:
@bogdanPricope hm, please skip that comment, logic looks like correct.

> bogdanPricope wrote
> error_flags.tcp_err and error_flags.udp_err are part of existing API.


>> bogdanPricope wrote
>> Cannot avoid the 'ifs'. Final code (not diffs) looks better and easier to 
>> understand.


>>> bogdanPricope wrote
>>> Prints were already there. We only changed the conditions for printing to 
>>> highlight the new API.


 muvarov wrote
 common errors set for tcp and udp here.


> muvarov wrote
> too many ifs overcompicate function and makes it hard to read. Tcp packet 
> and pktin_cfg->bit.udp_chksum=0 in settings will not to tcp 'if' bellow. 


>> muvarov wrote
>> prints for fast path functions is bad thing. Bellow is print_pkts() 
>> which  does all printing. Or we need to move it here at least. Or better 
>> to move out all printing from fast path.


https://github.com/Linaro/odp/pull/269#discussion_r149678060
updated_at 2017-11-08 14:10:55

Re: [lng-odp] [PATCH API-NEXT v1] Implement checksum validation status API

[Github ODP bot]

bogdanPricope replied on github web page:

example/generator/odp_generator.c
line 32
@@ -811,21 +809,14 @@ static int gen_recv_thread(void *arg)
continue;
for (i = 0, pkt_cnt = 0; i < ev_cnt; i++) {
pkt = odp_packet_from_event(events[i]);
-   itf = &itfs[odp_pktio_index(odp_packet_input(pkt))];
 
-   if (odp_packet_has_ipv4(pkt)) {
-   if (itf->config.pktin.bit.ipv4_chksum) {
-   if (odp_packet_has_l3_error(pkt))
-   printf("HW detected L3 
error\n");
-   }
-   }
+   csum_status = odp_packet_l3_chksum_status(pkt);
+   if (csum_status == ODP_PACKET_CHKSUM_BAD)
+   printf("L3 checksum error detected.\n");


Comment:
Prints were already there. We only changed the conditions for printing to 
highlight the new API.

> muvarov wrote
> common errors set for tcp and udp here.


>> muvarov wrote
>> too many ifs overcompicate function and makes it hard to read. Tcp packet 
>> and pktin_cfg->bit.udp_chksum=0 in settings will not to tcp 'if' bellow. 


>>> muvarov wrote
>>> prints for fast path functions is bad thing. Bellow is print_pkts() which  
>>> does all printing. Or we need to move it here at least. Or better to move 
>>> out all printing from fast path.


https://github.com/Linaro/odp/pull/269#discussion_r149672320
updated_at 2017-11-08 13:49:36

Re: [lng-odp] [PATCH API-NEXT v1] Implement checksum validation status API

[Github ODP bot]

bogdanPricope replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 44
@@ -337,39 +337,62 @@ static struct rte_mempool_ops ops_stack = {
 
 MEMPOOL_REGISTER_OPS(ops_stack);
 
-#define HAS_IP4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_IP_CKSUM_MASK) == f)
+#define IP4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_IP_CKSUM_MASK)
+#define L4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_L4_CKSUM_MASK)
 #define HAS_L4_PROTO(m, proto) ((m->packet_type & RTE_PTYPE_L4_MASK) == proto)
-#define HAS_L4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_L4_CKSUM_MASK) == f)
 
 #define PKTIN_CSUM_BITS 0x1C
 
 static inline int pkt_set_ol_rx(odp_pktin_config_opt_t *pktin_cfg,
odp_packet_hdr_t *pkt_hdr,
struct rte_mbuf *mbuf)
 {
+   uint32_t packet_csum_result;
+
if (pktin_cfg->bit.ipv4_chksum &&
-   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type) &&
-   HAS_IP4_CSUM_FLAG(mbuf, PKT_RX_IP_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_ipv4_err)
-   return -1;
+   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type)) {
+   packet_csum_result = IP4_CSUM_RESULT(mbuf);
+
+   if (packet_csum_result == PKT_RX_IP_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_IP_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_ipv4_err)
+   return -1;
 
-   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.error_flags.l3_chksum = 1;
+   }
}
 
if (pktin_cfg->bit.udp_chksum &&
-   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP) &&
-   HAS_L4_CSUM_FLAG(mbuf, PKT_RX_L4_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_udp_err)
-   return -1;
+   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP)) {


Comment:
Cannot avoid the 'ifs'. Final code (not diffs) looks better and easier to 
understand.

> bogdanPricope wrote
> Prints were already there. We only changed the conditions for printing to 
> highlight the new API.


>> muvarov wrote
>> common errors set for tcp and udp here.


>>> muvarov wrote
>>> too many ifs overcompicate function and makes it hard to read. Tcp packet 
>>> and pktin_cfg->bit.udp_chksum=0 in settings will not to tcp 'if' bellow. 


 muvarov wrote
 prints for fast path functions is bad thing. Bellow is print_pkts() which  
 does all printing. Or we need to move it here at least. Or better to move 
 out all printing from fast path.


https://github.com/Linaro/odp/pull/269#discussion_r149673425
updated_at 2017-11-08 13:54:08

Re: [lng-odp] [PATCH API-NEXT v1] Implement checksum validation status API

[Github ODP bot]

muvarov replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 44
@@ -337,39 +337,62 @@ static struct rte_mempool_ops ops_stack = {
 
 MEMPOOL_REGISTER_OPS(ops_stack);
 
-#define HAS_IP4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_IP_CKSUM_MASK) == f)
+#define IP4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_IP_CKSUM_MASK)
+#define L4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_L4_CKSUM_MASK)
 #define HAS_L4_PROTO(m, proto) ((m->packet_type & RTE_PTYPE_L4_MASK) == proto)
-#define HAS_L4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_L4_CKSUM_MASK) == f)
 
 #define PKTIN_CSUM_BITS 0x1C
 
 static inline int pkt_set_ol_rx(odp_pktin_config_opt_t *pktin_cfg,
odp_packet_hdr_t *pkt_hdr,
struct rte_mbuf *mbuf)
 {
+   uint32_t packet_csum_result;
+
if (pktin_cfg->bit.ipv4_chksum &&
-   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type) &&
-   HAS_IP4_CSUM_FLAG(mbuf, PKT_RX_IP_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_ipv4_err)
-   return -1;
+   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type)) {
+   packet_csum_result = IP4_CSUM_RESULT(mbuf);
+
+   if (packet_csum_result == PKT_RX_IP_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_IP_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_ipv4_err)
+   return -1;
 
-   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.error_flags.l3_chksum = 1;
+   }
}
 
if (pktin_cfg->bit.udp_chksum &&
-   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP) &&
-   HAS_L4_CSUM_FLAG(mbuf, PKT_RX_L4_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_udp_err)
-   return -1;
+   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP)) {


Comment:
too many ifs overcompicate function and makes it hard to read. Tcp packet and 
pktin_cfg->bit.udp_chksum=0 in settings will not to tcp 'if' bellow. 

> muvarov wrote
> prints for fast path functions is bad thing. Bellow is print_pkts() which  
> does all printing. Or we need to move it here at least. Or better to move out 
> all printing from fast path.


https://github.com/Linaro/odp/pull/269#discussion_r149668658
updated_at 2017-11-08 13:35:35

Re: [lng-odp] [PATCH API-NEXT v1] Implement checksum validation status API

[Github ODP bot]

muvarov replied on github web page:

platform/linux-generic/pktio/dpdk.c
line 75
@@ -337,39 +337,62 @@ static struct rte_mempool_ops ops_stack = {
 
 MEMPOOL_REGISTER_OPS(ops_stack);
 
-#define HAS_IP4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_IP_CKSUM_MASK) == f)
+#define IP4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_IP_CKSUM_MASK)
+#define L4_CSUM_RESULT(m) (m->ol_flags & PKT_RX_L4_CKSUM_MASK)
 #define HAS_L4_PROTO(m, proto) ((m->packet_type & RTE_PTYPE_L4_MASK) == proto)
-#define HAS_L4_CSUM_FLAG(m, f) ((m->ol_flags & PKT_RX_L4_CKSUM_MASK) == f)
 
 #define PKTIN_CSUM_BITS 0x1C
 
 static inline int pkt_set_ol_rx(odp_pktin_config_opt_t *pktin_cfg,
odp_packet_hdr_t *pkt_hdr,
struct rte_mbuf *mbuf)
 {
+   uint32_t packet_csum_result;
+
if (pktin_cfg->bit.ipv4_chksum &&
-   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type) &&
-   HAS_IP4_CSUM_FLAG(mbuf, PKT_RX_IP_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_ipv4_err)
-   return -1;
+   RTE_ETH_IS_IPV4_HDR(mbuf->packet_type)) {
+   packet_csum_result = IP4_CSUM_RESULT(mbuf);
+
+   if (packet_csum_result == PKT_RX_IP_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_IP_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_ipv4_err)
+   return -1;
 
-   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.input_flags.l3_chksum_done = 1;
+   pkt_hdr->p.error_flags.ip_err = 1;
+   pkt_hdr->p.error_flags.l3_chksum = 1;
+   }
}
 
if (pktin_cfg->bit.udp_chksum &&
-   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP) &&
-   HAS_L4_CSUM_FLAG(mbuf, PKT_RX_L4_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_udp_err)
-   return -1;
+   HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_UDP)) {
+   packet_csum_result = L4_CSUM_RESULT(mbuf);
 
-   pkt_hdr->p.error_flags.udp_err = 1;
+   if (packet_csum_result == PKT_RX_L4_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l4_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_L4_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_udp_err)
+   return -1;
+
+   pkt_hdr->p.input_flags.l4_chksum_done = 1;
+   pkt_hdr->p.error_flags.udp_err = 1;
+   pkt_hdr->p.error_flags.l4_chksum = 1;
+   }
} else if (pktin_cfg->bit.tcp_chksum &&
-  HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_TCP)  &&
-  HAS_L4_CSUM_FLAG(mbuf, PKT_RX_L4_CKSUM_BAD)) {
-   if (pktin_cfg->bit.drop_tcp_err)
-   return -1;
+  HAS_L4_PROTO(mbuf, RTE_PTYPE_L4_TCP)) {
+   packet_csum_result = L4_CSUM_RESULT(mbuf);
 
-   pkt_hdr->p.error_flags.tcp_err = 1;
+   if (packet_csum_result == PKT_RX_L4_CKSUM_GOOD) {
+   pkt_hdr->p.input_flags.l4_chksum_done = 1;
+   } else if (packet_csum_result != PKT_RX_L4_CKSUM_UNKNOWN) {
+   if (pktin_cfg->bit.drop_tcp_err)
+   return -1;
+
+   pkt_hdr->p.input_flags.l4_chksum_done = 1;
+   pkt_hdr->p.error_flags.tcp_err = 1;
+   pkt_hdr->p.error_flags.l4_chksum = 1;


Comment:
common errors set for tcp and udp here.

> muvarov wrote
> too many ifs overcompicate function and makes it hard to read. Tcp packet and 
> pktin_cfg->bit.udp_chksum=0 in settings will not to tcp 'if' bellow. 


>> muvarov wrote
>> prints for fast path functions is bad thing. Bellow is print_pkts() which  
>> does all printing. Or we need to move it here at least. Or better to move 
>> out all printing from fast path.


https://github.com/Linaro/odp/pull/269#discussion_r149668733
updated_at 2017-11-08 13:35:35

Re: [lng-odp] [PATCH API-NEXT v1] Implement checksum validation status API

[Github ODP bot]

muvarov replied on github web page:

example/generator/odp_generator.c
line 32
@@ -811,21 +809,14 @@ static int gen_recv_thread(void *arg)
continue;
for (i = 0, pkt_cnt = 0; i < ev_cnt; i++) {
pkt = odp_packet_from_event(events[i]);
-   itf = &itfs[odp_pktio_index(odp_packet_input(pkt))];
 
-   if (odp_packet_has_ipv4(pkt)) {
-   if (itf->config.pktin.bit.ipv4_chksum) {
-   if (odp_packet_has_l3_error(pkt))
-   printf("HW detected L3 
error\n");
-   }
-   }
+   csum_status = odp_packet_l3_chksum_status(pkt);
+   if (csum_status == ODP_PACKET_CHKSUM_BAD)
+   printf("L3 checksum error detected.\n");


Comment:
prints for fast path functions is bad thing. Bellow is print_pkts() which  does 
all printing. Or we need to move it here at least. Or better to move out all 
printing from fast path.

https://github.com/Linaro/odp/pull/269#discussion_r149664648
updated_at 2017-11-08 13:35:34

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

muvarov replied on github web page:

include/odp/api/spec/packet.h
line 59
@@ -1140,6 +1179,82 @@ int odp_packet_move_data(odp_packet_t pkt, uint32_t 
dst_offset,
  */
 
 /**
+ * Packet parse parameters
+ */
+typedef struct odp_packet_parse_param_t {
+   /** Protocol header at parse starting point. Valid values for this
+*  field are: ODP_PROTO_ETH, ODP_PROTO_IPV4, ODP_PROTO_IPV6. */
+   odp_proto_t proto;
+
+   /** Continue parsing until this layer. Must be the same or higher
+*  layer than the layer of 'proto'. */
+   odp_proto_layer_t layer;


Comment:
it looks like 2 enums are not needed here. odp_proto_layet_t  layer_start; and  
odp_proto_layet_t  layer_end;  and one enum for layers.

> muvarov wrote
> maybe return number of correctly parsed packets? And say that parsing always 
> starts from be beginning of array. 


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> +1 since other checksum APIs refer to L3 and L4 rather than specific 
>> protocols. 


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> What about just `l3_chksum`, and `l4_chksum`? 


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 Now that we have a `param` struct we should have an 
 `odp_packet_parse_param_init()` API as well for completeness.


> Dmitry Eremin-Solenikov(lumag) wrote:
> @Bill-Fischofer-Linaro Because it is a parsing error, if lower layer 
> provides us IP version that does not correspond to the in-packet version. 
> We should detect that, rather than silently parsing this header.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> I'm not sure why an API named `odp_packet_parse()` needs help here. It's 
>> purpose, after all, is to parse packets and determining IPv4 vs IPv6 is 
>> part of that activity. Moreover, the only way an application can inspect 
>> the IP header is to access it via other ODP API calls, so I don't see 
>> how asking the application to do this is any better than having the 
>> `odp_packet_parse()` implementation do this itself. What's the purpose 
>> of having a parse API in that case since clearly the application could 
>> parse the entire packet "by hand" as well.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> Failure needs to be defined in a more precise way (and maybe for a 
>>> single packet case). I assume that it means internal ODP error, rather 
>>> than just packet with wrong headers. What happens in multi-packet case 
>>> if failure occurs in the middle of parsing?


 Dmitry Eremin-Solenikov(lumag) wrote:
 @psavol Also for multi-packet parsing, we can change `proto` to be an 
 array, allowing applications to easily intermix IPv4 and IPv6 packets.


> Dmitry Eremin-Solenikov(lumag) wrote:
> @psavol yes. I just wanted to focus on cases, when passing packet 
> with wrong protocol is an error. E.g. IPv6 packet inside IPsec packet 
> with NH = 4. So it is not a question of selecting proper L3 parser, 
> but rather a question of nailing down error/malicious packets.


>> Petri Savolainen(psavol) wrote:
>> It's there to enable application to call parsing in parts - e.g. 
>> first up to IP and then continue from L4. But since IP and transport 
>> protocols are tied together with pseudo headers, it's cleaner to 
>> remove L4 as a starting point. 


>>> Petri Savolainen(psavol) wrote:
>>> First bits of an IP header marks the version. So, it would be 
>>> trivial for both app and implementation to read the version from 
>>> the data. Common IP define is easier for application when a burst 
>>> of packets may contain both v4 and v6 mixed. Application does not 
>>> need to sort  packets into two arrays (one for v4 and other for v6) 
>>> but just pass the entire array for parsing.
>>> 
>>> There are three ways to define the enumeration: IP, IPv4+IPv6, 
>>> IP+IPv4+IPv6. I'm OK with any of those. IPv4+IPv6 would be a bit 
>>> more robust since version information comes from two sources.


 Dmitry Eremin-Solenikov(lumag) wrote:
 I felt easier to reparse both L3 and L4 headers in IPsec case, 
 especially since transport mode ESP can en/decrypt some of L3 
 headers in IPv6 case. 


> Dmitry Eremin-Solenikov(lumag) wrote:
> @Bill-Fischofer-Linaro In IPsec case Next Header field will 
> contain 4 for IPv4 and 41 for IPv6.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> That might be overly complicated since until a decrypted tunnel 
>> mode IPsec packet is parsed you don't know whether it's IPv4 or 
>> IPv6. It's parsing that makes that determination.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> @lumag IPsec operating in transport mode 

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

muvarov replied on github web page:

include/odp/api/spec/packet.h
@@ -1140,6 +1185,48 @@ int odp_packet_move_data(odp_packet_t pkt, uint32_t 
dst_offset,
  */
 
 /**
+ * Parse packet
+ *
+ * Parse protocol headers in packet data. Parsing starts at 'offset', which
+ * is the first header byte of protocol 'proto'. Parameter 'layer' defines the
+ * last layer application is interested about. Use ODP_PROTO_LAYER_ALL for all
+ * layers. The operation sets or resets packet metadata for all layers from
+ * the layer of 'proto' to the application defined last layer. Metadata of
+ * other layers have undefined values.
+ *
+ * @param pkt Packet handle
+ * @param offset  Byte offset into the packet
+ * @param proto   Protocol of the header starting at 'offset'
+ * @param layer   Continue parsing until this layer. Must be the same or higher
+ *layer than the layer of 'proto'.
+ *
+ * @retval 0 on success
+ * @retval <0 on failure
+ */
+int odp_packet_parse(odp_packet_t pkt, uint32_t offset, odp_proto_t proto,
+odp_proto_layer_t layer);
+
+/**
+ * Parse multiple packets
+ *
+ * Otherwise like odp_packet_parse(), but parses multiple packets. Packets may
+ * have unique offsets, but must start with the same protocol. Also, packets 
are
+ * parsed up to the same protocol layer.
+ *
+ * @param pkt Packet handle array
+ * @param offset  Byte offsets into the packets
+ * @param num Number of packets and offsets
+ * @param proto   Protocol of the header starting at 'offset'
+ * @param layer   Continue parsing until this layer. Must be the same or higher
+ *layer than the layer of 'proto'.
+ *
+ * @retval 0 on success
+ * @retval <0 on failure
+ */
+int odp_packet_parse_multi(const odp_packet_t pkt[], const uint32_t offset[],
+  int num, odp_proto_t proto, odp_proto_layer_t layer);
+


Comment:
maybe return number of correctly parsed packets? And say that parsing always 
starts from be beginning of array. 

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> +1 since other checksum APIs refer to L3 and L4 rather than specific 
> protocols. 


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> What about just `l3_chksum`, and `l4_chksum`? 


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> Now that we have a `param` struct we should have an 
>>> `odp_packet_parse_param_init()` API as well for completeness.


 Dmitry Eremin-Solenikov(lumag) wrote:
 @Bill-Fischofer-Linaro Because it is a parsing error, if lower layer 
 provides us IP version that does not correspond to the in-packet version. 
 We should detect that, rather than silently parsing this header.


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> I'm not sure why an API named `odp_packet_parse()` needs help here. It's 
> purpose, after all, is to parse packets and determining IPv4 vs IPv6 is 
> part of that activity. Moreover, the only way an application can inspect 
> the IP header is to access it via other ODP API calls, so I don't see how 
> asking the application to do this is any better than having the 
> `odp_packet_parse()` implementation do this itself. What's the purpose of 
> having a parse API in that case since clearly the application could parse 
> the entire packet "by hand" as well.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> Failure needs to be defined in a more precise way (and maybe for a 
>> single packet case). I assume that it means internal ODP error, rather 
>> than just packet with wrong headers. What happens in multi-packet case 
>> if failure occurs in the middle of parsing?


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @psavol Also for multi-packet parsing, we can change `proto` to be an 
>>> array, allowing applications to easily intermix IPv4 and IPv6 packets.


 Dmitry Eremin-Solenikov(lumag) wrote:
 @psavol yes. I just wanted to focus on cases, when passing packet with 
 wrong protocol is an error. E.g. IPv6 packet inside IPsec packet with 
 NH = 4. So it is not a question of selecting proper L3 parser, but 
 rather a question of nailing down error/malicious packets.


> Petri Savolainen(psavol) wrote:
> It's there to enable application to call parsing in parts - e.g. 
> first up to IP and then continue from L4. But since IP and transport 
> protocols are tied together with pseudo headers, it's cleaner to 
> remove L4 as a starting point. 


>> Petri Savolainen(psavol) wrote:
>> First bits of an IP header marks the version. So, it would be 
>> trivial for both app and implementation to read the version from the 
>> data. Common IP define is easier for application when a burst of 
>> packets may contain both v4 and v6 mixed. Application does not need 
>> to sort  packets into two arrays (one for v4 and other for v6) but 
>> just pass the 

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

include/odp/api/spec/packet.h
line 74
@@ -1140,6 +1179,82 @@ int odp_packet_move_data(odp_packet_t pkt, uint32_t 
dst_offset,
  */
 
 /**
+ * Packet parse parameters
+ */
+typedef struct odp_packet_parse_param_t {
+   /** Protocol header at parse starting point. Valid values for this
+*  field are: ODP_PROTO_ETH, ODP_PROTO_IPV4, ODP_PROTO_IPV6. */
+   odp_proto_t proto;
+
+   /** Continue parsing until this layer. Must be the same or higher
+*  layer than the layer of 'proto'. */
+   odp_proto_layer_t layer;
+
+   /** Flags to control payload data checks up to the selected parse
+*  layer. Checksum checking status can be queried for each packet with
+*  odp_packet_l3_chksum_status() and odp_packet_l4_chksum_status().
+*/
+   union {
+   struct {
+   /** Check IPv4 header checksum */
+   uint32_t ipv4_chksum   : 1;
+
+   /** Check UDP checksum */
+   uint32_t udp_chksum: 1;
+
+   /** Check TCP checksum */
+   uint32_t tcp_chksum: 1;


Comment:
+1 since other checksum APIs refer to L3 and L4 rather than specific protocols. 

> Dmitry Eremin-Solenikov(lumag) wrote:
> What about just `l3_chksum`, and `l4_chksum`? 


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Now that we have a `param` struct we should have an 
>> `odp_packet_parse_param_init()` API as well for completeness.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @Bill-Fischofer-Linaro Because it is a parsing error, if lower layer 
>>> provides us IP version that does not correspond to the in-packet version. 
>>> We should detect that, rather than silently parsing this header.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 I'm not sure why an API named `odp_packet_parse()` needs help here. It's 
 purpose, after all, is to parse packets and determining IPv4 vs IPv6 is 
 part of that activity. Moreover, the only way an application can inspect 
 the IP header is to access it via other ODP API calls, so I don't see how 
 asking the application to do this is any better than having the 
 `odp_packet_parse()` implementation do this itself. What's the purpose of 
 having a parse API in that case since clearly the application could parse 
 the entire packet "by hand" as well.


> Dmitry Eremin-Solenikov(lumag) wrote:
> Failure needs to be defined in a more precise way (and maybe for a single 
> packet case). I assume that it means internal ODP error, rather than just 
> packet with wrong headers. What happens in multi-packet case if failure 
> occurs in the middle of parsing?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @psavol Also for multi-packet parsing, we can change `proto` to be an 
>> array, allowing applications to easily intermix IPv4 and IPv6 packets.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @psavol yes. I just wanted to focus on cases, when passing packet with 
>>> wrong protocol is an error. E.g. IPv6 packet inside IPsec packet with 
>>> NH = 4. So it is not a question of selecting proper L3 parser, but 
>>> rather a question of nailing down error/malicious packets.


 Petri Savolainen(psavol) wrote:
 It's there to enable application to call parsing in parts - e.g. first 
 up to IP and then continue from L4. But since IP and transport 
 protocols are tied together with pseudo headers, it's cleaner to 
 remove L4 as a starting point. 


> Petri Savolainen(psavol) wrote:
> First bits of an IP header marks the version. So, it would be trivial 
> for both app and implementation to read the version from the data. 
> Common IP define is easier for application when a burst of packets 
> may contain both v4 and v6 mixed. Application does not need to sort  
> packets into two arrays (one for v4 and other for v6) but just pass 
> the entire array for parsing.
> 
> There are three ways to define the enumeration: IP, IPv4+IPv6, 
> IP+IPv4+IPv6. I'm OK with any of those. IPv4+IPv6 would be a bit more 
> robust since version information comes from two sources.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> I felt easier to reparse both L3 and L4 headers in IPsec case, 
>> especially since transport mode ESP can en/decrypt some of L3 
>> headers in IPv6 case. 


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @Bill-Fischofer-Linaro In IPsec case Next Header field will contain 
>>> 4 for IPv4 and 41 for IPv6.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 That might be overly complicated since until a decrypted tunnel 
 mode IPsec packet is parsed you don't know whether it's IPv4

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

include/odp/api/spec/packet.h
line 74
@@ -1140,6 +1179,82 @@ int odp_packet_move_data(odp_packet_t pkt, uint32_t 
dst_offset,
  */
 
 /**
+ * Packet parse parameters
+ */
+typedef struct odp_packet_parse_param_t {
+   /** Protocol header at parse starting point. Valid values for this
+*  field are: ODP_PROTO_ETH, ODP_PROTO_IPV4, ODP_PROTO_IPV6. */
+   odp_proto_t proto;
+
+   /** Continue parsing until this layer. Must be the same or higher
+*  layer than the layer of 'proto'. */
+   odp_proto_layer_t layer;
+
+   /** Flags to control payload data checks up to the selected parse
+*  layer. Checksum checking status can be queried for each packet with
+*  odp_packet_l3_chksum_status() and odp_packet_l4_chksum_status().
+*/
+   union {
+   struct {
+   /** Check IPv4 header checksum */
+   uint32_t ipv4_chksum   : 1;
+
+   /** Check UDP checksum */
+   uint32_t udp_chksum: 1;
+
+   /** Check TCP checksum */
+   uint32_t tcp_chksum: 1;


Comment:
What about just `l3_chksum`, and `l4_chksum`? 

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Now that we have a `param` struct we should have an 
> `odp_packet_parse_param_init()` API as well for completeness.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @Bill-Fischofer-Linaro Because it is a parsing error, if lower layer 
>> provides us IP version that does not correspond to the in-packet version. We 
>> should detect that, rather than silently parsing this header.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> I'm not sure why an API named `odp_packet_parse()` needs help here. It's 
>>> purpose, after all, is to parse packets and determining IPv4 vs IPv6 is 
>>> part of that activity. Moreover, the only way an application can inspect 
>>> the IP header is to access it via other ODP API calls, so I don't see how 
>>> asking the application to do this is any better than having the 
>>> `odp_packet_parse()` implementation do this itself. What's the purpose of 
>>> having a parse API in that case since clearly the application could parse 
>>> the entire packet "by hand" as well.


 Dmitry Eremin-Solenikov(lumag) wrote:
 Failure needs to be defined in a more precise way (and maybe for a single 
 packet case). I assume that it means internal ODP error, rather than just 
 packet with wrong headers. What happens in multi-packet case if failure 
 occurs in the middle of parsing?


> Dmitry Eremin-Solenikov(lumag) wrote:
> @psavol Also for multi-packet parsing, we can change `proto` to be an 
> array, allowing applications to easily intermix IPv4 and IPv6 packets.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @psavol yes. I just wanted to focus on cases, when passing packet with 
>> wrong protocol is an error. E.g. IPv6 packet inside IPsec packet with NH 
>> = 4. So it is not a question of selecting proper L3 parser, but rather a 
>> question of nailing down error/malicious packets.


>>> Petri Savolainen(psavol) wrote:
>>> It's there to enable application to call parsing in parts - e.g. first 
>>> up to IP and then continue from L4. But since IP and transport 
>>> protocols are tied together with pseudo headers, it's cleaner to remove 
>>> L4 as a starting point. 


 Petri Savolainen(psavol) wrote:
 First bits of an IP header marks the version. So, it would be trivial 
 for both app and implementation to read the version from the data. 
 Common IP define is easier for application when a burst of packets may 
 contain both v4 and v6 mixed. Application does not need to sort  
 packets into two arrays (one for v4 and other for v6) but just pass 
 the entire array for parsing.
 
 There are three ways to define the enumeration: IP, IPv4+IPv6, 
 IP+IPv4+IPv6. I'm OK with any of those. IPv4+IPv6 would be a bit more 
 robust since version information comes from two sources.


> Dmitry Eremin-Solenikov(lumag) wrote:
> I felt easier to reparse both L3 and L4 headers in IPsec case, 
> especially since transport mode ESP can en/decrypt some of L3 headers 
> in IPv6 case. 


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @Bill-Fischofer-Linaro In IPsec case Next Header field will contain 
>> 4 for IPv4 and 41 for IPv6.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> That might be overly complicated since until a decrypted tunnel 
>>> mode IPsec packet is parsed you don't know whether it's IPv4 or 
>>> IPv6. It's parsing that makes that determination.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 @lumag IPsec operating in transport mode is, I'

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

include/odp/api/spec/packet.h
line 83
@@ -1140,6 +1179,82 @@ int odp_packet_move_data(odp_packet_t pkt, uint32_t 
dst_offset,
  */
 
 /**
+ * Packet parse parameters
+ */
+typedef struct odp_packet_parse_param_t {
+   /** Protocol header at parse starting point. Valid values for this
+*  field are: ODP_PROTO_ETH, ODP_PROTO_IPV4, ODP_PROTO_IPV6. */
+   odp_proto_t proto;
+
+   /** Continue parsing until this layer. Must be the same or higher
+*  layer than the layer of 'proto'. */
+   odp_proto_layer_t layer;
+
+   /** Flags to control payload data checks up to the selected parse
+*  layer. Checksum checking status can be queried for each packet with
+*  odp_packet_l3_chksum_status() and odp_packet_l4_chksum_status().
+*/
+   union {
+   struct {
+   /** Check IPv4 header checksum */
+   uint32_t ipv4_chksum   : 1;
+
+   /** Check UDP checksum */
+   uint32_t udp_chksum: 1;
+
+   /** Check TCP checksum */
+   uint32_t tcp_chksum: 1;
+
+   } check;
+
+   /** All check bits. This can be used to set/clear all flags. */
+   uint32_t all_check;
+   };
+
+} odp_packet_parse_param_t;
+


Comment:
Now that we have a `param` struct we should have an 
`odp_packet_parse_param_init()` API as well for completeness.

> Dmitry Eremin-Solenikov(lumag) wrote:
> @Bill-Fischofer-Linaro Because it is a parsing error, if lower layer provides 
> us IP version that does not correspond to the in-packet version. We should 
> detect that, rather than silently parsing this header.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> I'm not sure why an API named `odp_packet_parse()` needs help here. It's 
>> purpose, after all, is to parse packets and determining IPv4 vs IPv6 is part 
>> of that activity. Moreover, the only way an application can inspect the IP 
>> header is to access it via other ODP API calls, so I don't see how asking 
>> the application to do this is any better than having the 
>> `odp_packet_parse()` implementation do this itself. What's the purpose of 
>> having a parse API in that case since clearly the application could parse 
>> the entire packet "by hand" as well.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> Failure needs to be defined in a more precise way (and maybe for a single 
>>> packet case). I assume that it means internal ODP error, rather than just 
>>> packet with wrong headers. What happens in multi-packet case if failure 
>>> occurs in the middle of parsing?


 Dmitry Eremin-Solenikov(lumag) wrote:
 @psavol Also for multi-packet parsing, we can change `proto` to be an 
 array, allowing applications to easily intermix IPv4 and IPv6 packets.


> Dmitry Eremin-Solenikov(lumag) wrote:
> @psavol yes. I just wanted to focus on cases, when passing packet with 
> wrong protocol is an error. E.g. IPv6 packet inside IPsec packet with NH 
> = 4. So it is not a question of selecting proper L3 parser, but rather a 
> question of nailing down error/malicious packets.


>> Petri Savolainen(psavol) wrote:
>> It's there to enable application to call parsing in parts - e.g. first 
>> up to IP and then continue from L4. But since IP and transport protocols 
>> are tied together with pseudo headers, it's cleaner to remove L4 as a 
>> starting point. 


>>> Petri Savolainen(psavol) wrote:
>>> First bits of an IP header marks the version. So, it would be trivial 
>>> for both app and implementation to read the version from the data. 
>>> Common IP define is easier for application when a burst of packets may 
>>> contain both v4 and v6 mixed. Application does not need to sort  
>>> packets into two arrays (one for v4 and other for v6) but just pass the 
>>> entire array for parsing.
>>> 
>>> There are three ways to define the enumeration: IP, IPv4+IPv6, 
>>> IP+IPv4+IPv6. I'm OK with any of those. IPv4+IPv6 would be a bit more 
>>> robust since version information comes from two sources.


 Dmitry Eremin-Solenikov(lumag) wrote:
 I felt easier to reparse both L3 and L4 headers in IPsec case, 
 especially since transport mode ESP can en/decrypt some of L3 headers 
 in IPv6 case. 


> Dmitry Eremin-Solenikov(lumag) wrote:
> @Bill-Fischofer-Linaro In IPsec case Next Header field will contain 4 
> for IPv4 and 41 for IPv6.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> That might be overly complicated since until a decrypted tunnel mode 
>> IPsec packet is parsed you don't know whether it's IPv4 or IPv6. 
>> It's parsing that makes that determination.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> @lumag

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

include/odp/api/spec/packet.h
@@ -71,6 +71,51 @@ extern "C" {
   * Packet is red
   */
 
+/**
+ * Protocol
+ */
+typedef enum odp_proto_t {
+   /** No protocol defined */
+   ODP_PROTO_NONE = 0,
+
+   /** Ethernet (including VLAN) */
+   ODP_PROTO_ETH,
+
+   /** IP (including IPv4 and IPv6) */


Comment:
@Bill-Fischofer-Linaro Because it is a parsing error, if lower layer provides 
us IP version that does not correspond to the in-packet version. We should 
detect that, rather than silently parsing this header.

> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> I'm not sure why an API named `odp_packet_parse()` needs help here. It's 
> purpose, after all, is to parse packets and determining IPv4 vs IPv6 is part 
> of that activity. Moreover, the only way an application can inspect the IP 
> header is to access it via other ODP API calls, so I don't see how asking the 
> application to do this is any better than having the `odp_packet_parse()` 
> implementation do this itself. What's the purpose of having a parse API in 
> that case since clearly the application could parse the entire packet "by 
> hand" as well.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> Failure needs to be defined in a more precise way (and maybe for a single 
>> packet case). I assume that it means internal ODP error, rather than just 
>> packet with wrong headers. What happens in multi-packet case if failure 
>> occurs in the middle of parsing?


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @psavol Also for multi-packet parsing, we can change `proto` to be an 
>>> array, allowing applications to easily intermix IPv4 and IPv6 packets.


 Dmitry Eremin-Solenikov(lumag) wrote:
 @psavol yes. I just wanted to focus on cases, when passing packet with 
 wrong protocol is an error. E.g. IPv6 packet inside IPsec packet with NH = 
 4. So it is not a question of selecting proper L3 parser, but rather a 
 question of nailing down error/malicious packets.


> Petri Savolainen(psavol) wrote:
> It's there to enable application to call parsing in parts - e.g. first up 
> to IP and then continue from L4. But since IP and transport protocols are 
> tied together with pseudo headers, it's cleaner to remove L4 as a 
> starting point. 


>> Petri Savolainen(psavol) wrote:
>> First bits of an IP header marks the version. So, it would be trivial 
>> for both app and implementation to read the version from the data. 
>> Common IP define is easier for application when a burst of packets may 
>> contain both v4 and v6 mixed. Application does not need to sort  packets 
>> into two arrays (one for v4 and other for v6) but just pass the entire 
>> array for parsing.
>> 
>> There are three ways to define the enumeration: IP, IPv4+IPv6, 
>> IP+IPv4+IPv6. I'm OK with any of those. IPv4+IPv6 would be a bit more 
>> robust since version information comes from two sources.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> I felt easier to reparse both L3 and L4 headers in IPsec case, 
>>> especially since transport mode ESP can en/decrypt some of L3 headers 
>>> in IPv6 case. 


 Dmitry Eremin-Solenikov(lumag) wrote:
 @Bill-Fischofer-Linaro In IPsec case Next Header field will contain 4 
 for IPv4 and 41 for IPv6.


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> That might be overly complicated since until a decrypted tunnel mode 
> IPsec packet is parsed you don't know whether it's IPv4 or IPv6. It's 
> parsing that makes that determination.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> @lumag IPsec operating in transport mode is, I'd imagine, the main 
>> use case here.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> What is the usecase for parsing a packet starting from L4 header? 
>>> Also there are several (lots) of other L4 protocols. Do we want to 
>>> support them all here?


 Dmitry Eremin-Solenikov(lumag) wrote:
 Maybe it would be better to split this into separate IPv4 and IPv6 
 packets. It would be an error to pass IPv6 packet with ethtype (or 
 IP tunnel type) being set to IPv4. 


> Petri Savolainen(psavol) wrote:
> A vector of packets is CPU vector instructions friendly.


>> Petri Savolainen(psavol) wrote:
>> The use case is mentioned in log message: parse after decrypt/IP 
>> reassembly. Application has recreated an inner packet and needs 
>> to parse it before continue. This is inherently SW parse which 
>> may be accelerated with CPU vector instructions, etc.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> What's the use case for a multi() form of this API? Might VPP 
>>> use it? Perh

Re: [lng-odp] [PATCH API-NEXT v2] api: packet parse functions

[Github ODP bot]

Bill Fischofer(Bill-Fischofer-Linaro) replied on github web page:

include/odp/api/spec/packet.h
@@ -71,6 +71,51 @@ extern "C" {
   * Packet is red
   */
 
+/**
+ * Protocol
+ */
+typedef enum odp_proto_t {
+   /** No protocol defined */
+   ODP_PROTO_NONE = 0,
+
+   /** Ethernet (including VLAN) */
+   ODP_PROTO_ETH,
+
+   /** IP (including IPv4 and IPv6) */


Comment:
I'm not sure why an API named `odp_packet_parse()` needs help here. It's 
purpose, after all, is to parse packets and determining IPv4 vs IPv6 is part of 
that activity. Moreover, the only way an application can inspect the IP header 
is to access it via other ODP API calls, so I don't see how asking the 
application to do this is any better than having the `odp_packet_parse()` 
implementation do this itself. What's the purpose of having a parse API in that 
case since clearly the application could parse the entire packet "by hand" as 
well.

> Dmitry Eremin-Solenikov(lumag) wrote:
> Failure needs to be defined in a more precise way (and maybe for a single 
> packet case). I assume that it means internal ODP error, rather than just 
> packet with wrong headers. What happens in multi-packet case if failure 
> occurs in the middle of parsing?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @psavol Also for multi-packet parsing, we can change `proto` to be an array, 
>> allowing applications to easily intermix IPv4 and IPv6 packets.


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @psavol yes. I just wanted to focus on cases, when passing packet with 
>>> wrong protocol is an error. E.g. IPv6 packet inside IPsec packet with NH = 
>>> 4. So it is not a question of selecting proper L3 parser, but rather a 
>>> question of nailing down error/malicious packets.


 Petri Savolainen(psavol) wrote:
 It's there to enable application to call parsing in parts - e.g. first up 
 to IP and then continue from L4. But since IP and transport protocols are 
 tied together with pseudo headers, it's cleaner to remove L4 as a starting 
 point. 


> Petri Savolainen(psavol) wrote:
> First bits of an IP header marks the version. So, it would be trivial for 
> both app and implementation to read the version from the data. Common IP 
> define is easier for application when a burst of packets may contain both 
> v4 and v6 mixed. Application does not need to sort  packets into two 
> arrays (one for v4 and other for v6) but just pass the entire array for 
> parsing.
> 
> There are three ways to define the enumeration: IP, IPv4+IPv6, 
> IP+IPv4+IPv6. I'm OK with any of those. IPv4+IPv6 would be a bit more 
> robust since version information comes from two sources.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> I felt easier to reparse both L3 and L4 headers in IPsec case, 
>> especially since transport mode ESP can en/decrypt some of L3 headers in 
>> IPv6 case. 


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> @Bill-Fischofer-Linaro In IPsec case Next Header field will contain 4 
>>> for IPv4 and 41 for IPv6.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 That might be overly complicated since until a decrypted tunnel mode 
 IPsec packet is parsed you don't know whether it's IPv4 or IPv6. It's 
 parsing that makes that determination.


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> @lumag IPsec operating in transport mode is, I'd imagine, the main 
> use case here.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> What is the usecase for parsing a packet starting from L4 header? 
>> Also there are several (lots) of other L4 protocols. Do we want to 
>> support them all here?


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> Maybe it would be better to split this into separate IPv4 and IPv6 
>>> packets. It would be an error to pass IPv6 packet with ethtype (or 
>>> IP tunnel type) being set to IPv4. 


 Petri Savolainen(psavol) wrote:
 A vector of packets is CPU vector instructions friendly.


> Petri Savolainen(psavol) wrote:
> The use case is mentioned in log message: parse after decrypt/IP 
> reassembly. Application has recreated an inner packet and needs 
> to parse it before continue. This is inherently SW parse which 
> may be accelerated with CPU vector instructions, etc.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> What's the use case for a multi() form of this API? Might VPP 
>> use it? Perhaps Sachin can comment?


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> We had considered an `odp_packet_parse()` function some time 
>>> back but it was rejected as something that would not fit well 
>>> with hardware parsers. What's changed?


https://github.com/Linaro/od

Re: [lng-odp] [PATCH API-NEXT v2] api: random early detection and back pressure

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

platform/linux-generic/include/odp/api/std_types.h
line 6
@@ -29,6 +29,8 @@ extern "C" {
 
 typedef int odp_bool_t;
 
+typedef uint16_t odp_percent_t;
+
 /**


Comment:
No, `odp_bool_t` exact implementation is not part of the spec, as it is part of 
platform ABI. Percent type is just data, so from my point of view it should not 
be a part of ABI, but rather be a part of API spec.

> Balasubramanian Manoharan(bala-manoharan) wrote:
> They typedef for odp_bool_t is still under platform/linux-generic directory 
> hence I had this here. I am fine pushing this to spec/std_types.h but is 
> odp_bool_t going to be moved later?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> @bala-manoharan  @Bill-Fischofer-Linaro In my opinion, let's just push it 
>> into `odp/api/spec/std_types.h`.


>>> Balasubramanian Manoharan(bala-manoharan) wrote:
>>> Oops. Will take care of that in next version.


 Balasubramanian Manoharan(bala-manoharan) wrote:
 I felt using a bitfield is more useful in exposing the platform capability 
 whereas using an enum makes more sense during configuration. I am open for 
 suggestions along these lines.


> Balasubramanian Manoharan(bala-manoharan) wrote:
> Back pressure is to indicate the remote peer that there is a network 
> congestion on this particular flow. Whether the remote peer takes 
> respective action is beyond the scope of this RFC.


>> Balasubramanian Manoharan(bala-manoharan) wrote:
>> NXP is implementing RED at queue level. Hence I had added this based on 
>> the feedback from Nikhil.


>>> Balasubramanian Manoharan(bala-manoharan) wrote:
>>> The previous PR was handling this RED and BP at cos level. There were 
>>> some concerns from NXP since CoS is a logical entity and application 
>>> configuration should make sure that multiple CoS with different RED 
>>> configuration should not direct to the same pool or queue.
>>> 
>>> HW implements the RED and BP effectively either at the pool or the 
>>> queue.
>>> Since a pool represents the real bottleneck for resource exhausion and 
>>> packet drop.
>>>  We can discuss further in todays Public call.


 Balasubramanian Manoharan(bala-manoharan) wrote:
 The implementation provides preference whether the RED and BP are 
 configured either in pool or queue and provide support for which 
 threshold method is supported using capability.
 I believe this is sufficient from the implementation point of view.


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Adding new files requires updates to the various Makefile.am and 
> related autotools. That's why Travis is reporting failures since 
> these new files aren't able to be found / used.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Need to clarify under what conditions RED (and BP) apply to pools. 
>> If an application calls `odp_packet_alloc()` that should either 
>> succeed or fail. "Drop probability" doesn't make any obvious sense 
>> here. Tying these concepts to `odp_pktio_t` configurations seems 
>> more in keeping with what's needed, but I understand the 
>> difficulties that that caused in the previous PR.
>> 
>> Perhaps tying this to a `odp_cos_t` might work? An `odp_cos_t` has 
>> an associated queue and pool and these can then be viewed as 
>> admission controls to packets being added to a CoS. That would mean 
>> that these features would only be applicable if the classifier is 
>> being used, but is that a significant drawback since we want to 
>> encourage its use anyway?


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> Back pressure in this context presumably means that 
>>> `odp_queue_enq()` calls stall until the back pressure is relieved. 
>>> Not sure if that's what's really desired for queues in general.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 RED for a queue in doesn't seem to make sense for queues in 
 general. RED is used for admission control, which is why it's tied 
 to PktIOs. If an application calls `odp_queue_enq()` that should 
 either succeed or fail. A "drop probability" doesn't make sense 
 here. We need to clarify that somehow and I'm not sure how that 
 can be done without tying the configuration back to an 
 `odp_pktio_t`.


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Same comment as for pools. It would seem these should be 
> individual `odp_support_t` indications.


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Wouldn't these be better done as individual `odp_support_t` 
>> configurations? That way impleme

Re: [lng-odp] [PATCH API-NEXT v2] api: random early detection and back pressure

[Github ODP bot]

Balasubramanian Manoharan(bala-manoharan) replied on github web page:

platform/linux-generic/include/odp/api/std_types.h
line 6
@@ -29,6 +29,8 @@ extern "C" {
 
 typedef int odp_bool_t;
 
+typedef uint16_t odp_percent_t;
+
 /**


Comment:
They typedef for odp_bool_t is still under platform/linux-generic directory 
hence I had this here. I am fine pushing this to spec/std_types.h but is 
odp_bool_t going to be moved later?

> Dmitry Eremin-Solenikov(lumag) wrote:
> @bala-manoharan  @Bill-Fischofer-Linaro In my opinion, let's just push it 
> into `odp/api/spec/std_types.h`.


>> Balasubramanian Manoharan(bala-manoharan) wrote:
>> Oops. Will take care of that in next version.


>>> Balasubramanian Manoharan(bala-manoharan) wrote:
>>> I felt using a bitfield is more useful in exposing the platform capability 
>>> whereas using an enum makes more sense during configuration. I am open for 
>>> suggestions along these lines.


 Balasubramanian Manoharan(bala-manoharan) wrote:
 Back pressure is to indicate the remote peer that there is a network 
 congestion on this particular flow. Whether the remote peer takes 
 respective action is beyond the scope of this RFC.


> Balasubramanian Manoharan(bala-manoharan) wrote:
> NXP is implementing RED at queue level. Hence I had added this based on 
> the feedback from Nikhil.


>> Balasubramanian Manoharan(bala-manoharan) wrote:
>> The previous PR was handling this RED and BP at cos level. There were 
>> some concerns from NXP since CoS is a logical entity and application 
>> configuration should make sure that multiple CoS with different RED 
>> configuration should not direct to the same pool or queue.
>> 
>> HW implements the RED and BP effectively either at the pool or the queue.
>> Since a pool represents the real bottleneck for resource exhausion and 
>> packet drop.
>>  We can discuss further in todays Public call.


>>> Balasubramanian Manoharan(bala-manoharan) wrote:
>>> The implementation provides preference whether the RED and BP are 
>>> configured either in pool or queue and provide support for which 
>>> threshold method is supported using capability.
>>> I believe this is sufficient from the implementation point of view.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 Adding new files requires updates to the various Makefile.am and 
 related autotools. That's why Travis is reporting failures since these 
 new files aren't able to be found / used.


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Need to clarify under what conditions RED (and BP) apply to pools. If 
> an application calls `odp_packet_alloc()` that should either succeed 
> or fail. "Drop probability" doesn't make any obvious sense here. 
> Tying these concepts to `odp_pktio_t` configurations seems more in 
> keeping with what's needed, but I understand the difficulties that 
> that caused in the previous PR.
> 
> Perhaps tying this to a `odp_cos_t` might work? An `odp_cos_t` has an 
> associated queue and pool and these can then be viewed as admission 
> controls to packets being added to a CoS. That would mean that these 
> features would only be applicable if the classifier is being used, 
> but is that a significant drawback since we want to encourage its use 
> anyway?


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> Back pressure in this context presumably means that 
>> `odp_queue_enq()` calls stall until the back pressure is relieved. 
>> Not sure if that's what's really desired for queues in general.


>>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>>> RED for a queue in doesn't seem to make sense for queues in 
>>> general. RED is used for admission control, which is why it's tied 
>>> to PktIOs. If an application calls `odp_queue_enq()` that should 
>>> either succeed or fail. A "drop probability" doesn't make sense 
>>> here. We need to clarify that somehow and I'm not sure how that can 
>>> be done without tying the configuration back to an `odp_pktio_t`.


 Bill Fischofer(Bill-Fischofer-Linaro) wrote:
 Same comment as for pools. It would seem these should be 
 individual `odp_support_t` indications.


> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
> Wouldn't these be better done as individual `odp_support_t` 
> configurations? That way implementations can indicate not just 
> support but preferences. 


>> Bill Fischofer(Bill-Fischofer-Linaro) wrote:
>> We've defined what we mean by RED as assigning a drop 
>> probability but what we mean by "back pressure" seems very fuzzy 
>> here. This needs to be more specific if an applicat

Re: [lng-odp] [PATCH v1] Misc fast path optimizations

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

platform/linux-generic/include/odp/api/plat/packet_inlines.h
line 5
@@ -21,6 +21,9 @@
 /** @internal Inline function offsets */
 extern const _odp_packet_inline_offset_t _odp_packet_inline;
 
+/** @internal Pool inline function offsets */
+extern const _odp_pool_inline_offset_t _odp_pool_inline;


Comment:
@matiaselo ok.

> Matias Elo(matiaselo) wrote:
> Since there are currently no functions in sight to put into pool_inlines.h I 
> would suggest not to add a new header file. If/when some pool inline function 
> are added later on the header can be created them. Is this OK for you?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> Just wanted to have pool functions in pool header, etc.


>>> Matias Elo(matiaselo) wrote:
>>> I followed the same pattern as the packet inlines. 
>>> _odp_packet_inline_offset_t is defined in packet_types.h.


 Matias Elo(matiaselo) wrote:
 pool_inlines.h would only include these two lines and looking at pool API 
 there aren't any additional functions which should be inlined. Do you have 
 a particular use case in mind for this header?


> Dmitry Eremin-Solenikov(lumag) wrote:
> And this to pool_inline_types.h.


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> This should go to pool_inlines.h


https://github.com/Linaro/odp/pull/281#discussion_r149673963
updated_at 2017-11-08 13:56:03

Re: [lng-odp] [PATCH v1] Misc fast path optimizations

[Github ODP bot]

Matias Elo(matiaselo) replied on github web page:

platform/linux-generic/include/odp/api/plat/packet_inlines.h
line 5
@@ -21,6 +21,9 @@
 /** @internal Inline function offsets */
 extern const _odp_packet_inline_offset_t _odp_packet_inline;
 
+/** @internal Pool inline function offsets */
+extern const _odp_pool_inline_offset_t _odp_pool_inline;


Comment:
Since there are currently no functions in sight to put into pool_inlines.h I 
would suggest not to add a new header file. If/when some pool inline function 
are added later on the header can be created them. Is this OK for you?

> Dmitry Eremin-Solenikov(lumag) wrote:
> Just wanted to have pool functions in pool header, etc.


>> Matias Elo(matiaselo) wrote:
>> I followed the same pattern as the packet inlines. 
>> _odp_packet_inline_offset_t is defined in packet_types.h.


>>> Matias Elo(matiaselo) wrote:
>>> pool_inlines.h would only include these two lines and looking at pool API 
>>> there aren't any additional functions which should be inlined. Do you have 
>>> a particular use case in mind for this header?


 Dmitry Eremin-Solenikov(lumag) wrote:
 And this to pool_inline_types.h.


> Dmitry Eremin-Solenikov(lumag) wrote:
> This should go to pool_inlines.h


https://github.com/Linaro/odp/pull/281#discussion_r149665657
updated_at 2017-11-08 13:22:38

Re: [lng-odp] [PATCH v1] next update version

[Github ODP bot]

muvarov replied on github web page:

configure.ac
line 14
@@ -36,10 +36,10 @@ AM_SILENT_RULES([yes])
 # 3. if interfaces were removed, then use C+1:0:0
 ##
 
-ODP_LIBSO_VERSION=115:0:2
+ODP_LIBSO_VERSION=116:0:3


Comment:
@lumag  I like that idea to keep LIBSO version always the same as API version. 
But when I said that first time than Anders said that it's not correct and we 
have to follow the same rules as libcurl. So for some last releases we followed 
that magic scheme. Which might be a not good fit for mainline version.

> Dmitry Eremin-Solenikov(lumag) wrote:
> @muvarov "at this moment"


>> muvarov wrote
>> @lumag what is ATM stands for?


>>> Dmitry Eremin-Solenikov(lumag) wrote:
>>> As we are not providing ABI-level compatibility between releases (and we 
>>> are not ATM), this always should be XXX:0:0.
>>> Especially since we removed `odp_packet_unshare_len()`. So proper version 
>>> should be 116:0:0


https://github.com/Linaro/odp/pull/285#discussion_r149673090
updated_at 2017-11-08 13:52:48

Re: [lng-odp] [PATCH v1] next update version

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

configure.ac
line 14
@@ -36,10 +36,10 @@ AM_SILENT_RULES([yes])
 # 3. if interfaces were removed, then use C+1:0:0
 ##
 
-ODP_LIBSO_VERSION=115:0:2
+ODP_LIBSO_VERSION=116:0:3


Comment:
@muvarov "at this moment"

> muvarov wrote
> @lumag what is ATM stands for?


>> Dmitry Eremin-Solenikov(lumag) wrote:
>> As we are not providing ABI-level compatibility between releases (and we are 
>> not ATM), this always should be XXX:0:0.
>> Especially since we removed `odp_packet_unshare_len()`. So proper version 
>> should be 116:0:0


https://github.com/Linaro/odp/pull/285#discussion_r149672586
updated_at 2017-11-08 13:50:34

Re: [lng-odp] [PATCH v1] next update version

[Github ODP bot]

muvarov replied on github web page:

configure.ac
line 14
@@ -36,10 +36,10 @@ AM_SILENT_RULES([yes])
 # 3. if interfaces were removed, then use C+1:0:0
 ##
 
-ODP_LIBSO_VERSION=115:0:2
+ODP_LIBSO_VERSION=116:0:3


Comment:
@lumag what is ATM stands for?

> Dmitry Eremin-Solenikov(lumag) wrote:
> As we are not providing ABI-level compatibility between releases (and we are 
> not ATM), this always should be XXX:0:0.
> Especially since we removed `odp_packet_unshare_len()`. So proper version 
> should be 116:0:0


https://github.com/Linaro/odp/pull/285#discussion_r149672132
updated_at 2017-11-08 13:48:53

Re: [lng-odp] [PATCH v1] next update version

[Github ODP bot]

Dmitry Eremin-Solenikov(lumag) replied on github web page:

configure.ac
line 14
@@ -36,10 +36,10 @@ AM_SILENT_RULES([yes])
 # 3. if interfaces were removed, then use C+1:0:0
 ##
 
-ODP_LIBSO_VERSION=115:0:2
+ODP_LIBSO_VERSION=116:0:3


Comment:
As we are not providing ABI-level compatibility between releases (and we are 
not ATM), this always should be XXX:0:0.
Especially since we removed `odp_packet_unshare_len()`. So proper version 
should be 116:0:0

https://github.com/Linaro/odp/pull/285#discussion_r149665851
updated_at 2017-11-08 13:23:41

[lng-odp] [PATCH v1 1/1] example: fix pointers to odp_l2fwd.c source

[Github ODP bot]

From: Dmitry Eremin-Solenikov 

During mass-move of tests I forgot to update odp_l2fwd example to point
to new locattion. Fix that now.

Signed-off-by: Dmitry Eremin-Solenikov 
---
/** Email created from pull request 286 (lumag:l2fwd-fix)
 ** https://github.com/Linaro/odp/pull/286
 ** Patch: https://github.com/Linaro/odp/pull/286.patch
 ** Base sha: 29c7a054f7151d33795a0d8d7df5594bf4fddb55
 ** Merge commit sha: 023029b18742a906fc2c5c0366ac564ca55fbdf4
 **/
 example/l2fwd/README  | 3 +--
 example/l2fwd/odp_l2fwd.c | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/example/l2fwd/README b/example/l2fwd/README
index 891620bd7..f6fdc01ca 100644
--- a/example/l2fwd/README
+++ b/example/l2fwd/README
@@ -1,7 +1,6 @@
 ODP L2FWD application
 
-Source code and Makefiles placed under test/common_plat/performance/
-directory.
+Source code and Makefiles placed under test/performance/ directory.
 
 This L2 forwarding application can be used as example reference as well
 as performance test for different odp modes (direct, queue or scheduler
diff --git a/example/l2fwd/odp_l2fwd.c b/example/l2fwd/odp_l2fwd.c
index eea3a34c4..fb585f437 12
--- a/example/l2fwd/odp_l2fwd.c
+++ b/example/l2fwd/odp_l2fwd.c
@@ -1 +1 @@
-../../test/common_plat/performance/odp_l2fwd.c
\ No newline at end of file
+../../test/performance/odp_l2fwd.c
\ No newline at end of file

[lng-odp] [PATCH v1 0/1] example: fix pointers to odp_l2fwd.c source

[Github ODP bot]

During mass-move of tests I forgot to update odp_l2fwd example to point
to new locattion. Fix that now.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsoleni...@linaro.org

github
/** Email created from pull request 286 (lumag:l2fwd-fix)
 ** https://github.com/Linaro/odp/pull/286
 ** Patch: https://github.com/Linaro/odp/pull/286.patch
 ** Base sha: 29c7a054f7151d33795a0d8d7df5594bf4fddb55
 ** Merge commit sha: 023029b18742a906fc2c5c0366ac564ca55fbdf4
 **/
/github

checkpatch.pl
WARNING: adding a line without newline at end of file
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c

CHECK: spaces preferred around that '/' (ctx:VxV)
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c
   ^

CHECK: spaces preferred around that '/' (ctx:VxV)
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c
  ^

CHECK: spaces preferred around that '/' (ctx:VxV)
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c
   ^

CHECK: spaces preferred around that '/' (ctx:VxV)
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c
   ^

total: 0 errors, 1 warnings, 4 checks, 11 lines checked


to_send-p-000.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
/checkpatch.pl

[lng-odp] [PATCH v1 0/1] example: fix pointers to odp_l2fwd.c source

[Github ODP bot]

During mass-move of tests I forgot to update odp_l2fwd example to point
to new locattion. Fix that now.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsoleni...@linaro.org

github
/** Email created from pull request 286 (lumag:l2fwd-fix)
 ** https://github.com/Linaro/odp/pull/286
 ** Patch: https://github.com/Linaro/odp/pull/286.patch
 ** Base sha: 29c7a054f7151d33795a0d8d7df5594bf4fddb55
 ** Merge commit sha: 023029b18742a906fc2c5c0366ac564ca55fbdf4
 **/
/github

checkpatch.pl
WARNING: adding a line without newline at end of file
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c

CHECK: spaces preferred around that '/' (ctx:VxV)
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c
   ^

CHECK: spaces preferred around that '/' (ctx:VxV)
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c
  ^

CHECK: spaces preferred around that '/' (ctx:VxV)
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c
   ^

CHECK: spaces preferred around that '/' (ctx:VxV)
#42: FILE: example/l2fwd/odp_l2fwd.c:1:
+../../test/performance/odp_l2fwd.c
   ^

total: 0 errors, 1 warnings, 4 checks, 11 lines checked


to_send-p-000.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
/checkpatch.pl

[lng-odp] [PATCH v1 3/3] linux-gen: dpdk: call packet parse function only when necessary

[Github ODP bot]

From: Matias Elo 

Not calling packet_parse_layer() when packet input parsing is disabled
removes two unnecessary function calls from fast path.

Signed-off-by: Matias Elo 
---
/** Email created from pull request 287 (matiaselo:fix/dpdk_pktio)
 ** https://github.com/Linaro/odp/pull/287
 ** Patch: https://github.com/Linaro/odp/pull/287.patch
 ** Base sha: 29c7a054f7151d33795a0d8d7df5594bf4fddb55
 ** Merge commit sha: e33bf359781afcf67cf12031feef43a953e506be
 **/
 platform/linux-generic/pktio/dpdk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/pktio/dpdk.c 
b/platform/linux-generic/pktio/dpdk.c
index d7e9fcd4f..b5a87b829 100644
--- a/platform/linux-generic/pktio/dpdk.c
+++ b/platform/linux-generic/pktio/dpdk.c
@@ -439,7 +439,7 @@ static inline int mbuf_to_pkt(pktio_entry_t *pktio_entry,
 
if (pktio_cls_enabled(pktio_entry))
copy_packet_cls_metadata(&parsed_hdr, pkt_hdr);
-   else
+   else if (pktio_entry->s.config.parser.layer)
packet_parse_layer(pkt_hdr,
   pktio_entry->s.config.parser.layer);
 
@@ -654,7 +654,7 @@ static inline int mbuf_to_pkt_zero(pktio_entry_t 
*pktio_entry,
 
if (pktio_cls_enabled(pktio_entry))
copy_packet_cls_metadata(&parsed_hdr, pkt_hdr);
-   else
+   else if (pktio_entry->s.config.parser.layer)
packet_parse_layer(pkt_hdr,
   pktio_entry->s.config.parser.layer);