Hello Thomas, Please see my comment on the use of RTE_STD_C11 below.
Regards, Gregory. > > > Currently, DPDK application can offload the checksum check, and > > > report it in the mbuf. > > > > > > However, as more and more applications are offloading some or all > > > logic and action to the HW, there is a need to check the packet > > > integrity so the right decision can be taken. > > > > > > The application logic can be positive meaning if the packet is valid > > > jump / do actions, or negative if packet is not valid jump to SW / > > > do actions (like drop) a, and add default flow > > > > There is a typo here. What should it be? > > > Simply remove the a. > > > > (match all in low priority) that will direct the miss packet to the > > > miss path. > > > > > > Since currently rte_flow works in positive way the assumption is > > > that the positive way will be the common way in this case also. > > > > > > When thinking what is the best API to implement such feature, we > > > need to considure the following (in no specific order): > > > > s/considure/consider/ > > > > Will fix. > > > > 1. API breakage. > > > 2. Simplicity. > > > 3. Performance. > > > 4. HW capabilities. > > > 5. rte_flow limitation. > > > 6. Flexibility. > > > > > > First option: Add integrity flags to each of the items. > > > For example add checksum_ok to ipv4 item. > > > > > > Pros: > > > 1. No new rte_flow item. > > > 2. Simple in the way that on each item the app can see what checks > > > are available. > > > > > > Cons: > > > 1. API breakage. > > > 2. increase number of flows, since app can't add global rule and > > > must have dedicated flow for each of the flow combinations, for > example > > > matching on icmp traffic or UDP/TCP traffic with IPv4 / IPv6 will > > > result in 5 flows. > > > > > > Second option: dedicated item > > > > > > Pros: > > > 1. No API breakage, and there will be no for some time due to having > > > extra space. (by using bits) > > > 2. Just one flow to support the icmp or UDP/TCP traffic with IPv4 / > > > IPv6. > > > 3. Simplicity application can just look at one place to see all possible > > > checks. > > > 4. Allow future support for more tests. > > > > > > Cons: > > > 1. New item, that holds number of fields from different items. > > > > > > For starter the following bits are suggested: > > > 1. packet_ok - means that all HW checks depending on packet layer > have > > > passed. This may mean that in some HW such flow should be splited > to > > > number of flows or fail. > > > 2. l2_ok - all check for layer 2 have passed. > > > 3. l3_ok - all check for layer 3 have passed. If packet doesn't have > > > l3 layer this check should fail. > > > 4. l4_ok - all check for layer 4 have passed. If packet doesn't > > > have l4 layer this check should fail. > > > 5. l2_crc_ok - the layer 2 crc is O.K. > > > 6. ipv4_csum_ok - IPv4 checksum is O.K. it is possible that the > > > IPv4 checksum will be O.K. but the l3_ok will be 0. it is not > > > possible that checksum will be 0 and the l3_ok will be 1. > > > 7. l4_csum_ok - layer 4 checksum is O.K. > > > 8. l3_len_OK - check that the reported layer 3 len is smaller than the > > > frame len. > > > > > > Example of usage: > > > 1. check packets from all possible layers for integrity. > > > flow create integrity spec packet_ok = 1 mask packet_ok = 1 ..... > > > > > > 2. Check only packet with layer 4 (UDP / TCP) > > > flow create integrity spec l3_ok = 1, l4_ok = 1 mask l3_ok = 1 > > > l4_ok = 1 > > > > > > Signed-off-by: Ori Kam <or...@nvidia.com> > > > --- > > > doc/guides/prog_guide/rte_flow.rst | 20 +++++++++++ > > > doc/guides/rel_notes/release_21_05.rst | 5 +++ > > > lib/librte_ethdev/rte_flow.h | 49 > ++++++++++++++++++++++++++ > > > 3 files changed, 74 insertions(+) > > > > > > diff --git a/doc/guides/prog_guide/rte_flow.rst > > b/doc/guides/prog_guide/rte_flow.rst > > > index e1b93ecedf..1dd2301a07 100644 > > > --- a/doc/guides/prog_guide/rte_flow.rst > > > +++ b/doc/guides/prog_guide/rte_flow.rst > > > @@ -1398,6 +1398,26 @@ Matches a eCPRI header. > > > - ``hdr``: eCPRI header definition (``rte_ecpri.h``). > > > - Default ``mask`` matches nothing, for all eCPRI messages. > > > > > > +Item: ``PACKET_INTEGRITY_CHECKS`` > > > +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > + > > > +Matches packet integrity. > > > +For some devices application needs to enable integration checks in > > > +HW before using this item. > > > + > > > +- ``level``: the encapsulation level that should be checked. level > > > +0 means the > > > + default PMD mode (Can be inner most / outermost). value of 1 > > > +means > > outermost > > > + and higher value means inner header. See also RSS level. > > > +- ``packet_ok``: All HW packet integrity checks have passed based > > > +on the > > max > > > + layer of the packet. > > > +- ``l2_ok``: all layer 2 HW integrity checks passed. > > > +- ``l3_ok``: all layer 3 HW integrity checks passed. > > > +- ``l4_ok``: all layer 4 HW integrity checks passed. > > > +- ``l2_crc_ok``: layer 2 crc check passed. > > > +- ``ipv4_csum_ok``: ipv4 checksum check passed. > > > +- ``l4_csum_ok``: layer 4 checksum check passed. > > > +- ``l3_len_ok``: the layer 3 len is smaller than the frame len. > > > + > > > Actions > > > ~~~~~~~ > > > > > > diff --git a/doc/guides/rel_notes/release_21_05.rst > > b/doc/guides/rel_notes/release_21_05.rst > > > index a0b907994a..986f749384 100644 > > > --- a/doc/guides/rel_notes/release_21_05.rst > > > +++ b/doc/guides/rel_notes/release_21_05.rst > > > @@ -168,6 +168,11 @@ New Features > > > the events across multiple stages. > > > * This also reduced the scheduling overhead on a event device. > > > > > > +* **Added packet integrity match to RTE flow rules.** > > > > Please remove "RTE", it has no meaning. All in DPDK is "RTE". > > > > Sure. > > > > + > > > + * Added ``PACKET_INTEGRITY_CHECKS`` flow item. > > > > It is RTE_FLOW_ITEM_TYPE_INTEGRITY > > > > > + * Added ``rte_flow_item_integrity`` data structure. > > > + > > > > This text should be sorted before drivers. > > > > Sure. > > > > --- a/lib/librte_ethdev/rte_flow.h > > > +++ b/lib/librte_ethdev/rte_flow.h > > > @@ -551,6 +551,17 @@ enum rte_flow_item_type { > > > * See struct rte_flow_item_geneve_opt > > > */ > > > RTE_FLOW_ITEM_TYPE_GENEVE_OPT, > > > + > > > + /** > > > + * [META] > > > + * > > > + * Matches on packet integrity. > > > + * For some devices application needs to enable integration checks > > > +in > > HW > > > + * before using this item. > > > > That's a bit fuzzy. > > Do you mean some driver-specific API may be required? > > > > I know it is a bit fuzzy but it is really HW dependent, for example in case of > some drivers there is nothing to be done. > In other cases the application may need to enable the RX checksum offload, > other drivers may need this cap be enabled by HW configuration. > > > > + * > > > + * See struct rte_flow_item_integrity. > > > + */ > > > + RTE_FLOW_ITEM_TYPE_INTEGRITY, > > > }; > > > > > +__extension__ > > > > Why extension here? > > If this is because of the anonymous union, it should be RTE_STD_C11 > > before the union. > > Same for the struct. > > > O.K > The RTE_STD_C11 macro fails compilation on RHEL-7.9 with gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) > > > +struct rte_flow_item_integrity { > > > + uint32_t level; > > > + /**< Packet encapsulation level the item should apply to. > > > + * @see rte_flow_action_rss > > > + */ > > > > Please insert comments before the struct member. > > > O.K. > > > Instead of "Packet encapsulation", isn't it better understood as > > "Tunnel encapsulation"? Not sure, please advise. > > > I have no strong feeling ether way, so I don't mind the change if you think it > is clearer. > > > > + union { > > > + struct { > > > + uint64_t packet_ok:1; > > > + /** The packet is valid after passing all HW checks. > */ > > > > The doxygen syntax is missing < but it will be fine when moved before. > > > Sure. > > > > + uint64_t l2_ok:1; > > > + /**< L2 layer is valid after passing all HW checks. */ > > > + uint64_t l3_ok:1; > > > + /**< L3 layer is valid after passing all HW checks. */ > > > + uint64_t l4_ok:1; > > > + /**< L4 layer is valid after passing all HW checks. */ > > > + uint64_t l2_crc_ok:1; > > > + /**< L2 layer crc is valid. */ > > > > s/crc/CRC/ > > > O.K. > > > > + uint64_t ipv4_csum_ok:1; > > > + /**< IPv4 layer checksum is valid. */ > > > + uint64_t l4_csum_ok:1; > > > + /**< L4 layer checksum is valid. */ > > > + uint64_t l3_len_ok:1; > > > + /**< The l3 len is smaller than the frame len. */ > > > > s/len/length/g > > > O.K. > > > > + uint64_t reserved:56; > > > + }; > > > + uint64_t value; > > > > double space > > > Sure. > > > > + }; > > > +}; > > > + > > > +#ifndef __cplusplus > > > +static const struct rte_flow_item_integrity > > > +rte_flow_item_integrity_mask = { > > > + .level = 0, > > > + .value = 0, > > > +}; > > > +#endif > > > > I'm pretty sure it breaks with some C compilers. > > Why not for C++? > > I see we have it already in rte_flow.h so we can keep it, but that's > > something to double check for a future fix. > > > Just like you said this is the practice used already, > > >